semgrep 1.26.0

Release v1.26.0

on Python PyPI

1.26.0 - 2023-06-09

Added

• In Java, Semgrep can now track taint through more getters and setters. It could already relate setters to getters (e.g. o.setX(taint); o.getX() but now it can relate setters and getters to properties (e.g. o.setX(taint); o.x). (getters)
• taint-mode: Added experimental options taint_assume_safe_booleans and
  taint_assume_safe_numbers to avoid propagating taint coming from expressions
  with Boolean or number (integer, float) types. (pa-2777)

Fixed

• swift: Support if let shorthand for shadowing an existing optional variable. (gh-7583)
• Elixir: fix the string extraction used for -filter_irrelevant_rules (gh-7855)
• Fixed comparison of taint information that was causing duplicate taints to be tracked.
  Interfile analysis on large repos will see a small speedup. (misc-1)
• taint-mode: Fixed performance regression in 1.24.0 that affected taint rules. (pa-2777-1)
• Fix a recent regression that caused failures to match in certain cases that combined metavariable-regex and typed metavariables which themselves contain metavariables (e.g. in Go ($X: $T) with a metavariable-regex operating on $T). (pa-2822)
• Gomod comments: fix parsing comments that end in ')' (sc-716)