-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linters: semgrep rule to replace AWSR002 #19039
Conversation
1c8567e
to
04a2554
Compare
Running on "current" (4b72ef5) % semgrep --config .semgrep.yml
running 20 rules...
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████|20/20
aws/resource_aws_elastic_beanstalk_application.go
severity:warning rule:helper-schema-ResourceData-Set-tags: (schema.ResourceData).Set() call with the tags key should include IgnoreConfig in the value
266: tags = tags.IgnoreElasticbeanstalk().IgnoreConfig(ignoreTagsConfig)
267:
268: //lintignore:AWSR002
269: if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
270: return fmt.Errorf("error setting tags: %w", err)
271: }
aws/resource_aws_elastic_beanstalk_application_version.go
severity:warning rule:helper-schema-ResourceData-Set-tags: (schema.ResourceData).Set() call with the tags key should include IgnoreConfig in the value
134: tags = tags.IgnoreElasticbeanstalk().IgnoreConfig(ignoreTagsConfig)
135:
136: //lintignore:AWSR002
137: if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
138: return fmt.Errorf("error setting tags: %w", err)
139: }
aws/resource_aws_elastic_beanstalk_environment.go
severity:warning rule:helper-schema-ResourceData-Set-tags: (schema.ResourceData).Set() call with the tags key should include IgnoreConfig in the value
627: tags = tags.IgnoreElasticbeanstalk().IgnoreConfig(ignoreTagsConfig)
628:
629: //lintignore:AWSR002
630: if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
631: return fmt.Errorf("error setting tags: %w", err)
632: }
aws/resource_aws_waf_rate_based_rule.go
severity:warning rule:helper-schema-ResourceData-Set-tags: (schema.ResourceData).Set() call with the tags key should include IgnoreConfig in the value
164: tags := tagList.IgnoreAws().IgnoreConfig(ignoreTagsConfig)
165:
166: //lintignore:AWSR002
167: if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
168: return fmt.Errorf("error setting tags: %w", err)
169: }
aws/resource_aws_wafregional_rate_based_rule.go
severity:warning rule:helper-schema-ResourceData-Set-tags: (schema.ResourceData).Set() call with the tags key should include IgnoreConfig in the value
164: tags := tagList.IgnoreAws().IgnoreConfig(ignoreTagsConfig)
165:
166: //lintignore:AWSR002
167: if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
168: return fmt.Errorf("error setting tags: %w", err)
169: }
ran 20 rules on 2451 files: 5 findings |
Ohh interesting! I'll add a pattern for the I noticed the rule wasn't catching changes in a data-source b/c of the original pattern the rule is looking for, so i've added separate rule for just data-sources |
aa75d5d
to
f18347c
Compare
c914826
to
7dbc687
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent! 🎉
% semgrep
running 22 rules...
100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████|22/22
ran 22 rules on 2459 files: 0 findings
7dbc687
to
17ce7c6
Compare
This has been released in version 3.38.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Relates #18721
Preceded by #7926
Output from semgrep testing: