New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ruby] Constant propagation ignores side-effects on string object #3316
Comments
Some amount of false positives of this kind are expected since we only do intra-procedural analysis, and if we assume that anything can alter the value of a variable then we would also miss many true positives. But in this particular case I think the intention to modify the variable is clear and we should handle it. |
Actually this is mainly due to AST-to-IL not recognizing a call to the |
This issue is being marked |
@mmcqd Might be a good issue for you |
And make translation language-dependent. Helps #3316 test plan: make test # test included
Closes #3316 test plan: make test # test included
And make translation language-dependent. Helps #3316 test plan: make test # test included
Closes #3316 test plan: make test # test included
Describe the bug
Constant propagation incorrectly flags a variable as constant after it has been modified by a method call.
To Reproduce
https://semgrep.dev/s/4y19/
Expected behavior
No false positives.
What is the priority of the bug to you?
Environment
If not using semgrep.dev: are you running off docker, an official binary, a local build?
The text was updated successfully, but these errors were encountered: