@critiq/rules 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/README.md +3 -2
  2. package/catalog.yaml +798 -0
  3. package/package.json +1 -1
  4. package/rules/cfn/cfn.correctness.attributedefinitions-keyschemas-mismatch.rule.yaml +49 -0
  5. package/rules/cfn/cfn.correctness.base64-validation-of-parameters.rule.yaml +49 -0
  6. package/rules/cfn/cfn.correctness.basic-cloudformation-resource-check.rule.yaml +49 -0
  7. package/rules/cfn/cfn.correctness.basic-cloudformation-template-configuration.rule.yaml +49 -0
  8. package/rules/cfn/cfn.correctness.cannot-reference-resources-in-the-conditions-block-of-the-template.rule.yaml +49 -0
  9. package/rules/cfn/cfn.correctness.check-at-least-one-essential-container-is-specified.rule.yaml +49 -0
  10. package/rules/cfn/cfn.correctness.check-deletionpolicy-values-for-resources.rule.yaml +49 -0
  11. package/rules/cfn/cfn.correctness.check-dependson-values-for-resources.rule.yaml +49 -0
  12. package/rules/cfn/cfn.correctness.check-ec2-ebs-properties.rule.yaml +49 -0
  13. package/rules/cfn/cfn.correctness.check-elastic-cache-redis-cluster-settings.rule.yaml +49 -0
  14. package/rules/cfn/cfn.correctness.check-events-rule-targets-are-less-than-or-equal-to-5.rule.yaml +49 -0
  15. package/rules/cfn/cfn.correctness.check-fargate-service-scheduling-strategy.rule.yaml +49 -0
  16. package/rules/cfn/cfn.correctness.check-fn-and-structure-for-validity.rule.yaml +49 -0
  17. package/rules/cfn/cfn.correctness.check-fn-equals-structure-for-validity.rule.yaml +49 -0
  18. package/rules/cfn/cfn.correctness.check-fn-if-structure-for-validity.rule.yaml +49 -0
  19. package/rules/cfn/cfn.correctness.check-fn-not-structure-for-validity.rule.yaml +49 -0
  20. package/rules/cfn/cfn.correctness.check-fn-or-structure-for-validity.rule.yaml +49 -0
  21. package/rules/cfn/cfn.correctness.check-for-subscriptionfilters-have-beyond-2-attachments-to-a-cloudwatch-log-group.rule.yaml +49 -0
  22. package/rules/cfn/cfn.correctness.check-if-a-json-object-is-within-size-limits.rule.yaml +49 -0
  23. package/rules/cfn/cfn.correctness.check-if-a-list-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  24. package/rules/cfn/cfn.correctness.check-if-a-list-has-duplicate-values.rule.yaml +49 -0
  25. package/rules/cfn/cfn.correctness.check-if-a-number-is-between-min-and-max.rule.yaml +49 -0
  26. package/rules/cfn/cfn.correctness.check-if-a-string-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  27. package/rules/cfn/cfn.correctness.check-if-eol-lambda-function-runtimes-are-used.rule.yaml +49 -0
  28. package/rules/cfn/cfn.correctness.check-if-properties-have-a-valid-value.rule.yaml +49 -0
  29. package/rules/cfn/cfn.correctness.check-if-property-values-adhere-to-a-specific-pattern.rule.yaml +49 -0
  30. package/rules/cfn/cfn.correctness.check-if-refing-to-a-iam-resource-with-path-set.rule.yaml +49 -0
  31. package/rules/cfn/cfn.correctness.check-if-refs-exist.rule.yaml +49 -0
  32. package/rules/cfn/cfn.correctness.check-if-serverless-resources-have-serverless-transform.rule.yaml +49 -0
  33. package/rules/cfn/cfn.correctness.check-if-the-referenced-conditions-are-defined.rule.yaml +49 -0
  34. package/rules/cfn/cfn.correctness.check-minimum-90-period-is-met-between-backupplan-cold-and-delete.rule.yaml +49 -0
  35. package/rules/cfn/cfn.correctness.check-properties-that-are-mutually-exclusive.rule.yaml +49 -0
  36. package/rules/cfn/cfn.correctness.check-properties-that-are-required-together.rule.yaml +49 -0
  37. package/rules/cfn/cfn.correctness.check-properties-that-need-at-least-one-of-a-list-of-properties.rule.yaml +49 -0
  38. package/rules/cfn/cfn.correctness.check-properties-that-need-only-one-of-a-list-of-properties.rule.yaml +49 -0
  39. package/rules/cfn/cfn.correctness.check-resource-properties-values.rule.yaml +49 -0
  40. package/rules/cfn/cfn.correctness.check-state-machine-definition-for-proper-syntax.rule.yaml +49 -0
  41. package/rules/cfn/cfn.correctness.check-that-modules-resources-are-valid.rule.yaml +49 -0
  42. package/rules/cfn/cfn.correctness.check-the-configuration-of-a-resources-updatepolicy.rule.yaml +49 -0
  43. package/rules/cfn/cfn.correctness.check-updatereplacepolicy-values-for-resources.rule.yaml +49 -0
  44. package/rules/cfn/cfn.correctness.check-values-of-properties-for-valid-refs-and-getatts.rule.yaml +49 -0
  45. package/rules/cfn/cfn.correctness.cidr-validation-of-parameters.rule.yaml +49 -0
  46. package/rules/cfn/cfn.correctness.cloudfront-aliases.rule.yaml +49 -0
  47. package/rules/cfn/cfn.correctness.codepipeline-stage-actions.rule.yaml +49 -0
  48. package/rules/cfn/cfn.correctness.codepipeline-stages.rule.yaml +49 -0
  49. package/rules/cfn/cfn.correctness.conditions-have-appropriate-properties.rule.yaml +49 -0
  50. package/rules/cfn/cfn.correctness.default-value-cannot-use-refs.rule.yaml +49 -0
  51. package/rules/cfn/cfn.correctness.default-value-is-within-parameter-constraints.rule.yaml +49 -0
  52. package/rules/cfn/cfn.correctness.error-processing-rule-on-the-template.rule.yaml +49 -0
  53. package/rules/cfn/cfn.correctness.findinmap-validation-of-configuration.rule.yaml +49 -0
  54. package/rules/cfn/cfn.correctness.getatt-validation-of-parameters.rule.yaml +49 -0
  55. package/rules/cfn/cfn.correctness.getaz-validation-of-parameters.rule.yaml +49 -0
  56. package/rules/cfn/cfn.correctness.importvalue-validation-of-parameters.rule.yaml +49 -0
  57. package/rules/cfn/cfn.correctness.join-validation-of-parameters.rule.yaml +49 -0
  58. package/rules/cfn/cfn.correctness.length-validation-of-parameters.rule.yaml +49 -0
  59. package/rules/cfn/cfn.correctness.mapping-attribute-limit-not-exceeded.rule.yaml +49 -0
  60. package/rules/cfn/cfn.correctness.mapping-keys-are-strings-and-alphanumeric.rule.yaml +49 -0
  61. package/rules/cfn/cfn.correctness.mapping-limit-not-exceeded.rule.yaml +49 -0
  62. package/rules/cfn/cfn.correctness.mapping-name-limit-not-exceeded.rule.yaml +49 -0
  63. package/rules/cfn/cfn.correctness.mappings-are-appropriately-configured.rule.yaml +49 -0
  64. package/rules/cfn/cfn.correctness.mappings-have-appropriate-names.rule.yaml +49 -0
  65. package/rules/cfn/cfn.correctness.metadata-interface-have-appropriate-properties.rule.yaml +49 -0
  66. package/rules/cfn/cfn.correctness.output-description-limit-not-exceeded.rule.yaml +49 -0
  67. package/rules/cfn/cfn.correctness.output-limit-not-exceeded.rule.yaml +49 -0
  68. package/rules/cfn/cfn.correctness.output-name-limit-not-exceeded.rule.yaml +49 -0
  69. package/rules/cfn/cfn.correctness.outputs-descriptions-can-only-be-strings.rule.yaml +49 -0
  70. package/rules/cfn/cfn.correctness.outputs-have-appropriate-names.rule.yaml +49 -0
  71. package/rules/cfn/cfn.correctness.outputs-have-appropriate-properties.rule.yaml +49 -0
  72. package/rules/cfn/cfn.correctness.outputs-have-required-properties.rule.yaml +49 -0
  73. package/rules/cfn/cfn.correctness.outputs-have-values-of-strings.rule.yaml +49 -0
  74. package/rules/cfn/cfn.correctness.parameter-limit-not-exceeded.rule.yaml +49 -0
  75. package/rules/cfn/cfn.correctness.parameter-name-limit-not-exceeded.rule.yaml +49 -0
  76. package/rules/cfn/cfn.correctness.parameter-value-limit-not-exceeded.rule.yaml +49 -0
  77. package/rules/cfn/cfn.correctness.parameters-have-appropriate-names.rule.yaml +49 -0
  78. package/rules/cfn/cfn.correctness.parameters-have-appropriate-properties.rule.yaml +49 -0
  79. package/rules/cfn/cfn.correctness.parameters-have-appropriate-type.rule.yaml +49 -0
  80. package/rules/cfn/cfn.correctness.property-is-required-based-on-another-properties-value.rule.yaml +49 -0
  81. package/rules/cfn/cfn.correctness.property-is-unwanted-based-on-another-properties-value.rule.yaml +49 -0
  82. package/rules/cfn/cfn.correctness.rds-instance-type-is-compatible-with-the-rds-type.rule.yaml +49 -0
  83. package/rules/cfn/cfn.correctness.recordset-hostedzonename-is-a-superdomain-of-name.rule.yaml +49 -0
  84. package/rules/cfn/cfn.correctness.ref-validation-of-value.rule.yaml +49 -0
  85. package/rules/cfn/cfn.correctness.required-resource-properties-are-missing.rule.yaml +49 -0
  86. package/rules/cfn/cfn.correctness.resource-dependencies-are-not-circular.rule.yaml +49 -0
  87. package/rules/cfn/cfn.correctness.resource-ec2-security-group-ingress-properties.rule.yaml +49 -0
  88. package/rules/cfn/cfn.correctness.resource-elb-properties.rule.yaml +49 -0
  89. package/rules/cfn/cfn.correctness.resource-limit-not-exceeded.rule.yaml +49 -0
  90. package/rules/cfn/cfn.correctness.resource-name-limit-not-exceeded.rule.yaml +49 -0
  91. package/rules/cfn/cfn.correctness.resource-properties-are-invalid.rule.yaml +49 -0
  92. package/rules/cfn/cfn.correctness.resource-schema.rule.yaml +49 -0
  93. package/rules/cfn/cfn.correctness.resource-subnetroutetableassociation-properties.rule.yaml +49 -0
  94. package/rules/cfn/cfn.correctness.resources-have-appropriate-names.rule.yaml +49 -0
  95. package/rules/cfn/cfn.correctness.select-validation-of-parameters.rule.yaml +49 -0
  96. package/rules/cfn/cfn.correctness.snapstart-supports-the-configured-runtime.rule.yaml +49 -0
  97. package/rules/cfn/cfn.correctness.split-validation-of-parameters.rule.yaml +49 -0
  98. package/rules/cfn/cfn.correctness.sub-is-required-if-a-variable-is-used-in-a-string.rule.yaml +49 -0
  99. package/rules/cfn/cfn.correctness.sub-validation-of-parameters.rule.yaml +49 -0
  100. package/rules/cfn/cfn.correctness.template-description-can-only-be-a-string.rule.yaml +49 -0
  101. package/rules/cfn/cfn.correctness.template-description-limit.rule.yaml +49 -0
  102. package/rules/cfn/cfn.correctness.template-size-limit.rule.yaml +49 -0
  103. package/rules/cfn/cfn.correctness.tojsonstring-validation-of-parameters.rule.yaml +49 -0
  104. package/rules/cfn/cfn.correctness.unique-resource-and-parameter-names.rule.yaml +49 -0
  105. package/rules/cfn/cfn.correctness.validate-accesscontrol-are-set-with-ownershipcontrols.rule.yaml +49 -0
  106. package/rules/cfn/cfn.correctness.validate-aws-event-scheduleexpression-format.rule.yaml +49 -0
  107. package/rules/cfn/cfn.correctness.validate-parameters-for-in-a-nested-stack.rule.yaml +49 -0
  108. package/rules/cfn/cfn.correctness.validate-route53-recordsets.rule.yaml +49 -0
  109. package/rules/cfn/cfn.correctness.validate-the-configuration-of-the-metadata-section.rule.yaml +49 -0
  110. package/rules/cfn/cfn.correctness.validates-foreach-functions.rule.yaml +49 -0
  111. package/rules/cfn/cfn.correctness.validation-not-function-configuration.rule.yaml +49 -0
  112. package/rules/cfn/cfn.correctness.validationdomain-is-superdomain-of-domainname.rule.yaml +49 -0
  113. package/rules/cfn/cfn.maintainability.arns-should-use-correctly-placed-pseudo-parameters.rule.yaml +49 -0
  114. package/rules/cfn/cfn.maintainability.availability-zone-parameters-should-not-be-hardcoded.rule.yaml +49 -0
  115. package/rules/cfn/cfn.maintainability.check-iam-resource-policies-syntax.rule.yaml +49 -0
  116. package/rules/cfn/cfn.maintainability.check-if-a-list-that-allows-duplicates-has-any-duplicates.rule.yaml +49 -0
  117. package/rules/cfn/cfn.maintainability.check-if-conditions-are-used.rule.yaml +49 -0
  118. package/rules/cfn/cfn.maintainability.check-if-eol-lambda-function-runtimes-are-used-w2531.rule.yaml +49 -0
  119. package/rules/cfn/cfn.maintainability.check-if-imageid-parameters-have-the-correct-type.rule.yaml +49 -0
  120. package/rules/cfn/cfn.maintainability.check-if-mappings-are-used.rule.yaml +49 -0
  121. package/rules/cfn/cfn.maintainability.check-if-parameters-are-used.rule.yaml +49 -0
  122. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value-based-on-an-allowed-pattern.rule.yaml +49 -0
  123. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value.rule.yaml +49 -0
  124. package/rules/cfn/cfn.maintainability.check-obsolete-dependson-configuration-for-resources.rule.yaml +49 -0
  125. package/rules/cfn/cfn.maintainability.check-outputs-using-importvalue.rule.yaml +49 -0
  126. package/rules/cfn/cfn.maintainability.check-required-properties-for-lambda-if-the-deployment-package-is-a-zip-file.rule.yaml +49 -0
  127. package/rules/cfn/cfn.maintainability.check-resources-with-auto-expiring-content-have-explicit-retention-period.rule.yaml +49 -0
  128. package/rules/cfn/cfn.maintainability.check-resources-with-updatereplacepolicy-deletionpolicy-have-both.rule.yaml +49 -0
  129. package/rules/cfn/cfn.maintainability.check-stateful-resources-have-a-set-updatereplacepolicy-deletionpolicy.rule.yaml +49 -0
  130. package/rules/cfn/cfn.maintainability.checks-for-legacy-instance-type-generations.rule.yaml +49 -0
  131. package/rules/cfn/cfn.maintainability.findinmap-keys-exist-in-the-map.rule.yaml +49 -0
  132. package/rules/cfn/cfn.maintainability.fn-equals-will-always-return-true-or-false.rule.yaml +49 -0
  133. package/rules/cfn/cfn.maintainability.mapping-attribute-limit.rule.yaml +49 -0
  134. package/rules/cfn/cfn.maintainability.mapping-limit.rule.yaml +49 -0
  135. package/rules/cfn/cfn.maintainability.mapping-name-limit.rule.yaml +49 -0
  136. package/rules/cfn/cfn.maintainability.metadata-interface-parameters-exist.rule.yaml +49 -0
  137. package/rules/cfn/cfn.maintainability.output-description-limit.rule.yaml +49 -0
  138. package/rules/cfn/cfn.maintainability.output-limit.rule.yaml +49 -0
  139. package/rules/cfn/cfn.maintainability.output-name-limit.rule.yaml +49 -0
  140. package/rules/cfn/cfn.maintainability.parameter-limit.rule.yaml +49 -0
  141. package/rules/cfn/cfn.maintainability.parameter-memory-size-attributes-should-have-max-and-min.rule.yaml +49 -0
  142. package/rules/cfn/cfn.maintainability.parameter-name-limit.rule.yaml +49 -0
  143. package/rules/cfn/cfn.maintainability.parameter-value-limit.rule.yaml +49 -0
  144. package/rules/cfn/cfn.maintainability.ref-getatt-to-resource-that-is-available-when-conditions-are-applied.rule.yaml +49 -0
  145. package/rules/cfn/cfn.maintainability.resource-limit.rule.yaml +49 -0
  146. package/rules/cfn/cfn.maintainability.resource-name-limit.rule.yaml +49 -0
  147. package/rules/cfn/cfn.maintainability.sub-isn-t-needed-if-it-doesn-t-have-a-variable-defined.rule.yaml +49 -0
  148. package/rules/cfn/cfn.maintainability.sub-validation-of-parameters-w1019.rule.yaml +49 -0
  149. package/rules/cfn/cfn.maintainability.template-description-limit-i1003.rule.yaml +49 -0
  150. package/rules/cfn/cfn.maintainability.template-size-limit-i1002.rule.yaml +49 -0
  151. package/rules/cfn/cfn.maintainability.use-sub-instead-of-join.rule.yaml +49 -0
  152. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-configured-for-java11-runtimes.rule.yaml +49 -0
  153. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-properly-configured.rule.yaml +49 -0
  154. package/rules/cfn/cfn.maintainability.warn-when-properties-are-configured-to-only-work-with-the-package-command.rule.yaml +49 -0
  155. package/rules/cfn/cfn.security.check-dynamic-references-secure-strings-are-in-supported-locations.rule.yaml +53 -0
  156. package/rules/cfn/cfn.security.check-for-noecho-references.rule.yaml +53 -0
  157. package/rules/cfn/cfn.security.check-iam-permission-configuration.rule.yaml +53 -0
  158. package/rules/cfn/cfn.security.check-if-iam-policies-are-properly-configured.rule.yaml +53 -0
  159. package/rules/cfn/cfn.security.check-if-password-properties-are-correctly-configured.rule.yaml +53 -0
  160. package/rules/cfn/cfn.security.controlling-access-to-an-s3-bucket-should-be-done-with-bucket-policies.rule.yaml +53 -0
  161. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +36 -0
  162. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +36 -0
  163. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +36 -0
  164. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +36 -0
  165. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +36 -0
  166. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +36 -0
  167. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +36 -0
  168. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +36 -0
  169. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +36 -0
  170. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +36 -0
  171. package/rules/php/php.correctness.empty-code-block.rule.yaml +36 -0
  172. package/rules/php/php.correctness.empty-function-body.rule.yaml +36 -0
  173. package/rules/php/php.correctness.function-comparison.rule.yaml +36 -0
  174. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +36 -0
  175. package/rules/php/php.correctness.invalid-regex-literal.rule.yaml +36 -0
  176. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +36 -0
  177. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +36 -0
  178. package/rules/php/php.correctness.nested-switch.rule.yaml +36 -0
  179. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +36 -0
  180. package/rules/php/php.correctness.self-assignment.rule.yaml +36 -0
  181. package/rules/php/php.correctness.todo-fixme-marker.rule.yaml +36 -0
  182. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +36 -0
  183. package/rules/php/php.correctness.useless-post-increment.rule.yaml +36 -0
  184. package/rules/php/php.correctness.useless-unset.rule.yaml +36 -0
  185. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +36 -0
  186. package/rules/php/php.security.unsafe-new-static.rule.yaml +42 -0
  187. package/rules/ruby/ruby.bug-risk.assignment-in-condition.rule.yaml +42 -0
  188. package/rules/ruby/ruby.bug-risk.deprecated-uri-escape.rule.yaml +42 -0
  189. package/rules/ruby/ruby.bug-risk.division-by-zero.rule.yaml +42 -0
  190. package/rules/ruby/ruby.bug-risk.duplicate-hash-keys.rule.yaml +42 -0
  191. package/rules/ruby/ruby.bug-risk.exception-class-overwritten.rule.yaml +42 -0
  192. package/rules/ruby/ruby.bug-risk.raw-sql-without-squish.rule.yaml +42 -0
  193. package/rules/ruby/ruby.security.debugger-call.rule.yaml +53 -0
  194. package/rules/ruby/ruby.security.dynamic-code-execution.rule.yaml +54 -0
  195. package/rules/ruby/ruby.security.insecure-json-load.rule.yaml +53 -0
  196. package/rules/ruby/ruby.security.kernel-open.rule.yaml +53 -0
  197. package/rules/ruby/ruby.security.plaintext-password-in-callback.rule.yaml +46 -0
  198. package/rules/ruby/ruby.security.rails-link-to-blank-without-noopener.rule.yaml +48 -0
  199. package/rules/ruby/ruby.security.rails-output-unsafe.rule.yaml +47 -0
package/README.md CHANGED
@@ -25,7 +25,7 @@ It does this by parsing your code, matching it against a curated catalog of expl
25
25
  alt="TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby, and Rust support"
26
26
  />
27
27
  </p>
28
- `@critiq/rules` is the default open source rule catalog for Critiq. It ships `catalog.yaml`, preset membership, and rule YAML files for high-signal checks across TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby and Rust.
28
+ `@critiq/rules` is the default open source rule catalog for Critiq. It ships `catalog.yaml`, preset membership, and rule YAML files for high-signal checks across TypeScript, JavaScript, Node.js, Go, Java, Python, PHP, Ruby, Rust, and CloudFormation/SAM templates (via cfn-lint).
29
29
 
30
30
  Use it with [`@critiq/cli`](https://www.npmjs.com/package/@critiq/cli):
31
31
 
@@ -75,10 +75,11 @@ Use a **major tag** (`@v1`) or pin a **commit SHA** for supply-chain control. Mo
75
75
 
76
76
  ## Catalog At A Glance
77
77
 
78
- Today the catalog includes `435` rules across `17` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
78
+ Today the catalog includes `631` rules across `18` categories, with `recommended`, `strict`, `security`, and `experimental` presets.
79
79
 
80
80
  | Category | Rules | What it looks after |
81
81
  | --- | ---: | --- |
82
+ | CloudFormation | 157 | AWS CloudFormation and SAM template validation via wrapped cfn-lint (`cfn.correctness.*`, `cfn.maintainability.*`, `cfn.security.*`) |
82
83
  | Security | 93 | Injection, auth and session gaps, unsafe transport, sensitive data exposure, dependency policy, unsafe file and HTML handling |
83
84
  | Python | 9 | Django, DRF, Flask, and FastAPI deployment and framework safety |
84
85
  | Correctness | 18 | Async bugs, null access, control-flow mistakes, missing fallbacks, race conditions |