I just saw this, haven't had a chance to try yet, but it looks very nice. The idea is a "grep" style tool that understands language scoping and semantics well enough to be useful as a semantic search tool and a simple linter, currently implemented for C / Java / JavaScript / Python / Go . It also has a ruleset database of code errors/smells that should help find security issues and other errors although from what I can tell, it's mostly Python rules so far with only a few for other languages.
It supposedly allows, for example, a grep for `os.system(...)` in Python to find direct uses after `import os`, or unqualified uses after `from os import system` and even stuff like `from os import system as execute; execute(args)` and `import os as x; x.system(args)`. Also allows matching on parameter values, backreferences and other stuff. I think it could be useful for Nim (as another backend, perhaps some ideas integrated directly into the compiler or nimgrep). Still thinking about what rules I would write and what searches I would use, and I think it's much LESS useful for Nim than it is for e.g. Python or JS because the Nim compiler & tooling do so much more than Python or JS - but still, I think it's a neat idea and wanted to share. Project: [https://github.com/returntocorp/semgrep](https://github.com/returntocorp/semgrep) Slides: [https://r2c.dev/HellaSecureSemgrep.pdf](https://r2c.dev/HellaSecureSemgrep.pdf) Rules: [https://github.com/returntocorp/semgrep-rules](https://github.com/returntocorp/semgrep-rules)
