Matching captured metavariables with specific types
The metavariable-type
operator is used to compare metavariables against their types. It utilizes the type
key to specify the string representation of the type expression in the target language. For example, you can use String
for Java's String type and string
for Go's string type. Optionally, the language
key can be used to manually indicate the target language of the type expression.
metavariable-type
provides several advantages over typed metavariables. Firstly, it removes the requirement for users to memorize special syntax for defining typed metavariables in various target languages. Moreover, metavariable-type
enables users to extract type expressions from the pattern expression and include them in other conditional filters for metavariables. This improves the readability of rules and promotes better organization of the code.
For instance, the following rule that identifies potentially unsafe usage of the referential equality operator when comparing String objects in Java:
rules:
- id: no-string-eqeq
severity: WARNING
message: Avoid using the referential equality operator when comparing String objects
languages:
- java
patterns:
- pattern-not: null == (String $Y)
- pattern: $X == (String $Y)
can be modified to the following rule:
rules:
- id: no-string-eqeq
severity: WARNING
message: Avoid using the referential equality operator when comparing String objects
languages:
- java
patterns:
- pattern-not: null == $Y
- pattern: $X == $Y
- metavariable-type:
metavariable: $Y
type: String
Not finding what you need in this doc? Ask questions in our Community Slack group, or see Support for other ways to get help.