=== exit code
1
=== end of exit code

=== stdout - plain
{
  "errors": [],
  "interfile_languages_used": [],
  "paths": {
    "scanned": [
      "foo.py",
      "poetry.lock",
      "yarn.lock"
    ]
  },
  "results": [
    {
      "check_id": "eqeq-bad",
      "end": {
        "col": 11,
        "line": 4,
        "offset": 43
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    a == a",
        "message": "useless comparison",
        "metadata": {
          "source": "https://semgrep.dev/r/eqeq-bad"
        },
        "metavars": {
          "$X": {
            "abstract_content": "a",
            "end": {
              "col": 6,
              "line": 4,
              "offset": 38
            },
            "start": {
              "col": 5,
              "line": 4,
              "offset": 37
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 4,
        "offset": 37
      }
    },
    {
      "check_id": "eqeq-bad",
      "end": {
        "col": 11,
        "line": 5,
        "offset": 54
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    a == a",
        "message": "useless comparison",
        "metadata": {
          "source": "https://semgrep.dev/r/eqeq-bad"
        },
        "metavars": {
          "$X": {
            "abstract_content": "a",
            "end": {
              "col": 6,
              "line": 5,
              "offset": 49
            },
            "start": {
              "col": 5,
              "line": 5,
              "offset": 48
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 5,
        "offset": 48
      }
    },
    {
      "check_id": "eqeq-bad",
      "end": {
        "col": 11,
        "line": 7,
        "offset": 89
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    a == a",
        "message": "useless comparison",
        "metadata": {
          "source": "https://semgrep.dev/r/eqeq-bad"
        },
        "metavars": {
          "$X": {
            "abstract_content": "a",
            "end": {
              "col": 6,
              "line": 7,
              "offset": 84
            },
            "start": {
              "col": 5,
              "line": 7,
              "offset": 83
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 7,
        "offset": 83
      }
    },
    {
      "check_id": "eqeq-bad",
      "end": {
        "col": 11,
        "line": 11,
        "offset": 126
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    y == y",
        "message": "useless comparison",
        "metadata": {
          "source": "https://semgrep.dev/r/eqeq-bad"
        },
        "metavars": {
          "$X": {
            "abstract_content": "y",
            "end": {
              "col": 6,
              "line": 11,
              "offset": 121
            },
            "start": {
              "col": 5,
              "line": 11,
              "offset": 120
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 11,
        "offset": 120
      }
    },
    {
      "check_id": "eqeq-five",
      "end": {
        "col": 11,
        "line": 15,
        "offset": 163
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "fix": "(x == 2)",
        "fixed_lines": [
          "    (x == 2)"
        ],
        "is_ignored": false,
        "lines": "    x == 5",
        "message": "useless comparison to 5",
        "metadata": {
          "dev.semgrep.actions": [],
          "semgrep.dev": {
            "rule": {
              "rule_id": "abcd",
              "shortlink": "https://sg.run/abcd",
              "url": "https://semgrep.dev/r/python.eqeq-five",
              "version_id": "version1"
            },
            "src": "unchanged"
          },
          "source": "https://semgrep.dev/r/eqeq-five"
        },
        "metavars": {
          "$X": {
            "abstract_content": "x",
            "end": {
              "col": 6,
              "line": 15,
              "offset": 158
            },
            "start": {
              "col": 5,
              "line": 15,
              "offset": 157
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 15,
        "offset": 157
      }
    },
    {
      "check_id": "eqeq-four",
      "end": {
        "col": 13,
        "line": 19,
        "offset": 227
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    baz == 4",
        "message": "useless comparison to 4",
        "metadata": {
          "dev.semgrep.actions": [
            "block"
          ],
          "semgrep.dev": {
            "rule": {
              "rule_id": "abce",
              "shortlink": "https://sg.run/abcd",
              "url": "https://semgrep.dev/r/python.eqeq-five",
              "version_id": "version2"
            },
            "src": "new-version"
          },
          "source": "https://semgrep.dev/r/eqeq-four"
        },
        "metavars": {
          "$X": {
            "abstract_content": "baz",
            "end": {
              "col": 8,
              "line": 19,
              "offset": 222
            },
            "start": {
              "col": 5,
              "line": 19,
              "offset": 219
            }
          }
        },
        "severity": "ERROR",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 19,
        "offset": 219
      }
    },
    {
      "check_id": "taint-test",
      "end": {
        "col": 13,
        "line": 27,
        "offset": 365
      },
      "extra": {
        "dataflow_trace": {
          "intermediate_vars": [
            {
              "content": "d2",
              "location": {
                "end": {
                  "col": 7,
                  "line": 26,
                  "offset": 343
                },
                "path": "foo.py",
                "start": {
                  "col": 5,
                  "line": 26,
                  "offset": 341
                }
              }
            }
          ],
          "taint_sink": [
            "CliLoc",
            [
              {
                "end": {
                  "col": 13,
                  "line": 27,
                  "offset": 365
                },
                "path": "foo.py",
                "start": {
                  "col": 5,
                  "line": 27,
                  "offset": 357
                }
              },
              "sink(d2)"
            ]
          ],
          "taint_source": [
            "CliLoc",
            [
              {
                "end": {
                  "col": 16,
                  "line": 26,
                  "offset": 352
                },
                "path": "foo.py",
                "start": {
                  "col": 10,
                  "line": 26,
                  "offset": 346
                }
              },
              "danger"
            ]
          ]
        },
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "    sink(d2)",
        "message": "unsafe use of danger",
        "metadata": {
          "dev.semgrep.actions": [
            "block"
          ],
          "semgrep.dev": {
            "rule": {
              "rule_id": "abcf",
              "shortlink": "https://sg.run/abcd",
              "url": "https://semgrep.dev/r/python.eqeq-five",
              "version_id": "version1"
            },
            "src": "new-rule"
          },
          "source": "https://semgrep.dev/r/taint-test"
        },
        "metavars": {
          "$X": {
            "abstract_content": "d2",
            "end": {
              "col": 12,
              "line": 27,
              "offset": 364
            },
            "propagated_value": {
              "svalue_abstract_content": "danger",
              "svalue_end": {
                "col": 16,
                "line": 26,
                "offset": 352
              },
              "svalue_start": {
                "col": 10,
                "line": 26,
                "offset": 346
              }
            },
            "start": {
              "col": 10,
              "line": 27,
              "offset": 362
            }
          }
        },
        "severity": "WARNING",
        "validation_state": "NO_VALIDATOR"
      },
      "path": "foo.py",
      "start": {
        "col": 5,
        "line": 27,
        "offset": 357
      }
    },
    {
      "check_id": "supply-chain1",
      "end": {
        "col": 1,
        "line": 2,
        "offset": 0
      },
      "extra": {
        "engine_kind": "OSS",
        "fingerprint": "0x42",
        "is_ignored": false,
        "lines": "name = \"badlib\"",
        "message": "found a dependency",
        "metadata": {
          "dev.semgrep.actions": [],
          "sca-kind": "upgrade-only",
          "source": "https://semgrep.dev/-/advisories/supply-chain1"
        },
        "metavars": {},
        "sca_info": {
          "dependency_match": {
            "dependency_pattern": {
              "ecosystem": "pypi",
              "package": "badlib",
              "semver_range": "== 99.99.99"
            },
            "found_dependency": {
              "allowed_hashes": {},
              "children": [],
              "ecosystem": "pypi",
              "line_number": 2,
              "lockfile_path": "poetry.lock",
              "package": "badlib",
              "transitivity": "unknown",
              "version": "99.99.99"
            },
            "lockfile": "poetry.lock"
          },
          "reachability_rule": false,
          "reachable": false,
          "sca_finding_schema": 20220913
        },
        "severity": "ERROR"
      },
      "path": "poetry.lock",
      "start": {
        "col": 1,
        "line": 2,
        "offset": 0
      }
    }
  ],
  "skipped_rules": [],
  "subprojects": [
    {
      "dependency_sources": [
        "yarn.lock"
      ],
      "resolved": true,
      "resolved_stats": {
        "dependency_count": 1,
        "ecosystem": "npm",
        "resolution_method": "LockfileParsing"
      }
    },
    {
      "dependency_sources": [
        "poetry.lock"
      ],
      "resolved": true,
      "resolved_stats": {
        "dependency_count": 3,
        "ecosystem": "pypi",
        "resolution_method": "LockfileParsing"
      }
    }
  ],
  "time": "<masked in tests>",
  "version": "0.42"
}
=== end of stdout - plain

=== stderr - plain


┌────────────────┐
│ Debugging Info │
└────────────────┘

  SCAN ENVIRONMENT
  versions    - semgrep <MASKED> on python <MASKED>
  environment - running in environment git, triggering event is unknown

  CONNECTION
  Initializing scan (deployment=org_name, scan_id=12345)
  Enabled products: Code, Supply Chain

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 4 files tracked by git with 4 Code rules, 3 Supply Chain rules:


  CODE RULES
  Scanning 1 file with 4 python rules.

  SUPPLY CHAIN RULES
  Scanning 1 file and 2 dependency sources.

  Dependency Sources   Resolution Method   Ecosystem   Dependencies   Rules
 ───────────────────────────────────────────────────────────────────────────
  poetry.lock          Lockfile            Pypi        3                  1
  yarn.lock            Lockfile            Npm         1                  2

  Uploading scan results
  Finalizing scan

┌──────────────┐
│ Scan Summary │
└──────────────┘
✅ CI scan completed successfully.
 • Findings: 8 (6 blocking)
 • Rules run: 7
 • Targets scanned: 3
 • Parsed lines: ~100.0%
 • Scan was limited to files tracked by git
 • For a detailed list of skipped files and lines, run semgrep with the --verbose flag
CI scan completed successfully.
  View results in Semgrep Cloud Platform:
    https://semgrep.dev/orgs/org_name/findings?repo=local_scan/checkout_project_name&ref=some/branch-name
    https://semgrep.dev/orgs/org_name/supply-chain/vulnerabilities?repo=local_scan/checkout_project_name&ref=some/branch-name
  Has findings for blocking rules so exiting with code 1
Test Reason

=== end of stderr - plain

=== stdout - color
<same as above: stdout - plain>
=== end of stdout - color

=== stderr - color
<same as above: stderr - plain>
=== end of stderr - color