Home / Companies / Semgrep / Blog / November 2019

November 2019 Summaries

3 posts from Semgrep

Filter
Month: Year:
Post Summaries Back to Blog
R2c's new developer tool, Bento, aims to improve software security and reliability by offering custom program analysis checks alongside existing tools like Flake8, Bandit, and ESLint. One such check focuses on detecting potential issues in Flask applications, such as ensuring the correct usage of the `send_file` function to prevent a ValueError due to missing filename or mimetype parameters. This issue arises because Flask no longer infers the mimetype of file-like objects as of version 0.12. The check was tested on 1,200 GitHub repositories using Flask and found 109 instances of the issue across 15 repositories. The results highlight the check's utility in catching mistakes early in development, thus reducing the need for dynamic testing later. Bento, as of version 0.6, includes this check by default, assisting developers in identifying and resolving critical bugs efficiently.
Nov 26, 2019 698 words in the original blog post.
Bento is a newly released code check tool developed by r2c that aims to streamline the code review process by focusing only on significant issues and ignoring less critical style or preference violations. It addresses common developer frustrations by disabling checks that are often deemed unnecessary, such as style violations handled by formatters like Black and Prettier, unpopular checks based on mined data from open-source projects, and "bad checks" with high false-positive rates. By leveraging their at-scale code analysis platform, r2c has tailored Bento to minimize distractions and enhance the efficiency of code checking, allowing developers to focus on meaningful improvements in their code quality. With its default configuration, Bento disables many stylistic and preference-related checks for tools like ESLint and Flake8, and it is designed to evolve by identifying which checks developers prioritize through real-world application analysis.
Nov 14, 2019 824 words in the original blog post.
r2c has developed Bento, an open-source toolkit designed to make advanced code analysis tools accessible to all developers, particularly those who may not work for large companies with extensive resources. Bento is an opinionated tool that integrates linters and program analysis into a codebase, providing curated AST-based lints and focusing on finding critical bugs and security issues rather than style discrepancies. It operates entirely offline, ensuring no code leaves the developer's machine, and is easy to install and configure. The toolkit aims to streamline the process of identifying and addressing significant code issues by providing automatic configuration based on dependencies and frameworks, reducing the need to sift through numerous linter results. Bento's roadmap includes expanding beyond AST-based linting to incorporate checks like SQL injection detection and dependency upgrade analysis, and it encourages community involvement and feedback to continuously improve the tool.
Nov 14, 2019 816 words in the original blog post.