-
**Describe the bug**
As seen in the playground URL: https://semgrep.dev/playground/s/dpnishant:regex-escaping-bug I'm not able to match the literal `*` with a regex like `\*` in python language. Howe…
-
**Describe the bug**
`metavariable-regex` behaves differently based on indentation. If no indents are used and the clause looks like this,
```yaml
regex: (?i)(request)
```
it works as expec…
-
**Describe the bug**
**To Reproduce**
https://semgrep.dev/playground/s/msorens:embedded-quotes
**Expected behavior**
All tests should pass.
**Screenshots**
**What is the priority o…
-
Some of the tests in `semgrep/cli`, such as `tests/e2e/test_baseline.py`, require that `/usr/bin/git` exist and be at least version 2.30. If `/usr/bin/git` is too old:
```
semgrep/cli$ pytest tes…
-
**Describe the bug**
In my test, `eval` could not be matched by metavariable in javascript.
But I do not test this in other languages and I do not test other functions. **Please fix if there's somet…
-
**Describe the bug**
Python slicing (for substrings, etc) does not seem to be handled for rules in taint mode.
**To Reproduce**
https://semgrep.dev/playground/s/Q3x4
**Expected behavior**…
-
Goal: detect unsafe URL injections
For example, `https://example.com/$X` would be considered safe regardless of the origin of `$X` but `https://example$X.com/home` is considered unsafe if `$X` is t…
-
This requires that `$MVAR` binds to a string, otherwise it simply evaluates to false:
```yaml
- metavariable-pattern:
metavariable: $MVAR
language: LANG
pattern: PAT
…
-
https://semgrep.dev/s/AzbL
The wrapper function taint propagation detection failed, should match the route3 function (line 17)
-
**Is your feature request related to a problem? Please describe.**
Inspired by this [Stack Overflow question](https://stackoverflow.com/questions/70097987/semgrep-rule-to-validate-djangos-foreignkey-…