pfff is mainly an OCaml API to write static analysis, dynamic analysis, code visualizations, code navigations, or style-preserving source-to-source transformations such as refactorings on source code.
This is useful for cache invalidation when we cache information about files. We've run into issues where collisions in tmp file names lead to incorrect information in caches.
https://github.com/returntocorp/semgrep/issues/5277 is one example, and I just investigated another (see test plan).
Test plan: Automated tests in Semgrep and DeepSemgrep, plus semgrep --deep --config=p/deepsemgrep ./NodeBB/ --verbose -j 1 where NodeBB is a fresh clone of the NodeBB repo, after using this new function to clean up the cache in Semgrep's Range.ml. Previously, that crashed.
Security
[x] Change has no security implications (otherwise, ping the security team)
This is useful for cache invalidation when we cache information about files. We've run into issues where collisions in tmp file names lead to incorrect information in caches. https://github.com/returntocorp/semgrep/issues/5277 is one example, and I just investigated another (see test plan).
Test plan: Automated tests in Semgrep and DeepSemgrep, plus
semgrep --deep --config=p/deepsemgrep ./NodeBB/ --verbose -j 1whereNodeBBis a fresh clone of theNodeBBrepo, after using this new function to clean up the cache in Semgrep'sRange.ml. Previously, that crashed.Security