0.77.0 - 12-16-2021
Added
- New language Solidity with experimental support.
- Scala: Patterns like List(...) now correctly match against patterns in code
- A default set of .semgrepignore patterns (in semgrep/templates/.semgrepignore) are now used if no .semgrepignore file is provided
- Java: Ellipsis metavariables can now be used for parameters (#4420)
semgrep loginandsemgrep logoutcommands to save api token
Fixed
- Go: fixed bug where using an ellipsis to stand for a list of key-value pairs
would sometimes cause a parse error - Scala: Translate definitions using patterns like
val List(x,y,z) = List(1,2,3)to the generic AST - Allow name resolution on imported packages named just vN, where N is a number
- The -json option in semgrep-core works again when used with -e/-f
- Python: get the correct range when matching comprehension (#4221)
- Python and other languages: allow matches of patterns containing
non-ascii characters, but still with possibly many false positives (#4336) - Java: parse correctly constructor method patterns (#4418)
- Address several autofix output issues (#4428, #3577, #3338) by adding per-
file line/column offset tracking
Changed
- Constant propagation is now a proper must-analysis, if a variable is undefined
in some path then it will be considered as non-constant - Dataflow: Only consider reachable nodes, which prevents some FPs/FNs
- Timing output handles errors and reports profiling times
- semgrep-core will log a warning when a worker process is consuming above 400 MiB
of memory, or reached 80% of the specified memory limit, whatever happens first.
This is meant to help diagnosing OOM-related crashes.