yaml.semgrep.empty-message.empty-message

profile photo of semgrepsemgrep
Author
672
Download Count*
LGPL Commons Clause
License

This rule has an empty message field. Consider adding a message field that communicates why this rule is an issue and how to fix it. This will increase the chance that the finding gets addressed.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: empty-message
    message: This rule has an empty message field. Consider adding a message field
      that communicates why this rule is an issue and how to fix it. This will
      increase the chance that the finding gets addressed.
    languages:
      - yaml
    patterns:
      - pattern-inside: "rules: [..., $RULE, ...]"
      - pattern: |
          message: ""
    severity: WARNING
    metadata:
      category: correctness
      technology:
        - semgrep
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

empty-message.test.yaml

rules:
  - id: unchecked-subprocess-call
    patterns:
      - pattern-either:
          - pattern: |
              subprocess.call(...)
          - pattern: |
              subprocess.call(...)
      - pattern-not-inside: |
          $S = subprocess.call(...)
      - pattern-not-inside: |
          subprocess.call(...) == $X
    # ruleid: empty-message
    message: >-
    severity: WARNING
    fix: subprocess.check_call(...)