Running the converter with --source core owasp — the documented way to
build with both rule sets — fails the duplicate-filename guard because two
files share a name:
sources/rules/core/codeguard-0-safe-c-functions.md (328 lines)sources/rules/owasp/codeguard-0-safe-c-functions.md (140 lines)
The owasp copy is a strict subset of the core copy — same prose with bold
formatting added, minus ~190 lines of *_s() replacement patterns and
review checklists that only core has. Its frontmatter language list is
also wrong (lists javascript, ruby, typescript, yaml for a C
memory-safety rule).
CI didn't catch this: all three workflow invocations run the converter
with no --source arg, which defaults to core only, so the owasp set
is never loaded and the guard never sees both files together.
Both files are present on main.
Running the converter with
--source core owasp— the documented way tobuild with both rule sets — fails the duplicate-filename guard because two
files share a name:
sources/rules/core/codeguard-0-safe-c-functions.md(328 lines)sources/rules/owasp/codeguard-0-safe-c-functions.md(140 lines)The owasp copy is a strict subset of the core copy — same prose with bold
formatting added, minus ~190 lines of
*_s()replacement patterns andreview checklists that only core has. Its frontmatter language list is
also wrong (lists
javascript, ruby, typescript, yamlfor a Cmemory-safety rule).
CI didn't catch this: all three workflow invocations run the converter
with no
--sourcearg, which defaults tocoreonly, so theowaspsetis never loaded and the guard never sees both files together.
sources/rules/owasp/codeguard-0-safe-c-functions.md(orrename if there's a reason to keep a distinct OWASP variant)
convert_to_ide_formats.pyscan everydir under
sources/rules/*/regardless of--source, so a defaultrun flags cross-set collisions
validate-rules.ymlstep that runs--source core owasp --output-dir /tmp/validate-allso CI alsoverifies the owasp rules convert cleanly
Both files are present on
main.