osemgrep: no files scanned when they should be

[fopinappb]

Describe the bug

https://github.com/semgrep/semgrep/issues/9813#issuecomment-1956520356 is the original bug report but as a comment (discovery) of a different.

Using osemgrep to scan a single file under a git repository fails to find any findings. --no-git-ignore does not help (as the file was not ignored), removing .git does.

Scanning the directory that owns the file however does produce findings.

To Reproduce

The rule and test code used:

• https://github.com/semgrep/semgrep-rules/blob/develop/python/lang/security/dangerous-code-run.py
• https://github.com/semgrep/semgrep-rules/blob/develop/python/lang/security/dangerous-code-run.yaml

➜  semgrep --version
1.72.0

➜  git ls-files
...
samples/dangerous-code-run.py
samples/dangerous-code-run.yaml
...

➜  semgrep -f samples/dangerous-code-run.yaml samples/dangerous-code-run.py
...
Ran 1 rule on 1 file: 1 finding.

➜  semgrep --experimental -f samples/dangerous-code-run.yaml samples/dangerous-code-run.py
...
  Scanning 1 file tracked by git with 1 Code rule:
  Scanning 1 file.
...
Ran 1 rule on 0 files: 0 findings.

➜  semgrep --experimental -f samples/dangerous-code-run.yaml samples/
...
Ran 1 rule on 1 file: 1 finding.

Expected behavior

osemgrep to report the same finding as pysemgrep does.

What is the priority of the bug to you?

• [ ] P0: blocking your adoption of Semgrep or workflow
• [ ] P1: important to fix or quite annoying
• [x ] P2: regular bug that should get fixed

Environment official binary, version 1.72, macOS

Use case It will enable properly scanning git repositories using osemgrep without removing the repository...