You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding all the edge cases will be a pain, we basically have to add a pattern-not-inside for each pattern-inside.
I tried filtering the $TYPE metavariable and filtering with metavariable-regex. But $TYPE only contains the type (e.g., SomeObject here) and not static.
You could also decide that the false positives are worth keeping the rule simple which is definitely a good tradeoff.
The text was updated successfully, but these errors were encountered:
This is indeed a known limitation in my rules (shared also by the raptor-write-into-stack-buffer rule for instance). Based on my tests, Semgrep does not seem to support static variable declarations and other modifiers such as register/volatile (at least not consistently). I've been meaning to open an issue with Semgrep, but I haven't had the time to better investigate this behaviour yet.
There are some other examples of (apparent) lack of support by Semgrep:
The
raptor-ret-stack-address
rule checks if we are returning a pointer to a stack variable.It returns a false positive if we are returning a static variable.
This usually happens inside a static function.
Adding all the edge cases will be a pain, we basically have to add a
pattern-not-inside
for eachpattern-inside
.I tried filtering the
$TYPE
metavariable and filtering withmetavariable-regex
. But$TYPE
only contains the type (e.g.,SomeObject
here) and notstatic
.You could also decide that the false positives are worth keeping the rule simple which is definitely a good tradeoff.
The text was updated successfully, but these errors were encountered: