semgrep icon indicating copy to clipboard operation
semgrep copied to clipboard
verified publisher icon semgrep

Semgrep changing current directory causes unexpected file resolving behaviour

Open Sjord opened this issue 5 years ago • 4 comments

Semgrep changes to the current directory to SEMGREP_SRC_DIRECTORY in some cases. This can lead to unexpected behaviour when resolving relative files.

To Reproduce

% docker run -t -i --entrypoint sh --workdir /myproject -v "$PWD:/myproject" returntocorp/semgrep
/myproject $ ls -l .myconfig/semgrep.yml 
-rw-r--r--    1 semgrep  semgrep       1239 Nov 25 10:56 .myconfig/semgrep.yml
/myproject $ semgrep -f .myconfig/semgrep.yml 
unable to find a config; path `.myconfig/semgrep.yml` does not exist (since you are running in docker, you cannot specify arbitary paths on the host; they must be mounted into the container)
no valid configuration file found (1 configs were invalid)
/myproject $

As you can see, .myconfig/semgrep.yml exists, and semgrep claims it does not exist. But semgrep changed the working directory, and it is silently looking in /src.

Expected behavior

Perhaps semgrep should look in SEMGREP_SRC_DIRECTORY without changing the current directory. That way, at least the error message would say path '/src/.myconfig/semgrep.yml' does not exist. Or should it first look in the current directory and then in SEMGREP_SRC_DIRECTORY?

What is the priority of the bug to you?

P2

Environment

returntocorp/semgrep docker image. I am trying to run this in GitLab CI.

Sjord avatar Nov 25 '20 14:11 Sjord

Thanks for this bug report @Sjord. As a workaround, have you seen https://github.com/returntocorp/semgrep-action? Many other semgrep users are using that successfully to run in GitLab CI, and it has a lot of other features that may be appropriate. Someone just contributed support for Gitlab SAST output to it. Anyways may save you some time as you are trying to get it set up in GitLab CI.

ievans avatar Nov 25 '20 15:11 ievans

@spencerdrak is this still an issue? Closing in doubt.

aryx avatar Jun 01 '22 10:06 aryx

This is still a problem. Could you reopen this?

/myproject # semgrep --version
0.94.0
/myproject # ls -l semgrep.yml
-rw-r--r--    1 root     root          3014 Jan 27 09:03 semgrep.yml
/myproject # semgrep -f semgrep.yml
WARNING: unable to find a config; path `semgrep.yml` does not exist (since you are running in docker, you cannot specify arbitrary paths on the host; they must be mounted into the container)
invalid configuration file found (1 configs were invalid)

Sjord avatar Jun 01 '22 11:06 Sjord

I got bitten by this again.

This works as expected:

$ semgrep scan --validate --config .

This doesn't work. It doesn't show an error, but also doesn't validate files, and exits with error code 2:

$ docker run --rm -v "$PWD:/foo" -w "/foo" returntocorp/semgrep semgrep scan --validate --config .

This works again:

$ docker run --rm -v "$PWD:/foo" -w "/foo" -e "SEMGREP_SRC_DIRECTORY=." returntocorp/semgrep semgrep scan --validate --config .

Sjord avatar Feb 06 '24 14:02 Sjord