pypi semgrep 0.116.0
Release v0.116.0
on Python PyPI

latest releases: 1.90.0, 1.89.0, 1.88.0...
24 months ago

0.116.0 - 2022-10-06

Added

  • Added support for named arguments in taint tracking. This is only relevant for DeepSemgrep users. (pa-1886)

Changed

  • Change default behavior of Jenkins CI configurations. If a user manually sets their environment variables (i.e. SEMGREP_BRANCH, SEMGREP_JOB_URL, SEMGREP_COMMIT), use it before falling back on autodetection. (app-2432)
  • Change default behavior of Azure Pipelines configurations. If a user manually sets their environment variables (i.e. SEMGREP_REPO_NAME, SEMGREP_REPO_URL, SEMGREP_BRANCH, SEMGREP_JOB_URL, SEMGREP_COMMIT), use it before falling back on autodetection. (app-2433)
  • taint-mode: Removed experimental poor-man's support for wrapper functions around
    taint sources. This was an early experiment to make Semgrep inter-procedural, but
    it was later abandoned in favor of DeepSemgrep. (pa-1838)
  • Disabled Bloom filter optimization by default, due to undesired interactions with
    constant and symbolic propagation, while it appears to not provide a net major
    performance benefit (nowadays). If you do notice a significant drop in performance
    after this change, please let us know. (pa-1927)
  • Semgrep-core will no longer accept a rule file containing only one rule object,
    rules must be given in an array unde the rules: key. This change does not
    affect Semgrep CLI which never accepted that relaxed format. (pa-1931)
  • Changed command line flag for supply chain scans from --sca to --supply-chain.
    Correspondinly changed --config sca to --config supply-chain (sca-ssc)

Fixed

  • Change default behavior of Jenkins CI configurations. If the SEMGREP_REPO_URL is set, use it. Otherwise, default to autodetection. (app-2406)
  • fix: Ensure the docker image uses the latest base packages (docker)
  • Fixed symbolic propagation of the new operator, that had been broken since
    version 0.98.0. You can again e.g. use the pattern new A().foo() to match
    a.foo(), with a = new A(). (gh-6161)
  • Some crypto code like hashing algorithms can lead to a very large amount of
    symbolically propageted values, which previously caused Semgrep's Bloom filter
    to hang. (pa-1920)
  • taint-mode: It is now possible for this or this.x to be a source of taint. (pa-1929)
  • taint-mode: Fixed a bug that made Semgrep miss taint findings when the sink was
    located inside an if condition or a throw (aka raise) expression/statement. (pa-1933)
Check out latest releases or
releases around semgrep 0.116.0

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications