Remove spurious recommendation tag

lcartey · lcartey · commit 9e24b41e85cb · 2025-05-05T15:47:32.000+01:00
In some of the CERT help files they use "Recommendation" rather
than "Rule" as a header in the Risk Assessment table, creating
spurious query tags.
diff --git a/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql b/c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql
@@ -9,7 +9,6 @@
  * @tags external/cert/id/con34-c
  *       correctness
  *       concurrency
- *       external/cert/recommendation/con34-c
  *       external/cert/severity/medium
  *       external/cert/likelihood/probable
  *       external/cert/remediation-cost/high
diff --git a/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql b/c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql
@@ -10,7 +10,6 @@
  *       external/cert/audit
  *       correctness
  *       concurrency
- *       external/cert/recommendation/con34-c
  *       external/cert/severity/medium
  *       external/cert/likelihood/probable
  *       external/cert/remediation-cost/high
diff --git a/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql b/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql
@@ -8,7 +8,6 @@
  * @problem.severity error
  * @tags external/cert/id/exp39-c
  *       correctness
- *       external/cert/recommendation/exp39-c
  *       external/cert/severity/medium
  *       external/cert/likelihood/unlikely
  *       external/cert/remediation-cost/high
diff --git a/c/cert/src/rules/EXP45-C/AssignmentsInSelectionStatements.ql b/c/cert/src/rules/EXP45-C/AssignmentsInSelectionStatements.ql
@@ -8,7 +8,6 @@
  * @problem.severity error
  * @tags external/cert/id/exp45-c
  *       correctness
- *       external/cert/recommendation/exp45-c
  *       external/cert/severity/low
  *       external/cert/likelihood/likely
  *       external/cert/remediation-cost/medium
diff --git a/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql b/c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql
@@ -9,7 +9,6 @@
  * @tags external/cert/id/mem36-c
  *       correctness
  *       security
- *       external/cert/recommendation/mem36-c
  *       external/cert/severity/low
  *       external/cert/likelihood/probable
  *       external/cert/remediation-cost/high
diff --git a/rule_packages/c/Concurrency4.json b/rule_packages/c/Concurrency4.json
@@ -43,7 +43,6 @@
           "tags": [
             "correctness",
             "concurrency",
-            "external/cert/recommendation/con34-c",
             "external/cert/severity/medium",
             "external/cert/likelihood/probable",
             "external/cert/remediation-cost/high",
@@ -65,7 +64,6 @@
             "external/cert/audit",
             "correctness",
             "concurrency",
-            "external/cert/recommendation/con34-c",
             "external/cert/severity/medium",
             "external/cert/likelihood/probable",
             "external/cert/remediation-cost/high",
diff --git a/rule_packages/c/Memory2.json b/rule_packages/c/Memory2.json
@@ -177,7 +177,6 @@
           "tags": [
             "correctness",
             "security",
-            "external/cert/recommendation/mem36-c",
             "external/cert/severity/low",
             "external/cert/likelihood/probable",
             "external/cert/remediation-cost/high",
diff --git a/rule_packages/c/Pointers3.json b/rule_packages/c/Pointers3.json
@@ -65,7 +65,6 @@
           "short_name": "DoNotAccessVariableViaPointerOfIncompatibleType",
           "tags": [
             "correctness",
-            "external/cert/recommendation/exp39-c",
             "external/cert/severity/medium",
             "external/cert/likelihood/unlikely",
             "external/cert/remediation-cost/high",
diff --git a/rule_packages/c/SideEffects1.json b/rule_packages/c/SideEffects1.json
@@ -78,7 +78,6 @@
           "short_name": "AssignmentsInSelectionStatements",
           "tags": [
             "correctness",
-            "external/cert/recommendation/exp45-c",
             "external/cert/severity/low",
             "external/cert/likelihood/likely",
             "external/cert/remediation-cost/medium",
diff --git a/scripts/add_risk_assessment_tags.py b/scripts/add_risk_assessment_tags.py
@@ -123,8 +123,8 @@ def process_rule_package(rule_package_file):
                                         # Add each risk assessment property as a tag
                                         for key, value in risk_data.items():
                                             key_sanitized = key.lower().replace(" ", "-")
-                                            if key_sanitized == "rule":
-                                                # skip rule, as that is already in the rule ID
+                                            if key_sanitized == "rule" or key_sanitized == "recommendation":
+                                                # skip rule/recommendation as they just repeat the rule ID
                                                 continue
                                             tag = f"external/cert/{key_sanitized}/{value.lower()}"
                                             if tag not in query["tags"]:
