{"id":1298,"date":"2022-04-11T09:21:01","date_gmt":"2022-04-11T07:21:01","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=1298"},"modified":"2025-10-21T09:28:04","modified_gmt":"2025-10-21T09:28:04","slug":"semgrep-ruleset-for-c-c-vulnerability-research","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/","title":{"rendered":"Semgrep ruleset for C\/C++ vulnerability research"},"content":{"rendered":"<blockquote><p><em>\u201cThe attack surface is the vulnerability. Finding a bug there is just a detail.\u201d<\/em><br \/>\n<em>&#8212; Mark Dowd<\/em><\/p><\/blockquote>\n<h3>TL;DR<\/h3>\n<p>Go grab <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\">my Semgrep ruleset<\/a> for C\/C++ vulnerability research, and happy hacking!<\/p>\n<h3>Backstory<\/h3>\n<p class=\"p1\">In the past few years, I\u2019ve been mostly doing <strong>vulnerability research<\/strong>\u00a0against <a href=\"https:\/\/github.com\/0xdea\/raptor_romhack21\">proprietary<\/a> and <a href=\"https:\/\/github.com\/0xdea\/raptor_infiltrate20\">closed-source<\/a> <a href=\"https:\/\/github.com\/0xdea\/raptor_infiltrate19\">software<\/a>. However, at <a href=\"https:\/\/hnsecurity.it\/\">HN Security<\/a> we\u2019re experiencing an increasing demand for <strong>source-assisted penetration tests<\/strong> and white box assessments in general (about time, that&#8217;s a welcome evolution!). Therefore, in order to increase both speed and quality of our assessments, we\u2019ve been scouting for tools that could help us automate some of the most boring and repetitive audit tasks. Enter <a href=\"https:\/\/semgrep.dev\/\">Semgrep<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Semgrep by <a href=\"https:\/\/twitter.com\/r2cdev?ref_src=twsrc%5Etfw\">@r2cdev<\/a> is amazing! I\u2019ve been postponing checking it out for too long and oh boy I\u2019ve been missing out. <a href=\"https:\/\/t.co\/vTTC5ZTY0N\">https:\/\/t.co\/vTTC5ZTY0N<\/a><\/p>\n<p>&mdash; raptor@infosec.exchange (@0xdea) <a href=\"https:\/\/twitter.com\/0xdea\/status\/1502926673334968325?ref_src=twsrc%5Etfw\">March 13, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>A brief intro to Semgrep<\/h3>\n<p>According to the <a href=\"https:\/\/semgrep.dev\/docs\/\">official documentation<\/a>, Semgrep is a lightweight, open-source, <strong>static analysis tool<\/strong> for finding bugs and enforcing code standards. It supports many different languages and can find bug variants with patterns that look like source code. Together with the tool, a <a href=\"https:\/\/github.com\/returntocorp\/semgrep-rules\">collection<\/a> of <strong>pre-written rules<\/strong> is provided. You can test rules live using the <a href=\"https:\/\/semgrep.dev\/r\">registry<\/a> and the <a href=\"https:\/\/semgrep.dev\/playground\">playground<\/a>.<\/p>\n<p>Here&#8217;s how a basic <a href=\"https:\/\/semgrep.dev\/playground?registry=c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn\">rule<\/a> is able to match a pattern in C source code:<\/p>\n<figure id=\"attachment_1370\" aria-describedby=\"caption-attachment-1370\" style=\"width: 2788px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/semgrep.dev\/playground?registry=c.lang.security.insecure-use-gets-fn.insecure-use-gets-fn\"><img decoding=\"async\" class=\"wp-image-1370 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/03\/Screenshot-2022-03-28-at-10.06.45-2.png\" alt=\"\" width=\"2788\" height=\"1432\" \/><\/a><figcaption id=\"caption-attachment-1370\" class=\"wp-caption-text\">Semgrep in action<\/figcaption><\/figure>\n<p>Nifty, isn&#8217;t it? In my opinion, the true strength of Semgrep lies in its <strong>simplicity<\/strong>.<\/p>\n<h3>My ruleset<\/h3>\n<p>We&#8217;ve been using Semgrep successfully on our white box web application engagements for a while. However, one thing I noticed when approaching Semgrep standard rulesets is that there&#8217;s a serious lack of rules for C\/C++ code. Since I do a lot of work with these languages, I set off to write my own <strong>custom rules for C\/C++ vulnerability research<\/strong>. They&#8217;re mostly focused on Linux and POSIX systems, and are built on my experience in the field and on some fundamental knowledge resources, such as <em>&#8220;The Art of Software Security Assessment&#8221;<\/em> (<a href=\"https:\/\/g.co\/kgs\/RRdcDs\">TAOSSA<\/a>).<\/p>\n<p>In a few weeks, I managed to put together <strong>36 new rules<\/strong>. I collected them all in this public repository on GitHub: <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\">https:\/\/github.com\/0xdea\/semgrep-rules<\/a><\/p>\n<figure id=\"attachment_1494\" aria-describedby=\"caption-attachment-1494\" style=\"width: 640px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/github.com\/0xdea\"><img decoding=\"async\" class=\"wp-image-1494 size-large\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/IMG_0002-2-1024x344.jpg\" alt=\"\" width=\"640\" height=\"215\" \/><\/a><figcaption id=\"caption-attachment-1494\" class=\"wp-caption-text\">My GitHub activity has peaked while working on this project<\/figcaption><\/figure>\n<p>Here&#8217;s my ruleset in action against some <a href=\"https:\/\/github.com\/struct\/mms\">sample source code<\/a>, courtesy of <a href=\"https:\/\/twitter.com\/chrisrohlf\">Chris Rohlf<\/a>:<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.09.04-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-1500 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.09.04-1.png\" alt=\"\" width=\"2880\" height=\"1462\" \/><\/a><\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.12.23-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-1501 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.12.23-1.png\" alt=\"\" width=\"2880\" height=\"714\" \/><\/a><\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.14.48-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-1502 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.14.48-1.png\" alt=\"\" width=\"2880\" height=\"890\" \/><\/a><\/p>\n<figure id=\"attachment_1503\" aria-describedby=\"caption-attachment-1503\" style=\"width: 2880px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.15.30-1.png\"><img decoding=\"async\" class=\"wp-image-1503 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2022\/04\/Screenshot-2022-04-10-at-16.15.30-1.png\" alt=\"\" width=\"2880\" height=\"1242\" \/><\/a><figcaption id=\"caption-attachment-1503\" class=\"wp-caption-text\">Let&#8217;s hunt for some bugs!<\/figcaption><\/figure>\n<p>A word of caution. Semgrep&#8217;s support for C\/C++ is still <a href=\"https:\/\/semgrep.dev\/docs\/language-support\/\">experimental<\/a> and somewhat <a href=\"https:\/\/github.com\/returntocorp\/semgrep\/issues\/4939\">limited<\/a>, especially if compared with the mature support that some other languages such as Java, Python, and Go enjoy. This means I couldn&#8217;t harness the full power of Semgrep&#8217;s pattern matching engine. In addition, as most other Semgrep rules, my rules aren&#8217;t perfect. That said, they should be able to help you <strong>*get things done*<\/strong>. That\u2019s my mantra when it comes to security research.<\/p>\n<h3>Conclusion<\/h3>\n<p>I hope my Semgrep ruleset will help you with your vulnerability research tasks. I&#8217;ll continue to update and improve it in the future. However, any generic rules can&#8217;t possibly be a perfect fit for all scenarios. Therefore, I invite you to <strong>explore Semgrep yourself<\/strong> and write the custom rules you need. To get started, I recommend their excellent <a href=\"https:\/\/semgrep.dev\/learn\">tutorial<\/a>, which should get you up to speed in one hour or so. Feel free to use my rules as a template, pull requests are welcome!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cThe attack surface is the vulnerability. Finding a bug there is just a detail.\u201d &#8212; Mark Dowd TL;DR Go grab [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159955,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[91,88],"tags":[96,116,117,162,82],"class_list":["post-1298","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles","category-tools","tag-static-analysis","tag-c-c","tag-code-review","tag-semgrep","tag-vulnerability-research"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security - Semgrep ruleset for C\/C++ vulnerability research -<\/title>\n<meta name=\"description\" content=\"Introducing a brand new, comprehensive Semgrep ruleset for C\/C++ SAST and vulnerability research.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security - Semgrep ruleset for C\/C++ vulnerability research -\" \/>\n<meta property=\"og:description\" content=\"Introducing a brand new, comprehensive Semgrep ruleset for C\/C++ SAST and vulnerability research.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-11T07:21:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:28:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"Semgrep ruleset for C\\\/C++ vulnerability research\",\"datePublished\":\"2022-04-11T07:21:01+00:00\",\"dateModified\":\"2025-10-21T09:28:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/\"},\"wordCount\":568,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/SEMGREP.jpg\",\"keywords\":[\"static analysis\",\"c\\\/c++\",\"code review\",\"semgrep\",\"vulnerability research\"],\"articleSection\":[\"Articles\",\"Tools\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/\",\"name\":\"HN Security - Semgrep ruleset for C\\\/C++ vulnerability research -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/SEMGREP.jpg\",\"datePublished\":\"2022-04-11T07:21:01+00:00\",\"dateModified\":\"2025-10-21T09:28:04+00:00\",\"description\":\"Introducing a brand new, comprehensive Semgrep ruleset for C\\\/C++ SAST and vulnerability research.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/SEMGREP.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/SEMGREP.jpg\",\"width\":1600,\"height\":836,\"caption\":\"Semgrep logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/semgrep-ruleset-for-c-c-vulnerability-research\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Semgrep ruleset for C\\\/C++ vulnerability research\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security - Semgrep ruleset for C\/C++ vulnerability research -","description":"Introducing a brand new, comprehensive Semgrep ruleset for C\/C++ SAST and vulnerability research.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security - Semgrep ruleset for C\/C++ vulnerability research -","og_description":"Introducing a brand new, comprehensive Semgrep ruleset for C\/C++ SAST and vulnerability research.","og_url":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/","og_site_name":"HN Security","article_published_time":"2022-04-11T07:21:01+00:00","article_modified_time":"2025-10-21T09:28:04+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"Semgrep ruleset for C\/C++ vulnerability research","datePublished":"2022-04-11T07:21:01+00:00","dateModified":"2025-10-21T09:28:04+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/"},"wordCount":568,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","keywords":["static analysis","c\/c++","code review","semgrep","vulnerability research"],"articleSection":["Articles","Tools"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/","url":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/","name":"HN Security - Semgrep ruleset for C\/C++ vulnerability research -","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","datePublished":"2022-04-11T07:21:01+00:00","dateModified":"2025-10-21T09:28:04+00:00","description":"Introducing a brand new, comprehensive Semgrep ruleset for C\/C++ SAST and vulnerability research.","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","width":1600,"height":836,"caption":"Semgrep logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/semgrep-ruleset-for-c-c-vulnerability-research\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"Semgrep ruleset for C\/C++ vulnerability research"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/SEMGREP.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=1298"}],"version-history":[{"count":1,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1298\/revisions"}],"predecessor-version":[{"id":159987,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/1298\/revisions\/159987"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159955"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=1298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=1298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=1298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}