Class: Rules::JqArgEscape

Inherits:

Base

• Object
• Base
• Rules::JqArgEscape

Defined in:

lib/rules/jq_arg_escape.rb

Constant Summary

PATTERN =

/jq\s.*--arg\s+\w+\s+"[^"]*\\[nt\\][^"]*"/

Instance Method Summary

• #check(workflow) ⇒ Object
• #description ⇒ Object
• #name ⇒ Object
• #severity ⇒ Object

Instance Method Details

#check(workflow) ⇒ Object

# File 'lib/rules/jq_arg_escape.rb', line 9

def check(workflow)
    findings = []

    workflow.raw_lines.each_with_index do |line, i|
        next if line.strip.start_with?("#")
        next unless line.match?(PATTERN)

        findings << finding(workflow,
            line: i + 1,
            code: line.strip,
            message: "jq --arg treats values as raw literals — \\n becomes literal backslash-n, not a newline",
            fix: "Use real newlines via $'\\n' or multi-line variable, or use --argjson with pre-escaped JSON"
        )
    end

    findings
end

#description ⇒ Object

# File 'lib/rules/jq_arg_escape.rb', line 4

def description = "jq --arg value contains backslash escape sequences that won't be interpreted"

#name ⇒ Object

# File 'lib/rules/jq_arg_escape.rb', line 3

def name = "jq-arg-escape-sequences"

#severity ⇒ Object

# File 'lib/rules/jq_arg_escape.rb', line 5

def severity = :medium