Mineclonia
/
Mineclonia
Archived
12
17
Fork 13
Code Issues 105 Pull Requests 19 Projects Releases Wiki Activity

Add semgrep rules to find multiple instances of the same bug #292

New Issue
Open
opened 2022-04-18 02:51:32 +02:00 by erlehmann · 0 comments
erlehmann commented 2022-04-18 02:51:32 +02:00
Owner
Copy Link
Problem

Consider the following usage of semgrep to find code that enables ghost dupes:

$ cat tools/semgrep-rules/dupe-ghost-inventory.yaml 
rules:
  - id: mcla-find-ghost-inventory-dupes
    message: >-
      This might be a ghost inventory dupe.
    severity: WARNING
    languages:
      - lua
    pattern: |
      $X = minetest.get_meta(...);
      ...
      $Y = $X;
      ...
      $X.from_table(...);
      ...
      $X.from_table($Y:to_table());
$ semgrep --config tools/seemgrep-rules/dupe-ghost-inventory.yaml --max-lines-per-finding 20
Scanning 306 files.
  100%|███████████████████████████████████████████████████████████|306/306 tasks

Findings:

  mods/ITEMS/REDSTONE/mcl_dispensers/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


         84┆ local meta = minetest.get_meta(pos)
         85┆ local meta2 = meta
         86┆ meta:from_table(oldmetadata)
         87┆ local inv = meta:get_inventory()
         88┆ for i=1, inv:get_size("main") do
         89┆ 	local stack = inv:get_stack("main", i)
         90┆ 	if not stack:is_empty() then
         91┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
         92┆ 		minetest.add_item(p, stack)
         93┆ 	end
         94┆ end
         95┆ meta:from_table(meta2:to_table())


  mods/ITEMS/REDSTONE/mcl_droppers/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


         57┆ local meta = minetest.get_meta(pos)
         58┆ local meta2 = meta
         59┆ meta:from_table(oldmetadata)
         60┆ local inv = meta:get_inventory()
         61┆ for i=1, inv:get_size("main") do
         62┆ 	local stack = inv:get_stack("main", i)
         63┆ 	if not stack:is_empty() then
         64┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
         65┆ 		minetest.add_item(p, stack)
         66┆ 	end
         67┆ end
         68┆ meta:from_table(meta2:to_table())


  mods/ITEMS/REDSTONE/mcl_droppers/init_new.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


         55┆ local meta = minetest.get_meta(pos)
         56┆ local meta2 = meta
         57┆ meta:from_table(oldmetadata)
         58┆ local inv = meta:get_inventory()
         59┆ for i=1, inv:get_size("main") do
         60┆ 	local stack = inv:get_stack("main", i)
         61┆ 	if not stack:is_empty() then
         62┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
         63┆ 		minetest.add_item(p, stack)
         64┆ 	end
         65┆ end
         66┆ meta:from_table(meta2:to_table())


  mods/ITEMS/mcl_anvils/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


        321┆ local meta = minetest.get_meta(pos)
        322┆ local meta2 = meta
        323┆ meta:from_table(oldmetadata)
        324┆ drop_anvil_items(pos, meta)
        325┆ meta:from_table(meta2:to_table())


  mods/ITEMS/mcl_chests/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


        348┆ local meta = minetest.get_meta(pos)
        349┆ local meta2 = meta
        350┆ if oldmetadata then
        351┆ 	meta:from_table(oldmetadata)
        352┆ end
        353┆ local inv = meta:get_inventory()
        354┆ for i=1,inv:get_size("main") do
        355┆ 	local stack = inv:get_stack("main", i)
        356┆ 	if not stack:is_empty() then
        357┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
        358┆ 		minetest.add_item(p, stack)
        359┆ 	end
        360┆ end
        361┆ meta:from_table(meta2:to_table())


  mods/ITEMS/mcl_furnaces/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


        453┆ local meta = minetest.get_meta(pos)
        454┆ local meta2 = meta
        455┆ meta:from_table(oldmetadata)
        456┆ local inv = meta:get_inventory()
        457┆ for _, listname in ipairs({"src", "dst", "fuel"}) do
        458┆ 	local stack = inv:get_stack(listname, 1)
        459┆ 	if not stack:is_empty() then
        460┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
        461┆ 		minetest.add_item(p, stack)
        462┆ 	end
        463┆ end
        464┆ meta:from_table(meta2:to_table())
          ⋮┆----------------------------------------
        529┆ local meta = minetest.get_meta(pos)
        530┆ local meta2 = meta
        531┆ meta:from_table(oldmetadata)
        532┆ local inv = meta:get_inventory()
        533┆ for _, listname in ipairs({"src", "dst", "fuel"}) do
        534┆ 	local stack = inv:get_stack(listname, 1)
        535┆ 	if not stack:is_empty() then
        536┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
        537┆ 		minetest.add_item(p, stack)
        538┆ 	end
        539┆ end
        540┆ meta:from_table(meta2:to_table())


  mods/ITEMS/mcl_hoppers/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


         63┆ local meta = minetest.get_meta(pos)
         64┆ local meta2 = meta
         65┆ meta:from_table(oldmetadata)
         66┆ local inv = meta:get_inventory()
         67┆ for i=1,inv:get_size("main") do
         68┆ 	local stack = inv:get_stack("main", i)
         69┆ 	if not stack:is_empty() then
         70┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
         71┆ 		minetest.add_item(p, stack)
         72┆ 	end
         73┆ end
         74┆ meta:from_table(meta2:to_table())
          ⋮┆----------------------------------------
        251┆ local meta = minetest.get_meta(pos)
        252┆ local meta2 = meta
        253┆ meta:from_table(oldmetadata)
        254┆ local inv = meta:get_inventory()
        255┆ for i=1,inv:get_size("main") do
        256┆ 	local stack = inv:get_stack("main", i)
        257┆ 	if not stack:is_empty() then
        258┆ 		local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
        259┆ 		minetest.add_item(p, stack)
        260┆ 	end
        261┆ end
        262┆ meta:from_table(meta2:to_table())


  mods/ITEMS/mcl_jukebox/init.lua 
     tools.semgrep-rules.mcla-find-ghost-inventory-dupes
        This might be a ghost inventory dupe.


        200┆ local meta = minetest.get_meta(pos)
        201┆ local meta2 = meta
        202┆ meta:from_table(oldmetadata)
        203┆ local inv = meta:get_inventory()
        204┆ local stack = inv:get_stack("main", 1)
        205┆ if not stack:is_empty() then
        206┆ 	local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5}
        207┆ 	local dropped_item = minetest.add_item(p, stack)
        208┆ 	-- Rotate record to match with �slot� texture
        209┆ 	dropped_item:set_yaw(math.pi/2)
        210┆ 	if active_tracks[name] ~= nil then
        211┆ 		minetest.sound_stop(active_tracks[name])
        212┆ 		active_tracks[name] = nil
        213┆ 	end
        214┆ 	if active_huds[name] ~= nil then
        215┆ 		digger:hud_remove(active_huds[name])
        216┆ 		active_huds[name] = nil
        217┆ 	end
        218┆ end
        219┆ meta:from_table(meta2:to_table())

Some files were skipped.
  Scan was limited to files tracked by git.

Ran 1 rule on 306 files: 10 findings.
##### Problem Consider the following usage of semgrep to find code that enables ghost dupes: ``` $ cat tools/semgrep-rules/dupe-ghost-inventory.yaml rules: - id: mcla-find-ghost-inventory-dupes message: >- This might be a ghost inventory dupe. severity: WARNING languages: - lua pattern: | $X = minetest.get_meta(...); ... $Y = $X; ... $X.from_table(...); ... $X.from_table($Y:to_table()); $ semgrep --config tools/seemgrep-rules/dupe-ghost-inventory.yaml --max-lines-per-finding 20 Scanning 306 files. 100%|███████████████████████████████████████████████████████████|306/306 tasks Findings: mods/ITEMS/REDSTONE/mcl_dispensers/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 84┆ local meta = minetest.get_meta(pos) 85┆ local meta2 = meta 86┆ meta:from_table(oldmetadata) 87┆ local inv = meta:get_inventory() 88┆ for i=1, inv:get_size("main") do 89┆ local stack = inv:get_stack("main", i) 90┆ if not stack:is_empty() then 91┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 92┆ minetest.add_item(p, stack) 93┆ end 94┆ end 95┆ meta:from_table(meta2:to_table()) mods/ITEMS/REDSTONE/mcl_droppers/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 57┆ local meta = minetest.get_meta(pos) 58┆ local meta2 = meta 59┆ meta:from_table(oldmetadata) 60┆ local inv = meta:get_inventory() 61┆ for i=1, inv:get_size("main") do 62┆ local stack = inv:get_stack("main", i) 63┆ if not stack:is_empty() then 64┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 65┆ minetest.add_item(p, stack) 66┆ end 67┆ end 68┆ meta:from_table(meta2:to_table()) mods/ITEMS/REDSTONE/mcl_droppers/init_new.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 55┆ local meta = minetest.get_meta(pos) 56┆ local meta2 = meta 57┆ meta:from_table(oldmetadata) 58┆ local inv = meta:get_inventory() 59┆ for i=1, inv:get_size("main") do 60┆ local stack = inv:get_stack("main", i) 61┆ if not stack:is_empty() then 62┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 63┆ minetest.add_item(p, stack) 64┆ end 65┆ end 66┆ meta:from_table(meta2:to_table()) mods/ITEMS/mcl_anvils/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 321┆ local meta = minetest.get_meta(pos) 322┆ local meta2 = meta 323┆ meta:from_table(oldmetadata) 324┆ drop_anvil_items(pos, meta) 325┆ meta:from_table(meta2:to_table()) mods/ITEMS/mcl_chests/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 348┆ local meta = minetest.get_meta(pos) 349┆ local meta2 = meta 350┆ if oldmetadata then 351┆ meta:from_table(oldmetadata) 352┆ end 353┆ local inv = meta:get_inventory() 354┆ for i=1,inv:get_size("main") do 355┆ local stack = inv:get_stack("main", i) 356┆ if not stack:is_empty() then 357┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 358┆ minetest.add_item(p, stack) 359┆ end 360┆ end 361┆ meta:from_table(meta2:to_table()) mods/ITEMS/mcl_furnaces/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 453┆ local meta = minetest.get_meta(pos) 454┆ local meta2 = meta 455┆ meta:from_table(oldmetadata) 456┆ local inv = meta:get_inventory() 457┆ for _, listname in ipairs({"src", "dst", "fuel"}) do 458┆ local stack = inv:get_stack(listname, 1) 459┆ if not stack:is_empty() then 460┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 461┆ minetest.add_item(p, stack) 462┆ end 463┆ end 464┆ meta:from_table(meta2:to_table()) ⋮┆---------------------------------------- 529┆ local meta = minetest.get_meta(pos) 530┆ local meta2 = meta 531┆ meta:from_table(oldmetadata) 532┆ local inv = meta:get_inventory() 533┆ for _, listname in ipairs({"src", "dst", "fuel"}) do 534┆ local stack = inv:get_stack(listname, 1) 535┆ if not stack:is_empty() then 536┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 537┆ minetest.add_item(p, stack) 538┆ end 539┆ end 540┆ meta:from_table(meta2:to_table()) mods/ITEMS/mcl_hoppers/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 63┆ local meta = minetest.get_meta(pos) 64┆ local meta2 = meta 65┆ meta:from_table(oldmetadata) 66┆ local inv = meta:get_inventory() 67┆ for i=1,inv:get_size("main") do 68┆ local stack = inv:get_stack("main", i) 69┆ if not stack:is_empty() then 70┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 71┆ minetest.add_item(p, stack) 72┆ end 73┆ end 74┆ meta:from_table(meta2:to_table()) ⋮┆---------------------------------------- 251┆ local meta = minetest.get_meta(pos) 252┆ local meta2 = meta 253┆ meta:from_table(oldmetadata) 254┆ local inv = meta:get_inventory() 255┆ for i=1,inv:get_size("main") do 256┆ local stack = inv:get_stack("main", i) 257┆ if not stack:is_empty() then 258┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 259┆ minetest.add_item(p, stack) 260┆ end 261┆ end 262┆ meta:from_table(meta2:to_table()) mods/ITEMS/mcl_jukebox/init.lua tools.semgrep-rules.mcla-find-ghost-inventory-dupes This might be a ghost inventory dupe. 200┆ local meta = minetest.get_meta(pos) 201┆ local meta2 = meta 202┆ meta:from_table(oldmetadata) 203┆ local inv = meta:get_inventory() 204┆ local stack = inv:get_stack("main", 1) 205┆ if not stack:is_empty() then 206┆ local p = {x=pos.x+math.random(0, 10)/10-0.5, y=pos.y, z=pos.z+math.random(0, 10)/10-0.5} 207┆ local dropped_item = minetest.add_item(p, stack) 208┆ -- Rotate record to match with �slot� texture 209┆ dropped_item:set_yaw(math.pi/2) 210┆ if active_tracks[name] ~= nil then 211┆ minetest.sound_stop(active_tracks[name]) 212┆ active_tracks[name] = nil 213┆ end 214┆ if active_huds[name] ~= nil then 215┆ digger:hud_remove(active_huds[name]) 216┆ active_huds[name] = nil 217┆ end 218┆ end 219┆ meta:from_table(meta2:to_table()) Some files were skipped. Scan was limited to files tracked by git. Ran 1 rule on 306 files: 10 findings. ```
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
fix_copyright_music
cora-production
extend-nether-upwards
refactor-stairs-api-to-allow-modnames
add-podzol-to-large-spruce-trees
uncarved-pumpkin-4
limit-redstone-distance
add-mcl2-maps
fix-nether-portal-stack-overflow-2
fix-nether-portal-stack-overflow
fix-malformed-clientready
fix-daylight-detector
optimize-png-textures
add-ruined-portal
mcl-game
fix-daylightsensor-chmodsayshello
fix-etable-lag
fix-nether-portal-particles
add-selftests-setting
fix-dimension-hopping
erlehmann-production
fix-find-nodes-in-area
fix-village-freeze
rewrite-weather
fix-weather-particles
easier-grass-path-creation
fix-lavacasting-4
fix-lavacasting-2
fix-lavacasting
minecart-with-mobs-2
uncarved-pumpkin
banner-mask-fix-3
fake_master
banner-mask-fix-2
banner-mask-fix
mineclone2-backport-portals-2
mineclone2-backport-portals
mineclone2-pr-1315-portals
0.71.0
0.70.0
Labels
Clear labels   
blocker

blocks release until resolved

  
bug

   
code quality

   
confirmed

   
critical

crashes, catastrophic bugs

  
discussion

   
high priority

   
incompatibility

incompatible with mcl2

  
incomplete feature

   
invalid

   
low priority

   
missing feauture

   
needs testing

   
packet spam

   
performance

   
project

meta-issues

  
regression

   
translations

   
unconfirmed
  
in review

   
ready for review
No Label
blocker
bug
code quality
confirmed
critical
discussion
high priority
incompatibility
incomplete feature
invalid
low priority
missing feauture
needs testing
packet spam
performance
project
regression
translations
unconfirmed
in review
ready for review
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Mineclonia/Mineclonia#292
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?