MatchingError leads to incomplete scan #2
Description
The rule int-jndi-insecure-serde triggers Semgrep MatchingError on unrelated Java files.
The crash is caused probably by the constructor pattern new $TYPE(..., ..., ..., ..., $VAL, ...), which introduces unbounded backtracking in Java argument matching. This happens even when the file contains no JNDI / SearchControls usage.
Here is the list of the affected rules:
- sast-rules.int-jndi-lookup-sink
- sast-rules.int-spel-insecure-parse
- sast-rules.int-jndi-insecure-serde
Using Semgrep: 1.144.1 with --verbose on our source repo.