20 docs tagged with "Rule writing"

Autofix is a Semgrep feature where rules contain suggested fixes to resolve findings.

Semgrep performs flow-sensitive constant folding and this information is used by the matching engine.

Not sure what to write a rule for? Below are some common questions, ideas, and topics to spur your imagination. Happy hacking! 💡

Semgrep can run data-flow analyses on your code, this is used for constant propagation and for taint tracking.

The status of the data-flow analysis.

Semgrep can match generic patterns in languages that it doesn’t support yet. You can use generic pattern matching for languages that do **not** have a parser, configuration files, or other structured data such as XML.

metavariable-analysis allows Semgrep users to check metavariables for common problematic properties, such as RegEx denial of service (ReDoS) and high-entropy values.

Learn how to use Semgrep’s intuitive syntax to write rules specific to your codebase. You can write and share rules directly from your browser using the Semgrep Playground, or write rules in your terminal and run them on the command line.

This section is automatically generated from the unit test suite inside Semgrep. Per-language references are also available within the Playground.

Learn Semgrep's pattern syntax to search code for a given code pattern. If you're just getting started writing Semgrep rules, check out the Semgrep Tutorial at https://semgrep.dev/learn

Semgrep Code users can publish rules to the Semgrep Registry that are not visible to others outside their organization. This can be useful for organizations where rules may contain code-sensitive information or legal requirements prevent using a public registry.

This document describes the YAML rule syntax of Semgrep including required and optional fields. Just getting started with Semgrep rule writing? Check out the Semgrep Tutorial at https://semgrep.dev/learn

Definitions of static analysis and Semgrep rule-writing terms.

Proprietary Semgrep features for the Java language that can increase true positives and reduce false positives.

This is a list of vulnerabilities found and security fixes made with Semgrep.

Taint mode allows you to write simple rules that catch complex injection bugs thanks to taint analysis.

Semgrep provides a convenient testing mechanism for your rules. You can simply write code and provide a few annotations to let Semgrep know where you are or aren't expecting findings.

Follow these troubleshooting steps when your pattern fails to parse, your rule doesn't match its intended code, and other rule writing pitfalls.

Learn about Semgrep Secrets rules.

Learn about validators used in Semgrep Secrets rules.