libsast icon indicating copy to clipboard operation
libsast copied to clipboard

Published 20 hours ago verified publisher icon ajinabraham

Getting "TypeError: 'NoneType' object is not subscriptable"

Open AnonyTurb opened this issue 9 months ago • 3 comments

Scan commands:

  1. C:\>libsast -s X:/Semgrep-home/semgrep-rules/ccs.yml X:/test/file/
  2. C:\>libsast -s X:/Semgrep-home/semgrep-rules/ccs.yml X:/test/file/ --show-progress --output libsast_report.json

P.S. - I'm trying to run semgrep rules on windows machine. Running on python 3.11.0

Both the commands giving me following error:

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "C:\Program Files\Python311\Scripts\libsast.exe\__main__.py", line 7, in <module>
  File "C:\Program Files\Python311\Lib\site-packages\libsast\__main__.py", line 93, in main
    result = Scanner(options, args.path).scan()
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\site-packages\libsast\scanner.py", line 65, in scan
    self.options).scan(valid_paths)
                  ^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python311\Lib\site-packages\libsast\core_sgrep\semantic_sgrep.py", line 41, in scan
    self.format_output(sgrep_out)
  File "C:\Program Files\Python311\Lib\site-packages\libsast\core_sgrep\semantic_sgrep.py", line 50, in format_output
    for find in results['results']:
                ~~~~~~~^^^^^^^^^^^
TypeError: 'NoneType' object is not subscriptable

AnonyTurb avatar May 06 '24 19:05 AnonyTurb

The error suggests that there is no semgrep scan happening here.

Can you share the semgrep rules that you are using with libsast?

Does your semgrep rule syntax look something like this https://github.com/ajinabraham/libsast/blob/09165d63062312b6ecfef6fb96177851030c9d42/tests/assets/rules/semantic_grep/sgrep.yaml#L1

ajinabraham avatar May 06 '24 20:05 ajinabraham

Yes, it does. Here is an example:

rules:
- id: ccs.slackaccesstoken
  patterns:
    - pattern-regex: (.*\W)(xox[abpr]-[^;<$\n\s'"]{20,})([;<$\n\s'"][^\n]*)

  languages:
    - regex
  message: Slack access token detected
  severity: WARNING
  metadata:
      category: security
      technology:
        - secrets
      confidence: HIGH
      source: https://github.com/nccgroup/ccs/

AnonyTurb avatar May 07 '24 13:05 AnonyTurb

Any Update @ajinabraham . Semgrep syntax looks same to me. Let me know if I have to do something different.

AnonyTurb avatar May 08 '24 18:05 AnonyTurb

semgrep rules on windows machine.

libsast or the semgrep version it uses doesn't support Windows native. You need something like WSL or docker to run libsast/semgrep on windows.

ajinabraham avatar May 24 '24 16:05 ajinabraham