You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pre-alpha support for Dockerfile as a new target language
Semgrep is now able to symbolically propagate simple definitions. E.g., given
an assignment x = foo.bar() followed by a call x.baz(), Semgrep will keep
track of x's definition, and it will successfully match x.baz() with a
pattern like foo.bar().baz(). This feature should help writing simple yet
powerful rules, by letting the dataflow engine take care of any intermediate
assignments. Symbolic propagation is still experimental and it is disabled by
default, it must be enabled in a per-rule basis using options: and setting symbolic_propagation: true. (#2783, #2859, #3207)
--verbose outputs a timing and file breakdown summary at the end
metavariable-comparison now handles metavariables that bind to arbitrary
constant expressions (instead of just code variables)
Fixed
Rust: inner attributes are allowed again inside functions (#4444) (#4445)
Python: return statement can contain tuple expansions (#4461)
metavariable-comparison: do not throw a Not_found exn anymore (#4469)
better ordering of match results with respect to captured
metavariables (#4488)