You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Hey folks, I am trying to use Semgrep Pro with Typescript to detect control flow and I came across an interesting problem.
I have code where class properties are being declared as Parameter Properties. Semgrep does not seem to be able to follow the flow through a parameter property. (I should note that VS Code does not seem to have any problem following the flow).
I have used unit tests to show what should be being detected.
Expected behavior
See the unit tests above, Semgrep Pro should be able to follow flow when a parameter property is used so this rule should have detected all 3 examples and not just 2 of them.
Note that in the real scenario, the classes being declared are in different files so the solution needs to be a cross-file solution.
Screenshots
N/A
What is the priority of the bug to you?
P0: blocking your adoption of Semgrep or workflow
P1: important to fix or quite annoying
P2: regular bug that should get fixed
Environment
N/A
Use case
Cross-file discovery of control flow to ascertain where we are vulnerable to a particular issue.
The text was updated successfully, but these errors were encountered:
Describe the bug
Hey folks, I am trying to use Semgrep Pro with Typescript to detect control flow and I came across an interesting problem.
I have code where class properties are being declared as Parameter Properties. Semgrep does not seem to be able to follow the flow through a parameter property. (I should note that VS Code does not seem to have any problem following the flow).
To Reproduce
See an example here:
https://semgrep.dev/playground/r/6JUv0RL/semgrep_bouncesecurity.broken-parameter-properties
I have used unit tests to show what should be being detected.
Expected behavior
See the unit tests above, Semgrep Pro should be able to follow flow when a parameter property is used so this rule should have detected all 3 examples and not just 2 of them.
Note that in the real scenario, the classes being declared are in different files so the solution needs to be a cross-file solution.
Screenshots
N/A
What is the priority of the bug to you?
Environment
N/A
Use case
Cross-file discovery of control flow to ascertain where we are vulnerable to a particular issue.
The text was updated successfully, but these errors were encountered: