20 docs tagged with "Rule writing"

Learn how to use Semgrep rules' autofix key to provide suggested fixes for matched patterns through pull request or merge request comments.

Semgrep performs flow-sensitive constant folding, and this information is used by the matching engine.

Learn about Semgrep Secrets rules.

Learn about validators used in Semgrep Secrets rules.

Semgrep can run dataflow analyses on your code, this is used for constant propagation and for taint tracking.

The status of the dataflow analysis.

Semgrep can match generic patterns in languages that it doesn’t support yet. You can use generic pattern matching for languages that do **not** have a parser, configuration files, or other structured data such as XML.

Definitions of static analysis and Semgrep rule-writing terms.

metavariable-analysis allows Semgrep users to check metavariables for common problematic properties, such as RegEx denial of service (ReDoS) and high-entropy values.

Learn how to use Semgrep’s intuitive syntax to write rules specific to your codebase. You can write and share rules directly from your browser using the Semgrep Editor, or you can write rules in your terminal and run them on the command line.

Semgrep Code users can publish rules to the Semgrep Registry that are not visible to others outside their organization. This can be useful for organizations where rules may contain code-sensitive information or legal requirements prevent using a public registry.

Learn Semgrep's pattern syntax to search code for a given code pattern.

View sample rule pattern examples for Semgrep-supported programming langauges.

This document describes the YAML rule syntax of Semgrep, including required and optional fields.

See sample Semgrep rules for various use cases.

Proprietary Semgrep features for the Java language that can increase true positives and reduce false positives.

This is a list of vulnerabilities found and security fixes made with Semgrep.

Taint mode allows you to write simple rules that catch complex injection bugs thanks to taint analysis.

Semgrep provides a testing mechanism for your rules. You can write code and provide annotations to let Semgrep know where you are or aren't expecting findings.

Follow these troubleshooting steps when your pattern fails to parse, your rule doesn't match its intended code, and other rule writing pitfalls.