semgrep: add rule to detect string interpolation in WithInfoMsg

The event.WithInfoMsg function expects a set of key value tuples, but it can easily be misunderstood to accept string interpolation arguments. This check will error if any string interpolation verbs are used in calls to event.WithInfoMsg
hashicorp · Sep 23, 2024 · 9c08e07 · 9c08e07
1 parent 49a2118
commit 9c08e07
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/.semgrep/event-with-info-msg.yaml b/.semgrep/event-with-info-msg.yaml
@@ -0,0 +1,13 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+rules:
+  - id: with-info-msg-string-interpolation
+    languages:
+      - go
+    severity: ERROR
+    message: Use of WithInfoMsg with string interpolation. WithInfoMsg expects kv
+      tuples.
+    # Source for Go string interpolation verbs:
+    # https://pkg.go.dev/fmt#hdr-Printing.
+    pattern: event.WithInfoMsg("=~/.*%(((\[\d+\])|[\d|\.|#|+|\-| |\*])*)?[s|v|q|d|T|t|b|c|o|O|x|X|U|e|E|f|F|g|G|p].*/",...)