Skip to content

Dart: Use case of identifier to guess Call vs New#555

Merged
maciejpirog merged 2 commits intomainfrom
mpir/dart-guess-implicit-new
Jan 23, 2026
Merged

Dart: Use case of identifier to guess Call vs New#555
maciejpirog merged 2 commits intomainfrom
mpir/dart-guess-implicit-new

Conversation

@maciejpirog
Copy link
Contributor

@maciejpirog maciejpirog commented Jan 22, 2026

In Dart, the new keyword is optional and the convention is to omit it. So, in theory, there is no difference between the syntax of a function call and a creation of a new object via a call to constructor (it is determined by the type checker in the compiler, and so we were translating both cases to Call). However, a strictly followed convention in Dart is that names of types begin with uppercase characters, while names of functions begin with with lowercase characters. We use that as a heuristic, translating to Call or New based on the case of the identifier.

This way, for the rule:

  pattern-sources:
    - pattern: |
        (C $FOO).getData()
  pattern-sinks:
    - pattern: |
        sink(...)

We have:

  var bad = C();
  // ruleid: taint
  sink(bad.getData());

  var good = D();
  // ok:
  sink(good.getData());

  var good = c();
  // ok:
  sink(good.getData());

dimitris-m
dimitris-m reviewed Jan 22, 2026
View reviewed changes
languages/dart/generic/Parse_dart_tree_sitter.ml Outdated
Comment on lines +1929 to +1935
(* Just by looking at the syntax, we cannot know when a(...) is *)
(* a function call or a "new" expression, because the "new" keyword *)
(* is optional. However, there is almost universal convention in *)
(* Dart that types begin with an uppercase, while everything else *)
(* with a lowercase character. We use this convention as a heuristic: *)
(* if an identifier starts with an uppercase char, we convert it to *)
(* G.New; othwerwise, it is a call. *)
Copy link
Collaborator

@dimitris-m dimitris-m Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: This comment style (independent lines) is a little weird imo. Hard to edit comments.

Copy link
Collaborator

@dimitris-m dimitris-m Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also a bit inconsistent with the rest of the codebase.

Copy link
Contributor Author

@maciejpirog maciejpirog Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will fix

dimitris-m
dimitris-m approved these changes Jan 22, 2026
View reviewed changes
Copy link
Collaborator

@dimitris-m dimitris-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but I would change this comment style as noted in my comment...

@dimitris-m dimitris-m added the lang Add or improve language support label Jan 22, 2026
@maciejpirog maciejpirog merged commit d8a8291 into main Jan 23, 2026
6 checks passed
@maciejpirog maciejpirog deleted the mpir/dart-guess-implicit-new branch January 23, 2026 11:08
@maciejpirog maciejpirog mentioned this pull request Feb 4, 2026
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 15, 2026
@tmeijn
build(deps): update opengrep/opengrep to v1.16.0
58a1789 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [opengrep/opengrep](https://github.com/opengrep/opengrep) | minor | `v1.15.1` → `v1.16.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>opengrep/opengrep (opengrep/opengrep)</summary>

### [`v1.16.0`](https://github.com/opengrep/opengrep/releases/tag/v1.16.0): Opengrep 1.16.0

[Compare Source](opengrep/opengrep@v1.15.1...v1.16.0)

#### Improvements

- Dart: Add typed metavariabless by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;551](opengrep/opengrep#551)
- Dart: Use case of identifier to guess call vs new by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;555](opengrep/opengrep#555)
- Go: Enable goroutines in taint tracking by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;559](opengrep/opengrep#559)
- Add taint propagation via "for" comprehensions by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;564](opengrep/opengrep#564)

#### Bug Fixes

- Rust: Missing Rust type alias translation by [@&#8203;smith-xyz](https://github.com/smith-xyz) in [#&#8203;549](opengrep/opengrep#549)
- Fix: Ensure that linux binaries have 8mb stack size (musl) by [@&#8203;dimitris-m](https://github.com/dimitris-m) in [#&#8203;563](opengrep/opengrep#563)
- Fixed a perf regression by removing system calls and improving the reachability graph and the callee lookup by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;556](opengrep/opengrep#556)
- Fixed intrafile bug introduced by a superfluous fallback by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;567](opengrep/opengrep#567)
- Ruby: Always translate `or` and `and` to expression by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;562](opengrep/opengrep#562)
- Bash: Allow redirects before command arguments by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;548](opengrep/opengrep#548)

#### Internal Improvements

- Add `show dump-intrafile-graph` and `show dump-taint-signatures` commands by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;552](opengrep/opengrep#552)
- Improve tainting code by [@&#8203;maciejpirog](https://github.com/maciejpirog) in [#&#8203;546](opengrep/opengrep#546)
- Graph refactoring by [@&#8203;corneliuhoffman](https://github.com/corneliuhoffman) in [#&#8203;553](opengrep/opengrep#553)

#### New Contributors

- [@&#8203;smith-xyz](https://github.com/smith-xyz) made their first contribution in [#&#8203;549](opengrep/opengrep#549)

**Full Changelog**: <opengrep/opengrep@v1.15.1...v1.16.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Ni4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6Om1pbm9yIl19-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dimitris-m dimitris-m dimitris-m approved these changes

@willem-delbare willem-delbare Awaiting requested review from willem-delbare willem-delbare is a code owner

@corneliuhoffman corneliuhoffman Awaiting requested review from corneliuhoffman corneliuhoffman is a code owner

Assignees

No one assigned

Labels

lang Add or improve language support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maciejpirog @dimitris-m