lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi folks,

There exists this interesting project called semgrep: https://semgrep.dev/

The premise is that it's a "semantic grep", and can search for given high-level patterns in source code. This makes it useful for e.g. static analysis and searching for known problematic patterns (such as catching potential security issues). Communities are able to share generic and language/domain-specific rule sets.

Lua is currently not a supported language, but "should not be too difficult" to add according to a maintainer, given that the parser library they use does already support Lua. Implementation requires some work in OCaml.

I'm not currently in a position to work on this, but I think the tool would be a neat addition to the Lua ecosystem (as maintainer of a 40k+ LOC codebase, I can't help but want more tooling). I also know we have more than a few language geeks here who may like to hack at this kind of thing :)

For the (very brief) initial discussion see https://github.com/returntocorp/semgrep/issues/1931

Regards,
Matthew