pypi semgrep 0.101.0
Release v0.101.0

latest releases: 1.67.0, 1.66.2, 1.66.1...
21 months ago

0.101.0 - 2022-06-27

Added

  • Bash: Support for subshell syntax i.e. commands in parentheses (#5629)

Changed

Fixed

  • semgrep ci: CI runs were failing to checkout the PR head in GitHub Actions, which is
    corrected here.
  • TS: fixed the parsing of type predicates and typeof queries
  • Deep expression matching now works on HTML in JavaScript
  • taint-mode: Taint propagation via pattern-propagators now works correclty when the
    from or to metavariables match a function call. For example, given
    sqlBuilder.append(page.getOrderBy()), we can now propagate taint from
    page.getOrderBy() to sqlBuilder.
  • Will no longer print "files were not tracked by git" if not in a git repo
  • Will no longer print "Some files were skipped" if no files were skipped
  • Fixed bug where semgrep would crash in nonexistent directory (#4785)
  • taint-mode: Correctly propagate taint in for-each loops with typed iteration
    variables (as in Java or C#). If the iterator object is tainted, that taint will
    now be propagated to the iteration variable. This should fix some false negatives
    (i.e., findings not being reported) in the presence of for-each loops. (#5590)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.