github.com/prebid/prebid-server/v2@v2.18.0/.semgrep/adapter/type-bid-assignment.yml (about) 1 rules: 2 - id: type-bid-assignment-check 3 languages: 4 - go 5 message: > 6 Found incorrect assignment made to $KEY. $BID variable receives a new value in each iteration of range loop. Assigning the address of $BID `(&$BID)` to $KEY will result in a pointer that always points to the same memory address with the value of the last iteration. 7 This can lead to unexpected behavior or incorrect results. Refer https://go.dev/play/p/9ZS1f-5h4qS 8 9 Consider using an index variable in the seatBids.Bid loop as shown below 10 11 ``` 12 for _, seatBid := range response.SeatBid { 13 for i := range seatBids.Bid { 14 ... 15 responseBid := &adapters.TypedBid{ 16 Bid: &seatBids.Bid[i], 17 ... 18 } 19 ... 20 ... 21 } 22 } 23 ``` 24 severity: ERROR 25 patterns: 26 - pattern-either: 27 - pattern: > 28 for _, $BID := range ... { 29 ... 30 ... := &adapters.TypedBid{ 31 $KEY: &$BID, 32 ... 33 } 34 ... 35 } 36 - pattern: > 37 for _, $BID := range ... { 38 ... 39 ... = adapters.TypedBid{ 40 $KEY: &$BID, 41 ... 42 } 43 ... 44 } 45 - pattern: > 46 for _, $BID := range ... { 47 ... 48 ... = append(..., &adapters.TypedBid{ 49 $KEY: &$BID, 50 ... 51 }) 52 ... 53 } 54 - pattern: > 55 for _, $BID := range ... { 56 var $TYPEBID_OBJ adapters.TypedBid 57 ... 58 $TYPEBID_OBJ.$KEY = &$BID 59 ... 60 } 61 - focus-metavariable: $KEY 62 - metavariable-regex: 63 metavariable: $KEY 64 regex: Bid