ocaml

semgrep

Comparison to boolean. Just use `not $X`

semgrep

Comparison to boolean. Just use `$X`

semgrep

You should not use Hashtbl.find outside of a try, or you should use Hashtbl.find_opt

semgrep

Backwards if. Rewrite the code as 'if not $E then $E2'.

semgrep

Useless else. Just remove the else branch;

semgrep

You should not use List.find outside of a try, or you should use List.find_opt

semgrep

You should use `decr`

semgrep

You should use `incr`

semgrep

Use instead `Str.first_chars`

semgrep

Use instead `Str.last_chars`

semgrep

Use instead `Str.string_after`

semgrep

Useless sprintf

semgrep

Pervasives is deprecated and will not be available after 4.10. Use Stdlib.

semgrep

You probably want $X = [], which is faster.

semgrep

You probably want $X <> [], which is faster.

semgrep

You probably want the structural equality operator =

semgrep

You probably want the structural inequality operator <>

semgrep

This is always true. If testing for floating point NaN, use `Float.is_nan` instead.

semgrep

Useless if. Both branches are equal.

semgrep

Useless let

semgrep

You should probably use Filename.get_temp_dirname().

semgrep

'input_line' leaves a '\r' (CR) character when reading lines from a Windows text file, whose lines end in "\r\n" (CRLF). This is a problem for any Windows file that is being read either on a Unix-like platform or on Windows in binary mode. If the code already takes care of removing any trailing '\r' after reading the line, add a '(* nosemgrep *)' comment to disable this warning.

semgrep

'open_in' behaves differently on Windows and on Unix-like systems with respect to line endings. To get the same behavior everywhere, use 'open_in_bin' or 'open_in_gen [Open_binary]'. If you really want CRLF-to-LF translations to take place when running on Windows, use 'open_in_gen [Open_text]'.

semgrep

'open_out' behaves differently on Windows and on Unix-like systems with respect to line endings. To get the same behavior everywhere, use 'open_out_bin' or 'open_out_gen [Open_binary]'. If you really want LF-to-CRLF translations to take place when running on Windows, use 'open_out_gen [Open_text]'.

semgrep

You should not re-raise exceptions using 'raise' because it loses track of where the exception was raised originally, leading to a useless and possibly confusing stack trace. Instead, you should obtain a stack backtrace as soon as the exception is caught using 'try ... with exn -> let trace = Printexc.get_raw_backtrace () in ...', and keep it around until you re-raise the exception using 'Printexc.raise_with_backtrace exn trace'. You must collect the stack backtrace before calling another function which might internally raise and catch exceptions. To avoid false positives from Semgrep, write 'raise (Foo args)' instead of 'let e = Foo args in raise e'.

semgrep

This comparison is useless because the expressions being compared are identical. This is expected to always return the same result, 0, unless your code is really strange.

semgrep

Digest uses MD5 and should not be used for security purposes. Consider using SHA256 instead.

semgrep

Executing external programs might lead to comand or argument injection vulnerabilities.

semgrep

When attacker supplied data is passed to Filename.concat directory traversal attacks might be possible.

semgrep

Creating a Hashtbl without the optional random number parameter makes it prone to DoS attacks when attackers are able to fill the table with malicious content. Hashtbl.randomize or the R flag in the OCAMLRUNPARAM are other ways to randomize it.

semgrep

Marshaling is currently not type-safe and can lead to insecure behaviour when untrusted data is marshalled. Marshalling can lead to out-of-bound reads as well.

semgrep

Filename.temp_file might lead to race conditions, since the file could be altered or replaced by a symlink before being opened.

semgrep

Unsafe functions do not perform boundary checks or have other side effects, use with care.