|
1 | | -# ast-grep-essentials |
| 1 | +# AST-GREP Essentials |
2 | 2 |
|
3 | 3 | ## Overview |
4 | 4 |
|
5 | | -ast-grep-essentials, a package designed to enhance the security of your codebase through ast-grep rules. This package |
6 | | -provides essential security rules, utilities, and tests to help you identify and mitigate potential vulnerabilities in |
7 | | -your code. |
| 5 | +`ast-grep-essentials` is a collection of |
| 6 | +[`ast-grep`](https://ast-grep.github.io) rules to help you mitigate security |
| 7 | +vulnerabilities and enforce best practices in your code. |
8 | 8 |
|
9 | | -> Please read the coderabbit [documentation](https://docs.coderabbit.ai/guides/review-instructions) to understand how to |
10 | | -> use ast-grep in coderabbit reviews. |
| 9 | +> [!TIP] |
| 10 | +> |
| 11 | +> Please read the CodeRabbit |
| 12 | +> [documentation](https://docs.coderabbit.ai/guides/review-instructions) to |
| 13 | +> understand how to use `ast-grep` in [CodeRabbit](https://coderabbit.ai) |
| 14 | +> reviews. |
11 | 15 |
|
12 | 16 | ## Structure |
13 | 17 |
|
@@ -42,43 +46,65 @@ ast-grep-essentials |
42 | 46 |
|
43 | 47 | The package is organized into three main directories: |
44 | 48 |
|
45 | | -- **rules:** Contains ast-grep rules categorized by language and security category. |
46 | | -- **utils:** Houses utility configs to support rule management. |
47 | | -- **tests:** Includes test cases for validating the effectiveness of the rules across different languages. |
| 49 | +- `rules`: Contains `ast-grep` rules categorized by language and security |
| 50 | + category. |
| 51 | +- `utils`: Houses utility configs to support rule management. |
| 52 | +- `tests`: Includes test cases for validating the effectiveness of the rules |
| 53 | + across different languages. |
48 | 54 |
|
49 | 55 | ### Rules Structure |
50 | 56 |
|
51 | | -Within the rules directory, you'll find the following structure: |
| 57 | +Within the `rules` directory, you'll find the following structure: |
52 | 58 |
|
53 | | -- **language:** Each language supported by ast-grep (e.g., Python, JavaScript). |
54 | | -- **category:** Rules categorized based on security concerns (e.g., Input Validation, Authentication). |
| 59 | +- `language`: Each language supported by `ast-grep` (e.g., Python, JavaScript). |
| 60 | +- `category`: Rules categorized based on security concerns (e.g., Input |
| 61 | + Validation, Authentication). |
55 | 62 |
|
56 | | -#### Rule file |
| 63 | +#### Rule file structure |
| 64 | + |
| 65 | +> [!TIP] |
| 66 | +> |
| 67 | +> Read the `ast-grep` > documentation to understand the |
| 68 | +> [rule configuration](https://ast-grep.github.io/reference/yaml.html) and the |
| 69 | +> [rule object properties](https://ast-grep.github.io/reference/rule.html). |
57 | 70 |
|
58 | 71 | Each rule file should have the following structure: |
59 | 72 |
|
60 | 73 | ```yaml |
61 | | -# unique across the package, not just the language |
| 74 | +# Unique across the package, not just the language |
62 | 75 | id: rule-id |
63 | | -# the language property that the rule is going to get matched against |
64 | | -language: "language" # e.g., javascript, go |
65 | | -# the message property is going to get used on the review process and it's important to be clear on what the rule match means. |
| 76 | +# The language property that the rule is going to get matched against |
| 77 | +language: "language" # e.g., javaScript, go |
| 78 | +# A short description of the rule |
66 | 79 | message: "Rule message" |
67 | | -# the note property is going to get used on the review process and it's important to contain as much side meaningful information as possible. |
| 80 | +# A more detailed explanation of the rule |
68 | 81 | note: "Rule note" |
69 | | -# severity level of the rule (e.g., hint, warning) "error" is also valid but is not going to get approved. |
| 82 | +# Severity level of the rule (e.g., hint, warning) |
70 | 83 | severity: "severity" |
71 | | -# ast-grep rule property, check coderabbiit documentation for more information |
72 | | -rule: |
73 | | - ... |
| 84 | +# ast-grep rule property, check documentation for more information |
| 85 | +rule: ... |
74 | 86 | ``` |
75 | 87 |
|
76 | 88 | ### Tests Structure |
77 | 89 |
|
78 | | -Inside the tests directory, tests are organized by language: |
| 90 | +Inside the `tests` directory, tests are organized by language: |
| 91 | + |
| 92 | +- `language`: Test cases specific to the corresponding language's rules. |
| 93 | +- `rule-file`: each test rule file should have by convention the |
| 94 | + `rule-file-name-test.yml` format. |
| 95 | + |
| 96 | +> [!NOTE] |
| 97 | +> |
| 98 | +> Tests should follow the `ast-grep` testing rules format. Please refer to the |
| 99 | +> `ast-grep` > |
| 100 | +> [documentation](https://ast-grep.github.io/guide/test-rule.html#test-case-configuration) |
| 101 | + |
| 102 | +## Contributing |
| 103 | + |
| 104 | +This project relies on the community to contribute rules. Please open a pull |
| 105 | +request with your rules and tests. Please ensure that the rules are truly |
| 106 | +essential and have a low false positive rate. |
79 | 107 |
|
80 | | -- **language:** Test cases specific to the corresponding language's rules. |
81 | | -- **rule-file:** each test rule file should have by convention the rule-file-name-test.yml |
| 108 | +## Community |
82 | 109 |
|
83 | | -> Writing tests should follow the ast-grep testing rules format. Please refer to the |
84 | | -> ast-grep [documentation](https://ast-grep.github.io/guide/test-rule.html#test-case-configuration) |
| 110 | +Join the discussion on our [Discord server](https://discord.gg/C3rGCxHn). |
0 commit comments