Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metavariable Type Extension for Semgrep Rule Syntax 2.0 #8183

Closed
ihji opened this issue Jun 29, 2023 · 0 comments · Fixed by #8184
Closed

Metavariable Type Extension for Semgrep Rule Syntax 2.0 #8183

ihji opened this issue Jun 29, 2023 · 0 comments · Fixed by #8184

Comments

@ihji
Copy link
Contributor

ihji commented Jun 29, 2023

We propose to extend the changes made in Semgrep rule syntax 1.0 to version 2.0 as well. This transition is crucial as we slowly move towards Semgrep rule syntax 2.0. Our goal is to ensure that both syntax versions, 1.0 and 2.0, have equivalent capabilities for metavariable typing. To achieve this, we will enhance the YAML syntax of version 2.0 by introducing a dedicated field for metavariable types.

Here is an example of the proposed syntax:

# rule syntax 2.0
rules:
  - id: no-string-eqeq
    message: find errors
    severity: WARNING
    languages:
      - java
    match:
      all:
        - not: null == (String $Y)
        - $X == (String $Y)

# rule syntax 2.0 after proposed change
rules:
  - id: no-string-eqeq
    message: find errors
    severity: WARNING
    languages:
      - java
    match:
      all:
        - not: null == $Y
        - $X == $Y
      where:
        - metavariable: $Y
          type: String

For rule syntax 1.0: #8119
@ihji ihji mentioned this issue Jun 29, 2023
Merged
5 tasks
aryx pushed a commit that referenced this issue Jun 29, 2023
@ihji
Metavariable Type Extension for Semgrep Rule Syntax 2.0 (#8184)
351e5a0 
This PR introduces the changes made in Semgrep rule syntax 1.0 to
version 2.0 as well.

fix #8183 

PR checklist:

- [ ] Purpose of the code is [evident to future
readers](https://semgrep.dev/docs/contributing/contributing-code/#explaining-code)
- [ ] Tests included or PR comment includes a reproducible test plan
- [ ] Documentation is up-to-date
- [ ] A changelog entry was [added to
changelog.d](https://semgrep.dev/docs/contributing/contributing-code/#adding-a-changelog-entry)
for any user-facing change
- [ ] Change has no security implications (otherwise, ping security
team)

If you're unsure about any of this, please see:

- [Contribution
guidelines](https://semgrep.dev/docs/contributing/contributing-code)!
- [One of the more specific guides located
here](https://semgrep.dev/docs/contributing/contributing/)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Metavariable Type Extension for Semgrep Rule Syntax 2.0 ihji/semgrep
1 participant
@ihji