pypi semgrep 1.55.2
Release v1.55.2

latest releases: 1.95.0, 1.94.0, 1.93.0...
10 months ago

1.55.2 - 2024-01-05

Fixed

  • taint-mode: Semgrep was missing some sources occurring inside type expressions,
    for example:

    char *p = new char[source(x)];
    sink(x);

    Now, if x is tainted by side-effect, Semgrep will check x inside the type
    expression char[...] and record it as tainting, and generate a finding for
    sink(x). (pa-3313)

  • taint-mode: C/C++: Sanitization by side-effect was not working correctly for
    ptr->fld l-values. In particular, if ptr is tainted, and then ptr->fld is
    sanitized, Semgrep will now correctly consider ptr->fld as clean. (pa-3328)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.