dockerfile: fix CRLF and comment-in-continuation parsing#586
Merged
maciejpirog merged 2 commits intoopengrep:mainfrom Feb 17, 2026
Merged
Conversation
Contributor
|
CI returned this: Probably this commit was not pushed to the dockerfile submodule. @abezdina can you first open a relevant PR in https://github.com/opengrep/semgrep-dockerfile (merging to |
Author
|
@maciejpirog opened a PR opengrep/semgrep-dockerfile#2 |
Collaborator
|
you need to update the submodule commit to point to your semgrep-dockerfile branch (for now) and then if the checks turn green here, we can proceed. the process is this: if this PR is approved, we will merge the semgrep-dockerfile branch into opengrep/main, then update the submodule commit once more here to point to opengrep/main, and merge this one. once CI is green here we will review your PR, thanks! |
Collaborator
|
Also, please rebase your commits to remove this part: Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com No problem to use any AI tool of course, but I prefer not to have it as formal "co-author" in our codebase: the PR submitter takes full credit and bears full responsibility for work submitted. |
980396b to
cba20d8
Compare
Author
|
@dimitris-m you are totally right, my bad, fixed prs comments |
Contributor
|
LGTM after the changes. I merged the PR in the dockerfile repo. @abezdina can you now update this PR so that the dockerfile submodule points to the latest (I understand that the process of updating parsers is a bit annoying, we have making it smoother on our TODO list) |
Contributor
|
@abezdina ...and rebase, because there were some pushes to main in between |
cba20d8 to
e6f3b88
Compare
Author
|
@maciejpirog done! |
Strip \r characters before passing Dockerfile content to tree-sitter, since CRLF line endings break the line_continuation regex pattern.
Change the comment regex from /#.*/ to /#[^\\\n]*(?:\\.[^\\\n]*)*/ so that a trailing backslash on a comment line is NOT consumed as part of the comment token.
e6f3b88 to
8a390d5
Compare
maciejpirog
approved these changes
Feb 17, 2026
Merged
Merged
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Feb 19, 2026
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [opengrep/opengrep](https://github.com/opengrep/opengrep) | patch | `v1.16.0` → `v1.16.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>opengrep/opengrep (opengrep/opengrep)</summary> ### [`v1.16.1`](https://github.com/opengrep/opengrep/releases/tag/v1.16.1): Opengrep 1.16.1 [Compare Source](opengrep/opengrep@v1.16.0...v1.16.1) #### Improvements - Pin Nuitka to 2.8.9 across all build workflows by [@​dimitris-m](https://github.com/dimitris-m) in [#​594](opengrep/opengrep#594) - Remove redundant pip and Nuitka dependencies by [@​dimitris-m](https://github.com/dimitris-m) in [#​573](opengrep/opengrep#573) - Support split rule/target directories in test subcommand by [@​qkaiser](https://github.com/qkaiser) in [#​576](opengrep/opengrep#576) #### Benchmarking - New benchmarking using hyperfine by [@​dimitris-m](https://github.com/dimitris-m) in [#​557](opengrep/opengrep#557) and [#​579](opengrep/opengrep#579) #### Bug fixes - Allow multiple logical operators in metavariable comparison by [@​maciejpirog](https://github.com/maciejpirog) in [#​590](opengrep/opengrep#590) - In `--experimental`, don't report git untracked files as skipped with `--use-git-ignore` by [@​maciejpirog](https://github.com/maciejpirog) in [#​577](opengrep/opengrep#577) - C#: Add primary constructor arguments to base class by [@​maciejpirog](https://github.com/maciejpirog) in [#​589](opengrep/opengrep#589) - Dockerfile: Add missing buildkit constructs by [@​maciejpirog](https://github.com/maciejpirog) in [#​581](opengrep/opengrep#581) - Dockerfile: Fix CRLF and comment-in-continuation parsing by [@​abezdina](https://github.com/abezdina) in [#​586](opengrep/opengrep#586) - Rust: Fix taint propagation through variable shadowing by [@​dimitris-m](https://github.com/dimitris-m) in [#​572](opengrep/opengrep#572) - TS/TSX: Add support for the `satisfies` construct by [@​maciejpirog](https://github.com/maciejpirog) in [#​592](opengrep/opengrep#592) #### Installation - Add Windows install script (pwsh) by [@​dimitris-m](https://github.com/dimitris-m) in [#​569](opengrep/opengrep#569) - Ensure that install.ps1 works on ARM by [@​dimitris-m](https://github.com/dimitris-m) in [#​571](opengrep/opengrep#571) - Fix: handle unparseable cosign version in install.sh by [@​dimitris-m](https://github.com/dimitris-m) in [#​580](opengrep/opengrep#580) #### Documentation - Improve the README by [@​dimitris-m](https://github.com/dimitris-m) in [#​570](opengrep/opengrep#570) #### New Contributors - [@​qkaiser](https://github.com/qkaiser) made their first contribution in [#​576](opengrep/opengrep#576) - [@​abezdina](https://github.com/abezdina) made their first contribution in [#​586](opengrep/opengrep#586) **Full Changelog**: <opengrep/opengrep@v1.16.0...v1.16.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNC4yIiwidXBkYXRlZEluVmVyIjoiNDMuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90IiwiYXV0b21hdGlvbjpib3QtYXV0aG9yZWQiLCJkZXBlbmRlbmN5LXR5cGU6OnBhdGNoIl19-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two Dockerfile parsing bugs that caused false positives (e.g., false "last user is root" findings):
Test plan