osemgrep: no files scanned when they should be
Opened this issue · 0 comments
fopinappb commented
Describe the bug
#9813 (comment) is the original bug report but as a comment (discovery) of a different.
Using osemgrep to scan a single file under a git repository fails to find any findings. --no-git-ignore does not help (as the file was not ignored), removing .git does.
Scanning the directory that owns the file however does produce findings.
To Reproduce
The rule and test code used:
- https://github.com/semgrep/semgrep-rules/blob/develop/python/lang/security/dangerous-code-run.py
- https://github.com/semgrep/semgrep-rules/blob/develop/python/lang/security/dangerous-code-run.yaml
➜ semgrep --version
1.72.0
➜ git ls-files
...
samples/dangerous-code-run.py
samples/dangerous-code-run.yaml
...
➜ semgrep -f samples/dangerous-code-run.yaml samples/dangerous-code-run.py
...
Ran 1 rule on 1 file: 1 finding.
➜ semgrep --experimental -f samples/dangerous-code-run.yaml samples/dangerous-code-run.py
...
Scanning 1 file tracked by git with 1 Code rule:
Scanning 1 file.
...
Ran 1 rule on 0 files: 0 findings.
➜ semgrep --experimental -f samples/dangerous-code-run.yaml samples/
...
Ran 1 rule on 1 file: 1 finding.
Expected behavior
osemgrep to report the same finding as pysemgrep does.
What is the priority of the bug to you?
- P0: blocking your adoption of Semgrep or workflow
- P1: important to fix or quite annoying
- [x ] P2: regular bug that should get fixed
Environment
official binary, version 1.72, macOS
Use case
It will enable properly scanning git repositories using osemgrep without removing the repository...