@critiq/rules 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (299) hide show
  1. package/README.md +1 -1
  2. package/catalog.yaml +617 -0
  3. package/package.json +1 -1
  4. package/rules/go/go.correctness.defer-close-before-check.rule.yaml +44 -0
  5. package/rules/go/go.correctness.defer-in-loop.rule.yaml +47 -0
  6. package/rules/go/go.correctness.nil-context-passed.rule.yaml +43 -0
  7. package/rules/go/go.correctness.nil-map-assignment.rule.yaml +42 -0
  8. package/rules/go/go.correctness.time-tick-leak.rule.yaml +44 -0
  9. package/rules/go/go.correctness.unused-append-result.rule.yaml +43 -0
  10. package/rules/go/go.correctness.waitgroup-add-in-goroutine.rule.yaml +45 -0
  11. package/rules/go/go.security.bind-all-interfaces.rule.yaml +57 -0
  12. package/rules/go/go.security.echo-sensitive-binding-without-validation.rule.yaml +10 -0
  13. package/rules/go/go.security.echo-unsafe-multipart-upload.rule.yaml +10 -0
  14. package/rules/go/go.security.fiber-sensitive-binding-without-validation.rule.yaml +10 -0
  15. package/rules/go/go.security.fiber-unsafe-multipart-upload.rule.yaml +10 -0
  16. package/rules/go/go.security.gin-sensitive-binding-without-validation.rule.yaml +10 -0
  17. package/rules/go/go.security.gin-trust-all-proxies.rule.yaml +10 -0
  18. package/rules/go/go.security.gin-wildcard-cors-with-credentials.rule.yaml +10 -0
  19. package/rules/go/go.security.insecure-rand-seed.rule.yaml +55 -0
  20. package/rules/go/go.security.insecure-ssh-host-key.rule.yaml +57 -0
  21. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +56 -0
  22. package/rules/go/go.security.insecure-temp-file.rule.yaml +57 -0
  23. package/rules/go/go.security.jwt-without-verification.rule.yaml +56 -0
  24. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +10 -0
  25. package/rules/go/go.security.pprof-exposed.rule.yaml +56 -0
  26. package/rules/go/go.security.sensitive-data-egress.rule.yaml +10 -0
  27. package/rules/go/go.security.tar-path-traversal.rule.yaml +10 -0
  28. package/rules/go/go.security.template-unescaped-request-value.rule.yaml +10 -0
  29. package/rules/go/go.security.tls-missing-min-version.rule.yaml +55 -0
  30. package/rules/go/go.security.unsafe-package-import.rule.yaml +55 -0
  31. package/rules/go/go.security.weak-bcrypt-cost.rule.yaml +56 -0
  32. package/rules/go/go.security.weak-crypto-import.rule.yaml +57 -0
  33. package/rules/go/go.security.weak-rsa-key-size.rule.yaml +57 -0
  34. package/rules/go/go.security.weak-tls-cipher.rule.yaml +56 -0
  35. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +40 -0
  36. package/rules/java/java.correctness.empty-catch.rule.yaml +40 -0
  37. package/rules/java/java.correctness.equals-on-array.rule.yaml +40 -0
  38. package/rules/java/java.correctness.return-in-finally.rule.yaml +40 -0
  39. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +40 -0
  40. package/rules/java/java.correctness.unsafe-optional-get.rule.yaml +40 -0
  41. package/rules/java/java.security.android-screenshot-exposure.rule.yaml +13 -0
  42. package/rules/java/java.security.android-world-readable-mode.rule.yaml +13 -0
  43. package/rules/java/java.security.hibernate-sql-concatenation.rule.yaml +62 -0
  44. package/rules/java/java.security.insecure-cipher-mode.rule.yaml +52 -0
  45. package/rules/java/java.security.insecure-network-protocol.rule.yaml +52 -0
  46. package/rules/java/java.security.insecure-ssl-context.rule.yaml +52 -0
  47. package/rules/java/java.security.jpa-concatenated-query.rule.yaml +13 -0
  48. package/rules/java/java.security.jwt-without-verification.rule.yaml +53 -0
  49. package/rules/java/java.security.null-cipher.rule.yaml +52 -0
  50. package/rules/java/java.security.permissive-cors.rule.yaml +53 -0
  51. package/rules/java/java.security.predictable-securerandom.rule.yaml +59 -0
  52. package/rules/java/java.security.reflected-output-from-request.rule.yaml +10 -0
  53. package/rules/java/java.security.servlet-insecure-cookie.rule.yaml +13 -0
  54. package/rules/java/java.security.shell-runtime-exec.rule.yaml +58 -0
  55. package/rules/java/java.security.spring-actuator-health-details-always.rule.yaml +13 -0
  56. package/rules/java/java.security.spring-actuator-sensitive-exposure.rule.yaml +13 -0
  57. package/rules/java/java.security.spring-csrf-globally-disabled.rule.yaml +13 -0
  58. package/rules/java/java.security.spring-debug-exposure.rule.yaml +13 -0
  59. package/rules/java/java.security.spring-permit-all-default.rule.yaml +13 -0
  60. package/rules/java/java.security.spring-webmvc-unrestricted-data-binding.rule.yaml +13 -0
  61. package/rules/java/java.security.template-unescaped-user-output.rule.yaml +10 -0
  62. package/rules/java/java.security.trust-all-certificates.rule.yaml +52 -0
  63. package/rules/java/java.security.unsafe-jackson-deserialization.rule.yaml +59 -0
  64. package/rules/java/java.security.weak-rsa-key-size.rule.yaml +54 -0
  65. package/rules/java/java.security.xxe-document-builder.rule.yaml +59 -0
  66. package/rules/java/java.security.xxe-xml-input-factory.rule.yaml +59 -0
  67. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +36 -0
  68. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +36 -0
  69. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +36 -0
  70. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +36 -0
  71. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +36 -0
  72. package/rules/php/php.security.debug-function-exposure.rule.yaml +55 -0
  73. package/rules/php/php.security.insecure-cors-wildcard-with-credentials.rule.yaml +10 -0
  74. package/rules/php/php.security.insecure-mail-or-file-transport.rule.yaml +10 -0
  75. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +51 -0
  76. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +10 -0
  77. package/rules/php/php.security.laravel-sensitive-csrf-exclusion.rule.yaml +13 -0
  78. package/rules/php/php.security.laravel-unsafe-blade-output.rule.yaml +13 -0
  79. package/rules/php/php.security.laravel-unsafe-mass-assignment.rule.yaml +13 -0
  80. package/rules/php/php.security.no-dynamic-eval.rule.yaml +52 -0
  81. package/rules/php/php.security.sensitive-data-egress.rule.yaml +10 -0
  82. package/rules/php/php.security.symfony-csrf-disabled.rule.yaml +13 -0
  83. package/rules/php/php.security.symfony-debug-exposure.rule.yaml +13 -0
  84. package/rules/php/php.security.unsafe-file-upload-handling.rule.yaml +10 -0
  85. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +52 -0
  86. package/rules/php/php.security.weak-cipher.rule.yaml +51 -0
  87. package/rules/php/php.security.wordpress-missing-nonce-or-capability.rule.yaml +13 -0
  88. package/rules/php/php.security.wordpress-unprepared-sql.rule.yaml +13 -0
  89. package/rules/php/php.security.xml-external-entity.rule.yaml +53 -0
  90. package/rules/python/py.correctness.assert-on-tuple.rule.yaml +33 -0
  91. package/rules/python/py.correctness.bare-except.rule.yaml +33 -0
  92. package/rules/python/py.correctness.broad-exception-handler.rule.yaml +33 -0
  93. package/rules/python/py.correctness.dangerous-mutable-default.rule.yaml +33 -0
  94. package/rules/python/py.correctness.duplicate-dict-key.rule.yaml +33 -0
  95. package/rules/python/py.security.bind-all-interfaces.rule.yaml +55 -0
  96. package/rules/python/py.security.debugger-import.rule.yaml +55 -0
  97. package/rules/python/py.security.django-csrf-exempt-state-changing.rule.yaml +13 -0
  98. package/rules/python/py.security.django-format-html-unsafe.rule.yaml +56 -0
  99. package/rules/python/py.security.django-mark-safe.rule.yaml +56 -0
  100. package/rules/python/py.security.django-missing-csrf-middleware.rule.yaml +13 -0
  101. package/rules/python/py.security.django-security-middleware-missing.rule.yaml +60 -0
  102. package/rules/python/py.security.django-unsafe-production-settings.rule.yaml +13 -0
  103. package/rules/python/py.security.drf-allow-any-default.rule.yaml +13 -0
  104. package/rules/python/py.security.drf-allow-any-unsafe-method.rule.yaml +13 -0
  105. package/rules/python/py.security.dynamic-code-execution.rule.yaml +55 -0
  106. package/rules/python/py.security.fastapi-insecure-cors.rule.yaml +13 -0
  107. package/rules/python/py.security.flask-debug-enabled.rule.yaml +56 -0
  108. package/rules/python/py.security.flask-missing-upload-body-limit.rule.yaml +13 -0
  109. package/rules/python/py.security.flask-unsafe-html-output.rule.yaml +13 -0
  110. package/rules/python/py.security.flask-unsafe-upload-filename.rule.yaml +13 -0
  111. package/rules/python/py.security.insecure-temp-file.rule.yaml +55 -0
  112. package/rules/python/py.security.insecure-yaml-load.rule.yaml +55 -0
  113. package/rules/python/py.security.jinja-autoescape-disabled.rule.yaml +58 -0
  114. package/rules/python/py.security.subprocess-shell-enabled.rule.yaml +55 -0
  115. package/rules/ruby/ruby.security.rails-csrf-disabled.rule.yaml +13 -0
  116. package/rules/ruby/ruby.security.rails-detailed-exceptions-enabled.rule.yaml +13 -0
  117. package/rules/ruby/ruby.security.rails-open-redirect.rule.yaml +13 -0
  118. package/rules/ruby/ruby.security.rails-unsafe-html-output.rule.yaml +13 -0
  119. package/rules/ruby/ruby.security.rails-unsafe-render.rule.yaml +13 -0
  120. package/rules/ruby/ruby.security.rails-unsafe-session-or-cookie-store.rule.yaml +13 -0
  121. package/rules/ruby/ruby.security.rails-unsafe-strong-parameters.rule.yaml +13 -0
  122. package/rules/ruby/ruby.security.sensitive-data-egress.rule.yaml +10 -0
  123. package/rules/ruby/ruby.security.sidekiq-web-unauthenticated-mount.rule.yaml +10 -0
  124. package/rules/rust/rust.correctness.block-on-in-async.rule.yaml +48 -0
  125. package/rules/rust/rust.correctness.forget-join-handle.rule.yaml +48 -0
  126. package/rules/rust/rust.correctness.mutex-held-across-await.rule.yaml +48 -0
  127. package/rules/rust/rust.correctness.std-mutex-in-async-fn.rule.yaml +48 -0
  128. package/rules/rust/rust.correctness.thread-sleep-in-async.rule.yaml +48 -0
  129. package/rules/rust/rust.correctness.unbounded-channel.rule.yaml +49 -0
  130. package/rules/rust/rust.correctness.unchecked-index.rule.yaml +46 -0
  131. package/rules/rust/rust.security.actix-wildcard-cors-with-credentials.rule.yaml +13 -0
  132. package/rules/rust/rust.security.axum-body-limit-disabled.rule.yaml +13 -0
  133. package/rules/rust/rust.security.axum-insecure-cors-with-credentials.rule.yaml +13 -0
  134. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +57 -0
  135. package/rules/rust/rust.security.insecure-ssh-host-key.rule.yaml +57 -0
  136. package/rules/rust/rust.security.insecure-ssl-protocol.rule.yaml +57 -0
  137. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +57 -0
  138. package/rules/rust/rust.security.insecure-yaml-load.rule.yaml +57 -0
  139. package/rules/rust/rust.security.jwt-without-verification.rule.yaml +57 -0
  140. package/rules/rust/rust.security.panic-in-async-handler.rule.yaml +57 -0
  141. package/rules/rust/rust.security.rocket-panic-prone-request-handler.rule.yaml +13 -0
  142. package/rules/rust/rust.security.rocket-unsafe-template-output.rule.yaml +13 -0
  143. package/rules/rust/rust.security.shell-command-spawn.rule.yaml +57 -0
  144. package/rules/rust/rust.security.sqlx-diesel-raw-interpolated-query.rule.yaml +13 -0
  145. package/rules/rust/rust.security.template-unescaped-request-value.rule.yaml +10 -0
  146. package/rules/rust/rust.security.tls-missing-min-version.rule.yaml +57 -0
  147. package/rules/rust/rust.security.warp-blocking-or-panic-in-async-handler.rule.yaml +13 -0
  148. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +55 -0
  149. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +57 -0
  150. package/rules/rust/rust.security.weak-tls-cipher.rule.yaml +57 -0
  151. package/rules/shared/security.archive-path-traversal.rule.yaml +10 -0
  152. package/rules/shared/security.external-file-upload.rule.yaml +10 -0
  153. package/rules/shared/security.insecure-http-transport.rule.yaml +10 -0
  154. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +10 -0
  155. package/rules/shared/security.no-hardcoded-credentials.rule.yaml +10 -0
  156. package/rules/shared/security.no-request-path-file-read.rule.yaml +10 -0
  157. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +10 -0
  158. package/rules/shared/security.no-sql-interpolation.rule.yaml +10 -0
  159. package/rules/shared/security.permissive-file-permissions.rule.yaml +10 -0
  160. package/rules/shared/security.sensitive-data-egress.rule.yaml +10 -0
  161. package/rules/shared/security.tls-verification-disabled.rule.yaml +10 -0
  162. package/rules/shared/security.unsafe-deserialization.rule.yaml +10 -0
  163. package/rules/shared/security.weak-hash-algorithm.rule.yaml +10 -0
  164. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +35 -0
  165. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +35 -0
  166. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +35 -0
  167. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +35 -0
  168. package/rules/typescript/ts.correctness.for-in-on-array.rule.yaml +35 -0
  169. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +32 -0
  170. package/rules/typescript/ts.correctness.invalid-await-expression.rule.yaml +32 -0
  171. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +35 -0
  172. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +32 -0
  173. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +35 -0
  174. package/rules/typescript/ts.correctness.no-floating-promise-in-function.rule.yaml +32 -0
  175. package/rules/typescript/ts.correctness.no-misused-promises.rule.yaml +32 -0
  176. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +35 -0
  177. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +35 -0
  178. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +32 -0
  179. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +35 -0
  180. package/rules/typescript/ts.next.server-action-missing-local-auth.rule.yaml +13 -0
  181. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +32 -0
  182. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +32 -0
  183. package/rules/typescript/ts.react.no-bind-in-jsx-props.rule.yaml +36 -0
  184. package/rules/typescript/ts.react.no-children-prop.rule.yaml +34 -0
  185. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +34 -0
  186. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +34 -0
  187. package/rules/typescript/ts.react.no-jsx-props-spread.rule.yaml +35 -0
  188. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +34 -0
  189. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +34 -0
  190. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +46 -0
  191. package/rules/typescript/ts.react.no-this-in-function-component.rule.yaml +34 -0
  192. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +44 -0
  193. package/rules/typescript/ts.security.ajv-insecure-configuration.rule.yaml +10 -0
  194. package/rules/typescript/ts.security.angular-dom-sanitizer-bypass-untrusted-input.rule.yaml +13 -0
  195. package/rules/typescript/ts.security.apollo-server-csrf-disabled.rule.yaml +16 -0
  196. package/rules/typescript/ts.security.apollo-server-graphql-dev-tooling-exposure.rule.yaml +16 -0
  197. package/rules/typescript/ts.security.apollo-server-introspection-exposure.rule.yaml +16 -0
  198. package/rules/typescript/ts.security.apollo-server-missing-query-limits.rule.yaml +16 -0
  199. package/rules/typescript/ts.security.astro-vite-public-secret-define.rule.yaml +13 -0
  200. package/rules/typescript/ts.security.bind-to-all-interfaces.rule.yaml +10 -0
  201. package/rules/typescript/ts.security.browser-token-storage.rule.yaml +10 -0
  202. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +10 -0
  203. package/rules/typescript/ts.security.dangerously-set-inner-html.rule.yaml +10 -0
  204. package/rules/typescript/ts.security.datadog-browser-track-user-interactions.rule.yaml +10 -0
  205. package/rules/typescript/ts.security.debug-mode-enabled.rule.yaml +10 -0
  206. package/rules/typescript/ts.security.debug-statement-in-source.rule.yaml +10 -0
  207. package/rules/typescript/ts.security.dynamodb-query-injection.rule.yaml +10 -0
  208. package/rules/typescript/ts.security.electron-dangerous-webpreferences.rule.yaml +10 -0
  209. package/rules/typescript/ts.security.electron-insecure-local-state.rule.yaml +10 -0
  210. package/rules/typescript/ts.security.electron-missing-ipc-origin-check.rule.yaml +10 -0
  211. package/rules/typescript/ts.security.electron-shell-open-external-unvalidated.rule.yaml +13 -0
  212. package/rules/typescript/ts.security.exposed-directory-listing.rule.yaml +10 -0
  213. package/rules/typescript/ts.security.express-cookie-missing-http-only.rule.yaml +16 -0
  214. package/rules/typescript/ts.security.express-default-cookie-config.rule.yaml +16 -0
  215. package/rules/typescript/ts.security.express-default-session-config.rule.yaml +16 -0
  216. package/rules/typescript/ts.security.express-error-handler-information-disclosure.rule.yaml +16 -0
  217. package/rules/typescript/ts.security.express-insecure-cookie.rule.yaml +16 -0
  218. package/rules/typescript/ts.security.express-missing-helmet.rule.yaml +16 -0
  219. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -0
  220. package/rules/typescript/ts.security.express-permissive-cookie-config.rule.yaml +16 -0
  221. package/rules/typescript/ts.security.express-permissive-cors.rule.yaml +52 -0
  222. package/rules/typescript/ts.security.express-reduce-fingerprint.rule.yaml +16 -0
  223. package/rules/typescript/ts.security.express-static-assets-after-session.rule.yaml +16 -0
  224. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +16 -0
  225. package/rules/typescript/ts.security.express-unbounded-body-parser.rule.yaml +16 -0
  226. package/rules/typescript/ts.security.express-user-controlled-static-mount.rule.yaml +16 -0
  227. package/rules/typescript/ts.security.external-file-upload.rule.yaml +10 -0
  228. package/rules/typescript/ts.security.fastify-excessive-body-limit.rule.yaml +16 -0
  229. package/rules/typescript/ts.security.fastify-public-bind-without-trust-proxy.rule.yaml +16 -0
  230. package/rules/typescript/ts.security.file-generation.rule.yaml +10 -0
  231. package/rules/typescript/ts.security.format-string-using-user-input.rule.yaml +10 -0
  232. package/rules/typescript/ts.security.frontend-only-authorization.rule.yaml +10 -0
  233. package/rules/typescript/ts.security.graphql-upload-without-csrf-guard.rule.yaml +16 -0
  234. package/rules/typescript/ts.security.handlebars-no-escape.rule.yaml +10 -0
  235. package/rules/typescript/ts.security.hardcoded-auth-secret.rule.yaml +10 -0
  236. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +10 -0
  237. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +10 -0
  238. package/rules/typescript/ts.security.information-leakage.rule.yaml +10 -0
  239. package/rules/typescript/ts.security.insecure-allow-origin.rule.yaml +10 -0
  240. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +10 -0
  241. package/rules/typescript/ts.security.insecure-content-security-policy-literal.rule.yaml +10 -0
  242. package/rules/typescript/ts.security.insecure-helmet-hardening-options.rule.yaml +10 -0
  243. package/rules/typescript/ts.security.insecure-password-hash-configuration.rule.yaml +10 -0
  244. package/rules/typescript/ts.security.insecure-websocket-transport.rule.yaml +10 -0
  245. package/rules/typescript/ts.security.insufficiently-random-values.rule.yaml +10 -0
  246. package/rules/typescript/ts.security.jwt-insecure-signing-algorithm.rule.yaml +10 -0
  247. package/rules/typescript/ts.security.jwt-not-revoked.rule.yaml +10 -0
  248. package/rules/typescript/ts.security.jwt-sensitive-claims.rule.yaml +10 -0
  249. package/rules/typescript/ts.security.legacy-buffer-constructor.rule.yaml +10 -0
  250. package/rules/typescript/ts.security.log-injection.rule.yaml +10 -0
  251. package/rules/typescript/ts.security.manual-html-sanitization.rule.yaml +10 -0
  252. package/rules/typescript/ts.security.missing-authorization-before-sensitive-action.rule.yaml +10 -0
  253. package/rules/typescript/ts.security.missing-integrity-check.rule.yaml +10 -0
  254. package/rules/typescript/ts.security.missing-message-origin-check.rule.yaml +10 -0
  255. package/rules/typescript/ts.security.missing-ownership-validation.rule.yaml +10 -0
  256. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +10 -0
  257. package/rules/typescript/ts.security.nestjs-helmet-after-route-mount.rule.yaml +16 -0
  258. package/rules/typescript/ts.security.nestjs-missing-global-validation-pipe.rule.yaml +16 -0
  259. package/rules/typescript/ts.security.nestjs-skip-throttle-sensitive-route.rule.yaml +16 -0
  260. package/rules/typescript/ts.security.nestjs-validation-pipe-without-whitelist.rule.yaml +16 -0
  261. package/rules/typescript/ts.security.no-alert-confirm-prompt.rule.yaml +44 -0
  262. package/rules/typescript/ts.security.no-arguments-callee.rule.yaml +44 -0
  263. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +45 -0
  264. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +10 -0
  265. package/rules/typescript/ts.security.no-fs-readfile-sync-in-handler.rule.yaml +46 -0
  266. package/rules/typescript/ts.security.no-global-native-reassignment.rule.yaml +44 -0
  267. package/rules/typescript/ts.security.no-innerhtml-assignment.rule.yaml +10 -0
  268. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +44 -0
  269. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +44 -0
  270. package/rules/typescript/ts.security.no-sync-child-process-exec.rule.yaml +45 -0
  271. package/rules/typescript/ts.security.no-throw-literal.rule.yaml +44 -0
  272. package/rules/typescript/ts.security.no-with-statement.rule.yaml +44 -0
  273. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +10 -0
  274. package/rules/typescript/ts.security.nuxt-public-runtime-secret.rule.yaml +13 -0
  275. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +10 -0
  276. package/rules/typescript/ts.security.open-redirect.rule.yaml +10 -0
  277. package/rules/typescript/ts.security.permissive-allow-origin.rule.yaml +10 -0
  278. package/rules/typescript/ts.security.permissive-file-permissions.rule.yaml +10 -0
  279. package/rules/typescript/ts.security.postmessage-wildcard-origin.rule.yaml +10 -0
  280. package/rules/typescript/ts.security.predictable-token-generation.rule.yaml +10 -0
  281. package/rules/typescript/ts.security.raw-html-using-user-input.rule.yaml +10 -0
  282. package/rules/typescript/ts.security.request-driven-array-index-access.rule.yaml +10 -0
  283. package/rules/typescript/ts.security.sensitive-data-egress.rule.yaml +10 -0
  284. package/rules/typescript/ts.security.sensitive-data-in-exception.rule.yaml +10 -0
  285. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +10 -0
  286. package/rules/typescript/ts.security.ssrf.rule.yaml +10 -0
  287. package/rules/typescript/ts.security.token-or-session-not-validated.rule.yaml +10 -0
  288. package/rules/typescript/ts.security.ui-redress.rule.yaml +10 -0
  289. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +44 -0
  290. package/rules/typescript/ts.security.unsafe-dompurify-version.rule.yaml +10 -0
  291. package/rules/typescript/ts.security.unsafe-marked-version.rule.yaml +10 -0
  292. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +10 -0
  293. package/rules/typescript/ts.security.unvalidated-external-input.rule.yaml +10 -0
  294. package/rules/typescript/ts.security.user-controlled-sendfile.rule.yaml +10 -0
  295. package/rules/typescript/ts.security.user-controlled-view-render.rule.yaml +10 -0
  296. package/rules/typescript/ts.security.weak-cipher-or-mode.rule.yaml +10 -0
  297. package/rules/typescript/ts.security.weak-key-strength.rule.yaml +10 -0
  298. package/rules/typescript/ts.security.weak-tls-version.rule.yaml +10 -0
  299. package/rules/typescript/ts.security.xml-parse-string-with-untrusted-input.rule.yaml +10 -0
package/README.md CHANGED
@@ -75,7 +75,7 @@ Use a **major tag** (`@v1`) or pin a **commit SHA** for supply-chain control. Mo
75
75
 
76
76
  ## Catalog At A Glance
77
77
 
78
- Today the catalog includes `309` rules across `17` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
78
+ Today the catalog includes `435` rules across `17` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
79
79
 
80
80
  | Category | Rules | What it looks after |
81
81
  | --- | ---: | --- |