From 43cd2c847f4cae10cadc313119efa8abcaecce3c Mon Sep 17 00:00:00 2001
From: Nicholas Ellul <nicholas.ellul1@gmail.com>
Date: Fri, 17 Jan 2025 12:04:27 -0500
Subject: [PATCH] Add CI Step to validate & test semgrep rules

---
 .github/workflows/test.yml | 24 ++++++++++++++++++++++++
 bin/test                   |  4 ++++
 bin/validate-rules         |  4 ++++
 3 files changed, 32 insertions(+)
 create mode 100644 .github/workflows/test.yml
 create mode 100755 bin/test
 create mode 100755 bin/validate-rules

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..e62cca3
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,24 @@
+name: Test Semgrep Rules
+
+on: [push]
+
+jobs:
+  validate-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Install Semgrep
+        run: |
+          pip install semgrep
+
+      - name: Validate Rules
+        run: |
+          bin/validate-rules
+        shell: bash
+
+      - name: Run Rule Tests
+        run: |
+          bin/test
+        shell: bash
\ No newline at end of file
diff --git a/bin/test b/bin/test
new file mode 100755
index 0000000..979e9de
--- /dev/null
+++ b/bin/test
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Run semgrep test cases for specific rules
+semgrep --test --config rules/src/ rules/test/
diff --git a/bin/validate-rules b/bin/validate-rules
new file mode 100755
index 0000000..94b6af4
--- /dev/null
+++ b/bin/validate-rules
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Validate config is valid before testing
+semgrep --validate --config ./rules/src
\ No newline at end of file