mschwager

Hmm, this is an interesting case. `cohesion` doesn't currently have the smarts to include sub-method call cohesion along with the cohesion of a specific method. Meaning, exactly what you said:...

Hey @hako, thanks for opening this PR! If you're output is being overwhelmed by HTTP 200's can't you simply drop the `-verbose` flag and have `riplink` only print errors? I'm...

Looks like a dupe of https://github.com/yandex/gixy/issues/126, but I'd still very much like this detection.


Hi there, Good catch, thanks for bringing this to my attention. I agree with the spirit of this task, however I think it makes sense to wait until https://github.com/tiran/defusedxml/issues/38 is...

Hi @barrywhart, Good catch - you're correct that the ReDoS rule doesn't handle constant propagation. There's opportunity to handle this on a basic, intra-procedural level. Dlint achieves this for some...

Note this may be somewhat moot since we're already searching for all `input` usage in `DUO108`. However, `six.moves.input` and `input` in Python > 3.0 are whitelisted, so probably still worth...

I think this is less of a `yaml` bug and more of an `include` deficiency - see also: https://github.com/returntocorp/semgrep/issues/1099

Hey @fasiha, Thanks for looking into this! If you're interested in continuing to push this forward, then we could take a look at the changes. Supporting Windows is an additional...

To add a bit more color to the overall objective, I think, by far, the biggest hurdle to running Semgrep on Windows is getting the OCaml binaries compiled and released....