Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Taint mode does not flow taint to sinks inside for comprehension #5652

Closed
1 of 3 tasks
ievans opened this issue Jun 28, 2022 · 1 comment · Fixed by #5658
Closed
1 of 3 tasks

Taint mode does not flow taint to sinks inside for comprehension #5652

ievans opened this issue Jun 28, 2022 · 1 comment · Fixed by #5658
Labels
feature:taint lang:scala priority:low user:external requested by someone outside of r2c

Comments

@ievans
Copy link
Member

ievans commented Jun 28, 2022

Describe the bug
In Scala, taint mode does not flow taint to sinks inside for comprehension

To Reproduce
https://semgrep.dev/s/Q2vD <- expect both tests to pass

What is the priority of the bug to you?

  • P0: blocking your adoption of Semgrep or workflow
  • P1: important to fix or quite annoying
  • P2: regular bug that should get fixed

Environment
Semgrep 0.101
@r2c-demo
Copy link
Collaborator

This issue is synced in Linear at https://linear.app/r2c/issue/PA-1580/taint-mode-does-not-flow-taint-to-sinks-inside-for-comprehension. Note: this link is for r2c use only and is not accessible publicly.

@ievans ievans added the user:external requested by someone outside of r2c label Jun 28, 2022
IagoAbal added a commit that referenced this issue Jun 29, 2022
@IagoAbal
AST_to_IL: Make sure any StmtExpr is in the final IL
8ba6dfc 
Otherwise, if we just "skip" those statements, the taint engine cannot
find bugs in them! Also, make sure that when we don't have a proper
translation for some StmtExpr this is reflected with a Fixme node in
the final IL.

Closes #5652
Closes PA-1580

test plan:
make test # added one test
@IagoAbal IagoAbal mentioned this issue Jun 29, 2022
Merged
3 tasks
aryx added a commit that referenced this issue Jun 30, 2022
@IagoAbal @aryx
AST_to_IL: Make sure any StmtExpr is in the final IL (#5658)
175e6d7 
Otherwise, if we just "skip" those statements, the taint engine cannot
find bugs in them! Also, make sure that when we don't have a proper
translation for some StmtExpr this is reflected with a Fixme node in
the final IL.

Closes #5652
Closes PA-1580

test plan:
make test # added one test

Co-authored-by: Yoann Padioleau <pad@r2c.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature:taint lang:scala priority:low user:external requested by someone outside of r2c
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

AST_to_IL: Make sure any StmtExpr is in the final IL semgrep/semgrep
2 participants
@ievans @r2c-demo