Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt

Use this file to discover all available pages before exploring further.

Currently, Semgrep does not have a clear way to match the absence of a pattern, rather than the presence of one. However, you can approximate this behavior by matching an entire file with pattern-regex, and excluding a file that contains the desired content with pattern-not-regex or other negative patterns. Here is a simple example: 
rules:
  - id: a
    patterns:
      - pattern-regex: |
          (?s)(.*)
      - pattern-not-regex: .*YOUR PATTERN TO BLOCK
    message: match
    languages:
      - generic
    severity: HIGH
EXAMPLETry this pattern in the Semgrep Playground.
The regular expression pattern (?s)(.*) uses the s flag to put the match in “single-line” mode, so that the dot character matches a newline. This allows (.*) to match multiple lines, and therefore match an entire file. If the file contains YOUR PATTERN TO BLOCK, then the match is negated and the file does not appear as a finding. If the file does not contain YOUR PATTERN TO BLOCK, the file is flagged as a finding. With this rule, the finding spans the whole file, starting at line 1.