semgrep-rule-creator

The semgrep-rule-creator skill provides a rigorous, test-driven framework for developing custom static analysis rules. Designed for security engineers and developers, it guides the entire lifecycle of rule authoring—from initial problem analysis and AST (Abstract Syntax Tree) examination to iterative testing and final rule optimization. By enforcing a strict 'test-first' methodology, this skill ensures that new detection patterns are both effective at identifying vulnerabilities and resilient against false positives.

• Facilitates the creation of high-quality Semgrep rules, including support for taint-mode analysis to track untrusted data flow from sources to sinks.

• Guides users through an iterative workflow: analyze the problem, write unit tests, explore AST structures, implement the rule, verify against tests, and perform final optimizations.

• Integrates mandatory verification steps, requiring the use of 'semgrep --test' to ensure 100% pass rates before rules are finalized.

• Helps identify complex code patterns, security vulnerabilities, and adherence to internal coding standards across multiple languages.

• Use this skill to target specific bug classes like injection, insecure API usage, or hardcoded sensitive data that generic rules often miss.

• Requires local execution of tests; rules must be organized as one YAML file per rule, accompanied by a dedicated test file with valid ruleid/ok annotations.

• Strictly prohibits the use of generic pattern matching for language-specific security checks and forbids the inclusion of 'todook' or 'todoruleid' markers.

• Expected output includes a structured directory containing the rule YAML and corresponding test source files, enabling automated validation and production-ready deployments.

• Designed to reduce noise by prioritizing taint-mode analysis, which contextually differentiates between safe and dangerous function calls, thereby reducing the manual effort required for false-positive triaging.