Added
- Improved filtering of rules based on file content (important speedup
for nodejsscan rules notably) - Semgrep CLI now respects .semgrepignore files
- Java: support ellipsis in generics, e.g.,
class Foo<...>(#4335)
Fixed
- Java: class patterns not using generics will match classes using generics
(#4335), e.g.,class $X { ...}will now matchclass Foo<T> { } - TS: parse correctly type definitions (#4330)
- taint-mode: Findings are now reported when the LHS of an access operator is
a sink (e.g. as in$SINK->method), and the LHS operand is a tainted
variable (#4320) - metavariable-comparison: do not throw a NotHandled exn anymore (#4328)
- semgrep-core: Fix a segmentation fault on Apple M1 when using
-filter_irrelevant_ruleson rules with very largepattern-eithers (#4305) - Python: generate proper lexical exn for unbalanced braces (#4310)
- YAML: fix off-by-one in location of arrays
Changed
- semgrep-core: Log messages are now tagged with the process id
- Optimization: change bloom filters to use sets, move location of filter
- Reduced the size of
--debugdumps - Given
--outputSemgrep will no longer print search results to stdout,
but it will only save/post them to the specified file/URL