Skip to content

Duplicate codeguard-0-safe-c-functions.md in core and owasp rule sets #65

Description

@thomas-bartlett

Running the converter with --source core owasp — the documented way to
build with both rule sets — fails the duplicate-filename guard because two
files share a name:

  • sources/rules/core/codeguard-0-safe-c-functions.md (328 lines)
  • sources/rules/owasp/codeguard-0-safe-c-functions.md (140 lines)

The owasp copy is a strict subset of the core copy — same prose with bold
formatting added, minus ~190 lines of *_s() replacement patterns and
review checklists that only core has. Its frontmatter language list is
also wrong (lists javascript, ruby, typescript, yaml for a C
memory-safety rule).

CI didn't catch this: all three workflow invocations run the converter
with no --source arg, which defaults to core only, so the owasp set
is never loaded and the guard never sees both files together.

  • Delete sources/rules/owasp/codeguard-0-safe-c-functions.md (or
    rename if there's a reason to keep a distinct OWASP variant)
  • Make the duplicate guard in convert_to_ide_formats.py scan every
    dir under sources/rules/*/ regardless of --source, so a default
    run flags cross-set collisions
  • Add a validate-rules.yml step that runs
    --source core owasp --output-dir /tmp/validate-all so CI also
    verifies the owasp rules convert cleanly

Both files are present on main.

Metadata

Metadata

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions