Comments (3)
@tophersmith I've implemented these fixes, and the changes should be synced to this repo and pushed out in 1.74.0
Thank you for the reports
from semgrep.
A few related parser issues I'm finding as well:
lockfile can have these definitions for dependencies that aren't supported by this parser:
{:hex, :testing, "1.0.1", "1234bb4db5b32fc0f8aa5c4a2040348b4aa36687100fb8837b850e90cf60e06", [:mix], [], "hexpm"}
(i.e. there's no final comma, quoted_str)
semgrep/cli/src/semdep/parsers/mix.py
Line 87 in 8bbbdfe
Also, git tag/refs can be empty:
{:git, "https://github.com/okeuday/erlang_term.git", "9eb28c6eb54acab3d491fa69655f9eaf663378da", []},
semgrep/cli/src/semdep/parsers/mix.py
Line 106 in 8bbbdfe
FWIW, I am also getting frequent issues related to trailing newlines in .exs files and I don't understand why.
Failed to parse [bold]discord_voice_curator/deps/observer_cli/mix.exs[/bold] at [bold]17:1[/bold] - expected 'did not
find other parser'
17 |
for this file: https://github.com/zhongwencool/observer_cli/blob/master/mix.exs
from semgrep.
Hey @tophersmith, I'm looking at these issues now. I'll link a PR once it's up.
from semgrep.
Related Issues (20)
- False Positives in Taint Mode when multiple related sanitizer rules defined with focus-metavariable HOT 4
- Ability to Specify Code Assumptions HOT 1
- Failed to find semgrep-core in PATH or in the semgrep package. HOT 2
- `metavariable-pattern` with `pattern-regex` doesn't match `_`
- Cheatsheet broken for several GA languages
- "new" keyword in C# throws error HOT 1
- named match group in metavariable-regex causes duplication of matches
- metavariable-pattern always fails with aliengrep
- `match` matching ignores the branches enum variant names
- osemgrep: no files scanned when they should be
- Pattern parser throws an error when parsing patterns with explicit private attributes
- Ruby scanning not working in JS version of Semgrep VSCode Extension HOT 1
- Syntax when parsing kotlin code
- High Semgrep LSP CPU usage caused by recurring Git operations
- Whether the current feature supports taint analysis to detect memory leakage
- `--output` seems ignored when running `--test`
- "taint_assume_safe_functions: true" dosen't work while setting "control: true" in pattern-sources filed
- Support for non-file configuration (and tests, maybe)
- Failing to parse valid Java 21 syntax: case when statement
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from semgrep.