Describe the bug
In semgrep release v1.58.0, the following 2 x BASH rules (using latest commit: 57cb8aa01da7bcc180e16193dd5e55ae15b15de3) fail with the following example line of bash script:
docker run --interactive --tty --rm \
--mount type=bind,source="$(pwd)",target=/code,readonly "${FOO}" .
In semgrep release v1.59.0 and onwards to v1.84.1 (latest at time of writing), semgrep crashes with this error message:
{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.59.0"}
To Reproduce
Code to reproduce this behavior:
# ubuntu 22.04
cd /usr/local
# latest commit of semgrep-rules
sudo git clone https://github.com/semgrep/semgrep-rules.git
sudo rm -r /usr/local/semgrep-rules/stats /usr/local/semgrep-rules/.github /usr/local/semgrep-rules/.pre-commit-config.yaml
sudo pip3 install --break-system-packages semgrep==1.58.0
semgrep --json --config=/usr/local/semgrep-rules --no-git-ignore --metrics=off --no-rewrite-rule-ids .
# it works
sudo pip3 install --break-system-packages semgrep==1.59.0
semgrep --json --config=/usr/local/semgrep-rules --no-git-ignore --metrics=off --no-rewrite-rule-ids .
# it crashes with this message:
{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.59.0"}
Expected behavior
semgrep application should not crash due to a bad rule(s)!
2 x semgrep bash rules are generating false-positives against my example line of bash script as seen above.
Priority
How important is this to you?
[x] P0: blocking me from making progress
[ ] P1: this will block me in the near future
[ ] P2: annoying but not blocking me
Additional Context
Add any other context about the problem here.
Describe the bug In semgrep release v1.58.0, the following 2 x BASH rules (using latest commit: 57cb8aa01da7bcc180e16193dd5e55ae15b15de3) fail with the following example line of bash script:
In semgrep release v1.59.0 and onwards to v1.84.1 (latest at time of writing), semgrep crashes with this error message:
To Reproduce Code to reproduce this behavior:
Expected behavior
Priority How important is this to you?
Additional Context Add any other context about the problem here.