Skip to content

Commit

Permalink
Add semgrep rule 'if-inplace-func-incorrect-nil-err-return'.
Browse files Browse the repository at this point in the history
  • Loading branch information
@nickeskov
nickeskov committed Mar 8, 2025
1 parent 734b7e8 commit d807082
Showing 1 changed file with 47 additions and 0 deletions.
47 changes: 47 additions & 0 deletions .semgrep/rules/if-inplace-func-incorrect-nil-err-return.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
rules:
- id: if-inplace-func-incorrect-nil-err-return
languages: [go]
severity: WARNING
message: |
WARNING: A local variable '$ERR' is checked for nil, but a different variable is returned.
Ensure that the returned variable is the one that was checked or properly wrapped!
patterns:
- metavariable-regex:
metavariable: $ERR
regex: .*(?i)err # using .* to allow prefixes, because regex matching is left anchored.

- pattern: |
if $ERR := $FUNC(...); $ERR != nil {
...
return ..., $OTHERERR
}
- pattern-not: |
if $ERR := $FUNC(...); $ERR != nil {
...
return ..., $ERR
}
- pattern-not: |
if $ERR := $FUNC(...); $ERR != nil {
...
return ..., $ANYFUNC(..., $ERR, ...)
}
- pattern-not: |
if $ERR := $FUNC(...); $ERR != nil {
...
return ..., $ANYFUNC(..., $ANYFUNC1(..., $ERR, ...), ...)
}
- pattern-not: |
if $ERR := $FUNC(...); $ERR != nil {
...
$NEWERR := $ANYFUNC(..., $ERR, ...)
...
return nil, $NEWERR
}
- pattern-not: |
if $ERR := $FUNC(...); $ERR != nil {
...
$NEWERR := $ANYFUNC(..., $ERR, ...)
...
return ..., $ANYFUNC1(..., $NEWERR, ...)
}

0 comments on commit d807082

Please sign in to comment.