Skip to content

coderabbitai/ast-grep-essentials

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
rules
rules
 
 
tests
tests
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sgconfig.yml
sgconfig.yml
 
 

Repository files navigation

ast-grep-essentials

Overview

ast-grep-essentials, a package designed to enhance the security of your codebase through ast-grep rules. This package provides essential security rules, utilities, and tests to help you identify and mitigate potential vulnerabilities in your code.

Please read the coderabbit documentation to understand how to use ast-grep in coderabbit reviews.

Structure

ast-grep-essentials │ ├── rules │ ├── javascript │ │ ├── jwt │ │ │ ├── rule1.yml │ │ │ ├── rule2.yml │ │ │ └── ... │ │ ├── ... │ │ └── ... │ └── go │ ├── jwt-go │ │ ├── rule1.yml │ ├── utils │ ├── script1.yml │ ├── script2.yml │ └── ... │ └── tests ├── javascript │ ├── rule1-test.yml │ ├── rule2-test.yml │ └── ... ├── ... └── ...

The package is organized into three main directories:

  • rules: Contains ast-grep rules categorized by language and security category.
  • utils: Houses utility configs to support rule management.
  • tests: Includes test cases for validating the effectiveness of the rules across different languages.

Rules Structure

Within the rules directory, you'll find the following structure:

  • language: Each language supported by ast-grep (e.g., Python, JavaScript).
  • category: Rules categorized based on security concerns (e.g., Input Validation, Authentication).

Rule file

Each rule file should have the following structure:

# unique across the package, not just the language id: rule-id # the language property that the rule is going to get matched against language: "language" # e.g., javascript, go # the message property is going to get used on the review process and it's important to be clear on what the rule match means. message: "Rule message" # the note property is going to get used on the review process and it's important to contain as much side meaningful information as possible. note: "Rule note" # severity level of the rule (e.g., hint, warning) "error" is also valid but is not going to get approved. severity: "severity" # ast-grep rule property, check coderabbiit documentation for more information rule: ...

Tests Structure

Inside the tests directory, tests are organized by language:

  • language: Test cases specific to the corresponding language's rules.
  • rule-file: each test rule file should have by convention the rule-file-name-test.yml

Writing tests should follow the ast-grep testing rules format. Please refer to the ast-grep documentation

About

Community-led collection of essential ast-grep rules.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

109 stars

Watchers

2 watching

Forks

12 forks
Report repository

Contributors 5