github semgrep/semgrep v1.25.0
Release v1.25.0

latest releases: v1.96.0, v1.95.0, v1.94.0...
17 months ago

1.25.0 - 2023-06-06

Added

  • aliengrep: new option 'generic_caseless' to achieve case-insensitive matching (gh-7883)
  • Semgrep now includes heuristics based on the Java standard library and common naming patterns. These allow Semgrep to determine the types of more expressions in Java, for use with typed metavariables (https://semgrep.dev/docs/writing-rules/pattern-syntax/#typed-metavariables). (heuristics)
  • Language server now supports search (and replace) with semgrep patterns through semgrep/search (ls-search)
  • Language Server will now notify users of errors, and reason for crash (pa-2791)

Fixed

  • Pro (taint analysis): Check function calls without parameters or parenthesis in Ruby (gh-7787)
  • Aliengrep: ellipsis patterns that would be useless because of being placed
    at the extremity of a pattern (always) or a line (in single-mode) are now
    anchored to the beginning/end of input/line. For example, ... in multiline
    mode matches the whole input rather than matching nothing many times. (gh-7881)
  • Fixed bug in constant propagation that made Semgrep fail to compute the value of
    an integer constant when this was obtained via the multiplication of two other
    constants. (gh-7893)
  • Fix regexps potentially vulnerable to ReDoS attacks in Python code for parsing
    git URLs. Sets maximum length of git URLs to 1024 characters since parsing is
    still perceptibly slow on 5000-byte input. Reported by Sebastian Chnelik,
    PyUp.io. (gh-7943)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.