yaml.semgrep.metadata-references.metadata-references

returntocorp

Author

672

Download Count*

LGPL Commons Clause

License

The references in rule metadata should always be a list, even if there's only one.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: metadata-references
    message: The references in rule metadata should always be a list, even if
      there's only one.
    severity: ERROR
    languages:
      - json
      - yaml
    patterns:
      - pattern-inside: |
          rules: ...
      - pattern-inside: |
          metadata: ...
      - pattern: |
          references: ...
      - pattern-not: |
          references: [...]
    metadata:
      category: correctness
      technology:
        - semgrep
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

metadata-references.test.yaml

rules:
  - id: example-1
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ok: metadata-references
      references:
        - https://google.com
  - id: example-2
    message: Example
    severity: ERROR
    languages: [json, yaml]
    pattern: "..."
    metadata:
      # ruleid: metadata-references
      references: https://google.com

Short Link: https://sg.run/dgbX