Semgrep not finding two lines of code with a 'patterns' section

Question

I have a Semgrep rule:

rules:
  - id: create-chat-client
    patterns:
      - pattern: var $X = GrpcChannel.ForAddress(...); 
      - pattern: var $Y = new ChatService.ChatServiceClient($X);
    languages: 
      - csharp
    message: <pass>
    severity: INFO

And I am trying to match this code:

using Grpc.Net.Client;
using GrpcChat.ProtoBuf;

var channel = GrpcChannel.ForAddress("https://localhost:8888");
var client = new ChatService.ChatServiceClient(channel);

These match separately, but the 'patterns' should be a "AND" match and it fails. I must be missing something obvious. Anyone see anything?

bstpierre · Answer 1 · 2022-03-26T02:47:52.190

Using pattern-inside works:

rules:
  - id: chat
    patterns:
      - pattern-inside: |
          var $X = GrpcChannel.ForAddress(...); 
          ...
      - pattern: var $Y = new ChatService.ChatServiceClient($X);
    languages: 
      - csharp
    message: <pass>
    severity: INFO

with this test case:

using Grpc.Net.Client;
using GrpcChat.ProtoBuf;

var channel = GrpcChannel.ForAddress("https://localhost:8888");
// ruleid: chat
var client = new ChatService.ChatServiceClient(channel);

when I run a test:

% semgrep --test rules/
✓ All tests passed!

Semgrep not finding two lines of code with a 'patterns' section

1 Answers1