forked from wagtail/wagtail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.semgrep.yml
79 lines (79 loc) · 3.55 KB
/
.semgrep.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
rules:
- id: translation-no-new-style-formatting
patterns:
- pattern: $FUNC("$STRING_ID", ...)
- metavariable-regex:
metavariable: $FUNC
regex: '_|gettext|gettext_lazy|ngettext|ngettext_lazy'
- metavariable-regex:
metavariable: $STRING_ID
regex: ".*({(\\d*|[\\w_]*)}).*"
message: |
Do not use str.format style formatting for translations.
Use printf style formatting with named placeholders instead.
For example, do `_("Hello %(name)s") % {"name": "Wagtail"}`
instead of `_("Hello {name}").format(name="Wagtail")`.
See https://docs.wagtail.org/en/latest/contributing/translations.html#marking-strings-for-translation for more information.
languages: [python, javascript, typescript]
severity: ERROR
- id: translation-no-f-strings
patterns:
- pattern: $FUNC(f"...", ...)
- metavariable-regex:
metavariable: $FUNC
regex: '_|gettext|gettext_lazy|ngettext|ngettext_lazy'
message: >
Do not use formatted string literals for translations.
Use printf style formatting with named placeholders instead.
For example, do `_("Hello %(name)s") % {"name": "Wagtail"}`
instead of `_(f"Hello {name}")`.
See https://docs.wagtail.org/en/latest/contributing/translations.html#marking-strings-for-translation for more information.
languages: [python]
severity: ERROR
- id: translation-no-anonymous-arguments
patterns:
- pattern: $FUNC("$STRING_ID", ...)
- metavariable-regex:
metavariable: $FUNC
regex: '_|gettext|gettext_lazy|ngettext|ngettext_lazy'
- metavariable-regex:
metavariable: $STRING_ID
regex: ".*%\\w.*"
message: >
Do not use anonymous placeholders for translations.
Use printf style formatting with named placeholders instead.
For example, do `_("Hello %(name)s") % {"name": "Wagtail"}`
instead of `_("Hello %s") % "Wagtail"`.
See https://docs.wagtail.org/en/latest/contributing/translations.html#marking-strings-for-translation for more information.
languages: [python, javascript, typescript]
severity: ERROR
- id: translation-no-format-within-gettext-python
patterns:
- pattern: $FUNC("..." % ..., ...)
- metavariable-regex:
metavariable: $FUNC
regex: '_|gettext|gettext_lazy|ngettext|ngettext_lazy'
message: >
Do not format string before translations
or the interpolated value will be part of the key.
Instead, interpolate after the call to gettext.
For example, do `_("Hello %(name)s") % {"name": "Wagtail"}`
instead of `_("Hello %(name)s" % {"name": "Wagtail"} )`.
See https://docs.wagtail.org/en/latest/contributing/translations.html#marking-strings-for-translation for more information.
languages: [python]
severity: ERROR
- id: translation-no-format-within-gettext-javascript
patterns:
- pattern: $FUNC("...".replace(...), ...)
- metavariable-regex:
metavariable: $FUNC
regex: '_|gettext|gettext_lazy|ngettext|ngettext_lazy'
message: >
Do not format string before translations
or the interpolated value will be part of the key.
Instead, interpolate after the call to gettext.
For example, do `_("Hello %(name)s") % {"name": "Wagtail"}`
instead of `_("Hello %(name)s" % {"name": "Wagtail"} )`.
See https://docs.wagtail.org/en/latest/contributing/translations.html#marking-strings-for-translation for more information.
languages: [javascript, typescript]
severity: ERROR