Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
LGPL-2.1 License
Bot releases are hidden (Show)
Published by aryx over 1 year ago
Published by brendongo over 4 years ago
var $F = "hello"
will now match any of the following expressions:
var foo = "hello";
let bar = "hello";
const baz = "hello";
Print out --dump-ast
Print out version with --version
Allow ... in arrays
[..., 1]
will now match
[3, 2, 1]
Support Metavariable match on keyword arguments in python:
foo(..., $K=$B, ...)
will now match
foo(1, 2, bar=baz, 3)
Support constant propogation in f-strings in python:
$M = "..."
...
$Q = f"...{$M}..."
will now match
foo = "bar"
baz = f"qux {foo}"
Constant propogation in javascript:
api("literal");
will now match with any of the following:
api("literal");
const LITERAL = "literal";
api(LITERAL);
const LIT = "lit";
api(LIT + "eral");
const LIT = "lit";
api(`${LIT}eral`);
Deep statement matching:
Elipsis operator (...
) will also include going deeper in scope (i.e. if-else, try-catch, loop, etc.)
foo()
...
bar()
will now match
foo()
if baz():
try:
bar()
except Exception:
pass
Unified import resolution in python:
import foo.bar.baz
will now match any of the following statements:
import foo.bar.baz
import foo.bar.baz.qux
import foo.bar.baz as flob
import foo.bar.baz.qux as flob
from foo.bar import baz
from foo.bar.baz import qux
from foo.bar import baz as flob
from foo.bar.bax import qux as flob
Support for anonymous functions in javascript:
function() {
...
}
will now match
var bar = foo(
//matches the following line
function () { console.log("baz"); }
);
Support arrow function in javascript
(a) => { ... }
will now match:
foo( (a) => { console.log("foo"); });
foo( a => console.log("foo"));
// arrows are normalized in regular Lambda, so an arrow pattern
// will match also old-style anynonous function.
foo(function (a) { console.log("foo"); });
Python implicit string concatenation
$X = "..."
will now match
# python implicitly concatenates strings
foo = "bar" "baz" "qux"
Resolve alias in attributes and decorators in python
@foo.bar.baz
def $X(...):
...
will now match
from foo.bar import baz
@baz
def qux():
print("hello")
var {foo, bar} = qux;
will now match
var {bar, baz, foo} = qux;
var $F = {
two: 2,
one: 1
};
will now match both
var foo = {
two: 2,
one: 1
};
var bar = {
one: 1,
two: 2
};
Published by ievans over 4 years ago
Main features:
pattern: dangerous1("...")
will match:
const Bar = "password"
func foo() {
dangerous1(Bar);
}
pattern: import foo.bar.a2
matches code: from foo.bar import a1, a2
pattern: bar();
matches code: print(bar())
Full changelog:
With returntocorp/pfff#44, adds support for the following:
code: from foo.bar import a1, a2
pattern: import foo.bar.a2
We use the conversion to generic_ast to normalize code: from foo.bar import a1, a2 into:
from foo.bar import a1
from foo.bar import a2
Published by ievans over 4 years ago
Breaking change: Python is no longer the default language when using -e EXPR
.
Other changes: colored output, better config search, improvements to Golang, Javascript, and Java support.
Changelog:
Published by DrewDennison over 4 years ago
Fixes for Javascript parsing issues and issues observed on 1.5% of PyPi repos. Error rate is now 0.08% on PyPi, mainly out-of-memory errors.
Published by DrewDennison over 4 years ago
TODO
Published by DrewDennison over 4 years ago
Bugfixes for Java, Python, Golang, and Javascript as well as better error output when parsing YAML file syntax.
Published by DrewDennison over 4 years ago
Default output is one line per finding. use --json
to enable old/json output
Published by DrewDennison over 4 years ago
Add --generate-config
and other bug-fixes
Published by DrewDennison over 4 years ago
Version 0.4.0 released with support for golang, java, and boolean expressions in config files