0.4.8
Main features:
- Constant propagation for some langauges. Golang example:
pattern: dangerous1("...")
will match:
const Bar = "password"
func foo() {
dangerous1(Bar);
}
- Import matching equivalences
pattern: import foo.bar.a2
matches code: from foo.bar import a1, a2
- Deep expression matching - see (#264)
pattern: bar();
matches code: print(bar())
Full changelog:
- Add sgrep.live to readme
- refactor sgrep py (#221)
- cleanup imports, move config resolution to separate file (#222)
- add extra paths to check and also don't break just print out a helpful warning message
- improve parsing error for invalid types in valid yaml
- Update sgrep_lint/evaluation.py
- remove -r2c from ocaml sgrep core
-
- lib/generic_vs_generic.ml: collateral evolutions after the Name to Id vs IdQualified split in pfff/.../ast_generic.ml
- Basic constant propagation for constants!
- Add less_inheritance test for java, js, go (#237)
- Add less_inheritance test for java, js, go
- move tests to .TODO
- change the shape of evaluate expression to take a single expression (#233)
- use ellipsis in class body
- build sgrep lint separately (#254)
- Ie/bugfix evaluation (#257)
- eagerly intersect ranges for ANDed children (fixes bugs with where-python)
- move test.py into sgrep lint (#256)
- Add ellipsis into java class/enum/interface body
- Test examples showing name resolution for locals is now working for Go (#253)
- Feature/generic import matching (#249)
With semgrep/pfff#44, adds support for the following:
code: from foo.bar import a1, a2
pattern: import foo.bar.a2
We use the conversion to generic_ast to normalize code: from foo.bar import a1, a2 into:
from foo.bar import a1
from foo.bar import a2