npm - @critiq/rules - Versions diffs - 0.2.0 → 0.3.0 - Mend

@critiq/rules 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/rules/cfn/cfn.security.check-if-iam-policies-are-properly-configured.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.check-if-iam-policies-are-properly-configured
+  title: Check if iam policies are properly configured
+  summary: Check if iam policies are properly configured
+  rationale: cfn-lint reports E2507 when Check if iam policies are properly configured.
+  aliases:
+    - CFLIN-E2507
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - e2507
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (E2507)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: E2507
+emit:
+  finding:
+    category: security.configuration
+    severity: high
+    confidence: 0.9
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Check if iam policies are properly configured
+    summary: "${captures.finding.text} matches cfn-lint E2507."
+  remediation:
+    summary: Resolve the cfn-lint E2507 finding in this CloudFormation template.

package/rules/cfn/cfn.security.check-if-password-properties-are-correctly-configured.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.check-if-password-properties-are-correctly-configured
+  title: Check if password properties are correctly configured
+  summary: Check if password properties are correctly configured
+  rationale: cfn-lint reports W2501 when Check if password properties are correctly configured.
+  aliases:
+    - CFLIN-W2501
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w2501
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (W2501)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W2501
+emit:
+  finding:
+    category: security.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Check if password properties are correctly configured
+    summary: "${captures.finding.text} matches cfn-lint W2501."
+  remediation:
+    summary: Resolve the cfn-lint W2501 finding in this CloudFormation template.

package/rules/cfn/cfn.security.controlling-access-to-an-s3-bucket-should-be-done-with-bucket-policies.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: cfn.security.controlling-access-to-an-s3-bucket-should-be-done-with-bucket-policies
+  title: Controlling access to an s3 bucket should be done with bucket policies
+  summary: Controlling access to an s3 bucket should be done with bucket policies
+  rationale: cfn-lint reports W3045 when Controlling access to an s3 bucket should be done with bucket policies.
+  aliases:
+    - CFLIN-W3045
+  tags:
+    - cfn
+    - cfn-lint
+    - cloudformation
+    - w3045
+    - rules-catalog
+  stability: stable
+  appliesTo: file
+  detection:
+    kind: pattern
+  references:
+    - kind: url
+      title: AWS CloudFormation Linter (W3045)
+      url: https://github.com/aws-cloudformation/cfn-lint
+scope:
+  languages:
+    - all
+  paths:
+    include:
+      - "**/*.yaml"
+      - "**/*.yml"
+      - "**/*.json"
+    exclude:
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: cfn.lint.finding
+    bind: finding
+    where:
+      - path: ruleId
+        equals: W3045
+emit:
+  finding:
+    category: security.configuration
+    severity: medium
+    confidence: 0.85
+    tags:
+      - cfn
+      - cloudformation
+  message:
+    title: Controlling access to an s3 bucket should be done with bucket policies
+    summary: "${captures.finding.text} matches cfn-lint W3045."
+  remediation:
+    summary: Resolve the cfn-lint W3045 finding in this CloudFormation template.

package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.abstract-method-outside-abstract-class
+  title: Keep abstract methods inside abstract classes
+  summary: Only abstract classes may declare abstract methods.
+  rationale: Abstract methods in concrete classes cannot be implemented correctly and will fail at compile time.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.abstract-method-outside-abstract-class
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: high
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Keep abstract methods inside abstract classes
+    summary: "`${captures.issue.text}` matches php.correctness.abstract-method-outside-abstract-class."
+  remediation:
+    summary: Abstract methods in concrete classes cannot be implemented correctly and will fail at compile time.

package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.break-continue-outside-loop
+  title: Use break and continue only inside loops or switch
+  summary: "break and continue outside a loop or switch block are invalid control flow."
+  rationale: Misplaced break or continue statements usually indicate unfinished refactors or copy-paste errors.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.break-continue-outside-loop
+    bind: issue
+emit:
+  finding:
+    category: correctness.control-flow
+    severity: high
+    confidence: 0.9
+    tags:
+      - correctness
+      - php
+  message:
+    title: Use break and continue only inside loops or switch
+    summary: "`${captures.issue.text}` matches php.correctness.break-continue-outside-loop."
+  remediation:
+    summary: Misplaced break or continue statements usually indicate unfinished refactors or copy-paste errors.

package/rules/php/php.correctness.case-insensitive-define.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.case-insensitive-define
+  title: Avoid case-insensitive define calls
+  summary: The third argument to define() for case-insensitive constants is deprecated.
+  rationale: Case-insensitive constants behave inconsistently across PHP versions and should be replaced with normal constants.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.case-insensitive-define
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Avoid case-insensitive define calls
+    summary: "`${captures.issue.text}` matches php.correctness.case-insensitive-define."
+  remediation:
+    summary: Case-insensitive constants behave inconsistently across PHP versions and should be replaced with normal constants.

package/rules/php/php.correctness.default-parameter-not-last.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.default-parameter-not-last
+  title: Place default parameters last
+  summary: Parameters with default values must appear after required parameters.
+  rationale: Misordered defaults are invalid PHP and break callers that rely on positional arguments.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.default-parameter-not-last
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: high
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Place default parameters last
+    summary: "`${captures.issue.text}` matches php.correctness.default-parameter-not-last."
+  remediation:
+    summary: Misordered defaults are invalid PHP and break callers that rely on positional arguments.

package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.deprecated-filter-constant
+  title: Replace deprecated filter constants
+  summary: Several FILTER_* constants are deprecated and should not be used in new code.
+  rationale: Deprecated filter constants may be removed and can silently change sanitization behavior across PHP versions.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.deprecated-filter-constant
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Replace deprecated filter constants
+    summary: "`${captures.issue.text}` matches php.correctness.deprecated-filter-constant."
+  remediation:
+    summary: Deprecated filter constants may be removed and can silently change sanitization behavior across PHP versions.

package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.deprecated-libxml-entity-loader
+  title: Remove deprecated libxml_disable_entity_loader calls
+  summary: libxml_disable_entity_loader() is deprecated and no longer needed on supported PHP versions.
+  rationale: The helper is deprecated and can give a false sense of protection compared to modern libxml defaults.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.deprecated-libxml-entity-loader
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Remove deprecated libxml_disable_entity_loader calls
+    summary: "`${captures.issue.text}` matches php.correctness.deprecated-libxml-entity-loader."
+  remediation:
+    summary: The helper is deprecated and can give a false sense of protection compared to modern libxml defaults.

package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.deprecated-unset-cast
+  title: Remove deprecated (unset) casts
+  summary: "The `(unset)` cast is deprecated and should not be used in modern PHP code."
+  rationale: Deprecated casts break on newer PHP versions and hide intent compared to explicit unset calls.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.deprecated-unset-cast
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Remove deprecated (unset) casts
+    summary: "`${captures.issue.text}` matches php.correctness.deprecated-unset-cast."
+  remediation:
+    summary: Deprecated casts break on newer PHP versions and hide intent compared to explicit unset calls.

package/rules/php/php.correctness.duplicate-declaration.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.duplicate-declaration
+  title: Remove duplicate declarations
+  summary: Functions, classes, traits, and interfaces must be declared only once per file.
+  rationale: Duplicate declarations cause fatal errors and usually indicate incomplete refactors or copy-paste mistakes.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.duplicate-declaration
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: high
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Remove duplicate declarations
+    summary: "`${captures.issue.text}` matches php.correctness.duplicate-declaration."
+  remediation:
+    summary: Duplicate declarations cause fatal errors and usually indicate incomplete refactors or copy-paste mistakes.

package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.empty-array-literal-slot
+  title: Remove empty slots from array literals
+  summary: Array literals with consecutive commas define empty slots that are easy to miss during review.
+  rationale: Empty array slots usually indicate typos or incomplete edits and can produce unexpected sparse arrays.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.empty-array-literal-slot
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Remove empty slots from array literals
+    summary: "`${captures.issue.text}` matches php.correctness.empty-array-literal-slot."
+  remediation:
+    summary: Empty array slots usually indicate typos or incomplete edits and can produce unexpected sparse arrays.

package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.empty-bracket-array-access
+  title: Avoid empty bracket array reads
+  summary: "Reading from an array with `$value[]` appends null and returns the new element."
+  rationale: Empty bracket reads are rarely intentional and usually indicate a mistaken append or missing index.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.empty-bracket-array-access
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.9
+    tags:
+      - correctness
+      - php
+  message:
+    title: Avoid empty bracket array reads
+    summary: "`${captures.issue.text}` matches php.correctness.empty-bracket-array-access."
+  remediation:
+    summary: Empty bracket reads are rarely intentional and usually indicate a mistaken append or missing index.

package/rules/php/php.correctness.empty-code-block.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.empty-code-block
+  title: Remove empty code blocks
+  summary: Empty control-flow blocks hide missing logic or unfinished branches.
+  rationale: Empty blocks make intent unclear and often survive incomplete refactors.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.empty-code-block
+    bind: issue
+emit:
+  finding:
+    category: correctness.maintainability
+    severity: low
+    confidence: 0.55
+    tags:
+      - correctness
+      - php
+  message:
+    title: Remove empty code blocks
+    summary: "`${captures.issue.text}` matches php.correctness.empty-code-block."
+  remediation:
+    summary: Empty blocks make intent unclear and often survive incomplete refactors.

package/rules/php/php.correctness.empty-function-body.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.empty-function-body
+  title: Implement or remove empty functions
+  summary: Non-abstract functions with empty bodies hide missing behavior.
+  rationale: Empty function bodies often indicate stubs that were never completed or dead placeholders.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.empty-function-body
+    bind: issue
+emit:
+  finding:
+    category: correctness.maintainability
+    severity: low
+    confidence: 0.9
+    tags:
+      - correctness
+      - php
+  message:
+    title: Implement or remove empty functions
+    summary: "`${captures.issue.text}` matches php.correctness.empty-function-body."
+  remediation:
+    summary: Empty function bodies often indicate stubs that were never completed or dead placeholders.

package/rules/php/php.correctness.function-comparison.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.function-comparison
+  title: Avoid comparing function values
+  summary: Comparing functions or callables with equality operators is unreliable.
+  rationale: Function comparisons rarely express intent correctly and usually indicate a logic bug.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.function-comparison
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: low
+    confidence: 0.55
+    tags:
+      - correctness
+      - php
+  message:
+    title: Avoid comparing function values
+    summary: "`${captures.issue.text}` matches php.correctness.function-comparison."
+  remediation:
+    summary: Function comparisons rarely express intent correctly and usually indicate a logic bug.

package/rules/php/php.correctness.invalid-cookie-options.rule.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: php.correctness.invalid-cookie-options
+  title: Use valid cookie option keys
+  summary: setcookie and setrawcookie option arrays only accept documented keys.
+  rationale: Invalid cookie option keys are ignored at runtime and can leave security attributes unset.
+  tags:
+    - correctness
+    - php
+    - rules-catalog
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - php
+  paths:
+    include:
+      - "**/*.php"
+match:
+  fact:
+    kind: php.correctness.invalid-cookie-options
+    bind: issue
+emit:
+  finding:
+    category: correctness.language
+    severity: medium
+    confidence: 0.95
+    tags:
+      - correctness
+      - php
+  message:
+    title: Use valid cookie option keys
+    summary: "`${captures.issue.text}` matches php.correctness.invalid-cookie-options."
+  remediation:
+    summary: Invalid cookie option keys are ignored at runtime and can leave security attributes unset.