On this page
September 2021 Version 0.67.0 Additions Support for break and continue in the dataflow engine Support for switch statements in the dataflow engine Fixes Fix CFG dummy nodes to always connect to exit node Deep ellipsis <... x ...> now matches sub-expressions of statements Ruby: treat 'foo' as a function call when alone on its line (#3811 ) Fixed bug in semgrep-core's -filter_irrelevant_rules causing Semgrep to incorrectly skip a file (#3755 ) PHP: allows more keywords as valid field names (#3954 ) Changes Taint no longer analyzes dead/unreachable code Improve error message for segmentation faults/stack overflows Attribute-expression equivalence that allows matching expression patterns against attributes, it is enabled by default but can be disabled via rule options: with attr_expr: false (#3489 ) Improved Kotlin parsing from 35% to 77% on our Kotlin corpus Version 0.66.0 Additions Fixes Dataflow: Recognize "concat" method and interpret it in a language-dependent manner (#3316 ) PHP: allows certain keywords as valid field names (#3907 ) Changes Constant propagation now assumes that void methods may update the callee (#3316 ) Add rule message to emacs output (#3851 ) Show stack trace on fatal errors (#3876 ) Various changes to error messages (#3827 ) Version 0.65.0 Additions Allow autofix using the command line rather than only with the fix: YAML key Fixes Taint detection with ternary ifs (#3778 ) Fixed corner-case crash affecting the pattern: $X optimization ("empty And; no positive terms in And") PHP: Added support for parsing labels and goto (#3592 ) PHP: Parse correctly constants named PUBLIC or DEFAULT (#3589 ) Go: Added type inference for struct literals (#3622 ) Fix semgrep-core crash when a cache file exceeds the file size limit Sped up Semgrep interface with tree-sitter parsing Changes Grouped semgrep CLI options and added constraints when useful (e.g., cannot use --vim and --emacs at the same time) Version 0.64.0 Additions Enable associative matching for string concatenation (#3741 ) Fixes Java: separate import static from regular imports during matching (#3772 ) Taint mode will now benefit from semgrep-core's -filter_irrelevant_rules Taint mode should no longer report duplicate matches (#3742 ) Only change source directory when running in docker context (#3732 ) Changes Add logging on failure to git ls-files (#3777 )