Martin Jambon
Martin Jambon
When building dune-files with ocaml 4.04 (minimum version supported by `pp`), we're getting a few errors due to functions that are not present in older versions of ocaml. Missing functions...
I'm wondering if I'm doing the right thing here: ```ocaml let rec simplify (ast : Dune_files.t) : sexp = match ast with | Atom (A s) -> Atom s |...
I didn't find a function that takes a `Pcre.Error` exception and prints a human-friendly representation. By default, we're getting `Pcre.Error(5)` instead of `Pcre.Error(RecursionLimit)`. The plan would be that the user...
Fixes https://github.com/returntocorp/semgrep/issues/5147 It took me a while to figure out what's going on with string matching. The result is that regexp content within `//` is handled like interpolated strings (`""`...
Goal: detect unsafe URL injections For example, `https://example.com/$X` would be considered safe regardless of the origin of `$X` but `https://example$X.com/home` is considered unsafe if `$X` is tainted i.e. might come...
**Is your feature request related to a problem? Please describe.** It's hard for even the best of us to remember that ```yaml - pattern-regex: | ^secret:\s*(.*)$ ``` will include a...
**Describe the bug** Pattern `RUN b` should not match `RUN a && b`. **To Reproduce** Actual behavior, which is incorrect (or at least very surprising): ``` $ semgrep-core -lang bash...
The [manual says this](https://ocaml.org/api/Stdlib.html) about `raise_notrace`: > `val raise_notrace : exn -> 'a` > A faster version `raise` which does not record the backtrace. We would like to know what...
All `token()` constructs should produce a node in the CST, but not all of them do. This is a similar problem as for patterns (see #1151) but it's trickier to...
In the CST accessible via the C API, tokens that match a pattern construct (e.g. `/[a-z]+/`) don't produce a node. However, constants like `'goto'` do, as do named rules like...