v0.4.0
What's Changed
- Add inline ignore comments for code findings by @peaktwilight in #4
- Bump vite from 7.3.1 to 7.3.2 in /www by @dependabot[bot] in #6
- Bump defu from 6.1.4 to 6.1.7 in /www by @dependabot[bot] in #5
- Resolve Python import aliases in sink-matching rules (#7) by @peaktwilight in #11
- Add LoC metric and larger-corpus target to benchmarks (#8) by @peaktwilight in #12
- Add intraprocedural taint engine and first Python taint rule (refs #10) by @peaktwilight in #13
- Taint engine: wire up sanitizer support (refs #16) by @peaktwilight in #20
- Taint engine: nested subscripts and tuple destructuring (refs #15) by @peaktwilight in #21
- Add py/taint-* rules for eval, command injection, SSRF, yaml.load, SQL (refs #14) by @peaktwilight in #22
- Semgrep-compatible YAML bridge for taint rules (refs #17) by @peaktwilight in #23
- Taint engine: port to JavaScript/TypeScript with js/taint-xss-innerhtml (refs #18) by @peaktwilight in #24
- Publish per-rule precision methodology and false-positive footprint (refs #9) by @peaktwilight in #25
- Taint engine: same-file interprocedural return propagation (refs #19) by @peaktwilight in #26
- Semgrep taint YAML bridge: support pattern-either in source/sink/sanitizer blocks (refs #33) by @peaktwilight in #36
- Tooling: auto-generate www/src/data/rules.ts from Rust rule registry (refs #34) by @peaktwilight in #37
- Taint: add Django, FastAPI/Starlette, and CLI sources for Python (refs #29, #30) by @peaktwilight in #38
- Taint engine: method call propagation and f-string interpolation (refs #27, #28) by @peaktwilight in #39
- Taint: add Next.js, Hono, Fastify, SvelteKit, Deno sources to JS taint (refs #32) by @peaktwilight in #40
- Add realistic test corpus under tests/fixtures/realistic/ (refs #35) by @peaktwilight in #41
- Taint engine: propagate taint through binary + on strings (refs #42) by @peaktwilight in #43
- Taint engine: port to Go with go/taint-* rules (refs #31) by @peaktwilight in #44
New Contributors
- @dependabot[bot] made their first contribution in #6
Full Changelog: v0.3.3...v0.4.0
Contributors
dependabot and peaktwilight