August 2021
· 2 min read
The following updates were made to Semgrep in August 2021.
Version 0.63.0
Additions
- C#: support ellipsis in declarations (#3720)
Fixes
- Hack: improved support for metavariables (#3716)
- Dataflow: Disregard type arguments but not the entire instruction
Changes
- Optimize ending ... in pattern-insides to simply match anything left
Version 0.62.0
Additions
- OCaml: support module aliasing, so looking for List.map will also find code that renamed List as L via module L = List.
- Add help text to sarif formatter output if defined in metadata field.
- Update shortDescription in SARIF formatter output if defined in metadata field.
- Add tags as defined in metadata field in addition to the existing tags.
Fixes
- core: fix parsing of numeric literals in rule files
- Java: fix the range and autofix of Cast expressions (#3669)
- Generic mode scanner no longer tries to open submodule folders as files (#3701)
- pattern-regex with completely empty files (#3705)
- --sarif exit code with suppressed findings (#3680)
- Fixed fatal errors when a pattern results in a large number of matches
- Better error message when rule contains empty pattern
Changes
- Add backtrace to fatal errors reported by semgrep-core
- Report errors during rule evaluation to the user
- When and-ed with other patterns, pattern: $X will not be evaluated on its own, but will look at the context and find $X within the metavariables bound, which should be significantly faster