backcover7
Some git repo will insert an internal hyperlink that points to a file of the repo. For example. [somefile](/somefile) But astral concatenate the internal hyperlink as a URL path with...
The fileupload component uses the common-upload jar of the old version (1.3.1). There may be a DoS threat.
Tags like , do not allow to create other tags in its content because in the two tags belong to escapable raw text elements (RCDATA element). So when parsing tags...
**Is your feature request related to a problem? Please describe.** Java has some different access modifiers like `public`, `private`, `protected`. However if a class or method does not define the...
**Is your feature request related to a problem? Please describe.** Semgrep is used by security researchers to locate source and sink functions. For example, `Thread.sleep(...)` can match a potential DoS...
**Describe the bug** The taint mode might not track data flow through `foreach` statement **To Reproduce** https://semgrep.dev/s/94LY **Expected behavior** The `foreach` statement should be tracked and the sink function in...
**Is your feature request related to a problem? Please describe.** https://semgrep.dev/s/XgoN The pattern can only match the expression in the function body, and the parameter part cannot be matched. **Describe...
**Describe the bug** I am writing a rule to match recursive function call in Js. But it seems it does not work when there is a call from this keyword...
I am trying to understand the differences between spoon-data-flow and spoon-control-flow. It seems spoon-control-flow also has some support for data-flow analysis. How should I distinguish the two modules in the...
Hi I have a case that might put several child frames into a big frame and then expect to see the parent frameid when read frameID of the child frame...