git.stella-ops.org/bench/reachability-benchmark/baselines/semgrep/rules.yaml

rules:
  - id: semgrep.eval.js
    languages: [javascript, typescript]
    message: "Potential eval / Function sink"
    severity: WARNING
    patterns:
      - pattern-either:
          - pattern: eval($EXPR)
          - pattern: Function($ARGS, $BODY)
          - pattern: vm.runInNewContext($EXPR, ...)
  - id: semgrep.template.js
    languages: [javascript, typescript]
    message: "Template rendering with user-controlled input"
    severity: WARNING
    patterns:
      - pattern-either:
          - pattern: res.render($TEMPLATE, $CTX)
          - pattern: reply.view($TEMPLATE, $CTX)
  - id: semgrep.exec.py
    languages: [python]
    message: "Potential exec/eval sink"
    severity: WARNING
    patterns:
      - pattern-either:
          - pattern: eval($EXPR)
          - pattern: exec($EXPR)
  - id: semgrep.template.py
    languages: [python]
    message: "Template rendering with user-controlled input"
    severity: WARNING
    patterns:
      - pattern-either:
          - pattern: render_template($NAME, **$KWARGS)
          - pattern: Template($X).render(...)