Skip to main content
In principle, the dataflow analysis engine, which provides taint tracking, constant propagation, and symbolic propagation, can run on any language supported by Semgrep. However, the level of support is lower than for the regular Semgrep matching engine. When Semgrep performs an analysis of the code, it creates an abstract syntax tree (AST), which is then translated into an analysis-friendly intermediate language (IL). Subsequently, Semgrep runs mostly language-agnostic analysis on IL. However, this translation is not fully complete.
CAUTIONThere can be features of some languages that Semgrep does not analyze correctly while using dataflow analysis. Consequently, Semgrep does not fail even if it finds an unsupported construct. The analysis continues while the construct is ignored. This can result in Semgrep not matching some code that should be matched (false negatives) or matching a code that should not be matched (false positives).
Please help Semgrep improve by reporting any issues you encounter.