Semgrep allows you to specify types in your patterns, but if I happen to have two different classes with the same simple type, but a different fully qualified name, how can I disambiguate between the two when writing a rule where I only want to target one of those types?
I'll explain my question through example. Say you have two different libraries that both have the same class name Foo.
In one file of my own code I import one library, and use the Foo class:
import lib1.* // has Foo class
f = Foo()
f.bar()
In another file of my own code, I import the other library and use it’s Foo class:
import lib2.* // has different Foo class
f2 = Foo()
f2.baz()
In my Semgrep rule, I want to detect things of type Foo from lib1.
pattern: (Foo $F)
Since my pattern doesn’t know anything about imports, does it just return results from both files?
Yes, since your pattern only specifies type Foo, Semgrep will return both f1 and f2 as matches. If you want to match only one of those, you can specify the fully qualified name of the type you want to match:
pattern: (lib1.Foo $F)