-
semgrep目前规则都比较老了,现在更新规则只能自己新建工具来进行更新,有没有更优雅的方式
-
**Describe the bug**
Currently, Semgrep is looking for a
```
PREFIX = """\
# This is a Gradle generated file for dependency locking.
# Manual edits can break the build and are not advised.
# Th…
-
**Describe the bug**
Consider the rule:
```yaml
rules:
- id: "test"
languages:
- "csharp"
mode: taint
pattern-sources:
- patterns:
- pattern-inside: |
$RET $METHOD(.…
-
Anonymized python:
```python
class MyClass (
ABadClass, # nosemgrep: myrule
AnotherClass,
ADifferentClass,
): ...
```
Anonymized rule:
```yaml
- id: myrule
language…
-
https://semgrep.dev/playground/r/python.pymongo.security.mongodb.mongo-client-bad-auth?editorMode=advanced
this should be a pretty straight-forward fix transformer
-
**Describe the bug**
semgrep failed to parse some Lua files with correct syntax.
**To Reproduce**
Run semgrep for a file `src/box/lua/upgrade.lua` [^1].
```
Syntax error at line target.lu…
-
**What happened**:
Began looking at using horusec, specifically for some of its Dart scanning, but found docs to be out of date and community pages offline. Only beta for the past few releases, ver…
-
**Is your feature request related to a problem? Please describe.**
Semgrep returns a false positive for the Slack webhook sample URL `https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXX…
-
**Describe the bug**
When using a simple rule like `$X == $X`, Semgrep shows a match that does not follow the language operator precedence: https://docs.soliditylang.org/en/latest/cheatsheet.html
…
-
**Describe what change you would like** :
It would be good to have a section on static analysis in the implementation section, and add semgrep to the new section
**Context** :
Section: 07-imp…