v1.14.6/tools/semgrep/ci/no-nil-check.yml - hashicorp/vault - Git at Google

 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0

 rules:
   - id: nil-check-logical-storage
     patterns:
       - pattern-either:
           - pattern: |
               $VAR, $ERR = ($S : logical.Storage).Get(...)
               ...
               $VAR.$FOO
           - pattern: |
               $VAR, $ERR = ($S : logical.Storage).Get(...)
               ...
               $FUNC2(..., $VAR, ...)
       - pattern-not: |
           $VAR, $ERR = ($S : logical.Storage).Get(...)
           ...
           if <... $VAR == nil ...> {
               ...
           }
           ...
       - pattern-not: |
           $VAR, $ERR = ($S : logical.Storage).Get(...)
           ...
           if <... $VAR != nil ...> {
               ...
           }
           ...
     message: missed nil check
     languages:
       - go
     severity: ERROR


 # physical.Storage.Get
   - id: nil-check-physical-storage
     patterns:
       - pattern-either:
           - pattern: |
               $VAR, $ERR = ($S : physical.Storage).Get(...)
               ...
               $VAR.$FOO
           - pattern: |
               $VAR, $ERR = ($S : physical.Storage).Get(...)
               ...
               $FUNC2(..., $VAR, ...)
       - pattern-not: |
           $VAR, $ERR = ($S : physical.Storage).Get(...)
           ...
           if <... $VAR == nil ...> {
               ...
           }
           ...
       - pattern-not: |
           $VAR, $ERR = ($S : physical.Storage).Get(...)
           ...
           if <... $VAR != nil ...> {
               ...
           }
           ...
     message: missed nil check
     languages:
       - go
     severity: ERROR

 # NamespaceByID
   - id: nil-check-physical-storage-by-nsid
     patterns:
       - pattern-either:
           - pattern: |
               $VAR, $ERR = NamespaceByID(...)
               ...
               $VAR.$FOO
           - pattern: |
               $VAR, $ERR = NamespaceByID(...)
               ...
               $FUNC2(..., $VAR, ...)
       - pattern-not: |
           $VAR, $ERR = NamespaceByID(...)
           ...
           if <... $VAR == nil ...> {
               ...
           }
           ...
       - pattern-not: |
           $VAR, $ERR = NamespaceByID(...)
           ...
           if <... $VAR != nil ...> {
               ...
           }
           ...
       # this is a special case for custom nil namespace handling logic in
       # activity log
       - pattern-not: |
           $VAR, $ERR = NamespaceByID(...)
           ...
           if a.includeInResponse(..., $VAR) {
               ...
           }
           ...
     message: missed nil check
     languages:
       - go
     severity: ERROR

   - id: nil-check-logical-storage-regex
     paths:
       exclude:
           # This file has a valid case that I couldn't work around easily in the
           # semgrep rule. Ignore it for now
         - "vault/ui.go"
     patterns:
       - pattern-either:
           - pattern: |
               $VAR, $ERR = $STORAGE.Get(...)
               ...
               $VAR.$FOO
           - pattern: |
               $VAR, $ERR = $STORAGE.Get(...)
               ...
               $FUNC2(..., $VAR, ...)
       - pattern-not: |
           $VAR, $ERR = $STORAGE.Get(...)
           ...
           if <... $VAR == nil ...> {
               ...
           }
           ...
       - pattern-not: |
           $VAR, $ERR = $STORAGE.Get(...)
           ...
           if <... $VAR != nil ...> {
               ...
           }
           ...
       - pattern-not: |
           $VAR, $ERR = $STORAGE.Get(...)
           ...
           switch $VAR {
           case ...
           }
           ...
       - metavariable-regex:
           metavariable: $STORAGE
           regex: ((.*)Storage|(.*)\.s|(.*)\.barrier|(.*)\.view|(.*)\.barrierView|(.*)\.physical|(.*)\.underlying)
     message: missed nil check
     languages:
       - go
     severity: ERROR
	# Copyright (c) HashiCorp, Inc.
	# SPDX-License-Identifier: MPL-2.0

	rules:
	- id: nil-check-logical-storage
	patterns:
	- pattern-either:
	- pattern: \|
	$VAR, $ERR = ($S : logical.Storage).Get(...)
	...
	$VAR.$FOO
	- pattern: \|
	$VAR, $ERR = ($S : logical.Storage).Get(...)
	...
	$FUNC2(..., $VAR, ...)
	- pattern-not: \|
	$VAR, $ERR = ($S : logical.Storage).Get(...)
	...
	if <... $VAR == nil ...> {
	...
	}
	...
	- pattern-not: \|
	$VAR, $ERR = ($S : logical.Storage).Get(...)
	...
	if <... $VAR != nil ...> {
	...
	}
	...
	message: missed nil check
	languages:
	- go
	severity: ERROR


	# physical.Storage.Get
	- id: nil-check-physical-storage
	patterns:
	- pattern-either:
	- pattern: \|
	$VAR, $ERR = ($S : physical.Storage).Get(...)
	...
	$VAR.$FOO
	- pattern: \|
	$VAR, $ERR = ($S : physical.Storage).Get(...)
	...
	$FUNC2(..., $VAR, ...)
	- pattern-not: \|
	$VAR, $ERR = ($S : physical.Storage).Get(...)
	...
	if <... $VAR == nil ...> {
	...
	}
	...
	- pattern-not: \|
	$VAR, $ERR = ($S : physical.Storage).Get(...)
	...
	if <... $VAR != nil ...> {
	...
	}
	...
	message: missed nil check
	languages:
	- go
	severity: ERROR

	# NamespaceByID
	- id: nil-check-physical-storage-by-nsid
	patterns:
	- pattern-either:
	- pattern: \|
	$VAR, $ERR = NamespaceByID(...)
	...
	$VAR.$FOO
	- pattern: \|
	$VAR, $ERR = NamespaceByID(...)
	...
	$FUNC2(..., $VAR, ...)
	- pattern-not: \|
	$VAR, $ERR = NamespaceByID(...)
	...
	if <... $VAR == nil ...> {
	...
	}
	...
	- pattern-not: \|
	$VAR, $ERR = NamespaceByID(...)
	...
	if <... $VAR != nil ...> {
	...
	}
	...
	# this is a special case for custom nil namespace handling logic in
	# activity log
	- pattern-not: \|
	$VAR, $ERR = NamespaceByID(...)
	...
	if a.includeInResponse(..., $VAR) {
	...
	}
	...
	message: missed nil check
	languages:
	- go
	severity: ERROR

	- id: nil-check-logical-storage-regex
	paths:
	exclude:
	# This file has a valid case that I couldn't work around easily in the
	# semgrep rule. Ignore it for now
	- "vault/ui.go"
	patterns:
	- pattern-either:
	- pattern: \|
	$VAR, $ERR = $STORAGE.Get(...)
	...
	$VAR.$FOO
	- pattern: \|
	$VAR, $ERR = $STORAGE.Get(...)
	...
	$FUNC2(..., $VAR, ...)
	- pattern-not: \|
	$VAR, $ERR = $STORAGE.Get(...)
	...
	if <... $VAR == nil ...> {
	...
	}
	...
	- pattern-not: \|
	$VAR, $ERR = $STORAGE.Get(...)
	...
	if <... $VAR != nil ...> {
	...
	}
	...
	- pattern-not: \|
	$VAR, $ERR = $STORAGE.Get(...)
	...
	switch $VAR {
	case ...
	}
	...
	- metavariable-regex:
	metavariable: $STORAGE
	regex: ((.)Storage\|(.)\.s\|(.)\.barrier\|(.)\.view\|(.)\.barrierView\|(.)\.physical\|(.*)\.underlying)
	message: missed nil check
	languages:
	- go
	severity: ERROR