Skip to content

Fail to parse with rule yaml.github-actions.security.curl-eval.curl-eval #3688

@lahabana

Description

@lahabana

Describe the bug
I get a syntax error on this rule when parsing valid github actions files:

Syntax error at line target.yaml:7:
 When parsing a snippet as Bash for metavariable-pattern in rule 'curl-eval', `${{` was unexpectedEngine(PartialParsing)

To Reproduce
Steps to reproduce the behavior:

  1. Go to playground for this rule
  2. Paste the minimal repro:
name: wf
jobs:
  create-release:
    runs-on: ubuntu-latest
    steps:
      - id: create-release
        run: |
            ${{ env.PRERELEASE_FLAG }} ${{ env.LATEST_FLAG }}

Expected behavior
Should pass (there's not even a curl in here :))

Priority
How important is this to you?

  • P0: blocking me from making progress
  • P1: this will block me in the near future
  • P2: annoying but not blocking me

Desktop (please complete the following information):

  • Also repro in with semgrep ci version: v1.135.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions