Isaac Evans

Support fully-qualified names from wildcard imports across languages

4

**Describe the bug** Semgrep doesn't handle fully qualified names that are introduced via a wildcard import. **To Reproduce** Python example: https://semgrep.dev/s/RgQg Java example: https://semgrep.dev/s/BGQx **Expected behavior** In the case where...

Include requested and scanned SLoC counts in output

2

**Is your feature request related to a problem? Please describe.** When we scan with Semgrep, I sometimes wonder: are we checking all our code? It would be great to have...

python.lang.maintainability.useless-inner-function false positives

10

https://semgrep.live/7KvR?registry=python.lang.maintainability.useless-innerfunction&sourceurl=https%3A%2F%2Fraw.githubusercontent.com%2Fdropbox%2Fdropbox-api-v2-repl%2Fa057a71995e12fb4cd2fff6fa4d917969e665fda%2Frepl.py

On Debian, if python3-venv is not installed, bento init will fail and then subsequent runs will not work until `--init clean` is called. It would be preferable to check for...

bento check reports commited-thus-ignored findings as "archived"

6

## Overview Bento described N archived findings, even if the archive contains 0. ## Current Behavior ``` > git commit -am "foo" ... ◦ Not showing 4 archived finding(s). To...

Bento autorun should skip if files are exclusively deleted

5

Make a commit that deletes files only. Git commit it with bento autorun enabled: ``` git commit -am "comment ifelse for platform run" Running Bento checks on staged files... ⚠...

exception while running $ bento archive

1

Surprising exception occurred while running bento archive On bento bento/0.9.1 ``` ine@imbp4 ~/D/r/s/scripts (ie/refactor-sgrep-py) [1]> git diff diff --git a/scripts/sgrep-lint/evaluation.py b/scripts/sgrep-lint/evaluation.py index cbc8b46..da54182 100644 --- a/scripts/sgrep-lint/evaluation.py +++ b/scripts/sgrep-lint/evaluation.py ... ```...

bento archive fails to archive issues

2

## Overview > Briefly describe the issue and your expected behavior Bento archive failed to actually archive a check on commit a5d11ee in https://github.com/returntocorp/sgrep-rules/compare/ie/useless-comparison-check-test?expand=1 ## Current Behavior ``` ine@I ~/D/r/sgrep-rules...

## Overview Bento tells me to see .bento/archive.json for the whitelist, but the whitelist does not exist at that path. In fact it exists at the root of the project....

Add "kill timer" to Docker containers

3

**EDIT by @dlukeomalley** Bento keeps a shellcheck and hadolint container running in the background as a performance optimization. Currently these containers run indefinitely. Rather than running forever, its proposed that...