npm - @critiq/rules - Versions diffs - 0.3.0 → 0.4.0 - Mend

@critiq/rules 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (735) hide show

package/rules/ruby/ruby.security.rails-http-digest-auth.rule.yaml ADDED Viewed

@@ -0,0 +1,51 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: ruby.security.rails-http-digest-auth
+  title: Avoid Rails HTTP digest authentication helpers
+  summary: >-
+    authenticate_with_http_digest and authenticate_or_request_with_http_digest are vulnerable to denial-of-service attacks in affected Rails versions.
+  rationale: >-
+    authenticate_with_http_digest and authenticate_or_request_with_http_digest are vulnerable to denial-of-service attacks in affected Rails versions.
+  detection:
+    kind: pattern
+  references:
+    - kind: cwe
+      id: CWE-400
+      title: Uncontrolled Resource Consumption
+    - kind: url
+      title: Ruby on Rails security guide
+      url: https://guides.rubyonrails.org/security.html
+  tags:
+    - security
+    - rails
+    - rules-catalog
+    - ruby
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - ruby
+  paths:
+    include:
+      - "**/*.rb"
+    exclude:
+      - "**/vendor/**"
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: ruby.security.rails-http-digest-auth
+    bind: issue
+emit:
+  finding:
+    category: security.authentication
+    severity: high
+    confidence: 0.9
+    tags:
+      - ruby
+  message:
+    title: Review `${captures.issue.text}`
+    summary: "`${captures.issue.text}` matches `ruby.security.rails-http-digest-auth`."
+  remediation:
+    summary: >-
+      authenticate_with_http_digest and authenticate_or_request_with_http_digest are vulnerable to denial-of-service attacks in affected Rails versions.

package/rules/ruby/ruby.security.rails-render-inline.rule.yaml ADDED Viewed

@@ -0,0 +1,55 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: ruby.security.rails-render-inline
+  title: Avoid rendering inline templates or text
+  summary: >-
+    Inline and text render modes bypass view escaping and are easy to misuse for cross-site scripting.
+  rationale: >-
+    Inline and text render modes bypass view escaping and are easy to misuse for cross-site scripting.
+  detection:
+    kind: pattern
+  references:
+    - kind: cwe
+      id: CWE-79
+      title: Cross-site Scripting (XSS)
+    - kind: owasp
+      title: Cross Site Scripting Prevention Cheat Sheet
+      url: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
+    - kind: url
+      title: Ruby on Rails security guide
+      url: https://guides.rubyonrails.org/security.html
+  tags:
+    - security
+    - rails
+    - xss
+    - rules-catalog
+    - ruby
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - ruby
+  paths:
+    include:
+      - "**/*.rb"
+    exclude:
+      - "**/vendor/**"
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: ruby.security.rails-render-inline
+    bind: issue
+emit:
+  finding:
+    category: security.output-encoding
+    severity: high
+    confidence: 0.9
+    tags:
+      - ruby
+  message:
+    title: Review `${captures.issue.text}`
+    summary: "`${captures.issue.text}` matches `ruby.security.rails-render-inline`."
+  remediation:
+    summary: >-
+      Inline and text render modes bypass view escaping and are easy to misuse for cross-site scripting.

package/rules/ruby/ruby.security.rails-skip-validation.rule.yaml ADDED Viewed

@@ -0,0 +1,51 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: ruby.security.rails-skip-validation
+  title: Avoid ActiveRecord updates that skip validations
+  summary: >-
+    Methods such as update_column and touch persist data without running model validations.
+  rationale: >-
+    Methods such as update_column and touch persist data without running model validations.
+  detection:
+    kind: pattern
+  references:
+    - kind: cwe
+      id: CWE-20
+      title: Improper Input Validation
+    - kind: url
+      title: Active Record validations guide
+      url: https://guides.rubyonrails.org/active_record_validations.html#skipping-validations
+  tags:
+    - security
+    - rails
+    - rules-catalog
+    - ruby
+  stability: stable
+  appliesTo: block
+scope:
+  languages:
+    - ruby
+  paths:
+    include:
+      - "**/*.rb"
+    exclude:
+      - "**/vendor/**"
+      - "**/node_modules/**"
+match:
+  fact:
+    kind: ruby.security.rails-skip-validation
+    bind: issue
+emit:
+  finding:
+    category: security.data-integrity
+    severity: high
+    confidence: 0.9
+    tags:
+      - ruby
+  message:
+    title: Review `${captures.issue.text}`
+    summary: "`${captures.issue.text}` matches `ruby.security.rails-skip-validation`."
+  remediation:
+    summary: >-
+      Methods such as update_column and touch persist data without running model validations.

package/rules/rust/rust.correctness.empty-range-expression.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.empty-range-expression
+  title: "Empty range expression with start greater than end"
+  summary: "Range expression where start > end, producing an empty range or runtime panic."
+  rationale: >-
+    A range expression with a start value greater than the end value creates an
+    empty range that iterates zero times. For slice indexing, `&arr[3..0]` will
+    panic at runtime. This is almost always a logic error.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1005
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.empty-range-expression
+    bind: issue
+emit:
+  finding:
+    category: correctness.logic
+    severity: critical
+    confidence: 0.85
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Empty range expression with start greater than end"
+    summary: "'${captures.issue.text}' creates a range where start is greater than end, producing zero iterations or a slice panic."
+  remediation:
+    summary: "Swap the range bounds, or use `.rev()` to iterate in reverse."

package/rules/rust/rust.correctness.erasing-operation.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.erasing-operation
+  title: "Operation trivially evaluates to zero"
+  summary: "An arithmetic or bitwise operation that always evaluates to zero."
+  rationale: >-
+    Expressions like `x * 0`, `x & 0`, or `0 / x` always evaluate to zero
+    regardless of the other operand. These are almost always logic errors
+    (e.g., using `*` instead of `+`, or `&` instead of `|`).
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1007
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.erasing-operation
+    bind: issue
+emit:
+  finding:
+    category: correctness.logic
+    severity: critical
+    confidence: 0.85
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Operation trivially evaluates to zero"
+    summary: "'${captures.issue.text}' is an erasing operation that always evaluates to zero."
+  remediation:
+    summary: "Review the expression -- multiplying by zero, bitwise-AND with zero, or dividing zero are almost always logic errors."

package/rules/rust/rust.correctness.forget-drop-on-copy-type.rule.yaml ADDED Viewed

@@ -0,0 +1,50 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.forget-drop-on-copy-type
+  title: "Called `mem::forget` or `mem::drop` on a Copy type"
+  summary: "`mem::forget` / `mem::drop` on a Copy type does nothing — the type is copied into the function."
+  rationale: >-
+    For types that implement the `Copy` trait, `std::mem::forget` (or `std::mem::drop`)
+    effectively does nothing because the type is copied into the function call,
+    and the copy is forgotten (or dropped). Copy types do not have drop glue.
+    Note: The detection is best-effort and may flag non-Copy types.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1011
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.forget-drop-on-copy-type
+    bind: issue
+emit:
+  finding:
+    category: correctness.memory
+    severity: high
+    confidence: 0.7
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Called `mem::forget` or `mem::drop` on a value"
+    summary: "'${captures.issue.text}' calls forget/drop on a non-reference value which may be a Copy type."
+  remediation:
+    summary: "Review the call. `mem::forget` and `mem::drop` on Copy types are no-ops."

package/rules/rust/rust.correctness.forget-drop-on-non-drop-type.rule.yaml ADDED Viewed

@@ -0,0 +1,50 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.forget-drop-on-non-drop-type
+  title: "Called `mem::forget` or `mem::drop` on a non-Drop type"
+  summary: "`mem::forget` / `mem::drop` on a type that does not implement `Drop` is a no-op."
+  rationale: >-
+    For types that do not implement the `Drop` trait, calling `std::mem::forget`
+    or `std::mem::drop` is a no-op because there is no drop glue to execute.
+    Primitive types like integers, booleans, and floats do not have drop
+    implementations.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1021
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.forget-drop-on-non-drop-type
+    bind: issue
+emit:
+  finding:
+    category: correctness.memory
+    severity: high
+    confidence: 0.7
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Called `mem::forget` or `mem::drop` on a non-Drop type"
+    summary: "'${captures.issue.text}' calls forget/drop on a type that likely does not implement `Drop`. This is a no-op."
+  remediation:
+    summary: "Remove the `mem::forget` or `mem::drop` call. Non-Drop types don't need explicit resource management."

package/rules/rust/rust.correctness.forget-drop-on-reference.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.forget-drop-on-reference
+  title: "Called `mem::forget` or `mem::drop` on a reference"
+  summary: "`mem::forget` / `mem::drop` on a reference drops only the reference, not the underlying value."
+  rationale: >-
+    Calling `std::mem::forget` or `std::mem::drop` on a reference forgets
+    (or drops) the reference itself, which effectively does nothing.
+    The underlying referenced value remains unaffected.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1010
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.forget-drop-on-reference
+    bind: issue
+emit:
+  finding:
+    category: correctness.memory
+    severity: high
+    confidence: 0.9
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Called `mem::forget` or `mem::drop` on a reference"
+    summary: "'${captures.issue.text}' calls forget/drop on a reference. The underlying value is not affected."
+  remediation:
+    summary: "If you meant to forget/drop the value, remove the `&` reference operator."

package/rules/rust/rust.correctness.hash-unit-value.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.hash-unit-value
+  title: "Attempting to hash a unit value"
+  summary: "Hashing a unit value `()` via `Hash::hash` is a no-op — all unit values hash identically."
+  rationale: >-
+    The unit type `()` always hashes to the same value because every unit value
+    is identical. Calling `Hash::hash(&(), ...)` or `std::hash::Hash::hash(&(), ...)`
+    is likely a bug where a different value was intended to be hashed.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1017
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.hash-unit-value
+    bind: issue
+emit:
+  finding:
+    category: correctness.logic
+    severity: critical
+    confidence: 0.9
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Attempting to hash a unit value"
+    summary: "'${captures.issue.text}' hashes a unit value `()`. All unit values hash identically, making this a no-op."
+  remediation:
+    summary: "Hash the actual value you intend to hash, not the unit `()` placeholder."

package/rules/rust/rust.correctness.identical-binary-operands.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.identical-binary-operands
+  title: "Binary operation with identical left and right operands"
+  summary: "Binary operation where both sides are identical, likely a copy-paste error."
+  rationale: >-
+    A binary operation with the same expression on both sides is almost always
+    a copy-paste error. For example, `a < b || a < b` should probably be
+    `a < b && b < a` or `a < b || b < c`.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1008
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.identical-binary-operands
+    bind: issue
+emit:
+  finding:
+    category: correctness.logic
+    severity: high
+    confidence: 0.8
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Binary operation with identical left and right operands"
+    summary: "'${captures.issue.text}' has identical expressions on both sides of the operator, likely a copy-paste error."
+  remediation:
+    summary: "Replace one side with the intended expression. If both sides are intentional, extract to a named variable."

package/rules/rust/rust.correctness.ignored-future-value.rule.yaml ADDED Viewed

@@ -0,0 +1,53 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.ignored-future-value
+  title: Do not drop futures without awaiting
+  summary: An async function was called without awaiting or storing its returned Future.
+  rationale: >-
+    Calling an async function from a synchronous context without `.await`ing,
+    assigning, or returning the produced `Future` drops it immediately without
+    execution. The intended side-effects or computation never happen.
+  tags:
+    - correctness
+    - rust
+    - concurrency
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1035
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.ignored-future-value
+    bind: issue
+emit:
+  finding:
+    category: correctness.concurrency
+    severity: high
+    confidence: 0.85
+    tags:
+      - correctness
+      - rust
+      - concurrency
+  message:
+    title: Dropped future — await or store the result
+    summary: "'${captures.issue.text}' calls an async function without awaiting or storing its result. The future is dropped and never executes."
+  remediation:
+    summary: >-
+      Await the future with `.await`, store it in a variable, return it, or
+      spawn it onto a runtime with `tokio::spawn`.

package/rules/rust/rust.correctness.invalid-regex-literal.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.invalid-regex-literal
+  title: "Invalid regex pattern in regex constructor"
+  summary: "Regex pattern contains invalid syntax such as reversed character ranges."
+  rationale: >-
+    Invalid regex patterns passed to `Regex::new` or `RegexBuilder::new` will
+    cause a runtime panic when the regex is compiled. Common issues include
+    reversed character ranges like `[z-a]` or `[9-0]`.
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1002
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.invalid-regex-literal
+    bind: issue
+emit:
+  finding:
+    category: correctness.runtime
+    severity: critical
+    confidence: 0.85
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "Invalid regex pattern in regex constructor"
+    summary: "'${captures.issue.text}' contains an invalid regex pattern that will fail at runtime."
+  remediation:
+    summary: "Fix the regex pattern -- check for reversed character ranges, unbalanced brackets, or invalid escape sequences."

package/rules/rust/rust.correctness.iter-next-in-for-loop.rule.yaml ADDED Viewed

@@ -0,0 +1,49 @@
+apiVersion: critiq.dev/v1alpha1
+kind: Rule
+metadata:
+  id: rust.correctness.iter-next-in-for-loop
+  title: "For loop over `.next()` iterates `Option`, not the iterator"
+  summary: "Iterating over `.next()` in a for loop iterates over the Option result, not the remaining iterator elements."
+  rationale: >-
+    Calling `.next()` inside a `for` loop expression iterates over the `Option<T>`
+    returned by `.next()`, not over the remaining elements of the original iterator.
+    This means the loop body executes at most once (or zero times if the iterator is empty).
+  tags:
+    - correctness
+    - rust
+    - rules-catalog
+  stability: experimental
+  appliesTo: block
+  aliases:
+    - RS-E1004
+scope:
+  languages:
+    - rust
+  paths:
+    include:
+      - "**/*.rs"
+    exclude:
+      - "**/tests/**"
+      - "**/test/**"
+      - "**/testdata/**"
+      - "**/examples/**"
+      - "**/benches/**"
+      - "**/*_test.rs"
+      - "**/*.spec.rs"
+match:
+  fact:
+    kind: rust.correctness.iter-next-in-for-loop
+    bind: issue
+emit:
+  finding:
+    category: correctness.logic
+    severity: critical
+    confidence: 0.85
+    tags:
+      - correctness
+      - rust
+  message:
+    title: "For loop over `.next()` iterates `Option`, not the iterator"
+    summary: "'${captures.issue.text}' iterates over the `Option` returned by `.next()` instead of the remaining iterator elements."
+  remediation:
+    summary: "Use `.skip(1)` to skip the first element, or call `.next()` separately before the loop."