[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-027088e5-ca4a-4b35-986e-89009b9b1cbc":3,"$f5UgywbN7cirHovOIu9JcaRNrhchOJ6kcv8ExyVuZMkQ":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"027088e5-ca4a-4b35-986e-89009b9b1cbc","semgrep-rule-variant-creator","创建现有Semgrep规则的语言变体。用于将Semgrep规则移植到指定的目标语言。接受现有规则和目标语言作为输入，为每种语言生成独立的规则+测试目录。","cat_life_career","mod_other","sickn33,other","---\nname: semgrep-rule-variant-creator\ndescription: Creates language variants of existing Semgrep rules. Use when porting a Semgrep rule to specified target languages. Takes an existing rule and target languages as input, produces independent rule+test directories for each language.\nallowed-tools:\n ...\nrisk: unknown\nsource: community\n---\n\n# Semgrep Rule Variant Creator\n\nPort existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation.\n\n## When to Use\n**Ideal scenarios:**\n- Porting an existing Semgrep rule to one or more target languages\n- Creating language-specific variants of a universal vulnerability pattern\n- Expanding rule coverage across a polyglot codebase\n- Translating rules between languages with equivalent constructs\n\n## When NOT to Use\n\nDo NOT use this skill for:\n- Creating a new Semgrep rule from scratch (use `semgrep-rule-creator` instead)\n- Running existing rules against code\n- Languages where the vulnerability pattern fundamentally doesn't apply\n- Minor syntax variations within the same language\n\n## Input Specification\n\nThis skill requires:\n1. **Existing Semgrep rule** - YAML file path or YAML rule content\n2. **Target languages** - One or more languages to port to (e.g., \"Golang and Java\")\n\n## Output Specification\n\nFor each applicable target language, produces:\n```\n\u003Coriginal-rule-id>-\u003Clanguage>\u002F\n├── \u003Coriginal-rule-id>-\u003Clanguage>.yaml     # Ported Semgrep rule\n└── \u003Coriginal-rule-id>-\u003Clanguage>.\u003Cext>    # Test file with annotations\n```\n\nExample output for porting `sql-injection` to Go and Java:\n```\nsql-injection-golang\u002F\n├── sql-injection-golang.yaml\n└── sql-injection-golang.go\n\nsql-injection-java\u002F\n├── sql-injection-java.yaml\n└── sql-injection-java.java\n```\n\n## Rationalizations to Reject\n\nWhen porting Semgrep rules, reject these common shortcuts:\n\n| Rationalization | Why It Fails | Correct Approach |\n|-----------------|--------------|------------------|\n| \"Pattern structure is identical\" | Different ASTs across languages | Always dump AST for target language |\n| \"Same vulnerability, same detection\" | Data flow differs between languages | Analyze target language idioms |\n| \"Rule doesn't need tests since original worked\" | Language edge cases differ | Write NEW test cases for target |\n| \"Skip applicability - it obviously applies\" | Some patterns are language-specific | Complete applicability analysis first |\n| \"I'll create all variants then test\" | Errors compound, hard to debug | Complete full cycle per language |\n| \"Library equivalent is close enough\" | Surface similarity hides differences | Verify API semantics match |\n| \"Just translate the syntax 1:1\" | Languages have different idioms | Research target language patterns |\n\n## Strictness Level\n\nThis workflow is **strict** - do not skip steps:\n- **Applicability analysis is mandatory**: Don't assume patterns translate\n- **Each language is independent**: Complete full cycle before moving to next\n- **Test-first for each variant**: Never write a rule without test cases\n- **100% test pass required**: \"Most tests pass\" is not acceptable\n\n## Overview\n\nThis skill guides the creation of language-specific variants of existing Semgrep rules. Each target language goes through an independent 4-phase cycle:\n\n```\nFOR EACH target language:\n  Phase 1: Applicability Analysis → Verdict\n  Phase 2: Test Creation (Test-First)\n  Phase 3: Rule Creation\n  Phase 4: Validation\n  (Complete full cycle before moving to next language)\n```\n\n## Foundational Knowledge\n\n**The `semgrep-rule-creator` skill is the authoritative reference for Semgrep rule creation fundamentals.** While this skill focuses on porting existing rules to new languages, the core principles of writing quality rules remain the same.\n\nConsult `semgrep-rule-creator` for guidance on:\n- **When to use taint mode vs pattern matching** - Choosing the right approach for the vulnerability type\n- **Test-first methodology** - Why tests come before rules and how to write effective test cases\n- **Anti-patterns to avoid** - Common mistakes like overly broad or overly specific patterns\n- **Iterating until tests pass** - The validation loop and debugging techniques\n- **Rule optimization** - Removing redundant patterns after tests pass\n\nWhen porting a rule, you're applying these same principles in a new language context. If uncertain about rule structure or approach, refer to `semgrep-rule-creator` first.\n\n## Four-Phase Workflow\n\n### Phase 1: Applicability Analysis\n\nBefore porting, determine if the pattern applies to the target language.\n\n**Analysis criteria:**\n1. Does the vulnerability class exist in the target language?\n2. Does an equivalent construct exist (function, pattern, library)?\n3. Are the semantics similar enough for meaningful detection?\n\n**Verdict options:**\n- `APPLICABLE` → Proceed with variant creation\n- `APPLICABLE_WITH_ADAPTATION` → Proceed but significant changes needed\n- `NOT_APPLICABLE` → Skip this language, document why\n\nSee applicability-analysis.md for detailed guidance.\n\n### Phase 2: Test Creation (Test-First)\n\n**Always write tests before the rule.**\n\nCreate test file with target language idioms:\n- Minimum 2 vulnerable cases (`ruleid:`)\n- Minimum 2 safe cases (`ok:`)\n- Include language-specific edge cases\n\n```go\n\u002F\u002F ruleid: sql-injection-golang\ndb.Query(\"SELECT * FROM users WHERE id = \" + userInput)\n\n\u002F\u002F ok: sql-injection-golang\ndb.Query(\"SELECT * FROM users WHERE id = ?\", userInput)\n```\n\n### Phase 3: Rule Creation\n\n1. **Analyze AST**: `semgrep --dump-ast -l \u003Clang> test-file`\n2. **Translate patterns** to target language syntax\n3. **Update metadata**: language key, message, rule ID\n4. **Adapt for idioms**: Handle language-specific constructs\n\nSee language-syntax-guide.md for translation guidance.\n\n### Phase 4: Validation\n\n```bash\n# Validate YAML\nsemgrep --validate --config rule.yaml\n\n# Run tests\nsemgrep --test --config rule.yaml test-file\n```\n\n**Checkpoint**: Output MUST show `All tests passed`.\n\nFor taint rule debugging:\n```bash\nsemgrep --dataflow-traces -f rule.yaml test-file\n```\n\nSee workflow.md for detailed workflow and troubleshooting.\n\n## Quick Reference\n\n| Task | Command |\n|------|---------|\n| Run tests | `semgrep --test --config rule.yaml test-file` |\n| Validate YAML | `semgrep --validate --config rule.yaml` |\n| Dump AST | `semgrep --dump-ast -l \u003Clang> \u003Cfile>` |\n| Debug taint flow | `semgrep --dataflow-traces -f rule.yaml file` |\n\n\n## Key Differences from Rule Creation\n\n| Aspect | semgrep-rule-creator | This skill |\n|--------|---------------------|------------|\n| Input | Bug pattern description | Existing rule + target languages |\n| Output | Single rule+test | Multiple rule+test directories |\n| Workflow | Single creation cycle | Independent cycle per language |\n| Phase 1 | Problem analysis | Applicability analysis per language |\n| Library research | Always relevant | Optional (when original uses libraries) |\n\n## Documentation\n\n**REQUIRED**: Before porting rules, read relevant Semgrep documentation:\n\n- [Rule Syntax](https:\u002F\u002Fsemgrep.dev\u002Fdocs\u002Fwriting-rules\u002Frule-syntax) - YAML structure and operators\n- [Pattern Syntax](https:\u002F\u002Fsemgrep.dev\u002Fdocs\u002Fwriting-rules\u002Fpattern-syntax) - Pattern matching and metavariables\n- [Pattern Examples](https:\u002F\u002Fsemgrep.dev\u002Fdocs\u002Fwriting-rules\u002Fpattern-examples) - Per-language pattern references\n- [Testing Rules](https:\u002F\u002Fsemgrep.dev\u002Fdocs\u002Fwriting-rules\u002Ftesting-rules) - Testing annotations\n- [Trail of Bits Testing Handbook](https:\u002F\u002Fappsec.guide\u002Fdocs\u002Fstatic-analysis\u002Fsemgrep\u002Fadvanced\u002F) - Advanced patterns\n\n## Next Steps\n\n- For applicability analysis guidance, see applicability-analysis.md\n- For language translation guidance, see language-syntax-guide.md\n- For detailed workflow and examples, see workflow.md\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,111,168,"2026-05-16 13:38:38",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"868b2536-d033-4dad-8604-28b214020588","1.0.0","semgrep-rule-variant-creator.zip",3237,"uploads\u002Fskills\u002F027088e5-ca4a-4b35-986e-89009b9b1cbc\u002Fsemgrep-rule-variant-creator.zip","d8881f3e7bc090d62bb3c44f740231f5c9b31aaf9b30d82e6b0cfb20e9accf57","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":8090}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]