Cooper Pierce

If you're in the [community slack](go.semgrep.dev/slack), I would suggest posting in the `#rules` channel. If you have more complicated things in your actual rule, you could tweak your source pattern...

Hey @MarkCarter88, any reason you can't have a "proper" pattern as the sink? E.g., `$OBJ.sink(...)`? This is a pretty odd pattern to have as a sink and I doubt we...

The issue is more that your regex is overbroad and doesn't rely on any semantic property. You could do something like ```yaml patterns: - pattern: $FUNC(..., $ARG, ...) - focus-metavariable:...