Skip to content

Commit

Permalink
Add experimental semgrep rule 'if-incorrect-nil-err-return'
Browse files Browse the repository at this point in the history 
Put in experimental directory because of huge count of false positives.
  • Loading branch information
@nickeskov
nickeskov committed Mar 8, 2025
1 parent d807082 commit bb81c4c
Showing 1 changed file with 47 additions and 0 deletions.
47 changes: 47 additions & 0 deletions .semgrep/experimental/if-incorrect-nil-err-return.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
rules:
- id: if-incorrect-nil-err-return
languages: [go]
severity: WARNING
message: |
WARNING: A local variable '$ERR' is checked for nil, but a different variable is returned.
Ensure that the returned variable is the one that was checked or properly wrapped!
patterns:
- metavariable-regex:
metavariable: $ERR
regex: .*(?i)err # using .* to allow prefixes, because regex matching is left anchored.

- pattern: |
if $ERR != nil {
...
return ..., $OTHERERR
}
- pattern-not: |
if $ERR != nil {
...
return ..., $ERR
}
- pattern-not: |
if $ERR != nil {
...
return ..., $ANYFUNC(..., $ERR, ...)
}
- pattern-not: |
if $ERR != nil {
...
return ..., $ANYFUNC(..., $ANYFUNC1(..., $ERR, ...), ...)
}
- pattern-not: |
if $ERR != nil {
...
$NEWERR := $ANYFUNC(..., $ERR, ...)
...
return nil, $NEWERR
}
- pattern-not: |
if $ERR != nil {
...
$NEWERR := $ANYFUNC(..., $ERR, ...)
...
return ..., $ANYFUNC1(..., $NEWERR, ...)
}

0 comments on commit bb81c4c

Please sign in to comment.