Sparrrgh
Sparrrgh
This rule is described in the documentation for MASTG as the enforcement of checks through Device Administration API and by querying Settings.Secure. The current rule only checks the **example** in...
When parsing XML, a pattern containing XML entities separated by ellipsis wiill return a parse error
**Describe the bug** When parsing a rule which targets XML code, if the rule contains XML tags separated by ellipsis, a parse error will be returned. **To Reproduce** Example: https://semgrep.dev/playground/s/Wr7eL...
It might be a bit too specific, but the PDF.js arbitrary javascript execution (CVE-2024-4367) is quite a powerful vector for PDF files. Might be worth implementing.