pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
semgrep{,-core}: Update to 0.111.1
Module Name: pkgsrc-wip
Committed By: Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By: leot
Date: Wed Aug 24 20:35:34 2022 +0200
Changeset: 1f0cd5f0031e903574c4d0e7c226bebad5f7735b
Modified Files:
semgrep-core/Makefile
semgrep/Makefile
semgrep/PLIST
semgrep/distinfo
Log Message:
semgrep{,-core}: Update to 0.111.1
Changes:
0.111.1
-------
Changed
* Previously, the following error message appears when metrics are not
uploaded within the set timeout timeframe:
Error in send: HTTPSConnectionPool(host='metrics.semgrep.dev', port=443): Read timed out. (read timeout=3)
As this causes users confusion when running the CLI, the log level of the
message is reduced to appear for development and debugging purposes only.
Note that metrics are still successfully uploaded, but the success status
is not sent in time for the curent timeout set. (app-1398)
Fixed
* taint-mode: Fixed the translation from Generic to IL for expressions like
"some string".concat(x). Previously, when x was tainted, the concat
expression was not recognized as tainted and this caused false negatives. (
pa-1787)
0.111.0
-------
Added
* Introduced experimental support for Swift (gh-2232)
* Add configuration options for using a tree-sitter library installed
anywhere
on the system. (gh-5944)
* Updated the supply chain finding API:
+ The API is now typed and defined entirely in semgrep_output_v0.atd
+ Supply chain findings now have only one dependency match, not a list,
and only one resolved url
+ Supply chain findings now have a field called reachable and
reachability_rule,
which indicate if the finding is reachable, and whether or not it was
generated
by a reachability rule (rule that had a semgrep pattern)
+ Supply chain findings now include a schema version
+ The complete finding information sent to semgrep app now includes a
mapping from lockfile
paths to the number of dependencies that were present in that lockfile
(sca-197)
Fixed
* When a YAML rule file had a string that contained an ISO timestamp, that
would be parsed as a datetime object, which would then be rejected by
Semgrep's rule schema validator. This is now fixed by keeping strings that
contain an ISO timestamp as strings. (app-2157)
* When parsing PHP with tree-sitter, parse $this similar to pfff, as an
IdSpecial. This makes it possible to match $this when the pattern is parsed
with pfff and the program with tree-sitter. (gh-5594)
* Parse die() as exit() in tree-sitter PHP. This makes pfff and tree-sitter
parse die() in the same way. (gh-5880)
* All: Applied a fix so that qualified identifiers can unify with
metavariables. Notably, this
affected Python decorators, among others. (pa-1700)
* Fixed a regression in DeepSemgrep after the experimental taint labels
feature
was introduced in 0.106.0. This prevented DeepSemgrep from reporting taint
findings when e.g. the sink was wrapped by another function. (pa-1750)
* Fixed metavariable unification in JSON when one of the patterns is a single
field. (pa-1763)
* Changed symbolic propagation such that "redundant" matches are no
longer reported as findings. For instance:
def foo():
x = g(5)
f(x)
If we are looking for the pattern g(5), we should not match on line 3,
since we will match on line 2 anyways, and this is just repeating
information that
we already know.
This patch changes it so that we do not match on line 3 anymore. (pa-1772)
* Semgrep now passes -j to DeepSemgrep engine so --deep became noticeably
faster. (pa-1776)
* taint-mode: Due to a mistake in the instantiation of a visitor, named
function
definitions were being analyzed twice! This is now fixed and you may
observe
significant speed ups in some cases. (pa-1778)
* Extract mode: fixed a possible exception in normal usage introduced due to
changes in handling of search/taint rules. (pa-1786)
* Changed the fail-open message body (pm-194)
0.110.0
-------
Changed
* Parse several built-in PHP functions in the same way in pfff and
tree-sitter. This makes it possible to match exit, eval, empty and isset,
even if the pattern is parsed with pfff and the PHP file with tree-sitter.
(gh-5382)
Fixed
* Skip fail-open for exit code 1 (app-2073)
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=1f0cd5f0031e903574c4d0e7c226bebad5f7735b
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
semgrep-core/Makefile | 2 +-
semgrep/Makefile | 2 +-
semgrep/PLIST | 6 ------
semgrep/distinfo | 6 +++---
4 files changed, 5 insertions(+), 11 deletions(-)
diffs:
diff --git a/semgrep-core/Makefile b/semgrep-core/Makefile
index 4d81571d28..bb6e42ff9f 100644
--- a/semgrep-core/Makefile
+++ b/semgrep-core/Makefile
@@ -1,6 +1,6 @@
# $NetBSD$
-DISTNAME= semgrep-core-0.109.0
+DISTNAME= semgrep-core-0.111.1
PKGREVISION= 0
CATEGORIES= devel
MASTER_SITES= ${MASTER_SITE_GITHUB:=returntocorp/}
diff --git a/semgrep/Makefile b/semgrep/Makefile
index 5bcfae981d..7f0e640a73 100644
--- a/semgrep/Makefile
+++ b/semgrep/Makefile
@@ -1,6 +1,6 @@
# $NetBSD$
-DISTNAME= semgrep-0.109.0
+DISTNAME= semgrep-0.111.1
CATEGORIES= devel python
MASTER_SITES= ${MASTER_SITE_PYPI:=s/semgrep/}
diff --git a/semgrep/PLIST b/semgrep/PLIST
index ec36508109..2bdce4bcd8 100644
--- a/semgrep/PLIST
+++ b/semgrep/PLIST
@@ -6,9 +6,6 @@ ${PYSITELIB}/semdep/__init__.pyo
${PYSITELIB}/semdep/find_lockfiles.py
${PYSITELIB}/semdep/find_lockfiles.pyc
${PYSITELIB}/semdep/find_lockfiles.pyo
-${PYSITELIB}/semdep/models.py
-${PYSITELIB}/semdep/models.pyc
-${PYSITELIB}/semdep/models.pyo
${PYSITELIB}/semdep/package_restrictions.py
${PYSITELIB}/semdep/package_restrictions.pyc
${PYSITELIB}/semdep/package_restrictions.pyo
@@ -163,9 +160,6 @@ ${PYSITELIB}/semgrep/git.pyo
${PYSITELIB}/semgrep/ignores.py
${PYSITELIB}/semgrep/ignores.pyc
${PYSITELIB}/semgrep/ignores.pyo
-${PYSITELIB}/semgrep/job_postings.py
-${PYSITELIB}/semgrep/job_postings.pyc
-${PYSITELIB}/semgrep/job_postings.pyo
${PYSITELIB}/semgrep/join_rule.py
${PYSITELIB}/semgrep/join_rule.pyc
${PYSITELIB}/semgrep/join_rule.pyo
diff --git a/semgrep/distinfo b/semgrep/distinfo
index b9649a374c..0119cd8b23 100644
--- a/semgrep/distinfo
+++ b/semgrep/distinfo
@@ -1,5 +1,5 @@
$NetBSD$
-BLAKE2s (semgrep-0.109.0.tar.gz) = d7d8e72f6aee9aa9e87da31a3a84b1e00859d0e5c496a661a32599779ce600e5
-SHA512 (semgrep-0.109.0.tar.gz) = 3fc5f0aa11d39e2ca18dc572f5ffe407773465fc4c8e0a25532170c0c03d9ee46332f98321895de93d34e8286a27c53f5d494d3b70d4aeb1d7632b5e026e33dc
-Size (semgrep-0.109.0.tar.gz) = 187691 bytes
+BLAKE2s (semgrep-0.111.1.tar.gz) = ec203d73e2c56846b7f4e7e1e2e3743a3e9760bbe95213e0f192b84938522ad2
+SHA512 (semgrep-0.111.1.tar.gz) = 57216bc20f4db559e3f6d7fe17ed80c3c0c411c0cb2968a1f3c6bf0f6f54a7c548f33f4d042ad3e7ee5665ae9894897fde4e4faeae7d748f40aafa22bd2231bd
+Size (semgrep-0.111.1.tar.gz) = 187717 bytes
Home |
Main Index |
Thread Index |
Old Index