CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-semgrep

Lightweight static analysis for many languages with programmatic Python API for custom integrations.

Pending
Overview
Eval results
Files

error-handling.mddocs/

Error Handling System

Exception hierarchy and error management functions for handling various types of errors that can occur during scanning and rule processing.

Capabilities

Exception Classes

Comprehensive exception hierarchy for different error types.

class SemgrepError(Exception):
    """
    Base exception class for all Semgrep-specific errors.
    
    All custom semgrep exceptions inherit from this base class
    to enable catch-all error handling.
    
    Attributes:
    - code (int): Error code for programmatic handling
    - level (str): Error level (ERROR, WARNING, INFO)
    - span_context (dict): Source code context if applicable
    """
    def __init__(self, message, code=None, level="ERROR"): ...

class SemgrepCoreError(SemgrepError):
    """
    Errors from the semgrep-core engine.
    
    Raised when the core analysis engine encounters issues
    during pattern matching or AST analysis.
    
    Attributes:
    - core_error_type (str): Type of core engine error
    - rule_id (str): Rule ID that caused the error if applicable
    """
    def __init__(self, message, core_error_type=None, rule_id=None): ...

class InvalidScanningRootError(SemgrepError):
    """
    Invalid scan root directory error.
    
    Raised when the specified scanning root directory
    doesn't exist or isn't accessible.
    
    Attributes:
    - attempted_path (str): Path that was attempted
    """
    def __init__(self, message, attempted_path=None): ...

class ErrorWithSpan(SemgrepError):
    """
    Errors with source code location context.
    
    Provides additional context about where in the source
    code the error occurred.
    
    Attributes:
    - span (dict): Source location information
    - file_path (str): File where error occurred
    - line_number (int): Line number of error
    """
    def __init__(self, message, span=None, file_path=None): ...

class InvalidRuleSchemaError(SemgrepError):
    """
    Invalid rule schema validation error.
    
    Raised when a rule doesn't conform to the expected
    YAML schema or has invalid syntax.
    
    Attributes:
    - rule_id (str): ID of the invalid rule
    - schema_errors (list): List of specific schema violations
    """
    def __init__(self, message, rule_id=None, schema_errors=None): ...

class UnknownLanguageError(SemgrepError):
    """
    Unsupported programming language error.
    
    Raised when trying to analyze code in a language
    that semgrep doesn't support.
    
    Attributes:
    - language (str): The unsupported language
    - available_languages (list): List of supported languages
    """
    def __init__(self, message, language=None, available_languages=None): ...

class DependencyResolutionSemgrepError(SemgrepError):
    """
    Dependency resolution errors.
    
    Raised when semgrep cannot resolve project dependencies
    for dependency-aware analysis.
    
    Attributes:
    - dependency_manager (str): Type of dependency manager (npm, pip, etc.)
    - resolution_errors (list): Specific resolution failures
    """
    def __init__(self, message, dependency_manager=None, resolution_errors=None): ...

Error Management Functions

Functions for tracking and filtering errors.

def mark_semgrep_error_as_reported(error):
    """
    Mark a semgrep error as having been reported to avoid duplicates.
    
    Parameters:
    - error (SemgrepError): Error to mark as reported
    
    Returns:
    None
    """

def is_semgrep_error_already_reported(error):
    """
    Check if a semgrep error has already been reported.
    
    Parameters:
    - error (SemgrepError): Error to check
    
    Returns:
    bool: True if error was already reported
    """

def select_real_errors(errors):
    """
    Filter for actual errors versus warnings from error list.
    
    Parameters:
    - errors (list): List of error objects to filter
    
    Returns:
    list: Filtered list containing only real errors
    """

def format_error_message(error, include_span=True):
    """
    Format error message for display.
    
    Parameters:
    - error (SemgrepError): Error to format
    - include_span (bool): Whether to include source code context
    
    Returns:
    str: Formatted error message
    """

Constants

Exit Codes

Standard exit codes used by semgrep for different outcomes.

OK_EXIT_CODE = 0                    # Scan completed successfully, no findings
FINDINGS_EXIT_CODE = 1              # Scan completed successfully, findings found
FATAL_EXIT_CODE = 2                 # Fatal error occurred during scan
INVALID_LANGUAGE_EXIT_CODE = 3      # Invalid or unsupported language specified
UNPARSEABLE_YAML_EXIT_CODE = 4      # Invalid YAML in configuration
NEED_ARBITRARY_CODE_EXEC_EXIT_CODE = 5  # Arbitrary code execution required
MISSING_CONFIG_EXIT_CODE = 6        # No configuration provided
INVALID_CONFIG_EXIT_CODE = 7        # Invalid configuration
UNPARSEABLE_PATTERN_EXIT_CODE = 8   # Invalid pattern syntax
FATAL_RULE_PARSE_ERROR_EXIT_CODE = 9  # Fatal rule parsing error

Error Levels

class ErrorLevel:
    """
    Error severity levels.
    
    Values:
    - ERROR: Critical errors that prevent operation
    - WARNING: Issues that should be addressed but don't prevent operation  
    - INFO: Informational messages
    """
    ERROR = "ERROR"
    WARNING = "WARNING"
    INFO = "INFO"

Usage Examples

Basic Error Handling

from semgrep.error import SemgrepError, SemgrepCoreError, InvalidRuleSchemaError
from semgrep.run_scan import run_scan_and_return_json

try:
    results = run_scan_and_return_json(target_manager, config)
except InvalidRuleSchemaError as e:
    print(f"Rule validation failed: {e}")
    print(f"Invalid rule: {e.rule_id}")
    for schema_error in e.schema_errors:
        print(f"  - {schema_error}")
        
except SemgrepCoreError as e:
    print(f"Core engine error: {e}")
    if e.rule_id:
        print(f"Rule causing error: {e.rule_id}")
        
except SemgrepError as e:
    print(f"Semgrep error: {e}")
    print(f"Error code: {e.code}")
    print(f"Error level: {e.level}")

Error Filtering and Reporting

from semgrep.error import select_real_errors, mark_semgrep_error_as_reported

# Assume we have a list of errors from scanning
all_errors = [...]  # List of various error types

# Filter for real errors (not warnings)
real_errors = select_real_errors(all_errors)

# Process each error
for error in real_errors:
    if not is_semgrep_error_already_reported(error):
        print(f"New error: {error}")
        # Handle the error...
        mark_semgrep_error_as_reported(error)

Custom Error Handling

from semgrep.error import SemgrepError, ErrorLevel

class CustomAnalysisError(SemgrepError):
    """Custom error for specific analysis failures."""
    def __init__(self, message, analysis_type=None):
        super().__init__(message, level=ErrorLevel.ERROR)
        self.analysis_type = analysis_type

# Usage in custom analysis code
def custom_analysis():
    try:
        # Perform analysis...
        pass
    except Exception as e:
        raise CustomAnalysisError(
            f"Custom analysis failed: {e}",
            analysis_type="dependency_analysis"
        )

Install with Tessl CLI

npx tessl i tessl/pypi-semgrep

docs

cicd-integration.md

configuration.md

core-scanning.md

error-handling.md

index.md

output-formatting.md

rules-matches.md

target-management.md

tile.json