feat: add additional internal pattern combinator (#180)

Allows `semgrep-internal-patterns-anywhere` to appear everywhere (other than taint) where a `pattern-inside` may appear. See notion for semantics. Called `anywhere` in the new syntax. - [x] I ran `make setup && make` to update the generated code after editing a `.atd` file (TODO: have a CI check) - [x] I made sure we're still backward compatible with old versions of the CLI. For example, the Semgrep backend need to still be able to *consume* data generated by Semgrep 1.17.0. See https://atd.readthedocs.io/en/latest/atdgen-tutorial.html#smooth-protocol-upgrades
semgrep · Nov 8, 2023 · ad4eb72 · ad4eb72
1 parent b0eae2d
commit ad4eb72
Show file tree

Hide file tree

Showing 8 changed files with 60 additions and 2 deletions.
diff --git a/rule_schema_v1.yaml b/rule_schema_v1.yaml
@@ -132,6 +132,7 @@ $defs:
         - required: [ any ]
         - required: [ not ]
         - required: [ inside ]
+        - required: [ anywhere ]
         - required: [ taint ]
       properties:
         pattern:
@@ -152,6 +153,8 @@ $defs:
           $ref: "#/$defs/new-pattern"
         inside:
           $ref: "#/$defs/new-pattern"
+        anywhere:
+          $ref: "#/$defs/new-pattern"
         where:
           type: array
           items:
@@ -220,6 +223,7 @@ $defs:
           - required: [ pattern-either ]
           - required: [ pattern-not ]
           - required: [ pattern-inside ]
+          - required: [ semgrep-internal-pattern-anywhere ]
           - required: [ pattern-not-inside ]
         properties:
           pattern:
@@ -234,6 +238,8 @@ $defs:
             $ref: "#/$defs/general-pattern-content"
           pattern-inside:
             $ref: "#/$defs/general-pattern-content"
+          semgrep-internal-pattern-anywhere:
+            $ref: "#/$defs/general-pattern-content"
           pattern-not-inside:
             $ref: "#/$defs/general-pattern-content"
       else:
@@ -247,6 +253,7 @@ $defs:
         - $ref: "#/$defs/pattern-either"
         - $ref: "#/$defs/focus-metavariable"
         - $ref: "#/$defs/pattern-inside"
+        - $ref: "#/$defs/semgrep-internal-pattern-anywhere"
         - $ref: "#/$defs/pattern-not-inside"
         - $ref: "#/$defs/pattern-not"
         - $ref: "#/$defs/pattern"
@@ -266,6 +273,7 @@ $defs:
         - $ref: "#/$defs/patterns"
         - $ref: "#/$defs/pattern-either"
         - $ref: "#/$defs/pattern-inside"
+        - $ref: "#/$defs/semgrep-internal-pattern-anywhere"
         - $ref: "#/$defs/pattern"
         - $ref: "#/$defs/pattern-regex"
   taint-content:
@@ -670,6 +678,21 @@ $defs:
     required:
       - pattern-inside
     additionalProperties: false
+  # EXPERIMENTAL
+  semgrep-internal-pattern-anywhere:
+    type: object
+    properties:
+      semgrep-internal-pattern-anywhere:
+        title: >-
+          Marks this subpattern such that at a containing `patterns` or other
+          form of conjunction the range is not considered; subpattern matches
+          are instead combined solely on the basis of metavariables, without
+          respect to range, and the range of the matching subpattern is
+          discarded wholly.
+        $ref: "#/$defs/general-pattern-content"
+    required:
+      - semgrep-internal-pattern-anywhere
+    additionalProperties: false
   pattern-not-inside:
     type: object
     properties:

diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd
@@ -685,6 +685,7 @@ type matching_operation <ocaml attr="deriving show { with_path = false}"> = [
   | And
   | Or
   | Inside
+  | Anywhere
   (* XPat for eXtended pattern. Can be a spacegrep pattern, a
    * regexp pattern, or a proper semgrep pattern.
    * see semgrep-core/src/core/XPattern.ml

diff --git a/semgrep_output_v1.jsonschema b/semgrep_output_v1.jsonschema
diff --git a/semgrep_output_v1.proto b/semgrep_output_v1.proto
diff --git a/semgrep_output_v1.py b/semgrep_output_v1.py
diff --git a/semgrep_output_v1.ts b/semgrep_output_v1.ts
diff --git a/semgrep_output_v1_j.ml b/semgrep_output_v1_j.ml
diff --git a/semgrep_output_v1_j.mli b/semgrep_output_v1_j.mli