Testing autofix behavior of SAST rules

Semgrep has introduced autofix tests to enhance its functionality, allowing users to automatically test the autofix feature of custom rules, which transforms non-compliant code into compliant code. This addition addresses a long-standing gap in automated testing for rule compliance after updates. Users can now create a separate file to test autofix behavior, and Semgrep will compare the fixed code to the original test code, providing clear diffs if discrepancies occur. The security research team at r2c, where Semgrep is developed, prioritizes the quality of its rules and continuously updates them based on user feedback and internal testing. This includes scanning open-source repositories and using purposefully vulnerable applications to measure false positives and negatives. The team is committed to improving the testing suite and plans to investigate past CVEs to assess whether current Semgrep rules could have prevented them.