@critiq/rules 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (907) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -232
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +4459 -1008
  5. package/package.json +1 -1
  6. package/rules/cfn/cfn.correctness.attributedefinitions-keyschemas-mismatch.rule.yaml +49 -0
  7. package/rules/cfn/cfn.correctness.base64-validation-of-parameters.rule.yaml +49 -0
  8. package/rules/cfn/cfn.correctness.basic-cloudformation-resource-check.rule.yaml +49 -0
  9. package/rules/cfn/cfn.correctness.basic-cloudformation-template-configuration.rule.yaml +49 -0
  10. package/rules/cfn/cfn.correctness.cannot-reference-resources-in-the-conditions-block-of-the-template.rule.yaml +49 -0
  11. package/rules/cfn/cfn.correctness.check-at-least-one-essential-container-is-specified.rule.yaml +49 -0
  12. package/rules/cfn/cfn.correctness.check-deletionpolicy-values-for-resources.rule.yaml +49 -0
  13. package/rules/cfn/cfn.correctness.check-dependson-values-for-resources.rule.yaml +49 -0
  14. package/rules/cfn/cfn.correctness.check-ec2-ebs-properties.rule.yaml +49 -0
  15. package/rules/cfn/cfn.correctness.check-elastic-cache-redis-cluster-settings.rule.yaml +49 -0
  16. package/rules/cfn/cfn.correctness.check-events-rule-targets-are-less-than-or-equal-to-5.rule.yaml +49 -0
  17. package/rules/cfn/cfn.correctness.check-fargate-service-scheduling-strategy.rule.yaml +49 -0
  18. package/rules/cfn/cfn.correctness.check-fn-and-structure-for-validity.rule.yaml +49 -0
  19. package/rules/cfn/cfn.correctness.check-fn-equals-structure-for-validity.rule.yaml +49 -0
  20. package/rules/cfn/cfn.correctness.check-fn-if-structure-for-validity.rule.yaml +49 -0
  21. package/rules/cfn/cfn.correctness.check-fn-not-structure-for-validity.rule.yaml +49 -0
  22. package/rules/cfn/cfn.correctness.check-fn-or-structure-for-validity.rule.yaml +49 -0
  23. package/rules/cfn/cfn.correctness.check-for-subscriptionfilters-have-beyond-2-attachments-to-a-cloudwatch-log-group.rule.yaml +49 -0
  24. package/rules/cfn/cfn.correctness.check-if-a-json-object-is-within-size-limits.rule.yaml +49 -0
  25. package/rules/cfn/cfn.correctness.check-if-a-list-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  26. package/rules/cfn/cfn.correctness.check-if-a-list-has-duplicate-values.rule.yaml +49 -0
  27. package/rules/cfn/cfn.correctness.check-if-a-number-is-between-min-and-max.rule.yaml +49 -0
  28. package/rules/cfn/cfn.correctness.check-if-a-string-has-between-min-and-max-number-of-values-specified.rule.yaml +49 -0
  29. package/rules/cfn/cfn.correctness.check-if-eol-lambda-function-runtimes-are-used.rule.yaml +49 -0
  30. package/rules/cfn/cfn.correctness.check-if-properties-have-a-valid-value.rule.yaml +49 -0
  31. package/rules/cfn/cfn.correctness.check-if-property-values-adhere-to-a-specific-pattern.rule.yaml +49 -0
  32. package/rules/cfn/cfn.correctness.check-if-refing-to-a-iam-resource-with-path-set.rule.yaml +49 -0
  33. package/rules/cfn/cfn.correctness.check-if-refs-exist.rule.yaml +49 -0
  34. package/rules/cfn/cfn.correctness.check-if-serverless-resources-have-serverless-transform.rule.yaml +49 -0
  35. package/rules/cfn/cfn.correctness.check-if-the-referenced-conditions-are-defined.rule.yaml +49 -0
  36. package/rules/cfn/cfn.correctness.check-minimum-90-period-is-met-between-backupplan-cold-and-delete.rule.yaml +49 -0
  37. package/rules/cfn/cfn.correctness.check-properties-that-are-mutually-exclusive.rule.yaml +49 -0
  38. package/rules/cfn/cfn.correctness.check-properties-that-are-required-together.rule.yaml +49 -0
  39. package/rules/cfn/cfn.correctness.check-properties-that-need-at-least-one-of-a-list-of-properties.rule.yaml +49 -0
  40. package/rules/cfn/cfn.correctness.check-properties-that-need-only-one-of-a-list-of-properties.rule.yaml +49 -0
  41. package/rules/cfn/cfn.correctness.check-resource-properties-values.rule.yaml +49 -0
  42. package/rules/cfn/cfn.correctness.check-state-machine-definition-for-proper-syntax.rule.yaml +49 -0
  43. package/rules/cfn/cfn.correctness.check-that-modules-resources-are-valid.rule.yaml +49 -0
  44. package/rules/cfn/cfn.correctness.check-the-configuration-of-a-resources-updatepolicy.rule.yaml +49 -0
  45. package/rules/cfn/cfn.correctness.check-updatereplacepolicy-values-for-resources.rule.yaml +49 -0
  46. package/rules/cfn/cfn.correctness.check-values-of-properties-for-valid-refs-and-getatts.rule.yaml +49 -0
  47. package/rules/cfn/cfn.correctness.cidr-validation-of-parameters.rule.yaml +49 -0
  48. package/rules/cfn/cfn.correctness.cloudfront-aliases.rule.yaml +49 -0
  49. package/rules/cfn/cfn.correctness.codepipeline-stage-actions.rule.yaml +49 -0
  50. package/rules/cfn/cfn.correctness.codepipeline-stages.rule.yaml +49 -0
  51. package/rules/cfn/cfn.correctness.conditions-have-appropriate-properties.rule.yaml +49 -0
  52. package/rules/cfn/cfn.correctness.default-value-cannot-use-refs.rule.yaml +49 -0
  53. package/rules/cfn/cfn.correctness.default-value-is-within-parameter-constraints.rule.yaml +49 -0
  54. package/rules/cfn/cfn.correctness.error-processing-rule-on-the-template.rule.yaml +49 -0
  55. package/rules/cfn/cfn.correctness.findinmap-validation-of-configuration.rule.yaml +49 -0
  56. package/rules/cfn/cfn.correctness.getatt-validation-of-parameters.rule.yaml +49 -0
  57. package/rules/cfn/cfn.correctness.getaz-validation-of-parameters.rule.yaml +49 -0
  58. package/rules/cfn/cfn.correctness.importvalue-validation-of-parameters.rule.yaml +49 -0
  59. package/rules/cfn/cfn.correctness.join-validation-of-parameters.rule.yaml +49 -0
  60. package/rules/cfn/cfn.correctness.length-validation-of-parameters.rule.yaml +49 -0
  61. package/rules/cfn/cfn.correctness.mapping-attribute-limit-not-exceeded.rule.yaml +49 -0
  62. package/rules/cfn/cfn.correctness.mapping-keys-are-strings-and-alphanumeric.rule.yaml +49 -0
  63. package/rules/cfn/cfn.correctness.mapping-limit-not-exceeded.rule.yaml +49 -0
  64. package/rules/cfn/cfn.correctness.mapping-name-limit-not-exceeded.rule.yaml +49 -0
  65. package/rules/cfn/cfn.correctness.mappings-are-appropriately-configured.rule.yaml +49 -0
  66. package/rules/cfn/cfn.correctness.mappings-have-appropriate-names.rule.yaml +49 -0
  67. package/rules/cfn/cfn.correctness.metadata-interface-have-appropriate-properties.rule.yaml +49 -0
  68. package/rules/cfn/cfn.correctness.output-description-limit-not-exceeded.rule.yaml +49 -0
  69. package/rules/cfn/cfn.correctness.output-limit-not-exceeded.rule.yaml +49 -0
  70. package/rules/cfn/cfn.correctness.output-name-limit-not-exceeded.rule.yaml +49 -0
  71. package/rules/cfn/cfn.correctness.outputs-descriptions-can-only-be-strings.rule.yaml +49 -0
  72. package/rules/cfn/cfn.correctness.outputs-have-appropriate-names.rule.yaml +49 -0
  73. package/rules/cfn/cfn.correctness.outputs-have-appropriate-properties.rule.yaml +49 -0
  74. package/rules/cfn/cfn.correctness.outputs-have-required-properties.rule.yaml +49 -0
  75. package/rules/cfn/cfn.correctness.outputs-have-values-of-strings.rule.yaml +49 -0
  76. package/rules/cfn/cfn.correctness.parameter-limit-not-exceeded.rule.yaml +49 -0
  77. package/rules/cfn/cfn.correctness.parameter-name-limit-not-exceeded.rule.yaml +49 -0
  78. package/rules/cfn/cfn.correctness.parameter-value-limit-not-exceeded.rule.yaml +49 -0
  79. package/rules/cfn/cfn.correctness.parameters-have-appropriate-names.rule.yaml +49 -0
  80. package/rules/cfn/cfn.correctness.parameters-have-appropriate-properties.rule.yaml +49 -0
  81. package/rules/cfn/cfn.correctness.parameters-have-appropriate-type.rule.yaml +49 -0
  82. package/rules/cfn/cfn.correctness.property-is-required-based-on-another-properties-value.rule.yaml +49 -0
  83. package/rules/cfn/cfn.correctness.property-is-unwanted-based-on-another-properties-value.rule.yaml +49 -0
  84. package/rules/cfn/cfn.correctness.rds-instance-type-is-compatible-with-the-rds-type.rule.yaml +49 -0
  85. package/rules/cfn/cfn.correctness.recordset-hostedzonename-is-a-superdomain-of-name.rule.yaml +49 -0
  86. package/rules/cfn/cfn.correctness.ref-validation-of-value.rule.yaml +49 -0
  87. package/rules/cfn/cfn.correctness.required-resource-properties-are-missing.rule.yaml +49 -0
  88. package/rules/cfn/cfn.correctness.resource-dependencies-are-not-circular.rule.yaml +49 -0
  89. package/rules/cfn/cfn.correctness.resource-ec2-security-group-ingress-properties.rule.yaml +49 -0
  90. package/rules/cfn/cfn.correctness.resource-elb-properties.rule.yaml +49 -0
  91. package/rules/cfn/cfn.correctness.resource-limit-not-exceeded.rule.yaml +49 -0
  92. package/rules/cfn/cfn.correctness.resource-name-limit-not-exceeded.rule.yaml +49 -0
  93. package/rules/cfn/cfn.correctness.resource-properties-are-invalid.rule.yaml +49 -0
  94. package/rules/cfn/cfn.correctness.resource-schema.rule.yaml +49 -0
  95. package/rules/cfn/cfn.correctness.resource-subnetroutetableassociation-properties.rule.yaml +49 -0
  96. package/rules/cfn/cfn.correctness.resources-have-appropriate-names.rule.yaml +49 -0
  97. package/rules/cfn/cfn.correctness.select-validation-of-parameters.rule.yaml +49 -0
  98. package/rules/cfn/cfn.correctness.snapstart-supports-the-configured-runtime.rule.yaml +49 -0
  99. package/rules/cfn/cfn.correctness.split-validation-of-parameters.rule.yaml +49 -0
  100. package/rules/cfn/cfn.correctness.sub-is-required-if-a-variable-is-used-in-a-string.rule.yaml +49 -0
  101. package/rules/cfn/cfn.correctness.sub-validation-of-parameters.rule.yaml +49 -0
  102. package/rules/cfn/cfn.correctness.template-description-can-only-be-a-string.rule.yaml +49 -0
  103. package/rules/cfn/cfn.correctness.template-description-limit.rule.yaml +49 -0
  104. package/rules/cfn/cfn.correctness.template-size-limit.rule.yaml +49 -0
  105. package/rules/cfn/cfn.correctness.tojsonstring-validation-of-parameters.rule.yaml +49 -0
  106. package/rules/cfn/cfn.correctness.unique-resource-and-parameter-names.rule.yaml +49 -0
  107. package/rules/cfn/cfn.correctness.validate-accesscontrol-are-set-with-ownershipcontrols.rule.yaml +49 -0
  108. package/rules/cfn/cfn.correctness.validate-aws-event-scheduleexpression-format.rule.yaml +49 -0
  109. package/rules/cfn/cfn.correctness.validate-parameters-for-in-a-nested-stack.rule.yaml +49 -0
  110. package/rules/cfn/cfn.correctness.validate-route53-recordsets.rule.yaml +49 -0
  111. package/rules/cfn/cfn.correctness.validate-the-configuration-of-the-metadata-section.rule.yaml +49 -0
  112. package/rules/cfn/cfn.correctness.validates-foreach-functions.rule.yaml +49 -0
  113. package/rules/cfn/cfn.correctness.validation-not-function-configuration.rule.yaml +49 -0
  114. package/rules/cfn/cfn.correctness.validationdomain-is-superdomain-of-domainname.rule.yaml +49 -0
  115. package/rules/cfn/cfn.maintainability.arns-should-use-correctly-placed-pseudo-parameters.rule.yaml +49 -0
  116. package/rules/cfn/cfn.maintainability.availability-zone-parameters-should-not-be-hardcoded.rule.yaml +49 -0
  117. package/rules/cfn/cfn.maintainability.check-iam-resource-policies-syntax.rule.yaml +49 -0
  118. package/rules/cfn/cfn.maintainability.check-if-a-list-that-allows-duplicates-has-any-duplicates.rule.yaml +49 -0
  119. package/rules/cfn/cfn.maintainability.check-if-conditions-are-used.rule.yaml +49 -0
  120. package/rules/cfn/cfn.maintainability.check-if-eol-lambda-function-runtimes-are-used-w2531.rule.yaml +49 -0
  121. package/rules/cfn/cfn.maintainability.check-if-imageid-parameters-have-the-correct-type.rule.yaml +49 -0
  122. package/rules/cfn/cfn.maintainability.check-if-mappings-are-used.rule.yaml +49 -0
  123. package/rules/cfn/cfn.maintainability.check-if-parameters-are-used.rule.yaml +49 -0
  124. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value-based-on-an-allowed-pattern.rule.yaml +49 -0
  125. package/rules/cfn/cfn.maintainability.check-if-parameters-have-a-valid-value.rule.yaml +49 -0
  126. package/rules/cfn/cfn.maintainability.check-obsolete-dependson-configuration-for-resources.rule.yaml +49 -0
  127. package/rules/cfn/cfn.maintainability.check-outputs-using-importvalue.rule.yaml +49 -0
  128. package/rules/cfn/cfn.maintainability.check-required-properties-for-lambda-if-the-deployment-package-is-a-zip-file.rule.yaml +49 -0
  129. package/rules/cfn/cfn.maintainability.check-resources-with-auto-expiring-content-have-explicit-retention-period.rule.yaml +49 -0
  130. package/rules/cfn/cfn.maintainability.check-resources-with-updatereplacepolicy-deletionpolicy-have-both.rule.yaml +49 -0
  131. package/rules/cfn/cfn.maintainability.check-stateful-resources-have-a-set-updatereplacepolicy-deletionpolicy.rule.yaml +49 -0
  132. package/rules/cfn/cfn.maintainability.checks-for-legacy-instance-type-generations.rule.yaml +49 -0
  133. package/rules/cfn/cfn.maintainability.findinmap-keys-exist-in-the-map.rule.yaml +49 -0
  134. package/rules/cfn/cfn.maintainability.fn-equals-will-always-return-true-or-false.rule.yaml +49 -0
  135. package/rules/cfn/cfn.maintainability.mapping-attribute-limit.rule.yaml +49 -0
  136. package/rules/cfn/cfn.maintainability.mapping-limit.rule.yaml +49 -0
  137. package/rules/cfn/cfn.maintainability.mapping-name-limit.rule.yaml +49 -0
  138. package/rules/cfn/cfn.maintainability.metadata-interface-parameters-exist.rule.yaml +49 -0
  139. package/rules/cfn/cfn.maintainability.output-description-limit.rule.yaml +49 -0
  140. package/rules/cfn/cfn.maintainability.output-limit.rule.yaml +49 -0
  141. package/rules/cfn/cfn.maintainability.output-name-limit.rule.yaml +49 -0
  142. package/rules/cfn/cfn.maintainability.parameter-limit.rule.yaml +49 -0
  143. package/rules/cfn/cfn.maintainability.parameter-memory-size-attributes-should-have-max-and-min.rule.yaml +49 -0
  144. package/rules/cfn/cfn.maintainability.parameter-name-limit.rule.yaml +49 -0
  145. package/rules/cfn/cfn.maintainability.parameter-value-limit.rule.yaml +49 -0
  146. package/rules/cfn/cfn.maintainability.ref-getatt-to-resource-that-is-available-when-conditions-are-applied.rule.yaml +49 -0
  147. package/rules/cfn/cfn.maintainability.resource-limit.rule.yaml +49 -0
  148. package/rules/cfn/cfn.maintainability.resource-name-limit.rule.yaml +49 -0
  149. package/rules/cfn/cfn.maintainability.sub-isn-t-needed-if-it-doesn-t-have-a-variable-defined.rule.yaml +49 -0
  150. package/rules/cfn/cfn.maintainability.sub-validation-of-parameters-w1019.rule.yaml +49 -0
  151. package/rules/cfn/cfn.maintainability.template-description-limit-i1003.rule.yaml +49 -0
  152. package/rules/cfn/cfn.maintainability.template-size-limit-i1002.rule.yaml +49 -0
  153. package/rules/cfn/cfn.maintainability.use-sub-instead-of-join.rule.yaml +49 -0
  154. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-configured-for-java11-runtimes.rule.yaml +49 -0
  155. package/rules/cfn/cfn.maintainability.validate-that-snapstart-is-properly-configured.rule.yaml +49 -0
  156. package/rules/cfn/cfn.maintainability.warn-when-properties-are-configured-to-only-work-with-the-package-command.rule.yaml +49 -0
  157. package/rules/cfn/cfn.security.check-dynamic-references-secure-strings-are-in-supported-locations.rule.yaml +53 -0
  158. package/rules/cfn/cfn.security.check-for-noecho-references.rule.yaml +53 -0
  159. package/rules/cfn/cfn.security.check-iam-permission-configuration.rule.yaml +53 -0
  160. package/rules/cfn/cfn.security.check-if-iam-policies-are-properly-configured.rule.yaml +53 -0
  161. package/rules/cfn/cfn.security.check-if-password-properties-are-correctly-configured.rule.yaml +53 -0
  162. package/rules/cfn/cfn.security.controlling-access-to-an-s3-bucket-should-be-done-with-bucket-policies.rule.yaml +53 -0
  163. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  164. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  165. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  166. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  167. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  168. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  169. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  170. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  171. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  172. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  173. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  174. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  175. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  176. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  177. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  178. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  179. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  180. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  181. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  182. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  183. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  184. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  185. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  186. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  187. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  188. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  189. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  190. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  191. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  192. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  193. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  194. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  195. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  196. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  197. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  198. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  199. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  200. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  201. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  202. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  203. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  204. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  205. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  206. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  207. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  208. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  209. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  210. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  211. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  212. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  213. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  214. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  215. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  216. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  217. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  218. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  219. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  220. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  221. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  222. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  223. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  224. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  225. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  226. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  227. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  228. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  229. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  230. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  231. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  232. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  233. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  234. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  235. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  236. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  237. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  238. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  239. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  240. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  241. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  242. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  243. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  244. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  245. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  246. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  247. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  248. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  249. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  250. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  251. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  252. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  253. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  254. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  255. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  256. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  257. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  258. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  259. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  260. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  261. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  262. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  263. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  264. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  265. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  266. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  267. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  268. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  269. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  270. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  271. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  272. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  273. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  274. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  275. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  276. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  277. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  278. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  279. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  280. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  281. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  282. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  283. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  284. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  285. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  286. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  287. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  288. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  289. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  290. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  291. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  292. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  293. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  294. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  295. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  296. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  297. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  298. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  299. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  300. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  301. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  302. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  303. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  304. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  305. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  306. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  307. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  308. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  309. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  310. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  311. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  312. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  313. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  314. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  315. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  316. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  317. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  318. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  319. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  320. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  321. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  322. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  323. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  324. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  325. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  326. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  327. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  328. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  329. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  330. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  331. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  332. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  333. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  334. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  335. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  336. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  337. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  338. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  339. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  340. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  341. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  342. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  343. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  344. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  345. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  346. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  347. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  348. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  349. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  350. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  351. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  352. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  353. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  354. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  355. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  356. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  357. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  358. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  359. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  360. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  361. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  362. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  363. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  364. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  365. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  366. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  367. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  368. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  369. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  370. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  371. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  372. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  373. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  374. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  375. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  376. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +39 -0
  377. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  378. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  379. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  380. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  381. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  382. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  383. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +38 -0
  384. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +38 -0
  385. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  386. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +38 -0
  387. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +38 -0
  388. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +38 -0
  389. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +38 -0
  390. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  391. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +38 -0
  392. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  393. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  394. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +38 -0
  395. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +38 -0
  396. package/rules/php/php.correctness.empty-code-block.rule.yaml +38 -0
  397. package/rules/php/php.correctness.empty-function-body.rule.yaml +38 -0
  398. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  399. package/rules/php/php.correctness.function-comparison.rule.yaml +38 -0
  400. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  401. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  402. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  403. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  404. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  405. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  406. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  407. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  408. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  409. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  410. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  411. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +38 -0
  412. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  413. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  414. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  415. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  416. package/rules/php/php.correctness.invalid-regex-literal.rule.yaml +36 -0
  417. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  418. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  419. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  420. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  421. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  422. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +38 -0
  423. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  424. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  425. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +38 -0
  426. package/rules/php/php.correctness.nested-switch.rule.yaml +38 -0
  427. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  428. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  429. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  430. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  431. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  432. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  433. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +38 -0
  434. package/rules/php/php.correctness.self-assignment.rule.yaml +38 -0
  435. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  436. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  437. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  438. package/rules/php/php.correctness.todo-fixme-marker.rule.yaml +36 -0
  439. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  440. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  441. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  442. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  443. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  444. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  445. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  446. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  447. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  448. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +38 -0
  449. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  450. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  451. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  452. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  453. package/rules/php/php.correctness.useless-post-increment.rule.yaml +38 -0
  454. package/rules/php/php.correctness.useless-unset.rule.yaml +38 -0
  455. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  456. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +38 -0
  457. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  458. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  459. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  460. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  461. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  462. package/rules/php/php.security.unsafe-new-static.rule.yaml +44 -0
  463. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  464. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  465. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  466. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  467. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  468. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  469. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  470. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  471. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  472. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  473. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  474. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  475. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  476. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  477. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  478. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  479. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  480. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  481. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  482. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  483. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  484. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  485. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  486. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  487. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  488. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  489. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  490. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  491. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  492. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  493. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  494. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  495. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  496. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  497. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  498. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  499. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  500. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  501. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  502. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  503. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  504. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  505. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  506. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  507. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  508. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  509. package/rules/ruby/ruby.bug-risk.assignment-in-condition.rule.yaml +42 -0
  510. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  511. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  512. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  513. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  514. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  515. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  516. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  517. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  518. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  519. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  520. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  521. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  522. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  523. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  524. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  525. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  526. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  527. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  528. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  529. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  530. package/rules/ruby/ruby.bug-risk.deprecated-uri-escape.rule.yaml +42 -0
  531. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  532. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  533. package/rules/ruby/ruby.bug-risk.division-by-zero.rule.yaml +42 -0
  534. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  535. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  536. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  537. package/rules/ruby/ruby.bug-risk.duplicate-hash-keys.rule.yaml +42 -0
  538. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  539. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  540. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  541. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  542. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  543. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  544. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  545. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  546. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  547. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  548. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  549. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  550. package/rules/ruby/ruby.bug-risk.exception-class-overwritten.rule.yaml +42 -0
  551. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  552. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  553. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  554. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  555. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  556. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  557. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  558. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  559. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  560. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  561. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  562. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  563. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  564. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  565. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  566. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  567. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  568. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  569. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  570. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  571. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  572. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  573. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  574. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  575. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  576. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  577. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  578. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  579. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  580. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  581. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  582. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  583. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  584. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  585. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  586. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  587. package/rules/ruby/ruby.bug-risk.raw-sql-without-squish.rule.yaml +42 -0
  588. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  589. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  590. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  591. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  592. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  593. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  594. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  595. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  596. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  597. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  598. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  599. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  600. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  601. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  602. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  603. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  604. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  605. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  606. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  607. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  608. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  609. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  610. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  611. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  612. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  613. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  614. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  615. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  616. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  617. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  618. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  619. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  620. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  621. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  622. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  623. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  624. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  625. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  626. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  627. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  628. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  629. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  630. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  631. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  632. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  633. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  634. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  635. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  636. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  637. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  638. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  639. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  640. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  641. package/rules/ruby/ruby.security.debugger-call.rule.yaml +53 -0
  642. package/rules/ruby/ruby.security.dynamic-code-execution.rule.yaml +54 -0
  643. package/rules/ruby/ruby.security.insecure-json-load.rule.yaml +53 -0
  644. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  645. package/rules/ruby/ruby.security.kernel-open.rule.yaml +53 -0
  646. package/rules/ruby/ruby.security.plaintext-password-in-callback.rule.yaml +46 -0
  647. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  648. package/rules/ruby/ruby.security.rails-link-to-blank-without-noopener.rule.yaml +48 -0
  649. package/rules/ruby/ruby.security.rails-output-unsafe.rule.yaml +47 -0
  650. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  651. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  652. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  653. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  654. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  655. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  656. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  657. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  658. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  659. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  660. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  661. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  662. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  663. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  664. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  665. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  666. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  667. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  668. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  669. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  670. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  671. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  672. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  673. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  674. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  675. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  676. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  677. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  678. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  679. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  680. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  681. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  682. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  683. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  684. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  685. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  686. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  687. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  688. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  689. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  690. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  691. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  692. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  693. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  694. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  695. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  696. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  697. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  698. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  699. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  700. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  701. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  702. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  703. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  704. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  705. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  706. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  707. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  708. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  709. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  710. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  711. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  712. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  713. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  714. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  715. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  716. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  717. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  718. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  719. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  720. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  721. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  722. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  723. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  724. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  725. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  726. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  727. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  728. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  729. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  730. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  731. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  732. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  733. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  734. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  735. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  736. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  737. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  738. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  739. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  740. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  741. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  742. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  743. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  744. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  745. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  746. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  747. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  748. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  749. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  750. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  751. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  752. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  753. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  754. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  755. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  756. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  757. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  758. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  759. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  760. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  761. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  762. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  763. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  764. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  765. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  766. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  767. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  768. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  769. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  770. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  771. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  772. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  773. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  774. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  775. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  776. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  777. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  778. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  779. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  780. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  781. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  782. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  783. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  784. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  785. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  786. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  787. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  788. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  789. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  790. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  791. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  792. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  793. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  794. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  795. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  796. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  797. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  798. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  799. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  800. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  801. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  802. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  803. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  804. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  805. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  806. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  807. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  808. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  809. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  810. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  811. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  812. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  813. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  814. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  815. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  816. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  817. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  818. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  819. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  820. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  821. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  822. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  823. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  824. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  825. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  826. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  827. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  828. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  829. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  830. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  831. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  832. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  833. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  834. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  835. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  836. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  837. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  838. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  839. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  840. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  841. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  842. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  843. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  844. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  845. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  846. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  847. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  848. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  849. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  850. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  851. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  852. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  853. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  854. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  855. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  856. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  857. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  858. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  859. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  860. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  861. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  862. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  863. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  864. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  865. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  866. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  867. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  868. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  869. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  870. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  871. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  872. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  873. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  874. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  875. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  876. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  877. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  878. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  879. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  880. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  881. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  882. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  883. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  884. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  885. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  886. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  887. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  888. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  889. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  890. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  891. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  892. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  893. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  894. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  895. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  896. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  897. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  898. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  899. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  900. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  901. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  902. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  903. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  904. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  905. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  906. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  907. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml ADDED
@@ -0,0 +1,36 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-lifecycle-method-typo
5
+ title: Typo in lifecycle method name
6
+ summary: A misspelled lifecycle method name will never be called by React, leading to silent runtime bugs.
7
+ rationale: React only calls exact lifecycle method names. A typo means the method is dead code and the intended lifecycle behavior never runs.
8
+ aliases:
9
+ - JS-0453
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.lifecycle-method-typo
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: correctness.ui
27
+ severity: high
28
+ confidence: 0.82
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Correct lifecycle method spelling
34
+ summary: "${captures.issue.text} looks like a misspelled React lifecycle method."
35
+ remediation:
36
+ summary: Fix the method name to match the correct React lifecycle spelling.
package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml ADDED
@@ -0,0 +1,36 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-render-invalid-return-type
5
+ title: Render must return valid React element
6
+ summary: A render method that returns a number, boolean, or plain object will produce an empty or broken UI.
7
+ rationale: React render methods must return JSX, fragments, strings, null, or boolean values. Numeric literals and plain objects are not valid React children.
8
+ aliases:
9
+ - JS-0467
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.render-return-value
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: correctness.ui
27
+ severity: high
28
+ confidence: 0.88
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Return a valid React element from render
34
+ summary: "render returns `${captures.issue.text}` which is not a valid React child."
35
+ remediation:
36
+ summary: Wrap the return value in a JSX element, fragment, or string. Use null to render nothing.
package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml CHANGED
@@ -5,6 +5,8 @@ metadata:
5
5
  title: Avoid setState in componentDidMount
6
6
  summary: Synchronous state updates during mount trigger an extra render before the browser paints the initial tree.
7
7
  rationale: Initial state belongs in the constructor or class field initializers so the first render already reflects the mounted view.
8
+ aliases:
9
+ - JS-0442
8
10
  tags:
9
11
  - react
10
12
  - ui
package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml CHANGED
@@ -5,6 +5,8 @@ metadata:
5
5
  title: Guard setState in componentDidUpdate
6
6
  summary: Unconditional setState in componentDidUpdate can recurse through renders when props or state change on every pass.
7
7
  rationale: Updates should compare against prevProps or prevState so the component only re-renders when inputs actually changed.
8
+ aliases:
9
+ - JS-0443
8
10
  tags:
9
11
  - react
10
12
  - ui
package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml ADDED
@@ -0,0 +1,36 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-set-state-in-component-will-update
5
+ title: Avoid setState in componentWillUpdate
6
+ summary: Synchronous state updates during the legacy will-update lifecycle can cause infinite re-rendering loops.
7
+ rationale: componentWillUpdate is deprecated and setState inside it may trigger additional render cycles. Migrate to componentDidUpdate with a guard or getDerivedStateFromProps.
8
+ aliases:
9
+ - JS-0459
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.set-state-in-component-will-update
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: correctness.ui
27
+ severity: high
28
+ confidence: 0.85
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Move setState out of componentWillUpdate
34
+ summary: "${captures.issue.text} calls setState inside componentWillUpdate."
35
+ remediation:
36
+ summary: Replace componentWillUpdate with componentDidUpdate and guard the setState with a prevProps or prevState comparison.
package/rules/typescript/ts.react.no-should-component-update.rule.yaml ADDED
@@ -0,0 +1,36 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-should-component-update
5
+ title: Avoid shouldComponentUpdate
6
+ summary: Manual shouldComponentUpdate overrides increase maintenance cost and are rarely needed with modern React.
7
+ rationale: PureComponent and React.memo provide shallow comparison out of the box. Hand-rolling shouldComponentUpdate is error-prone and duplicates built-in optimizations.
8
+ aliases:
9
+ - JS-0448
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.should-component-update
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: maintainability.ui
27
+ severity: medium
28
+ confidence: 0.75
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Prefer PureComponent or React.memo
34
+ summary: "${captures.issue.text} overrides shouldComponentUpdate — consider PureComponent or React.memo instead."
35
+ remediation:
36
+ summary: Replace extends Component with extends PureComponent, or wrap the component with React.memo for function components.
package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml CHANGED
@@ -14,6 +14,8 @@ metadata:
14
14
  - kind: owasp
15
15
  title: Cross Site Scripting Prevention Cheat Sheet
16
16
  url: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
17
+ aliases:
18
+ - JS-0422
17
19
  tags:
18
20
  - react
19
21
  - security
package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml ADDED
@@ -0,0 +1,38 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-this-state-in-set-state
5
+ title: Avoid this.state inside setState()
6
+ summary: Reading this.state inside setState() leads to stale state references because React batches updates asynchronously.
7
+ rationale: setState updates are asynchronous and may be batched; reading this.state directly inside the updater bypasses the guaranteed-latest state provided by the updater function parameter.
8
+ aliases:
9
+ - JS-0435
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.this-state-in-set-state
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: correctness.ui
27
+ severity: high
28
+ confidence: 0.85
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Use updater function parameter instead of this.state
34
+ summary: "${captures.issue.text} reads this.state inside a setState call, which may use stale state."
35
+ remediation:
36
+ summary: >-
37
+ Replace this.setState({ key: this.state.key + 1 }) with
38
+ this.setState(prevState => ({ key: prevState.key + 1 })) to guarantee latest state.
package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml ADDED
@@ -0,0 +1,36 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.react.no-unnecessary-fragment
5
+ title: Remove unnecessary React fragments
6
+ summary: Fragments wrapping a single child add runtime overhead without structural benefit.
7
+ rationale: A fragment with one element or text child can be replaced by the child itself, reducing render tree depth and making the component simpler.
8
+ aliases:
9
+ - JS-0424
10
+ tags:
11
+ - react
12
+ - ui
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: function
16
+ scope:
17
+ languages:
18
+ - typescript
19
+ - javascript
20
+ match:
21
+ fact:
22
+ kind: ui.react.unnecessary-fragment
23
+ bind: issue
24
+ emit:
25
+ finding:
26
+ category: correctness.ui
27
+ severity: low
28
+ confidence: 0.85
29
+ tags:
30
+ - react
31
+ - ui
32
+ message:
33
+ title: Replace unnecessary fragment with its single child
34
+ summary: "${captures.issue.text} wraps exactly one child element and can be removed."
35
+ remediation:
36
+ summary: Remove the wrapping fragment and keep only the single child element.
package/rules/typescript/ts.runtime.no-process-exit.rule.yaml CHANGED
@@ -14,10 +14,13 @@ metadata:
14
14
  - kind: owasp
15
15
  title: Secure Configuration Cheat Sheet
16
16
  url: https://cheatsheetseries.owasp.org/cheatsheets/Secure_Configuration_Cheat_Sheet.html
17
+ aliases:
18
+ - JS-0263
17
19
  tags:
18
20
  - runtime
19
21
  - node
20
22
  - rules-catalog
23
+ - public-directory-parity
21
24
  stability: stable
22
25
  appliesTo: block
23
26
  scope:
package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml ADDED
@@ -0,0 +1,46 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.runtime.process-exit-control-flow
5
+ title: process.exit() in control flow
6
+ summary: "Avoid `process.exit()` in finally blocks or followed by reachable code."
7
+ rationale: "`process.exit()` in a finally block runs even after errors, and reachable code after exit creates dead code and logic errors."
8
+ detection:
9
+ kind: pattern
10
+ references:
11
+ - kind: cwe
12
+ id: CWE-16
13
+ title: Configuration
14
+ - kind: owasp
15
+ title: Secure Configuration Cheat Sheet
16
+ url: https://cheatsheetseries.owasp.org/cheatsheets/Secure_Configuration_Cheat_Sheet.html
17
+ aliases:
18
+ - JS-0270
19
+ tags:
20
+ - runtime
21
+ - node
22
+ - rules-catalog
23
+ - public-directory-parity
24
+ stability: stable
25
+ appliesTo: block
26
+ scope:
27
+ languages:
28
+ - typescript
29
+ - javascript
30
+ match:
31
+ fact:
32
+ kind: runtime.process-exit-control-flow
33
+ bind: issue
34
+ emit:
35
+ finding:
36
+ category: security.reliability
37
+ severity: high
38
+ confidence: 0.85
39
+ tags:
40
+ - runtime
41
+ - node
42
+ message:
43
+ title: Review process.exit() placement
44
+ summary: "`${captures.issue.text}` may terminate the process in an unexpected control flow context."
45
+ remediation:
46
+ summary: Use structured error handling (throw/try-catch) instead of process.exit() in finally blocks. Remove dead code after process.exit().
package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml CHANGED
@@ -25,6 +25,11 @@ scope:
25
25
  languages:
26
26
  - typescript
27
27
  - javascript
28
+ paths:
29
+ exclude:
30
+ - "**/build/**"
31
+ - "**/scripts/**"
32
+ - "**/docs/**"
28
33
  match:
29
34
  fact:
30
35
  kind: security.dangerous-insert-html
package/rules/typescript/ts.security.express-insecure-listen.rule.yaml ADDED
@@ -0,0 +1,52 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ts.security.express-insecure-listen
5
+ title: Avoid insecure HTTP server bootstrap in production entrypoints
6
+ summary: Application servers should terminate TLS locally or document trusted edge termination before exposing plain HTTP listeners.
7
+ rationale: Bootstrapping Express, Fastify, Nest, or raw HTTP servers without HTTPS exposes traffic to interception and downgrade attacks when no compensating TLS layer exists.
8
+ detection:
9
+ kind: pattern
10
+ references:
11
+ - kind: cwe
12
+ id: CWE-319
13
+ title: Cleartext Transmission of Sensitive Information
14
+ - kind: owasp
15
+ title: Transport Layer Protection Cheat Sheet
16
+ url: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
17
+ tags:
18
+ - security
19
+ - transport
20
+ - express
21
+ - rules-catalog
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - typescript
27
+ - javascript
28
+ paths:
29
+ exclude:
30
+ - "**/build/**"
31
+ - "**/scripts/**"
32
+ - "**/docs/**"
33
+ - "**/*.spec.*"
34
+ - "**/*.test.*"
35
+ match:
36
+ fact:
37
+ kind: security.express-insecure-listen
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: security.transport
42
+ severity: high
43
+ confidence: 0.85
44
+ tags:
45
+ - security
46
+ - transport
47
+ - express
48
+ message:
49
+ title: Protect `${captures.issue.text}` with TLS or documented edge termination
50
+ summary: "`${captures.issue.text}` starts a plain HTTP listener without local HTTPS bootstrap or a documented TLS termination guard."
51
+ remediation:
52
+ summary: Use `https.createServer` with valid credentials, terminate TLS at a trusted reverse proxy, or restrict the listener to explicit development-only guards.
package/rules/typescript/ts.security.express-nosql-injection.rule.yaml CHANGED
@@ -2,18 +2,18 @@ apiVersion: critiq.dev/v1alpha1
2
2
  kind: Rule
3
3
  metadata:
4
4
  id: ts.security.express-nosql-injection
5
- title: Avoid request-driven model queries
6
- summary: Express handlers should not pass raw request objects into NoSQL filters, query helpers, or aggregation pipelines.
7
- rationale: Request-shaped filters, operators, or pipelines can expand query scope and inject unintended behavior.
5
+ title: Request-driven NoSQL query or aggregation pipeline
6
+ summary: Express handlers should not pass raw request objects into NoSQL filters, query helpers, or aggregation pipelines to prevent injection attacks.
7
+ rationale: Passing unvalidated request data directly into NoSQL model queries can allow attackers to manipulate query scope, bypass access controls, or extract unintended data from MongoDB and similar databases.
8
8
  detection:
9
9
  kind: pattern
10
10
  references:
11
11
  - kind: cwe
12
- id: CWE-89
13
- title: SQL Injection
12
+ id: CWE-943
13
+ title: Improper Neutralization of Special Elements in Data Query Logic
14
14
  - kind: owasp
15
- title: SQL Injection Prevention Cheat Sheet
16
- url: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
15
+ title: NoSQL Injection Prevention Cheat Sheet
16
+ url: https://cheatsheetseries.owasp.org/cheatsheets/NoSQL_Injection_Prevention_Cheat_Sheet.html
17
17
  - kind: url
18
18
  title: Node.js security best practices
19
19
  url: https://nodejs.org/en/learn/getting-started/security-best-practices
@@ -31,6 +31,11 @@ scope:
31
31
  languages:
32
32
  - typescript
33
33
  - javascript
34
+ paths:
35
+ exclude:
36
+ - "**/types/**/*-tests.ts"
37
+ - "**/types/**/*.test.*"
38
+ - "**/types/**/*.spec.*"
34
39
  match:
35
40
  fact:
36
41
  kind: security.express-nosql-injection
@@ -38,15 +43,15 @@ match:
38
43
  emit:
39
44
  finding:
40
45
  category: security.input-validation
41
- severity: critical
46
+ severity: high
42
47
  confidence: 0.92
43
48
  tags:
44
49
  - security
45
50
  - injection
46
51
  - nosql
47
52
  message:
48
- title: Narrow the query passed to `${captures.issue.text}`
49
- summary: "`${captures.issue.text}` receives request-controlled query input without an allowlisted query or pipeline shape."
53
+ title: NoSQL injection via `${captures.issue.text}`
54
+ summary: "`${captures.issue.text}` passes unvalidated request data into a NoSQL model query, allowing attackers to manipulate query scope, bypass filters, or extract unauthorized data."
50
55
  remediation:
51
- summary: Build the NoSQL query or aggregation pipeline from fixed fields or validated filter builders instead of passing request data directly.
56
+ summary: Restrict NoSQL queries to allowlisted field names and validated filter shapes. Use typed query builders (e.g., Mongoose `where` chaining, MongoDB aggregation pipeline validators) instead of passing raw request objects.
52
57
 
package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml CHANGED
@@ -31,6 +31,11 @@ scope:
31
31
  languages:
32
32
  - typescript
33
33
  - javascript
34
+ paths:
35
+ exclude:
36
+ - "**/lib/**"
37
+ - "**/node_modules/**"
38
+ - "**/vendor/**"
34
39
  match:
35
40
  fact:
36
41
  kind: security.express-static-dotfiles-allow
package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml CHANGED
@@ -2,9 +2,17 @@ apiVersion: critiq.dev/v1alpha1
2
2
  kind: Rule
3
3
  metadata:
4
4
  id: ts.security.iframe-missing-sandbox-attribute
5
- title: Add a sandbox attribute to iframes
6
- summary: Intrinsic iframe elements should declare a sandbox attribute to reduce blast radius.
7
- rationale: Sandboxed iframes limit scripts, forms, and top-level navigation when embedded third-party content is compromised.
5
+ title: Iframe without sandbox attribute
6
+ summary: Intrinsic iframe elements embedding untrusted third-party content should declare a sandbox attribute to reduce blast radius.
7
+ rationale: |
8
+ The sandbox attribute restricts what the embedded document can do — forms,
9
+ scripts, navigation, and plugin access are blocked by default. Iframes
10
+ loading untrusted third-party content without sandbox protection expose
11
+ users to clickjacking, credential theft, and XSS via the embedded context.
12
+ However, some iframes intentionally embed trusted services (payment gateways,
13
+ app marketplaces, developer tools) and may not need sandboxing. If the iframe
14
+ has `allowFullScreen` or `allow` attributes, the developer has explicitly
15
+ granted permissions — these are assumed to be trusted embeds.
8
16
  detection:
9
17
  kind: pattern
10
18
  references:
@@ -25,6 +33,10 @@ scope:
25
33
  languages:
26
34
  - typescript
27
35
  - javascript
36
+ paths:
37
+ exclude:
38
+ - "**/DefinitelyTyped/**"
39
+ - "**/types/**/*-tests.*"
28
40
  match:
29
41
  fact:
30
42
  kind: security.iframe-missing-sandbox-attribute
@@ -38,8 +50,8 @@ emit:
38
50
  - security
39
51
  - react
40
52
  message:
41
- title: "Add sandbox to ${captures.issue.text}"
42
- summary: "${captures.issue.text} is missing a sandbox attribute."
53
+ title: "Iframe missing sandbox attribute"
54
+ summary: "${captures.issue.text} loads external content without sandbox restrictions. If the content is untrusted, add sandbox to prevent clickjacking and XSS. If the iframe loads a trusted service (payment gateway, app marketplace, developer tool), add allowFullScreen or allow to signal explicit trust."
43
55
  remediation:
44
- summary: Add the most restrictive sandbox token set that still allows required behavior, and combine with a strict CSP.
56
+ summary: Add the most restrictive sandbox token set that still allows required behavior (e.g., `sandbox="allow-scripts"` for scripts only). If the iframe embeds a trusted external service that cannot be sandboxed (payment gateway, app marketplace), add `allowFullScreen` or `allow` to signal intentional trust.
45
57
 
package/rules/typescript/ts.security.import-using-user-input.rule.yaml CHANGED
@@ -2,18 +2,18 @@ apiVersion: critiq.dev/v1alpha1
2
2
  kind: Rule
3
3
  metadata:
4
4
  id: ts.security.import-using-user-input
5
- title: Constrain module-loading trust boundaries
5
+ title: Constrain module-loading to trusted allowlists
6
6
  summary: "`require()` and dynamic `import()` should not resolve modules from untrusted input."
7
- rationale: Untrusted module paths let attackers steer module-loading boundaries toward unintended files, packages, or plugins.
7
+ rationale: Untrusted module paths let attackers steer module-loading boundaries toward unintended files, packages, or plugins. Only flag when the module path is derived from request or event data — static string literals and allowlist-validated paths are intentionally excluded. Test, bundled, and tutorial files are excluded because they contain static or intentionally simplified imports.
8
8
  detection:
9
9
  kind: pattern
10
10
  references:
11
11
  - kind: cwe
12
- id: CWE-78
13
- title: OS Command Injection
12
+ id: CWE-73
13
+ title: External Control of File Name or Path
14
14
  - kind: owasp
15
- title: OS Command Injection Defense Cheat Sheet
16
- url: https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html
15
+ title: Input Validation Cheat Sheet
16
+ url: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
17
17
  tags:
18
18
  - security
19
19
  - execution
@@ -25,6 +25,24 @@ scope:
25
25
  languages:
26
26
  - typescript
27
27
  - javascript
28
+ paths:
29
+ exclude:
30
+ - "**/*.test.*"
31
+ - "**/*.spec.*"
32
+ - "**/__tests__/**"
33
+ - "**/__mocks__/**"
34
+ - "**/tests/**"
35
+ - "**/test/**"
36
+ - "**/e2e/**"
37
+ - "**/integration-tests/**"
38
+ - "**/.yarn/releases/**"
39
+ - "**/*-bundle.*"
40
+ - "**/*.min.*"
41
+ - "**/tutorials/**"
42
+ - "**/content/tutorials/**"
43
+ - "**/types/**/*-tests.*"
44
+ - "**/types/**/*.test.*"
45
+ - "**/types/**/*.spec.*"
28
46
  match:
29
47
  fact:
30
48
  kind: security.import-using-user-input
@@ -32,15 +50,49 @@ match:
32
50
  emit:
33
51
  finding:
34
52
  category: security.execution
35
- severity: high
53
+ severity: medium
36
54
  confidence: 0.92
37
55
  tags:
38
56
  - security
39
57
  - execution
40
58
  - module-loading
41
59
  message:
42
- title: Resolve `${captures.issue.text}` from a trusted module map
43
- summary: "`${captures.issue.text}` crosses a module-loading trust boundary with untrusted input."
60
+ title: Resolve modules from a trusted allowlist instead of `${captures.issue.text}`
61
+ summary: "`${captures.issue.text}` resolves a module using request- or event-derived input. Untrusted module paths can load arbitrary files or packages, bypassing intended security boundaries."
44
62
  remediation:
45
- summary: Resolve modules from a fixed allowlist or explicit dispatcher instead of untrusted request or event data.
63
+ summary: |-
64
+ Replace dynamic module paths with a fixed allowlist or validated dispatcher:
65
+
66
+ ### Unsafe — dynamic path from request input
67
+ ```typescript
68
+ const plugin = require(req.query.plugin);
69
+ await import(req.body.moduleName);
70
+ ```
71
+
72
+ ### Safe — allowlist dispatch
73
+ ```typescript
74
+ const ALLOWED_PLUGINS: Record<string, string> = {
75
+ analytics: './plugins/analytics',
76
+ auth: './plugins/auth',
77
+ };
78
+ const pluginPath = ALLOWED_PLUGINS[req.query.plugin];
79
+ if (pluginPath) {
80
+ const plugin = require(pluginPath);
81
+ }
82
+ ```
83
+
84
+ ### Safe — validation before import
85
+ ```typescript
86
+ function isValidModule(modName: string): boolean {
87
+ return /^[a-z-]+$/u.test(modName);
88
+ }
89
+ const moduleName = req.query.module;
90
+ if (isValidModule(moduleName)) {
91
+ const mod = require('./modules/' + moduleName);
92
+ }
93
+ ```
94
+
95
+ ### References
96
+ - CWE-73: External Control of File Name or Path
97
+ - OWASP Input Validation Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
46
98
 
package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml CHANGED
@@ -25,6 +25,14 @@ scope:
25
25
  languages:
26
26
  - typescript
27
27
  - javascript
28
+ paths:
29
+ exclude:
30
+ - "**/test/**"
31
+ - "**/tests/**"
32
+ - "**/__tests__/**"
33
+ - "**/*.test.*"
34
+ - "**/*.spec.*"
35
+ - "**/types/**/*-tests.*"
28
36
  match:
29
37
  fact:
30
38
  kind: ts.security.insecure-auth-cookie-flags
@@ -32,16 +40,16 @@ match:
32
40
  emit:
33
41
  finding:
34
42
  category: security.authentication
35
- severity: high
43
+ severity: medium
36
44
  confidence: 0.9
37
45
  tags:
38
46
  - security
39
47
  - authentication
40
48
  - cookies
41
49
  message:
42
- title: Harden `${captures.issue.text}` for auth cookies
43
- summary: "`${captures.issue.text}` sets an auth-bearing cookie without the expected protections."
50
+ title: Auth cookie `${captures.issue.text}` missing security flags
51
+ summary: "`${captures.issue.text}` sets a cookie with an auth-signaling name without HttpOnly, Secure, or SameSite protections. Missing these flags makes the cookie vulnerable to session theft via XSS, MITM, or CSRF."
44
52
  remediation:
45
- summary: Add `HttpOnly`, `Secure`, and an explicit `SameSite` policy before the cookie is used for session or auth state.
53
+ summary: "Add `HttpOnly`, `Secure`, and an explicit `SameSite` policy (preferably `Lax` or `Strict`) before the cookie is used for session or auth state. For example: `{ httpOnly: true, secure: true, sameSite: 'lax' }`."
46
54
 
47
55