Added
- The
-j/--jobsflag for specifying number of subprocesses to use to run checks in parallel. - expression statements will now match by default also return statements
will now matchfoo();return foo();
- You can now use regexps for field names:
will now matchvar $X = {"=~/[lL]ocation/": $Y};var x = {"Location": 1};
- Add severity to json output and prepend the rule line with it. Color yellow if
WARNING, and red ifERROR. e.g. WARNING rule:tests.equivalence-tests - For languages not allowing the dollar sign in identifiers (e.g., Python),
semgrep will return an error if your pattern contains an identifier
starting with a dollar that is actually not considered a metavariable
(e.g.,$x) - Support top level
metadatafield in rule.yaml. Entire metadata object is attached to
all things that match the rule when using json output format.
Changed
- Config files in hidden paths can now be used by explicitly specifying
the hidden path:semgrep --config some/hidden/.directory - Metavariables can now contain digits or
_.$USERS_2is now
a valid metavariable name. A metavariable must start with a letter
or_though. - Simple calls of the
semgrepCLI, such assemgrep --version, are now 60% faster. - Display autofix suggestion in regular and json output mode.
- Update command line help texts.
Fixed
- Correctly parse
f"{foo:,f}"in Python - Correctly parse Python files where the last line is a comment