1.25.0 - 2023-06-06
Added
- aliengrep: new option 'generic_caseless' to achieve case-insensitive matching (gh-7883)
- Semgrep now includes heuristics based on the Java standard library and common naming patterns. These allow Semgrep to determine the types of more expressions in Java, for use with typed metavariables (https://semgrep.dev/docs/writing-rules/pattern-syntax/#typed-metavariables). (heuristics)
- Language server now supports search (and replace) with semgrep patterns through semgrep/search (ls-search)
- Language Server will now notify users of errors, and reason for crash (pa-2791)
Fixed
- Pro (taint analysis): Check function calls without parameters or parenthesis in Ruby (gh-7787)
- Aliengrep: ellipsis patterns that would be useless because of being placed
at the extremity of a pattern (always) or a line (in single-mode) are now
anchored to the beginning/end of input/line. For example,...in multiline
mode matches the whole input rather than matching nothing many times. (gh-7881) - Fixed bug in constant propagation that made Semgrep fail to compute the value of
an integer constant when this was obtained via the multiplication of two other
constants. (gh-7893) - Fix regexps potentially vulnerable to ReDoS attacks in Python code for parsing
git URLs. Sets maximum length of git URLs to 1024 characters since parsing is
still perceptibly slow on 5000-byte input. Reported by Sebastian Chnelik,
PyUp.io. (gh-7943)