Crest Infosolutions Git Repository

  1. 17 Aug, 2021 4 commits
    • brendon's avatar
      Release 0.62.0 · 5460dcfe
      brendon authored
      5460dcfe
    • Brendon Go's avatar
      Handle empty pattern error (#3723) · 3c009382
      Brendon Go authored
      * Handle empty pattern error
      
      * fixup! Handle empty pattern error
      3c009382
    • Iago Abal's avatar
      core: Fix fatal error "an equal is already in progress" (#3718) · f16a879f
      Iago Abal authored
      And added an optimized `Pattern_match.uniq` function to replace
      `Common.uniq_by`.
      
      Note that Semgrep returns the same matches as before, but sometimes in
      a different order.
      
      This issue was reported by a customer weeks ago but we could not figure
      it out without an example. I just happened to hit the same bug when
      benchmarking some taint rules.
      
      test plan:
      
          % make test
      
          % semgrep-core -timeout 5 -j 1 -profile -lang js \
               -config semgrep-rules/typescript/react/security/audit/react-props-injection.yaml \
               semgrep/parsing-stats/lang/javascript/tmp/mui-org-material-ui/test/bundling/fixtures/next-webpack5
      
            #^ Try it several times, it no longer triggers a fatal error
      
      Rule react-props-injection contains the following pattern:
      
          import $PROPS from "...";
          ...
      
      This pattern leads to more than 90k matches in
      lang/javascript/tmp/mui-org-material-ui/test/bundling/fixtures/next-webpack5/pages/next-webpack.fixture.js
      which causes Common.uniq_by to "explode". If we are unlucky and the
      analysis timesout while we are testing the equality of two ASTs, then
      `AST_utils.busy_with_equal` is left in the wrong state and all the
      subsequent equality tests will lead to a fatal error.
      f16a879f
    • Yoann Padioleau's avatar
      [C++] more refactoring in ast_cpp.ml (#3722) · 70ebf7e0
      Yoann Padioleau authored
      test plan:
      make test
      70ebf7e0
  2. 14 Aug, 2021 1 commit
  3. 13 Aug, 2021 2 commits
  4. 12 Aug, 2021 1 commit
  5. 11 Aug, 2021 4 commits
    • David Frankel's avatar
      [Hack] Add Semgrep extension tests (#3704) · bd313dd7
      David Frankel authored
      * Combine else-if tokens
      
      * Add type param support
      
      * [Hack] Add basic testing
      
      * Finish alpha features
      
      * Add more tests (still need to update semgrep-hack ref)
      
      * Improve dots_params
      
      * [Hack] Extend metavariables
      
      * Update semgrep-hack version
      
      * Add hacklang to semgrep targets
      
      * Update error messages
      bd313dd7
    • kingbbello's avatar
      adding more options to semgrep sarif formatter (#3697) · 28c26491
      kingbbello authored
      * adding more options to semgrep sarif formatter
      
      * add changelog
      
      * handle empty tag casse
      28c26491
    • Iago Abal's avatar
      Optimize pattern $X (#3703) · 24e8cabf
      Iago Abal authored
      * Optimize pattern $X
      
      Fixes: bfc4f3da ("Revert `pattern: $X` optimization (#3478)")
      Fixes: 32e88975 ("Separate pattern: $X in anded patterns to a special field (#3435)")
      
      test plan:
      
          % make test # tests included
      
          % semgrep-core -lang py -config \
                ~/semgrep/semgrep-core/tests/OTHER/rules/pattern-x-1.yaml \
                bench/django/input/django
            #^ now takes ~6 seconds (i.e., almost 10x faster)
      
      * engine: Clean up Specialize_formula
      
      test plan:
      make test
      
      * Emma's comments
      24e8cabf
    • Martin Jambon's avatar
      Ensure we don't accidentally return folders as targets (#3701) · 36f9ac2e
      Martin Jambon authored
      * Ensure that paths aren't directories
      
      Workaround for issue with git submodules and git ls-files, see #3660 for details.
      
      * Add submodule fix to changelog
      
      * Run pre-commit hooks
      
      * Ensure we don't end up with folders in a list of targets
      
      * Update CHANGELOG.md
      36f9ac2e
  6. 10 Aug, 2021 4 commits
  7. 09 Aug, 2021 7 commits
  8. 08 Aug, 2021 1 commit
    • Yoann Padioleau's avatar
      [OCaml] support open XXx entity aliasing by using LSP (#3687) · 1b2e39df
      Yoann Padioleau authored
      * [OCaml] support open XXx entity aliasing by using LSP
      
      test plan:
      ```
      yy -no_bloom_filter -lsp -lang ocaml -e 'AST_generic.fake_bracket $X' tests/test_lsp.ml -log_config_file /tmp/xxx
      + /home/pad/yy/_build/default/src/cli/Main.exe -no_bloom_filter -lsp -lang ocaml -e 'AST_generic.fake_bracket $X' tests/test_lsp.ml -log_config_file /tmp/xxx
      START
      tests/test_lsp.ml:17
         AST_generic.fake_bracket [] |> ignore;
      tests/test_lsp.ml:18
         G.fake_bracket [] |> ignore;
      "AST_generic"
      tests/test_lsp.ml:19
         fake_bracket [] |> ignore;
      
      yy -no_bloom_filter -lsp -lang ocaml -e 'AST_generic.Call ($X, $Y)' tests/test_lsp.ml -log_config_file /tmp/xxx
      + /home/pad/yy/_build/default/src/cli/Main.exe -no_bloom_filter -lsp -lang ocaml -e 'AST_generic.Call ($X, $Y)' tests/test_lsp.ml -log_config_file /tmp/xxx
      START
      tests/test_lsp.ml:6
         let res0 = AST_generic.Call (Int (None, fake ""), fb []) in
      tests/test_lsp.ml:6
         let res0 = AST_generic.Call (Int (None, fake ""), fb []) in
      tests/test_lsp.ml:7
         let res1 = G.Call (Int (None, fake ""), fb []) in
      tests/test_lsp.ml:7
         let res1 = G.Call (Int (None, fake ""), fb []) in
      "AST_generic"
      tests/test_lsp.ml:8
         let res2 = Call (Int (None, fake ""), fb []) in
      "AST_generic"
      tests/test_lsp.ml:8
         let res2 = Call (Int (None, fake ""), fb []) in
      
      yy -no_bloom_filter -lsp -lang ocaml -e '| AST_generic.Call ($X, $Y)' tests/test_lsp.ml -log_config_file /tmp/xxx
      + /home/pad/yy/_build/default/src/cli/Main.exe -no_bloom_filter -lsp -lang ocaml -e '| AST_generic.Call ($X, $Y)' tests/test_lsp.ml -log_config_file /tmp/xxx
      START
      tests/test_lsp.ml:10
         | AST_generic.Call (x, (_, [], _)) -> 1
      tests/test_lsp.ml:11
         | G.Call (x, (_, [_], _)) -> 1
      "AST_generic"
      tests/test_lsp.ml:12
         | Call (x, y) -> 1
      
      ```
      
      * misc
      1b2e39df
  9. 06 Aug, 2021 5 commits
    • Yoann Padioleau's avatar
      Refactor m_name, factorize more code (#3684) · 1fd2534d
      Yoann Padioleau authored
      * Refactor m_name, factorize more code
      
      test plan:
      make test
      
      * more
      
      * more
      
      * factorize m_type naming part part in m_name
      
      * factorize m_attr
      1fd2534d
    • Yoann Padioleau's avatar
      [OCaml] module aliasing for Constructor/PatConstructor via m_name (#3682) · 9db5f07a
      Yoann Padioleau authored
      We should be able to factorize more code and move more
      aliasing logic in m_name, for TyN and NamedAttr too
      (and maybe m_expr).
      
      test plan:
      test file included
      9db5f07a
    • Iago Abal's avatar
      core: Fix parsing of numeric literals in rule files (#3675) · 203997c4
      Iago Abal authored
      test plan:
      1. make test # tests included
      2. semgrep -l py -e '42' any_file.py
      203997c4
    • Yoann Padioleau's avatar
      Naming: resolve names for Constructor and PatConstructor (#3681) · 8606cc70
      Yoann Padioleau authored
      This also factorize a bit name resolution for all 'name' types.
      
      test plan:
      ```
      pad@yrax yy (naming_ctor)]$ yy -lang ocaml -dump_named_ast tests/ocaml/aliasing_qualified_contructor.ml
      + /home/pad/yy/_build/default/src/cli/Main.exe -lang ocaml -dump_named_ast tests/ocaml/aliasing_qualified_contructor.ml
      [0.038  Info       Main.Dune__exe__Main ] loaded log_config.json
      [0.038  Info       Main.Dune__exe__Main ] Executed as: /home/pad/yy/_build/default/src/cli/Main.exe -lang ocaml -dump_named_ast tests/ocaml/aliasing_qualified_contructor.ml
      [0.038  Info       Main.Dune__exe__Main ] Version: semgrep-core version: v0.61.0-9-g14616953-dirty, pfff: 0.42
      [0.038  Info       Main.Parse_target    ] trying to parse with Pfff parser tests/ocaml/aliasing_qualified_contructor.ml
      [0.038  Info       Main.Parse_target    ] Parse_target.parse_and_resolve_name_use_pfff_or_treesitter done
      Pr(
        [DefStmt(
           ({
             name=EN(
                    Id(("G", ()),
                      {
                       id_resolved=Ref(Some((ImportedModule(
                                               DottedName([("AST_generic", ())])),
                                             1)));
                       id_type=Ref(None); id_constness=Ref(None); }));
             attrs=[]; tparams=[]; },
            ModuleDef({mbody=ModuleAlias([("AST_generic", ())]); })));
         DefStmt(
           ({
             name=EN(
                    Id(("foo", ()),
                      {id_resolved=Ref(None); id_type=Ref(None);
                       id_constness=Ref(None); }));
             attrs=[]; tparams=[]; },
            FuncDef(
              {fkind=(Function, ()); fparams=[ParamPattern(PatLiteral(Unit(())))];
               frettype=None;
               fbody=OtherStmt(OS_ExprStmt2,
                       [E(
                          Constructor(
                            IdQualified(
                              (("Call", ()),
                               {name_qualifier=Some(QDots([("G", ())]));
                                name_typeargs=None; }),
                              {
                               id_resolved=Ref(Some((ImportedEntity(
                                                       [("AST_generic", ());
                                                        ("Call", ())]),
                                                     0)));
                               id_type=Ref(None); id_constness=Ref(None); }),
                            [L(Int((Some(1), ()))); L(Int((Some(2), ())))]))]);
               })))])
      ```
      8606cc70
    • Martin Jambon's avatar
      Open files in binary mode so as to bypass CRLF translation on Windows. (#3663) · 14616953
      Martin Jambon authored
      * Open files in binary mode so as to bypass CRLF translation on Windows.
      
      * Update pfff
      
      * Update pfff
      
      * Update pfff
      14616953
  10. 05 Aug, 2021 6 commits
  11. 04 Aug, 2021 4 commits
  12. 03 Aug, 2021 1 commit
    • Emma Jin's avatar
      Remove location information in cli errors with temp files (#3651) · dc3c7331
      Emma Jin authored
      * Remove location information in cli errors with temp files
      
      Since the temp file error message is not helpful, remove it.
      
      Test plan:
      
      Modify `metavar_pattern_lang.yaml` in tests/OTHER/rules to have the pattern `bad eval_C("$CODE")`. Then run
      
      ```
      (semgrep) ➜  rules git:(develop) ✗ semgrep --config metavar_pattern_lang.yaml metavar_pattern_lang.py
      running 1 rules...
      semgrep error: invalid pattern
      
      Pattern `bad eval_C("$CODE")` could not be parsed as a Python semgrep pattern
      ```
      
      * Updated snapshots
      
      * Changelog
      dc3c7331