Rules

Syntax Reference

Reference for xgrep pattern operators and metavariables.

Syntax Reference

This page is a stub — to be written.

A complete reference for every pattern operator and metavariable form xgrep supports. For now, the operator list lives in Writing rules, and the authoritative semantics follow the Semgrep rule syntax documentation, with xgrep parity tracked in Semgrep compatibility.

Rule modes

A rule runs in one mode, selected by the top-level mode: field (default search). A non-search mode forbids the plain pattern clause and unlocks its own keys:

  • search (default) — pattern matching with the operators above.
  • taint — source-to-sink dataflow; uses pattern-sources / pattern-sinks / pattern-sanitizers / pattern-propagators. See Taint analysis.
  • analysis — a built-in native analyzer named by analyzer:, for checks too context-dependent for patterns. Carries no pattern clause. See Analysis mode. (xgrep extension — not portable to Semgrep.)

Writing rules

The xgrep rule format and the rule features it supports.

Taint analysis

Write source-to-sink dataflow rules with xgrep's taint mode.

On this page

Syntax ReferenceRule modes