yaml.semgrep.multi-line-message.multi-line-message

profile photo of returntocorpreturntocorp
Author
unknown
Download Count*
LGPL Commons Clause
License

This rule has a multi-line message field, which may display poorly in a terminal. Consider ensuring it is on one line. For example, use message: >-, not message: |.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: multi-line-message
    message: "This rule has a multi-line message field, which may display poorly in
      a terminal. Consider ensuring it is on one line. For example, use
      `message: >-`, not `message: |`."
    languages:
      - yaml
    patterns:
      - pattern-inside: "rules: [..., $RULE, ...]"
      - pattern: |
          message: "=~/[\\n\\r]/"
    severity: WARNING
    metadata:
      category: correctness
      technology:
        - semgrep
      references:
        - https://github.com/returntocorp/semgrep-rules/issues/1431
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

multi-line-message.test.yaml

rules:
  - id: bad-1
    pattern: "..."
    # ruleid: multi-line-message
    message: |
      a
      b
    severity: WARNING
  - id: bad-2
    pattern: "..."
    # ruleid: multi-line-message
    message: "a\nb"
    severity: WARNING
  - id: good-1
    pattern: "..."
    # ok: multi-line-message
    message: >-
      a
      b
    severity: WARNING