Static analysis queries for semgrep, weggli, and others

static_scan.md

Semgrep

Semgrep default rulesets https://semgrep.dev/r

semgrep --config "p/c" <path/to/code>

raptor's Semgrep rules and blog

• https://security.humanativaspa.it/semgrep-ruleset-for-c-c-vulnerability-research
• https://security.humanativaspa.it/automating-binary-vulnerability-discovery-with-ghidra-and-semgrep/
• https://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset
• https://github.com/0xdea/semgrep-rules

semgrep --config semgrep-rules/c <path/to/code>

Weggli

Volodya's Weggli rules

• https://twitter.com/volodiyah/status/1729853227326189935
• https://github.com/plowsec/weggli-patterns

Synactiv's Weggli rules

• https://github.com/synacktiv/Weggli_rules_SSTIC2023

$ bash dangerous_functions.qry code.c
$ bash malloc_overflow.qry -e cc sourcedir/

p4zuu's Weggli rules for kernel heap issues

• https://github.com/p4zuu/weggli-examples

RioKato basic Weggli queries

• https://github.com/RioKato/WeggliRules/blob/main/rules.txt

N1ckDunn's intro to Weggli workshop

• https://github.com/N1ckDunn/WeggliExercises