1 comment

[ 2.7 ms ] story [ 12.8 ms ] thread
I was doing auditing on a codebase I hadn't seen before, and saw some potential SQL injections SonarQube didn't pick up. Semgrep didn't support the language so I couldn't use that for searching potential injections, and grep just didn't cut it -- so I wrote a tool which can tokenize and parse (almost) any popular language and search it using regex-like patterns.