@critiq/rules 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (495) hide show
  1. package/README.md +3 -2
  2. package/catalog.yaml +1415 -0
  3. package/package.json +1 -1
  4. package/rules/cfn/cfn.correctness.attributedefinitions-keyschemas-mismatch.rule.yaml +49 -0
  5. package/rules/cfn/cfn.correctness.base64-validation-of-parameters.rule.yaml +49 -0
  6. package/rules/cfn/cfn.correctness.basic-cloudformation-resource-check.rule.yaml +49 -0
  7. package/rules/cfn/cfn.correctness.basic-cloudformation-template-configuration.rule.yaml +49 -0
  8. package/rules/cfn/cfn.correctness.cannot-reference-resources-in-the-conditions-block-of-the-template.rule.yaml +49 -0
  9. package/rules/cfn/cfn.correctness.check-at-least-one-essential-container-is-specified.rule.yaml +49 -0
  10. package/rules/cfn/cfn.correctness.check-deletionpolicy-values-for-resources.rule.yaml +49 -0
  11. package/rules/cfn/cfn.correctness.check-dependson-values-for-resources.rule.yaml +49 -0
  12. package/rules/cfn/cfn.correctness.check-ec2-ebs-properties.rule.yaml +49 -0
  13. package/rules/cfn/cfn.correctness.check-elastic-cache-redis-cluster-settings.rule.yaml +49 -0
  14. package/rules/cfn/cfn.correctness.check-events-rule-targets-are-less-than-or-equal-to-5.rule.yaml +49 -0
  15. package/rules/cfn/cfn.correctness.check-fargate-service-scheduling-strategy.rule.yaml +49 -0
  16. package/rules/cfn/cfn.correctness.check-fn-and-structure-for-validity.rule.yaml +49 -0
  17. package/rules/cfn/cfn.correctness.check-fn-equals-structure-for-validity.rule.yaml +49 -0
  18. package/rules/cfn/cfn.correctness.check-fn-if-structure-for-validity.rule.yaml +49 -0
  19. package/rules/cfn/cfn.correctness.check-fn-not-structure-for-validity.rule.yaml +49 -0
  20. package/rules/cfn/cfn.correctness.check-fn-or-structure-for-validity.rule.yaml +49 -0
  21. package/rules/cfn/cfn.correctness.check-for-subscriptionfilters-have-beyond-2-attachments-to-a-cloudwatch-log-group.rule.yaml +49 -0
  22. package/rules/cfn/cfn.correctness.check-if-a-json-object-is-within-size-limits.rule.yaml +49 -0
  23. package/rules/cfn/cfn.correctness.check-if-a-list-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  24. package/rules/cfn/cfn.correctness.check-if-a-list-has-duplicate-values.rule.yaml +49 -0
  25. package/rules/cfn/cfn.correctness.check-if-a-number-is-between-min-and-max.rule.yaml +49 -0
  26. package/rules/cfn/cfn.correctness.check-if-a-string-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  27. package/rules/cfn/cfn.correctness.check-if-eol-lambda-function-runtimes-are-used.rule.yaml +49 -0
  28. package/rules/cfn/cfn.correctness.check-if-properties-have-a-valid-value.rule.yaml +49 -0
  29. package/rules/cfn/cfn.correctness.check-if-property-values-adhere-to-a-specific-pattern.rule.yaml +49 -0
  30. package/rules/cfn/cfn.correctness.check-if-refing-to-a-iam-resource-with-path-set.rule.yaml +49 -0
  31. package/rules/cfn/cfn.correctness.check-if-refs-exist.rule.yaml +49 -0
  32. package/rules/cfn/cfn.correctness.check-if-serverless-resources-have-serverless-transform.rule.yaml +49 -0
  33. package/rules/cfn/cfn.correctness.check-if-the-referenced-conditions-are-defined.rule.yaml +49 -0
  34. package/rules/cfn/cfn.correctness.check-minimum-90-period-is-met-between-backupplan-cold-and-delete.rule.yaml +49 -0
  35. package/rules/cfn/cfn.correctness.check-properties-that-are-mutually-exclusive.rule.yaml +49 -0
  36. package/rules/cfn/cfn.correctness.check-properties-that-are-required-together.rule.yaml +49 -0
  37. package/rules/cfn/cfn.correctness.check-properties-that-need-at-least-one-of-a-list-of-properties.rule.yaml +49 -0
  38. package/rules/cfn/cfn.correctness.check-properties-that-need-only-one-of-a-list-of-properties.rule.yaml +49 -0
  39. package/rules/cfn/cfn.correctness.check-resource-properties-values.rule.yaml +49 -0
  40. package/rules/cfn/cfn.correctness.check-state-machine-definition-for-proper-syntax.rule.yaml +49 -0
  41. package/rules/cfn/cfn.correctness.check-that-modules-resources-are-valid.rule.yaml +49 -0
  42. package/rules/cfn/cfn.correctness.check-the-configuration-of-a-resources-updatepolicy.rule.yaml +49 -0
  43. package/rules/cfn/cfn.correctness.check-updatereplacepolicy-values-for-resources.rule.yaml +49 -0
  44. package/rules/cfn/cfn.correctness.check-values-of-properties-for-valid-refs-and-getatts.rule.yaml +49 -0
  45. package/rules/cfn/cfn.correctness.cidr-validation-of-parameters.rule.yaml +49 -0
  46. package/rules/cfn/cfn.correctness.cloudfront-aliases.rule.yaml +49 -0
  47. package/rules/cfn/cfn.correctness.codepipeline-stage-actions.rule.yaml +49 -0
  48. package/rules/cfn/cfn.correctness.codepipeline-stages.rule.yaml +49 -0
  49. package/rules/cfn/cfn.correctness.conditions-have-appropriate-properties.rule.yaml +49 -0
  50. package/rules/cfn/cfn.correctness.default-value-cannot-use-refs.rule.yaml +49 -0
  51. package/rules/cfn/cfn.correctness.default-value-is-within-parameter-constraints.rule.yaml +49 -0
  52. package/rules/cfn/cfn.correctness.error-processing-rule-on-the-template.rule.yaml +49 -0
  53. package/rules/cfn/cfn.correctness.findinmap-validation-of-configuration.rule.yaml +49 -0
  54. package/rules/cfn/cfn.correctness.getatt-validation-of-parameters.rule.yaml +49 -0
  55. package/rules/cfn/cfn.correctness.getaz-validation-of-parameters.rule.yaml +49 -0
  56. package/rules/cfn/cfn.correctness.importvalue-validation-of-parameters.rule.yaml +49 -0
  57. package/rules/cfn/cfn.correctness.join-validation-of-parameters.rule.yaml +49 -0
  58. package/rules/cfn/cfn.correctness.length-validation-of-parameters.rule.yaml +49 -0
  59. package/rules/cfn/cfn.correctness.mapping-attribute-limit-not-exceeded.rule.yaml +49 -0
  60. package/rules/cfn/cfn.correctness.mapping-keys-are-strings-and-alphanumeric.rule.yaml +49 -0
  61. package/rules/cfn/cfn.correctness.mapping-limit-not-exceeded.rule.yaml +49 -0
  62. package/rules/cfn/cfn.correctness.mapping-name-limit-not-exceeded.rule.yaml +49 -0
  63. package/rules/cfn/cfn.correctness.mappings-are-appropriately-configured.rule.yaml +49 -0
  64. package/rules/cfn/cfn.correctness.mappings-have-appropriate-names.rule.yaml +49 -0
  65. package/rules/cfn/cfn.correctness.metadata-interface-have-appropriate-properties.rule.yaml +49 -0
  66. package/rules/cfn/cfn.correctness.output-description-limit-not-exceeded.rule.yaml +49 -0
  67. package/rules/cfn/cfn.correctness.output-limit-not-exceeded.rule.yaml +49 -0
  68. package/rules/cfn/cfn.correctness.output-name-limit-not-exceeded.rule.yaml +49 -0
  69. package/rules/cfn/cfn.correctness.outputs-descriptions-can-only-be-strings.rule.yaml +49 -0
  70. package/rules/cfn/cfn.correctness.outputs-have-appropriate-names.rule.yaml +49 -0
  71. package/rules/cfn/cfn.correctness.outputs-have-appropriate-properties.rule.yaml +49 -0
  72. package/rules/cfn/cfn.correctness.outputs-have-required-properties.rule.yaml +49 -0
  73. package/rules/cfn/cfn.correctness.outputs-have-values-of-strings.rule.yaml +49 -0
  74. package/rules/cfn/cfn.correctness.parameter-limit-not-exceeded.rule.yaml +49 -0
  75. package/rules/cfn/cfn.correctness.parameter-name-limit-not-exceeded.rule.yaml +49 -0
  76. package/rules/cfn/cfn.correctness.parameter-value-limit-not-exceeded.rule.yaml +49 -0
  77. package/rules/cfn/cfn.correctness.parameters-have-appropriate-names.rule.yaml +49 -0
  78. package/rules/cfn/cfn.correctness.parameters-have-appropriate-properties.rule.yaml +49 -0
  79. package/rules/cfn/cfn.correctness.parameters-have-appropriate-type.rule.yaml +49 -0
  80. package/rules/cfn/cfn.correctness.property-is-required-based-on-another-properties-value.rule.yaml +49 -0
  81. package/rules/cfn/cfn.correctness.property-is-unwanted-based-on-another-properties-value.rule.yaml +49 -0
  82. package/rules/cfn/cfn.correctness.rds-instance-type-is-compatible-with-the-rds-type.rule.yaml +49 -0
  83. package/rules/cfn/cfn.correctness.recordset-hostedzonename-is-a-superdomain-of-name.rule.yaml +49 -0
  84. package/rules/cfn/cfn.correctness.ref-validation-of-value.rule.yaml +49 -0
  85. package/rules/cfn/cfn.correctness.required-resource-properties-are-missing.rule.yaml +49 -0
  86. package/rules/cfn/cfn.correctness.resource-dependencies-are-not-circular.rule.yaml +49 -0
  87. package/rules/cfn/cfn.correctness.resource-ec2-security-group-ingress-properties.rule.yaml +49 -0
  88. package/rules/cfn/cfn.correctness.resource-elb-properties.rule.yaml +49 -0
  89. package/rules/cfn/cfn.correctness.resource-limit-not-exceeded.rule.yaml +49 -0
  90. package/rules/cfn/cfn.correctness.resource-name-limit-not-exceeded.rule.yaml +49 -0
  91. package/rules/cfn/cfn.correctness.resource-properties-are-invalid.rule.yaml +49 -0
  92. package/rules/cfn/cfn.correctness.resource-schema.rule.yaml +49 -0
  93. package/rules/cfn/cfn.correctness.resource-subnetroutetableassociation-properties.rule.yaml +49 -0
  94. package/rules/cfn/cfn.correctness.resources-have-appropriate-names.rule.yaml +49 -0
  95. package/rules/cfn/cfn.correctness.select-validation-of-parameters.rule.yaml +49 -0
  96. package/rules/cfn/cfn.correctness.snapstart-supports-the-configured-runtime.rule.yaml +49 -0
  97. package/rules/cfn/cfn.correctness.split-validation-of-parameters.rule.yaml +49 -0
  98. package/rules/cfn/cfn.correctness.sub-is-required-if-a-variable-is-used-in-a-string.rule.yaml +49 -0
  99. package/rules/cfn/cfn.correctness.sub-validation-of-parameters.rule.yaml +49 -0
  100. package/rules/cfn/cfn.correctness.template-description-can-only-be-a-string.rule.yaml +49 -0
  101. package/rules/cfn/cfn.correctness.template-description-limit.rule.yaml +49 -0
  102. package/rules/cfn/cfn.correctness.template-size-limit.rule.yaml +49 -0
  103. package/rules/cfn/cfn.correctness.tojsonstring-validation-of-parameters.rule.yaml +49 -0
  104. package/rules/cfn/cfn.correctness.unique-resource-and-parameter-names.rule.yaml +49 -0
  105. package/rules/cfn/cfn.correctness.validate-accesscontrol-are-set-with-ownershipcontrols.rule.yaml +49 -0
  106. package/rules/cfn/cfn.correctness.validate-aws-event-scheduleexpression-format.rule.yaml +49 -0
  107. package/rules/cfn/cfn.correctness.validate-parameters-for-in-a-nested-stack.rule.yaml +49 -0
  108. package/rules/cfn/cfn.correctness.validate-route53-recordsets.rule.yaml +49 -0
  109. package/rules/cfn/cfn.correctness.validate-the-configuration-of-the-metadata-section.rule.yaml +49 -0
  110. package/rules/cfn/cfn.correctness.validates-foreach-functions.rule.yaml +49 -0
  111. package/rules/cfn/cfn.correctness.validation-not-function-configuration.rule.yaml +49 -0
  112. package/rules/cfn/cfn.correctness.validationdomain-is-superdomain-of-domainname.rule.yaml +49 -0
  113. package/rules/cfn/cfn.maintainability.arns-should-use-correctly-placed-pseudo-parameters.rule.yaml +49 -0
  114. package/rules/cfn/cfn.maintainability.availability-zone-parameters-should-not-be-hardcoded.rule.yaml +49 -0
  115. package/rules/cfn/cfn.maintainability.check-iam-resource-policies-syntax.rule.yaml +49 -0
  116. package/rules/cfn/cfn.maintainability.check-if-a-list-that-allows-duplicates-has-any-duplicates.rule.yaml +49 -0
  117. package/rules/cfn/cfn.maintainability.check-if-conditions-are-used.rule.yaml +49 -0
  118. package/rules/cfn/cfn.maintainability.check-if-eol-lambda-function-runtimes-are-used-w2531.rule.yaml +49 -0
  119. package/rules/cfn/cfn.maintainability.check-if-imageid-parameters-have-the-correct-type.rule.yaml +49 -0
  120. package/rules/cfn/cfn.maintainability.check-if-mappings-are-used.rule.yaml +49 -0
  121. package/rules/cfn/cfn.maintainability.check-if-parameters-are-used.rule.yaml +49 -0
  122. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value-based-on-an-allowed-pattern.rule.yaml +49 -0
  123. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value.rule.yaml +49 -0
  124. package/rules/cfn/cfn.maintainability.check-obsolete-dependson-configuration-for-resources.rule.yaml +49 -0
  125. package/rules/cfn/cfn.maintainability.check-outputs-using-importvalue.rule.yaml +49 -0
  126. package/rules/cfn/cfn.maintainability.check-required-properties-for-lambda-if-the-deployment-package-is-a-zip-file.rule.yaml +49 -0
  127. package/rules/cfn/cfn.maintainability.check-resources-with-auto-expiring-content-have-explicit-retention-period.rule.yaml +49 -0
  128. package/rules/cfn/cfn.maintainability.check-resources-with-updatereplacepolicy-deletionpolicy-have-both.rule.yaml +49 -0
  129. package/rules/cfn/cfn.maintainability.check-stateful-resources-have-a-set-updatereplacepolicy-deletionpolicy.rule.yaml +49 -0
  130. package/rules/cfn/cfn.maintainability.checks-for-legacy-instance-type-generations.rule.yaml +49 -0
  131. package/rules/cfn/cfn.maintainability.findinmap-keys-exist-in-the-map.rule.yaml +49 -0
  132. package/rules/cfn/cfn.maintainability.fn-equals-will-always-return-true-or-false.rule.yaml +49 -0
  133. package/rules/cfn/cfn.maintainability.mapping-attribute-limit.rule.yaml +49 -0
  134. package/rules/cfn/cfn.maintainability.mapping-limit.rule.yaml +49 -0
  135. package/rules/cfn/cfn.maintainability.mapping-name-limit.rule.yaml +49 -0
  136. package/rules/cfn/cfn.maintainability.metadata-interface-parameters-exist.rule.yaml +49 -0
  137. package/rules/cfn/cfn.maintainability.output-description-limit.rule.yaml +49 -0
  138. package/rules/cfn/cfn.maintainability.output-limit.rule.yaml +49 -0
  139. package/rules/cfn/cfn.maintainability.output-name-limit.rule.yaml +49 -0
  140. package/rules/cfn/cfn.maintainability.parameter-limit.rule.yaml +49 -0
  141. package/rules/cfn/cfn.maintainability.parameter-memory-size-attributes-should-have-max-and-min.rule.yaml +49 -0
  142. package/rules/cfn/cfn.maintainability.parameter-name-limit.rule.yaml +49 -0
  143. package/rules/cfn/cfn.maintainability.parameter-value-limit.rule.yaml +49 -0
  144. package/rules/cfn/cfn.maintainability.ref-getatt-to-resource-that-is-available-when-conditions-are-applied.rule.yaml +49 -0
  145. package/rules/cfn/cfn.maintainability.resource-limit.rule.yaml +49 -0
  146. package/rules/cfn/cfn.maintainability.resource-name-limit.rule.yaml +49 -0
  147. package/rules/cfn/cfn.maintainability.sub-isn-t-needed-if-it-doesn-t-have-a-variable-defined.rule.yaml +49 -0
  148. package/rules/cfn/cfn.maintainability.sub-validation-of-parameters-w1019.rule.yaml +49 -0
  149. package/rules/cfn/cfn.maintainability.template-description-limit-i1003.rule.yaml +49 -0
  150. package/rules/cfn/cfn.maintainability.template-size-limit-i1002.rule.yaml +49 -0
  151. package/rules/cfn/cfn.maintainability.use-sub-instead-of-join.rule.yaml +49 -0
  152. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-configured-for-java11-runtimes.rule.yaml +49 -0
  153. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-properly-configured.rule.yaml +49 -0
  154. package/rules/cfn/cfn.maintainability.warn-when-properties-are-configured-to-only-work-with-the-package-command.rule.yaml +49 -0
  155. package/rules/cfn/cfn.security.check-dynamic-references-secure-strings-are-in-supported-locations.rule.yaml +53 -0
  156. package/rules/cfn/cfn.security.check-for-noecho-references.rule.yaml +53 -0
  157. package/rules/cfn/cfn.security.check-iam-permission-configuration.rule.yaml +53 -0
  158. package/rules/cfn/cfn.security.check-if-iam-policies-are-properly-configured.rule.yaml +53 -0
  159. package/rules/cfn/cfn.security.check-if-password-properties-are-correctly-configured.rule.yaml +53 -0
  160. package/rules/cfn/cfn.security.controlling-access-to-an-s3-bucket-should-be-done-with-bucket-policies.rule.yaml +53 -0
  161. package/rules/go/go.correctness.defer-close-before-check.rule.yaml +44 -0
  162. package/rules/go/go.correctness.defer-in-loop.rule.yaml +47 -0
  163. package/rules/go/go.correctness.nil-context-passed.rule.yaml +43 -0
  164. package/rules/go/go.correctness.nil-map-assignment.rule.yaml +42 -0
  165. package/rules/go/go.correctness.time-tick-leak.rule.yaml +44 -0
  166. package/rules/go/go.correctness.unused-append-result.rule.yaml +43 -0
  167. package/rules/go/go.correctness.waitgroup-add-in-goroutine.rule.yaml +45 -0
  168. package/rules/go/go.security.bind-all-interfaces.rule.yaml +57 -0
  169. package/rules/go/go.security.echo-sensitive-binding-without-validation.rule.yaml +10 -0
  170. package/rules/go/go.security.echo-unsafe-multipart-upload.rule.yaml +10 -0
  171. package/rules/go/go.security.fiber-sensitive-binding-without-validation.rule.yaml +10 -0
  172. package/rules/go/go.security.fiber-unsafe-multipart-upload.rule.yaml +10 -0
  173. package/rules/go/go.security.gin-sensitive-binding-without-validation.rule.yaml +10 -0
  174. package/rules/go/go.security.gin-trust-all-proxies.rule.yaml +10 -0
  175. package/rules/go/go.security.gin-wildcard-cors-with-credentials.rule.yaml +10 -0
  176. package/rules/go/go.security.insecure-rand-seed.rule.yaml +55 -0
  177. package/rules/go/go.security.insecure-ssh-host-key.rule.yaml +57 -0
  178. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +56 -0
  179. package/rules/go/go.security.insecure-temp-file.rule.yaml +57 -0
  180. package/rules/go/go.security.jwt-without-verification.rule.yaml +56 -0
  181. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +10 -0
  182. package/rules/go/go.security.pprof-exposed.rule.yaml +56 -0
  183. package/rules/go/go.security.sensitive-data-egress.rule.yaml +10 -0
  184. package/rules/go/go.security.tar-path-traversal.rule.yaml +10 -0
  185. package/rules/go/go.security.template-unescaped-request-value.rule.yaml +10 -0
  186. package/rules/go/go.security.tls-missing-min-version.rule.yaml +55 -0
  187. package/rules/go/go.security.unsafe-package-import.rule.yaml +55 -0
  188. package/rules/go/go.security.weak-bcrypt-cost.rule.yaml +56 -0
  189. package/rules/go/go.security.weak-crypto-import.rule.yaml +57 -0
  190. package/rules/go/go.security.weak-rsa-key-size.rule.yaml +57 -0
  191. package/rules/go/go.security.weak-tls-cipher.rule.yaml +56 -0
  192. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +40 -0
  193. package/rules/java/java.correctness.empty-catch.rule.yaml +40 -0
  194. package/rules/java/java.correctness.equals-on-array.rule.yaml +40 -0
  195. package/rules/java/java.correctness.return-in-finally.rule.yaml +40 -0
  196. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +40 -0
  197. package/rules/java/java.correctness.unsafe-optional-get.rule.yaml +40 -0
  198. package/rules/java/java.security.android-screenshot-exposure.rule.yaml +13 -0
  199. package/rules/java/java.security.android-world-readable-mode.rule.yaml +13 -0
  200. package/rules/java/java.security.hibernate-sql-concatenation.rule.yaml +62 -0
  201. package/rules/java/java.security.insecure-cipher-mode.rule.yaml +52 -0
  202. package/rules/java/java.security.insecure-network-protocol.rule.yaml +52 -0
  203. package/rules/java/java.security.insecure-ssl-context.rule.yaml +52 -0
  204. package/rules/java/java.security.jpa-concatenated-query.rule.yaml +13 -0
  205. package/rules/java/java.security.jwt-without-verification.rule.yaml +53 -0
  206. package/rules/java/java.security.null-cipher.rule.yaml +52 -0
  207. package/rules/java/java.security.permissive-cors.rule.yaml +53 -0
  208. package/rules/java/java.security.predictable-securerandom.rule.yaml +59 -0
  209. package/rules/java/java.security.reflected-output-from-request.rule.yaml +10 -0
  210. package/rules/java/java.security.servlet-insecure-cookie.rule.yaml +13 -0
  211. package/rules/java/java.security.shell-runtime-exec.rule.yaml +58 -0
  212. package/rules/java/java.security.spring-actuator-health-details-always.rule.yaml +13 -0
  213. package/rules/java/java.security.spring-actuator-sensitive-exposure.rule.yaml +13 -0
  214. package/rules/java/java.security.spring-csrf-globally-disabled.rule.yaml +13 -0
  215. package/rules/java/java.security.spring-debug-exposure.rule.yaml +13 -0
  216. package/rules/java/java.security.spring-permit-all-default.rule.yaml +13 -0
  217. package/rules/java/java.security.spring-webmvc-unrestricted-data-binding.rule.yaml +13 -0
  218. package/rules/java/java.security.template-unescaped-user-output.rule.yaml +10 -0
  219. package/rules/java/java.security.trust-all-certificates.rule.yaml +52 -0
  220. package/rules/java/java.security.unsafe-jackson-deserialization.rule.yaml +59 -0
  221. package/rules/java/java.security.weak-rsa-key-size.rule.yaml +54 -0
  222. package/rules/java/java.security.xxe-document-builder.rule.yaml +59 -0
  223. package/rules/java/java.security.xxe-xml-input-factory.rule.yaml +59 -0
  224. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +36 -0
  225. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +36 -0
  226. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +36 -0
  227. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +36 -0
  228. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +36 -0
  229. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +36 -0
  230. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +36 -0
  231. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +36 -0
  232. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +36 -0
  233. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +36 -0
  234. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +36 -0
  235. package/rules/php/php.correctness.empty-code-block.rule.yaml +36 -0
  236. package/rules/php/php.correctness.empty-function-body.rule.yaml +36 -0
  237. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +36 -0
  238. package/rules/php/php.correctness.function-comparison.rule.yaml +36 -0
  239. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +36 -0
  240. package/rules/php/php.correctness.invalid-regex-literal.rule.yaml +36 -0
  241. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +36 -0
  242. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +36 -0
  243. package/rules/php/php.correctness.nested-switch.rule.yaml +36 -0
  244. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +36 -0
  245. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +36 -0
  246. package/rules/php/php.correctness.self-assignment.rule.yaml +36 -0
  247. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +36 -0
  248. package/rules/php/php.correctness.todo-fixme-marker.rule.yaml +36 -0
  249. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +36 -0
  250. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +36 -0
  251. package/rules/php/php.correctness.useless-post-increment.rule.yaml +36 -0
  252. package/rules/php/php.correctness.useless-unset.rule.yaml +36 -0
  253. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +36 -0
  254. package/rules/php/php.security.debug-function-exposure.rule.yaml +55 -0
  255. package/rules/php/php.security.insecure-cors-wildcard-with-credentials.rule.yaml +10 -0
  256. package/rules/php/php.security.insecure-mail-or-file-transport.rule.yaml +10 -0
  257. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +51 -0
  258. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +10 -0
  259. package/rules/php/php.security.laravel-sensitive-csrf-exclusion.rule.yaml +13 -0
  260. package/rules/php/php.security.laravel-unsafe-blade-output.rule.yaml +13 -0
  261. package/rules/php/php.security.laravel-unsafe-mass-assignment.rule.yaml +13 -0
  262. package/rules/php/php.security.no-dynamic-eval.rule.yaml +52 -0
  263. package/rules/php/php.security.sensitive-data-egress.rule.yaml +10 -0
  264. package/rules/php/php.security.symfony-csrf-disabled.rule.yaml +13 -0
  265. package/rules/php/php.security.symfony-debug-exposure.rule.yaml +13 -0
  266. package/rules/php/php.security.unsafe-file-upload-handling.rule.yaml +10 -0
  267. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +52 -0
  268. package/rules/php/php.security.unsafe-new-static.rule.yaml +42 -0
  269. package/rules/php/php.security.weak-cipher.rule.yaml +51 -0
  270. package/rules/php/php.security.wordpress-missing-nonce-or-capability.rule.yaml +13 -0
  271. package/rules/php/php.security.wordpress-unprepared-sql.rule.yaml +13 -0
  272. package/rules/php/php.security.xml-external-entity.rule.yaml +53 -0
  273. package/rules/python/py.correctness.assert-on-tuple.rule.yaml +33 -0
  274. package/rules/python/py.correctness.bare-except.rule.yaml +33 -0
  275. package/rules/python/py.correctness.broad-exception-handler.rule.yaml +33 -0
  276. package/rules/python/py.correctness.dangerous-mutable-default.rule.yaml +33 -0
  277. package/rules/python/py.correctness.duplicate-dict-key.rule.yaml +33 -0
  278. package/rules/python/py.security.bind-all-interfaces.rule.yaml +55 -0
  279. package/rules/python/py.security.debugger-import.rule.yaml +55 -0
  280. package/rules/python/py.security.django-csrf-exempt-state-changing.rule.yaml +13 -0
  281. package/rules/python/py.security.django-format-html-unsafe.rule.yaml +56 -0
  282. package/rules/python/py.security.django-mark-safe.rule.yaml +56 -0
  283. package/rules/python/py.security.django-missing-csrf-middleware.rule.yaml +13 -0
  284. package/rules/python/py.security.django-security-middleware-missing.rule.yaml +60 -0
  285. package/rules/python/py.security.django-unsafe-production-settings.rule.yaml +13 -0
  286. package/rules/python/py.security.drf-allow-any-default.rule.yaml +13 -0
  287. package/rules/python/py.security.drf-allow-any-unsafe-method.rule.yaml +13 -0
  288. package/rules/python/py.security.dynamic-code-execution.rule.yaml +55 -0
  289. package/rules/python/py.security.fastapi-insecure-cors.rule.yaml +13 -0
  290. package/rules/python/py.security.flask-debug-enabled.rule.yaml +56 -0
  291. package/rules/python/py.security.flask-missing-upload-body-limit.rule.yaml +13 -0
  292. package/rules/python/py.security.flask-unsafe-html-output.rule.yaml +13 -0
  293. package/rules/python/py.security.flask-unsafe-upload-filename.rule.yaml +13 -0
  294. package/rules/python/py.security.insecure-temp-file.rule.yaml +55 -0
  295. package/rules/python/py.security.insecure-yaml-load.rule.yaml +55 -0
  296. package/rules/python/py.security.jinja-autoescape-disabled.rule.yaml +58 -0
  297. package/rules/python/py.security.subprocess-shell-enabled.rule.yaml +55 -0
  298. package/rules/ruby/ruby.bug-risk.assignment-in-condition.rule.yaml +42 -0
  299. package/rules/ruby/ruby.bug-risk.deprecated-uri-escape.rule.yaml +42 -0
  300. package/rules/ruby/ruby.bug-risk.division-by-zero.rule.yaml +42 -0
  301. package/rules/ruby/ruby.bug-risk.duplicate-hash-keys.rule.yaml +42 -0
  302. package/rules/ruby/ruby.bug-risk.exception-class-overwritten.rule.yaml +42 -0
  303. package/rules/ruby/ruby.bug-risk.raw-sql-without-squish.rule.yaml +42 -0
  304. package/rules/ruby/ruby.security.debugger-call.rule.yaml +53 -0
  305. package/rules/ruby/ruby.security.dynamic-code-execution.rule.yaml +54 -0
  306. package/rules/ruby/ruby.security.insecure-json-load.rule.yaml +53 -0
  307. package/rules/ruby/ruby.security.kernel-open.rule.yaml +53 -0
  308. package/rules/ruby/ruby.security.plaintext-password-in-callback.rule.yaml +46 -0
  309. package/rules/ruby/ruby.security.rails-csrf-disabled.rule.yaml +13 -0
  310. package/rules/ruby/ruby.security.rails-detailed-exceptions-enabled.rule.yaml +13 -0
  311. package/rules/ruby/ruby.security.rails-link-to-blank-without-noopener.rule.yaml +48 -0
  312. package/rules/ruby/ruby.security.rails-open-redirect.rule.yaml +13 -0
  313. package/rules/ruby/ruby.security.rails-output-unsafe.rule.yaml +47 -0
  314. package/rules/ruby/ruby.security.rails-unsafe-html-output.rule.yaml +13 -0
  315. package/rules/ruby/ruby.security.rails-unsafe-render.rule.yaml +13 -0
  316. package/rules/ruby/ruby.security.rails-unsafe-session-or-cookie-store.rule.yaml +13 -0
  317. package/rules/ruby/ruby.security.rails-unsafe-strong-parameters.rule.yaml +13 -0
  318. package/rules/ruby/ruby.security.sensitive-data-egress.rule.yaml +10 -0
  319. package/rules/ruby/ruby.security.sidekiq-web-unauthenticated-mount.rule.yaml +10 -0
  320. package/rules/rust/rust.correctness.block-on-in-async.rule.yaml +48 -0
  321. package/rules/rust/rust.correctness.forget-join-handle.rule.yaml +48 -0
  322. package/rules/rust/rust.correctness.mutex-held-across-await.rule.yaml +48 -0
  323. package/rules/rust/rust.correctness.std-mutex-in-async-fn.rule.yaml +48 -0
  324. package/rules/rust/rust.correctness.thread-sleep-in-async.rule.yaml +48 -0
  325. package/rules/rust/rust.correctness.unbounded-channel.rule.yaml +49 -0
  326. package/rules/rust/rust.correctness.unchecked-index.rule.yaml +46 -0
  327. package/rules/rust/rust.security.actix-wildcard-cors-with-credentials.rule.yaml +13 -0
  328. package/rules/rust/rust.security.axum-body-limit-disabled.rule.yaml +13 -0
  329. package/rules/rust/rust.security.axum-insecure-cors-with-credentials.rule.yaml +13 -0
  330. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +57 -0
  331. package/rules/rust/rust.security.insecure-ssh-host-key.rule.yaml +57 -0
  332. package/rules/rust/rust.security.insecure-ssl-protocol.rule.yaml +57 -0
  333. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +57 -0
  334. package/rules/rust/rust.security.insecure-yaml-load.rule.yaml +57 -0
  335. package/rules/rust/rust.security.jwt-without-verification.rule.yaml +57 -0
  336. package/rules/rust/rust.security.panic-in-async-handler.rule.yaml +57 -0
  337. package/rules/rust/rust.security.rocket-panic-prone-request-handler.rule.yaml +13 -0
  338. package/rules/rust/rust.security.rocket-unsafe-template-output.rule.yaml +13 -0
  339. package/rules/rust/rust.security.shell-command-spawn.rule.yaml +57 -0
  340. package/rules/rust/rust.security.sqlx-diesel-raw-interpolated-query.rule.yaml +13 -0
  341. package/rules/rust/rust.security.template-unescaped-request-value.rule.yaml +10 -0
  342. package/rules/rust/rust.security.tls-missing-min-version.rule.yaml +57 -0
  343. package/rules/rust/rust.security.warp-blocking-or-panic-in-async-handler.rule.yaml +13 -0
  344. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +55 -0
  345. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +57 -0
  346. package/rules/rust/rust.security.weak-tls-cipher.rule.yaml +57 -0
  347. package/rules/shared/security.archive-path-traversal.rule.yaml +10 -0
  348. package/rules/shared/security.external-file-upload.rule.yaml +10 -0
  349. package/rules/shared/security.insecure-http-transport.rule.yaml +10 -0
  350. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +10 -0
  351. package/rules/shared/security.no-hardcoded-credentials.rule.yaml +10 -0
  352. package/rules/shared/security.no-request-path-file-read.rule.yaml +10 -0
  353. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +10 -0
  354. package/rules/shared/security.no-sql-interpolation.rule.yaml +10 -0
  355. package/rules/shared/security.permissive-file-permissions.rule.yaml +10 -0
  356. package/rules/shared/security.sensitive-data-egress.rule.yaml +10 -0
  357. package/rules/shared/security.tls-verification-disabled.rule.yaml +10 -0
  358. package/rules/shared/security.unsafe-deserialization.rule.yaml +10 -0
  359. package/rules/shared/security.weak-hash-algorithm.rule.yaml +10 -0
  360. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +35 -0
  361. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +35 -0
  362. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +35 -0
  363. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +35 -0
  364. package/rules/typescript/ts.correctness.for-in-on-array.rule.yaml +35 -0
  365. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +32 -0
  366. package/rules/typescript/ts.correctness.invalid-await-expression.rule.yaml +32 -0
  367. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +35 -0
  368. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +32 -0
  369. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +35 -0
  370. package/rules/typescript/ts.correctness.no-floating-promise-in-function.rule.yaml +32 -0
  371. package/rules/typescript/ts.correctness.no-misused-promises.rule.yaml +32 -0
  372. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +35 -0
  373. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +35 -0
  374. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +32 -0
  375. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +35 -0
  376. package/rules/typescript/ts.next.server-action-missing-local-auth.rule.yaml +13 -0
  377. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +32 -0
  378. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +32 -0
  379. package/rules/typescript/ts.react.no-bind-in-jsx-props.rule.yaml +36 -0
  380. package/rules/typescript/ts.react.no-children-prop.rule.yaml +34 -0
  381. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +34 -0
  382. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +34 -0
  383. package/rules/typescript/ts.react.no-jsx-props-spread.rule.yaml +35 -0
  384. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +34 -0
  385. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +34 -0
  386. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +46 -0
  387. package/rules/typescript/ts.react.no-this-in-function-component.rule.yaml +34 -0
  388. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +44 -0
  389. package/rules/typescript/ts.security.ajv-insecure-configuration.rule.yaml +10 -0
  390. package/rules/typescript/ts.security.angular-dom-sanitizer-bypass-untrusted-input.rule.yaml +13 -0
  391. package/rules/typescript/ts.security.apollo-server-csrf-disabled.rule.yaml +16 -0
  392. package/rules/typescript/ts.security.apollo-server-graphql-dev-tooling-exposure.rule.yaml +16 -0
  393. package/rules/typescript/ts.security.apollo-server-introspection-exposure.rule.yaml +16 -0
  394. package/rules/typescript/ts.security.apollo-server-missing-query-limits.rule.yaml +16 -0
  395. package/rules/typescript/ts.security.astro-vite-public-secret-define.rule.yaml +13 -0
  396. package/rules/typescript/ts.security.bind-to-all-interfaces.rule.yaml +10 -0
  397. package/rules/typescript/ts.security.browser-token-storage.rule.yaml +10 -0
  398. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +10 -0
  399. package/rules/typescript/ts.security.dangerously-set-inner-html.rule.yaml +10 -0
  400. package/rules/typescript/ts.security.datadog-browser-track-user-interactions.rule.yaml +10 -0
  401. package/rules/typescript/ts.security.debug-mode-enabled.rule.yaml +10 -0
  402. package/rules/typescript/ts.security.debug-statement-in-source.rule.yaml +10 -0
  403. package/rules/typescript/ts.security.dynamodb-query-injection.rule.yaml +10 -0
  404. package/rules/typescript/ts.security.electron-dangerous-webpreferences.rule.yaml +10 -0
  405. package/rules/typescript/ts.security.electron-insecure-local-state.rule.yaml +10 -0
  406. package/rules/typescript/ts.security.electron-missing-ipc-origin-check.rule.yaml +10 -0
  407. package/rules/typescript/ts.security.electron-shell-open-external-unvalidated.rule.yaml +13 -0
  408. package/rules/typescript/ts.security.exposed-directory-listing.rule.yaml +10 -0
  409. package/rules/typescript/ts.security.express-cookie-missing-http-only.rule.yaml +16 -0
  410. package/rules/typescript/ts.security.express-default-cookie-config.rule.yaml +16 -0
  411. package/rules/typescript/ts.security.express-default-session-config.rule.yaml +16 -0
  412. package/rules/typescript/ts.security.express-error-handler-information-disclosure.rule.yaml +16 -0
  413. package/rules/typescript/ts.security.express-insecure-cookie.rule.yaml +16 -0
  414. package/rules/typescript/ts.security.express-missing-helmet.rule.yaml +16 -0
  415. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -0
  416. package/rules/typescript/ts.security.express-permissive-cookie-config.rule.yaml +16 -0
  417. package/rules/typescript/ts.security.express-permissive-cors.rule.yaml +52 -0
  418. package/rules/typescript/ts.security.express-reduce-fingerprint.rule.yaml +16 -0
  419. package/rules/typescript/ts.security.express-static-assets-after-session.rule.yaml +16 -0
  420. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +16 -0
  421. package/rules/typescript/ts.security.express-unbounded-body-parser.rule.yaml +16 -0
  422. package/rules/typescript/ts.security.express-user-controlled-static-mount.rule.yaml +16 -0
  423. package/rules/typescript/ts.security.external-file-upload.rule.yaml +10 -0
  424. package/rules/typescript/ts.security.fastify-excessive-body-limit.rule.yaml +16 -0
  425. package/rules/typescript/ts.security.fastify-public-bind-without-trust-proxy.rule.yaml +16 -0
  426. package/rules/typescript/ts.security.file-generation.rule.yaml +10 -0
  427. package/rules/typescript/ts.security.format-string-using-user-input.rule.yaml +10 -0
  428. package/rules/typescript/ts.security.frontend-only-authorization.rule.yaml +10 -0
  429. package/rules/typescript/ts.security.graphql-upload-without-csrf-guard.rule.yaml +16 -0
  430. package/rules/typescript/ts.security.handlebars-no-escape.rule.yaml +10 -0
  431. package/rules/typescript/ts.security.hardcoded-auth-secret.rule.yaml +10 -0
  432. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +10 -0
  433. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +10 -0
  434. package/rules/typescript/ts.security.information-leakage.rule.yaml +10 -0
  435. package/rules/typescript/ts.security.insecure-allow-origin.rule.yaml +10 -0
  436. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +10 -0
  437. package/rules/typescript/ts.security.insecure-content-security-policy-literal.rule.yaml +10 -0
  438. package/rules/typescript/ts.security.insecure-helmet-hardening-options.rule.yaml +10 -0
  439. package/rules/typescript/ts.security.insecure-password-hash-configuration.rule.yaml +10 -0
  440. package/rules/typescript/ts.security.insecure-websocket-transport.rule.yaml +10 -0
  441. package/rules/typescript/ts.security.insufficiently-random-values.rule.yaml +10 -0
  442. package/rules/typescript/ts.security.jwt-insecure-signing-algorithm.rule.yaml +10 -0
  443. package/rules/typescript/ts.security.jwt-not-revoked.rule.yaml +10 -0
  444. package/rules/typescript/ts.security.jwt-sensitive-claims.rule.yaml +10 -0
  445. package/rules/typescript/ts.security.legacy-buffer-constructor.rule.yaml +10 -0
  446. package/rules/typescript/ts.security.log-injection.rule.yaml +10 -0
  447. package/rules/typescript/ts.security.manual-html-sanitization.rule.yaml +10 -0
  448. package/rules/typescript/ts.security.missing-authorization-before-sensitive-action.rule.yaml +10 -0
  449. package/rules/typescript/ts.security.missing-integrity-check.rule.yaml +10 -0
  450. package/rules/typescript/ts.security.missing-message-origin-check.rule.yaml +10 -0
  451. package/rules/typescript/ts.security.missing-ownership-validation.rule.yaml +10 -0
  452. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +10 -0
  453. package/rules/typescript/ts.security.nestjs-helmet-after-route-mount.rule.yaml +16 -0
  454. package/rules/typescript/ts.security.nestjs-missing-global-validation-pipe.rule.yaml +16 -0
  455. package/rules/typescript/ts.security.nestjs-skip-throttle-sensitive-route.rule.yaml +16 -0
  456. package/rules/typescript/ts.security.nestjs-validation-pipe-without-whitelist.rule.yaml +16 -0
  457. package/rules/typescript/ts.security.no-alert-confirm-prompt.rule.yaml +44 -0
  458. package/rules/typescript/ts.security.no-arguments-callee.rule.yaml +44 -0
  459. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +45 -0
  460. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +10 -0
  461. package/rules/typescript/ts.security.no-fs-readfile-sync-in-handler.rule.yaml +46 -0
  462. package/rules/typescript/ts.security.no-global-native-reassignment.rule.yaml +44 -0
  463. package/rules/typescript/ts.security.no-innerhtml-assignment.rule.yaml +10 -0
  464. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +44 -0
  465. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +44 -0
  466. package/rules/typescript/ts.security.no-sync-child-process-exec.rule.yaml +45 -0
  467. package/rules/typescript/ts.security.no-throw-literal.rule.yaml +44 -0
  468. package/rules/typescript/ts.security.no-with-statement.rule.yaml +44 -0
  469. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +10 -0
  470. package/rules/typescript/ts.security.nuxt-public-runtime-secret.rule.yaml +13 -0
  471. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +10 -0
  472. package/rules/typescript/ts.security.open-redirect.rule.yaml +10 -0
  473. package/rules/typescript/ts.security.permissive-allow-origin.rule.yaml +10 -0
  474. package/rules/typescript/ts.security.permissive-file-permissions.rule.yaml +10 -0
  475. package/rules/typescript/ts.security.postmessage-wildcard-origin.rule.yaml +10 -0
  476. package/rules/typescript/ts.security.predictable-token-generation.rule.yaml +10 -0
  477. package/rules/typescript/ts.security.raw-html-using-user-input.rule.yaml +10 -0
  478. package/rules/typescript/ts.security.request-driven-array-index-access.rule.yaml +10 -0
  479. package/rules/typescript/ts.security.sensitive-data-egress.rule.yaml +10 -0
  480. package/rules/typescript/ts.security.sensitive-data-in-exception.rule.yaml +10 -0
  481. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +10 -0
  482. package/rules/typescript/ts.security.ssrf.rule.yaml +10 -0
  483. package/rules/typescript/ts.security.token-or-session-not-validated.rule.yaml +10 -0
  484. package/rules/typescript/ts.security.ui-redress.rule.yaml +10 -0
  485. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +44 -0
  486. package/rules/typescript/ts.security.unsafe-dompurify-version.rule.yaml +10 -0
  487. package/rules/typescript/ts.security.unsafe-marked-version.rule.yaml +10 -0
  488. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +10 -0
  489. package/rules/typescript/ts.security.unvalidated-external-input.rule.yaml +10 -0
  490. package/rules/typescript/ts.security.user-controlled-sendfile.rule.yaml +10 -0
  491. package/rules/typescript/ts.security.user-controlled-view-render.rule.yaml +10 -0
  492. package/rules/typescript/ts.security.weak-cipher-or-mode.rule.yaml +10 -0
  493. package/rules/typescript/ts.security.weak-key-strength.rule.yaml +10 -0
  494. package/rules/typescript/ts.security.weak-tls-version.rule.yaml +10 -0
  495. package/rules/typescript/ts.security.xml-parse-string-with-untrusted-input.rule.yaml +10 -0
package/README.md CHANGED
@@ -25,7 +25,7 @@ It does this by parsing your code, matching it against a curated catalog of expl
25
25
  alt="TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby, and Rust support"
26
26
  />
27
27
  </p>
28
- `@critiq/rules` is the default open source rule catalog for Critiq. It ships `catalog.yaml`, preset membership, and rule YAML files for high-signal checks across TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby and Rust.
28
+ `@critiq/rules` is the default open source rule catalog for Critiq. It ships `catalog.yaml`, preset membership, and rule YAML files for high-signal checks across TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby, Rust, and CloudFormation/SAM templates (via cfn-lint).
29
29
 
30
30
  Use it with [`@critiq/cli`](https://www.npmjs.com/package/@critiq/cli):
31
31
 
@@ -75,10 +75,11 @@ Use a **major tag** (`@v1`) or pin a **commit SHA** for supply-chain control. Mo
75
75
 
76
76
  ## Catalog At A Glance
77
77
 
78
- Today the catalog includes `309` rules across `17` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
78
+ Today the catalog includes `631` rules across `18` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
79
79
 
80
80
  | Category | Rules | What it looks after |
81
81
  | --- | ---: | --- |
82
+ | CloudFormation | 157 | AWS CloudFormation and SAM template validation via wrapped cfn-lint (`cfn.correctness.*`, `cfn.maintainability.*`, `cfn.security.*`) |
82
83
  | Security | 93 | Injection, auth and session gaps, unsafe transport, sensitive data exposure, dependency policy, unsafe file and HTML handling |
83
84
  | Python | 9 | Django, DRF, Flask, and FastAPI deployment and framework safety |
84
85
  | Correctness | 18 | Async bugs, null access, control-flow mistakes, missing fallbacks, race conditions |