deleting multiline comments does not work correctly

ajinabraham / libsast

Generic SAST Library

https://opensecurity.in

GNU Lesser General Public License v3.0

124 stars 20 forks source link

deleting multiline comments does not work correctly #43

Open Skripko-Ivan opened 5 months ago

Skripko-Ivan commented 5 months ago

Libsast pattern for deleting multiline comment ("/*([\S|\s]+?)*/") will delete code if it will find "/" in constant string. For example: uriMatcher.addURI(PROVIDER_NAME, "users/", 1);

ajinabraham commented 5 months ago

What version of libast are you using? This is the comment detection regex: https://github.com/ajinabraham/libsast/blob/09165d63062312b6ecfef6fb96177851030c9d42/libsast/core_matcher/helpers.py#L18C26-L18C43

Skripko-Ivan commented 5 months ago

Github delete some symbols from my issue text. Correct issue text: Libsast pattern for deleting multiline comment ("/\*([\S|\s]+?)\*/") will delete code if it will find "/*" in constant string. For example: uriMatcher.addURI(PROVIDER_NAME, "users/*", 1); test = 2; /* comment */ As result, it will delete: /*", 1); test = 2; /* comment */

ajinabraham commented 5 months ago

Yeah this is a limitation of regex based approach, It will match

/*", 1);
test = 2;
/* comment */

Regex matches are are quick pattern lookups. You should use a semgrep rule with libsast instead to get better AST based look up.