Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[scala] Functions do not work as taint sinks #4975

Closed
Ezzer17 opened this issue Apr 7, 2022 · 2 comments · Fixed by #5310
Closed

[scala] Functions do not work as taint sinks #4975

Ezzer17 opened this issue Apr 7, 2022 · 2 comments · Fixed by #5310
Labels
alpha Relates to an experimental feature bug Something isn't working feature:taint user:external requested by someone outside of r2c

Comments

@Ezzer17
Copy link

Ezzer17 commented Apr 7, 2022
edited

Describe the bug
Simple functions do not work as taint syncs, even though they should.

To Reproduce
https://semgrep.dev/s/ezzer17:simple-function-sink-2
If you remove the return, it works

Expected behavior
Rule has one match

What is the priority of the bug to you?

  • P1: important to fix or quite annoying
@r2c-demo
Copy link
Collaborator

r2c-demo commented Apr 7, 2022

This issue is synced in Linear at https://linear.app/r2c/issue/PA-1121/[scala]-functions-do-not-work-as-taint-sinks.

@nbrahms nbrahms added alpha Relates to an experimental feature feature:taint user:external requested by someone outside of r2c labels Apr 8, 2022
@nbrahms
Copy link
Contributor

nbrahms commented Apr 8, 2022

Hi @Ezzer17 👋

Thanks for the bug report! Just to let you know, we haven't released full taint-mode support for Scala yet, so ymmv with taint on Scala.

We'll have a product announcement when we do support taint for Scala.

@nbrahms nbrahms added the bug Something isn't working label Apr 8, 2022
@kopecs kopecs mentioned this issue May 25, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
alpha Relates to an experimental feature bug Something isn't working feature:taint user:external requested by someone outside of r2c
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(dataflow,scala): Correctly translate return when it's an expression semgrep/semgrep
3 participants
@nbrahms @Ezzer17 @r2c-demo