This repository has been archived by the owner on Mar 8, 2020. It is now read-only.
schema: Add string interpolation UAST type #383
Labels
Comments
|
Python has two variants: "some string {w} named interpolation".format(w='with')
# or
"some string {0} positional {1}".format('with', 'interpolation')
# or
"some string {} implicit positional {}".format('with', 'interpolation')
# this one is the joinedstr:
f"f-string {w} some interpolated variable"Joined strings are the second ones. I've just noticed that the first one doesn't have an integration test so I'll make a PR for it. The |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I identified another low-hanging fruit in terms of Semantic UAST types: string interpolation.
The node is similar if most drivers I've seen, and the semantic is pretty well-understood. Essentially all nodes of this kind follow the following structure:
Each part can be a
String,Identifieror any other expression that yields a value. The effect of this operation is to convert all arguments toStringand join them into a single one.Current list of discovered interpolation nodes:
bash:stringcsharp:InterpolatedStringExpressionjavascript:TemplateLiteralphp:Scalar_Encapsedpython:JoinedStrruby:dstrIf we decide to go full-in on Semantic, there some other candidates:
fmt.Sprintf,strings.Join(, "")String.formatBut for now, I propose to only touch the unique AST nodes, not function calls.
In terms of functionality, this will allow to better detect SQL injections and similar bugs.
The text was updated successfully, but these errors were encountered: