yaml.semgrep.missing-message-field.missing-message-field

semgrep

Author

670

Download Count*

License

This rule does not have a message. Semgrep requires that rules have a message. Include a message to explain what the rule does. Consider writing a message that explains why this is an issue and how to fix it.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: missing-message-field
    message: This rule does not have a message. Semgrep requires that rules have a
      message. Include a message to explain what the rule does. Consider writing
      a message that explains why this is an issue and how to fix it.
    languages:
      - yaml
    patterns:
      - pattern-inside: "rules: [..., $RULE, ...]"
      - pattern: "id: $RULEID"
      - pattern-not-inside: |
          - ...
            message: ...
      - pattern-not-inside: |
          - ...
            mode: extract
    severity: WARNING
    metadata:
      category: correctness
      technology:
        - semgrep
      references:
        - https://semgrep.dev/docs/writing-rules/rule-syntax/
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

missing-message-field.test.yaml

rules:
  # ruleid: missing-message-field
  - id: unchecked-subprocess-call
    patterns:
      - pattern: |
          subprocess.call(...)
      - pattern-not-inside: |
          $S = subprocess.call(...)
      - pattern-not-inside: |
          subprocess.call(...) == $X
    severity: WARNING
    fix: subprocess.check_call(...)
  # ok: missing-message-field
  - id: other-rule
    pattern: <div>hello</div>
    languages: [generic]
    severity: INFO
    message: ""
  # ok: missing-message-field
  - message: ""
    id: other-rule-2
    pattern: <div>hello</div>
    languages: [generic]
    severity: INFO

Short Link: https://sg.run/nqEg