search

nccgroup / sobelow

Security-focused static analysis for the Phoenix Framework
Apache License 2.0
1.66k stars 92 forks source link

nofile - unexpected token: end #74

Closed dabaer closed 3 years ago

dabaer commented 3 years ago

Good Afternoon,

I'm having a strange error running sobelow on a large project:

** (SyntaxError) nofile:33: unexpected token: end
    lib/eex/compiler.ex:101: EEx.Compiler.generate_buffer/4
    lib/eex/compiler.ex:54: EEx.Compiler.generate_buffer/4
    lib/sobelow/parse.ex:101: Sobelow.Parse.get_meta_template_funs/1
    lib/sobelow.ex:337: Sobelow.get_template_meta/1
    (elixir 1.10.4) lib/enum.ex:1396: Enum."-map/2-lists^map/1-0-"/2
    (elixir 1.10.4) lib/enum.ex:1396: Enum."-map/2-lists^map/1-0-"/2
    lib/sobelow.ex:332: Sobelow.get_meta_templates/1

My project runs through credo with strict checking, dialyzer, and hundreds of unit tests, and otherwise runs and operates normally.

I've attempted to debug this directly by modifying sobelow but I can't seem to get it to show me output of the arguments going into parse.ex:101, and nothing in the stacktrace is remotely close to any of my code.

I've also completely nuked both my dependency and build directories and recompiled the entire project from scratch to no avail.

Have you seen this issue before? Am I missing something in my project?

Any help is appreciated, as I want to keep sobelow in my project for code cleanliness.

Please let me know any other information or output from my project that you might want to look at.

dabaer commented 3 years ago

Okay, so I dug into it further, and figured out there was a global version of sobelow installed which was overriding the project's dependency.

I was able to track it down to a template of mine, which had a conditional statement that was missing a space in between the trailing do %>. Correcting this allowed sobelow to run normally.

I'm not sure if Eex should be complaining about the lack of space, or whether sobelow should be getting caught up on this syntax error, so i'll leave this open.

Please let me know if I should open an issue with Eex.

GriffinMB commented 3 years ago

Hi! Sorry for the delayed response, I've been out of town. Sobelow is surfacing a compiler error here, so it's something that should be caught when you build the project. If that's not the case, then that sounds like it would be an eex bug. Printing "nofile" in the error instead of an actual file name is an artifact of the way that Sobelow scans applications. This can make it confusing to pinpoint where the problem is, but attempting to compile the app should always return the same compilation errors with the appropriate file names.

If you raise an issue with eex, please feel free to tag me in the ticket.