semgrep 0.78.0

Release v0.78.0

on Python PyPI

Added

• Pre-alpha support for Dockerfile as a new target language
• Semgrep is now able to symbolically propagate simple definitions. E.g., given
  an assignment x = foo.bar() followed by a call x.baz(), Semgrep will keep
  track of x's definition, and it will successfully match x.baz() with a
  pattern like foo.bar().baz(). This feature should help writing simple yet
  powerful rules, by letting the dataflow engine take care of any intermediate
  assignments. Symbolic propagation is still experimental and it is disabled by
  default, it must be enabled in a per-rule basis using options: and setting
  symbolic_propagation: true. (#2783, #2859, #3207)
• --verbose outputs a timing and file breakdown summary at the end
• metavariable-comparison now handles metavariables that bind to arbitrary
  constant expressions (instead of just code variables)

Fixed

• Rust: inner attributes are allowed again inside functions (#4444) (#4445)
• Python: return statement can contain tuple expansions (#4461)
• metavariable-comparison: do not throw a Not_found exn anymore (#4469)
• better ordering of match results with respect to captured
  metavariables (#4488)