Semgrep rules for Kotlin security assessment

by Prapattimynk, Thursday, 3 August 2023 (7 months ago)
Semgrep rules for Kotlin security assessment


I recently had the chance to assess the security of many applications with a back-end written in the Kotlin language. Unfortunately, at the moment Semgrep‘s support for the Kotlin is still in “Beta” and there are not many public rules for this language. So, I decided to write a bunch of them on my own, mainly to look for potential SQL Injections. These rules were written with limited time, they are non-exhaustive, and can definitely be optimized. However, they are field-tested and have proven to do their job quite well.

Meanwhile, I also wrote a couple of rules related to Android mobile application’s client code, to quickly identify WebView functionalities in order to inspect their security configurations (for more info, see Android Platform APIs page of OWASP Mobile Testing Guide), both for Java and Kotlin.

These rules can be found in my Semgrep rules repository on GitHub:

If you’re interested in Semgrep and static analysis, you should also check out our Semgrep C/C++ and PHP rulesets for vulnerability research.



  1. 5 months ago

    deep web markets dark website dark internet

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.