chore(deps): Bump to 1.58.0

.circleci/config.yml

@@ -1,8 +1,8 @@
 version: 2.1
 
 orbs:
-  codacy: codacy/[email protected].0
-  codacy_plugins_test: codacy/[email protected].2
+  codacy: codacy/[email protected].2
+  codacy_plugins_test: codacy/[email protected].6
 
 jobs:
   unit_tests:

.tool_version

@@ -1 +1 @@
-1.50.0
+1.58.0

docs/multiple-tests/gitlab-rules/results.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<checkstyle version="1.5">
+    <file name="c_buffer_rule-strncat.c">
+        <error source="c_buffer_rule-strncat" line="11" message="The `strncat` family of functions are easy to use incorrectly when calculating destination buffer sizes." severity="info" />
+        <error source="c_buffer_rule-strncat" line="12" message="The `strncat` family of functions are easy to use incorrectly when calculating destination buffer sizes." severity="info" />
+    </file>
+</checkstyle>

docs/multiple-tests/language-support/patterns.xml

@@ -7,7 +7,6 @@
     <module name="csharp.dotnet.security.use_weak_rng_for_keygeneration.use_weak_rng_for_keygeneration" />
     <module name="dockerfile.security.last-user-is-root.last-user-is-root" />
     <module name="dockerfile.security.missing-user.missing-user" />
-    <module name="elixir.lang.best-practice.enum-map-into.enum_map_into" />
     <module name="go.lang.security.bad_tmp.bad-tmp-file-creation" />
     <module name="java.java-jwt.security.jwt-none-alg.java-jwt-none-alg" />
     <module name="javascript.ajv.security.audit.ajv-allerrors-true.ajv-allerrors-true" />

docs/multiple-tests/language-support/results.xml

@@ -7,7 +7,7 @@
         <error source="bash.curl.security.curl-eval.curl-eval" line="19" message="Data is being eval'd from a `curl` command." severity="warning" />
     </file>
     <file name="c/double-free.c">
-        <error source="c.lang.security.double-free.double-free" line="7" message="Variable '$VAR' was freed twice." severity="error" />
+        <error source="c.lang.security.double-free.double-free" line="7" message="Variable 'var' was freed twice." severity="error" />
     </file>
         <file name="clojure/use-of-md5.clj">
         <error source="clojure.lang.security.use-of-md5.use-of-md5" line="6" message="MD5 hash algorithm detected." severity="warning" />
@@ -25,11 +25,6 @@
         <error source="dockerfile.security.missing-user.missing-user" line="10" message="By not specifying a USER, a program in the container may run as 'root'. This is a security hazard." severity="error" />
         <error source="dockerfile.security.missing-user.missing-user" line="13" message="By not specifying a USER, a program in the container may run as 'root'. This is a security hazard." severity="error" />
     </file>
-    <file name="elixir/enum-map-into.exs">
-        <error source="elixir.lang.best-practice.enum-map-into.enum_map_into" line="2" message="Using `Enum.into/3` is more efficient than using `Enum.map/2 |> Enum.into/2`." severity="warning" />
-        <error source="elixir.lang.best-practice.enum-map-into.enum_map_into" line="5" message="Using `Enum.into/3` is more efficient than using `Enum.map/2 |> Enum.into/2`." severity="warning" />
-        <error source="elixir.lang.best-practice.enum-map-into.enum_map_into" line="9" message="Using `Enum.into/3` is more efficient than using `Enum.map/2 |> Enum.into/2`." severity="warning" />
-    </file>
     <file name="go/bad_tmp.go">
         <error source="go.lang.security.bad_tmp.bad-tmp-file-creation" line="10" message="File creation in shared tmp directory without using ioutil.Tempfile" severity="warning" />
     </file>
@@ -85,12 +80,12 @@
         <error source="terraform.lang.security.rds-public-access.rds-public-access" line="29" message="RDS instance accessible from the Internet detected." severity="warning" />
     </file>
     <file name="typescript/detect-child-process.ts">
-        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="6" message="Detected calls to child_process from a function argument `$FUNC`. This could lead to a command injection if the input is user controllable." severity="error" />
-        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="13" message="Detected calls to child_process from a function argument `$FUNC`. This could lead to a command injection if the input is user controllable." severity="error" />
-        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="13" message="Detected calls to child_process from a function argument `$FUNC`. This could lead to a command injection if the input is user controllable." severity="error" />
+        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="6" message="Detected calls to child_process from a function argument `args`. This could lead to a command injection if the input is user controllable." severity="error" />
+        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="13" message="Detected calls to child_process from a function argument `userInput`. This could lead to a command injection if the input is user controllable." severity="error" />
+        <error source="javascript.lang.security.detect-child-process.detect-child-process" line="13" message="Detected calls to child_process from a function argument `userInput`. This could lead to a command injection if the input is user controllable." severity="error" />
     </file>
     <file name="unknown_extension/double-free.h">
-        <error source="c.lang.security.double-free.double-free" line="7" message="Variable '$VAR' was freed twice." severity="error" />
+        <error source="c.lang.security.double-free.double-free" line="7" message="Variable 'var' was freed twice." severity="error" />
     </file>
     <file name="yaml/argo-workflow-parameter-command-injection.test.yaml">
         <error source="yaml.argo.security.argo-workflow-parameter-command-injection.argo-workflow-parameter-command-injection" line="19" message="Using input or workflow parameters in here-scripts can lead to command injection or code injection." severity="error" />

docs/multiple-tests/language-support/src/dockerfile/missing-user.dockerfile

@@ -12,6 +12,5 @@ CMD semgrep -f p/xss
 # ruleid: missing-user
 CMD semgrep --config localfile targets
 
-# TODO: metavar ellipses bug
 # ok: missing-user
 CMD ["semgrep", "--version"]

docs/multiple-tests/language-support/src/go/bad_tmp.go

@@ -14,7 +14,7 @@ func main() {
 }
 func main_good() {
 	// ok:bad-tmp-file-creation
-	err := ioutil.Tempfile("/tmp", "my_temp")
+	_, err := ioutil.TempFile("/tmp", "my_temp")
 	if err != nil {
 		fmt.Println("Error while writing!")
 	}

go.mod

@@ -5,15 +5,15 @@ go 1.21
 require (
 	github.com/codacy/codacy-engine-golang-seed/v6 v6.1.4
 	github.com/go-git/go-git/v5 v5.11.0
-	github.com/samber/lo v1.38.1
+	github.com/samber/lo v1.39.0
 	github.com/stretchr/testify v1.8.4
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -29,11 +29,11 @@ require (
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 // indirect
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/tools v0.15.0 // indirect
+	golang.org/x/net v0.20.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/tools v0.17.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )

go.sum

@@ -3,8 +3,8 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
-github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
+github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -59,8 +59,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=
-github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
+github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
+github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
 github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
 github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
@@ -82,10 +82,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 h1:mchzmB1XO2pMaKFRqk/+MV3mgGG96aqaPXaMifQU47w=
-golang.org/x/exp v0.0.0-20231108232855-2478ac86f678/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
@@ -97,13 +97,13 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -117,15 +117,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -139,8 +139,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
-golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/docgen/parsing.go

@@ -164,7 +164,8 @@ func isValidSemgrepRegistryRuleFile(filename string) bool {
 		!strings.HasPrefix(filename, "generic/nginx/") &&
 		!strings.HasPrefix(filename, "html/") &&
 		!strings.HasPrefix(filename, "ocaml/") &&
-		!strings.HasPrefix(filename, "solidity/")
+		!strings.HasPrefix(filename, "solidity/") &&
+		!strings.HasPrefix(filename, "elixir/")
 }
 
 func isValidGitLabRuleFile(filename string) bool {
@@ -210,7 +211,7 @@ func (r SemgrepRule) toPatternWithExplanation(defaultRules SemgrepRules) Pattern
 	return PatternWithExplanation{
 		ID:          r.ID,
 		Title:       getLastSegment(r.ID),
-		Description: GetFirstSentence(r.Message),
+		Description: GetFirstSentence(strings.ReplaceAll(r.Message, "\n", " ")),
 		Level:       toCodacyLevel(r.Severity),
 		Category:    toCodacyCategory(r),
 		SubCategory: getCodacySubCategory(toCodacyCategory(r), r.Metadata.OWASP),
@@ -414,7 +415,8 @@ func toCodacyLanguages(r SemgrepRule) []string {
 	codacyLanguages := lo.Map(
 		lo.Filter(r.Languages, func(s string, index int) bool {
 			return s != "generic" && s != "regex" && // internal rules?
-				s != "lua" && s != "ocaml" && s != "html" && s != "solidity" // not supported by Codacy
+				s != "lua" && s != "ocaml" && s != "html" && s != "solidity" && // not supported by Codacy
+				s != "elixir" // Pro languages
 		}),
 		func(s string, index int) string {
 			codacyLanguage := supportedLanguages[s]

internal/tool/command.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 
 	codacy "github.com/codacy/codacy-engine-golang-seed/v6"
-	docgen "github.com/codacy/codacy-semgrep/internal/docgen"
+	"github.com/codacy/codacy-semgrep/internal/docgen"
 	"github.com/samber/lo"
 )
 
@@ -137,7 +137,6 @@ func appendIssueToResult(result []codacy.Result, patternDescriptions *[]codacy.P
 
 func getMessage(patternDescriptions *[]codacy.PatternDescription, id string, extraMessage string) string {
 	// If message is empty, get the pattern title
-	// TODO: In addition to that, Semgrep also interpolates metavars: https://github.com/semgrep/semgrep/blob/a1476e252c84d407a10e0a2e018e8468b49a0dc1/cli/src/semgrep/core_output.py#L169C24-L169C24
 	if extraMessage == "" {
 		description, ok := lo.Find(*patternDescriptions, func(d codacy.PatternDescription) bool {
 			return d.PatternID == id
@@ -146,7 +145,7 @@ func getMessage(patternDescriptions *[]codacy.PatternDescription, id string, ext
 			return description.Description
 		}
 	}
-	return docgen.GetFirstSentence(extraMessage)
+	return docgen.GetFirstSentence(strings.ReplaceAll(extraMessage, "\n", " "))
 }
 
 func appendErrorToResult(result []codacy.Result, semgrepOutput SemgrepOutput) []codacy.Result {
@@ -157,4 +156,4 @@ func appendErrorToResult(result []codacy.Result, semgrepOutput SemgrepOutput) []
 		})
 	}
 	return result
-}
+}

internal/tool/configuration.go

@@ -284,4 +284,4 @@ func detectLanguage(fileName string) string {
 		return language
 	}
 	return "none"
-}
+}