Secure code review with Semgrep
About me
Bishwajeet Biswas�Security Enthusiast
What is Semgrep??
Semgrep is a static code analysis tool that helps identify security vulnerabilities. It is known for its flexibility and ease of use, allowing users to create custom rules using code-like patterns.
Semgrep VS other SAST tools
Agenda
Basics of Semgrep
Metavariable analysis for entropy analysis
Taint mode for flow analysis
Syntax
rules:
- id: simple_print
pattern: print()
message: Semgrep found a match
languages:
- python
severity: Warning
How to pattern match?
Ellipsis Operator (...)
Metavariables
Challenge
Don’t worry Semgrep has got you covered
But how? (Pattern-not)
Hardcoded secrets detected!!
Metavariable-analysis �to the rescue
Metavariable analysis helps detect vulnerabilities, code smells, or unsafe flows by tracking these placeholders across multiple patterns in a rule.
Detecting hardcoded secrets
Code vulnerable to XSS!!
Taint mode
Taint mode is used to detect taint flows. It helps identify potential vulnerabilities, such as injection attacks (e.g., SQL injection, command injection), by tracking how data flows from sources (input points) to sinks (places where the data is used).
Detecting XSS
Code vulnerable to Path traversal!!
Taint mode again for the rescue
Detecting path traversal
Code vulnerable to SQLi!!
Pattern-not-inside �has got your back
pattern-not-inside ensures that a specific code pattern is flagged only when it’s not inside a particular context. This is useful when you want to ensure that unsafe code (like direct string concatenation) is reported only if it's not inside a block where validation or sanitization happens.
Detecting SQLi
Please join our community