Instead, we use an overlapping patch merging process. To this end, we define K, S, and P, where K is the patch size, S is the stride between two adjacent patches, and P is the padding size. In our experiments, we set K = 7, S = 4, P = 3 ,and K = 3, S = 2, P = ...
@connorgilbert After more testing @idawson and I found that semgrep seems to be somehow merging rules with the same ID. We found this because the rule find_sec_bugs.HTTPONLY_COOKIE-1 was finding vulnerabilities in a scala fixture, even though that rule defines its language as java. When we...