semgrep/semgrep v0.20.0

Release v0.20.0

on GitHub

0.20.0 - 2020-08-18

Added

• Support for JSX tag metavariables (e.g., <$TAG />) and ellipsis inside
  JSX attributes (e.g., )
• By default Semgrep treats explicitly passed files with unknown extension as possibly any language and so runs all rules on said files. Add a flag --skip-unknown-extensions so that Semgrep will treat these files as if they matched no language and will so run no rules on them. Link: PR

Fixed

• Python patterns do not have to end with a newline anymore.
• Pattern $X = '...'; in JavaScript matches var $X = '...'. Additionally, semicolon is no longer required to match. Link: Issue; Link: Example
• In JavaScript, can now match destructured object properties inside functions. Link: Issue; Link: Example
• Java annotations can be matched with fully qualified names. Link: Issue; Link: Example
• Ensure /src exists in Dockerfile; Link: PR