interspersed autofix of multiple expressions on same line

[gordonwoodhull]

Similar to #3388, if fixing multiple expressions in the same line, the autofixes can get mixed up and duplicated, resulting in garbled code.

Here is the repro: https://semgrep.dev/s/gordonwoodhull:wrap-strings

On semgrep.dev it produces the correct individual suggestions. However, when running semgrep 0.59 on the command line with --autofix, it looks like it confuses the output positions between the two fixes.

The rule attempts to replace the expression pattern (String $S) with the fix wrap($S).

On input

        return "a" + "b";

it produces the output

        return wrap("wrap("b") + "b";

[emjin]

I assume this is also P1 for you?

[gordonwoodhull]

Yes. I would say it is P1 because we can still use Semgrep for a lot of things but this makes a small percentage of our fixes impossible.

(We are trying to do some pretty ambitious things with autofix! Thank you for the amazing tool.)

[emjin]

Glad to hear that :D Autofix is still an experimental feature, but we're really excited about what people can do with it and hope we can put it on our roadmap soon.

[stale]

This issue is being marked stale because there hasn't been any activity in 30 days. Please leave a comment if you think this issue is still relevant and should be prioritized, otherwise it will be automatically closed in 7 days (you can always reopen it later).

[gordonwoodhull]

I am planning to work on this.

[gordonwoodhull]

Outline of solution in #3388 (comment).

Hope to contribute soon.