Source code with range traversal crashes sobelow

nccgroup / sobelow

Security-focused static analysis for the Phoenix Framework

Apache License 2.0

1.66k stars 92 forks source link

Source code with range traversal crashes sobelow #145

Closed doughsay closed 8 months ago

doughsay commented 1 year ago

A project with this file in it:

defmodule Foo do
  def bar do
    Enum.map(0..20, &(&1 / 2.0))
  end
end

crashes mix sobelow with the following error:

** (ArgumentError) ranges (first..last) expect both sides to be integers, got: 1..2.0
    (elixir 1.14.5) lib/range.ex:193: Range.new/2
    lib/sobelow/parse.ex:458: Sobelow.Parse.create_fun_cap/3
    lib/sobelow/parse.ex:437: Sobelow.Parse.get_funs_of_type/3
    (elixir 1.14.5) lib/macro.ex:635: anonymous fn/4 in Macro.do_traverse_args/4
    (stdlib 4.3.1.1) lists.erl:1462: :lists.mapfoldl_1/3
    (stdlib 4.3.1.1) lists.erl:1463: :lists.mapfoldl_1/3
    (elixir 1.14.5) lib/macro.ex:607: Macro.do_traverse/4
    lib/sobelow/parse.ex:413: Sobelow.Parse.get_funs_of_type/2

abstractcoder commented 11 months ago

I'm also running into this error, but can't find what code in my project is causing it

** (ArgumentError) ranges (first..last) expect both sides to be integers, got: 1..100.0
    (elixir 1.15.6) lib/range.ex:193: Range.new/2
    (sobelow 0.13.0) lib/sobelow/parse.ex:458: Sobelow.Parse.create_fun_cap/3
    (sobelow 0.13.0) lib/sobelow/parse.ex:437: Sobelow.Parse.get_funs_of_type/3
    (elixir 1.15.6) lib/macro.ex:688: anonymous fn/4 in Macro.do_traverse_args/4
    (stdlib 5.1) lists.erl:1706: :lists.mapfoldl_1/3
    (stdlib 5.1) lists.erl:1707: :lists.mapfoldl_1/3
    (elixir 1.15.6) lib/macro.ex:673: Macro.do_traverse/4
    (stdlib 5.1) lists.erl:1706: :lists.mapfoldl_1/3

cigrainger commented 8 months ago

Yep same here and can't find the source of it.

** (ArgumentError) ranges (first..last) expect both sides to be integers, got: 1..100.0
    (elixir 1.15.7) lib/range.ex:193: Range.new/2
    (sobelow 0.13.0) lib/sobelow/parse.ex:465: Sobelow.Parse.create_fun_cap/3
    (sobelow 0.13.0) lib/sobelow/parse.ex:444: Sobelow.Parse.get_funs_of_type/3
    (elixir 1.15.7) lib/macro.ex:688: anonymous fn/4 in Macro.do_traverse_args/4
    (stdlib 5.1.1) lists.erl:1706: :lists.mapfoldl_1/3
    (stdlib 5.1.1) lists.erl:1707: :lists.mapfoldl_1/3
    (elixir 1.15.7) lib/macro.ex:660: Macro.do_traverse/4
    (stdlib 5.1.1) lists.erl:1706: :lists.mapfoldl_1/3

houllette commented 8 months ago

A fix for this has been merged to master - please let me know if this has solved the issues you've been encountering! Apologies for the delay! (and thank you @realcorvus for the bump and providing the fix)

abstractcoder commented 8 months ago

@houllette the issue has been resolved for me on the master branch

cigrainger commented 8 months ago

Resolved for me!

houllette commented 8 months ago

Fantastic! I will give it just a smidge to wait for a response in #142 (since #146 addresses two issues at once) before pushing out v0.13.1 to hex!