python function call subtleties #144

ievans · 2020-02-10T21:47:07Z

https://github.com/returntocorp/sgrep-rules/blob/663a95579bb825f578068794ffc63c41cb9e3417/python/socket/bind.py#L24

    - pattern-either:
        - pattern: |
            $S = socket.socket(...)
            ...
            $S.bind(("0.0.0.0", ...))
        - pattern: |
            $S = socket.socket(...)
            ...
            $S.bind(("", ...))

is triggering on:

easy_s = socket.socket(doesnt, matter)
easy_s.bind()

But I expect it not to, given it has no arguments.

The text was updated successfully, but these errors were encountered:

aryx · 2020-02-10T22:01:50Z

Is it normal there is extra parenthesis inside $S.bind? (("", ...))

ievans · 2020-02-12T17:56:23Z

Yes, not a typo -- you call .bind with a tuple

aryx · 2020-02-19T13:54:45Z

I can't reproduce on your test example.
If I do this pattern:
$S = socket.socket(...)
...
$S.bind()

$ /home/pad/github/sgrep/_build/default/bin/main_sgrep.exe -f tests/python/misc_tuple.sgrep tests/python/
/home/pad/github/sgrep/tests/python/misc_tuple.py:1
easy_s = socket.socket(doesnt, matter)
easy_s.bind()

it finds it. But I put back your pattern:
$S = socket.socket(...)
...
$S.bind(("", ...))

$ /home/pad/github/sgrep/_build/default/bin/main_sgrep.exe -f tests/python/misc_tuple.sgrep tests/python/
then no match (as expected).

ievans added bug Something isn't working priority:medium labels Feb 10, 2020

ievans assigned aryx Feb 10, 2020

aryx closed this as completed Feb 19, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

python function call subtleties #144

python function call subtleties #144

ievans commented Feb 10, 2020

aryx commented Feb 10, 2020

ievans commented Feb 12, 2020

aryx commented Feb 19, 2020

python function call subtleties #144

python function call subtleties #144

Comments

ievans commented Feb 10, 2020

aryx commented Feb 10, 2020

ievans commented Feb 12, 2020

aryx commented Feb 19, 2020