Original Post: Powerfully autofixing code with Semgrep’s new AST-based approach
The blog post discusses why AST-based autofix is superior to text-based autofix and how Semgrep’s implementation of AST-based autofix enhances correctness. Semgrep, a code searching tool supporting over 20 languages, has transitioned from text-based to AST-based autofix to avoid generating incorrect code.
The text-based method often resulted in invalid code due to incorrect replacements. For instance, replacing a function argument incorrectly added a leading comma, causing syntax errors. The AST-based approach involves three steps: parsing the fix into an AST, replacing metavariables within the AST, and printing the AST back to text. This method reduces errors by using the original nodes’ text from the target or the fix, thus preserving code structure and comments.
Currently, AST-based autofix is functional for expressions in Python and JavaScript/TypeScript, with high accuracy rates. Future improvements include expanding coverage for more languages and further enhancing the autofix capabilities. To try AUT-based autofix, users can utilize Semgrep via command line or integrate it with GitHub/GitLab projects using the Semgrep App.
Go here to read the Original Post