yaml.semgrep.duplicate-id.duplicate-id

profile photo of semgrepsemgrep
Author
672
Download Count*
LGPL Commons Clause
License

The 'id' field $X was used multiple times. The 'id' field needs to be unique.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: duplicate-id
    message: The 'id' field $X was used multiple times. The 'id' field needs to be
      unique.
    severity: ERROR
    languages:
      - yaml
    patterns:
      - pattern-inside: "rules: [..., $RULE, ...]"
      - pattern-inside: |
          ...
          - id: $X
            ...
          ...
          - id: $X
            ...
          ...
      - pattern: |
          id: $X
    metadata:
      category: correctness
      technology:
        - semgrep
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

duplicate-id.test.yaml

rules:
# ok: duplicate-id
- id: unchecked-subprocess-call-1
  patterns:
  - pattern-either:
    - pattern: |
        subprocess.call(...)
    - pattern: |
        subprocess.call(...)
  - pattern-not-inside: |
      $S = subprocess.call(...)
  - pattern-not-inside: |
      subprocess.call(...) == $X
  message: |
  severity: WARNING
  fix: subprocess.check_call(...)
# ruleid: duplicate-id
- id: unchecked-subprocess-call
  patterns:
  - pattern-either:
    - pattern: |
        subprocess.call(...)
    - pattern: |
        subprocess.call(...)
  - pattern-not-inside: |
      $S = subprocess.call(...)
  - pattern-not-inside: |
      subprocess.call(...) == $X
  message: |
  severity: WARNING
  fix: subprocess.check_call(...)
# ok: duplicate-id
- id: unchecked-subprocess-call-2
  patterns:
  - pattern-either:
    - pattern: |
        subprocess.call(...)
    - pattern: |
        subprocess.call(...)
  - pattern-not-inside: |
      $S = subprocess.call(...)
  - pattern-not-inside: |
      subprocess.call(...) == $X
  message: |
  severity: WARNING
  fix: subprocess.check_call(...)
# ruleid: duplicate-id
- id: unchecked-subprocess-call
  patterns:
  - pattern-either:
    - pattern: |
        subprocess.call(...)
    - pattern: |
        subprocess.call(...)
  - pattern-not-inside: |
      $S = subprocess.call(...)
  - pattern-not-inside: |
      subprocess.call(...) == $X
  message: |
  severity: WARNING
  fix: subprocess.check_call(...)
# ok: duplicate-id
- id: unchecked-subprocess-call-3
  patterns:
  - pattern-either:
    - pattern: |
        subprocess.call(...)
    - pattern: |
        subprocess.call(...)
  - pattern-not-inside: |
      $S = subprocess.call(...)
  - pattern-not-inside: |
      subprocess.call(...) == $X
  message: |
  severity: WARNING
  fix: subprocess.check_call(...)