-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross file analysis ? #18
Comments
My bad, I just noticed you talk about Interprocedural in your paper, I think that's what it is, my use-case for inter-file (as semgrep calls it) is to be able to really track down the request parameters, and the response structure, to generate accurate OpenAPI Specifications. |
Hey! Yup, interprocedural / interfile analysis is something
Lines 74 to 78 in ac74a05
Lines 68 to 73 in ac74a05
Most generally, all these cases fall under interprocedural or interfile issues. Generally Semgrep is weak in this situation, and something like CodeQL would be much stronger. However, CodeQL is significantly more difficult to use, and it'd take quite a long time to get the equivalent level of web application framework coverage that |
Hey ! Just wondering if you had the problem of performing the detection cross-file ?
Like, one index file, and many controller files with functions declared there to handle your request, parameters, response etc...
I know there are not a lot of tools doing that properly for now, Noir is purely regex based and not able to do it cross-file.
Here with semgrep I'm guessing you're limited with the
interfile
feature that is for the pro engine only ?The text was updated successfully, but these errors were encountered: