@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (735) hide show
  1. package/CHANGELOG.md +468 -0
  2. package/README.md +13 -233
  3. package/catalog-metadata.json +47 -0
  4. package/catalog.yaml +2962 -309
  5. package/package.json +1 -1
  6. package/rules/go/go.bug-risk.compound-assignment-misuse.rule.yaml +53 -0
  7. package/rules/go/go.bug-risk.deprecated-redis-methods.rule.yaml +57 -0
  8. package/rules/go/go.bug-risk.etcd-getlogger-misuse.rule.yaml +59 -0
  9. package/rules/go/go.bug-risk.etcd-invalid-compare-operator.rule.yaml +53 -0
  10. package/rules/go/go.bug-risk.gin-loadhtmlglob-ill-formed.rule.yaml +53 -0
  11. package/rules/go/go.bug-risk.gorm-dry-run-enabled.rule.yaml +58 -0
  12. package/rules/go/go.bug-risk.gorm-skip-default-transaction.rule.yaml +57 -0
  13. package/rules/go/go.bug-risk.gorm-updates-zero-values.rule.yaml +55 -0
  14. package/rules/go/go.bug-risk.gorm-where-zero-values.rule.yaml +53 -0
  15. package/rules/go/go.bug-risk.poorly-formed-nilness-guards.rule.yaml +57 -0
  16. package/rules/go/go.bug-risk.redis-incorrect-arg-count.rule.yaml +54 -0
  17. package/rules/go/go.bug-risk.redis-unimplemented-method.rule.yaml +53 -0
  18. package/rules/go/go.bug-risk.reflect-makefunc-usage.rule.yaml +55 -0
  19. package/rules/go/go.correctness.bare-return.rule.yaml +52 -0
  20. package/rules/go/go.correctness.boolean-literal-in-expression.rule.yaml +52 -0
  21. package/rules/go/go.correctness.boolean-simplification.rule.yaml +49 -0
  22. package/rules/go/go.correctness.deferred-func-literal.rule.yaml +52 -0
  23. package/rules/go/go.correctness.duplicate-branch-body.rule.yaml +49 -0
  24. package/rules/go/go.correctness.duplicate-function-arguments.rule.yaml +49 -0
  25. package/rules/go/go.correctness.duplicate-if-else-condition.rule.yaml +54 -0
  26. package/rules/go/go.correctness.duplicate-switch-cases.rule.yaml +48 -0
  27. package/rules/go/go.correctness.flag-pointer-immediate-deref.rule.yaml +49 -0
  28. package/rules/go/go.correctness.hidden-goroutine.rule.yaml +55 -0
  29. package/rules/go/go.correctness.http-nobody-nil.rule.yaml +52 -0
  30. package/rules/go/go.correctness.identical-binary-operands.rule.yaml +48 -0
  31. package/rules/go/go.correctness.impossible-interface-nil-check.rule.yaml +56 -0
  32. package/rules/go/go.correctness.incomplete-nil-check.rule.yaml +49 -0
  33. package/rules/go/go.correctness.integer-truncation.rule.yaml +51 -0
  34. package/rules/go/go.correctness.interface-any-preferred.rule.yaml +50 -0
  35. package/rules/go/go.correctness.nil-error-returned.rule.yaml +49 -0
  36. package/rules/go/go.correctness.off-by-one-index.rule.yaml +48 -0
  37. package/rules/go/go.correctness.redundant-type-declaration.rule.yaml +51 -0
  38. package/rules/go/go.correctness.signedness-casting.rule.yaml +56 -0
  39. package/rules/go/go.correctness.string-concat-simplify.rule.yaml +52 -0
  40. package/rules/go/go.correctness.suspicious-regex-pattern.rule.yaml +49 -0
  41. package/rules/go/go.correctness.terminal-call-with-defer.rule.yaml +50 -0
  42. package/rules/go/go.correctness.unexported-capital-name.rule.yaml +52 -0
  43. package/rules/go/go.correctness.unnecessary-dereference.rule.yaml +53 -0
  44. package/rules/go/go.correctness.unnecessary-else-return.rule.yaml +52 -0
  45. package/rules/go/go.correctness.unreachable-switch-case.rule.yaml +50 -0
  46. package/rules/go/go.doc.malformed-deprecated-comment.rule.yaml +59 -0
  47. package/rules/go/go.performance.avoid-large-loop-copy.rule.yaml +38 -0
  48. package/rules/go/go.performance.avoid-large-param-copy.rule.yaml +38 -0
  49. package/rules/go/go.performance.avoid-large-range-copy.rule.yaml +37 -0
  50. package/rules/go/go.performance.avoid-string-index-alloc.rule.yaml +38 -0
  51. package/rules/go/go.performance.combine-append-calls.rule.yaml +38 -0
  52. package/rules/go/go.performance.fmt-fprint.rule.yaml +44 -0
  53. package/rules/go/go.performance.iowriter-write-string.rule.yaml +45 -0
  54. package/rules/go/go.performance.non-idiomatic-slice-zeroing.rule.yaml +44 -0
  55. package/rules/go/go.performance.reorder-operands.rule.yaml +44 -0
  56. package/rules/go/go.performance.utf8-decode-rune.rule.yaml +44 -0
  57. package/rules/go/go.security.decompression-bomb.rule.yaml +55 -0
  58. package/rules/go/go.security.http-dir-path-traversal.rule.yaml +55 -0
  59. package/rules/go/go.security.incomplete-hostname-regex.rule.yaml +64 -0
  60. package/rules/go/go.security.insecure-ssl-protocol.rule.yaml +2 -0
  61. package/rules/go/go.security.jwt-without-verification.rule.yaml +2 -0
  62. package/rules/go/go.security.net-http-missing-timeouts.rule.yaml +3 -0
  63. package/rules/go/go.security.pprof-exposed.rule.yaml +2 -0
  64. package/rules/go/go.security.squirrel-unsafe-quoting.rule.yaml +64 -0
  65. package/rules/go/go.security.tainted-value-sink.rule.yaml +59 -0
  66. package/rules/go/go.security.tls-missing-min-version.rule.yaml +2 -0
  67. package/rules/go/go.security.unsafe-defer-close.rule.yaml +55 -0
  68. package/rules/go/go.security.weak-crypto-import.rule.yaml +3 -0
  69. package/rules/go/go.security.weak-file-permission.rule.yaml +56 -0
  70. package/rules/java/java.correctness.annotation-check-always-false.rule.yaml +42 -0
  71. package/rules/java/java.correctness.array-compared-to-non-array.rule.yaml +45 -0
  72. package/rules/java/java.correctness.array-index-bounds.rule.yaml +42 -0
  73. package/rules/java/java.correctness.assert-self-comparison.rule.yaml +46 -0
  74. package/rules/java/java.correctness.assertion-in-production.rule.yaml +49 -0
  75. package/rules/java/java.correctness.bad-short-circuit-null-check.rule.yaml +45 -0
  76. package/rules/java/java.correctness.bitwise-or-never-equal.rule.yaml +42 -0
  77. package/rules/java/java.correctness.boxed-boolean-conditional.rule.yaml +42 -0
  78. package/rules/java/java.correctness.cacheloader-null-return.rule.yaml +42 -0
  79. package/rules/java/java.correctness.case-insensitive-regex-lacks-unicode.rule.yaml +46 -0
  80. package/rules/java/java.correctness.catch-null-pointer.rule.yaml +5 -1
  81. package/rules/java/java.correctness.class-isinstance-on-class.rule.yaml +42 -0
  82. package/rules/java/java.correctness.class-name-collision.rule.yaml +45 -0
  83. package/rules/java/java.correctness.clone-without-super.rule.yaml +45 -0
  84. package/rules/java/java.correctness.closeable-provides-injection.rule.yaml +43 -0
  85. package/rules/java/java.correctness.collection-adds-self.rule.yaml +42 -0
  86. package/rules/java/java.correctness.collection-contains-self.rule.yaml +42 -0
  87. package/rules/java/java.correctness.collection-remove-type-mismatch.rule.yaml +42 -0
  88. package/rules/java/java.correctness.comparator-downcast-sign-flip.rule.yaml +42 -0
  89. package/rules/java/java.correctness.compareto-min-value.rule.yaml +44 -0
  90. package/rules/java/java.correctness.constructor-starts-thread.rule.yaml +45 -0
  91. package/rules/java/java.correctness.default-package-spring-scan.rule.yaml +46 -0
  92. package/rules/java/java.correctness.deprecated-thread-methods.rule.yaml +42 -0
  93. package/rules/java/java.correctness.double-assignment.rule.yaml +42 -0
  94. package/rules/java/java.correctness.double-checked-locking.rule.yaml +42 -0
  95. package/rules/java/java.correctness.duplicate-binary-argument.rule.yaml +45 -0
  96. package/rules/java/java.correctness.duration-with-nanos-misuse.rule.yaml +42 -0
  97. package/rules/java/java.correctness.enum-equals-method.rule.yaml +45 -0
  98. package/rules/java/java.correctness.enum-get-class.rule.yaml +42 -0
  99. package/rules/java/java.correctness.equals-inherits-parent.rule.yaml +45 -0
  100. package/rules/java/java.correctness.equals-null-check.rule.yaml +45 -0
  101. package/rules/java/java.correctness.equals-null.rule.yaml +45 -0
  102. package/rules/java/java.correctness.equals-on-array.rule.yaml +4 -0
  103. package/rules/java/java.correctness.explicit-finalizer-invocation.rule.yaml +45 -0
  104. package/rules/java/java.correctness.for-loop-mismatched-increment.rule.yaml +45 -0
  105. package/rules/java/java.correctness.getter-setter-sync-mismatch.rule.yaml +42 -0
  106. package/rules/java/java.correctness.hashcode-on-array.rule.yaml +42 -0
  107. package/rules/java/java.correctness.hashtable-contains-value.rule.yaml +42 -0
  108. package/rules/java/java.correctness.hasnext-invokes-next.rule.yaml +45 -0
  109. package/rules/java/java.correctness.ignored-inputstream-read.rule.yaml +45 -0
  110. package/rules/java/java.correctness.ignored-inputstream-skip.rule.yaml +45 -0
  111. package/rules/java/java.correctness.illegal-monitor-state-caught.rule.yaml +45 -0
  112. package/rules/java/java.correctness.impossible-toarray-downcast.rule.yaml +45 -0
  113. package/rules/java/java.correctness.incorrect-main-signature.rule.yaml +42 -0
  114. package/rules/java/java.correctness.indexof-reversed-arguments.rule.yaml +42 -0
  115. package/rules/java/java.correctness.instant-unsupported-temporal-unit.rule.yaml +42 -0
  116. package/rules/java/java.correctness.invalid-regex-literal.rule.yaml +45 -0
  117. package/rules/java/java.correctness.invalid-serial-version-uid.rule.yaml +42 -0
  118. package/rules/java/java.correctness.invalid-time-constants.rule.yaml +42 -0
  119. package/rules/java/java.correctness.invalidated-iterator.rule.yaml +42 -0
  120. package/rules/java/java.correctness.iterable-iterator-returns-this.rule.yaml +44 -0
  121. package/rules/java/java.correctness.iterable-path-type.rule.yaml +42 -0
  122. package/rules/java/java.correctness.jump-in-finally.rule.yaml +44 -0
  123. package/rules/java/java.correctness.loop-condition-never-true.rule.yaml +42 -0
  124. package/rules/java/java.correctness.lost-increment-in-assignment.rule.yaml +45 -0
  125. package/rules/java/java.correctness.math-max-min-swapped.rule.yaml +45 -0
  126. package/rules/java/java.correctness.missing-enum-switch-elements.rule.yaml +43 -0
  127. package/rules/java/java.correctness.modulus-multiplication-precedence.rule.yaml +42 -0
  128. package/rules/java/java.correctness.mutable-data-exposed.rule.yaml +42 -0
  129. package/rules/java/java.correctness.mutable-enum-fields.rule.yaml +44 -0
  130. package/rules/java/java.correctness.nan-comparison.rule.yaml +42 -0
  131. package/rules/java/java.correctness.ncopies-argument-order.rule.yaml +42 -0
  132. package/rules/java/java.correctness.noallocation-method-creates-object.rule.yaml +45 -0
  133. package/rules/java/java.correctness.non-final-immutable-fields.rule.yaml +45 -0
  134. package/rules/java/java.correctness.non-null-method-returns-null.rule.yaml +43 -0
  135. package/rules/java/java.correctness.non-terminating-loop.rule.yaml +42 -0
  136. package/rules/java/java.correctness.oddness-check-fails-negative.rule.yaml +45 -0
  137. package/rules/java/java.correctness.optional-get-without-present-check.rule.yaml +44 -0
  138. package/rules/java/java.correctness.optional-null.rule.yaml +42 -0
  139. package/rules/java/java.correctness.overloaded-equals.rule.yaml +45 -0
  140. package/rules/java/java.correctness.parameter-reassignment.rule.yaml +46 -0
  141. package/rules/java/java.correctness.possible-null-access-exception.rule.yaml +42 -0
  142. package/rules/java/java.correctness.possible-null-access.rule.yaml +42 -0
  143. package/rules/java/java.correctness.prepared-statement-in-loop.rule.yaml +52 -0
  144. package/rules/java/java.correctness.prepared-statement-index-zero.rule.yaml +44 -0
  145. package/rules/java/java.correctness.random-coerced-to-zero.rule.yaml +44 -0
  146. package/rules/java/java.correctness.read-resolve-return-type.rule.yaml +42 -0
  147. package/rules/java/java.correctness.readline-without-null-check.rule.yaml +45 -0
  148. package/rules/java/java.correctness.result-set-index-zero.rule.yaml +44 -0
  149. package/rules/java/java.correctness.runfinalizers-on-exit.rule.yaml +45 -0
  150. package/rules/java/java.correctness.runnable-run-direct.rule.yaml +45 -0
  151. package/rules/java/java.correctness.self-assignment.rule.yaml +45 -0
  152. package/rules/java/java.correctness.serializable-superclass.rule.yaml +42 -0
  153. package/rules/java/java.correctness.serialization-method-signature.rule.yaml +42 -0
  154. package/rules/java/java.correctness.servlet-mutable-fields.rule.yaml +45 -0
  155. package/rules/java/java.correctness.shift-out-of-range.rule.yaml +44 -0
  156. package/rules/java/java.correctness.static-date-field.rule.yaml +42 -0
  157. package/rules/java/java.correctness.stream-reuse.rule.yaml +42 -0
  158. package/rules/java/java.correctness.string-format-arg-mismatch.rule.yaml +45 -0
  159. package/rules/java/java.correctness.stringbuilder-char-ctor.rule.yaml +42 -0
  160. package/rules/java/java.correctness.switch-statement-labels.rule.yaml +44 -0
  161. package/rules/java/java.correctness.sync-boxed-primitive.rule.yaml +45 -0
  162. package/rules/java/java.correctness.sync-on-get-class.rule.yaml +42 -0
  163. package/rules/java/java.correctness.sync-on-lock-primitive.rule.yaml +45 -0
  164. package/rules/java/java.correctness.sync-on-mutable-ref.rule.yaml +42 -0
  165. package/rules/java/java.correctness.sync-on-nullable-field.rule.yaml +42 -0
  166. package/rules/java/java.correctness.sync-on-public-field.rule.yaml +42 -0
  167. package/rules/java/java.correctness.sync-on-string-literal.rule.yaml +2 -0
  168. package/rules/java/java.correctness.system-exit.rule.yaml +43 -0
  169. package/rules/java/java.correctness.thread-sleep-with-lock.rule.yaml +45 -0
  170. package/rules/java/java.correctness.thread-static-misuse.rule.yaml +42 -0
  171. package/rules/java/java.correctness.threadgroup-deprecated-methods.rule.yaml +43 -0
  172. package/rules/java/java.correctness.throw-null.rule.yaml +42 -0
  173. package/rules/java/java.correctness.timezone-invalid-id.rule.yaml +42 -0
  174. package/rules/java/java.correctness.two-lock-wait.rule.yaml +45 -0
  175. package/rules/java/java.correctness.unconditional-recursion.rule.yaml +42 -0
  176. package/rules/java/java.correctness.unescaped-whitespace.rule.yaml +42 -0
  177. package/rules/java/java.correctness.unimplementable-interface.rule.yaml +42 -0
  178. package/rules/java/java.correctness.unsafe-collection-downcast.rule.yaml +42 -0
  179. package/rules/java/java.correctness.unsafe-getresource.rule.yaml +45 -0
  180. package/rules/java/java.correctness.unsupported-jdk-api.rule.yaml +46 -0
  181. package/rules/java/java.correctness.unsupported-method-call.rule.yaml +42 -0
  182. package/rules/java/java.correctness.unsync-static-lazy-init.rule.yaml +42 -0
  183. package/rules/java/java.correctness.unsynchronized-wait-notify.rule.yaml +45 -0
  184. package/rules/java/java.correctness.unterminated-assertion-chain.rule.yaml +39 -0
  185. package/rules/java/java.correctness.volatile-array-elements.rule.yaml +45 -0
  186. package/rules/java/java.correctness.volatile-increment-non-atomic.rule.yaml +45 -0
  187. package/rules/java/java.correctness.wait-notify-on-thread.rule.yaml +45 -0
  188. package/rules/java/java.correctness.wait-on-condition.rule.yaml +45 -0
  189. package/rules/java/java.correctness.week-year-in-date-pattern.rule.yaml +44 -0
  190. package/rules/java/java.correctness.zoneid-invalid-timezone.rule.yaml +42 -0
  191. package/rules/java/java.doc.empty-javadoc-tag.rule.yaml +41 -0
  192. package/rules/java/java.doc.malformed-javadoc-comment.rule.yaml +41 -0
  193. package/rules/java/java.doc.parameter-tag-no-description.rule.yaml +41 -0
  194. package/rules/java/java.doc.unmatched-parameter-tag.rule.yaml +41 -0
  195. package/rules/java/java.performance.boxed-boolean-constructor.rule.yaml +43 -0
  196. package/rules/java/java.performance.boxed-double-constructor.rule.yaml +43 -0
  197. package/rules/java/java.performance.boxed-integer-constructor.rule.yaml +43 -0
  198. package/rules/java/java.performance.empty-string-constructor.rule.yaml +44 -0
  199. package/rules/java/java.performance.expensive-method-on-ui-thread.rule.yaml +50 -0
  200. package/rules/java/java.performance.explicit-gc.rule.yaml +43 -0
  201. package/rules/java/java.performance.inefficient-string-constructor.rule.yaml +44 -0
  202. package/rules/java/java.performance.keyset-instead-of-entryset.rule.yaml +49 -0
  203. package/rules/java/java.performance.non-zero-to-array.rule.yaml +49 -0
  204. package/rules/java/java.performance.pattern-compile-in-loop.rule.yaml +49 -0
  205. package/rules/java/java.performance.removeall-to-clear.rule.yaml +49 -0
  206. package/rules/java/java.performance.replaceall-instead-of-replace.rule.yaml +49 -0
  207. package/rules/java/java.performance.single-char-string-indexof.rule.yaml +49 -0
  208. package/rules/java/java.performance.string-concat-in-loop.rule.yaml +49 -0
  209. package/rules/java/java.performance.string-to-string.rule.yaml +43 -0
  210. package/rules/java/java.performance.thread-as-runnable.rule.yaml +44 -0
  211. package/rules/java/java.performance.url-in-collection.rule.yaml +44 -0
  212. package/rules/java/java.quality.c-style-array-declaration.rule.yaml +41 -0
  213. package/rules/java/java.quality.multiple-variables-same-line.rule.yaml +41 -0
  214. package/rules/java/java.quality.type-name-uppercase.rule.yaml +41 -0
  215. package/rules/java/java.testing.setup-teardown-annotation.rule.yaml +36 -0
  216. package/rules/java/java.testing.setup-without-super.rule.yaml +43 -0
  217. package/rules/java/java.testing.teardown-without-super.rule.yaml +43 -0
  218. package/rules/java/java.testing.wrong-assertion-argument-order.rule.yaml +43 -0
  219. package/rules/php/php.correctness.abstract-method-outside-abstract-class.rule.yaml +3 -0
  220. package/rules/php/php.correctness.abstract-method-with-body.rule.yaml +38 -0
  221. package/rules/php/php.correctness.assign-to-non-lvalue.rule.yaml +38 -0
  222. package/rules/php/php.correctness.attribute-on-class-constant.rule.yaml +38 -0
  223. package/rules/php/php.correctness.attribute-on-closure.rule.yaml +38 -0
  224. package/rules/php/php.correctness.attribute-on-function.rule.yaml +38 -0
  225. package/rules/php/php.correctness.attribute-on-property.rule.yaml +40 -0
  226. package/rules/php/php.correctness.break-continue-outside-loop.rule.yaml +2 -0
  227. package/rules/php/php.correctness.case-insensitive-define.rule.yaml +2 -0
  228. package/rules/php/php.correctness.class-implements-non-interface.rule.yaml +38 -0
  229. package/rules/php/php.correctness.default-parameter-not-last.rule.yaml +2 -0
  230. package/rules/php/php.correctness.deprecated-filter-constant.rule.yaml +2 -0
  231. package/rules/php/php.correctness.deprecated-libxml-entity-loader.rule.yaml +2 -0
  232. package/rules/php/php.correctness.deprecated-unset-cast.rule.yaml +2 -0
  233. package/rules/php/php.correctness.duplicate-array-key.rule.yaml +2 -0
  234. package/rules/php/php.correctness.duplicate-declaration.rule.yaml +2 -0
  235. package/rules/php/php.correctness.duplicate-union-type.rule.yaml +38 -0
  236. package/rules/php/php.correctness.echo-invalid-value.rule.yaml +38 -0
  237. package/rules/php/php.correctness.empty-array-literal-slot.rule.yaml +2 -0
  238. package/rules/php/php.correctness.empty-bracket-array-access.rule.yaml +2 -0
  239. package/rules/php/php.correctness.empty-code-block.rule.yaml +2 -0
  240. package/rules/php/php.correctness.empty-function-body.rule.yaml +2 -0
  241. package/rules/php/php.correctness.error-suppression-operator.rule.yaml +2 -0
  242. package/rules/php/php.correctness.function-comparison.rule.yaml +2 -0
  243. package/rules/php/php.correctness.inaccessible-property.rule.yaml +49 -0
  244. package/rules/php/php.correctness.incomplete-arrow-function.rule.yaml +38 -0
  245. package/rules/php/php.correctness.inconsistent-printf-params.rule.yaml +50 -0
  246. package/rules/php/php.correctness.instanceof-invalid-type.rule.yaml +40 -0
  247. package/rules/php/php.correctness.instantiate-abstract-class.rule.yaml +38 -0
  248. package/rules/php/php.correctness.interface-extends-non-interface.rule.yaml +38 -0
  249. package/rules/php/php.correctness.interface-implements-keyword.rule.yaml +38 -0
  250. package/rules/php/php.correctness.invalid-arrow-function-typehint.rule.yaml +38 -0
  251. package/rules/php/php.correctness.invalid-attribute-class.rule.yaml +49 -0
  252. package/rules/php/php.correctness.invalid-closure-return-typehint.rule.yaml +38 -0
  253. package/rules/php/php.correctness.invalid-constructor-promotion.rule.yaml +38 -0
  254. package/rules/php/php.correctness.invalid-cookie-options.rule.yaml +2 -0
  255. package/rules/php/php.correctness.invalid-dynamic-constant-fetch.rule.yaml +38 -0
  256. package/rules/php/php.correctness.invalid-extends-target.rule.yaml +38 -0
  257. package/rules/php/php.correctness.invalid-increment-operand.rule.yaml +38 -0
  258. package/rules/php/php.correctness.invalid-isset-argument.rule.yaml +38 -0
  259. package/rules/php/php.correctness.invalid-return-typehint.rule.yaml +38 -0
  260. package/rules/php/php.correctness.invalid-static-method.rule.yaml +40 -0
  261. package/rules/php/php.correctness.invalid-string-interpolation-type.rule.yaml +38 -0
  262. package/rules/php/php.correctness.invalid-type-cast.rule.yaml +38 -0
  263. package/rules/php/php.correctness.invalid-use-keyword.rule.yaml +48 -0
  264. package/rules/php/php.correctness.missing-member-visibility.rule.yaml +2 -0
  265. package/rules/php/php.correctness.missing-return-statement.rule.yaml +38 -0
  266. package/rules/php/php.correctness.named-arg-before-positional.rule.yaml +38 -0
  267. package/rules/php/php.correctness.nested-function-declaration.rule.yaml +2 -0
  268. package/rules/php/php.correctness.nested-switch.rule.yaml +2 -0
  269. package/rules/php/php.correctness.nullable-mixed-type.rule.yaml +38 -0
  270. package/rules/php/php.correctness.nullsafe-returned-by-reference.rule.yaml +3 -0
  271. package/rules/php/php.correctness.print-invalid-value.rule.yaml +38 -0
  272. package/rules/php/php.correctness.psr-class-constant-naming.rule.yaml +38 -0
  273. package/rules/php/php.correctness.psr-method-camel-case.rule.yaml +38 -0
  274. package/rules/php/php.correctness.redundant-final-method.rule.yaml +38 -0
  275. package/rules/php/php.correctness.redundant-string-cast-concat.rule.yaml +2 -0
  276. package/rules/php/php.correctness.self-assignment.rule.yaml +2 -0
  277. package/rules/php/php.correctness.switch-multiple-default.rule.yaml +2 -0
  278. package/rules/php/php.correctness.throw-as-expression.rule.yaml +38 -0
  279. package/rules/php/php.correctness.throw-non-exception.rule.yaml +38 -0
  280. package/rules/php/php.correctness.trait-as-attribute.rule.yaml +38 -0
  281. package/rules/php/php.correctness.trait-class-constant.rule.yaml +38 -0
  282. package/rules/php/php.correctness.undefined-constant-reference.rule.yaml +38 -0
  283. package/rules/php/php.correctness.undefined-function.rule.yaml +40 -0
  284. package/rules/php/php.correctness.undefined-method.rule.yaml +40 -0
  285. package/rules/php/php.correctness.undefined-property.rule.yaml +51 -0
  286. package/rules/php/php.correctness.undefined-static-property.rule.yaml +41 -0
  287. package/rules/php/php.correctness.undefined-variable.rule.yaml +48 -0
  288. package/rules/php/php.correctness.uninitialized-typed-property.rule.yaml +38 -0
  289. package/rules/php/php.correctness.unknown-magic-method.rule.yaml +2 -0
  290. package/rules/php/php.correctness.unreachable-after-return.rule.yaml +2 -0
  291. package/rules/php/php.correctness.unused-closure-use-variable.rule.yaml +38 -0
  292. package/rules/php/php.correctness.unused-constructor-parameter.rule.yaml +38 -0
  293. package/rules/php/php.correctness.unused-import.rule.yaml +38 -0
  294. package/rules/php/php.correctness.useless-post-increment.rule.yaml +2 -0
  295. package/rules/php/php.correctness.useless-unset.rule.yaml +2 -0
  296. package/rules/php/php.correctness.void-match-arm.rule.yaml +38 -0
  297. package/rules/php/php.performance.expensive-loop-condition.rule.yaml +2 -0
  298. package/rules/php/php.security.debug-function-exposure.rule.yaml +2 -0
  299. package/rules/php/php.security.insecure-session-id-generation.rule.yaml +2 -0
  300. package/rules/php/php.security.insecure-session-or-cookie-config.rule.yaml +3 -0
  301. package/rules/php/php.security.no-dynamic-eval.rule.yaml +2 -0
  302. package/rules/php/php.security.unsafe-include-with-user-input.rule.yaml +2 -0
  303. package/rules/php/php.security.unsafe-new-static.rule.yaml +2 -0
  304. package/rules/php/php.security.weak-cipher.rule.yaml +2 -0
  305. package/rules/php/php.security.xml-external-entity.rule.yaml +2 -0
  306. package/rules/python/py.correctness.assert-outside-test.rule.yaml +49 -0
  307. package/rules/python/py.correctness.global-statement.rule.yaml +51 -0
  308. package/rules/python/py.correctness.redefined-builtin.rule.yaml +51 -0
  309. package/rules/python/py.correctness.super-with-arguments.rule.yaml +51 -0
  310. package/rules/python/py.correctness.unnecessary-comprehension.rule.yaml +51 -0
  311. package/rules/python/py.correctness.useless-return.rule.yaml +51 -0
  312. package/rules/python/py.security.command-execution-with-request-input.rule.yaml +56 -0
  313. package/rules/python/py.security.ftp-usage.rule.yaml +51 -0
  314. package/rules/python/py.security.hardcoded-credentials.rule.yaml +51 -0
  315. package/rules/python/py.security.hardcoded-temp-directory.rule.yaml +51 -0
  316. package/rules/python/py.security.insecure-cipher-mode.rule.yaml +51 -0
  317. package/rules/python/py.security.insecure-cipher.rule.yaml +51 -0
  318. package/rules/python/py.security.insecure-crypto-import.rule.yaml +51 -0
  319. package/rules/python/py.security.insecure-http-transport.rule.yaml +56 -0
  320. package/rules/python/py.security.insecure-ssl-version.rule.yaml +53 -0
  321. package/rules/python/py.security.insecure-urllib-method.rule.yaml +51 -0
  322. package/rules/python/py.security.insecure-xml-parser.rule.yaml +53 -0
  323. package/rules/python/py.security.mako-insecure-templates.rule.yaml +53 -0
  324. package/rules/python/py.security.path-traversal-user-input.rule.yaml +51 -0
  325. package/rules/python/py.security.request-path-file-read.rule.yaml +56 -0
  326. package/rules/python/py.security.sensitive-logging.rule.yaml +51 -0
  327. package/rules/python/py.security.sql-interpolation.rule.yaml +56 -0
  328. package/rules/python/py.security.ssh-host-key-validation.rule.yaml +53 -0
  329. package/rules/python/py.security.telnet-usage.rule.yaml +51 -0
  330. package/rules/python/py.security.tls-verification-disabled.rule.yaml +56 -0
  331. package/rules/python/py.security.unsafe-deserialization.rule.yaml +56 -0
  332. package/rules/python/py.security.weak-crypto-key.rule.yaml +51 -0
  333. package/rules/python/py.security.weak-hash-algorithm.rule.yaml +57 -0
  334. package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml +53 -0
  335. package/rules/python/py.security.xmlrpc-import.rule.yaml +53 -0
  336. package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml +53 -0
  337. package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml +53 -0
  338. package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml +53 -0
  339. package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml +53 -0
  340. package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml +55 -0
  341. package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml +52 -0
  342. package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml +55 -0
  343. package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml +52 -0
  344. package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml +54 -0
  345. package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml +49 -0
  346. package/rules/ruby/ruby.bug-risk.ambiguous-operator-argument.rule.yaml +48 -0
  347. package/rules/ruby/ruby.bug-risk.ambiguous-regexp-literal.rule.yaml +49 -0
  348. package/rules/ruby/ruby.bug-risk.argument-overwritten-before-use.rule.yaml +51 -0
  349. package/rules/ruby/ruby.bug-risk.assert-not-usage.rule.yaml +51 -0
  350. package/rules/ruby/ruby.bug-risk.bad-date-usage.rule.yaml +55 -0
  351. package/rules/ruby/ruby.bug-risk.bad-magic-comment-order.rule.yaml +50 -0
  352. package/rules/ruby/ruby.bug-risk.bad-operand-order.rule.yaml +46 -0
  353. package/rules/ruby/ruby.bug-risk.bad-rescue-ordering.rule.yaml +50 -0
  354. package/rules/ruby/ruby.bug-risk.branches-without-body.rule.yaml +49 -0
  355. package/rules/ruby/ruby.bug-risk.callback-order.rule.yaml +52 -0
  356. package/rules/ruby/ruby.bug-risk.callback-override.rule.yaml +53 -0
  357. package/rules/ruby/ruby.bug-risk.circular-argument-reference.rule.yaml +44 -0
  358. package/rules/ruby/ruby.bug-risk.class-name-should-be-string.rule.yaml +52 -0
  359. package/rules/ruby/ruby.bug-risk.console-output-instead-of-logger.rule.yaml +53 -0
  360. package/rules/ruby/ruby.bug-risk.constant-in-block.rule.yaml +52 -0
  361. package/rules/ruby/ruby.bug-risk.controller-base-subclass.rule.yaml +54 -0
  362. package/rules/ruby/ruby.bug-risk.dependent-option-cascade.rule.yaml +53 -0
  363. package/rules/ruby/ruby.bug-risk.deprecated-belongs-to-required.rule.yaml +54 -0
  364. package/rules/ruby/ruby.bug-risk.deprecated-big-decimal-new.rule.yaml +44 -0
  365. package/rules/ruby/ruby.bug-risk.deprecated-class-methods.rule.yaml +45 -0
  366. package/rules/ruby/ruby.bug-risk.deprecated-filter-methods.rule.yaml +54 -0
  367. package/rules/ruby/ruby.bug-risk.deprecated-find-by-dynamic.rule.yaml +55 -0
  368. package/rules/ruby/ruby.bug-risk.deprecated-http-status-symbols.rule.yaml +52 -0
  369. package/rules/ruby/ruby.bug-risk.deprecated-openssl-api.rule.yaml +42 -0
  370. package/rules/ruby/ruby.bug-risk.deprecated-uri-regexp.rule.yaml +42 -0
  371. package/rules/ruby/ruby.bug-risk.disjunctive-assignment-in-constructor.rule.yaml +46 -0
  372. package/rules/ruby/ruby.bug-risk.duplicate-case-conditions.rule.yaml +49 -0
  373. package/rules/ruby/ruby.bug-risk.duplicate-constant-assignment.rule.yaml +47 -0
  374. package/rules/ruby/ruby.bug-risk.duplicate-elsif-block.rule.yaml +51 -0
  375. package/rules/ruby/ruby.bug-risk.duplicate-method-definitions.rule.yaml +49 -0
  376. package/rules/ruby/ruby.bug-risk.each-with-object-immutable-arg.rule.yaml +51 -0
  377. package/rules/ruby/ruby.bug-risk.else-followed-by-expression.rule.yaml +50 -0
  378. package/rules/ruby/ruby.bug-risk.else-without-rescue.rule.yaml +51 -0
  379. package/rules/ruby/ruby.bug-risk.empty-ensure-block.rule.yaml +49 -0
  380. package/rules/ruby/ruby.bug-risk.empty-expression.rule.yaml +48 -0
  381. package/rules/ruby/ruby.bug-risk.empty-interpolation.rule.yaml +49 -0
  382. package/rules/ruby/ruby.bug-risk.end-in-method.rule.yaml +49 -0
  383. package/rules/ruby/ruby.bug-risk.enum-array-syntax.rule.yaml +54 -0
  384. package/rules/ruby/ruby.bug-risk.enum-duplicate-values.rule.yaml +53 -0
  385. package/rules/ruby/ruby.bug-risk.equal-instead-of-equal.rule.yaml +50 -0
  386. package/rules/ruby/ruby.bug-risk.error-inherits-exception.rule.yaml +42 -0
  387. package/rules/ruby/ruby.bug-risk.exit-in-app-code.rule.yaml +53 -0
  388. package/rules/ruby/ruby.bug-risk.flip-flop-operator.rule.yaml +49 -0
  389. package/rules/ruby/ruby.bug-risk.git-in-gemspec.rule.yaml +48 -0
  390. package/rules/ruby/ruby.bug-risk.grouped-parentheses-in-call.rule.yaml +51 -0
  391. package/rules/ruby/ruby.bug-risk.has-and-belongs-to-many.rule.yaml +52 -0
  392. package/rules/ruby/ruby.bug-risk.helper-instance-variables.rule.yaml +52 -0
  393. package/rules/ruby/ruby.bug-risk.heredoc-method-order.rule.yaml +51 -0
  394. package/rules/ruby/ruby.bug-risk.http-methods-without-params.rule.yaml +54 -0
  395. package/rules/ruby/ruby.bug-risk.identical-binary-operands.rule.yaml +53 -0
  396. package/rules/ruby/ruby.bug-risk.ignored-column-accessed.rule.yaml +50 -0
  397. package/rules/ruby/ruby.bug-risk.inconsistent-request-referrer.rule.yaml +50 -0
  398. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation-try.rule.yaml +51 -0
  399. package/rules/ruby/ruby.bug-risk.inconsistent-safe-navigation.rule.yaml +51 -0
  400. package/rules/ruby/ruby.bug-risk.incorrect-pluralization.rule.yaml +51 -0
  401. package/rules/ruby/ruby.bug-risk.ineffective-access-modifier.rule.yaml +50 -0
  402. package/rules/ruby/ruby.bug-risk.interpolation-in-single-quote.rule.yaml +50 -0
  403. package/rules/ruby/ruby.bug-risk.invalid-integer-times.rule.yaml +52 -0
  404. package/rules/ruby/ruby.bug-risk.invalid-percent-string-literal.rule.yaml +51 -0
  405. package/rules/ruby/ruby.bug-risk.invalid-percent-symbol-array.rule.yaml +51 -0
  406. package/rules/ruby/ruby.bug-risk.invalid-rails-env-predicate.rule.yaml +51 -0
  407. package/rules/ruby/ruby.bug-risk.invalid-rescue-type.rule.yaml +51 -0
  408. package/rules/ruby/ruby.bug-risk.io-select-single-arg.rule.yaml +48 -0
  409. package/rules/ruby/ruby.bug-risk.irreversible-migration.rule.yaml +57 -0
  410. package/rules/ruby/ruby.bug-risk.missing-inverse-of.rule.yaml +53 -0
  411. package/rules/ruby/ruby.bug-risk.mixed-regex-captures.rule.yaml +51 -0
  412. package/rules/ruby/ruby.bug-risk.multiple-rescues-for-same-exception.rule.yaml +49 -0
  413. package/rules/ruby/ruby.bug-risk.non-local-exit-from-iterator.rule.yaml +51 -0
  414. package/rules/ruby/ruby.bug-risk.non-null-column-without-default.rule.yaml +51 -0
  415. package/rules/ruby/ruby.bug-risk.non-preferred-assert-falseness.rule.yaml +50 -0
  416. package/rules/ruby/ruby.bug-risk.old-style-validation-macro.rule.yaml +49 -0
  417. package/rules/ruby/ruby.bug-risk.outer-variable-shadowed.rule.yaml +47 -0
  418. package/rules/ruby/ruby.bug-risk.plain-method-instead-of-proc.rule.yaml +48 -0
  419. package/rules/ruby/ruby.bug-risk.predicate-method-without-parentheses.rule.yaml +51 -0
  420. package/rules/ruby/ruby.bug-risk.rails-env-equality.rule.yaml +53 -0
  421. package/rules/ruby/ruby.bug-risk.rails-root-join.rule.yaml +53 -0
  422. package/rules/ruby/ruby.bug-risk.rake-task-missing-environment.rule.yaml +46 -0
  423. package/rules/ruby/ruby.bug-risk.redundant-allow-nil.rule.yaml +52 -0
  424. package/rules/ruby/ruby.bug-risk.redundant-foreign-key.rule.yaml +50 -0
  425. package/rules/ruby/ruby.bug-risk.redundant-with-options-receiver.rule.yaml +52 -0
  426. package/rules/ruby/ruby.bug-risk.regex-literal-in-condition.rule.yaml +51 -0
  427. package/rules/ruby/ruby.bug-risk.relative-date-as-constant.rule.yaml +51 -0
  428. package/rules/ruby/ruby.bug-risk.renamed-column-accessed.rule.yaml +50 -0
  429. package/rules/ruby/ruby.bug-risk.rescue-exception.rule.yaml +42 -0
  430. package/rules/ruby/ruby.bug-risk.return-in-ensure.rule.yaml +49 -0
  431. package/rules/ruby/ruby.bug-risk.routes-match-single-verb.rule.yaml +51 -0
  432. package/rules/ruby/ruby.bug-risk.safe-navigation-with-blank.rule.yaml +50 -0
  433. package/rules/ruby/ruby.bug-risk.safe-navigation-with-empty.rule.yaml +52 -0
  434. package/rules/ruby/ruby.bug-risk.self-assignment.rule.yaml +52 -0
  435. package/rules/ruby/ruby.bug-risk.skip-filter-conditional.rule.yaml +55 -0
  436. package/rules/ruby/ruby.bug-risk.suppressed-exceptions.rule.yaml +49 -0
  437. package/rules/ruby/ruby.bug-risk.symbol-boolean-name.rule.yaml +44 -0
  438. package/rules/ruby/ruby.bug-risk.table-without-timestamps.rule.yaml +53 -0
  439. package/rules/ruby/ruby.bug-risk.time-without-zone.rule.yaml +51 -0
  440. package/rules/ruby/ruby.bug-risk.to-json-without-argument.rule.yaml +51 -0
  441. package/rules/ruby/ruby.bug-risk.trailing-comma-attribute.rule.yaml +50 -0
  442. package/rules/ruby/ruby.bug-risk.undefined-action-filter.rule.yaml +53 -0
  443. package/rules/ruby/ruby.bug-risk.unintended-string-concatenation.rule.yaml +51 -0
  444. package/rules/ruby/ruby.bug-risk.unnecessary-require.rule.yaml +51 -0
  445. package/rules/ruby/ruby.bug-risk.unnecessary-splat.rule.yaml +50 -0
  446. package/rules/ruby/ruby.bug-risk.unqualified-constant.rule.yaml +51 -0
  447. package/rules/ruby/ruby.bug-risk.unreachable-code.rule.yaml +49 -0
  448. package/rules/ruby/ruby.bug-risk.unreachable-loop.rule.yaml +51 -0
  449. package/rules/ruby/ruby.bug-risk.unsafe-number-conversion.rule.yaml +51 -0
  450. package/rules/ruby/ruby.bug-risk.unsafe-safe-navigation-chain.rule.yaml +50 -0
  451. package/rules/ruby/ruby.bug-risk.unused-method-arguments.rule.yaml +51 -0
  452. package/rules/ruby/ruby.bug-risk.use-blank-simplify.rule.yaml +49 -0
  453. package/rules/ruby/ruby.bug-risk.use-delegate.rule.yaml +50 -0
  454. package/rules/ruby/ruby.bug-risk.use-presence-over-explicit-check.rule.yaml +49 -0
  455. package/rules/ruby/ruby.bug-risk.use-present-to-simplify-conditional.rule.yaml +48 -0
  456. package/rules/ruby/ruby.bug-risk.use-square-brackets-for-attributes.rule.yaml +50 -0
  457. package/rules/ruby/ruby.bug-risk.useless-access-modifier.rule.yaml +49 -0
  458. package/rules/ruby/ruby.bug-risk.useless-comparison.rule.yaml +50 -0
  459. package/rules/ruby/ruby.bug-risk.useless-setter-call.rule.yaml +49 -0
  460. package/rules/ruby/ruby.bug-risk.when-branch-without-body.rule.yaml +49 -0
  461. package/rules/ruby/ruby.bug-risk.where-first-over-find-by.rule.yaml +54 -0
  462. package/rules/ruby/ruby.bug-risk.with-index-value-unused.rule.yaml +50 -0
  463. package/rules/ruby/ruby.bug-risk.with-object-value-unused.rule.yaml +50 -0
  464. package/rules/ruby/ruby.performance.efficient-hash-search.rule.yaml +42 -0
  465. package/rules/ruby/ruby.performance.enumerable-index-by.rule.yaml +51 -0
  466. package/rules/ruby/ruby.performance.enumerable-index-with.rule.yaml +52 -0
  467. package/rules/ruby/ruby.performance.merge-single-key.rule.yaml +42 -0
  468. package/rules/ruby/ruby.performance.no-static-size-computation.rule.yaml +43 -0
  469. package/rules/ruby/ruby.performance.prefer-delete-prefix.rule.yaml +53 -0
  470. package/rules/ruby/ruby.performance.prefer-delete-suffix.rule.yaml +53 -0
  471. package/rules/ruby/ruby.performance.prefer-flat-map.rule.yaml +41 -0
  472. package/rules/ruby/ruby.performance.prefer-struct-over-openstruct.rule.yaml +42 -0
  473. package/rules/ruby/ruby.performance.range-cover-over-include.rule.yaml +43 -0
  474. package/rules/ruby/ruby.performance.regex-match-over-match.rule.yaml +42 -0
  475. package/rules/ruby/ruby.performance.yield-over-block-call.rule.yaml +41 -0
  476. package/rules/ruby/ruby.security.io-shell-command.rule.yaml +50 -0
  477. package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml +51 -0
  478. package/rules/ruby/ruby.security.rails-render-inline.rule.yaml +55 -0
  479. package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml +51 -0
  480. package/rules/rust/rust.correctness.empty-range-expression.rule.yaml +49 -0
  481. package/rules/rust/rust.correctness.erasing-operation.rule.yaml +49 -0
  482. package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml +50 -0
  483. package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml +50 -0
  484. package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml +49 -0
  485. package/rules/rust/rust.correctness.hash-unit-value.rule.yaml +49 -0
  486. package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml +49 -0
  487. package/rules/rust/rust.correctness.ignored-future-value.rule.yaml +53 -0
  488. package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml +49 -0
  489. package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml +49 -0
  490. package/rules/rust/rust.correctness.mistyped-suffix.rule.yaml +50 -0
  491. package/rules/rust/rust.correctness.nan-comparison.rule.yaml +49 -0
  492. package/rules/rust/rust.correctness.non-binding-let-on-lock.rule.yaml +50 -0
  493. package/rules/rust/rust.correctness.non-octal-permissions.rule.yaml +60 -0
  494. package/rules/rust/rust.correctness.print-in-display-impl.rule.yaml +48 -0
  495. package/rules/rust/rust.correctness.self-not-self-type.rule.yaml +49 -0
  496. package/rules/rust/rust.correctness.step-by-zero.rule.yaml +48 -0
  497. package/rules/rust/rust.correctness.syntax-error.rule.yaml +49 -0
  498. package/rules/rust/rust.correctness.transmute-float-char-to-ref-or-ptr.rule.yaml +48 -0
  499. package/rules/rust/rust.correctness.transmute-int-lit-to-raw-ptr.rule.yaml +48 -0
  500. package/rules/rust/rust.correctness.transmute-int-to-fn-ptr.rule.yaml +48 -0
  501. package/rules/rust/rust.correctness.transmute-integer-to-bool.rule.yaml +49 -0
  502. package/rules/rust/rust.correctness.transmute-integer-to-char.rule.yaml +48 -0
  503. package/rules/rust/rust.correctness.transmute-integer-to-nonzero.rule.yaml +48 -0
  504. package/rules/rust/rust.correctness.transmute-number-to-slice-or-array.rule.yaml +48 -0
  505. package/rules/rust/rust.correctness.transmute-ptr-to-ptr.rule.yaml +49 -0
  506. package/rules/rust/rust.correctness.transmute-ptr-to-ref.rule.yaml +49 -0
  507. package/rules/rust/rust.correctness.transmute-ref-to-ptr.rule.yaml +49 -0
  508. package/rules/rust/rust.correctness.transmute-t-to-ptr-ref.rule.yaml +49 -0
  509. package/rules/rust/rust.correctness.transmute-tuple-to-slice-or-array.rule.yaml +48 -0
  510. package/rules/rust/rust.correctness.unhandled-io-result.rule.yaml +49 -0
  511. package/rules/rust/rust.correctness.unit-argument.rule.yaml +50 -0
  512. package/rules/rust/rust.correctness.unit-comparison.rule.yaml +49 -0
  513. package/rules/rust/rust.performance.single-char-string-literal-pattern.rule.yaml +51 -0
  514. package/rules/rust/rust.quality.approximate-floating-constant.rule.yaml +51 -0
  515. package/rules/rust/rust.quality.builtin-type-shadow.rule.yaml +49 -0
  516. package/rules/rust/rust.quality.clone-on-double-reference.rule.yaml +50 -0
  517. package/rules/rust/rust.quality.crate-in-macro-definition.rule.yaml +50 -0
  518. package/rules/rust/rust.quality.deprecated-function-use.rule.yaml +52 -0
  519. package/rules/rust/rust.quality.env-string-literal.rule.yaml +50 -0
  520. package/rules/rust/rust.quality.explicit-self-assignment.rule.yaml +49 -0
  521. package/rules/rust/rust.quality.fn-ptr-null-comparison.rule.yaml +49 -0
  522. package/rules/rust/rust.quality.fn-ptr-to-non-pointer-cast.rule.yaml +50 -0
  523. package/rules/rust/rust.quality.inaccurate-duration-calculation.rule.yaml +50 -0
  524. package/rules/rust/rust.quality.isize-usize-overflow.rule.yaml +50 -0
  525. package/rules/rust/rust.quality.iter-count-instead-of-len.rule.yaml +49 -0
  526. package/rules/rust/rust.quality.iter-nth-instead-of-get.rule.yaml +50 -0
  527. package/rules/rust/rust.quality.map-followed-by-count.rule.yaml +50 -0
  528. package/rules/rust/rust.quality.non-owned-rc-pointer-into-vec.rule.yaml +50 -0
  529. package/rules/rust/rust.quality.non-utf8-literal-in-from-utf8-unchecked.rule.yaml +54 -0
  530. package/rules/rust/rust.quality.option-env-unwrap.rule.yaml +50 -0
  531. package/rules/rust/rust.quality.ordered-iteration-on-unordered.rule.yaml +52 -0
  532. package/rules/rust/rust.quality.possible-missing-comma-in-array.rule.yaml +49 -0
  533. package/rules/rust/rust.quality.potentially-incomplete-ascii-range.rule.yaml +49 -0
  534. package/rules/rust/rust.quality.redundant-mem-replace-with-default.rule.yaml +48 -0
  535. package/rules/rust/rust.quality.redundant-mem-replace-with-none.rule.yaml +48 -0
  536. package/rules/rust/rust.quality.redundant-mem-replace-with-zero.rule.yaml +48 -0
  537. package/rules/rust/rust.quality.replace-same-pattern-and-replacement.rule.yaml +49 -0
  538. package/rules/rust/rust.quality.size-of-val-on-reference.rule.yaml +49 -0
  539. package/rules/rust/rust.quality.unused-enumerate-or-zip-items.rule.yaml +50 -0
  540. package/rules/rust/rust.security.actix-namedfile-path-traversal.rule.yaml +61 -0
  541. package/rules/rust/rust.security.bind-all-interfaces.rule.yaml +2 -0
  542. package/rules/rust/rust.security.const-to-mut-ptr.rule.yaml +61 -0
  543. package/rules/rust/rust.security.differently-sized-slice-conversion.rule.yaml +61 -0
  544. package/rules/rust/rust.security.global-write-permission.rule.yaml +61 -0
  545. package/rules/rust/rust.security.insecure-temp-file.rule.yaml +2 -0
  546. package/rules/rust/rust.security.invisible-unicode.rule.yaml +60 -0
  547. package/rules/rust/rust.security.manual-error-type-id.rule.yaml +59 -0
  548. package/rules/rust/rust.security.missing-regex-anchor.rule.yaml +61 -0
  549. package/rules/rust/rust.security.misused-bitwise-xor.rule.yaml +54 -0
  550. package/rules/rust/rust.security.open-redirect.rule.yaml +64 -0
  551. package/rules/rust/rust.security.potentially-vulnerable-regex.rule.yaml +61 -0
  552. package/rules/rust/rust.security.raw-slice-to-ptr.rule.yaml +60 -0
  553. package/rules/rust/rust.security.unsafe-remove-dir-all.rule.yaml +62 -0
  554. package/rules/rust/rust.security.weak-crypto-import.rule.yaml +2 -0
  555. package/rules/rust/rust.security.weak-rsa-key-size.rule.yaml +2 -0
  556. package/rules/rust/rust.testing.ignore-without-ticket-reference.rule.yaml +13 -7
  557. package/rules/rust/rust.testing.thread-sleep-in-unit-test.rule.yaml +6 -6
  558. package/rules/shared/security.no-command-execution-with-request-input.rule.yaml +3 -0
  559. package/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml +2 -0
  560. package/rules/shared/security.no-sql-interpolation.rule.yaml +2 -0
  561. package/rules/shared/security.permissive-file-permissions.rule.yaml +2 -0
  562. package/rules/shared/security.weak-hash-algorithm.rule.yaml +2 -0
  563. package/rules/sql/sql.correctness.undefined-reference.rule.yaml +37 -0
  564. package/rules/sql/sql.style.ambiguous-distinct.rule.yaml +37 -0
  565. package/rules/sql/sql.style.column-expression-without-alias.rule.yaml +37 -0
  566. package/rules/sql/sql.style.distinct-with-parenthesis.rule.yaml +37 -0
  567. package/rules/sql/sql.style.duplicate-table-aliases.rule.yaml +37 -0
  568. package/rules/sql/sql.style.implicit-column-alias.rule.yaml +37 -0
  569. package/rules/sql/sql.style.implicit-table-alias.rule.yaml +37 -0
  570. package/rules/sql/sql.style.inconsistent-capitalization.rule.yaml +37 -0
  571. package/rules/sql/sql.style.inconsistent-keyword-case.rule.yaml +37 -0
  572. package/rules/sql/sql.style.keyword-as-identifier.rule.yaml +37 -0
  573. package/rules/sql/sql.style.trailing-select-comma.rule.yaml +37 -0
  574. package/rules/sql/sql.style.unqualified-references.rule.yaml +37 -0
  575. package/rules/sql/sql.style.unused-table-alias.rule.yaml +37 -0
  576. package/rules/typescript/ts.angularjs.inject-function-assignments-only.rule.yaml +36 -0
  577. package/rules/typescript/ts.angularjs.no-controller.rule.yaml +36 -0
  578. package/rules/typescript/ts.angularjs.no-deprecated-cookie-store.rule.yaml +36 -0
  579. package/rules/typescript/ts.angularjs.no-deprecated-directive-replace.rule.yaml +36 -0
  580. package/rules/typescript/ts.angularjs.no-deprecated-http-success-error.rule.yaml +36 -0
  581. package/rules/typescript/ts.angularjs.no-jquery-wrapping-angular-element.rule.yaml +36 -0
  582. package/rules/typescript/ts.angularjs.prefer-angular-for-each.rule.yaml +36 -0
  583. package/rules/typescript/ts.angularjs.prefer-angular-is-string.rule.yaml +36 -0
  584. package/rules/typescript/ts.correctness.array-callback-missing-return.rule.yaml +2 -0
  585. package/rules/typescript/ts.correctness.array-sort-without-compare.rule.yaml +5 -3
  586. package/rules/typescript/ts.correctness.assignment-in-condition.rule.yaml +4 -2
  587. package/rules/typescript/ts.correctness.assignment-to-exports.rule.yaml +38 -0
  588. package/rules/typescript/ts.correctness.assignment-to-import-binding.rule.yaml +2 -0
  589. package/rules/typescript/ts.correctness.async-promise-executor.rule.yaml +2 -0
  590. package/rules/typescript/ts.correctness.blocking-call-in-async-flow.rule.yaml +14 -3
  591. package/rules/typescript/ts.correctness.callback-missing-error-handling.rule.yaml +38 -0
  592. package/rules/typescript/ts.correctness.callback-not-error-first.rule.yaml +38 -0
  593. package/rules/typescript/ts.correctness.compound-assignment-with-await.rule.yaml +37 -0
  594. package/rules/typescript/ts.correctness.confusing-multiline-expression.rule.yaml +37 -0
  595. package/rules/typescript/ts.correctness.constructor-return-value.rule.yaml +37 -0
  596. package/rules/typescript/ts.correctness.control-flow-in-finally.rule.yaml +2 -0
  597. package/rules/typescript/ts.correctness.declaration-in-nested-block.rule.yaml +39 -0
  598. package/rules/typescript/ts.correctness.delete-on-variable.rule.yaml +37 -0
  599. package/rules/typescript/ts.correctness.deprecated-api-usage.rule.yaml +39 -0
  600. package/rules/typescript/ts.correctness.duplicate-class-member.rule.yaml +37 -0
  601. package/rules/typescript/ts.correctness.duplicate-export.rule.yaml +37 -0
  602. package/rules/typescript/ts.correctness.duplicate-function-parameter.rule.yaml +2 -0
  603. package/rules/typescript/ts.correctness.duplicate-if-else-condition.rule.yaml +2 -0
  604. package/rules/typescript/ts.correctness.duplicate-import-source.rule.yaml +2 -0
  605. package/rules/typescript/ts.correctness.duplicate-object-key.rule.yaml +2 -0
  606. package/rules/typescript/ts.correctness.duplicate-switch-case.rule.yaml +2 -0
  607. package/rules/typescript/ts.correctness.empty-block-statement.rule.yaml +2 -0
  608. package/rules/typescript/ts.correctness.empty-destructuring-pattern.rule.yaml +37 -0
  609. package/rules/typescript/ts.correctness.extraneous-import.rule.yaml +38 -0
  610. package/rules/typescript/ts.correctness.flawed-string-comparison.rule.yaml +38 -0
  611. package/rules/typescript/ts.correctness.global-object-called-as-function.rule.yaml +38 -0
  612. package/rules/typescript/ts.correctness.identical-comparison-operands.rule.yaml +2 -0
  613. package/rules/typescript/ts.correctness.implicit-undefined-return.rule.yaml +2 -0
  614. package/rules/typescript/ts.correctness.infinite-loop.rule.yaml +16 -7
  615. package/rules/typescript/ts.correctness.invalid-async-await-call.rule.yaml +37 -0
  616. package/rules/typescript/ts.correctness.invalid-shebang.rule.yaml +37 -0
  617. package/rules/typescript/ts.correctness.invalid-typeof-comparison.rule.yaml +2 -0
  618. package/rules/typescript/ts.correctness.invalid-variable-usage.rule.yaml +37 -0
  619. package/rules/typescript/ts.correctness.missing-async-on-promise-method.rule.yaml +2 -0
  620. package/rules/typescript/ts.correctness.missing-super-call.rule.yaml +2 -0
  621. package/rules/typescript/ts.correctness.missing-timeout-on-external-call.rule.yaml +13 -6
  622. package/rules/typescript/ts.correctness.missing-type-annotation.rule.yaml +37 -0
  623. package/rules/typescript/ts.correctness.namespace-import-unexported-name.rule.yaml +37 -0
  624. package/rules/typescript/ts.correctness.negative-zero-comparison.rule.yaml +37 -0
  625. package/rules/typescript/ts.correctness.new-expression-with-require.rule.yaml +39 -0
  626. package/rules/typescript/ts.correctness.new-symbol-instance.rule.yaml +38 -0
  627. package/rules/typescript/ts.correctness.no-confusing-label-in-switch.rule.yaml +39 -0
  628. package/rules/typescript/ts.correctness.no-href-with-nuxt-link.rule.yaml +39 -0
  629. package/rules/typescript/ts.correctness.no-ts-suppress-directive.rule.yaml +36 -0
  630. package/rules/typescript/ts.correctness.non-existent-assignment-operators.rule.yaml +38 -0
  631. package/rules/typescript/ts.correctness.off-by-one-loop-boundary.rule.yaml +2 -0
  632. package/rules/typescript/ts.correctness.parse-int-on-number-literal.rule.yaml +38 -0
  633. package/rules/typescript/ts.correctness.prefer-as-const-over-literal-type.rule.yaml +37 -0
  634. package/rules/typescript/ts.correctness.prefer-includes-over-indexof.rule.yaml +37 -0
  635. package/rules/typescript/ts.correctness.prefer-nullish-coalescing.rule.yaml +37 -0
  636. package/rules/typescript/ts.correctness.private-member-should-be-readonly.rule.yaml +37 -0
  637. package/rules/typescript/ts.correctness.promise-reject-non-error.rule.yaml +2 -0
  638. package/rules/typescript/ts.correctness.prototype-builtin-called-directly.rule.yaml +38 -0
  639. package/rules/typescript/ts.correctness.reassign-catch-binding.rule.yaml +2 -0
  640. package/rules/typescript/ts.correctness.reassign-class-member.rule.yaml +37 -0
  641. package/rules/typescript/ts.correctness.reassign-const-binding.rule.yaml +37 -0
  642. package/rules/typescript/ts.correctness.reassign-function-declaration.rule.yaml +38 -0
  643. package/rules/typescript/ts.correctness.regexp-constructor-invalid-pattern.rule.yaml +38 -0
  644. package/rules/typescript/ts.correctness.regexp-empty-character-class.rule.yaml +38 -0
  645. package/rules/typescript/ts.correctness.regexp-multicodepoint-character-class.rule.yaml +37 -0
  646. package/rules/typescript/ts.correctness.regexp-pattern-unusual-control-character.rule.yaml +2 -0
  647. package/rules/typescript/ts.correctness.regexp-useless-backreference.rule.yaml +37 -0
  648. package/rules/typescript/ts.correctness.require-outside-import.rule.yaml +37 -0
  649. package/rules/typescript/ts.correctness.restricted-global-variable.rule.yaml +37 -0
  650. package/rules/typescript/ts.correctness.restricted-object-property.rule.yaml +37 -0
  651. package/rules/typescript/ts.correctness.self-assignment.rule.yaml +2 -0
  652. package/rules/typescript/ts.correctness.setter-return-value.rule.yaml +37 -0
  653. package/rules/typescript/ts.correctness.simplify-boolean-return.rule.yaml +38 -0
  654. package/rules/typescript/ts.correctness.sparse-array-literal.rule.yaml +38 -0
  655. package/rules/typescript/ts.correctness.switch-case-fallthrough.rule.yaml +37 -0
  656. package/rules/typescript/ts.correctness.template-placeholder-in-string.rule.yaml +37 -0
  657. package/rules/typescript/ts.correctness.this-before-super.rule.yaml +3 -0
  658. package/rules/typescript/ts.correctness.this-outside-class.rule.yaml +37 -0
  659. package/rules/typescript/ts.correctness.undeclared-variable.rule.yaml +38 -0
  660. package/rules/typescript/ts.correctness.unhandled-async-error.rule.yaml +7 -1
  661. package/rules/typescript/ts.correctness.unnecessary-return-await.rule.yaml +2 -0
  662. package/rules/typescript/ts.correctness.unresolved-import.rule.yaml +37 -0
  663. package/rules/typescript/ts.correctness.unsafe-negation-in-relational.rule.yaml +38 -0
  664. package/rules/typescript/ts.correctness.unused-expression.rule.yaml +37 -0
  665. package/rules/typescript/ts.correctness.unused-variable.rule.yaml +37 -0
  666. package/rules/typescript/ts.correctness.use-number-is-nan.rule.yaml +2 -0
  667. package/rules/typescript/ts.correctness.used-before-definition.rule.yaml +38 -0
  668. package/rules/typescript/ts.correctness.var-declaration.rule.yaml +38 -0
  669. package/rules/typescript/ts.next.no-document-import-outside-custom-document.rule.yaml +39 -0
  670. package/rules/typescript/ts.next.no-head-import-in-custom-document.rule.yaml +39 -0
  671. package/rules/typescript/ts.performance.no-await-in-loop.rule.yaml +6 -6
  672. package/rules/typescript/ts.performance.no-json-parse-stringify-clone.rule.yaml +8 -0
  673. package/rules/typescript/ts.performance.sequential-async-calls.rule.yaml +16 -7
  674. package/rules/typescript/ts.quality.no-banned-type.rule.yaml +36 -0
  675. package/rules/typescript/ts.quality.no-empty-function.rule.yaml +1 -1
  676. package/rules/typescript/ts.quality.no-side-effect-in-pure-callback.rule.yaml +36 -0
  677. package/rules/typescript/ts.quality.swallowed-error.rule.yaml +6 -3
  678. package/rules/typescript/ts.react.no-deprecated-is-mounted.rule.yaml +36 -0
  679. package/rules/typescript/ts.react.no-deprecated-react-dom-root-api.rule.yaml +24 -2
  680. package/rules/typescript/ts.react.no-direct-state-mutation.rule.yaml +2 -0
  681. package/rules/typescript/ts.react.no-duplicate-jsx-attributes.rule.yaml +2 -0
  682. package/rules/typescript/ts.react.no-hooks-rule-violation.rule.yaml +38 -0
  683. package/rules/typescript/ts.react.no-invalid-markup-characters.rule.yaml +36 -0
  684. package/rules/typescript/ts.react.no-lifecycle-method-typo.rule.yaml +36 -0
  685. package/rules/typescript/ts.react.no-render-invalid-return-type.rule.yaml +36 -0
  686. package/rules/typescript/ts.react.no-set-state-in-component-did-mount.rule.yaml +2 -0
  687. package/rules/typescript/ts.react.no-set-state-in-component-did-update.rule.yaml +2 -0
  688. package/rules/typescript/ts.react.no-set-state-in-component-will-update.rule.yaml +36 -0
  689. package/rules/typescript/ts.react.no-should-component-update.rule.yaml +36 -0
  690. package/rules/typescript/ts.react.no-target-blank-without-rel.rule.yaml +2 -0
  691. package/rules/typescript/ts.react.no-this-state-in-set-state.rule.yaml +38 -0
  692. package/rules/typescript/ts.react.no-unnecessary-fragment.rule.yaml +36 -0
  693. package/rules/typescript/ts.runtime.no-process-exit.rule.yaml +3 -0
  694. package/rules/typescript/ts.runtime.process-exit-control-flow.rule.yaml +46 -0
  695. package/rules/typescript/ts.security.dangerous-insert-html.rule.yaml +5 -0
  696. package/rules/typescript/ts.security.express-insecure-listen.rule.yaml +52 -0
  697. package/rules/typescript/ts.security.express-nosql-injection.rule.yaml +16 -11
  698. package/rules/typescript/ts.security.express-static-dotfiles-allow.rule.yaml +5 -0
  699. package/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml +18 -6
  700. package/rules/typescript/ts.security.import-using-user-input.rule.yaml +62 -10
  701. package/rules/typescript/ts.security.insecure-auth-cookie-flags.rule.yaml +12 -4
  702. package/rules/typescript/ts.security.missing-request-timeout-or-retry.rule.yaml +8 -6
  703. package/rules/typescript/ts.security.no-assign-mutable-export.rule.yaml +2 -0
  704. package/rules/typescript/ts.security.no-dynamic-execution.rule.yaml +3 -3
  705. package/rules/typescript/ts.security.no-javascript-url.rule.yaml +42 -8
  706. package/rules/typescript/ts.security.no-native-prototype-extension.rule.yaml +13 -1
  707. package/rules/typescript/ts.security.non-literal-fs-filename.rule.yaml +13 -1
  708. package/rules/typescript/ts.security.observable-timing-discrepancy.rule.yaml +3 -3
  709. package/rules/typescript/ts.security.open-redirect.rule.yaml +6 -0
  710. package/rules/typescript/ts.security.path-join-user-input.rule.yaml +50 -0
  711. package/rules/typescript/ts.security.sensitive-data-written-to-file.rule.yaml +16 -6
  712. package/rules/typescript/ts.security.ssrf.rule.yaml +1 -0
  713. package/rules/typescript/ts.security.unsafe-dirname-path-concat.rule.yaml +3 -0
  714. package/rules/typescript/ts.security.unsanitized-http-response.rule.yaml +14 -3
  715. package/rules/typescript/ts.security.user-controlled-regexp.rule.yaml +52 -0
  716. package/rules/typescript/ts.testing.no-flaky-timer-test.rule.yaml +7 -7
  717. package/rules/typescript/ts.testing.no-legacy-test-waiter.rule.yaml +36 -0
  718. package/rules/typescript/ts.testing.no-network-call-in-unit-test.rule.yaml +7 -1
  719. package/rules/typescript/ts.testing.no-skipped-test-without-ticket.rule.yaml +3 -3
  720. package/rules/typescript/ts.testing.useless-assertion.rule.yaml +37 -0
  721. package/rules/typescript/ts.vue.emits-validator-return-boolean.rule.yaml +36 -0
  722. package/rules/typescript/ts.vue.no-browser-globals-in-created.rule.yaml +39 -0
  723. package/rules/typescript/ts.vue.no-computed-missing-dependency.rule.yaml +36 -0
  724. package/rules/typescript/ts.vue.no-computed-mutation.rule.yaml +36 -0
  725. package/rules/typescript/ts.vue.no-data-object-declaration.rule.yaml +36 -0
  726. package/rules/typescript/ts.vue.no-deprecated-keycodes-config.rule.yaml +36 -0
  727. package/rules/typescript/ts.vue.no-deprecated-listeners.rule.yaml +36 -0
  728. package/rules/typescript/ts.vue.no-deprecated-model-option.rule.yaml +36 -0
  729. package/rules/typescript/ts.vue.no-deprecated-scoped-slots.rule.yaml +36 -0
  730. package/rules/typescript/ts.vue.no-keycode-modifiers.rule.yaml +36 -0
  731. package/rules/typescript/ts.vue.no-reserved-key-overwrite.rule.yaml +36 -0
  732. package/rules/typescript/ts.vue.no-server-env-in-client-hooks.rule.yaml +39 -0
  733. package/rules/typescript/ts.vue.no-slot-property-access.rule.yaml +36 -0
  734. package/rules/typescript/ts.vue.prefer-prop-type-constructor.rule.yaml +36 -0
  735. package/rules/typescript/ts.vue.require-transition-conditional.rule.yaml +36 -0
package/rules/python/py.security.weak-hash-algorithm.rule.yaml ADDED
@@ -0,0 +1,57 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: py.security.weak-hash-algorithm
5
+ aliases:
6
+ - BAN-B303
7
+ - BAN-B324
8
+ title: Avoid weak cryptographic hash algorithms
9
+ summary: Python security-sensitive hashing should use SHA-256 or stronger, not MD5 or SHA-1.
10
+ rationale: SHA-1 and MD5 are collision-vulnerable and unsuitable for signatures, session tokens, or integrity checks in production services.
11
+ detection:
12
+ kind: pattern
13
+ references:
14
+ - kind: cwe
15
+ id: CWE-327
16
+ title: Use of a Broken or Risky Cryptographic Algorithm
17
+ - kind: owasp
18
+ title: Cryptographic Storage Cheat Sheet
19
+ url: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
20
+ tags:
21
+ - security
22
+ - python
23
+ - crypto
24
+ - hashing
25
+ - rules-catalog
26
+ stability: stable
27
+ appliesTo: block
28
+ scope:
29
+ languages:
30
+ - python
31
+ paths:
32
+ include:
33
+ - "**/*.py"
34
+ exclude:
35
+ - "**/tests/**"
36
+ - "**/test_*.py"
37
+ - "**/*_test.py"
38
+ - "**/migrations/**"
39
+ match:
40
+ fact:
41
+ kind: security.weak-hash-algorithm
42
+ bind: issue
43
+ emit:
44
+ finding:
45
+ category: security.crypto
46
+ severity: medium
47
+ confidence: 0.95
48
+ tags:
49
+ - security
50
+ - python
51
+ - crypto
52
+ - hashing
53
+ message:
54
+ title: Replace weak hash in `${captures.issue.text}`
55
+ summary: "`${captures.issue.text}` uses a weak hash algorithm vulnerable to collision attacks."
56
+ remediation:
57
+ summary: Replace SHA-1 or MD5 with SHA-256 (or stronger). For password hashing, use `bcrypt`, `scrypt`, or `argon2`.
package/rules/python/py.security.wildcard-subprocess-injection.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: py.security.wildcard-subprocess-injection
5
+ aliases:
6
+ - BAN-B603
7
+ title: Avoid wildcard expansion in subprocess calls
8
+ summary: Shell wildcards in subprocess calls can be expanded unexpectedly, enabling injection
9
+ rationale: When `shell=True` is used in subprocess calls, shell wildcards (`*`, `?`, `[]`) are expanded by the shell. Combined with untrusted input, this can lead to command injection or unexpected file operations (e.g., `rm -rf /tmp/*` expanding to delete unintended files).
10
+ detection:
11
+ kind: pattern
12
+ references:
13
+ - kind: cwe
14
+ id: CWE-78
15
+ title: Improper Neutralization of Special Elements used in an OS Command
16
+ tags:
17
+ - security
18
+ - python
19
+ - injection
20
+ - subprocess
21
+ - rules-catalog
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - python
27
+ paths:
28
+ include:
29
+ - "**/*.py"
30
+ exclude:
31
+ - "**/tests/**"
32
+ - "**/test_*.py"
33
+ - "**/*_test.py"
34
+ - "**/migrations/**"
35
+ match:
36
+ fact:
37
+ kind: python.security.wildcard-subprocess-injection
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: security.injection
42
+ severity: high
43
+ confidence: 0.9
44
+ tags:
45
+ - security
46
+ - python
47
+ - injection
48
+ - subprocess
49
+ message:
50
+ title: Avoid shell wildcards in `${captures.issue.text}`
51
+ summary: "`${captures.issue.text}` uses shell wildcards in a subprocess call with `shell=True`."
52
+ remediation:
53
+ summary: Pass arguments as a list instead of a shell string, and set `shell=False`. Use explicit file paths without wildcards (e.g., `subprocess.run(["rm", "-rf", "/tmp/tempfile"], shell=False)`).
package/rules/python/py.security.xmlrpc-import.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: py.security.xmlrpc-import
5
+ aliases:
6
+ - BAN-B414
7
+ title: Avoid XML-RPC protocol usage
8
+ summary: XML-RPC uses XML serialization that is vulnerable to DTD attacks
9
+ rationale: XML-RPC relies on XML parsing which can be exploited through DTD-based attacks including entity expansion (billion laughs) and external entity injection. Modern RPC should use safer serialization formats.
10
+ detection:
11
+ kind: pattern
12
+ references:
13
+ - kind: cwe
14
+ id: CWE-611
15
+ title: Improper Restriction of XML External Entity Reference
16
+ tags:
17
+ - security
18
+ - python
19
+ - transport
20
+ - xml
21
+ - rules-catalog
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - python
27
+ paths:
28
+ include:
29
+ - "**/*.py"
30
+ exclude:
31
+ - "**/tests/**"
32
+ - "**/test_*.py"
33
+ - "**/*_test.py"
34
+ - "**/migrations/**"
35
+ match:
36
+ fact:
37
+ kind: python.security.xmlrpc-import
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: security.transport
42
+ severity: medium
43
+ confidence: 0.85
44
+ tags:
45
+ - security
46
+ - python
47
+ - transport
48
+ - xml
49
+ message:
50
+ title: Replace XML-RPC with safer transport in `${captures.issue.text}`
51
+ summary: "`${captures.issue.text}` imports or uses XML-RPC which is vulnerable to XML attacks."
52
+ remediation:
53
+ summary: Use REST/JSON APIs with `requests` or gRPC/Protobuf for modern RPC communication.
package/rules/ruby/ruby.bug-risk.action-mailer-base-subclass.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.action-mailer-base-subclass
5
+ title: Rails 5+ mailers should subclass ApplicationMailer
6
+ summary: >-
7
+ Mailer class directly subclasses `ActionMailer::Base` instead of
8
+ `ApplicationMailer`.
9
+ rationale: >-
10
+ Rails 5+ generators create mailers that inherit from `ApplicationMailer`.
11
+ Directly subclassing `ActionMailer::Base` bypasses shared layout, default
12
+ from address, and other behavior defined in `ApplicationMailer`.
13
+ aliases:
14
+ - RB-RL1007
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - action-mailer
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.action-mailer-base-subclass
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: correctness.convention
40
+ severity: medium
41
+ confidence: 0.9
42
+ tags:
43
+ - ruby
44
+ - rails
45
+ message:
46
+ title: "`${captures.issue.text}` should subclass ApplicationMailer"
47
+ summary: >-
48
+ "`${captures.issue.text}` subclasses `ActionMailer::Base` directly.
49
+ Inherit from `ApplicationMailer` instead to pick up shared configuration."
50
+ remediation:
51
+ summary: >-
52
+ Change `class SomeMailer < ActionMailer::Base` to
53
+ `class SomeMailer < ApplicationMailer`.
package/rules/ruby/ruby.bug-risk.active-job-base-subclass.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.active-job-base-subclass
5
+ title: Rails 5+ jobs should subclass ApplicationJob
6
+ summary: >-
7
+ Job class directly subclasses `ActiveJob::Base` instead of
8
+ `ApplicationJob`.
9
+ rationale: >-
10
+ Rails 5+ generators create jobs that inherit from `ApplicationJob`.
11
+ Directly subclassing `ActiveJob::Base` bypasses shared retry logic,
12
+ logging, and other behavior defined in `ApplicationJob`.
13
+ aliases:
14
+ - RB-RL1006
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - active-job
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.active-job-base-subclass
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: correctness.convention
40
+ severity: medium
41
+ confidence: 0.9
42
+ tags:
43
+ - ruby
44
+ - rails
45
+ message:
46
+ title: "`${captures.issue.text}` should subclass ApplicationJob"
47
+ summary: >-
48
+ "`${captures.issue.text}` subclasses `ActiveJob::Base` directly.
49
+ Inherit from `ApplicationJob` instead to pick up shared configuration."
50
+ remediation:
51
+ summary: >-
52
+ Change `class SomeJob < ActiveJob::Base` to
53
+ `class SomeJob < ApplicationJob`.
package/rules/ruby/ruby.bug-risk.active-record-alias.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.active-record-alias
5
+ title: Use of deprecated ActiveRecord method aliases
6
+ summary: >-
7
+ ActiveRecord method `update_attributes` or `update_attributes!` is called.
8
+ These are deprecated aliases for `update` and `update!`.
9
+ rationale: >-
10
+ Rails 6.1 deprecated `update_attributes` and `update_attributes!` in favor
11
+ of `update` and `update!`. The deprecated methods will be removed in
12
+ Rails 7.0+ and generate deprecation warnings.
13
+ aliases:
14
+ - RB-RL1002
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - active-record
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.active-record-alias
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: correctness.deprecation
40
+ severity: medium
41
+ confidence: 0.85
42
+ tags:
43
+ - ruby
44
+ - rails
45
+ message:
46
+ title: "`${captures.issue.text}` is deprecated — use `update` or `update!`"
47
+ summary: >-
48
+ "`${captures.issue.text}` is a deprecated ActiveRecord method alias.
49
+ Replace it with `update` or `update!`."
50
+ remediation:
51
+ summary: >-
52
+ Replace `update_attributes` with `update`, and `update_attributes!`
53
+ with `update!`.
package/rules/ruby/ruby.bug-risk.active-record-base-subclass.rule.yaml ADDED
@@ -0,0 +1,53 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.active-record-base-subclass
5
+ title: Rails 5+ models should subclass ApplicationRecord
6
+ summary: >-
7
+ Model class directly subclasses `ActiveRecord::Base` instead of
8
+ `ApplicationRecord`.
9
+ rationale: >-
10
+ Rails 5+ generators create models that inherit from `ApplicationRecord`.
11
+ Directly subclassing `ActiveRecord::Base` bypasses shared concerns,
12
+ default scopes, and other behavior defined in `ApplicationRecord`.
13
+ aliases:
14
+ - RB-RL1008
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - active-record
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.active-record-base-subclass
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: correctness.convention
40
+ severity: medium
41
+ confidence: 0.9
42
+ tags:
43
+ - ruby
44
+ - rails
45
+ message:
46
+ title: "`${captures.issue.text}` should subclass ApplicationRecord"
47
+ summary: >-
48
+ "`${captures.issue.text}` subclasses `ActiveRecord::Base` directly.
49
+ Inherit from `ApplicationRecord` instead to pick up shared configuration."
50
+ remediation:
51
+ summary: >-
52
+ Change `class SomeModel < ActiveRecord::Base` to
53
+ `class SomeModel < ApplicationRecord`.
package/rules/ruby/ruby.bug-risk.active-record-method-override.rule.yaml ADDED
@@ -0,0 +1,55 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.active-record-method-override
5
+ title: Override of built-in ActiveRecord methods
6
+ summary: >-
7
+ An ActiveRecord model overrides a built-in ActiveRecord method such as
8
+ `save`, `create`, `destroy`, or `update`. This can cause subtle bugs when
9
+ ActiveRecord lifecycle expects the original behavior.
10
+ rationale: >-
11
+ Overriding built-in AR methods like `save`, `destroy`, or `create` is risky
12
+ because callbacks, transactions, and other lifecycle guarantees depend on
13
+ the original implementation. Consider using `before_*` / `after_*` callbacks
14
+ instead.
15
+ aliases:
16
+ - RB-RL1003
17
+ detection:
18
+ kind: pattern
19
+ tags:
20
+ - rules-catalog
21
+ - ruby
22
+ - rails
23
+ - active-record
24
+ stability: experimental
25
+ appliesTo: block
26
+ scope:
27
+ languages:
28
+ - ruby
29
+ paths:
30
+ include:
31
+ - "**/*.rb"
32
+ exclude:
33
+ - "**/vendor/**"
34
+ - "**/node_modules/**"
35
+ match:
36
+ fact:
37
+ kind: ruby.bug-risk.active-record-method-override
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: correctness.bug-risk
42
+ severity: medium
43
+ confidence: 0.65
44
+ tags:
45
+ - ruby
46
+ - rails
47
+ message:
48
+ title: "`${captures.issue.text}` overrides a built-in ActiveRecord method"
49
+ summary: >-
50
+ "`${captures.issue.text}` is a built-in ActiveRecord method. Overriding
51
+ it in a model subclass can cause unexpected behavior. Prefer callbacks."
52
+ remediation:
53
+ summary: >-
54
+ Replace method overrides with ActiveRecord callbacks (`before_save`,
55
+ `after_destroy`, etc.) wherever possible.
package/rules/ruby/ruby.bug-risk.active-support-alias.rule.yaml ADDED
@@ -0,0 +1,52 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.active-support-alias
5
+ title: Use of ActiveSupport alias instead of core Ruby method
6
+ summary: >-
7
+ An ActiveSupport alias method (`starts_with?`, `ends_with?`, `append`,
8
+ `prepend`) is used instead of the core Ruby equivalent.
9
+ rationale: >-
10
+ ActiveSupport provides aliases for Ruby core methods. Using the core
11
+ equivalents (`start_with?`, `end_with?`, `<<`, `unshift`) reduces
12
+ dependencies and improves portability.
13
+ aliases:
14
+ - RB-RL1004
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - active-support
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.active-support-alias
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: correctness.deprecation
40
+ severity: medium
41
+ confidence: 0.8
42
+ tags:
43
+ - ruby
44
+ message:
45
+ title: "Prefer Ruby core method over ActiveSupport alias `${captures.issue.text}`"
46
+ summary: >-
47
+ "`${captures.issue.text}` is an ActiveSupport alias. Use the core Ruby
48
+ equivalent instead."
49
+ remediation:
50
+ summary: >-
51
+ Replace `starts_with?` with `start_with?`, `ends_with?` with `end_with?`,
52
+ `append` with `<<`, and `prepend` with `unshift`.
package/rules/ruby/ruby.bug-risk.all-each-to-find-each.rule.yaml ADDED
@@ -0,0 +1,55 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.all-each-to-find-each
5
+ title: Replace Model.all.each with find_each
6
+ summary: >-
7
+ `Model.all.each` loads all records into memory. Use `find_each` for
8
+ batch processing.
9
+ rationale: >-
10
+ `Model.all.each` loads the entire result set into memory at once, which
11
+ can exhaust memory for large tables. `find_each` uses
12
+ `find_in_batches` internally to load records in batches of 1000,
13
+ keeping memory usage constant regardless of table size.
14
+ aliases:
15
+ - RB-RL1024
16
+ detection:
17
+ kind: pattern
18
+ tags:
19
+ - rules-catalog
20
+ - ruby
21
+ - rails
22
+ - active-record
23
+ - performance
24
+ stability: stable
25
+ appliesTo: block
26
+ scope:
27
+ languages:
28
+ - ruby
29
+ paths:
30
+ include:
31
+ - "**/*.rb"
32
+ exclude:
33
+ - "**/vendor/**"
34
+ - "**/node_modules/**"
35
+ match:
36
+ fact:
37
+ kind: ruby.bug-risk.all-each-to-find-each
38
+ bind: issue
39
+ emit:
40
+ finding:
41
+ category: correctness.performance
42
+ severity: medium
43
+ confidence: 0.85
44
+ tags:
45
+ - ruby
46
+ - rails
47
+ message:
48
+ title: "Use `find_each` instead of `${captures.issue.text}`"
49
+ summary: >-
50
+ "`${captures.issue.text}` loads all records into memory. Use
51
+ `find_each` for batch iteration."
52
+ remediation:
53
+ summary: >-
54
+ Replace `Model.all.each { |r| ... }` with
55
+ `Model.all.find_each { |r| ... }` to batch-process records.
package/rules/ruby/ruby.bug-risk.allow-blank-with-delegate.rule.yaml ADDED
@@ -0,0 +1,52 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.allow-blank-with-delegate
5
+ title: Avoid allow_blank with delegate
6
+ summary: >-
7
+ Use `allow_nil` instead of `allow_blank` in `delegate` declarations.
8
+ rationale: >-
9
+ `allow_blank: true` in a `delegate` call silently swallows blank
10
+ (including falsey) values from the delegated method, which can mask bugs.
11
+ Prefer `allow_nil: true` to only suppress nil values.
12
+ aliases:
13
+ - RB-RL1016
14
+ detection:
15
+ kind: pattern
16
+ tags:
17
+ - rules-catalog
18
+ - ruby
19
+ - rails
20
+ stability: stable
21
+ appliesTo: block
22
+ scope:
23
+ languages:
24
+ - ruby
25
+ paths:
26
+ include:
27
+ - "**/*.rb"
28
+ exclude:
29
+ - "**/vendor/**"
30
+ - "**/node_modules/**"
31
+ match:
32
+ fact:
33
+ kind: ruby.bug-risk.allow-blank-with-delegate
34
+ bind: issue
35
+ emit:
36
+ finding:
37
+ category: correctness.bug-risk
38
+ severity: medium
39
+ confidence: 0.9
40
+ tags:
41
+ - ruby
42
+ - rails
43
+ message:
44
+ title: "`${captures.issue.text}` uses `allow_blank: true`"
45
+ summary: >-
46
+ "`${captures.issue.text}` delegates with `allow_blank: true`. This
47
+ masks blank values. Consider `allow_nil: true` instead, which only
48
+ suppresses nil values."
49
+ remediation:
50
+ summary: >-
51
+ Replace `allow_blank: true` with `allow_nil: true` in the delegate
52
+ declaration.
package/rules/ruby/ruby.bug-risk.alter-queries-combine.rule.yaml ADDED
@@ -0,0 +1,54 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.alter-queries-combine
5
+ title: Combine alter queries in migrations
6
+ summary: >-
7
+ Prefer `change_table` with multiple column changes over repeated
8
+ `change_column` calls.
9
+ rationale: >-
10
+ Combining column alterations in a single `change_table` block groups
11
+ related schema changes and reduces the number of database round-trips
12
+ during migration execution.
13
+ aliases:
14
+ - RB-RL1012
15
+ detection:
16
+ kind: pattern
17
+ tags:
18
+ - rules-catalog
19
+ - ruby
20
+ - rails
21
+ - migration
22
+ stability: stable
23
+ appliesTo: block
24
+ scope:
25
+ languages:
26
+ - ruby
27
+ paths:
28
+ include:
29
+ - "**/*.rb"
30
+ exclude:
31
+ - "**/vendor/**"
32
+ - "**/node_modules/**"
33
+ match:
34
+ fact:
35
+ kind: ruby.bug-risk.alter-queries-combine
36
+ bind: issue
37
+ emit:
38
+ finding:
39
+ category: performance.database
40
+ severity: low
41
+ confidence: 0.8
42
+ tags:
43
+ - ruby
44
+ - rails
45
+ - migration
46
+ message:
47
+ title: "`${captures.issue.text}` can be combined"
48
+ summary: >-
49
+ "`${captures.issue.text}` alters a column individually. Consider grouping
50
+ multiple column changes into a single `change_table` block."
51
+ remediation:
52
+ summary: >-
53
+ Replace multiple `change_column` calls with a `change_table` block that
54
+ contains all column changes.
package/rules/ruby/ruby.bug-risk.ambiguous-block-association.rule.yaml ADDED
@@ -0,0 +1,49 @@
1
+ apiVersion: critiq.dev/v1alpha1
2
+ kind: Rule
3
+ metadata:
4
+ id: ruby.bug-risk.ambiguous-block-association
5
+ title: Ambiguous association of block with method
6
+ summary: >-
7
+ A block is attached to a method call that already has arguments, but the
8
+ intended receiver of the block is ambiguous. Add parentheses to clarify
9
+ whether the block belongs to the outer or inner method.
10
+ rationale: >-
11
+ Without parentheses, `foo bar { |x| x }` could mean `foo(bar) { |x| x }`
12
+ (block on outer method) or `foo(bar { |x| x })` (block on inner method).
13
+ Adding parentheses removes the ambiguity.
14
+ detection:
15
+ kind: pattern
16
+ tags:
17
+ - rules-catalog
18
+ - ruby
19
+ stability: stable
20
+ appliesTo: block
21
+ scope:
22
+ languages:
23
+ - ruby
24
+ paths:
25
+ include:
26
+ - "**/*.rb"
27
+ exclude:
28
+ - "**/vendor/**"
29
+ - "**/node_modules/**"
30
+ match:
31
+ fact:
32
+ kind: ruby.bug-risk.ambiguous-block-association
33
+ bind: issue
34
+ emit:
35
+ finding:
36
+ category: correctness.language
37
+ severity: high
38
+ confidence: 0.8
39
+ tags:
40
+ - ruby
41
+ message:
42
+ title: Review `${captures.issue.text}`
43
+ summary: >-
44
+ "`${captures.issue.text}` matches
45
+ `ruby.bug-risk.ambiguous-block-association`."
46
+ remediation:
47
+ summary: >-
48
+ Add parentheses to disambiguate the block binding, e.g.
49
+ `method(arg) { |x| x }` or `method(arg { |x| x })`.