yaml.semgrep.metadata-cwe.metadata-cwe

profile photo of semgrepsemgrep
Author
658
Download Count*

$...CWE The cwe tag in rule metadata should always be in the format "CWE-000: Title".

Run Locally

Run in CI

Defintion

rules:
  - id: metadata-cwe
    message: '$...CWE The cwe tag in rule metadata should always be in the format
      "CWE-000: Title".'
    severity: ERROR
    languages:
      - yaml
    patterns:
      - pattern-inside: "rules: ..."
      - pattern-inside: "metadata: ..."
      - pattern: "cwe: ..."
      - pattern-not-regex: CWE-[\d]+:\s+\w
    metadata:
      category: best-practice
      technology:
        - semgrep
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

metadata-cwe.test.yaml

rules:
  - id: example-1
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ok: metadata-cwe
      cwe: "CWE-123: Some Vulnerability"
  - id: example-2
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ruleid: metadata-cwe
      cwe: "CWE123: Some Vulnerability"
  - id: example-3
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ruleid: metadata-cwe
      cwe: "cwe-123: Some Vulnerability"
  - id: example-4
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ruleid: metadata-cwe
      cwe: CWE-123
  - id: example-4
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ok: metadata-cwe
      cwe: >
        CWE-123: Some Vulnerability