EVM Engineering: apply semgrep rules to contracts tests

[smartcontracts]

Background

• Semgrep is a tool we use for scanning code locally
• Semgrep rules are defined in .semgrep/sol-rules.yaml
• Semgrep helps ensure our contracts conform to specific style and safety requirements

Current Problem

• Semgrep uses .semgrepignore to exclude certain files/directories from scanning
• Currently, .semgrepignore excludes the contract tests (test/ and tests/ directories)
• We want to include contract tests in our Semgrep scans to improve code quality and consistency

Proposed Solution

We'll approach this in phases to manage the scope of changes:

Phase 1: Adjust Semgrep Configuration

1. Create a PR to modify .semgrepignore:
   • Remove test/ and tests/ entries
2. In the same PR, update .semgrep/sol-rules.yaml:
   • Add contracts-bedrock tests to the exclusions for each rule

Phase 2: Rule-by-Rule Integration

For each subsequent PR:

1. Select a single rule from .semgrep/sol-rules.yaml
2. Remove the contracts-bedrock tests exclusion for that rule
3. Run Semgrep and identify any violations in the contract tests
4. Fix the identified issues in the contract tests
5. Update the PR with both the rule change and the test fixes