Word-like cutsets of strings?

dgryski / semgrep-go

Go rules for semgrep and go-ruleguard

MIT License

457 stars 37 forks source link

Word-like cutsets of strings? #37

Open ainar-g opened 3 years ago

ainar-g commented 3 years ago

See golang/go#47822 and especially this comment. Code like:

s = strings.TrimLeft(s, "user=")

is probably wrong.

dgryski commented 3 years ago

Interesting, although I don't know if semgrep or ruleguard is powerful enough to solve it in the general case. We'd just have deny list of "odd looking patterns" to watch out for, but obviously we would be far from catching everything.