-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsemgrep_analyze.py
More file actions
41 lines (31 loc) · 1.33 KB
/
semgrep_analyze.py
File metadata and controls
41 lines (31 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import os
import subprocess
import json
# scan_results.json if you take outputs as json then use pretty json function.
class SemgrepAnalyzer:
def __init__(self, directory, output_file):
self.directory = directory
self.output_file = output_file
def analyze(self):
command = (
f"/root/.local/bin/semgrep scan {self.directory} " # Semgreps location in wsl and directory for scan
f"--output {self.output_file} " # Output file's directory
f"--json --include '*.css' --include '*.html' --include '*.js'" # Data types to scan/ --text, json, SARIF... these formats can be used too.
)
# Wsl shell subprocess for semgrep scan
try:
result = subprocess.run(
f"wsl {command}",
shell=True,
capture_output=True, # For debugging purposes
text=True,
encoding="utf-8"
)
# Error detection
if result.returncode != 0:
print(f"Error: {result.stderr}")
else:
print(f"Analysis complete. Output:\n{result.stdout}")
# Returns error
except subprocess.CalledProcessError as e:
print(f"Error has occurred while command runs: {e}")