Skip to main content

Including multiple focus metavariables using set union semantics

Semgrep matches all pieces of code captured by focus metavariables when you specify them in a rule. Specify the metavariables you want to focus on in a YAML list format.

info

This feature is using focus-metavariable, see focus-metavariable documentation for more information.

There are two ways in which you can include multiple focus metavariables:

Set union

For example, there is a pattern that binds several metavariables. You want to produce matches focused on two or more of these metavariables. If you specify a list of metavariables under focus-metavariable, each focused metavariable matches code independently of the others.

    patterns:
- pattern: foo($X, ..., $Y)
- focus-metavariable:
- $X
- $Y

This syntax enables Semgrep to match these metavariables regardless of their position in code. See the following example:

tip

Among many use cases, the set union syntax allows you to simplify taint analysis rule writing. For example, see the following rule: