You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When attempting to match a function call from an imported package; if the name of the import is aliased to an existing symbol, rules are unable match it.
As an example, I will be using os.system as the pattern I want to match; however, any combination of [module].[function](...) work with my example.
A pattern like os.system(...) is able to match the following:
import os as a
a.system("ls")
Instead if the variable a is already declared, it is unable to match the pattern:
a = None
import os as a
a.system("ls")
Likewise, if you try and build more advanced pattern (like the below) to try and detect cases like the above, the pattern is still not able to match:
$ALIAS = ...
...
import os as $ALIAS
...
$ALIAS.system(...)
To Reproduce
Here is an example of using os.system() in python and rules I feel like should match the example I provided: https://semgrep.dev/playground/s/5rzLj
Expected behavior
Redeclaration of a variable should not ruin patterns.
os.system(...) should be able to match both:
import os as a
a.system("ls")
and
a = None
import os as a
a.system("ls")
What is the priority of the bug to you?
P0: blocking your adoption of Semgrep or workflow
P1: important to fix or quite annoying
P2: regular bug that should get fixed
Environment
I have tested cli and semgrep.dev which both have this issue.
Use case
Properly match imported functions when an alias to their import has already been used.
The text was updated successfully, but these errors were encountered:
Describe the bug
When attempting to match a function call from an imported package; if the name of the import is aliased to an existing symbol, rules are unable match it.
As an example, I will be using
os.system
as the pattern I want to match; however, any combination of[module].[function](...)
work with my example.A pattern like
os.system(...)
is able to match the following:Instead if the variable
a
is already declared, it is unable to match the pattern:Likewise, if you try and build more advanced pattern (like the below) to try and detect cases like the above, the pattern is still not able to match:
To Reproduce
Here is an example of using
os.system()
in python and rules I feel like should match the example I provided:https://semgrep.dev/playground/s/5rzLj
Expected behavior
Redeclaration of a variable should not ruin patterns.
os.system(...)
should be able to match both:and
What is the priority of the bug to you?
Environment
I have tested cli and semgrep.dev which both have this issue.
Use case
Properly match imported functions when an alias to their import has already been used.
The text was updated successfully, but these errors were encountered: