Typescript parsing does not recognise Parameter Properties

[joshbouncesecurity]

Describe the bug
Hey folks, I am trying to use Semgrep Pro with Typescript to detect control flow and I came across an interesting problem.

I have code where class properties are being declared as Parameter Properties. Semgrep does not seem to be able to follow the flow through a parameter property. (I should note that VS Code does not seem to have any problem following the flow).

To Reproduce
See an example here:
https://semgrep.dev/playground/r/6JUv0RL/semgrep_bouncesecurity.broken-parameter-properties

I have used unit tests to show what should be being detected.

Expected behavior
See the unit tests above, Semgrep Pro should be able to follow flow when a parameter property is used so this rule should have detected all 3 examples and not just 2 of them.

Note that in the real scenario, the classes being declared are in different files so the solution needs to be a cross-file solution.

Screenshots
N/A

What is the priority of the bug to you?

• P0: blocking your adoption of Semgrep or workflow
• P1: important to fix or quite annoying
• P2: regular bug that should get fixed

Environment
N/A

Use case

Cross-file discovery of control flow to ascertain where we are vulnerable to a particular issue.