Grayson H
Grayson H
Hi there! While [scanning a punch of Python code](https://semgrep.live/scan/26523a72-8d8a-4fcf-81ff-eb33178cd4ec), I noticed some imbalanced parentheses in your code. The actual scan finding looks for anyone using strings in Python with boolean...
**Is your feature request related to a problem? Please describe.** It would be awesome to have Semgrep automatically scan "embedded" languages in other languages, particularly for common cases. Some examples...
cf. https://github.com/presidentbeef/brakeman/tree/main/lib/brakeman/checks Some useful context about rails and brakeman rules. In rails, there are three possible sources of user input: `params`, `cookies`, and `request.env`. This may either be accessed as...
**Describe the bug** The dangerouslySetInnerHTML rule is currently noisy due to lack of constant filtering. @chgg-kboberg gave us this sample: https://semgrep.dev/s/chgg-kboberg:context_aware_dangerouslysetinnerhtml as a potential alternative. However, it uses a top-of-pattern...
**Rule Description** *What does this rule intend to find?* https://pandas.pydata.org/docs/reference/api/pandas.read_sql_query.html **Examples or references** *Put an example or references here* **Additional information** *More information that would help someone write this rule!*...
**Check Description** An experimental package, `syscall/js`, looks like it has the capability to do serialize and unserialize WASM. https://www.godoc.org/syscall/js#CopyBytesToGo Based on this issue here: `https://github.com/golang/go/issues/39129` - [ ] This ticket...
**Check Description** cf. https://github.com/OWASP/Go-SCP/blob/master/dist/go-webapp-scp.pdf, pg. 12 cf. https://ilyaglotov.com/blog/servemux-and-path-traversal - [ ] This ticket has links, references, or examples. - [ ] Your check has true positive and true negative test...
**Check Description** cf. https://find-sec-bugs.github.io/bugs.htm#ENTITY_MASS_ASSIGNMENT - [x] This ticket has links, references, or examples. - [ ] Your check has true positive and true negative test cases. - [ ] Your...
## Overview > Briefly describe the issue and your expected behavior Depending on terminal window size, the first result in `bento check` may be cut off. ## Current Behavior >...
`B001` and Flake8/pycodestyle `E722` both check for bare_except, but `B001` misses a lot of cases that `E722` finds. [We](https://r2c.dev/) noticed this when we tried running an internal tool that looks...