-
I'm opening this issue following up on [this slack thread](https://semgrep.slack.com/archives/CK86BJ5DW/p1732024577158309)
When using the vscode extension, I saw that `shortlink` was used in the pr…
-
We're moving most of the codebase to custom error messages but there will still be plenty of places like scripts and tests where `require` gets used instead.
@jsvisa has a nice PR open (#12702) th…
-
I'm behind an inspecting proxy and having this issue running semgrep in VSCode and already have the `REQUESTS_CA_BUNDLE` exported, as well as `CERT_PATH`, `CERT_DIR`, `SSL_CERT_FILE`, `SSL_CERT_DIR` a…
-
**Describe the bug**
Rules trying to match a macro definition won't match.
**To Reproduce**
I have [prepared a MRE](https://semgrep.dev/playground/r/gxU3Kvn/juan_bellon_tiobe_com.macro-blocks-tro…
-
Semgrep does not working properly with Intellij IDEA 2024.1.6
The following errors are follow:
Semgrep: Refused to set unsafe header "host"
 **Rule name:** semgrep_public_rules.0xdea.generic.raptor-bad-words *…
-
**Describe the bug**
It seems semgrep's handling of `export default ...` in JS doesn't match my expectations.
Given the following code:
**test.js**
```js
function Breadcrumb({ id }) {
.…
-
**Describe the bug**
In semgrep release **v1.58.0**, the following 2 x BASH rules (using latest commit: 57cb8aa01da7bcc180e16193dd5e55ae15b15de3) fail with the following example line of bash script:
…
-
https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2195
```
Hi, recently I work on a collection of Semgrep rules to cover the static tests described by the OWASP MASTG.
This is the o…
-
**Describe the bug**
Kotlin supports annotations for classes, functions etc to add metadata. Semgrep fails to parse/detect these annotations properly. A simple pattern like below is unable to correct…