Skip to content

coderabbitai/ast-grep-essentials

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

153 Commits
rules
rules
Β 
Β 
tests
tests
Β 
Β 
utils
utils
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
Β 
Β 
CONTRIBUTING.md
CONTRIBUTING.md
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
sgconfig.yml
sgconfig.yml
Β 
Β 

Repository files navigation

AST-GREP Essentials

CodeRabbit Reviews

Overview

ast-grep-essentials is a community-led collection of ast-grep rules to help developers mitigate security vulnerabilities and enforce best practices in their codebases.

Tip

Please read the CodeRabbit documentation to understand how to use ast-grep in CodeRabbit reviews.

Structure

ast-grep-essentials
β”‚
β”œβ”€β”€ rules
β”‚   β”œβ”€β”€ javascript
β”‚   β”‚   β”œβ”€β”€ jwt
β”‚   β”‚   β”‚   β”œβ”€β”€ rule1.yml
β”‚   β”‚   β”‚   β”œβ”€β”€ rule2.yml
β”‚   β”‚   β”‚   └── ...
β”‚   β”‚   β”œβ”€β”€ ...
β”‚   β”‚   └── ...
β”‚   └── go
β”‚       β”œβ”€β”€ jwt-go
β”‚       β”‚   β”œβ”€β”€ rule1.yml
β”‚
β”œβ”€β”€ utils
β”‚   β”œβ”€β”€ script1.yml
β”‚   β”œβ”€β”€ script2.yml
β”‚   └── ...
β”‚
└── tests
    β”œβ”€β”€ javascript
    β”‚   β”œβ”€β”€ rule1-test.yml
    β”‚   β”œβ”€β”€ rule2-test.yml
    β”‚   └── ...
    β”œβ”€β”€ ...
    └── ...

The package is organized into three main directories:

  • rules: Contains ast-grep rules categorized by language and security category.
  • utils: Houses utility configs to support rule management.
  • tests: Includes test cases for validating the effectiveness of the rules across different languages.

Rules Structure

Within the rules directory, you'll find the following structure:

  • language: Each language supported by ast-grep (e.g., Python, JavaScript).
  • category: Rules categorized based on security concerns (e.g., Input Validation, Authentication).

Rule file structure

Tip

Read the ast-grep > documentation to understand the rule configuration and the rule object properties.

Each rule file should have the following structure:

# Unique across the package, not just the language
id: rule-id
# The language property that the rule is going to get matched against
language: "language" # e.g., javaScript, go
# A short description of the rule
message: "Rule message"
# A more detailed explanation of the rule
note: "Rule note"
# Severity level of the rule (e.g., hint, warning)
severity: "severity"
# ast-grep rule property, check documentation for more information
rule: ...

Tests Structure

Inside the tests directory, tests are organized by language:

  • language: Test cases specific to the corresponding language's rules.
  • rule-file: each test rule file should have by convention the rule-file-name-test.yml format.

Note

Tests should follow the ast-grep testing rules format. Please refer to the ast-grep documentation

Contributing

This project relies on the community to contribute rules. Please open a pull request with your rules and tests. Please ensure that the rules are truly essential and have a low false positive rate.

Community

Join the discussion on our Discord server.

About

Community-led collection of essential ast-grep rules.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

123 stars

Watchers

2 watching

Forks

13 forks
Report repository

Contributors 5