Experimental feature: generic pattern matching

Semgrep has introduced a new experimental feature known as generic pattern matching, which enhances its ability to identify code patterns in languages without a Semgrep parser, as well as in configuration files and structured data like HTML or XML. This feature is particularly useful for finding vulnerabilities, such as unwanted permissions in Terraform files or insecure settings in nginx configurations. Generic pattern matching interprets documents as nested sequences of ASCII words and punctuation, and supports several pattern operators, including metavariables, which can capture single words but not sequences of tokens. The feature works best with structured data and short patterns, but it has limitations, such as the inability to detect code written in unconventional ways and limited support for capturing sequences of tokens. Users can experiment with this feature in the Semgrep live editor and browse available rules in the Semgrep registry.