@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (735) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -233
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +2962 -309
  5. package/package.json +1 -1
  6. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  7. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  8. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  9. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  10. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  11. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  12. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  13. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  14. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  15. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  16. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  17. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  18. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  19. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  20. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  21. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  22. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  23. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  24. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  25. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  26. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  27. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  28. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  29. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  30. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  31. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  32. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  33. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  34. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  35. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  36. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  37. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  38. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  39. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  40. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  41. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  42. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  43. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  44. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  45. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  46. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  47. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  48. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  49. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  50. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  51. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  52. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  53. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  54. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  55. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  56. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  57. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  58. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  59. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  60. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  61. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  62. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  63. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  64. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  65. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  66. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  67. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  68. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  69. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  70. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  71. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  72. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  73. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  74. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  75. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  76. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  77. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  78. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  79. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  80. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  81. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  82. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  83. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  84. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  85. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  86. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  87. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  88. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  89. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  90. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  91. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  92. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  93. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  94. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  95. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  96. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  97. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  98. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  99. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  100. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  101. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  102. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  103. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  104. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  105. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  106. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  107. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  108. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  109. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  110. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  111. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  112. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  113. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  114. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  115. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  116. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  117. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  118. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  119. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  120. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  121. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  122. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  123. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  124. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  125. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  126. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  127. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  128. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  129. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  130. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  131. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  132. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  133. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  134. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  135. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  136. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  137. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  138. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  139. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  140. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  141. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  142. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  143. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  144. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  145. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  146. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  147. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  148. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  149. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  150. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  151. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  152. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  153. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  154. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  155. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  156. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  157. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  158. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  159. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  160. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  161. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  162. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  163. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  164. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  165. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  166. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  167. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  168. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  169. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  170. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  171. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  172. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  173. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  174. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  175. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  176. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  177. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  178. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  179. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  180. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  181. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  182. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  183. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  184. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  185. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  186. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  187. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  188. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  189. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  190. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  191. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  192. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  193. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  194. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  195. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  196. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  197. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  198. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  199. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  200. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  201. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  202. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  203. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  204. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  205. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  206. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  207. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  208. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  209. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  210. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  211. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  212. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  213. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  214. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  215. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  216. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  217. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  218. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  219. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +3 -0
  220. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  221. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  222. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  223. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  224. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  225. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  226. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +2 -0
  227. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +2 -0
  228. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  229. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +2 -0
  230. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +2 -0
  231. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +2 -0
  232. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +2 -0
  233. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  234. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +2 -0
  235. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  236. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  237. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +2 -0
  238. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +2 -0
  239. package/rules/php/php.correctness.empty-code-block.rule.yaml +2 -0
  240. package/rules/php/php.correctness.empty-function-body.rule.yaml +2 -0
  241. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  242. package/rules/php/php.correctness.function-comparison.rule.yaml +2 -0
  243. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  244. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  245. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  246. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  247. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  248. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  249. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  250. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  251. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  252. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  253. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  254. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +2 -0
  255. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  256. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  257. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  258. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  259. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  260. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  261. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  262. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  263. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  264. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +2 -0
  265. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  266. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  267. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +2 -0
  268. package/rules/php/php.correctness.nested-switch.rule.yaml +2 -0
  269. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  270. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  271. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  272. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  273. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  274. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  275. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +2 -0
  276. package/rules/php/php.correctness.self-assignment.rule.yaml +2 -0
  277. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  278. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  279. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  280. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  281. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  282. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  283. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  284. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  285. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  286. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  287. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  288. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  289. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +2 -0
  290. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  291. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  292. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  293. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  294. package/rules/php/php.correctness.useless-post-increment.rule.yaml +2 -0
  295. package/rules/php/php.correctness.useless-unset.rule.yaml +2 -0
  296. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  297. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +2 -0
  298. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  299. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  300. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  301. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  302. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  303. package/rules/php/php.security.unsafe-new-static.rule.yaml +2 -0
  304. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  305. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  306. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  307. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  308. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  309. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  310. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  311. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  312. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  313. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  314. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  315. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  316. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  317. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  318. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  319. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  320. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  321. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  322. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  323. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  324. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  325. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  326. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  327. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  328. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  329. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  330. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  331. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  332. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  333. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  334. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  335. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  336. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  337. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  338. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  339. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  340. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  341. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  342. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  343. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  344. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  345. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  346. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  347. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  348. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  349. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  350. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  351. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  352. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  353. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  354. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  355. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  356. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  357. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  358. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  359. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  360. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  361. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  362. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  363. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  364. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  365. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  366. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  367. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  368. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  369. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  370. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  371. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  372. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  373. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  374. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  375. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  376. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  377. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  378. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  379. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  380. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  381. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  382. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  383. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  384. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  385. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  386. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  387. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  388. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  389. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  390. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  391. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  392. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  393. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  394. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  395. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  396. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  397. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  398. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  399. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  400. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  401. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  402. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  403. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  404. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  405. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  406. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  407. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  408. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  409. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  410. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  411. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  412. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  413. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  414. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  415. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  416. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  417. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  418. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  419. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  420. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  421. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  422. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  423. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  424. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  425. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  426. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  427. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  428. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  429. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  430. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  431. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  432. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  433. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  434. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  435. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  436. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  437. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  438. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  439. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  440. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  441. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  442. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  443. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  444. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  445. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  446. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  447. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  448. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  449. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  450. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  451. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  452. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  453. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  454. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  455. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  456. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  457. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  458. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  459. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  460. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  461. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  462. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  463. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  464. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  465. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  466. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  467. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  468. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  469. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  470. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  471. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  472. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  473. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  474. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  475. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  476. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  477. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  478. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  479. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  480. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  481. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  482. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  483. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  484. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  485. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  486. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  487. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  488. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  489. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  490. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  491. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  492. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  493. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  494. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  495. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  496. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  497. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  498. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  499. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  500. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  501. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  502. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  503. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  504. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  505. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  506. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  507. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  508. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  509. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  510. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  511. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  512. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  513. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  514. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  515. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  516. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  517. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  518. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  519. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  520. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  521. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  522. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  523. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  524. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  525. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  526. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  527. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  528. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  529. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  530. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  531. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  532. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  533. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  534. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  535. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  536. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  537. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  538. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  539. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  540. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  541. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  542. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  543. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  544. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  545. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  546. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  547. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  548. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  549. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  550. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  551. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  552. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  553. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  554. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  555. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  556. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  557. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  558. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  559. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  560. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  561. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  562. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  563. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  564. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  565. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  566. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  567. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  568. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  569. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  570. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  571. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  572. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  573. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  574. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  575. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  576. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  577. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  578. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  579. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  580. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  581. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  582. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  583. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  584. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  585. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  586. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  587. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  588. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  589. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  590. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  591. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  592. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  593. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  594. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  595. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  596. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  597. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  598. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  599. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  600. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  601. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  602. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  603. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  604. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  605. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  606. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  607. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  608. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  609. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  610. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  611. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  612. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  613. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  614. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  615. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  616. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  617. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  618. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  619. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  620. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  621. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  622. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  623. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  624. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  625. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  626. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  627. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  628. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  629. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  630. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  631. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  632. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  633. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  634. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  635. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  636. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  637. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  638. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  639. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  640. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  641. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  642. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  643. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  644. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  645. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  646. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  647. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  648. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  649. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  650. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  651. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  652. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  653. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  654. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  655. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  656. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  657. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  658. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  659. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  660. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  661. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  662. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  663. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  664. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  665. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  666. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  667. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  668. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  669. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  670. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  671. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  672. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  673. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  674. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  675. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  676. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  677. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  678. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  679. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  680. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  681. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  682. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  683. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  684. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  685. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  686. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  687. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  688. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  689. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  690. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  691. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  692. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  693. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  694. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  695. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  696. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  697. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  698. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  699. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  700. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  701. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  702. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  703. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  704. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  705. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  706. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  707. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  708. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  709. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  710. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  711. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  712. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  713. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  714. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  715. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  716. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  717. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  718. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  719. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  720. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  721. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  722. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  723. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  724. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  725. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  726. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  727. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  728. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  729. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  730. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  731. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  732. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  733. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  734. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  735. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.lost-increment-in-assignment
5
+ title: Increment/decrement lost during assignment to same variable
6
+ summary: Assigning a post-incremented variable to itself (e.g., x = x++) discards the increment because the old value is assigned back.
7
+ rationale: In x = x++, the post-increment returns the original value, which is then written over the incremented value, making the increment a no-op.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0396
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - defensive-programming
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.lost-increment-in-assignment
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.defensive-programming
36
+ severity: high
37
+ confidence: 0.95
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Increment lost in `${captures.issue.text}`
43
+ summary: "`${captures.issue.text}` discards the increment because post-increment returns the old value and assigns it back to the same variable."
44
+ remediation:
45
+ summary: Either use `x++` alone, or assign from a different expression (e.g., `y = x++` or `x = x + 1`).
package/rules/java/java.correctness.math-max-min-swapped.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.math-max-min-swapped
5
+ title: Incorrect combination of Math.max and Math.min
6
+ summary: "Using `Math.max(A, Math.min(A, ...))` or `Math.min(A, Math.max(A, ...))` with a repeated argument is suspicious."
7
+ rationale: Nested Math.max/Math.min calls with a repeated first argument often indicate swapped arguments. The inner call's result is passed as the second arg, making the outer call pointless or incorrect.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0080
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - logic
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.math-max-min-swapped
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.logic
36
+ severity: medium
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Possible swapped Math.max/Math.min arguments
43
+ summary: "`${captures.issue.text}` has the same variable as the outer call's first argument and the inner call's first argument, suggesting the arguments may be swapped."
44
+ remediation:
45
+ summary: "Review the nested Math.max/Math.min call and swap inner arguments if needed."
package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml ADDED
@@ -0,0 +1,43 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.missing-enum-switch-elements
5
+ title: Missing enum elements in switch cases
6
+ summary: Switch statements on enum types without a default label must cover all enum members.
7
+ rationale: If new enum members are added later and the switch is not updated, the code silently skips the new case — almost always a bug.
8
+ aliases:
9
+ - JAVA-E1082
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - logic
14
+ - rules-catalog
15
+ stability: experimental
16
+ appliesTo: block
17
+ scope:
18
+ languages:
19
+ - java
20
+ paths:
21
+ include:
22
+ - "**/*.java"
23
+ exclude:
24
+ - "**/src/test/**"
25
+ - "**/tests/**"
26
+ - "**/*Test.java"
27
+ match:
28
+ fact:
29
+ kind: java.correctness.missing-enum-switch-elements
30
+ bind: issue
31
+ emit:
32
+ finding:
33
+ category: correctness.logic
34
+ severity: high
35
+ confidence: 0.82
36
+ tags:
37
+ - correctness
38
+ - java
39
+ message:
40
+ title: Switch on enum missing elements
41
+ summary: "Switch on enum type missing the following members: ${captures.issue.text}"
42
+ remediation:
43
+ summary: Add case labels for every enum member that is not covered, or add a default label to handle unknown values.
package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.modulus-multiplication-precedence
5
+ title: The `%` operator has higher precedence than `*` — ambiguous expression
6
+ summary: Mixing `%` and `*` without parentheses creates ambiguous precedence that may not match developer intent.
7
+ rationale: In Java, `%` and `*` have the same precedence and are left-associative. `a % b * c` is parsed as `(a % b) * c` which may not be what the developer intended.
8
+ aliases:
9
+ - JAVA-E1080
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.modulus-multiplication-precedence
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.logic
33
+ severity: high
34
+ confidence: 0.86
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Ambiguous modulus/multiplication precedence in `${captures.issue.text}`
40
+ summary: "Mixing `%` and `*` without parentheses can lead to misreading the expression."
41
+ remediation:
42
+ summary: Add parentheses to clarify precedence — either `(a % b) * c` or `a % (b * c)` depending on intent.
package/rules/java/java.correctness.mutable-data-exposed.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.mutable-data-exposed
5
+ title: Defensively copy mutable objects passed to constructors
6
+ summary: Assigning a mutable object (collection or array) directly to a field without a defensive copy exposes internal state.
7
+ rationale: When a constructor parameter references a mutable object and stores it directly, the caller can modify the field's state externally. This breaks encapsulation and can lead to unexpected behavior or security issues.
8
+ aliases:
9
+ - JAVA-E1086
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.mutable-data-exposed
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.encapsulation
33
+ severity: high
34
+ confidence: 0.70
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Mutable data exposed in `${captures.issue.text}`
40
+ summary: "A mutable object passed to a constructor is assigned directly to a field without a defensive copy, exposing internal state."
41
+ remediation:
42
+ summary: Create a defensive copy of the mutable parameter (e.g., `new ArrayList<>(input)`, `input.clone()`) before assigning to the field.
package/rules/java/java.correctness.mutable-enum-fields.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.mutable-enum-fields
5
+ title: Enum fields should be final
6
+ summary: Enum fields that are not declared final create mutable state in a shared singleton instance.
7
+ rationale: "Enum constants are singletons by definition. Non-final fields make their state mutable across callers, leading to unpredictable behavior in multi-threaded environments. Declare fields as `final` and initialize them in the constructor."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1069
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.mutable-enum-fields
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.immutability
35
+ severity: medium
36
+ confidence: 0.82
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Enum field is not declared final
42
+ summary: "`${captures.issue.text}` in an enum body is not declared final. Enum constants are singletons; mutable fields break instance control guarantees."
43
+ remediation:
44
+ summary: Add the `final` modifier to the field and initialize it in a constructor.
package/rules/java/java.correctness.nan-comparison.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.nan-comparison
5
+ title: Double/Float comparison with NaN always returns false
6
+ summary: Comparing a floating-point value to Double.NaN or Float.NaN using == or != always yields false (or true for !=) because NaN is not equal to any value, including itself.
7
+ rationale: Per the IEEE 754 standard and Java Language Specification (§4.2.3, §15.21.1), NaN is unordered — it is not equal to, less than, or greater than any value, including itself. Use Double.isNaN() or Float.isNaN() instead of equality checks.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1031
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.nan-comparison
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.types
33
+ severity: high
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Comparison with NaN using == or !=
40
+ summary: NaN is never equal to any value, including itself. A `==` or `!=` comparison with `Double.NaN` or `Float.NaN` will not behave as expected.
41
+ remediation:
42
+ summary: Use `Double.isNaN(x)` or `Float.isNaN(x)` instead of `x == Double.NaN` or similar equality checks against NaN.
package/rules/java/java.correctness.ncopies-argument-order.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.ncopies-argument-order
5
+ title: "Avoid reversed arguments to `Collections.nCopies()`"
6
+ summary: "Passing a string as the first argument to `Collections.nCopies()` likely has the arguments reversed."
7
+ rationale: "`Collections.nCopies(int n, T o)` takes the count as the first argument and the object to copy as the second. Passing `nCopies(\"str\", count)` is a compile-time error when types don't match, but `nCopies(stringVar, count)` can compile with unexpected results if types align."
8
+ aliases:
9
+ - JAVA-E1090
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.ncopies-argument-order
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.api-misuse
33
+ severity: critical
34
+ confidence: 0.88
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: "Possible reversed arguments to `Collections.nCopies()` in `${captures.issue.text}`"
40
+ summary: "`Collections.nCopies()` expects the count as the first argument and the object to copy as the second. A string literal as the first argument indicates the arguments are likely reversed."
41
+ remediation:
42
+ summary: "Swap the arguments so the count comes first: `Collections.nCopies(count, object)`."
package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.noallocation-method-creates-object
5
+ title: '@NoAllocation method performs object allocation'
6
+ summary: A method annotated @NoAllocation creates heap objects via `new`.
7
+ rationale: "The @NoAllocation annotation promises zero heap allocation. Creating objects with `new` inside the method body violates that contract and may cause performance regressions or library contract violations."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1059
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - allocation
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.noallocation-method-creates-object
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.api-usage
36
+ severity: medium
37
+ confidence: 0.78
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: '@NoAllocation method allocates objects'
43
+ summary: "`${captures.issue.text}` creates a new object inside a @NoAllocation-annotated method."
44
+ remediation:
45
+ summary: Remove the allocation or remove the @NoAllocation annotation if allocation is intentional.
package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.non-final-immutable-fields
5
+ title: Fields of immutable classes should be final
6
+ summary: Fields in a class annotated with @Immutable or @Value should be declared final.
7
+ rationale: An immutable class must guarantee that its state cannot change after construction. Non-final fields violate this contract even if the class is declared as immutable.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0055
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - immutability
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.non-final-immutable-fields
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.immutability
36
+ severity: medium
37
+ confidence: 0.80
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Non-final field in immutable class
43
+ summary: "Field `${captures.issue.text}` in an @Immutable or @Value class should be declared final."
44
+ remediation:
45
+ summary: "Add the `final` modifier to the field declaration."
package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml ADDED
@@ -0,0 +1,43 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.non-null-method-returns-null
5
+ title: Methods annotated as non-nullable should not return null values
6
+ summary: Methods annotated @Nonnull, @NotNull, or @NonNull that contain explicit return null statements are buggy.
7
+ rationale: Returning null from a non-null annotated method defeats the purpose of the annotation and will cause NullPointerException at call sites.
8
+ aliases:
9
+ - JAVA-E1095
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - null-safety
14
+ - rules-catalog
15
+ stability: experimental
16
+ appliesTo: block
17
+ scope:
18
+ languages:
19
+ - java
20
+ paths:
21
+ include:
22
+ - "**/*.java"
23
+ exclude:
24
+ - "**/src/test/**"
25
+ - "**/tests/**"
26
+ - "**/*Test.java"
27
+ match:
28
+ fact:
29
+ kind: java.correctness.non-null-method-returns-null
30
+ bind: issue
31
+ emit:
32
+ finding:
33
+ category: correctness.null-safety
34
+ severity: critical
35
+ confidence: 0.92
36
+ tags:
37
+ - correctness
38
+ - java
39
+ message:
40
+ title: Non-null method returns null
41
+ summary: "The method is annotated as non-nullable but contains a return null statement."
42
+ remediation:
43
+ summary: Remove the return null statement or change the method annotation to @Nullable if null is a valid return value.
package/rules/java/java.correctness.non-terminating-loop.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.non-terminating-loop
5
+ title: Non-terminating loop
6
+ summary: A loop with an unconditionally true condition has no break or return statement, causing it to run indefinitely.
7
+ rationale: A while(true) or for(;;) loop without a break, return, or System.exit() inside its body will never terminate, leading to program hang. This is typically a bug unless the loop is intentionally infinite (e.g., server event loops).
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1046
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.non-terminating-loop
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.control-flow
33
+ severity: critical
34
+ confidence: 0.9
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Non-terminating loop
40
+ summary: "`${captures.issue.text}` has no exit condition, break, or return, so it runs indefinitely."
41
+ remediation:
42
+ summary: Add a break, return, or a bounded condition to the loop to allow termination.
package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.oddness-check-fails-negative
5
+ title: Oddness check using x % 2 == 1 will not work for negative numbers
6
+ summary: Using `x % 2 == 1` to check parity fails for negative values because Java's modulo preserves sign.
7
+ rationale: In Java, -3 % 2 == -1, so the comparison == 1 fails for negative odd numbers. Use x % 2 != 0 instead.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0405
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - arithmetic
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.oddness-check-fails-negative
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.logic
36
+ severity: high
37
+ confidence: 0.95
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Oddness check fails for negative numbers
43
+ summary: Using `x % 2 == 1` to test oddness does not work for negative numbers because the modulo result preserves the sign of the dividend.
44
+ remediation:
45
+ summary: Replace `x % 2 == 1` with `x % 2 != 0` to correctly detect odd numbers including negative values.
package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.optional-get-without-present-check
5
+ title: Optional values must be checked before being accessed
6
+ summary: Calling Optional.get() without a preceding isPresent() check will throw NoSuchElementException when the Optional is empty.
7
+ rationale: Optional.get() throws if no value is present. Always guard with isPresent() or use orElse(), orElseThrow(), or orElseGet() to safely handle empty Optionals.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1013
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.optional-get-without-present-check
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.api-usage
35
+ severity: high
36
+ confidence: 0.55
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Optional.get() called without presence check
42
+ summary: "`${captures.issue.text}` calls Optional.get() without a detectable isPresent() guard. This will throw NoSuchElementException if the Optional is empty."
43
+ remediation:
44
+ summary: Guard with isPresent() before calling get(), or use orElse(), orElseThrow(), or orElseGet() instead.
package/rules/java/java.correctness.optional-null.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.optional-null
5
+ title: Optional variable or return value set to null
6
+ summary: An Optional-typed variable is assigned null or a method returns null for an Optional return type.
7
+ rationale: Optional is designed to represent absence without null. Assigning null to an Optional defeats its purpose and risks NullPointerException.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1022
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.optional-null
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.nullability
33
+ severity: critical
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Optional variable or return value assigned null
40
+ summary: An Optional-typed variable or method return is set to null instead of using Optional.empty() or Optional.ofNullable().
41
+ remediation:
42
+ summary: Use Optional.empty() to represent absence, or Optional.ofNullable(value) for nullable values.