How does Semgrep handle two conflicting Typed Metavariable classes?

Question

Semgrep allows you to specify types in your patterns, but if I happen to have two different classes with the same simple type, but a different fully qualified name, how can I disambiguate between the two when writing a rule where I only want to target one of those types?

I'll explain my question through example. Say you have two different libraries that both have the same class name Foo. In one file of my own code I import one library, and use the Foo class:

import lib1.* // has Foo class

f = Foo()
f.bar()

In another file of my own code, I import the other library and use it’s Foo class:

import lib2.* // has different Foo class

f2 = Foo()
f2.baz()

In my Semgrep rule, I want to detect things of type Foo from lib1.

pattern: (Foo $F)

Since my pattern doesn’t know anything about imports, does it just return results from both files?

score 3 · Accepted Answer · answered Jun 15 '22 at 00:04

3

Yes, since your pattern only specifies type Foo, Semgrep will return both f1 and f2 as matches. If you want to match only one of those, you can specify the fully qualified name of the type you want to match:

pattern: (lib1.Foo $F)

answered Jun 15 '22 at 00:04

fortuna

1,176
1
8
8

How does Semgrep handle two conflicting Typed Metavariable classes?

1 Answers1