Tinkering with semgrep

A couple years ago I was introduced to semgrep (together with defectdojo

) but I never really paid much attention to this tool until recently I had an itch to scratch.

The itch: all (curl) network calls must always have an associated timeout.

This can be (easily) achieved with semgrep using the following rule:

Took me a bit of fiddling to find the right pattern incantation, but seems to work.
Link to rule in semgrep playground.

unicolet.org