We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pattern-either
patterns
In my opinion: using patterns and pattern-either within one rule sometimes behave not as it would be predicted according to the docs (https://github.com/returntocorp/semgrep/blob/develop/docs/configuration-files.md#patterns)
as I understand from the docs: patterns performs a logical AND operation pattern-either operator performs a logical OR operation
so by doing smth like this (sorry if its messy, tried hard to come up with descriptive example): https://semgrep.live/9d8
patterns: - pattern-either: - pattern: foo('bar',...) - pattern: foo('zzz',...) - pattern-either: - pattern: foo($X,1,...) - pattern: foo($X,2,...)
I would expect the logic like this:
(foo('bar',...) OR foo('zzz',...)) AND (foo($X,1,...) OR foo($X,2,...))
foo('bar',...)
foo('zzz',...)
foo($X,1,...)
foo($X,2,...)
so it means that I want to find usage of foo with either 'bar' or 'zzz' as the first argument and 1 or 2 as the second
foo
1
2
but for now it seems like logically semgrep treats this rule as:
semgrep
foo('bar',...) OR foo('zzz',...) OR foo($X,1,...) OR foo($X,2,...)
and highlights code if any of the pattern matches
pattern
example link: https://semgrep.live/9d8
The text was updated successfully, but these errors were encountered:
@ievans is the expert on boolean logic on patterns :) @brendongo might know too.
Sorry, something went wrong.
@inkz I agree with you, this looks like a bug to me. @brendongo could investigate. @brendongo I added comments with notes on what examples I would expect to match: https://semgrep.live/Gl2
Fix 'pattern_id' when using nested pattern operators
991ac63
Fixes #828.
Fix 'pattern_id' when using nested pattern operators (#947)
ef3a4b7
mschwager
Successfully merging a pull request may close this issue.
In my opinion: using
patterns
andpattern-either
within one rule sometimes behave not as it would be predicted according to the docs (https://github.com/returntocorp/semgrep/blob/develop/docs/configuration-files.md#patterns)as I understand from the docs:
patterns
performs a logical AND operationpattern-either
operator performs a logical OR operationso by doing smth like this (sorry if its messy, tried hard to come up with descriptive example):
https://semgrep.live/9d8
I would expect the logic like this:
(
foo('bar',...)
ORfoo('zzz',...)
) AND (foo($X,1,...)
ORfoo($X,2,...)
)so it means that I want to find usage of
foo
with either 'bar' or 'zzz' as the first argument and1
or2
as the secondbut for now it seems like logically
semgrep
treats this rule as:foo('bar',...)
ORfoo('zzz',...)
ORfoo($X,1,...)
ORfoo($X,2,...)
and highlights code if any of the
pattern
matchesexample link: https://semgrep.live/9d8
The text was updated successfully, but these errors were encountered: