Semgrep v0.52.0 has promoted C# support from develop to alpha!
This means that we expect to parse most C# code (our estimated parse rate is 97%) and that we support matching metavaribles (
$X and such) and ellipsis (
...) against expressions and statements.[^1] This already allows one to write some useful rules. In fact, we just got our first set of C# rules contributed by Ahmet Akan!
We’re looking for early testers like Ahmet that can help us identify bugs and contribute rules. If that sounds interesting, try writing some C# rules in the Playground. A few examples to help you start are here, here, here, here, and here. There is also a tutorial and excellent documentation to learn more about writing Semgrep rules.
If you get serious about it, then please install or upgrade Semgrep! If you find it useful, you may want to add Semgrep to your CI pipeline, too!
We must thank Sjoerd Langkemper for his outstanding work that made this milestone possible. As an external contributor, Sjoerd jumped into adding C# support to Semgrep back in August 2020, contributed more than 50 commits, and left C# support very close to alpha. Our plan is to promote C# to beta during the next few months.
[^1]: To learn more about language support tiers like alpha, beta, and GA, visit our supported languages docs.
Semgrep is a fast, open-source, static analysis tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.