-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce semgrep
#153
base: master
Are you sure you want to change the base?
Introduce semgrep
#153
Conversation
CC @dpc for giving me the idea. |
contrib/semgrep.yml
Outdated
- rust | ||
message: Use inline attribute on `From` implementations. | ||
patterns: | ||
- pattern-regex: 'From<[A-Za-z]+> for [A-Za-z]+ \{$\n' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion: You don't have to use regex. semgrep supports Rust, but has some limitations around macros handling. This looks like something that should be possible to handle with normal (non-regex) syntatic matchers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tcharding https://semgrep.dev/playground/s/AdWQ (make sure to go to Advanced tab)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh cool, that is way more powerful!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had a play and couldn't work out how to match on attributes (because the #
is a comment in yaml). Will come back to it. Mentioning unless you know the solution off the top of your head.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh. Yeah. Last time I tried the macros were the tricky one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So attribute matching works https://semgrep.dev/playground/s/0z1r , but seems like not in impl
blocks. :D
I've found some examples in https://github.com/returntocorp/semgrep/blob/develop/tests/patterns/rust/attribute_matching.sgrep
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel a bit disgusted by it, but that's the best I was able to get to work: https://semgrep.dev/playground/s/qDGR
Using focus-metavariable
, #[$ARGS]
, $...ARGS
, etc. should be possible to do it better in theory, but each seems to not work with Rust attributes for reasons unknown.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, thanks man. Will return to this.
8763df9
to
a8d020d
Compare
The first patch can be removed to see this work in action. |
contrib/semgrep.yml
Outdated
patterns: | ||
- pattern: |- | ||
impl From<$F> for $T { fn from(...) -> $SELF { ... } } | ||
- pattern-not-regex: "inline" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'\#\[inline\]'
or something like that (to only match #[inline]
) would be "tighter". Otherwise any inline
, even in a body(?) would falsely pass.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, nice. Will use, thanks.
a8d020d
to
09ab245
Compare
FTR this PR is a proof of concept for introducing |
checks if there's |
You haven't managed to convert me to |
yet! :D |
As is customary we can inline this `From` implementation.
Introduce usage of semgrep by doing: - Add a `semgrep` config file in `contrib/semgrep.yml`. - Add a single rule to check that all `From` impls are inlined
09ab245
to
8005386
Compare
This is exploratory, adds a
semgrep
config file with a single rule. The idea is that we could usesemgrep
to enforce coding patterns. The downside is it has to be done withgrep
so it is not general enough to enforce "all error types implementstd::error::Error
" - well at least not trivially AFAICT.The added rule shows how grep'able things can be enforced.
ref: https://semgrep.dev/orgs/rust_bitcoin/settings/access