Skip to content

[Regression] unquoted-command-substitution-in-command & unquoted-variable-expansion-in-command [BASH] causes semgrep CRASH #3449

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
[Regression] unquoted-command-substitution-in-command & unquoted-variable-expansion-in-command [BASH] causes semgrep CRASH#3449
Labels
bugSomething isn't working
@mjnowen

Description

@mjnowen
mjnowen
opened on Aug 12, 2024

Describe the bug
In semgrep release v1.58.0, the following 2 x BASH rules (using latest commit: 57cb8aa) fail with the following example line of bash script:

unquoted-command-substitution-in-command
unquoted-variable-expansion-in-command

docker run --interactive --tty --rm \
	--mount type=bind,source="$(pwd)",target=/code,readonly "${FOO}" .

In semgrep release v1.59.0 and onwards to v1.84.1 (latest at time of writing), semgrep crashes with this error message:

{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.59.0"}

To Reproduce
Code to reproduce this behavior:

# ubuntu 22.04
cd /usr/local

# latest commit of semgrep-rules
sudo git clone https://github.com/semgrep/semgrep-rules.git

sudo rm -r /usr/local/semgrep-rules/stats /usr/local/semgrep-rules/.github /usr/local/semgrep-rules/.pre-commit-config.yaml
sudo pip3 install --break-system-packages semgrep==1.58.0
semgrep --json --config=/usr/local/semgrep-rules --no-git-ignore --metrics=off --no-rewrite-rule-ids .
# it works

sudo pip3 install --break-system-packages semgrep==1.59.0
semgrep --json --config=/usr/local/semgrep-rules --no-git-ignore --metrics=off --no-rewrite-rule-ids .

# it crashes with this message:
{"errors": [{"code": 2, "level": "warn", "message": "Other syntax error at line NO FILE INFO YET:-1:\n Invalid_argument: index out of bounds", "path": "NO FILE INFO YET", "type": "Other syntax error"}], "paths": {"scanned": []}, "results": [], "skipped_rules": [], "version": "1.59.0"}

Expected behavior

  1. semgrep application should not crash due to a bad rule(s)!
  2. 2 x semgrep bash rules are generating false-positives against my example line of bash script as seen above.

Priority
How important is this to you?

  • P0: blocking me from making progress
  • P1: this will block me in the near future
  • P2: annoying but not blocking me

Additional Context
Add any other context about the problem here.

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions