Release Release v0.57.0 · semgrep/semgrep

new options: field in a YAML rule to enable/disable certain features
(e.g., constant propagation). See https://github.com/returntocorp/semgrep/blob/develop/semgrep-core/src/core/Config_semgrep.atd
for the list of available features one can enable/disable.
Capture groups in pattern-regex: in $1, $2, etc. (#3356)
Support metavariables inside atoms (e.g., foo(:$ATOM))
Support metavariables and ellipsis inside regexp literals
(e.g., foo(/.../))
Associative-commutative matching for bitwise OR, AND, and XOR operations
Add support for $...MVAR in generic patterns
Add support for $...MVAR in generic patterns.
metavariable-pattern: Add support for nested Spacegrep/regex/Comby patterns
C#: support ellipsis in method parameters (#3289)

C#: parse __makeref, __reftype, __refvalue (#3364)
Java: parsing of dots inside function annotations with brackets (#3389)
Do not pretend that short-circuit Boolean AND and OR operators are commutative (#3399)
metavariable-pattern: Fix crash when nesting a non-generic pattern within
a generic rule
metavariable-pattern: Fix parse info when matching content of a metavariable
under a different language
generic mode on Markdown files with very long lines will now work (#2987)

generic mode: files that don't look like nicely-indented programs
are no longer ignored, which may cause accidental slowdowns in setups
where excessively large files are not excluded explicitly (#3418).
metavariable-comparison: Fix crash when comparing integers and floats
Do not filter findings with the same range but different metavariable bindings (#3310)
Set parsing_state.have_timeout when a timeout occurs (#3438)
Set a timeout of 10s per file (#3434)
Improvements to contributing documentation (#3353)
Memoize getting ranges to speed up rules with large ranges
When anded with other patterns, pattern: $X will not be evaluated on its own, but will look at the context and find $X within the metavariables bound, which should be significantly faster

Provide feedback