Emma Jin

@DrewDennison This was my original proposal! Was thinking about the narrow use case of sharing taint sources.

Looking at this again I'm confused about what the rule expresses. These were mostly examples to illustrate confusion, not real examples, so I'm just going to close this one.

It seems reasonable to me that we take `$STR = "HERE"` by chance, though it is confusing. I guess we should have a match for all the possible sources? More...

> Although even with taint, this example is inter-procedural. That's true. I filed it on semgrep because we have a bit of that interprocedurality for taint (though I think not...

We've been lax creating examples for languages that don't fit the format very well (YAML doesn't have function calls). If you're just looking for examples, would it be helpful if...

You can find a bunch of YAML style lints here: https://semgrep.dev/p/semgrep-rule-lints and kubernetes security checks here: https://semgrep.dev/p/kubernetes. Hopefully these help! I'll leave this issue open for the documentation gap.

Done. But also, we have a bunch of broken links it sounds like. I would like to know how much benefit these examples provide people.

> Are these rules still reported anyways else? E.g. in the "N rules x M files" header? @ievans I would expect that they are unless it's been explicitly changed in...

Probably a problem with/lack of enum resolution

Hey @theowni! Do you happen to know the last version this worked on? That would be helpful for me.