search

0xdea / semgrep-rules

A collection of my Semgrep rules to facilitate vulnerability research.
https://semgrep.dev
MIT License
541 stars 54 forks source link

small question #5

Closed firmianay closed 2 years ago

firmianay commented 2 years ago

Hi, what does the double brackets (( used here mean, I have not found a similar usage description?

    pattern-either:
      # type-based patterns (some types are missing)
      - patterns:
        - pattern: sizeof((char * $PTR))
        - pattern-not: sizeof("...")
      - pattern: sizeof((int * $PTR))
      - pattern: sizeof((float * $PTR))
      - pattern: sizeof((double * $PTR))
0xdea commented 2 years ago

These are typed metavariables. Please refer to Semgrep's official documentation at https://semgrep.dev/docs/writing-rules/pattern-syntax/#typed-metavariables