@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (735) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -233
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +2962 -309
  5. package/package.json +1 -1
  6. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  7. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  8. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  9. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  10. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  11. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  12. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  13. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  14. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  15. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  16. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  17. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  18. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  19. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  20. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  21. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  22. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  23. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  24. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  25. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  26. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  27. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  28. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  29. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  30. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  31. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  32. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  33. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  34. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  35. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  36. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  37. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  38. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  39. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  40. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  41. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  42. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  43. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  44. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  45. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  46. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  47. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  48. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  49. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  50. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  51. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  52. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  53. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  54. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  55. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  56. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  57. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  58. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  59. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  60. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  61. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  62. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  63. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  64. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  65. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  66. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  67. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  68. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  69. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  70. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  71. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  72. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  73. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  74. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  75. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  76. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  77. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  78. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  79. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  80. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  81. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  82. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  83. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  84. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  85. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  86. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  87. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  88. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  89. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  90. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  91. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  92. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  93. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  94. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  95. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  96. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  97. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  98. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  99. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  100. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  101. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  102. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  103. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  104. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  105. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  106. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  107. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  108. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  109. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  110. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  111. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  112. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  113. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  114. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  115. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  116. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  117. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  118. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  119. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  120. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  121. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  122. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  123. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  124. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  125. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  126. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  127. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  128. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  129. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  130. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  131. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  132. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  133. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  134. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  135. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  136. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  137. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  138. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  139. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  140. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  141. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  142. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  143. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  144. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  145. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  146. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  147. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  148. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  149. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  150. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  151. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  152. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  153. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  154. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  155. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  156. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  157. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  158. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  159. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  160. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  161. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  162. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  163. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  164. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  165. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  166. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  167. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  168. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  169. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  170. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  171. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  172. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  173. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  174. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  175. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  176. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  177. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  178. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  179. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  180. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  181. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  182. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  183. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  184. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  185. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  186. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  187. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  188. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  189. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  190. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  191. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  192. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  193. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  194. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  195. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  196. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  197. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  198. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  199. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  200. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  201. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  202. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  203. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  204. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  205. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  206. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  207. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  208. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  209. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  210. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  211. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  212. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  213. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  214. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  215. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  216. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  217. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  218. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  219. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +3 -0
  220. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  221. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  222. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  223. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  224. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  225. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  226. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +2 -0
  227. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +2 -0
  228. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  229. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +2 -0
  230. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +2 -0
  231. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +2 -0
  232. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +2 -0
  233. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  234. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +2 -0
  235. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  236. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  237. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +2 -0
  238. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +2 -0
  239. package/rules/php/php.correctness.empty-code-block.rule.yaml +2 -0
  240. package/rules/php/php.correctness.empty-function-body.rule.yaml +2 -0
  241. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  242. package/rules/php/php.correctness.function-comparison.rule.yaml +2 -0
  243. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  244. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  245. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  246. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  247. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  248. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  249. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  250. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  251. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  252. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  253. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  254. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +2 -0
  255. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  256. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  257. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  258. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  259. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  260. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  261. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  262. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  263. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  264. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +2 -0
  265. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  266. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  267. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +2 -0
  268. package/rules/php/php.correctness.nested-switch.rule.yaml +2 -0
  269. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  270. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  271. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  272. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  273. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  274. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  275. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +2 -0
  276. package/rules/php/php.correctness.self-assignment.rule.yaml +2 -0
  277. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  278. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  279. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  280. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  281. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  282. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  283. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  284. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  285. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  286. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  287. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  288. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  289. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +2 -0
  290. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  291. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  292. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  293. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  294. package/rules/php/php.correctness.useless-post-increment.rule.yaml +2 -0
  295. package/rules/php/php.correctness.useless-unset.rule.yaml +2 -0
  296. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  297. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +2 -0
  298. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  299. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  300. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  301. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  302. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  303. package/rules/php/php.security.unsafe-new-static.rule.yaml +2 -0
  304. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  305. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  306. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  307. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  308. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  309. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  310. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  311. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  312. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  313. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  314. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  315. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  316. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  317. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  318. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  319. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  320. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  321. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  322. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  323. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  324. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  325. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  326. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  327. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  328. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  329. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  330. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  331. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  332. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  333. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  334. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  335. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  336. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  337. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  338. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  339. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  340. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  341. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  342. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  343. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  344. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  345. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  346. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  347. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  348. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  349. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  350. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  351. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  352. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  353. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  354. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  355. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  356. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  357. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  358. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  359. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  360. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  361. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  362. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  363. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  364. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  365. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  366. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  367. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  368. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  369. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  370. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  371. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  372. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  373. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  374. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  375. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  376. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  377. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  378. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  379. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  380. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  381. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  382. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  383. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  384. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  385. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  386. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  387. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  388. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  389. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  390. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  391. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  392. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  393. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  394. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  395. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  396. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  397. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  398. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  399. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  400. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  401. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  402. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  403. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  404. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  405. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  406. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  407. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  408. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  409. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  410. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  411. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  412. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  413. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  414. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  415. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  416. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  417. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  418. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  419. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  420. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  421. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  422. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  423. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  424. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  425. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  426. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  427. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  428. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  429. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  430. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  431. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  432. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  433. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  434. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  435. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  436. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  437. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  438. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  439. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  440. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  441. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  442. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  443. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  444. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  445. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  446. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  447. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  448. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  449. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  450. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  451. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  452. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  453. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  454. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  455. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  456. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  457. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  458. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  459. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  460. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  461. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  462. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  463. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  464. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  465. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  466. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  467. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  468. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  469. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  470. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  471. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  472. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  473. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  474. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  475. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  476. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  477. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  478. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  479. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  480. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  481. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  482. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  483. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  484. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  485. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  486. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  487. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  488. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  489. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  490. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  491. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  492. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  493. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  494. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  495. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  496. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  497. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  498. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  499. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  500. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  501. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  502. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  503. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  504. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  505. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  506. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  507. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  508. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  509. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  510. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  511. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  512. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  513. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  514. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  515. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  516. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  517. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  518. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  519. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  520. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  521. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  522. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  523. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  524. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  525. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  526. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  527. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  528. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  529. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  530. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  531. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  532. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  533. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  534. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  535. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  536. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  537. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  538. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  539. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  540. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  541. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  542. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  543. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  544. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  545. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  546. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  547. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  548. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  549. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  550. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  551. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  552. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  553. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  554. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  555. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  556. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  557. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  558. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  559. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  560. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  561. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  562. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  563. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  564. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  565. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  566. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  567. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  568. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  569. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  570. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  571. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  572. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  573. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  574. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  575. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  576. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  577. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  578. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  579. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  580. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  581. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  582. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  583. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  584. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  585. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  586. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  587. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  588. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  589. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  590. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  591. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  592. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  593. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  594. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  595. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  596. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  597. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  598. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  599. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  600. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  601. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  602. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  603. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  604. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  605. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  606. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  607. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  608. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  609. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  610. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  611. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  612. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  613. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  614. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  615. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  616. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  617. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  618. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  619. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  620. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  621. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  622. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  623. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  624. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  625. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  626. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  627. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  628. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  629. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  630. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  631. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  632. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  633. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  634. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  635. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  636. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  637. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  638. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  639. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  640. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  641. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  642. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  643. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  644. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  645. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  646. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  647. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  648. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  649. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  650. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  651. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  652. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  653. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  654. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  655. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  656. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  657. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  658. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  659. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  660. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  661. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  662. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  663. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  664. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  665. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  666. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  667. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  668. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  669. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  670. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  671. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  672. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  673. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  674. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  675. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  676. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  677. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  678. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  679. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  680. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  681. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  682. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  683. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  684. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  685. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  686. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  687. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  688. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  689. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  690. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  691. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  692. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  693. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  694. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  695. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  696. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  697. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  698. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  699. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  700. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  701. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  702. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  703. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  704. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  705. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  706. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  707. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  708. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  709. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  710. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  711. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  712. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  713. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  714. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  715. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  716. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  717. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  718. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  719. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  720. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  721. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  722. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  723. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  724. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  725. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  726. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  727. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  728. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  729. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  730. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  731. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  732. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  733. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  734. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  735. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.ignored-inputstream-read
5
+ title: Return value of InputStream.read() ignored
6
+ summary: Calling `read()` on an InputStream without using the return value discards data.
7
+ rationale: "InputStream.read() returns the number of bytes read. Ignoring this value can lead to data loss or incorrect assumptions about how many bytes were consumed."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0183
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - resource
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.ignored-inputstream-read
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.resource
36
+ severity: medium
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: InputStream.read() return value ignored
43
+ summary: The return value of `read()` is not captured or checked. The actual number of bytes read may differ from the buffer size.
44
+ remediation:
45
+ summary: Capture and check the return value of `read()`, for example `int n = is.read(buf);`
package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.ignored-inputstream-skip
5
+ title: Return value of InputStream.skip ignored
6
+ summary: Calling `skip()` on an InputStream without using the return value discards data.
7
+ rationale: "InputStream.skip() returns the actual number of bytes skipped, which may be less than requested. Ignoring this value can lead to incorrect stream positioning."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0184
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - resource
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.ignored-inputstream-skip
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.resource
36
+ severity: medium
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: InputStream.skip() return value ignored
43
+ summary: The return value of `skip()` is not captured or checked. Fewer bytes may have been skipped than requested.
44
+ remediation:
45
+ summary: Capture and check the return value of `skip()`, for example `long n = is.skip(100);`
package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.illegal-monitor-state-caught
5
+ title: IllegalMonitorStateException should not be handled
6
+ summary: IllegalMonitorStateException indicates a programming error; handling it masks the bug.
7
+ rationale: This exception signals incorrect `wait()`/`notify()` usage. Fix the synchronization logic instead of catching it.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0040
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - concurrency
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.illegal-monitor-state-caught
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: high
37
+ confidence: 0.90
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Catching IllegalMonitorStateException masks synchronization bug
43
+ summary: "IllegalMonitorStateException should not be caught. Fix the synchronization logic instead."
44
+ remediation:
45
+ summary: Fix the synchronization logic that causes IllegalMonitorStateException rather than catching it.
package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.impossible-toarray-downcast
5
+ title: Impossible downcast of toArray() result
6
+ summary: Casting the result of no-arg toArray() to a specific array type will throw ClassCastException.
7
+ rationale: Collection.toArray() returns Object[] and cannot be cast to a more specific array type. Use toArray(T[]) instead.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0386
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - collections
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.impossible-toarray-downcast
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.type-safety
36
+ severity: critical
37
+ confidence: 0.95
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Impossible downcast of toArray() result
43
+ summary: "`${captures.issue.text}` casts the no-arg toArray() to a specific array type, which will throw ClassCastException at runtime."
44
+ remediation:
45
+ summary: Use `toArray(new Foo[0])` or `toArray(new Foo[list.size()])` instead of casting the no-arg result.
package/rules/java/java.correctness.incorrect-main-signature.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.incorrect-main-signature
5
+ title: Incorrect main method signature detected
6
+ summary: A method named main does not match the required public static void main(String[]) or String... signature, so it will not be usable as a program entry point.
7
+ rationale: The JVM requires main methods to have the exact signature public static void main(String[] args) or public static void main(String... args). Methods named main with wrong return types, missing static, or incorrect parameter types will not be recognized as entry points.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1105
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.incorrect-main-signature
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.general
33
+ severity: high
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Incorrect main method signature in `${captures.issue.text}`
40
+ summary: A method named main does not match the required public static void main(String[]) or String... signature and will not be usable as a program entry point.
41
+ remediation:
42
+ summary: Change the method signature to `public static void main(String[] args)` or `public static void main(String... args)`.
package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.indexof-reversed-arguments
5
+ title: "Avoid reversed arguments to `String.indexOf()`"
6
+ summary: "Calling `indexOf()` with an integer as the first argument and a string as the second likely has the arguments reversed."
7
+ rationale: "`String.indexOf(int ch, int fromIndex)` takes a character code as the first argument and a starting position as the second. Passing `indexOf(0, \"str\")` compiles because `0` is a valid char code and `\"str\"` is treated as `fromIndex`. The developer likely meant `indexOf(\"str\")` or `indexOf(\"str\", 0)`."
8
+ aliases:
9
+ - JAVA-E1089
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.indexof-reversed-arguments
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.api-misuse
33
+ severity: high
34
+ confidence: 0.90
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: "Arguments to `indexOf()` appear to be reversed in `${captures.issue.text}`"
40
+ summary: "Calling `indexOf(int, String)` suggests the arguments are reversed. The first argument should be the character to find, the second the start position."
41
+ remediation:
42
+ summary: "Use `indexOf(\"str\")` to search for a substring, or `indexOf(\"str\", fromIndex)` to specify a start position. Use a character literal for single-character searches."
package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.instant-unsupported-temporal-unit
5
+ title: "Instant should not be passed unsupported temporal unit types"
6
+ summary: "`Instant.plus()`, `Instant.minus()`, and `Instant.until()` throw `UnsupportedTemporalTypeException` when called with date-based units such as WEEKS, MONTHS, or YEARS."
7
+ rationale: "`Instant` represents an instantaneous point on the time-line and does not support date-based fields. Using `ChronoUnit.WEEKS`, `MONTHS`, `YEARS`, `DECADES`, `CENTURIES`, `MILLENNIA`, `ERAS`, or `FOREVER` with `Instant.plus()`, `minus()`, or `until()` throws `UnsupportedTemporalTypeException`. Use `ChronoUnit.DAYS`, `HOURS`, `MINUTES`, `SECONDS`, `NANOS`, etc. instead."
8
+ aliases:
9
+ - JAVA-E1094
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.instant-unsupported-temporal-unit
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.exceptions
33
+ severity: high
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: "Date-based ChronoUnit used with Instant method in `${captures.issue.text}`"
40
+ summary: "Instant does not support date-based temporal units (WEEKS, MONTHS, YEARS, etc.). Use time-based units like DAYS, HOURS, MINUTES, or SECONDS."
41
+ remediation:
42
+ summary: "Replace date-based ChronoUnit (WEEKS, MONTHS, YEARS) with time-based units (DAYS, HOURS, MINUTES, SECONDS, NANOS)."
package/rules/java/java.correctness.invalid-regex-literal.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.invalid-regex-literal
5
+ title: Invalid regex syntax must not be used
6
+ summary: The regex pattern string contains invalid syntax (e.g. unmatched brackets, reversed character range, or invalid escape).
7
+ rationale: Invalid regex patterns will throw PatternSyntaxException at runtime.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0394
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - regex
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.invalid-regex-literal
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.input-validation
36
+ severity: critical
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Invalid regex syntax in `${captures.issue.text}`
43
+ summary: "The regex pattern contains invalid syntax (unmatched brackets, reversed range, or invalid escape) that will throw PatternSyntaxException."
44
+ remediation:
45
+ summary: Fix the regex pattern — ensure brackets are balanced, character ranges are ascending (`[a-z]` not `[z-a]`), and escape sequences are valid.
package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.invalid-serial-version-uid
5
+ title: serialVersionUID must be static final long
6
+ summary: The serialVersionUID field must be declared as static final long to serve as a valid serialization identifier.
7
+ rationale: Java's serialization mechanism requires serialVersionUID to be a static final long field. If it is declared with a different type (e.g., int), missing static or final modifiers, the serialization runtime will not recognize it as the version identifier, potentially leading to InvalidClassException during deserialization.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1042
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.invalid-serial-version-uid
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.serialization
33
+ severity: high
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Invalid serialVersionUID declaration
40
+ summary: "`${captures.issue.text}` is not a valid serialVersionUID; it must be declared as `static final long`."
41
+ remediation:
42
+ summary: Change the field to `static final long serialVersionUID = <value>L;`.
package/rules/java/java.correctness.invalid-time-constants.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.invalid-time-constants
5
+ title: Invalid values for java.time constants will always throw a DateTimeException
6
+ summary: Calls to java.time factory methods with literal arguments outside valid ranges (month > 12, day > 31, hour >= 24, minute/seconds >= 60) will always throw DateTimeException at runtime.
7
+ rationale: The java.time API throws DateTimeException for out-of-range values. Using literal constants that are out of range is always a bug and should be caught at development time.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1099
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.invalid-time-constants
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.exceptions
33
+ severity: high
34
+ confidence: 0.75
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Invalid time constant value in `${captures.issue.text}`
40
+ summary: A java.time factory method is called with a literal value that is outside the valid range and will always throw a DateTimeException at runtime.
41
+ remediation:
42
+ summary: Replace the out-of-range value with a valid constant within the documented range for the factory method.
package/rules/java/java.correctness.invalidated-iterator.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.invalidated-iterator
5
+ title: Do not modify collections while iterating
6
+ summary: Modifying a collection with `add()`, `remove()`, or `clear()` inside a for-each loop will throw a ConcurrentModificationException.
7
+ rationale: The iterator obtained by a for-each loop does not expect structural modifications to the underlying collection. Calling add/remove/clear invalidates the iterator and throws ConcurrentModificationException at runtime.
8
+ aliases:
9
+ - JAVA-E1085
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.invalidated-iterator
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.collections
33
+ severity: high
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Iterator invalidated by collection modification in `${captures.issue.text}`
40
+ summary: "A collection is structurally modified inside a for-each loop, which will throw a ConcurrentModificationException."
41
+ remediation:
42
+ summary: Use an explicit Iterator with `iterator.remove()`, collect items for later removal, or use `removeIf()` for conditional removal during iteration.
package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.iterable-iterator-returns-this
5
+ title: Iterable must not return this from iterator()
6
+ summary: A class implementing both Iterable and Iterator that returns this from iterator() cannot support multiple concurrent iterations and violates the Iterator contract.
7
+ rationale: Returning this from iterator() means the collection is its own iterator, which prevents multiple iterations and can lead to ConcurrentModificationException or incorrect iteration state when nested.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1015
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.iterable-iterator-returns-this
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.api-usage
35
+ severity: high
36
+ confidence: 0.85
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Iterable.iterator() returns this
42
+ summary: The iterator() method in a class implementing both Iterable and Iterator returns this. This prevents multiple concurrent iterations and violates expected Iterator behavior.
43
+ remediation:
44
+ summary: Create a separate Iterator class instead of having the collection implement Iterator itself. Return a new iterator instance from iterator().
package/rules/java/java.correctness.iterable-path-type.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.iterable-path-type
5
+ title: "Iterable<Path> is errorprone and should be replaced with Collection<Path>"
6
+ summary: "`Path` implements `Iterable<Path>`, so `Iterable<Path>` creates confusing APIs. Use `Collection<Path>` instead for clarity."
7
+ rationale: "`java.nio.file.Path` extends `Iterable<Path>`, which means code treating a single `Path` as an `Iterable<Path>` compiles but produces surprising behavior (iterating over a single path's name elements instead of multiple paths). Using `Iterable<Path>` in method signatures is error-prone. Use `Collection<Path>` or `List<Path>` instead."
8
+ aliases:
9
+ - JAVA-E1096
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.iterable-path-type
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.api-design
33
+ severity: high
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: "Iterable<Path> is error-prone in `${captures.issue.text}`"
40
+ summary: "Since Path itself is Iterable<Path>, using Iterable<Path> as a parameter type can cause confusion. Use Collection<Path> or List<Path> instead."
41
+ remediation:
42
+ summary: "Replace `Iterable<Path>` with `Collection<Path>` or `List<Path>` to avoid ambiguity with `Path`'s own iteration."
package/rules/java/java.correctness.jump-in-finally.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.jump-in-finally
5
+ title: Jump statements must not be used within finally blocks
6
+ summary: Using return, throw, or break in a finally block overrides any exception or return value from the try block.
7
+ rationale: Control flow statements (return, throw) in finally blocks suppress exceptions thrown in the corresponding try block and obscure the normal return path, leading to subtle bugs.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1007
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.jump-in-finally
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.control-flow
35
+ severity: high
36
+ confidence: 0.85
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Jump statement in finally block
42
+ summary: "`${captures.issue.text}` is a jump statement inside a finally block and will override any return value or exception from the try block."
43
+ remediation:
44
+ summary: Remove return, throw, and break statements from finally blocks. Keep finally blocks limited to cleanup operations.
package/rules/java/java.correctness.loop-condition-never-true.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.loop-condition-never-true
5
+ title: Loop condition is never true
6
+ summary: A loop condition that evaluates to false at compile time means the loop body will never execute.
7
+ rationale: Using a literal false value (or equivalent) as a loop condition guarantees the loop body never executes, which indicates dead code. This is often a debugging leftover or a logic error.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1045
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.loop-condition-never-true
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.control-flow
33
+ severity: high
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Loop condition is never true
40
+ summary: "`${captures.issue.text}` will never execute its body since the condition is always false."
41
+ remediation:
42
+ summary: Remove the dead loop or fix the condition to evaluate to true when iteration is needed.