What is Semgrep
Semgrep is a fast, open-source, static analysis engine for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards.
https://github.com/returntocorp/semgrep
Getting started
Use go-ethereum as an example.
- clone source code from Git repo.
git clone https://github.com/ethereum/go-ethereum2. Scan with docker
docker run --rm -v "${PWD}:/src" returntocorp/semgrep semgrep --config auto go-ethereum > semgrep-result.txtResult
Blocking Findings:go-ethereum/Dockerfiledockerfile.security.missing-user.missing-userBy not specifying a USER, a program in the container may run as 'root'. This is a securityhazard. If an attacker can control a process running as root, they may have control over thecontainer. Ensure that the last USER in a Dockerfile is a USER other than 'root'.Details: https://sg.run/Gbvn26┆ ENTRYPOINT ["geth"]go-ethereum/accounts/abi/argument.gogo.lang.security.audit.unsafe-reflect-by-name.unsafe-reflect-by-nameIf an attacker can supply values that the application then uses to determine which method orfield to invoke, the potential exists for the attacker to create control flow paths throughthe application that were not intended by the application developers. This attack vector mayallow the attacker to bypass authentication or access control checks or otherwise cause theapplication to behave in an unexpected manner.Details: https://sg.run/R8Xv158┆ field := value.FieldByName(abi2struct[arg.Name])⋮┆----------------------------------------trailofbits.go.questionable-assignment.questionable-assignmentShould `argument` be modified when an error could be returned?Details: https://sg.run/qq6y53┆ argument.Type, err = NewType(arg.Type, arg.InternalType, arg.Components)
