scala.lang.correctness.positive-number-index-of.positive-number-index-of
semgrepAuthor
unknown
Download Count*
License
Flags scala code that look for values that are greater than 0. This ignores the first element, which is most likely a bug. Instead, use indexOf with -1. If the intent is to check the inclusion of a value, use the contains method instead.
Run Locally
Run in CI
Defintion
rules:
- id: positive-number-index-of
metadata:
category: correctness
technology:
- scala
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
references:
- https://blog.codacy.com/9-scala-security-issues/
confidence: MEDIUM
message: Flags scala code that look for values that are greater than 0. This
ignores the first element, which is most likely a bug. Instead, use
indexOf with -1. If the intent is to check the inclusion of a value, use
the contains method instead.
severity: WARNING
languages:
- scala
patterns:
- pattern-either:
- patterns:
- pattern: |
$OBJ.indexOf(...) > $VALUE
- metavariable-comparison:
metavariable: $VALUE
comparison: $VALUE >= 0
- patterns:
- pattern: |
$OBJ.indexOf(...) >= $SMALLERVAL
- metavariable-comparison:
metavariable: $SMALLERVAL
comparison: $SMALLERVAL > 0
Examples
positive-number-index-of.scala
class Test {
def bad1(){
val color = "blue"
val strings = List("blue", "bob")
// ruleid: positive-number-index-of
if(strings.indexOf(color) > 0){
println("This is if statement");
}
}
def bad2(){
val name = "bob"
// ruleid: positive-number-index-of
if(name.indexOf("b") > 2){
println("This is if statement");
}
}
def ok1() {
val color = "blue"
val strings = List("blue", "bob")
// ok: positive-number-index-of
if(strings.indexOf(color) > -1){
println("This is if statement");
}
}
def ok2(){
val name = "bob"
// ok: positive-number-index-of
if(name.indexOf("b") >= 0){
println("This is if statement");
}
}
}
Short Link: https://sg.run/PbqY