Merged
Conversation
4972a8d to
c1fa853
Compare
03ee23e to
a7afa9b
Compare
In macroexpansion for `cond->` and `cond->>`, we introduce fake variables in synthetic let bindings, and we don't want these to pollute the `intermediate_variables` produced in outputs. This is because these fake variables reuse real tokens that have no relevance in terms of content, but are the closest and most reasonable choices for such variables. Showing them is bound to confuse tooling downstream.
Without this edit, adding `--dataflow-traces` will sometimes fail to print traces where a location spans more than 1 line. This happens with clojure macroexpanded code.
This fixes an small issue where intermediate variable tokens derived from qualified x/y in associative destructuring included the slash, and printed in json and sarif as /y.
Note that `($F ...)` will no longer match such expressions; but `(:K ...)` will, and similarly for `(::kwd exp)` and `(::$K ...)`.
If we are to do this, we need to cover more cases as detailed in the comment.
3721920 to
2968876
Compare
6e9a2aa to
a65c5b2
Compare
| let is_macroexpandable (todo_kind : string) = | ||
| match todo_kind with | ||
| | "->" | "->>" | "cond->" | "cond->>" | "as->" | "ShortLambda" | ||
| | "as->" | "ShortLambda" |
Contributor
There was a problem hiding this comment.
wait so the -> liek things are no longer macroexpandable?
Collaborator
Author
There was a problem hiding this comment.
They are, but at translation to generic.
There were 2 methods: during IL translation and during to-generic.
Now what is kept is to-generic. That means we shuffle CST stuff not generic AST.
Collaborator
Author
There was a problem hiding this comment.
Until before this commit I had both methods there, hoping to resurrect the IL method but I decided to abandon it.
|
|
||
| let qualified_name_regex_str = "^\\(.+\\)/\\(.+\\)$" | ||
|
|
||
| let fake_variable_ident = "G__1111" |
Contributor
There was a problem hiding this comment.
oh common, call it G_666
corneliuhoffman
approved these changes
Jan 6, 2026
Contributor
corneliuhoffman
left a comment
There was a problem hiding this comment.
I really liked the details in the recur/loop stuff ... this is better and better, soon will be a flag language for us
maciejpirog
approved these changes
Jan 6, 2026
c1319bf to
c48b272
Compare
We now relax tha parsing of clojure functions, to ensure that semgrep-rules don't fail to get loaded because of parsing error. The change is moderate: - Translate `...` to `[...]` when expecting function arguments. This enables the pattern `(defn $F ... ...)` which otherwise fails to parse. - Convert `...` to `$_` in contexts where a single name is expected, for example in function name position. - We interpret `( ... )` as a block, not as function call Call(..., []). Similarly for ( ... e1 e2) etc.
Decided to abandon this avenue. Too many issues.
c48b272 to
20e46fa
Compare
3 tasks
Merged
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Jan 9, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [opengrep/opengrep](https://github.com/opengrep/opengrep) | minor | `v1.13.2` → `v1.14.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>opengrep/opengrep (opengrep/opengrep)</summary> ### [`v1.14.1`](https://github.com/opengrep/opengrep/releases/tag/v1.14.1): Opengrep 1.14.1 [Compare Source](opengrep/opengrep@v1.14.0...v1.14.1) #### Improvements - Clojure translation part II by [@​dimitris-m](https://github.com/dimitris-m) in [#​517](opengrep/opengrep#517) - C#: Allow implicit variables in properties to be taint sources by [@​maciejpirog](https://github.com/maciejpirog) in [#​516](opengrep/opengrep#516) - Add core flags `dump_rule` and `dump_patterns_of_rule` as options in the show command by [@​maciejpirog](https://github.com/maciejpirog) in [#​519](opengrep/opengrep#519) #### Bug fixes - Fix: pass signature databaseb to lambda analysis, handle method mutation tainting by [@​corneliuhoffman](https://github.com/corneliuhoffman) in [#​520](opengrep/opengrep#520) #### Tech debt - Fix CHANGELOG.md, OPENGREP.md, remove unused files by [@​dimitris-m](https://github.com/dimitris-m) in [#​523](opengrep/opengrep#523) **Full Changelog**: <opengrep/opengrep@v1.14.0...v1.14.1> ### [`v1.14.0`](https://github.com/opengrep/opengrep/releases/tag/v1.14.0): Opengrep 1.14.0 [Compare Source](opengrep/opengrep@v1.13.2...v1.14.0) #### Improvements - Support for higher-order functions in intrafile taint analysis by [@​corneliuhoffman](https://github.com/corneliuhoffman) in [#​469](opengrep/opengrep#469) and [#​513](opengrep/opengrep#513) - Clojure: Improved support for Clojure (incl. tainting) by [@​dimitris-m](https://github.com/dimitris-m) in [#​501](opengrep/opengrep#501) - Dart: Improved support for Dart by [@​maciejpirog](https://github.com/maciejpirog) in [#​508](opengrep/opengrep#508) - C#: Better handing of extension methods and extension blocks by [@​maciejpirog](https://github.com/maciejpirog) in [#​514](opengrep/opengrep#514) #### Fixes - Bump cygwin install action by [@​dimitris-m](https://github.com/dimitris-m) in [#​503](opengrep/opengrep#503) and [#​509](opengrep/opengrep#509) **Full Changelog**: <opengrep/opengrep@v1.13.2...v1.14.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4yIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6Om1pbm9yIl19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Removes synthetic variables from the intermediate variables, since the tokens used are real tokens with different content in the target file. This improves dataflow traces in text / json / sarif.
Improves printing of matches which in some cases failed with macroexpanded code.
Encodes the special ops as is done in other languages.
Adds loop and recur (this can be used with loop or functions, in tail position). Note: I did not add a test for defn + recur because it made me realise we have other issues that are related and need to be fixed, and these are orthogonal to the translation.
Improves patterns:
(...)matches a block and not aCall(..., []);..., when function parameters are expected, becomes[...];..., when a single name is expected, becomes$_.Fixes 1.14.0 - Rule parse error in rule clojure.lang.security.documentbuilderfactory-xxe.documentbuilderfactory-xxe #518.
Removes the IL macroexpansion mechanics; this approach ended up being too problematic compared to macroexpansion at AST generic translation time.
Adds comments and TODOs: some will be dealt with in this PR.
There will be Part III.