New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
matching keys and values in JavaScript objects #3279
Comments
semgrep-core returns 22 matches, but the python wrapper reduces it to just one. |
It's because the Python wrapper removes findings that have the same range, even if they have different metavariable bindings. Not sure |
This closes #3279 test plan: test file included and semgrep --config ~/yy/tests/OTHER/rules/misc_field.yaml ~/yy/tests/OTHER/rules/misc_field.js returns now 22 findings (same range though).
This might be a big change for the user @ievans because we may report multiple times the same findings, with the exact same range. |
Relevant slack conversation: https://returntocorp.slack.com/archives/C01AX0QCEET/p1622757347088700 |
This may help semgrep/semgrep#3279 test plan: see related PR in semgrep
This may help #3279 test plan: test file included
This may help #3279 test plan: test file included
Note that the user should write the rule in a different way, where we match individual fields separately, with |
* [JS] support partial single field for semgrep This may help #3279 test plan: test file included * changelog * misc
Ok the JSON part is fixed too: https://semgrep.dev/s/XLXA?version=develop |
Also here is an alternative solution to the issue: use a pattern-inside and another pattern to just match the deps. |
Works also in JS mode: https://semgrep.dev/s/KWGL/?version=develop |
@ievans do you have a slack link to the request from the external user? That way I can tell him workarounds. |
Reporting for an external user. When trying to match a structure like those found in package.json, such as:
(1) The following matches only the first or last entry in the object:
Desired behavior is that it returns a match for every key under "dependencies".
Playground url: https://semgrep.dev/s/2b25
Bonus bug, it finds nothing when in JSON mode. Playground url in JSON mode: https://semgrep.dev/s/XLXA
The text was updated successfully, but these errors were encountered: