maint: move semgrep folder again (#12828)

Moves the semgrep folder back into .semgrep now that we worked out how to actually execute the tests when they're located inside of a hidden folder.

maint: move semgrep folder again (#12828)
Moves the semgrep folder back into .semgrep now that we worked out how to actually execute the tests when they're located inside of a hidden folder.
b6bd58ee · smartcontracts · GitHub · 15912abe · b6bd58ee · b6bd58ee
Commit b6bd58ee authored Nov 07, 2024 by smartcontracts Committed by GitHub Nov 06, 2024
6 changed files
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1314,10 +1314,10 @@ workflows:
            - contracts-bedrock-build
      - semgrep-scan:
          name: semgrep-scan-local
-          scan_command: semgrep scan --timeout=100 --config=./semgrep --error .
+          scan_command: semgrep scan --timeout=100 --config .semgrep/rules/ --error .
      - semgrep-scan:
          name: semgrep-test
-          scan_command: semgrep scan --test semgrep/
+          scan_command: semgrep scan --test --config .semgrep/rules/ .semgrep/tests/
      - go-lint
      - fuzz-golang:
          name: fuzz-golang-<<matrix.package_name>>

--- a/semgrep/sol-rules.yaml
+++ b/semgrep/sol-rules.yaml
--- a/semgrep/sol-rules.t.sol
+++ b/semgrep/sol-rules.t.sol
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -9,7 +9,7 @@ vendor/
 *.min.js

 # Semgrep rules folder
-semgrep/
+.semgrep/

 # Semgrep-action log folder
 .semgrep_logs/
--- a/justfile
+++ b/justfile
@@ -3,11 +3,11 @@ issues:

 # Runs semgrep on the entire monorepo.
 semgrep:
-  semgrep scan --config=semgrep --error .
+  semgrep scan --config .semgrep/rules/ --error .

 # Runs semgrep tests.
 semgrep-test:
-  semgrep scan --test semgrep/
+  semgrep scan --test --config .semgrep/rules/ .semgrep/tests/

 lint-shellcheck:
  find . -type f -name '*.sh' -not -path '*/node_modules/*' -not -path './packages/contracts-bedrock/lib/*' -not -path './packages/contracts-bedrock/kout*/*' -exec sh -c 'echo "Checking $1"; shellcheck "$1"' _ {} \;

--- a/packages/contracts-bedrock/justfile
+++ b/packages/contracts-bedrock/justfile
@@ -163,7 +163,7 @@ semver-diff-check: build semver-diff-check-no-build

 # Checks that the semgrep tests are valid.
 semgrep-test-validity-check:
-  forge fmt ../../semgrep/sol-rules.t.sol --check
+  forge fmt ../../.semgrep/tests/sol-rules.t.sol --check

 # Checks that forge test names are correctly formatted.
 lint-forge-tests-check:
@@ -199,11 +199,11 @@ check-kontrol-summaries-unchanged:

 # Runs semgrep on the contracts.
 semgrep:
-  cd ../../ && semgrep scan --config=semgrep ./packages/contracts-bedrock
+  cd ../../ && semgrep scan --config .semgrep/rules/ ./packages/contracts-bedrock

 # Runs semgrep tests.
 semgrep-test:
-  cd ../../ && semgrep scan --test semgrep
+  cd ../../ && semgrep scan --test --config .semgrep/rules/ .semgrep/tests/

 # TODO: Also run lint-forge-tests-check but we need to fix the test names first.
 # Runs all checks.