New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Taint tracking produces duplicate findings #3742
Comments
The way taint tracking works it is non-trivial to guarantee that there are no duplicates. Right now, internally, we use search-mode queries to compute the ranges of sources, sanitizers, and sinks. Then if e.g. an expression is inside a |
Another example reported by @emjin: https://semgrep.dev/s/d0dZ/ |
I will let the engine produce the duplicates and filter these duplicates at the end. Unless there are too many taint matches, it should not cause perf problems. There may be a better solution but I need to think more on it and discuss it with some colleagues. |
Fine by me ;) I think the max duplicates per issue I had so far is 3 Btw, I noticed another issue (ticket linked) when trying to reduce duplicate output by adding functions such as |
Closes #3742 test plan: make test # test included
Closes #3742 test plan: make test # test included
Describe the bug
Taint mode can produces duplicate findings
To Reproduce
https://semgrep.dev/s/WOzo
Expected behavior
There should not be duplicate findings
Screenshots
What is the priority of the bug to you?
P1: important to fix or quite annoying
Environment
Semgrep.dev & CLI 0.62.0 on MacOSX (Installed via Homebrew)
The text was updated successfully, but these errors were encountered: