yaml.semgrep.unsatisfiable.unsatisfiable-rule

profile photo of returntocorpreturntocorp
Author
672
Download Count*
LGPL Commons Clause
License

You can not use 'pattern' $A and 'pattern-not' $A together; this will always be empty.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: unsatisfiable-rule
    message: You can not use 'pattern' $A and 'pattern-not' $A together; this will
      always be empty.
    severity: ERROR
    languages:
      - yaml
    patterns:
      - pattern-inside: "patterns: [...]"
      - pattern-either:
          - patterns:
              - pattern-inside: |
                  - pattern: $A
                  ...
              - pattern: |
                  - pattern-not: $A
          - patterns:
              - pattern-inside: |
                  - pattern-not: $A
                  ...
              - pattern: |
                  - pattern: $A
    metadata:
      category: correctness
      technology:
        - semgrep
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

unsatisfiable.test.yaml

rules:
  - id: unchecked-subprocess-call
    patterns:
      - pattern: |
          subprocess.call(...)
      # ruleid: unsatisfiable-rule
      - pattern-not: |
          subprocess.call(...)
      - pattern-not-inside: |
          $S = subprocess.call(...)
      - pattern-not-inside: |
          subprocess.call(...) == $X
    message: >-
      blah
    severity: WARNING
    fix: subprocess.check_call(...)