backcover7
It's not in a hurry. You can set this as the lowest priority.
@IagoAbal Actually, I did encounter such cases when trying to match code pattern in XXE issue. Lots of XML parser need factory class to build an instance of the parser...
> What about this https://semgrep.dev/s/e8Gb ? Just realized this potential solution right now. This works for ignoring `newInstance`. But you might not want to see my rule which has a...
> What about this https://semgrep.dev/s/QyL4 ? I guess this feels more complex than `obj. ... .x()` but does what you need I think. This seems to be the best approach...
@IagoAbal Please take a look here (https://semgrep.dev/s/backcover7:xml-copy) For each kind of xml parser I have to write several rules to match them. And I need to use an ellipsis for...
@IagoAbal I suppose this issue could also be solved by the thought which is regarding to the propagation library we talked about in the slack.
how should I use spoon-dataflow to analyze if there's flow from one specific statement to another specific statement or from parameters of the method to one specific statement?