New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TSX tags seem to be matched incorrectly and fixed incorrectly #2685
Comments
This may be related to the deep expression syntax as it uses |
thanks for the great bug report @yoav-lavi, autofix is still experimental (https://semgrep.dev/docs/experiments/overview/#autofix) but this is probably an easy fix and one we should definitely do! |
@ievans the matching itself also seems to be wrong in this instance (see |
It looks like it's matching |
Just to give the motivation for using this rule - the idea was to detect empty opening and closing tags to suggest / fix with self closing tags <div></div> to <div /> |
@ievans Also notice in the image that the fix suggestion is |
We have some builtin equivalences for JSX which might get in the way ... |
Do you mean get in the way of the autofix or FP here? Since autofix is experimental functionality I think we should focus on the FP. @aryx shouldn't the pattern require a |
I can take a look |
This will help semgrep/semgrep#2685 test plan: make test
this will help #2685 test plan: make test
Right now in semgrep, the pattern @minusworld @mschwager @ievans maybe we should disable most of those equivalences. That means we will have to rewrite some of our semgrep rules like https://github.com/returntocorp/semgrep-rules/blob/develop/typescript/react/security/audit/react-css-injection.yaml to use instead of patterns like |
* [JSX] add more tokens in AST for JSX construct This will help semgrep/semgrep#2685 test plan: make test * add more tokens
* [JSX] add more tokens in generic AST for JSX constructs this will help #2685 test plan: make test * add more tokens test plan: make test in semgrep-rules now also work
@yoav-lavi the matching and autofix seems to work better on the latest: https://semgrep.dev/s/N4Lz/?version=develop |
Yes, it seems to work better in that version, thanks! By the way, the editor seems to treat JSX as an error for some reason @aryx |
ok, closing this issue. For the equivalance thing I've created another issue: #2812 |
Describe the bug
When matching TSX tags for a fix, Semgrep seems to match the element name and other non matching elements rather than the entire tag. This causes the fix to be implemented on the tag name -
matches
and
plus the suggested fix is
To Reproduce
https://semgrep.dev/s/N4Lz/
Expected behavior
TSX tags should be matched in their entirety and not replace just the element name
Screenshots
What is the priority of the bug to you?
P1
The text was updated successfully, but these errors were encountered: