search

semgrep / semgrep

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
https://semgrep.dev
GNU Lesser General Public License v2.1
10.39k stars 602 forks source link

[Kotlin] Bug in Kotlin syntax parser #10329

Open puckk opened 3 months ago

puckk commented 3 months ago

Describe the bug

Hi team,

I found an issue with the Kotlin syntax parser in Semgrep. I'm writing a basic rule that fails when using the Kotlin language but works with the generic language.

To Reproduce

Steps to reproduce the behavior:

  1. Use the following link to test the rule with Kotlin language: Kotlin rule test.
  2. Observe that the rule fails to detect the pattern.
  3. Now, use this link to test the rule with the Generic language: Generic rule test.
  4. Notice that the rule works as expected in the Generic language.

Expected behavior

The rule should detect the hardcoded HMAC key in the Kotlin language, just as it does with the Generic language.

Priority

Additional context

This is my first rule, and I suspect there might be an error with the Kotlin syntax parser or a mistake in my rule syntax. Any assistance or guidance would be greatly appreciated.

Thank you.

ievans commented 2 months ago

@puckk you might have a better response asking about this in #rules on our Slack channel: https://go.semgrep.dev/slack

Unfortunately I don't know enough Kotlin to say for sure whther the bug is with the syntax or deeper