Introduce semgrep
#153
Introduce semgrep
#153
Conversation
|
CC @dpc for giving me the idea. |
contrib/semgrep.yml
Outdated
| - rust | ||
| message: Use inline attribute on `From` implementations. | ||
| patterns: | ||
| - pattern-regex: 'From<[A-Za-z]+> for [A-Za-z]+ \{$\n' |
There was a problem hiding this comment.
suggestion: You don't have to use regex. semgrep supports Rust, but has some limitations around macros handling. This looks like something that should be possible to handle with normal (non-regex) syntatic matchers.
There was a problem hiding this comment.
@tcharding https://semgrep.dev/playground/s/AdWQ (make sure to go to Advanced tab)
There was a problem hiding this comment.
Oh cool, that is way more powerful!
There was a problem hiding this comment.
I had a play and couldn't work out how to match on attributes (because the # is a comment in yaml). Will come back to it. Mentioning unless you know the solution off the top of your head.
There was a problem hiding this comment.
Oh. Yeah. Last time I tried the macros were the tricky one.
There was a problem hiding this comment.
So attribute matching works https://semgrep.dev/playground/s/0z1r , but seems like not in impl blocks. :D
I've found some examples in https://github.com/returntocorp/semgrep/blob/develop/tests/patterns/rust/attribute_matching.sgrep
There was a problem hiding this comment.
I feel a bit disgusted by it, but that's the best I was able to get to work: https://semgrep.dev/playground/s/qDGR
Using focus-metavariable, #[$ARGS], $...ARGS, etc. should be possible to do it better in theory, but each seems to not work with Rust attributes for reasons unknown.
There was a problem hiding this comment.
ok, thanks man. Will return to this.
tcharding
force-pushed
the
10-24-semgrep
branch
3 times, most recently
from
8763df9
to
a8d020d
Compare
|
The first patch can be removed to see this work in action. |
contrib/semgrep.yml
Outdated
| patterns: | ||
| - pattern: |- | ||
| impl From<$F> for $T { fn from(...) -> $SELF { ... } } | ||
| - pattern-not-regex: "inline" |
There was a problem hiding this comment.
'\#\[inline\]' or something like that (to only match #[inline]) would be "tighter". Otherwise any inline, even in a body(?) would falsely pass.
There was a problem hiding this comment.
Ah yes, nice. Will use, thanks.
tcharding
force-pushed
the
10-24-semgrep
branch
from
a8d020d
to
09ab245
Compare
|
FTR this PR is a proof of concept for introducing |
checks if there's |
|
You haven't managed to convert me to |
|
yet! :D |
As is customary we can inline this `From` implementation.
Introduce usage of semgrep by doing: - Add a `semgrep` config file in `contrib/semgrep.yml`. - Add a single rule to check that all `From` impls are inlined
tcharding
force-pushed
the
10-24-semgrep
branch
from
09ab245
to
8005386
Compare
This is exploratory, adds a
semgrepconfig file with a single rule. The idea is that we could usesemgrepto enforce coding patterns. The downside is it has to be done withgrepso it is not general enough to enforce "all error types implementstd::error::Error" - well at least not trivially AFAICT.The added rule shows how grep'able things can be enforced.
ref: https://semgrep.dev/orgs/rust_bitcoin/settings/access