New Published Rules - semgrep.check-is-none-explicitly (#3480)

* add semgrep/check-is-none-explicitly.yaml * add semgrep/check-is-none-explicitly.py * move new rule to correctness directory --------- Co-authored-by: Clara McCreery <clara@semgrep.com> Co-authored-by: Vasilii <inkz@xakep.ru>
semgrep · Oct 7, 2024 · 5aa4f20 · 5aa4f20
1 parent ca45011
commit 5aa4f20
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/python/correctness/check-is-none-explicitly.py b/python/correctness/check-is-none-explicitly.py
@@ -0,0 +1,19 @@
+# ruleid: check-is-none-explicitly
+if record and record == 0:
+    print("hello, this will never happen")
+
+# ok: check-is-none-explicitly
+if record is not None and record == 0:
+    print("this is fine")
+
+# ruleid: check-is-none-explicitly
+if record.a and record.a == 0:
+    print("Not reachable")
+
+# ruleid: check-is-none-explicitly
+if record.a.get("H") and record.a["H"] == 0:
+    print("Not reachable")
+
+# ok: check-is-none-explicitly
+if record.a.get("I") and record.a["J"] == 0:
+    print("This is also fine")
diff --git a/python/correctness/check-is-none-explicitly.yaml b/python/correctness/check-is-none-explicitly.yaml
@@ -0,0 +1,19 @@
+rules:
+- id: check-is-none-explicitly
+  pattern-either:
+  - pattern: $X and $X == 0
+  - pattern: $X.get($FIELD) and $X[$FIELD] == 0
+  fix: ($X != None) and $X == 0
+  message: This expression will always return False because 0 is a false-y value.
+    So if $X is 0, then the first part of this expression will return False but if
+    it is not, the second part will return False. Perhaps you meant to check if $X
+    was None explicitly.
+  languages:
+  - python
+  severity: WARNING
+  metadata:
+    category: correctness
+    technology:
+    - none
+    references:
+    - https://www.freecodecamp.org/news/truthy-and-falsy-values-in-python/