forked from trailofbits/semgrep-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
panic-in-function-returning-result.yaml
53 lines (48 loc) · 1.52 KB
/
panic-in-function-returning-result.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
rules:
- id: panic-in-function-returning-result
message: >-
`expect` or `unwrap` called in function returning a `Result`
languages: [rust]
severity: WARNING
metadata:
category: security
cwe: "CWE-755: Improper Handling of Exceptional Conditions"
subcategory: [audit]
confidence: HIGH
likelihood: MEDIUM
impact: LOW
technology: [--no-technology--]
description: "Calling `unwrap` or `expect` in a function returning a `Result`"
references:
- https://doc.rust-lang.org/std/result/
patterns:
- pattern-either:
- pattern: $EXPR.unwrap()
- pattern: $EXPR.expect(...)
- pattern-either:
- pattern-inside: |
fn $FUNC(...) -> Result<$T1, $T2> {
...
}
- pattern-inside: |
fn $FUNC(...) -> Result<$T> {
...
}
- patterns:
- pattern-inside: |
fn $FUNC(...) -> $RETTYPE {
...
}
- pattern-either:
- pattern-inside: |
type $RETTYPE = Result<$T>;
...
fn $FUNC(...) -> $RETTYPE {
...
}
- pattern-inside: |
type $RETTYPE = Result<$T1, $T2>;
...
fn $FUNC(...) -> $RETTYPE {
...
}