v1.14.6/tools/semgrep/ci/error-shadowing.yml - hashicorp/vault - Git at Google

 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0

 rules:
   - id: error-shadow-check-types
     patterns:
         - pattern: |
             ..., ($ERR: error) = $FUNC(...)
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., ($ERR: error) = $FUNC(...)
             ...
             if <... $ERR == nil ...> {
                 ...
             }
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., ($ERR: error) = $FUNC(...)
             ...
             if <... $ERR != nil ...> {
                 ...
             }
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., ($ERR: error) = $FUNC(...)
             ...
             $ERRCHECK(..., $ERR, ...)
             ...
             ..., $ERR = ...
         # This case is not specific enough but semgrep doesn't let you do any
         # special searching within a switch statement. We will assume if there
         # is a switch statement it's doing error checking, though this isn't
         # guaranteed.
         - pattern-not: |
             ..., ($ERR: error) = $FUNC(...)
             ...
             switch {
             case ...
             }
             ...
             ..., $ERR = ...
     message: Potential Error Shadowing
     languages:
       - go
     severity: ERROR


   - id: error-shadow-check-regex
     patterns:
         - pattern: |
             ..., $ERR = $FUNC(...)
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             if <... $ERR == nil ...> {
                 ...
             }
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             if <... $ERR != nil ...> {
                 ...
             }
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             $ERRCHECK(..., $ERR, ...)
             ...
             ..., $ERR = ...

         # This pattern is used in as a itteration mechanism for a test
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             for $ERR == nil {
                 ...
             }
             ...
             ..., $ERR = ...

         # A few places we test against logical.Err* types
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             if $ERR != logical.$ERRTYPE {
                 ...
             }
             ...
             ..., $ERR = ...
         # This case is not specific enough but semgrep doesn't let you do any
         # special searching within a switch statement. We will assume if there
         # is a switch statement it's doing error checking, though this isn't
         # guaranteed.
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             switch ... {
             case ...
             }
             ...
             ..., $ERR = ...
         - pattern-not: |
             ..., $ERR = $FUNC(...)
             ...
             switch {
             case ...
             }
             ...
             ..., $ERR = ...
         - metavariable-regex:
               metavariable: $ERR
               regex: "err"
     message: Potential Error Shadowing (regex)
     languages:
       - go
     severity: ERROR
	# Copyright (c) HashiCorp, Inc.
	# SPDX-License-Identifier: MPL-2.0

	rules:
	- id: error-shadow-check-types
	patterns:
	- pattern: \|
	..., ($ERR: error) = $FUNC(...)
	...
	..., $ERR = ...
	- pattern-not: \|
	..., ($ERR: error) = $FUNC(...)
	...
	if <... $ERR == nil ...> {
	...
	}
	...
	..., $ERR = ...
	- pattern-not: \|
	..., ($ERR: error) = $FUNC(...)
	...
	if <... $ERR != nil ...> {
	...
	}
	...
	..., $ERR = ...
	- pattern-not: \|
	..., ($ERR: error) = $FUNC(...)
	...
	$ERRCHECK(..., $ERR, ...)
	...
	..., $ERR = ...
	# This case is not specific enough but semgrep doesn't let you do any
	# special searching within a switch statement. We will assume if there
	# is a switch statement it's doing error checking, though this isn't
	# guaranteed.
	- pattern-not: \|
	..., ($ERR: error) = $FUNC(...)
	...
	switch {
	case ...
	}
	...
	..., $ERR = ...
	message: Potential Error Shadowing
	languages:
	- go
	severity: ERROR


	- id: error-shadow-check-regex
	patterns:
	- pattern: \|
	..., $ERR = $FUNC(...)
	...
	..., $ERR = ...
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	if <... $ERR == nil ...> {
	...
	}
	...
	..., $ERR = ...
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	if <... $ERR != nil ...> {
	...
	}
	...
	..., $ERR = ...
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	$ERRCHECK(..., $ERR, ...)
	...
	..., $ERR = ...

	# This pattern is used in as a itteration mechanism for a test
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	for $ERR == nil {
	...
	}
	...
	..., $ERR = ...

	# A few places we test against logical.Err* types
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	if $ERR != logical.$ERRTYPE {
	...
	}
	...
	..., $ERR = ...
	# This case is not specific enough but semgrep doesn't let you do any
	# special searching within a switch statement. We will assume if there
	# is a switch statement it's doing error checking, though this isn't
	# guaranteed.
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	switch ... {
	case ...
	}
	...
	..., $ERR = ...
	- pattern-not: \|
	..., $ERR = $FUNC(...)
	...
	switch {
	case ...
	}
	...
	..., $ERR = ...
	- metavariable-regex:
	metavariable: $ERR
	regex: "err"
	message: Potential Error Shadowing (regex)
	languages:
	- go
	severity: ERROR