Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync with Pro #2

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Sync with Pro #2

wants to merge 4 commits into from

Conversation

lizard-boy
Copy link

OSS repo was last synced with Pro commit: 5134d9cc489dc167d2fd57fb57171bc6a57e7463
Synchronizing OSS repo with Pro commit 8158ec5766fac26ca5c450e3ecac452ce56801c8
There are 5 commit(s) to sync.
Syncing...
* 6ec5e0f7832 chore: fix uses of deprecated function utcnow (#2339)
* 7a7dba2f40a chore: log the trace id in debug mode (#2337)
* Skipping (empty) 647bf3656f8 chore: dedup running extra builds when benchmarking and pushing release canidates (#2342)
* 2ea8d06dfac fix: deprecation errors with Uuidm for ocaml 5.2 (#2344)
* 8158ec5766f refactor: Prepare tainting code for handling HOFs (#2347)
Success!

Andre Kuhlenschmidt and others added 4 commits October 2, 2024 00:04
For non-SMS scans, it can be quite hard to find the trace. This PR logs
the trace id in debug log.

This only solves the problem when `--debug` is passed as well as
`--trace`, so for the future we should output it as part of the results
json or the error on a crash. However, it's better than the previous
state.

Test plan:

In an arbitrary folder, run

```
(python-virtualenv) ➜  misc semgrep --config p/default . --trace --pro --debug

┌──── ○○○ ────┐
│ Semgrep CLI │
└─────────────┘

semgrep version 1.90.0
...
[00.06][DEBUG](default): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[00.06][INFO]: Executed as: /Users/emma/workspace/semgrep-proprietary/OSS/cli/src/semgrep/bin/semgrep-core-proprietary -json -rules /var/folders/4h/r6m5kls56r98069rz7w7f2400000gp/T/tmp379zh00m.json -j 1 -targets /var/folders/4h/r6m5kls56r98069rz7w7f2400000gp/T/tmp6sce110s -timeout 5 -timeout_threshold 3 -max_memory 0 -fast -trace -deep_inter_file -timeout_for_interfile_analysis 0 . -debug
[00.06][INFO]: Version: 1.90.0
[00.06][INFO]: Tracing is enabled for this scan. The trace id is <53914f7e3a7612f09483a98c320a8f98>.
```

Also run it without `--pro`.

synced from Pro 7a7dba2f40afef0123d56915efca502917536f7d
…prietary#2344)

Fixing
[logs](https://github.com/semgrep/semgrep-proprietary/actions/runs/11078022721/job/30784508699).

Looks like this doesn't work for our 4.x ocaml environment. Good luck
guys!

synced from Pro 2ea8d06dfac60d2c0fd582450f6ba62bad0beb54
…oprietary#2347)

test plan:
make test

synced from Pro 8158ec5766fac26ca5c450e3ecac452ce56801c8
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

This PR refactors and enhances the taint analysis functionality in Semgrep, focusing on preparing the codebase for handling higher-order functions and improving overall robustness. Key changes include:

  • Improved UUID generation for better randomness and security in Unit_LS.ml, Lsp_.ml, and Semgrep_login.ml
  • Updated Gitlab_output.ml to address deprecation warnings related to Uuidm usage
  • Significant refactoring in Dataflow_tainting.ml to improve taint propagation and type checking
  • Enhanced taint tracking and shape handling in Shape_and_sig.ml and Taint_shape.ml
  • Introduction of new types and refactoring in Sig_inst.ml and Sig_inst.mli for better handling of call effects
  • Added filter function to Taint_set module in Taint.mli for improved taint set manipulation

10 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings

@@ -103,7 +103,7 @@ let mock_run_results (files : string list) : Core_runner.result =

let mock_workspace ?(git = false) () : Fpath.t =
let rand_dir () =
let uuid = Uuidm.v `V4 in
let uuid = Uuidm.v4_gen (Stdlib.Random.State.make_self_init ()) () in
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: Consider using Uuidm.v4 () instead of Uuidm.v4_gen (Stdlib.Random.State.make_self_init ()) () for simplicity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants