Added
- Input can be derived from subshells:
semgrep --config ... <(...)
- Java: support '...' in catch (#4002)
Changed
- taint-mode: Sanitizers that match exactly a source or a sink are filtered out,
making it possible to use- pattern: $F(...)
for declaring that any other
function is a sanitizer - taint-mode: Remove built-in source
source(...)
and built-in sanitizer
sanitize(...)
used for convenience during early development, this was causing
some unexpected behavior in real code that e.g. had a function calledsource
! - Improved Kotlin parsing from 77% to 90% on our Kotlin corpus.
- Resolution of rulesets (i.e.
p/ci
) use new rule cdn and do client-side hydration - Set pcre recursion limit so it will not vary with different installations of pcre
- Better pcre error handling in semgrep-core
Fixed
- taint-mode: Fixed bug where a tainted sink could go unreported when the sink is
a specific argument in a function call - PHP: allows more keywords as valid field names (#3954)