Kotlin Semgrep cannot deal with context receivers
Summary
GitLab recently started migrating the Kotlin SAST job from SpotBugs to Semgrep. However, GitLab Semgrep 4.18.0 and later (which are the versions that added Kotlin support) don't support context receivers, a widely used Kotlin feature that is considered experimental within Kotlin but has been used in production for years now. I suspect the issue lies with Semgrep itself rather than anything GitLab did on top of it, but it is something that is critical for my projects and I would not want to migrate from SpotBugs to Semgrep if it broke on context receivers.
Steps to reproduce
- Create a Kotlin project with context receivers (Or just clone this repo https://gitlab.com/rug-digitallab/products/themis/judgement/companion-container)
- Run GitLab Semgrep v4.18.0 or later on it.
- Observe warnings in stdout
Example Project
https://gitlab.com/rug-digitallab/products/themis/judgement/companion-container/-/jobs/6762504069
What is the current bug behavior?
Semgrep outputs warnings in stdout warning that it failed to parse the code, indicating that context receivers are not part of the syntax it has defined for Kotlin.
What is the expected correct behavior?
The analyzer should finish without warnings
Relevant logs and/or screenshots
https://gitlab.com/rug-digitallab/products/themis/judgement/companion-container/-/jobs/6762504069
Output of checks
This bug happens on GitLab.com