Yoann Padioleau
Yoann Padioleau
You can use $...ARGS to name the ellipsis, so then they can be reused in the fix: part. pattern: load($...ARGS) fix: safe_load($...ARGS, loader=UnsafeLoader)
cc @bmahe and @nmote who are doing work around autofix these days.
I think there's an interest in having autofix getting smarter in the transformation part (it's smart in the matching part), but it's currently so buggy that we first need to...
Right now we use pfff to parse the semgrep pattern. Ideally we would like to get rid of pfff and use tree-sitter to also parse the pattern, but that would...
One easy fix is to have a fix_funcall or fix_id in Parse_php_tree_sitter.ml that detects if the identifier is one of the builtin and generate a __builtin_xxx like we do in...
We could also get rid of those __builtin in pfff and generate regular identifiers. We could also add those Isset in Ast_php.special, instead of using those __builtin prefix in Id....
seems like the problem is not even in tree-sitter-dockerfile but tree-sitter itself ... The tree-sitter-dockerfile author just sent the issue upstream: https://github.com/tree-sitter/tree-sitter/issues/1842
related to https://github.com/returntocorp/semgrep/issues/4175
we should close this when we actually support embedded SQL in C code with actual extract mode rules, and also real support for SQL.
We could also maybe support a 'semgrep download --config p/r2c just like we have a publish.