search

weggli-rs / weggli

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
Apache License 2.0
2.32k stars 127 forks source link

Match literal numbers #78

Open kevin-denis opened 1 year ago

kevin-denis commented 1 year ago

We can't easily match a number with weggli, we must use a wildcard.

Code:

void fun() {
    char a[45];
    char b[size];
}

Let say I want to find all stack variable with a fixed size, such as "a", but not "b".

$ weggli '{ _ $var[$c]; }' a.c 
void fun() {
    char a[45];
    char b[size];            <-- is highlighted
}
$ weggli '{ _ $var[_]; }' a.c
void fun() {
    char a[45];              <-- is highlighted
    char b[size];
}
void fun() {
    char a[45];
    char b[size];            <-- is highlighted
}

The only way to match the a[45] is to use a wildcard, but I don't want to match b[size].

It would be nice to have a special parameter for literal numbers, such as $# or $1 or $NUMBER:

$ weggli '{ _ $var[$#]; }' a.c 
void fun() {
    char a[45];            <-- is highlighted
    char b[size];          <-- is not highlighted
}
$