Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
LGPL-2.1 License
Bot releases are visible (Hide)
Published by github-actions[bot] almost 4 years ago
--config
Published by github-actions[bot] almost 4 years ago
generic
(#1968).Published by github-actions[bot] almost 4 years ago
Published by github-actions[bot] almost 4 years ago
--config https://semgrep.dev/p/r2c-ci
users can use --config p/r2c-ci
--config https://semgrep.dev/s/username:snippetname
--config username:snippetname
--test
will now error out if ruleid
or ok
is not in reported IDsnosem
findings from the final findings countPublished by github-actions[bot] almost 4 years ago
metavariable-comparison
operator for evaluating numeric comparisons on metavariable values, such as comparison: $KEY_SIZE < 2048
. This is a safe alternative to pattern-where-python
snippets. Check the full documentation of this feature!...
wildcard in JSX tags' attribute lists, such as <$TAG attr="1" ... />
function foo(...)
. This is useful to have cleaner match output when the body content doesn't matter in a rule. This works on JavaScript, TypeScript, and Java code currently.@SomeAnnot(...)
) in any context.$_GET
, which start with a dollar sign just like Semgrep metavariables, are now correctly interpreted as PHP code instead of Semgrep pattern code.isset(...)
in PHP look like function calls, but technically are not functions calls. Now you can match them anyway!this
, can now be captured into a metavariable.implements B
will now also match code that does implements A, B, C
.Published by github-actions[bot] about 4 years ago
--debug
flag and moved most of the output under --verbose
to it.--config
optionmessage
key are more complete.Published by github-actions[bot] about 4 years ago
Published by github-actions[bot] about 4 years ago
--junit-xml
)<... $X ...>
. See this example....
in PHP. (https://github.com/returntocorp/semgrep/issues/1715). See this example.var
assignments.tsx
and typescript
are now properly recognized in the languages
key. (https://github.com/returntocorp/semgrep/issues/1705)Published by github-actions[bot] about 4 years ago
--test
functionality now supports the --json
flagPublished by github-actions[bot] about 4 years ago
Published by github-actions[bot] about 4 years ago
pattern-regex
on arbitrary files. See this file for an example.'foo[$X]'
).'"=~/foo/"'
)'"=~/foo|bar/"'
instead of'"=~/foo\|bar/"'
). You can also use more advanced regexp features available'/i'
(e.g., "=~/foo/i"
).'^'
anchor"=~/^o+$/"
to check if a string contains only a sequence'o'
).Published by github-actions[bot] about 4 years ago
semgrep --validate
now includes more information,a, b = foo
,.mly
and .mll
files are no longer targeted implicitly by OCaml scans.--skip-unknown-extensions
flag skipping files even with recognized extensions.if (true) return;
,if (true) { return; }
.Published by github-actions[bot] about 4 years ago
--skip-unknown-extensions
so that Semgrep will treat these files as if they matched no language and will so run no rules on them. Link: PR
$X = '...';
in JavaScript matches var $X = '...'
. Additionally, semicolon is no longer required to match. Link: Issue; Link: Example
/src
exists in Dockerfile; Link: PR
Published by github-actions[bot] about 4 years ago
Published by github-actions[bot] about 4 years ago
--timeout-threshold
option to set the maximum number of times a file can timeout before it is skippedPublished by github-actions[bot] about 4 years ago
Match arbitrary content with f"..."
Performance improvements by filtering rules if file doesn't contain string needed for match
Match "OtherAttribute" attributes in any order
Support Python 3.8 self-documenting fstrings
--max-memory flag to set a maximum amount of memory that can be used to apply a rule to a file
Published by github-actions[bot] about 4 years ago
metavariable-regex
operator, which filters finding's by metavariable--timeout
flag to set maximum time a rule is applied to a filepattern-where-python
error messagesPublished by github-actions[bot] about 4 years ago
import "$X"
(mostPublished by github-actions[bot] over 4 years ago
Published by github-actions[bot] over 4 years ago
/home/repo
to /src
- this is alsoSEMGREP_SRC_DIRECTORY
environment variable--precommit
flag - this is no longer necessary after defaulting topre-commit
's code mount point /src