gitlab gitlab-org/security-products/analyzers/semgrep v4.11.0
on GitLab

latest releases: v5.19.0, v5.18.0, v5.17.0...
9 months ago
  • Update sast-rules version 2.0.10 (!365)
    • Update python/eval/rule-eval.yml to enhance eval detection, Python constant string parsing and reduce false positives
    • Update java/endpoint/rule-UnvalidatedRedirect.yml to use taint analysis mode, add sanitizers and rewrite message
    • Update python/snmp/rule-snmp_weak_cryptography.yml to add correct patterns
    • Update python/urlopen/rule-urllib_urlopen.yml to reduce false positives and exclude hard-coded strings.
    • Update java/strings/rule-BadHexConversion.yml to track taint in loops
    • Update go/file_permissions/rule-fileperm.yml with more sensible mask permissions
    • Rename go/filesystem/rule-filereadtaint.yml to go/filesystem/rule-fileread.yml and convert to taint mode to reduce false positives
    • Rename go/filesystem/rule-dirtraversal.yml to go/filesystem/rule-httprootdir.yml and use update the CWE from CWE-22 to CWE-552
    • Update go/filesystem/rule-tempfiles.yml with additional patterns
    • Update go/filesystem/rule-ziparchive.yml with additional patterns
    • Merge go/http/rule-slowloris.yml into go/http/rule-http-serve.yml
    • Update go/leak/rule-pprof-endpoint.yml with more applicable patterns
    • Remove go/memory/rule-math-big-rat.yml this flaw only affects older Go versions
    • Update go/network/rule-bind-to-all-interfaces.yml with a better regex to match all bind interfaces
    • Update csharp/csrf/rule-Csrf.yml with additional pattern-not constraints to reduce false positives
    • Add and update OWASP 2017 and OWASP 2021 mappings to all C rules
    • Update java/cookie/rule-HttpResponseSplitting.yml with fixed regex to match CR LF characters and add more sources
    • Update java/file/rule-FileUploadFileName.yml with better description text and improved patterns
    • Rename python/ssh/rule-ssl-nohost-key-verification.py to python/ssh/rule-ssh-nohost-key-verification.py
    • Update csharp/password/rule-PasswordComplexity.yml to match on the correct password setting values
    • Rename python/urlopen/rule-urllib-urlopen1.yml to python/urlopen/rule-urllib-urlopen.yml and update with additional patterns
Check out latest releases or
releases around gitlab-org/security-products/analyzers/semgrep v4.11.0

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications