Pattern
Overview
A pattern describes the code to search for. The following string is an example of patterns for HCL which matches any aws_ebs_volume
resource with any name and any configuration arguments:
resource "aws_ebs_volume" :[NAME] {:[...X]}
Metavariable
In this example, :[NAME]
behaves like a capture group in regular expressions; it matches one expression, identifier, or block, saving the matched part for use in code transformation. In general this notation is called metavariables.
Ellipsis Metavariable
:[...X]
behaves almost same as :[X]
, but it matches zero or more expressions, identifiers, or blocks. This notation is called ellipsis metavariables.
Search with Metavariables
By using the same metavariable multiple times, you can search over your code, guaranteeing the equality of all the matched parts for the metavariable. For example, consider the following pattern:
attr1 = :[X]attr2 = :[X]
This pattern DOES match (1) while it does NOT match (2):
// (1)resource "hoge" "foo" {attr1 = 1attr2 = 1}// (2)resource "hoge" "foo" {attr1 = 1attr2 = 2}
đź“ť Tips:
:[_]
is called anonymous metavariable. The equality of the matched parts for:[_]
will NOT be guaranteed; the following pattern matches both of (1) and (2).attr1 = :[_]attr2 = :[_]Similarly,
:[...]
is called anonymous ellipsis metavariable, whose matched parts won't be tested for equivalence.
Pattern Usage
The above sections explain the base parameters and their principles so far. Let's begin with more specific cases depends on your target language!
Pattern in HCL
Let's check the case of HCL code (e.g. Terraform code). Please execute below shisho find 'auto_repair = :[X]' ...
. This searches whether the target resource "google_container_node_pool" ...
includes the auto_repair
attribute with any values.
$ shisho find 'auto_repair = :[X]' --lang=hcl << EOFresource "google_container_node_pool" "bad_example" {name = "example-node-pool"cluster = google_container_cluster.primary.idmanagement {auto_repair = false}}EOF
The expected result is below.
[inline]: matched with the given ruleIn /dev/stdin:|5 | auto_repair = false|
Pattern in Go
Please execute a simple below pattern shisho find 'len(:[...])' ...
. This searches whether the target func test(...
includes the code len()
with any inside values.
$ shisho find 'len(:[...])' --lang=go << EOFfunc test(v []string) int {return len(v) + 1;}EOF
The expected result is below.
[inline]: matched with the given ruleIn /dev/stdin:|2 | return len(v) + 1;|
Pattern in Dockerfile
Let's execute a below pattern shisho find 'USER :[X]' --lang ...
. It searches whether the target FROM node:10-alpine ...
includes the instruction USER :[X]
with any values.
$ shisho find 'USER :[X]' --lang=dockerfile << EOFFROM node:10-alpineRUN mkdir /appCOPY . /appRUN chown -R node:node /appUSER nodeCMD ["node", "index.js"]EOF
The expected result is below.
[inline]: matched with the given ruleIn /dev/stdin:|5 | USER node|