├── 01-Semgrep资源
    └── 2021-02-23-semgrep.pdf
├── 03-Semgrep规则
    └── semgrep-rules-develop.zip
└── README.md


/01-Semgrep资源/2021-02-23-semgrep.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ASTTeam/Semgrep/HEAD/01-Semgrep资源/2021-02-23-semgrep.pdf


--------------------------------------------------------------------------------
/03-Semgrep规则/semgrep-rules-develop.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ASTTeam/Semgrep/HEAD/03-Semgrep规则/semgrep-rules-develop.zip


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # 《深入理解Semgrep》
  2 | 
  3 | 本项目收集整理Semgrep相关内容，包括Semgrep的设计原理实现方法或使用Semgrep进行的漏洞挖掘案例等。Semgrep基于语义的代码分析思想在SAST领域将会是一把利剑，无需编译快速扫描更是其优点。作者：[0e0w](https://github.com/0e0w)
  4 | 
  5 | 本项目创建于2022年3月17日，最近的一次更新时间为2022年7月20日。
  6 | 
  7 | - [01-Semgrep资源](https://github.com/ASTTeam/Semgrep#01-Semgrep%E8%B5%84%E6%BA%90)
  8 | - [02-Semgrep基础](https://github.com/ASTTeam/Semgrep#02-Semgrep%E5%9F%BA%E7%A1%80)
  9 | - [03-Semgrep语言](https://github.com/ASTTeam/Semgrep#03-Semgrep%E8%AF%AD%E8%A8%80)
 10 | - [04-Semgrep进阶](https://github.com/ASTTeam/Semgrep#04-Semgrep%E8%BF%9B%E9%98%B6)
 11 | - [05-Semgrep案例](https://github.com/ASTTeam/Semgrep#05-Semgrep%E6%A1%88%E4%BE%8B)
 12 | - [06-Semgrep参考](https://github.com/ASTTeam/Semgrep#06-Semgrep%E5%8F%82%E8%80%83)
 13 | 
 14 | ## 01-Semgrep资源
 15 | 
 16 | 本章节收集整理Semgrep的相关资源内容，文章内容质量参差不齐，建议深入学习官方资源！
 17 | 
 18 | 一、官方资源
 19 | - [ ] https://semgrep.dev/docs
 20 | - [ ] https://semgrep.dev/learn
 21 | - [ ] https://github.com/returntocorp/semgrep
 22 | - [ ] https://github.com/returntocorp/semgrep-rules
 23 | - [ ] https://github.com/returntocorp/semgrep-docs
 24 | - [ ] https://github.com/returntocorp/semgrep-action
 25 | 
 26 | 二、优秀资源
 27 | - [x] [《深入理解Semgrep》](https://github.com/ASTTeam/Semgrep)@0e0w
 28 | - [ ] https://github.com/tuannq2299/semgrep-rules
 29 | 
 30 | 三、视频资源
 31 | 
 32 | 四、学术刊物
 33 | 
 34 | 五、其他资源
 35 | - [x] https://xz.aliyun.com/t/9531
 36 | - [ ] https://xz.aliyun.com/t/12696
 37 | - [x] https://www.anquanke.com/post/id/240028
 38 | - [ ] https://zhuanlan.zhihu.com/p/377651159
 39 | - [ ] https://zhuanlan.zhihu.com/p/387246394
 40 | - [ ] https://www.freebuf.com/articles/web/286643.html
 41 | - [ ] https://github.com/trailofbits/semgrep-rules
 42 | - [ ] https://github.com/returntocorp/ocaml-tree-sitter-semgrep
 43 | - [ ] https://github.com/returntocorp/semgrep-vscode
 44 | - [ ] https://github.com/frappe/semgrep-rules
 45 | - [ ] https://github.com/semgrep/rules-owasp-asvs
 46 | - [ ] https://github.com/jtmelton/semgrep-idea-plugin
 47 | - [ ] https://github.com/dgryski/semgrep-go
 48 | - [ ] https://github.com/vmnguyen/semgrep-rules
 49 | - [ ] https://github.com/returntocorp/semgrepl
 50 | - [ ] https://github.com/returntocorp/semgrep-c-sharp
 51 | - [ ] https://github.com/returntocorp/semgrep-grammars
 52 | - [ ] https://github.com/srijan-deepsource/django-antipatterns
 53 | - [ ] https://github.com/quasilyte/go-ruleguard
 54 | - [ ] https://github.com/returntocorp/semgrep-rust
 55 | - [ ] https://github.com/returntocorp/semgrep-rules-test-action
 56 | - [ ] https://github.com/returntocorp/semgrep.vim
 57 | - [ ] https://github.com/kondukto-io/semgrep-rules
 58 | - [ ] https://github.com/semgrep/template-rules
 59 | - [ ] https://github.com/returntocorp/semgrep-ocaml
 60 | - [ ] https://github.com/Ayrx/semgrep_introduction
 61 | - [ ] https://github.com/g-wilson/action-semgrep
 62 | - [ ] https://github.com/ajinabraham/libsast
 63 | - [ ] https://github.com/brentjanderson/asdf-semgrep
 64 | - [ ] https://github.com/returntocorp/semgrep-hack
 65 | - [ ] https://github.com/ligurio/semgrep-rules
 66 | - [ ] https://github.com/agigleux-limited/semgrep-evaluation
 67 | - [ ] https://github.com/jrgventura7/SemgrepDemo
 68 | - [ ] https://github.com/imfht/my-semgrep-rules
 69 | - [ ] https://github.com/hsparmar1/semgrep-jdbc-demo
 70 | - [ ] https://github.com/minusworld/semgrep-library
 71 | - [ ] https://github.com/guyinatuxedo/semgrep
 72 | - [ ] https://github.com/dsocastillo/semgreptest
 73 | - [ ] https://github.com/returntocorp/semgrep-java
 74 | - [ ] https://github.com/majidmc2/SecSnake
 75 | - [ ] https://github.com/returntocorp/semgrep-go
 76 | - [ ] https://github.com/wahyuhadi/semgrep-integrator
 77 | - [ ] https://github.com/0xdea/semgrep-rules
 78 | - [ ] https://github.com/pingvin1341/semgrep-pipeline
 79 | - [ ] https://github.com/gabrielg/codeclimate-semgrep
 80 | - [ ] https://github.com/devidwfreitas/intro-to-semgrep
 81 | - [ ] https://github.com/allwin101/intro-to-semgrep
 82 | - [ ] https://github.com/007divyachawla/intro-to-semgrep
 83 | - [ ] https://github.com/MarceloSFlori/intro-to-semgrep
 84 | - [ ] https://github.com/tezamukkavilli-cpi/intro-to-semgrep
 85 | - [ ] https://github.com/ymmatheus/intro-to-semgrep
 86 | - [ ] https://github.com/phani-gadupudi/intro-to-semgrep
 87 | - [ ] https://github.com/hsparmar1/semgrep-java-owasp
 88 | 
 89 | ## 02-Semgrep基础
 90 | 
 91 |  本章节介绍Semgrep的基础用法及设计思路实现原理等！
 92 | 
 93 | 一、Semgrep安装
 94 | 
 95 | 二、Semgrep使用
 96 | ## 03-Semgrep规则
 97 | 
 98 | 本章节介绍QL语言的语法规则，包括优秀规则等内容。
 99 | 
100 | 一、基础语法
101 | 
102 | 二、规则编写
103 | - Java
104 | - C#
105 | - Go
106 | 
107 | 三、官方规则
108 | 
109 | 四、优秀规则
110 | ## 04-Semgrep进阶
111 | 
112 | 本章节是针对不同的开发语言进行Semgrep扫描的例子，本章节待整理。
113 | 
114 | 一、Java安全分析
115 | 
116 | 二、C#安全分析
117 | 
118 | 三、Golang安全分析
119 | 
120 | 四、Python
121 | 
122 | 五、C++安全分析
123 | 
124 | 六、Ruby
125 | 
126 | 七、Semgrep工具
127 | ## 05-Semgrep案例
128 | 
129 | 本章节介绍Semgrep的具体使用案例，包括自己通过Semgrep挖掘的漏洞等内容。
130 | 
131 | 一、大型应用分析
132 | - 分析Shiro
133 |   - https://www.freebuf.com/articles/web/321757.html
134 | - 分析Fastjson
135 | - 分析Log4j
136 | - 分析Dubbo
137 | - 分析kylin
138 | - 分析grafana
139 | - 分析Hadoop
140 | - 分析Struts2
141 | 
142 | 二、代码审计案例
143 | ## 06-Semgrep参考
144 | 
145 | - https://github.com/ASTTeam/Semgrep
146 | 
147 | ## Stargazers
148 | 
149 | [![Stargazers @ASTTeam/Semgrep](https://reporoster.com/stars/ASTTeam/Semgrep)](https://github.com/ASTTeam/Semgrep/stargazers)
150 | 
151 | ## Forkers
152 | 
153 | [![Forkers @ASTTeam/Semgrep](https://reporoster.com/forks/ASTTeam/Semgrep)](https://github.com/ASTTeam/Semgrep/network/members)
154 | 
155 | 
156 | 
157 | ![Stargazers over time](https://starchart.cc/ASTTeam/Semgrep.svg)


--------------------------------------------------------------------------------