@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (735) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -233
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +2962 -309
  5. package/package.json +1 -1
  6. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  7. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  8. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  9. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  10. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  11. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  12. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  13. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  14. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  15. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  16. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  17. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  18. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  19. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  20. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  21. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  22. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  23. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  24. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  25. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  26. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  27. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  28. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  29. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  30. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  31. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  32. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  33. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  34. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  35. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  36. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  37. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  38. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  39. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  40. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  41. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  42. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  43. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  44. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  45. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  46. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  47. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  48. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  49. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  50. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  51. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  52. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  53. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  54. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  55. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  56. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  57. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  58. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  59. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  60. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  61. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  62. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  63. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  64. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  65. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  66. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  67. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  68. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  69. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  70. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  71. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  72. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  73. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  74. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  75. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  76. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  77. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  78. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  79. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  80. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  81. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  82. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  83. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  84. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  85. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  86. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  87. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  88. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  89. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  90. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  91. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  92. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  93. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  94. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  95. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  96. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  97. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  98. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  99. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  100. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  101. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  102. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  103. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  104. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  105. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  106. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  107. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  108. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  109. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  110. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  111. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  112. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  113. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  114. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  115. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  116. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  117. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  118. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  119. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  120. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  121. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  122. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  123. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  124. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  125. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  126. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  127. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  128. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  129. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  130. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  131. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  132. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  133. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  134. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  135. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  136. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  137. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  138. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  139. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  140. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  141. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  142. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  143. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  144. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  145. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  146. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  147. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  148. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  149. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  150. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  151. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  152. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  153. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  154. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  155. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  156. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  157. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  158. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  159. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  160. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  161. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  162. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  163. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  164. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  165. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  166. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  167. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  168. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  169. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  170. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  171. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  172. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  173. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  174. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  175. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  176. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  177. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  178. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  179. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  180. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  181. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  182. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  183. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  184. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  185. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  186. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  187. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  188. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  189. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  190. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  191. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  192. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  193. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  194. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  195. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  196. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  197. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  198. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  199. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  200. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  201. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  202. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  203. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  204. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  205. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  206. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  207. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  208. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  209. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  210. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  211. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  212. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  213. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  214. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  215. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  216. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  217. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  218. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  219. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +3 -0
  220. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  221. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  222. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  223. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  224. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  225. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  226. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +2 -0
  227. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +2 -0
  228. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  229. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +2 -0
  230. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +2 -0
  231. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +2 -0
  232. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +2 -0
  233. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  234. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +2 -0
  235. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  236. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  237. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +2 -0
  238. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +2 -0
  239. package/rules/php/php.correctness.empty-code-block.rule.yaml +2 -0
  240. package/rules/php/php.correctness.empty-function-body.rule.yaml +2 -0
  241. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  242. package/rules/php/php.correctness.function-comparison.rule.yaml +2 -0
  243. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  244. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  245. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  246. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  247. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  248. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  249. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  250. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  251. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  252. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  253. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  254. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +2 -0
  255. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  256. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  257. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  258. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  259. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  260. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  261. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  262. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  263. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  264. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +2 -0
  265. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  266. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  267. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +2 -0
  268. package/rules/php/php.correctness.nested-switch.rule.yaml +2 -0
  269. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  270. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  271. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  272. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  273. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  274. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  275. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +2 -0
  276. package/rules/php/php.correctness.self-assignment.rule.yaml +2 -0
  277. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  278. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  279. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  280. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  281. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  282. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  283. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  284. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  285. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  286. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  287. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  288. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  289. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +2 -0
  290. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  291. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  292. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  293. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  294. package/rules/php/php.correctness.useless-post-increment.rule.yaml +2 -0
  295. package/rules/php/php.correctness.useless-unset.rule.yaml +2 -0
  296. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  297. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +2 -0
  298. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  299. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  300. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  301. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  302. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  303. package/rules/php/php.security.unsafe-new-static.rule.yaml +2 -0
  304. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  305. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  306. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  307. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  308. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  309. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  310. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  311. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  312. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  313. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  314. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  315. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  316. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  317. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  318. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  319. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  320. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  321. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  322. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  323. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  324. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  325. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  326. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  327. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  328. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  329. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  330. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  331. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  332. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  333. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  334. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  335. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  336. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  337. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  338. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  339. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  340. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  341. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  342. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  343. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  344. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  345. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  346. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  347. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  348. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  349. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  350. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  351. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  352. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  353. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  354. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  355. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  356. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  357. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  358. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  359. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  360. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  361. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  362. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  363. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  364. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  365. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  366. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  367. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  368. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  369. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  370. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  371. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  372. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  373. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  374. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  375. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  376. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  377. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  378. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  379. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  380. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  381. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  382. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  383. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  384. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  385. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  386. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  387. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  388. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  389. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  390. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  391. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  392. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  393. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  394. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  395. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  396. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  397. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  398. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  399. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  400. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  401. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  402. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  403. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  404. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  405. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  406. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  407. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  408. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  409. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  410. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  411. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  412. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  413. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  414. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  415. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  416. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  417. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  418. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  419. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  420. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  421. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  422. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  423. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  424. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  425. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  426. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  427. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  428. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  429. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  430. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  431. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  432. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  433. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  434. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  435. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  436. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  437. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  438. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  439. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  440. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  441. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  442. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  443. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  444. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  445. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  446. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  447. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  448. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  449. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  450. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  451. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  452. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  453. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  454. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  455. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  456. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  457. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  458. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  459. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  460. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  461. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  462. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  463. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  464. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  465. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  466. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  467. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  468. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  469. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  470. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  471. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  472. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  473. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  474. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  475. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  476. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  477. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  478. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  479. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  480. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  481. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  482. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  483. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  484. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  485. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  486. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  487. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  488. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  489. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  490. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  491. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  492. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  493. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  494. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  495. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  496. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  497. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  498. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  499. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  500. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  501. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  502. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  503. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  504. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  505. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  506. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  507. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  508. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  509. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  510. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  511. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  512. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  513. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  514. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  515. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  516. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  517. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  518. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  519. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  520. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  521. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  522. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  523. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  524. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  525. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  526. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  527. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  528. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  529. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  530. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  531. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  532. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  533. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  534. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  535. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  536. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  537. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  538. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  539. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  540. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  541. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  542. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  543. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  544. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  545. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  546. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  547. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  548. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  549. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  550. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  551. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  552. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  553. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  554. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  555. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  556. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  557. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  558. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  559. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  560. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  561. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  562. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  563. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  564. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  565. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  566. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  567. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  568. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  569. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  570. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  571. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  572. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  573. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  574. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  575. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  576. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  577. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  578. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  579. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  580. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  581. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  582. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  583. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  584. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  585. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  586. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  587. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  588. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  589. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  590. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  591. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  592. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  593. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  594. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  595. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  596. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  597. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  598. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  599. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  600. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  601. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  602. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  603. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  604. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  605. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  606. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  607. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  608. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  609. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  610. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  611. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  612. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  613. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  614. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  615. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  616. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  617. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  618. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  619. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  620. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  621. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  622. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  623. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  624. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  625. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  626. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  627. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  628. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  629. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  630. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  631. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  632. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  633. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  634. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  635. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  636. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  637. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  638. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  639. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  640. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  641. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  642. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  643. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  644. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  645. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  646. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  647. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  648. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  649. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  650. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  651. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  652. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  653. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  654. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  655. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  656. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  657. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  658. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  659. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  660. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  661. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  662. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  663. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  664. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  665. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  666. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  667. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  668. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  669. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  670. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  671. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  672. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  673. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  674. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  675. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  676. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  677. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  678. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  679. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  680. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  681. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  682. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  683. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  684. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  685. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  686. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  687. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  688. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  689. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  690. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  691. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  692. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  693. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  694. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  695. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  696. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  697. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  698. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  699. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  700. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  701. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  702. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  703. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  704. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  705. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  706. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  707. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  708. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  709. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  710. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  711. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  712. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  713. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  714. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  715. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  716. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  717. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  718. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  719. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  720. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  721. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  722. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  723. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  724. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  725. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  726. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  727. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  728. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  729. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  730. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  731. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  732. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  733. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  734. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  735. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/java/java.correctness.overloaded-equals.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.overloaded-equals
5
+ title: equals method is overloaded but not overridden
6
+ summary: A method named `equals` with a non-Object parameter type overloads rather than overrides equals.
7
+ rationale: Using `equals(SomeType obj)` instead of `equals(Object obj)` overloads the equals method without overriding it, so collections and utility methods will use Object.equals (identity) instead of the intended comparison logic.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0098
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - types
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.overloaded-equals
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.types
36
+ severity: medium
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: equals() is overloaded, not overridden
43
+ summary: "`${captures.issue.text}` overloads equals without overriding it. Change the parameter type to `Object`."
44
+ remediation:
45
+ summary: "Change the parameter type from a specific type to `Object` to properly override equals."
package/rules/java/java.correctness.parameter-reassignment.rule.yaml ADDED
@@ -0,0 +1,46 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.parameter-reassignment
5
+ title: Parameter reassignment
6
+ summary: Reassigning a method parameter is confusing and can mask bugs; prefer a local variable.
7
+ rationale: Reassigning a method parameter makes the code harder to read and debug because the parameter's value changes within the method body. This is a well-known best practice violation (similar to why `final` is recommended for parameters). Create a separate local variable instead.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-S0352
12
+ - JAVA-E0352
13
+ tags:
14
+ - correctness
15
+ - java
16
+ - defensive-programming
17
+ - rules-catalog
18
+ stability: stable
19
+ appliesTo: block
20
+ scope:
21
+ languages:
22
+ - java
23
+ paths:
24
+ include:
25
+ - "**/*.java"
26
+ exclude:
27
+ - "**/src/test/**"
28
+ - "**/tests/**"
29
+ - "**/*Test.java"
30
+ match:
31
+ fact:
32
+ kind: java.correctness.parameter-reassignment
33
+ bind: issue
34
+ emit:
35
+ finding:
36
+ category: correctness.defensive-programming
37
+ severity: low
38
+ confidence: 0.88
39
+ tags:
40
+ - correctness
41
+ - java
42
+ message:
43
+ title: Reassign method parameter in `${captures.issue.text}`
44
+ summary: "`${captures.issue.text}` reassigns a method parameter. Use a local variable instead."
45
+ remediation:
46
+ summary: "Declare a new local variable instead of reassigning the parameter (e.g. `var newValue = parameter`)"
package/rules/java/java.correctness.possible-null-access-exception.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.possible-null-access-exception
5
+ title: Avoid possible null access in catch or finally blocks
6
+ summary: Dereferencing a variable in a catch or finally block may throw a NullPointerException if the variable was assigned from a failed operation.
7
+ rationale: Variables assigned before or during a try block may be null when the catch or finally block executes, leading to a secondary NullPointerException that masks the original failure.
8
+ aliases:
9
+ - JAVA-E1084
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.possible-null-access-exception
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.null-safety
33
+ severity: critical
34
+ confidence: 0.65
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Possible null access in exception handler from `${captures.issue.text}`
40
+ summary: "A variable is dereferenced in a catch or finally block without a null check, which may throw a NullPointerException when the handler runs."
41
+ remediation:
42
+ summary: Add a null check before dereferencing variables in catch and finally blocks, or initialize them to safe defaults before the try block.
package/rules/java/java.correctness.possible-null-access.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.possible-null-access
5
+ title: Avoid possible null access on collection or map lookups
6
+ summary: Chaining a method call on a `.get()`, `.poll()`, or `.peek()` result may throw a NullPointerException.
7
+ rationale: Collection and map lookups can return null for missing keys; dereferencing the result without a null check will throw a NullPointerException at runtime.
8
+ aliases:
9
+ - JAVA-E1083
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - rules-catalog
14
+ stability: experimental
15
+ appliesTo: block
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.possible-null-access
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.null-safety
33
+ severity: critical
34
+ confidence: 0.72
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Possible null access from `${captures.issue.text}`
40
+ summary: "The result of a `.get()`, `.poll()`, or `.peek()` call is dereferenced without a null check, which may throw a NullPointerException."
41
+ remediation:
42
+ summary: Assign the result to a local variable, check for null, and handle the absent case before dereferencing.
package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml ADDED
@@ -0,0 +1,52 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.prepared-statement-in-loop
5
+ title: PreparedStatement creation inside a loop
6
+ summary: Creating PreparedStatement or CallableStatement inside a loop causes repeated database parsing and compilation, leading to performance degradation and potential resource exhaustion.
7
+ rationale: PreparedStatements should be created outside loops and reused with different parameters to avoid repeated SQL parsing and compilation. Creating them inside loops can also exhaust the database statement cache.
8
+ detection:
9
+ kind: pattern
10
+ references:
11
+ - kind: cwe
12
+ id: CWE-400
13
+ title: Uncontrolled Resource Consumption
14
+ aliases:
15
+ - JAVA-S0329
16
+ - JAVA-P1003
17
+ tags:
18
+ - correctness
19
+ - java
20
+ - jdbc
21
+ - performance
22
+ - rules-catalog
23
+ stability: stable
24
+ appliesTo: block
25
+ scope:
26
+ languages:
27
+ - java
28
+ paths:
29
+ include:
30
+ - "**/*.java"
31
+ exclude:
32
+ - "**/src/test/**"
33
+ - "**/tests/**"
34
+ - "**/*Test.java"
35
+ match:
36
+ fact:
37
+ kind: java.correctness.prepared-statement-in-loop
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: correctness.jdbc
42
+ severity: medium
43
+ confidence: 0.85
44
+ tags:
45
+ - correctness
46
+ - java
47
+ - jdbc
48
+ message:
49
+ title: Move PreparedStatement creation outside the loop in `${captures.issue.text}`
50
+ summary: "`${captures.issue.text}` creates a PreparedStatement or CallableStatement inside a loop. Move it outside and reuse with different parameters."
51
+ remediation:
52
+ summary: "Create the PreparedStatement before the loop and set parameters inside using `setString`, `setInt`, etc."
package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.prepared-statement-index-zero
5
+ title: PreparedStatement parameter set with index 0
6
+ summary: JDBC PreparedStatement parameters use 1-based indexing; index 0 is invalid.
7
+ rationale: Setting a parameter at index 0 will always throw SQLException. JDBC parameter indices start at 1.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0344
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.prepared-statement-index-zero
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.api-usage
35
+ severity: critical
36
+ confidence: 0.95
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: PreparedStatement parameter set with index 0
42
+ summary: "`${captures.issue.text}` uses PreparedStatement with index 0, but JDBC parameters start at 1. This will always throw SQLException."
43
+ remediation:
44
+ summary: Use 1-based parameter index (e.g., `setString(1, value)` for the first parameter).
package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.random-coerced-to-zero
5
+ title: Casting Math.random() to int without scaling always returns zero
6
+ summary: Casting Math.random() to int directly (without multiplying) always yields zero.
7
+ rationale: "Math.random() returns a double in range [0.0, 1.0). Casting to int truncates to zero every time. Multiply by the desired range before casting."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1068
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: stable
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.random-coerced-to-zero
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.logic
35
+ severity: low
36
+ confidence: 0.85
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Random value coerced to zero
42
+ summary: "`${captures.issue.text}` truncates the random value to zero. Multiply by the desired bound before casting."
43
+ remediation:
44
+ summary: Multiply Math.random() by the desired range before casting, e.g. `(int) (Math.random() * max)`. Or for integer ranges use `new Random().nextInt(bound)`.
package/rules/java/java.correctness.read-resolve-return-type.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.read-resolve-return-type
5
+ title: readResolve must return Object
6
+ summary: The readResolve method in a Serializable class must have a return type of Object. A non-Object return type will cause the method to be silently ignored during deserialization.
7
+ rationale: Java's serialization mechanism uses readResolve to replace the deserialized object. Per the Java Object Serialization Specification (§3.6), readResolve must be declared as `ANY-ACCESS-MODIFIER Object readResolve() throws ObjectStreamException`. A covariant return type may work in some JVM implementations but is not guaranteed.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1032
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.read-resolve-return-type
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.serialization
33
+ severity: high
34
+ confidence: 0.90
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: readResolve method must return Object
40
+ summary: "`${captures.issue.text}` has a non-Object return type. The serialization mechanism requires `Object` as the return type for `readResolve`."
41
+ remediation:
42
+ summary: Change the return type of `readResolve` to `Object` and cast the return value inside the method body.
package/rules/java/java.correctness.readline-without-null-check.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.readline-without-null-check
5
+ title: readLine() result used without null check
6
+ summary: The result of `readLine()` is dereferenced without a null check.
7
+ rationale: "BufferedReader.readLine() returns null when the end of the stream is reached. Using the result without checking for null will throw a NullPointerException."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0220
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - null-safety
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.readline-without-null-check
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.null-safety
36
+ severity: high
37
+ confidence: 0.80
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: readLine() result used without null check
43
+ summary: The result of `readLine()` may be null — dereferencing it without a check will cause a NullPointerException.
44
+ remediation:
45
+ summary: Add a null check before using the result, e.g. `String s = r.readLine(); if (s != null) { s.trim(); }`
package/rules/java/java.correctness.result-set-index-zero.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.result-set-index-zero
5
+ title: ResultSet accessed with index 0
6
+ summary: JDBC ResultSet methods use 1-based indexing; index 0 is invalid.
7
+ rationale: Calling getString(0) or updateInt(0) on a ResultSet always throws SQLException. JDBC column indices start at 1.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0343
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.result-set-index-zero
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.api-usage
35
+ severity: critical
36
+ confidence: 0.95
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: ResultSet accessed with index 0
42
+ summary: "`${captures.issue.text}` uses JDBC ResultSet with index 0, but JDBC indices start at 1. This will always throw SQLException."
43
+ remediation:
44
+ summary: Use 1-based column index (e.g., `getString(1)` for the first column).
package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.runfinalizers-on-exit
5
+ title: System.runFinalizersOnExit/Runtime.runFinalizersOnExit is unsafe
6
+ summary: Calling `System.runFinalizersOnExit()` or `Runtime.runFinalizersOnExit()` is inherently unsafe.
7
+ rationale: These methods are deprecated and dangerous — they invoke finalizers on live objects during VM shutdown, potentially causing thread-safety issues and unpredictable behavior.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0061
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - unsafe-api
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.runfinalizers-on-exit
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.unsafe-api
36
+ severity: critical
37
+ confidence: 0.95
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Unsafe runFinalizersOnExit call
43
+ summary: "`${captures.issue.text}` is an unsafe deprecated API that should never be called."
44
+ remediation:
45
+ summary: "Remove the call entirely. Use `Runtime.addShutdownHook()` for JVM shutdown logic instead."
package/rules/java/java.correctness.runnable-run-direct.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.runnable-run-direct
5
+ title: Runnable's run() method called directly instead of using Thread.start()
6
+ summary: Calling `run()` on a Thread or Runnable directly bypasses the new thread and executes in the caller's thread.
7
+ rationale: Invoking `run()` directly instead of `start()` executes the Runnable's code synchronously in the current thread, defeating the purpose of threading. This is almost always a bug; use `start()` to launch a new thread.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0135
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - concurrency
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.runnable-run-direct
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: medium
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Direct call to run() instead of start()
43
+ summary: "`${captures.issue.text}` calls `run()` directly on a Thread or Runnable. Use `start()` to execute in a new thread."
44
+ remediation:
45
+ summary: "Replace `thread.run()` with `thread.start()` to execute the Runnable in a new thread."
package/rules/java/java.correctness.self-assignment.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.self-assignment
5
+ title: Self assignment of local variable
6
+ summary: A local variable is assigned to itself, which has no effect.
7
+ rationale: "`x = x;` is a no-op and indicates either a typo or dead code. If the intent was to assign from a field, `this.x = x;` should be used."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0291
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - logic
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.self-assignment
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.logic
36
+ severity: high
37
+ confidence: 0.90
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Self assignment of local variable
43
+ summary: "`${captures.issue.text}` assigns a variable to itself, which is a no-op."
44
+ remediation:
45
+ summary: Remove the self-assignment or use `this.x = x` if you intended to assign a parameter to a field.
package/rules/java/java.correctness.serializable-superclass.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.serializable-superclass
5
+ title: Serializable class with non-serializable superclass and no default constructor
6
+ summary: A Serializable class has a non-serializable superclass that may lack a no-arg constructor, which will cause deserialization to fail with InvalidClassException.
7
+ rationale: During deserialization, the JVM instantiates the first non-serializable superclass using its no-arg constructor. If that constructor does not exist, deserialization fails. Every non-serializable superclass of a Serializable class must provide a no-arg constructor accessible to the subclass.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1034
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.serializable-superclass
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.serialization
33
+ severity: high
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Potential deserialization issue with non-serializable superclass
40
+ summary: The class `${captures.issue.text}` implements Serializable but extends a non-serializable superclass. If the superclass lacks a no-arg constructor, deserialization will fail with `InvalidClassException`.
41
+ remediation:
42
+ summary: Ensure the non-serializable superclass has a no-arg constructor, or make it implement Serializable. Note that this finding is heuristic and requires manual verification of the superclass constructor.
package/rules/java/java.correctness.serialization-method-signature.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.serialization-method-signature
5
+ title: Custom serialization method declared with incorrect signature
6
+ summary: Serializable classes declaring writeObject, readObject, or readObjectNoData must use exactly the correct signatures expected by the serialization API.
7
+ rationale: Java's serialization mechanism calls writeObject, readObject, and readObjectNoData by reflection using exact signature matching. If the access modifier, return type, or parameter types are wrong, the method is silently ignored and default serialization behavior applies.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: experimental
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1033
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.serialization-method-signature
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.serialization
33
+ severity: high
34
+ confidence: 0.90
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Incorrect serialization method signature
40
+ summary: The serialization method `${captures.issue.text}` does not match the required signature. writeObject must be `private void writeObject(java.io.ObjectOutputStream out) throws IOException`, readObject must be `private void readObject(java.io.ObjectInputStream in) throws IOException`, and readObjectNoData must be `private void readObjectNoData() throws ObjectStreamException`.
41
+ remediation:
42
+ summary: Correct the method signature to match the expected pattern. Ensure private access, void return type, correct parameter types, and the proper throws clause.