CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules.
Current rules for C, C++, GO, Python, JavaScript, Swift, PHP, Ruby, ASP, Kotlin, Dart, and Java. Yes, you can create your rules and manage each resource.
Source code and additional information can be found here: https://github.com/CoolerVoid/codecat