Ruby scanning not working in JS version of Semgrep VSCode Extension #138
Description
Detection of issues in Ruby files is not working when running the JS version of the extension. This occurs both when running the extension on Mac in JS mode and when using the extension on Windows.
Extension version: v1.7.1
Expected behaviour: Scanning a Ruby file should detect the same issues in JS and non-JS mode
Current Behavior: No issues are being detected in Ruby files when running in JS mode
How to reproduce
Create a file index.rb with the following content
require 'active_record'
require 'models/restaurant'
def show(event:, context:)
ActiveRecord::Base.establish_connection(
adapter: 'mysql2',
host: ENV['RDS_HOST'],
username: ENV['RDS_USERNAME'],
password: ENV['RDS_PASSWORD'],
database: ENV['RDS_DATABASE']
)
query = "SELECT * FROM customers INNER JOIN orders ON customers.id = %{id}" % {id: event["id"]}
# ruleid: activerecord-sqli
result = Platform.find_by_sql(query)
# ok: activerecord-sqli
result2 = Smth.find_by_sql("SELECT * FROM customers INNER JOIN orders ON customers.id = %{id}", {id: event["id"]})
{
body: [result, resul2]
}
endWhen running in non-JS mode, an issue is detected on line 13 (ruby.aws-lambda.security.tainted-sql-string.tainted-sql-string).
When switching to JS mode using the Semgrep: Use JS extension setting or when running on Windows, no issues are being detected.
In the Semgrep Output window, I can see an error that I expect is causing the issue
found 0 matches, 1 errors
there were 0 skipped targets
Semgrep errors: Failure("Pattern parse error")
Testing on different Ruby files with different rulesets, still results in this same error.