Fixed top level HOFS and inlined lambda#513
Merged
maciejpirog merged 2 commits intomainfrom Dec 30, 2025
Merged
Conversation
added 2 commits
December 30, 2025 18:59
A bug was introduced in using AST_toIL.name_of_entity. THat forces some sid's and naming that messes up the equalities in func_id. this fixes that
78ce104 to
a84340a
Compare
dimitris-m
reviewed
Dec 30, 2025
Comment on lines
+208
to
+209
| let class_il = Option.bind !current_class g_name_to_il_name in | ||
| let func_il = entity_to_il_name ent in |
Collaborator
There was a problem hiding this comment.
But AST_to_IL.var_of_name also deals with IdQualified.
Is there no reason to deal with that in g_name_to_il_name?
Contributor
Author
There was a problem hiding this comment.
I ampretty sure not (we only use it for classes and methods)
dimitris-m
reviewed
Dec 30, 2025
| (* Visit all Call expressions at top level (outside function bodies). | ||
| Callback receives: full call expr, callee expr, and arguments *) | ||
| let visit_toplevel_calls (f : G.expr -> G.expr -> G.arguments -> unit) (ast : G.program) : unit = | ||
| let v = new toplevel_call_visitor in |
Collaborator
There was a problem hiding this comment.
Is there a reason to create a new instance on each call?
Why not share the visitor (pull out of function)?
Contributor
Author
There was a problem hiding this comment.
oh ... that answers my question in your PR :)))
My point is that I wanted the function to be kindda pure ... despirte the visitor mess inside. And that way I don't have to worry too much about threards
dimitris-m
reviewed
Dec 30, 2025
| let fold_toplevel_calls (f : 'acc -> G.expr -> G.expr -> G.arguments -> 'acc) | ||
| (init_acc : 'acc) (ast : G.program) : 'acc = | ||
| let acc_ref = ref init_acc in | ||
| let v = new toplevel_call_visitor in |
Collaborator
There was a problem hiding this comment.
As above, visitor instance can be shared.
Contributor
Author
There was a problem hiding this comment.
as above, can change but did not want to think about threads
dimitris-m
reviewed
Dec 30, 2025
dimitris-m
reviewed
Dec 30, 2025
Comment on lines
+671
to
+679
| (match e.G.e with | ||
| | G.Call (callee, args) -> | ||
| let found = extract_hof_callbacks_from_call | ||
| ~method_hofs ~function_hofs ~user_hofs ~all_funcs ~caller_parent_path | ||
| callee args | ||
| in | ||
| callbacks := found @ !callbacks | ||
| | _ -> ()); | ||
| super#visit_expr env e |
Collaborator
There was a problem hiding this comment.
Leaving as TODO to extract this into a class, there are some potential concurrency issues with objects + domains.
It's one of the reasons I converted most (all?) such objects into classes and had the instances stateless & shared.
dimitris-m
approved these changes
Dec 30, 2025
Merged
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jan 9, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [opengrep/opengrep](https://github.com/opengrep/opengrep) | minor | `v1.13.2` → `v1.14.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>opengrep/opengrep (opengrep/opengrep)</summary> ### [`v1.14.1`](https://github.com/opengrep/opengrep/releases/tag/v1.14.1): Opengrep 1.14.1 [Compare Source](opengrep/opengrep@v1.14.0...v1.14.1) #### Improvements - Clojure translation part II by [@​dimitris-m](https://github.com/dimitris-m) in [#​517](opengrep/opengrep#517) - C#: Allow implicit variables in properties to be taint sources by [@​maciejpirog](https://github.com/maciejpirog) in [#​516](opengrep/opengrep#516) - Add core flags `dump_rule` and `dump_patterns_of_rule` as options in the show command by [@​maciejpirog](https://github.com/maciejpirog) in [#​519](opengrep/opengrep#519) #### Bug fixes - Fix: pass signature databaseb to lambda analysis, handle method mutation tainting by [@​corneliuhoffman](https://github.com/corneliuhoffman) in [#​520](opengrep/opengrep#520) #### Tech debt - Fix CHANGELOG.md, OPENGREP.md, remove unused files by [@​dimitris-m](https://github.com/dimitris-m) in [#​523](opengrep/opengrep#523) **Full Changelog**: <opengrep/opengrep@v1.14.0...v1.14.1> ### [`v1.14.0`](https://github.com/opengrep/opengrep/releases/tag/v1.14.0): Opengrep 1.14.0 [Compare Source](opengrep/opengrep@v1.13.2...v1.14.0) #### Improvements - Support for higher-order functions in intrafile taint analysis by [@​corneliuhoffman](https://github.com/corneliuhoffman) in [#​469](opengrep/opengrep#469) and [#​513](opengrep/opengrep#513) - Clojure: Improved support for Clojure (incl. tainting) by [@​dimitris-m](https://github.com/dimitris-m) in [#​501](opengrep/opengrep#501) - Dart: Improved support for Dart by [@​maciejpirog](https://github.com/maciejpirog) in [#​508](opengrep/opengrep#508) - C#: Better handing of extension methods and extension blocks by [@​maciejpirog](https://github.com/maciejpirog) in [#​514](opengrep/opengrep#514) #### Fixes - Bump cygwin install action by [@​dimitris-m](https://github.com/dimitris-m) in [#​503](opengrep/opengrep#503) and [#​509](opengrep/opengrep#509) **Full Changelog**: <opengrep/opengrep@v1.13.2...v1.14.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4yIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6Om1pbm9yIl19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two issues with HOF taint analysis were not working:
Solution
Inline lambda calls (Dataflow_tainting.ml)
Top-level HOF callbacks (Function_call_graph.ml, Visit_function_defs.ml)
Ruby/PHP block parameters (AST_to_IL.ml)
Builtin models (Builtin_models.ml)
Code cleanup
Test plan