Semgrep: Writing quick rules to verify ideas

I use semgrep for semantic search (and replace, sometimes).<p>Their docs and website try very hard to suggest you should use it for some kind of CI process, but so far I haven&#x27;t found any need to do so. I can maybe see it being useful in a pre-commit hook.<p>It&#x27;s VERY handy for semantic searches though - in situations where ripgrep would be useless due to multi-line matches.<p>I set up this alias to make it a bit less verbose for Python patterns:<p><pre><code> pygrep () { pat=&quot;$1&quot; shift filez=&quot;$*&quot; bash -xc &quot;semgrep --lang=python --pattern &#x27;$pat&#x27; $filez&quot; } </code></pre> Usage is something like:<p><pre><code> pygrep &#x27;myfunc(..., needle_arg=..., ...)&#x27;</code></pre>

I was looking for something like this the other day but then ended up just using RubyVM::AbstractSyntaxTree.parse_file and then rolled my own visitor on top of the AST. It&#x27;s cool what they can do here but I think any language that exposes its AST is amenable to this kind of analysis, you just have to write some code to do it. The main bottleneck in my experience is just being familiar with the AST structure and how it maps to source syntax. It&#x27;s cool that they have abstracted a lot of the commonality among several languages, definitely gonna look into this next time I need semantic code search.

Very cool. Thank you for writing this!