semgrep/semgrep v1.55.2

Release v1.55.2

on GitHub

1.55.2 - 2024-01-05

Fixed

• taint-mode: Semgrep was missing some sources occurring inside type expressions,
  for example:

  char *p = new char[source(x)];
  sink(x);

  Now, if x is tainted by side-effect, Semgrep will check x inside the type
  expression char[...] and record it as tainting, and generate a finding for
  sink(x). (pa-3313)

• taint-mode: C/C++: Sanitization by side-effect was not working correctly for
  ptr->fld l-values. In particular, if ptr is tainted, and then ptr->fld is
  sanitized, Semgrep will now correctly consider ptr->fld as clean. (pa-3328)