@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (735) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -233
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +2962 -309
  5. package/package.json +1 -1
  6. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  7. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  8. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  9. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  10. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  11. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  12. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  13. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  14. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  15. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  16. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  17. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  18. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  19. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  20. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  21. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  22. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  23. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  24. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  25. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  26. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  27. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  28. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  29. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  30. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  31. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  32. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  33. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  34. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  35. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  36. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  37. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  38. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  39. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  40. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  41. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  42. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  43. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  44. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  45. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  46. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  47. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  48. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  49. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  50. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  51. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  52. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  53. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  54. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  55. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  56. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  57. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  58. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  59. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  60. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  61. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  62. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  63. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  64. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  65. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  66. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  67. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  68. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  69. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  70. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  71. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  72. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  73. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  74. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  75. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  76. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  77. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  78. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  79. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  80. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  81. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  82. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  83. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  84. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  85. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  86. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  87. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  88. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  89. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  90. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  91. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  92. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  93. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  94. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  95. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  96. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  97. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  98. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  99. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  100. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  101. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  102. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  103. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  104. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  105. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  106. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  107. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  108. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  109. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  110. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  111. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  112. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  113. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  114. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  115. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  116. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  117. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  118. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  119. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  120. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  121. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  122. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  123. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  124. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  125. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  126. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  127. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  128. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  129. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  130. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  131. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  132. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  133. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  134. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  135. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  136. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  137. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  138. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  139. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  140. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  141. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  142. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  143. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  144. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  145. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  146. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  147. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  148. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  149. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  150. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  151. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  152. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  153. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  154. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  155. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  156. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  157. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  158. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  159. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  160. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  161. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  162. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  163. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  164. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  165. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  166. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  167. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  168. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  169. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  170. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  171. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  172. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  173. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  174. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  175. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  176. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  177. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  178. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  179. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  180. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  181. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  182. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  183. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  184. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  185. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  186. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  187. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  188. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  189. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  190. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  191. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  192. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  193. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  194. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  195. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  196. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  197. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  198. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  199. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  200. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  201. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  202. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  203. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  204. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  205. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  206. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  207. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  208. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  209. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  210. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  211. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  212. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  213. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  214. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  215. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  216. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  217. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  218. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  219. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +3 -0
  220. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  221. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  222. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  223. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  224. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  225. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  226. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +2 -0
  227. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +2 -0
  228. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  229. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +2 -0
  230. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +2 -0
  231. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +2 -0
  232. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +2 -0
  233. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  234. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +2 -0
  235. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  236. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  237. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +2 -0
  238. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +2 -0
  239. package/rules/php/php.correctness.empty-code-block.rule.yaml +2 -0
  240. package/rules/php/php.correctness.empty-function-body.rule.yaml +2 -0
  241. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  242. package/rules/php/php.correctness.function-comparison.rule.yaml +2 -0
  243. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  244. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  245. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  246. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  247. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  248. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  249. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  250. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  251. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  252. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  253. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  254. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +2 -0
  255. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  256. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  257. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  258. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  259. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  260. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  261. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  262. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  263. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  264. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +2 -0
  265. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  266. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  267. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +2 -0
  268. package/rules/php/php.correctness.nested-switch.rule.yaml +2 -0
  269. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  270. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  271. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  272. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  273. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  274. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  275. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +2 -0
  276. package/rules/php/php.correctness.self-assignment.rule.yaml +2 -0
  277. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  278. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  279. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  280. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  281. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  282. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  283. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  284. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  285. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  286. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  287. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  288. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  289. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +2 -0
  290. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  291. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  292. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  293. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  294. package/rules/php/php.correctness.useless-post-increment.rule.yaml +2 -0
  295. package/rules/php/php.correctness.useless-unset.rule.yaml +2 -0
  296. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  297. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +2 -0
  298. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  299. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  300. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  301. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  302. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  303. package/rules/php/php.security.unsafe-new-static.rule.yaml +2 -0
  304. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  305. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  306. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  307. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  308. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  309. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  310. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  311. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  312. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  313. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  314. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  315. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  316. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  317. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  318. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  319. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  320. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  321. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  322. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  323. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  324. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  325. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  326. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  327. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  328. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  329. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  330. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  331. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  332. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  333. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  334. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  335. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  336. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  337. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  338. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  339. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  340. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  341. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  342. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  343. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  344. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  345. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  346. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  347. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  348. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  349. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  350. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  351. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  352. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  353. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  354. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  355. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  356. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  357. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  358. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  359. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  360. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  361. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  362. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  363. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  364. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  365. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  366. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  367. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  368. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  369. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  370. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  371. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  372. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  373. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  374. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  375. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  376. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  377. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  378. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  379. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  380. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  381. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  382. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  383. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  384. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  385. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  386. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  387. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  388. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  389. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  390. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  391. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  392. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  393. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  394. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  395. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  396. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  397. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  398. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  399. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  400. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  401. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  402. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  403. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  404. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  405. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  406. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  407. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  408. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  409. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  410. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  411. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  412. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  413. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  414. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  415. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  416. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  417. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  418. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  419. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  420. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  421. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  422. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  423. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  424. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  425. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  426. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  427. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  428. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  429. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  430. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  431. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  432. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  433. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  434. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  435. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  436. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  437. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  438. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  439. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  440. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  441. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  442. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  443. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  444. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  445. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  446. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  447. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  448. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  449. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  450. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  451. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  452. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  453. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  454. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  455. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  456. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  457. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  458. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  459. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  460. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  461. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  462. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  463. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  464. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  465. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  466. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  467. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  468. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  469. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  470. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  471. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  472. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  473. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  474. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  475. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  476. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  477. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  478. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  479. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  480. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  481. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  482. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  483. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  484. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  485. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  486. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  487. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  488. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  489. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  490. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  491. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  492. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  493. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  494. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  495. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  496. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  497. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  498. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  499. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  500. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  501. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  502. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  503. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  504. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  505. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  506. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  507. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  508. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  509. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  510. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  511. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  512. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  513. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  514. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  515. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  516. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  517. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  518. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  519. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  520. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  521. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  522. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  523. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  524. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  525. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  526. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  527. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  528. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  529. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  530. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  531. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  532. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  533. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  534. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  535. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  536. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  537. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  538. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  539. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  540. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  541. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  542. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  543. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  544. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  545. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  546. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  547. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  548. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  549. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  550. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  551. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  552. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  553. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  554. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  555. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  556. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  557. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  558. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  559. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  560. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  561. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  562. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  563. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  564. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  565. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  566. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  567. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  568. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  569. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  570. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  571. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  572. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  573. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  574. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  575. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  576. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  577. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  578. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  579. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  580. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  581. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  582. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  583. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  584. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  585. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  586. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  587. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  588. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  589. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  590. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  591. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  592. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  593. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  594. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  595. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  596. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  597. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  598. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  599. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  600. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  601. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  602. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  603. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  604. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  605. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  606. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  607. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  608. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  609. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  610. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  611. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  612. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  613. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  614. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  615. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  616. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  617. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  618. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  619. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  620. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  621. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  622. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  623. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  624. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  625. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  626. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  627. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  628. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  629. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  630. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  631. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  632. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  633. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  634. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  635. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  636. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  637. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  638. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  639. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  640. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  641. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  642. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  643. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  644. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  645. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  646. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  647. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  648. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  649. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  650. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  651. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  652. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  653. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  654. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  655. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  656. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  657. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  658. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  659. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  660. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  661. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  662. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  663. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  664. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  665. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  666. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  667. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  668. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  669. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  670. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  671. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  672. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  673. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  674. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  675. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  676. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  677. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  678. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  679. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  680. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  681. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  682. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  683. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  684. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  685. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  686. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  687. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  688. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  689. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  690. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  691. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  692. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  693. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  694. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  695. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  696. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  697. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  698. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  699. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  700. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  701. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  702. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  703. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  704. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  705. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  706. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  707. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  708. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  709. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  710. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  711. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  712. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  713. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  714. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  715. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  716. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  717. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  718. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  719. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  720. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  721. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  722. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  723. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  724. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  725. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  726. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  727. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  728. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  729. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  730. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  731. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  732. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  733. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  734. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  735. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.servlet-mutable-fields
5
+ title: Mutable fields in HttpServlet subclasses
6
+ summary: Mutable fields in an HttpServlet subclass can cause thread-safety issues because servlets are typically shared across requests.
7
+ rationale: Servlets are singletons — a single instance handles multiple concurrent requests. Non-final mutable fields accessed without synchronization can produce corrupted state and unpredictable behavior.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0128
12
+ - JAVA-E0370
13
+ tags:
14
+ - correctness
15
+ - java
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.servlet-mutable-fields
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: high
37
+ confidence: 0.75
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Mutable field in HttpServlet subclass
43
+ summary: "Field `${captures.issue.text}` in a servlet subclass is mutable and accessed without synchronization. Servlets are singletons shared across threads."
44
+ remediation:
45
+ summary: "Declare the field as `final` and use local variables or synchronization when accessing mutable state from servlet methods."
package/rules/java/java.correctness.shift-out-of-range.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.shift-out-of-range
5
+ title: Shift amounts outside the valid range may produce unexpected results
6
+ summary: Bit-shift operations with out-of-range amounts produce undefined or unexpected behavior for int and long operands.
7
+ rationale: Shifting an int by >= 32 or by a negative amount yields implementation-defined results. Long shifts must be in [0, 63].
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0399
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.shift-out-of-range
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.arithmetic
35
+ severity: high
36
+ confidence: 0.85
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Shift amount outside valid range
42
+ summary: Shift amount is outside the valid bit-width range for the left operand type (0-31 for int, 0-63 for long).
43
+ remediation:
44
+ summary: Ensure shift amounts are non-negative and within the bit-width of the left operand (0-31 for int, 0-63 for long).
package/rules/java/java.correctness.static-date-field.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.static-date-field
5
+ title: Public or protected static date/time formatter field
6
+ summary: A non-thread-safe date/time formatter or calendar is declared as a public/protected static field.
7
+ rationale: SimpleDateFormat, DateFormat, and Calendar are not thread-safe. Shared mutable access from multiple threads can cause erratic behavior or exceptions.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1024
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.static-date-field
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.concurrency
33
+ severity: high
34
+ confidence: 0.85
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Public/protected static date formatter field
40
+ summary: A non-thread-safe date/time formatter is shared across threads via a static field, risking corrupted output or exceptions.
41
+ remediation:
42
+ summary: Use a ThreadLocal wrapper, DateTimeFormatter (Java 8+), or a local instance per use.
package/rules/java/java.correctness.stream-reuse.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.stream-reuse
5
+ title: Stream consumed more than once
6
+ summary: A Stream variable has multiple terminal operations invoked on it.
7
+ rationale: Java Streams are single-use; after a terminal operation the stream is consumed and throws IllegalStateException on reuse.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1019
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.stream-reuse
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.streams
33
+ severity: high
34
+ confidence: 0.8
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Stream is consumed more than once
40
+ summary: A terminal operation is called on a Stream that has already been consumed, causing IllegalStateException.
41
+ remediation:
42
+ summary: Create a new Stream for each terminal operation, or collect the stream into a collection first.
package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.string-format-arg-mismatch
5
+ title: Arguments to String.format must match the provided format string
6
+ summary: The number of format specifiers in the format string does not match the number of arguments provided.
7
+ rationale: A mismatch causes MissingFormatArgumentException (too few arguments) or silently ignored extra arguments (too many).
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1001
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - input-validation
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.string-format-arg-mismatch
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.api-usage
36
+ severity: critical
37
+ confidence: 0.85
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: String.format argument count mismatch
43
+ summary: The format string contains a different number of format specifiers than the number of arguments provided.
44
+ remediation:
45
+ summary: Ensure the format string specifier count matches the argument count. Use %n$s positional specifiers for reordering.
package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.stringbuilder-char-ctor
5
+ title: StringBuilder or StringBuffer constructed with a char literal
6
+ summary: StringBuilder/StringBuffer constructed with a single char argument behaves as a capacity argument, not a string value.
7
+ rationale: In Java, StringBuilder(char) calls StringBuilder(int) via char-to-int widening, creating a builder with capacity equal to the char's numeric value instead of containing the character.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1023
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.stringbuilder-char-ctor
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.types
33
+ severity: critical
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: StringBuilder/StringBuffer constructed with char literal
40
+ summary: A char literal argument to StringBuilder/StringBuffer is widened to int and used as a capacity. Use a String literal instead.
41
+ remediation:
42
+ summary: Replace the char literal with a String literal, e.g. `new StringBuilder("a")` instead of `new StringBuilder('a')`.
package/rules/java/java.correctness.switch-statement-labels.rule.yaml ADDED
@@ -0,0 +1,44 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.switch-statement-labels
5
+ title: Switch blocks must not contain statement labels
6
+ summary: Statement labels inside switch blocks are confusing and likely unintended.
7
+ rationale: Traditional Java switch blocks allow arbitrary statement labels, but they are error-prone and easily confused with case labels. Switch expressions and modern switch blocks do not permit them.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E1005
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - rules-catalog
16
+ stability: experimental
17
+ appliesTo: block
18
+ scope:
19
+ languages:
20
+ - java
21
+ paths:
22
+ include:
23
+ - "**/*.java"
24
+ exclude:
25
+ - "**/src/test/**"
26
+ - "**/tests/**"
27
+ - "**/*Test.java"
28
+ match:
29
+ fact:
30
+ kind: java.correctness.switch-statement-labels
31
+ bind: issue
32
+ emit:
33
+ finding:
34
+ category: correctness.control-flow
35
+ severity: critical
36
+ confidence: 0.85
37
+ tags:
38
+ - correctness
39
+ - java
40
+ message:
41
+ title: Statement label inside switch block
42
+ summary: "`${captures.issue.text}` is a statement label inside a switch block. Only case and default labels are expected."
43
+ remediation:
44
+ summary: Remove the statement label or restructure the switch block to avoid non-case labels.
package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-boxed-primitive
5
+ title: Do not synchronize on boxed primitives
6
+ summary: Synchronizing on a boxed primitive (Integer, Long, Boolean, etc.) is unsafe due to interning and caching.
7
+ rationale: Boxed primitive objects can be interned or cached by the JVM (e.g., Integer.valueOf(0) returns a cached instance). Synchronizing on such objects can cause unexpected contention and deadlocks across unrelated code paths that happen to use the same cached value.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0150
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - concurrency
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.sync-boxed-primitive
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: medium
37
+ confidence: 0.90
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Avoid synchronizing on a boxed primitive
43
+ summary: "`${captures.issue.text}` locks on a boxed primitive, which may be interned or cached by the JVM."
44
+ remediation:
45
+ summary: Synchronize on a dedicated `private final Object` lock instead.
package/rules/java/java.correctness.sync-on-get-class.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-on-get-class
5
+ title: Synchronizing on the result of getClass()
6
+ summary: Synchronizing on `getClass()` locks on the runtime Class object, which can vary for subclasses.
7
+ rationale: The Class object returned by getClass() is the actual runtime class, which may differ across subclasses and cause unexpected lock behavior.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1021
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.sync-on-get-class
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.concurrency
33
+ severity: high
34
+ confidence: 0.95
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Avoid synchronizing on getClass()
40
+ summary: Locking on `getClass()` binds the lock to the runtime class, not a fixed object, making synchronization unreliable across class hierarchies.
41
+ remediation:
42
+ summary: Synchronize on a private final lock object or on `ClassName.class` for a fixed lock.
package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-on-lock-primitive
5
+ title: Synchronization on a Lock/concurrency primitive
6
+ summary: Synchronizing on a ReentrantLock or other lock primitive defeats the lock's purpose.
7
+ rationale: "Lock objects (ReentrantLock, ReadWriteLock, StampedLock) are designed for lock-based concurrency, not intrinsic synchronization. Using `synchronized(lock)` on a Lock instance is incorrect and indicates a concurrency design flaw."
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0321
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - concurrency
16
+ - rules-catalog
17
+ stability: stable
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.sync-on-lock-primitive
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: medium
37
+ confidence: 0.90
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Synchronizing on a Lock primitive
43
+ summary: "`${captures.issue.text}` synchronizes on a Lock/concurrency primitive, which is incorrect. Lock instances are designed for explicit locking via `lock()`/`unlock()`, not intrinsic synchronization."
44
+ remediation:
45
+ summary: Use `lock()` and `unlock()` on the Lock instance instead of `synchronized(lock){}`.
package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-on-mutable-ref
5
+ title: Synchronizing on a mutable reference
6
+ summary: Synchronizing on a non-final field means the lock object can be reassigned, breaking synchronization guarantees.
7
+ rationale: Synchronizing on a non-final field is unsafe because the field can be reassigned at runtime, causing threads to synchronize on different objects.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1051
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.sync-on-mutable-ref
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.concurrency
33
+ severity: high
34
+ confidence: 0.70
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Avoid synchronizing on a non-final field
40
+ summary: The lock object can be reassigned at runtime, making synchronization unreliable.
41
+ remediation:
42
+ summary: Use a private final lock object or make the field final.
package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-on-nullable-field
5
+ title: Possibly null fields synchronized on
6
+ summary: Synchronizing on a field that may be null will throw NullPointerException at runtime.
7
+ rationale: The field has no initializer and is used as a synchronization lock. If the field is null when synchronized is reached, a NullPointerException is thrown.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1060
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.sync-on-nullable-field
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.concurrency
33
+ severity: critical
34
+ confidence: 0.65
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Synchronizing on a nullable field
40
+ summary: The field used as a lock may be null, causing NullPointerException at runtime.
41
+ remediation:
42
+ summary: Initialize the lock field at declaration, or guard with Objects.requireNonNull() before synchronizing.
package/rules/java/java.correctness.sync-on-public-field.rule.yaml ADDED
@@ -0,0 +1,42 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.sync-on-public-field
5
+ title: Public fields synchronized on
6
+ summary: Synchronizing on a public field allows external code to interfere with synchronization.
7
+ rationale: A public field used as a lock is visible to all code, which can synchronize on the same object and cause deadlock or interfere with locking contracts.
8
+ tags:
9
+ - correctness
10
+ - java
11
+ - rules-catalog
12
+ stability: stable
13
+ appliesTo: block
14
+ aliases:
15
+ - JAVA-E1061
16
+ scope:
17
+ languages:
18
+ - java
19
+ paths:
20
+ include:
21
+ - "**/*.java"
22
+ exclude:
23
+ - "**/src/test/**"
24
+ - "**/tests/**"
25
+ - "**/*Test.java"
26
+ match:
27
+ fact:
28
+ kind: java.correctness.sync-on-public-field
29
+ bind: issue
30
+ emit:
31
+ finding:
32
+ category: correctness.concurrency
33
+ severity: high
34
+ confidence: 0.70
35
+ tags:
36
+ - correctness
37
+ - java
38
+ message:
39
+ title: Synchronizing on a public field
40
+ summary: External code can synchronize on the same public lock, potentially causing deadlock or interference.
41
+ remediation:
42
+ summary: Use a private lock object for internal synchronization.
package/rules/java/java.correctness.sync-on-string-literal.rule.yaml CHANGED
@@ -5,6 +5,8 @@ metadata:
5
5
  title: Do not synchronize on string literals
6
6
  summary: String literals are interned and shared across the JVM.
7
7
  rationale: Synchronizing on interned strings can cause unexpected deadlocks.
8
+ aliases:
9
+ - JAVA-E1081
8
10
  tags:
9
11
  - correctness
10
12
  - java
package/rules/java/java.correctness.system-exit.rule.yaml ADDED
@@ -0,0 +1,43 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.system-exit
5
+ title: "System.exit() should only be invoked within application entry points"
6
+ summary: "Calling `System.exit()` outside of `main()` or framework entry points makes code hard to test and may terminate the JVM unexpectedly."
7
+ rationale: "`System.exit()` terminates the JVM immediately. When called from libraries, utility methods, or non-entry-point code it prevents cleanup, makes unit testing impossible (tests exit prematurely), and couples callers to a specific runtime behavior. Consider throwing a meaningful exception or returning a status code instead."
8
+ aliases:
9
+ - JAVA-S0060
10
+ tags:
11
+ - correctness
12
+ - java
13
+ - control-flow
14
+ - rules-catalog
15
+ stability: stable
16
+ appliesTo: block
17
+ scope:
18
+ languages:
19
+ - java
20
+ paths:
21
+ include:
22
+ - "**/*.java"
23
+ exclude:
24
+ - "**/src/test/**"
25
+ - "**/tests/**"
26
+ - "**/*Test.java"
27
+ match:
28
+ fact:
29
+ kind: java.correctness.system-exit
30
+ bind: issue
31
+ emit:
32
+ finding:
33
+ category: correctness.control-flow
34
+ severity: high
35
+ confidence: 0.60
36
+ tags:
37
+ - correctness
38
+ - java
39
+ message:
40
+ title: "Unexpected System.exit() call in `${captures.issue.text}`"
41
+ summary: "`${captures.issue.text}` terminates the JVM. Prefer throwing an exception or returning a status code."
42
+ remediation:
43
+ summary: "Replace `System.exit()` with a thrown exception or a meaningful return value to allow callers to handle the error gracefully."
package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml ADDED
@@ -0,0 +1,45 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: java.correctness.thread-sleep-with-lock
5
+ title: Thread.sleep() should not be called while a lock is held
6
+ summary: Calling Thread.sleep() inside a synchronized block keeps the lock held, causing contention or deadlocks.
7
+ rationale: Thread.sleep() does not release the monitor lock. If called inside synchronized, other threads are blocked for the full sleep duration. Use wait(timeout) instead, which releases the lock.
8
+ detection:
9
+ kind: pattern
10
+ aliases:
11
+ - JAVA-E0410
12
+ tags:
13
+ - correctness
14
+ - java
15
+ - concurrency
16
+ - rules-catalog
17
+ stability: experimental
18
+ appliesTo: block
19
+ scope:
20
+ languages:
21
+ - java
22
+ paths:
23
+ include:
24
+ - "**/*.java"
25
+ exclude:
26
+ - "**/src/test/**"
27
+ - "**/tests/**"
28
+ - "**/*Test.java"
29
+ match:
30
+ fact:
31
+ kind: java.correctness.thread-sleep-with-lock
32
+ bind: issue
33
+ emit:
34
+ finding:
35
+ category: correctness.concurrency
36
+ severity: critical
37
+ confidence: 0.70
38
+ tags:
39
+ - correctness
40
+ - java
41
+ message:
42
+ title: Thread.sleep() inside synchronized block
43
+ summary: Calling Thread.sleep() while holding a lock blocks all other threads waiting for the same monitor.
44
+ remediation:
45
+ summary: Replace Thread.sleep() inside synchronized blocks with wait(timeout). If waiting outside synchronized is acceptable, move the sleep call outside the block.