@sun-asterisk/sunlint 1.3.39 → 1.3.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (488) hide show
  1. package/config/rules/rules-registry-generated.json +134 -108
  2. package/core/rule-selection-service.js +11 -0
  3. package/docs/GENERATED_FILES_QUICK_REFERENCE.md +96 -0
  4. package/docs/GENERATED_FILE_HANDLING_SUMMARY.md +152 -0
  5. package/docs/skills/CREATE_NEW_DART_RULE.md +161 -14
  6. package/origin-rules/dart-en.md +151 -163
  7. package/package.json +2 -1
  8. package/rules/dart/D002_dispose_resources/config.json +25 -0
  9. package/rules/dart/D003_prefer_widgets_over_methods/config.json +14 -0
  10. package/rules/dart/D004_avoid_shrinkwrap_listview/config.json +13 -0
  11. package/rules/dart/D005_limit_widget_nesting/config.json +13 -0
  12. package/rules/dart/D006_prefer_extracting_large_callbacks/config.json +25 -0
  13. package/rules/dart/D007_prefer_init_first_dispose_last/config.json +10 -0
  14. package/rules/dart/D008_avoid_long_functions/config.json +12 -0
  15. package/rules/dart/D009_limit_function_parameters/config.json +13 -0
  16. package/rules/dart/D010_limit_cyclomatic_complexity/config.json +12 -0
  17. package/rules/dart/D011_prefer_named_parameters/config.json +12 -0
  18. package/rules/dart/D012_prefer_named_boolean_parameters/config.json +9 -0
  19. package/rules/dart/D013_single_public_class/config.json +10 -0
  20. package/rules/dart/D014_unsafe_collection_access/config.json +10 -0
  21. package/rules/dart/D015_copywith_all_parameters/config.json +9 -0
  22. package/rules/dart/D016_project_should_have_tests/config.json +24 -0
  23. package/rules/dart/D017_pubspec_dependencies_review/config.json +23 -0
  24. package/rules/dart/D018_remove_commented_code/config.json +13 -0
  25. package/rules/dart/D019_avoid_single_child_multi_child_widget/config.json +21 -0
  26. package/rules/dart/D020_limit_if_else_branches/config.json +12 -0
  27. package/rules/dart/D021_avoid_negated_boolean_checks/config.json +14 -0
  28. package/rules/dart/D022_use_setstate_correctly/config.json +14 -0
  29. package/rules/dart/D023_avoid_unnecessary_method_overrides/config.json +13 -0
  30. package/rules/dart/D024_avoid_unnecessary_stateful_widget/config.json +9 -0
  31. package/rules/dart/D025_avoid_nested_conditional_expressions/config.json +9 -0
  32. package/skill-assets/sunlint-code-quality/AGENTS.md +80 -0
  33. package/skill-assets/sunlint-code-quality/SKILL.md +176 -0
  34. package/skill-assets/sunlint-code-quality/rules/csharp/C006-verb-noun-functions.md +36 -0
  35. package/skill-assets/sunlint-code-quality/rules/csharp/C013-no-dead-code.md +38 -0
  36. package/skill-assets/sunlint-code-quality/rules/csharp/C014-dependency-injection.md +45 -0
  37. package/skill-assets/sunlint-code-quality/rules/csharp/C017-no-constructor-logic.md +46 -0
  38. package/skill-assets/sunlint-code-quality/rules/csharp/C018-generic-errors.md +38 -0
  39. package/skill-assets/sunlint-code-quality/rules/csharp/C019-error-log-level.md +29 -0
  40. package/skill-assets/sunlint-code-quality/rules/csharp/C020-no-unused-imports.md +30 -0
  41. package/skill-assets/sunlint-code-quality/rules/csharp/C022-no-unused-variables.md +33 -0
  42. package/skill-assets/sunlint-code-quality/rules/csharp/C023-no-duplicate-names.md +36 -0
  43. package/skill-assets/sunlint-code-quality/rules/csharp/C024-centralize-constants.md +33 -0
  44. package/skill-assets/sunlint-code-quality/rules/csharp/C029-catch-log-root-cause.md +40 -0
  45. package/skill-assets/sunlint-code-quality/rules/csharp/C030-custom-error-classes.md +38 -0
  46. package/skill-assets/sunlint-code-quality/rules/csharp/C033-separate-data-access.md +53 -0
  47. package/skill-assets/sunlint-code-quality/rules/csharp/C035-error-context-logging.md +31 -0
  48. package/skill-assets/sunlint-code-quality/rules/csharp/C041-no-hardcoded-secrets.md +25 -0
  49. package/skill-assets/sunlint-code-quality/rules/csharp/C042-boolean-naming.md +27 -0
  50. package/skill-assets/sunlint-code-quality/rules/csharp/C052-controller-parsing.md +41 -0
  51. package/skill-assets/sunlint-code-quality/rules/csharp/C060-superclass-logic.md +33 -0
  52. package/skill-assets/sunlint-code-quality/rules/csharp/C067-no-hardcoded-config.md +24 -0
  53. package/skill-assets/sunlint-code-quality/rules/csharp/S003-open-redirect.md +47 -0
  54. package/skill-assets/sunlint-code-quality/rules/csharp/S004-no-log-credentials.md +28 -0
  55. package/skill-assets/sunlint-code-quality/rules/csharp/S005-server-authorization.md +51 -0
  56. package/skill-assets/sunlint-code-quality/rules/csharp/S006-default-credentials.md +42 -0
  57. package/skill-assets/sunlint-code-quality/rules/csharp/S007-output-encoding.md +36 -0
  58. package/skill-assets/sunlint-code-quality/rules/csharp/S009-approved-crypto.md +37 -0
  59. package/skill-assets/sunlint-code-quality/rules/csharp/S010-csprng.md +32 -0
  60. package/skill-assets/sunlint-code-quality/rules/csharp/S011-encrypted-client-hello.md +36 -0
  61. package/skill-assets/sunlint-code-quality/rules/csharp/S012-secrets-management.md +35 -0
  62. package/skill-assets/sunlint-code-quality/rules/csharp/S013-tls-connections.md +36 -0
  63. package/skill-assets/sunlint-code-quality/rules/csharp/S016-no-sensitive-query-string.md +39 -0
  64. package/skill-assets/sunlint-code-quality/rules/csharp/S017-parameterized-queries.md +47 -0
  65. package/skill-assets/sunlint-code-quality/rules/csharp/S019-email-input-sanitization.md +35 -0
  66. package/skill-assets/sunlint-code-quality/rules/csharp/S020-eval-code-execution.md +56 -0
  67. package/skill-assets/sunlint-code-quality/rules/csharp/S022-context-escaping.md +50 -0
  68. package/skill-assets/sunlint-code-quality/rules/csharp/S023-dynamic-js-encoding.md +34 -0
  69. package/skill-assets/sunlint-code-quality/rules/csharp/S025-server-validation.md +56 -0
  70. package/skill-assets/sunlint-code-quality/rules/csharp/S026-tls-encryption.md +28 -0
  71. package/skill-assets/sunlint-code-quality/rules/csharp/S027-mtls-validation.md +40 -0
  72. package/skill-assets/sunlint-code-quality/rules/csharp/S028-upload-limits.md +50 -0
  73. package/skill-assets/sunlint-code-quality/rules/csharp/S029-csrf-protection.md +42 -0
  74. package/skill-assets/sunlint-code-quality/rules/csharp/S030-directory-browsing.md +26 -0
  75. package/skill-assets/sunlint-code-quality/rules/csharp/S031-secure-cookie-flag.md +35 -0
  76. package/skill-assets/sunlint-code-quality/rules/csharp/S032-httponly-cookie.md +31 -0
  77. package/skill-assets/sunlint-code-quality/rules/csharp/S033-samesite-cookie.md +36 -0
  78. package/skill-assets/sunlint-code-quality/rules/csharp/S034-host-prefix-cookie.md +31 -0
  79. package/skill-assets/sunlint-code-quality/rules/csharp/S035-app-hostnames.md +26 -0
  80. package/skill-assets/sunlint-code-quality/rules/csharp/S036-internal-file-paths.md +36 -0
  81. package/skill-assets/sunlint-code-quality/rules/csharp/S037-anti-cache-headers.md +33 -0
  82. package/skill-assets/sunlint-code-quality/rules/csharp/S039-tls-certificate-validation.md +41 -0
  83. package/skill-assets/sunlint-code-quality/rules/csharp/S041-logout-invalidation.md +36 -0
  84. package/skill-assets/sunlint-code-quality/rules/csharp/S042-long-lived-sessions.md +47 -0
  85. package/skill-assets/sunlint-code-quality/rules/csharp/S044-critical-changes-reauth.md +45 -0
  86. package/skill-assets/sunlint-code-quality/rules/csharp/S045-brute-force-protection.md +48 -0
  87. package/skill-assets/sunlint-code-quality/rules/csharp/S047-oauth-csrf-protection.md +53 -0
  88. package/skill-assets/sunlint-code-quality/rules/csharp/S048-oauth-redirect-validation.md +37 -0
  89. package/skill-assets/sunlint-code-quality/rules/csharp/S049-auth-code-expiry.md +33 -0
  90. package/skill-assets/sunlint-code-quality/rules/csharp/S050-token-entropy.md +33 -0
  91. package/skill-assets/sunlint-code-quality/rules/csharp/S051-password-length.md +35 -0
  92. package/skill-assets/sunlint-code-quality/rules/csharp/S052-otp-entropy.md +26 -0
  93. package/skill-assets/sunlint-code-quality/rules/csharp/S053-generic-error-messages.md +32 -0
  94. package/skill-assets/sunlint-code-quality/rules/csharp/S054-no-default-admin.md +31 -0
  95. package/skill-assets/sunlint-code-quality/rules/csharp/S055-content-type-validation.md +44 -0
  96. package/skill-assets/sunlint-code-quality/rules/csharp/S056-log-injection.md +33 -0
  97. package/skill-assets/sunlint-code-quality/rules/csharp/S057-synchronized-time.md +27 -0
  98. package/skill-assets/sunlint-code-quality/rules/csharp/S058-ssrf-protection.md +54 -0
  99. package/skill-assets/sunlint-code-quality/rules/go/C006-verb-noun-functions.md +45 -0
  100. package/skill-assets/sunlint-code-quality/rules/go/C013-no-dead-code.md +48 -0
  101. package/skill-assets/sunlint-code-quality/rules/go/C014-dependency-injection.md +85 -0
  102. package/skill-assets/sunlint-code-quality/rules/go/C017-no-constructor-logic.md +67 -0
  103. package/skill-assets/sunlint-code-quality/rules/go/C018-generic-errors.md +63 -0
  104. package/skill-assets/sunlint-code-quality/rules/go/C019-error-log-level.md +50 -0
  105. package/skill-assets/sunlint-code-quality/rules/go/C020-no-unused-imports.md +45 -0
  106. package/skill-assets/sunlint-code-quality/rules/go/C022-no-unused-variables.md +34 -0
  107. package/skill-assets/sunlint-code-quality/rules/go/C023-no-duplicate-names.md +41 -0
  108. package/skill-assets/sunlint-code-quality/rules/go/C024-centralize-constants.md +55 -0
  109. package/skill-assets/sunlint-code-quality/rules/go/C029-catch-log-root-cause.md +56 -0
  110. package/skill-assets/sunlint-code-quality/rules/go/C030-custom-error-classes.md +69 -0
  111. package/skill-assets/sunlint-code-quality/rules/go/C033-separate-data-access.md +68 -0
  112. package/skill-assets/sunlint-code-quality/rules/go/C035-error-context-logging.md +48 -0
  113. package/skill-assets/sunlint-code-quality/rules/go/C041-no-hardcoded-secrets.md +45 -0
  114. package/skill-assets/sunlint-code-quality/rules/go/C042-boolean-naming.md +42 -0
  115. package/skill-assets/sunlint-code-quality/rules/go/C052-controller-parsing.md +62 -0
  116. package/skill-assets/sunlint-code-quality/rules/go/C060-superclass-logic.md +60 -0
  117. package/skill-assets/sunlint-code-quality/rules/go/C067-no-hardcoded-config.md +51 -0
  118. package/skill-assets/sunlint-code-quality/rules/go/S003-open-redirect.md +80 -0
  119. package/skill-assets/sunlint-code-quality/rules/go/S004-no-log-credentials.md +66 -0
  120. package/skill-assets/sunlint-code-quality/rules/go/S005-server-authorization.md +55 -0
  121. package/skill-assets/sunlint-code-quality/rules/go/S006-default-credentials.md +47 -0
  122. package/skill-assets/sunlint-code-quality/rules/go/S007-output-encoding.md +50 -0
  123. package/skill-assets/sunlint-code-quality/rules/go/S009-approved-crypto.md +63 -0
  124. package/skill-assets/sunlint-code-quality/rules/go/S010-csprng.md +53 -0
  125. package/skill-assets/sunlint-code-quality/rules/go/S011-encrypted-client-hello.md +34 -0
  126. package/skill-assets/sunlint-code-quality/rules/go/S012-secrets-management.md +49 -0
  127. package/skill-assets/sunlint-code-quality/rules/go/S013-tls-connections.md +61 -0
  128. package/skill-assets/sunlint-code-quality/rules/go/S016-no-sensitive-query-string.md +42 -0
  129. package/skill-assets/sunlint-code-quality/rules/go/S017-parameterized-queries.md +36 -0
  130. package/skill-assets/sunlint-code-quality/rules/go/S019-email-input-sanitization.md +44 -0
  131. package/skill-assets/sunlint-code-quality/rules/go/S020-eval-code-execution.md +47 -0
  132. package/skill-assets/sunlint-code-quality/rules/go/S022-context-escaping.md +49 -0
  133. package/skill-assets/sunlint-code-quality/rules/go/S023-dynamic-js-encoding.md +51 -0
  134. package/skill-assets/sunlint-code-quality/rules/go/S025-server-validation.md +57 -0
  135. package/skill-assets/sunlint-code-quality/rules/go/S026-tls-encryption.md +46 -0
  136. package/skill-assets/sunlint-code-quality/rules/go/S027-mtls-validation.md +52 -0
  137. package/skill-assets/sunlint-code-quality/rules/go/S028-upload-limits.md +58 -0
  138. package/skill-assets/sunlint-code-quality/rules/go/S029-csrf-protection.md +53 -0
  139. package/skill-assets/sunlint-code-quality/rules/go/S030-directory-browsing.md +53 -0
  140. package/skill-assets/sunlint-code-quality/rules/go/S031-secure-cookie-flag.md +48 -0
  141. package/skill-assets/sunlint-code-quality/rules/go/S032-httponly-cookie.md +42 -0
  142. package/skill-assets/sunlint-code-quality/rules/go/S033-samesite-cookie.md +49 -0
  143. package/skill-assets/sunlint-code-quality/rules/go/S034-host-prefix-cookie.md +44 -0
  144. package/skill-assets/sunlint-code-quality/rules/go/S035-app-hostnames.md +50 -0
  145. package/skill-assets/sunlint-code-quality/rules/go/S036-internal-file-paths.md +56 -0
  146. package/skill-assets/sunlint-code-quality/rules/go/S037-anti-cache-headers.md +43 -0
  147. package/skill-assets/sunlint-code-quality/rules/go/S039-tls-certificate-validation.md +41 -0
  148. package/skill-assets/sunlint-code-quality/rules/go/S041-logout-invalidation.md +46 -0
  149. package/skill-assets/sunlint-code-quality/rules/go/S042-long-lived-sessions.md +58 -0
  150. package/skill-assets/sunlint-code-quality/rules/go/S044-critical-changes-reauth.md +53 -0
  151. package/skill-assets/sunlint-code-quality/rules/go/S045-brute-force-protection.md +55 -0
  152. package/skill-assets/sunlint-code-quality/rules/go/S047-oauth-csrf-protection.md +51 -0
  153. package/skill-assets/sunlint-code-quality/rules/go/S048-oauth-redirect-validation.md +58 -0
  154. package/skill-assets/sunlint-code-quality/rules/go/S049-auth-code-expiry.md +52 -0
  155. package/skill-assets/sunlint-code-quality/rules/go/S050-token-entropy.md +53 -0
  156. package/skill-assets/sunlint-code-quality/rules/go/S051-password-length.md +49 -0
  157. package/skill-assets/sunlint-code-quality/rules/go/S052-otp-entropy.md +48 -0
  158. package/skill-assets/sunlint-code-quality/rules/go/S053-generic-error-messages.md +51 -0
  159. package/skill-assets/sunlint-code-quality/rules/go/S054-no-default-admin.md +43 -0
  160. package/skill-assets/sunlint-code-quality/rules/go/S055-content-type-validation.md +52 -0
  161. package/skill-assets/sunlint-code-quality/rules/go/S056-log-injection.md +40 -0
  162. package/skill-assets/sunlint-code-quality/rules/go/S057-synchronized-time.md +40 -0
  163. package/skill-assets/sunlint-code-quality/rules/go/S058-ssrf-protection.md +70 -0
  164. package/skill-assets/sunlint-code-quality/rules/java/C006-verb-noun-functions.md +36 -0
  165. package/skill-assets/sunlint-code-quality/rules/java/C013-no-dead-code.md +175 -0
  166. package/skill-assets/sunlint-code-quality/rules/java/C014-dependency-injection.md +42 -0
  167. package/skill-assets/sunlint-code-quality/rules/java/C017-no-constructor-logic.md +39 -0
  168. package/skill-assets/sunlint-code-quality/rules/java/C018-generic-errors.md +28 -0
  169. package/skill-assets/sunlint-code-quality/rules/java/C019-error-log-level.md +34 -0
  170. package/skill-assets/sunlint-code-quality/rules/java/C020-no-unused-imports.md +34 -0
  171. package/skill-assets/sunlint-code-quality/rules/java/C022-no-unused-variables.md +31 -0
  172. package/skill-assets/sunlint-code-quality/rules/java/C023-no-duplicate-names.md +37 -0
  173. package/skill-assets/sunlint-code-quality/rules/java/C024-centralize-constants.md +36 -0
  174. package/skill-assets/sunlint-code-quality/rules/java/C029-catch-log-root-cause.md +42 -0
  175. package/skill-assets/sunlint-code-quality/rules/java/C030-custom-error-classes.md +50 -0
  176. package/skill-assets/sunlint-code-quality/rules/java/C033-separate-data-access.md +46 -0
  177. package/skill-assets/sunlint-code-quality/rules/java/C035-error-context-logging.md +38 -0
  178. package/skill-assets/sunlint-code-quality/rules/java/C041-no-hardcoded-secrets.md +34 -0
  179. package/skill-assets/sunlint-code-quality/rules/java/C042-boolean-naming.md +27 -0
  180. package/skill-assets/sunlint-code-quality/rules/java/C052-controller-parsing.md +39 -0
  181. package/skill-assets/sunlint-code-quality/rules/java/C060-superclass-logic.md +32 -0
  182. package/skill-assets/sunlint-code-quality/rules/java/C067-no-hardcoded-config.md +31 -0
  183. package/skill-assets/sunlint-code-quality/rules/java/S003-open-redirect.md +38 -0
  184. package/skill-assets/sunlint-code-quality/rules/java/S004-no-log-credentials.md +36 -0
  185. package/skill-assets/sunlint-code-quality/rules/java/S005-server-authorization.md +53 -0
  186. package/skill-assets/sunlint-code-quality/rules/java/S006-default-credentials.md +39 -0
  187. package/skill-assets/sunlint-code-quality/rules/java/S007-output-encoding.md +49 -0
  188. package/skill-assets/sunlint-code-quality/rules/java/S009-approved-crypto.md +40 -0
  189. package/skill-assets/sunlint-code-quality/rules/java/S010-csprng.md +36 -0
  190. package/skill-assets/sunlint-code-quality/rules/java/S011-encrypted-client-hello.md +27 -0
  191. package/skill-assets/sunlint-code-quality/rules/java/S012-secrets-management.md +34 -0
  192. package/skill-assets/sunlint-code-quality/rules/java/S013-tls-connections.md +40 -0
  193. package/skill-assets/sunlint-code-quality/rules/java/S016-no-sensitive-query-string.md +36 -0
  194. package/skill-assets/sunlint-code-quality/rules/java/S017-parameterized-queries.md +47 -0
  195. package/skill-assets/sunlint-code-quality/rules/java/S019-email-input-sanitization.md +32 -0
  196. package/skill-assets/sunlint-code-quality/rules/java/S020-eval-code-execution.md +45 -0
  197. package/skill-assets/sunlint-code-quality/rules/java/S022-context-escaping.md +28 -0
  198. package/skill-assets/sunlint-code-quality/rules/java/S023-dynamic-js-encoding.md +28 -0
  199. package/skill-assets/sunlint-code-quality/rules/java/S025-server-validation.md +58 -0
  200. package/skill-assets/sunlint-code-quality/rules/java/S026-tls-encryption.md +57 -0
  201. package/skill-assets/sunlint-code-quality/rules/java/S027-mtls-validation.md +26 -0
  202. package/skill-assets/sunlint-code-quality/rules/java/S028-upload-limits.md +35 -0
  203. package/skill-assets/sunlint-code-quality/rules/java/S029-csrf-protection.md +35 -0
  204. package/skill-assets/sunlint-code-quality/rules/java/S030-directory-browsing.md +38 -0
  205. package/skill-assets/sunlint-code-quality/rules/java/S031-secure-cookie-flag.md +38 -0
  206. package/skill-assets/sunlint-code-quality/rules/java/S032-httponly-cookie.md +31 -0
  207. package/skill-assets/sunlint-code-quality/rules/java/S033-samesite-cookie.md +42 -0
  208. package/skill-assets/sunlint-code-quality/rules/java/S034-host-prefix-cookie.md +35 -0
  209. package/skill-assets/sunlint-code-quality/rules/java/S035-app-hostnames.md +23 -0
  210. package/skill-assets/sunlint-code-quality/rules/java/S036-internal-file-paths.md +39 -0
  211. package/skill-assets/sunlint-code-quality/rules/java/S037-anti-cache-headers.md +37 -0
  212. package/skill-assets/sunlint-code-quality/rules/java/S039-tls-certificate-validation.md +43 -0
  213. package/skill-assets/sunlint-code-quality/rules/java/S041-logout-invalidation.md +53 -0
  214. package/skill-assets/sunlint-code-quality/rules/java/S042-long-lived-sessions.md +36 -0
  215. package/skill-assets/sunlint-code-quality/rules/java/S044-critical-changes-reauth.md +28 -0
  216. package/skill-assets/sunlint-code-quality/rules/java/S045-brute-force-protection.md +38 -0
  217. package/skill-assets/sunlint-code-quality/rules/java/S047-oauth-csrf-protection.md +33 -0
  218. package/skill-assets/sunlint-code-quality/rules/java/S048-oauth-redirect-validation.md +25 -0
  219. package/skill-assets/sunlint-code-quality/rules/java/S049-auth-code-expiry.md +23 -0
  220. package/skill-assets/sunlint-code-quality/rules/java/S050-token-entropy.md +20 -0
  221. package/skill-assets/sunlint-code-quality/rules/java/S051-password-length.md +20 -0
  222. package/skill-assets/sunlint-code-quality/rules/java/S052-otp-entropy.md +23 -0
  223. package/skill-assets/sunlint-code-quality/rules/java/S053-generic-error-messages.md +21 -0
  224. package/skill-assets/sunlint-code-quality/rules/java/S054-no-default-admin.md +16 -0
  225. package/skill-assets/sunlint-code-quality/rules/java/S055-content-type-validation.md +36 -0
  226. package/skill-assets/sunlint-code-quality/rules/java/S056-log-injection.md +38 -0
  227. package/skill-assets/sunlint-code-quality/rules/java/S057-synchronized-time.md +35 -0
  228. package/skill-assets/sunlint-code-quality/rules/java/S058-ssrf-protection.md +56 -0
  229. package/skill-assets/sunlint-code-quality/rules/kotlin/C006-verb-noun-functions.md +45 -0
  230. package/skill-assets/sunlint-code-quality/rules/kotlin/C013-no-dead-code.md +49 -0
  231. package/skill-assets/sunlint-code-quality/rules/kotlin/C014-dependency-injection.md +64 -0
  232. package/skill-assets/sunlint-code-quality/rules/kotlin/C017-no-constructor-logic.md +68 -0
  233. package/skill-assets/sunlint-code-quality/rules/kotlin/C018-generic-errors.md +46 -0
  234. package/skill-assets/sunlint-code-quality/rules/kotlin/C019-error-log-level.md +50 -0
  235. package/skill-assets/sunlint-code-quality/rules/kotlin/C020-no-unused-imports.md +44 -0
  236. package/skill-assets/sunlint-code-quality/rules/kotlin/C022-no-unused-variables.md +39 -0
  237. package/skill-assets/sunlint-code-quality/rules/kotlin/C023-no-duplicate-names.md +47 -0
  238. package/skill-assets/sunlint-code-quality/rules/kotlin/C024-centralize-constants.md +58 -0
  239. package/skill-assets/sunlint-code-quality/rules/kotlin/C029-catch-log-root-cause.md +50 -0
  240. package/skill-assets/sunlint-code-quality/rules/kotlin/C030-custom-error-classes.md +72 -0
  241. package/skill-assets/sunlint-code-quality/rules/kotlin/C033-separate-data-access.md +69 -0
  242. package/skill-assets/sunlint-code-quality/rules/kotlin/C035-error-context-logging.md +47 -0
  243. package/skill-assets/sunlint-code-quality/rules/kotlin/C041-no-hardcoded-secrets.md +47 -0
  244. package/skill-assets/sunlint-code-quality/rules/kotlin/C042-boolean-naming.md +42 -0
  245. package/skill-assets/sunlint-code-quality/rules/kotlin/C052-controller-parsing.md +71 -0
  246. package/skill-assets/sunlint-code-quality/rules/kotlin/C060-superclass-logic.md +60 -0
  247. package/skill-assets/sunlint-code-quality/rules/kotlin/C067-no-hardcoded-config.md +51 -0
  248. package/skill-assets/sunlint-code-quality/rules/kotlin/S003-open-redirect.md +66 -0
  249. package/skill-assets/sunlint-code-quality/rules/kotlin/S004-no-log-credentials.md +59 -0
  250. package/skill-assets/sunlint-code-quality/rules/kotlin/S005-server-authorization.md +75 -0
  251. package/skill-assets/sunlint-code-quality/rules/kotlin/S006-default-credentials.md +49 -0
  252. package/skill-assets/sunlint-code-quality/rules/kotlin/S007-output-encoding.md +62 -0
  253. package/skill-assets/sunlint-code-quality/rules/kotlin/S009-approved-crypto.md +51 -0
  254. package/skill-assets/sunlint-code-quality/rules/kotlin/S010-csprng.md +61 -0
  255. package/skill-assets/sunlint-code-quality/rules/kotlin/S011-encrypted-client-hello.md +48 -0
  256. package/skill-assets/sunlint-code-quality/rules/kotlin/S012-secrets-management.md +53 -0
  257. package/skill-assets/sunlint-code-quality/rules/kotlin/S013-tls-connections.md +61 -0
  258. package/skill-assets/sunlint-code-quality/rules/kotlin/S016-no-sensitive-query-string.md +51 -0
  259. package/skill-assets/sunlint-code-quality/rules/kotlin/S017-parameterized-queries.md +41 -0
  260. package/skill-assets/sunlint-code-quality/rules/kotlin/S019-email-input-sanitization.md +50 -0
  261. package/skill-assets/sunlint-code-quality/rules/kotlin/S020-eval-code-execution.md +57 -0
  262. package/skill-assets/sunlint-code-quality/rules/kotlin/S022-context-escaping.md +58 -0
  263. package/skill-assets/sunlint-code-quality/rules/kotlin/S023-dynamic-js-encoding.md +57 -0
  264. package/skill-assets/sunlint-code-quality/rules/kotlin/S025-server-validation.md +59 -0
  265. package/skill-assets/sunlint-code-quality/rules/kotlin/S026-tls-encryption.md +50 -0
  266. package/skill-assets/sunlint-code-quality/rules/kotlin/S027-mtls-validation.md +60 -0
  267. package/skill-assets/sunlint-code-quality/rules/kotlin/S028-upload-limits.md +67 -0
  268. package/skill-assets/sunlint-code-quality/rules/kotlin/S029-csrf-protection.md +57 -0
  269. package/skill-assets/sunlint-code-quality/rules/kotlin/S030-directory-browsing.md +50 -0
  270. package/skill-assets/sunlint-code-quality/rules/kotlin/S031-secure-cookie-flag.md +51 -0
  271. package/skill-assets/sunlint-code-quality/rules/kotlin/S032-httponly-cookie.md +49 -0
  272. package/skill-assets/sunlint-code-quality/rules/kotlin/S033-samesite-cookie.md +54 -0
  273. package/skill-assets/sunlint-code-quality/rules/kotlin/S034-host-prefix-cookie.md +50 -0
  274. package/skill-assets/sunlint-code-quality/rules/kotlin/S035-app-hostnames.md +59 -0
  275. package/skill-assets/sunlint-code-quality/rules/kotlin/S036-internal-file-paths.md +61 -0
  276. package/skill-assets/sunlint-code-quality/rules/kotlin/S037-anti-cache-headers.md +58 -0
  277. package/skill-assets/sunlint-code-quality/rules/kotlin/S039-tls-certificate-validation.md +62 -0
  278. package/skill-assets/sunlint-code-quality/rules/kotlin/S041-logout-invalidation.md +71 -0
  279. package/skill-assets/sunlint-code-quality/rules/kotlin/S042-long-lived-sessions.md +57 -0
  280. package/skill-assets/sunlint-code-quality/rules/kotlin/S044-critical-changes-reauth.md +64 -0
  281. package/skill-assets/sunlint-code-quality/rules/kotlin/S045-brute-force-protection.md +64 -0
  282. package/skill-assets/sunlint-code-quality/rules/kotlin/S047-oauth-csrf-protection.md +74 -0
  283. package/skill-assets/sunlint-code-quality/rules/kotlin/S048-oauth-redirect-validation.md +61 -0
  284. package/skill-assets/sunlint-code-quality/rules/kotlin/S049-auth-code-expiry.md +70 -0
  285. package/skill-assets/sunlint-code-quality/rules/kotlin/S050-token-entropy.md +65 -0
  286. package/skill-assets/sunlint-code-quality/rules/kotlin/S051-password-length.md +52 -0
  287. package/skill-assets/sunlint-code-quality/rules/kotlin/S052-otp-entropy.md +55 -0
  288. package/skill-assets/sunlint-code-quality/rules/kotlin/S053-generic-error-messages.md +66 -0
  289. package/skill-assets/sunlint-code-quality/rules/kotlin/S054-no-default-admin.md +57 -0
  290. package/skill-assets/sunlint-code-quality/rules/kotlin/S055-content-type-validation.md +58 -0
  291. package/skill-assets/sunlint-code-quality/rules/kotlin/S056-log-injection.md +47 -0
  292. package/skill-assets/sunlint-code-quality/rules/kotlin/S057-synchronized-time.md +49 -0
  293. package/skill-assets/sunlint-code-quality/rules/kotlin/S058-ssrf-protection.md +69 -0
  294. package/skill-assets/sunlint-code-quality/rules/php/C006-verb-noun-functions.md +46 -0
  295. package/skill-assets/sunlint-code-quality/rules/php/C013-no-dead-code.md +53 -0
  296. package/skill-assets/sunlint-code-quality/rules/php/C014-dependency-injection.md +71 -0
  297. package/skill-assets/sunlint-code-quality/rules/php/C017-no-constructor-logic.md +68 -0
  298. package/skill-assets/sunlint-code-quality/rules/php/C018-generic-errors.md +50 -0
  299. package/skill-assets/sunlint-code-quality/rules/php/C019-error-log-level.md +54 -0
  300. package/skill-assets/sunlint-code-quality/rules/php/C020-no-unused-imports.md +55 -0
  301. package/skill-assets/sunlint-code-quality/rules/php/C022-no-unused-variables.md +51 -0
  302. package/skill-assets/sunlint-code-quality/rules/php/C023-no-duplicate-names.md +61 -0
  303. package/skill-assets/sunlint-code-quality/rules/php/C024-centralize-constants.md +60 -0
  304. package/skill-assets/sunlint-code-quality/rules/php/C029-catch-log-root-cause.md +57 -0
  305. package/skill-assets/sunlint-code-quality/rules/php/C030-custom-error-classes.md +62 -0
  306. package/skill-assets/sunlint-code-quality/rules/php/C033-separate-data-access.md +79 -0
  307. package/skill-assets/sunlint-code-quality/rules/php/C035-error-context-logging.md +54 -0
  308. package/skill-assets/sunlint-code-quality/rules/php/C041-no-hardcoded-secrets.md +59 -0
  309. package/skill-assets/sunlint-code-quality/rules/php/C042-boolean-naming.md +52 -0
  310. package/skill-assets/sunlint-code-quality/rules/php/C052-controller-parsing.md +66 -0
  311. package/skill-assets/sunlint-code-quality/rules/php/C060-superclass-logic.md +54 -0
  312. package/skill-assets/sunlint-code-quality/rules/php/C067-no-hardcoded-config.md +55 -0
  313. package/skill-assets/sunlint-code-quality/rules/php/S003-open-redirect.md +60 -0
  314. package/skill-assets/sunlint-code-quality/rules/php/S004-no-log-credentials.md +67 -0
  315. package/skill-assets/sunlint-code-quality/rules/php/S005-server-authorization.md +57 -0
  316. package/skill-assets/sunlint-code-quality/rules/php/S006-default-credentials.md +61 -0
  317. package/skill-assets/sunlint-code-quality/rules/php/S007-output-encoding.md +61 -0
  318. package/skill-assets/sunlint-code-quality/rules/php/S009-approved-crypto.md +53 -0
  319. package/skill-assets/sunlint-code-quality/rules/php/S010-csprng.md +47 -0
  320. package/skill-assets/sunlint-code-quality/rules/php/S011-encrypted-client-hello.md +41 -0
  321. package/skill-assets/sunlint-code-quality/rules/php/S012-secrets-management.md +60 -0
  322. package/skill-assets/sunlint-code-quality/rules/php/S013-tls-connections.md +67 -0
  323. package/skill-assets/sunlint-code-quality/rules/php/S016-no-sensitive-query-string.md +61 -0
  324. package/skill-assets/sunlint-code-quality/rules/php/S017-parameterized-queries.md +44 -0
  325. package/skill-assets/sunlint-code-quality/rules/php/S019-email-input-sanitization.md +54 -0
  326. package/skill-assets/sunlint-code-quality/rules/php/S020-eval-code-execution.md +57 -0
  327. package/skill-assets/sunlint-code-quality/rules/php/S022-context-escaping.md +58 -0
  328. package/skill-assets/sunlint-code-quality/rules/php/S023-dynamic-js-encoding.md +62 -0
  329. package/skill-assets/sunlint-code-quality/rules/php/S025-server-validation.md +63 -0
  330. package/skill-assets/sunlint-code-quality/rules/php/S026-tls-encryption.md +48 -0
  331. package/skill-assets/sunlint-code-quality/rules/php/S027-mtls-validation.md +62 -0
  332. package/skill-assets/sunlint-code-quality/rules/php/S028-upload-limits.md +60 -0
  333. package/skill-assets/sunlint-code-quality/rules/php/S029-csrf-protection.md +65 -0
  334. package/skill-assets/sunlint-code-quality/rules/php/S030-directory-browsing.md +40 -0
  335. package/skill-assets/sunlint-code-quality/rules/php/S031-secure-cookie-flag.md +55 -0
  336. package/skill-assets/sunlint-code-quality/rules/php/S032-httponly-cookie.md +54 -0
  337. package/skill-assets/sunlint-code-quality/rules/php/S033-samesite-cookie.md +52 -0
  338. package/skill-assets/sunlint-code-quality/rules/php/S034-host-prefix-cookie.md +49 -0
  339. package/skill-assets/sunlint-code-quality/rules/php/S035-app-hostnames.md +49 -0
  340. package/skill-assets/sunlint-code-quality/rules/php/S036-internal-file-paths.md +56 -0
  341. package/skill-assets/sunlint-code-quality/rules/php/S037-anti-cache-headers.md +56 -0
  342. package/skill-assets/sunlint-code-quality/rules/php/S039-tls-certificate-validation.md +54 -0
  343. package/skill-assets/sunlint-code-quality/rules/php/S041-logout-invalidation.md +63 -0
  344. package/skill-assets/sunlint-code-quality/rules/php/S042-long-lived-sessions.md +57 -0
  345. package/skill-assets/sunlint-code-quality/rules/php/S044-critical-changes-reauth.md +71 -0
  346. package/skill-assets/sunlint-code-quality/rules/php/S045-brute-force-protection.md +67 -0
  347. package/skill-assets/sunlint-code-quality/rules/php/S047-oauth-csrf-protection.md +72 -0
  348. package/skill-assets/sunlint-code-quality/rules/php/S048-oauth-redirect-validation.md +54 -0
  349. package/skill-assets/sunlint-code-quality/rules/php/S049-auth-code-expiry.md +71 -0
  350. package/skill-assets/sunlint-code-quality/rules/php/S050-token-entropy.md +58 -0
  351. package/skill-assets/sunlint-code-quality/rules/php/S051-password-length.md +59 -0
  352. package/skill-assets/sunlint-code-quality/rules/php/S052-otp-entropy.md +45 -0
  353. package/skill-assets/sunlint-code-quality/rules/php/S053-generic-error-messages.md +59 -0
  354. package/skill-assets/sunlint-code-quality/rules/php/S054-no-default-admin.md +62 -0
  355. package/skill-assets/sunlint-code-quality/rules/php/S055-content-type-validation.md +58 -0
  356. package/skill-assets/sunlint-code-quality/rules/php/S056-log-injection.md +48 -0
  357. package/skill-assets/sunlint-code-quality/rules/php/S057-synchronized-time.md +52 -0
  358. package/skill-assets/sunlint-code-quality/rules/php/S058-ssrf-protection.md +65 -0
  359. package/skill-assets/sunlint-code-quality/rules/python/C006-verb-noun-functions.md +30 -0
  360. package/skill-assets/sunlint-code-quality/rules/python/C013-no-dead-code.md +24 -0
  361. package/skill-assets/sunlint-code-quality/rules/python/C014-dependency-injection.md +68 -0
  362. package/skill-assets/sunlint-code-quality/rules/python/C017-no-constructor-logic.md +30 -0
  363. package/skill-assets/sunlint-code-quality/rules/python/C018-generic-errors.md +25 -0
  364. package/skill-assets/sunlint-code-quality/rules/python/C019-error-log-level.md +26 -0
  365. package/skill-assets/sunlint-code-quality/rules/python/C020-no-unused-imports.md +28 -0
  366. package/skill-assets/sunlint-code-quality/rules/python/C022-no-unused-variables.md +24 -0
  367. package/skill-assets/sunlint-code-quality/rules/python/C023-no-duplicate-names.md +27 -0
  368. package/skill-assets/sunlint-code-quality/rules/python/C024-centralize-constants.md +27 -0
  369. package/skill-assets/sunlint-code-quality/rules/python/C029-catch-log-root-cause.md +61 -0
  370. package/skill-assets/sunlint-code-quality/rules/python/C030-custom-error-classes.md +28 -0
  371. package/skill-assets/sunlint-code-quality/rules/python/C033-separate-data-access.md +53 -0
  372. package/skill-assets/sunlint-code-quality/rules/python/C035-error-context-logging.md +26 -0
  373. package/skill-assets/sunlint-code-quality/rules/python/C041-no-hardcoded-secrets.md +23 -0
  374. package/skill-assets/sunlint-code-quality/rules/python/C042-boolean-naming.md +24 -0
  375. package/skill-assets/sunlint-code-quality/rules/python/C052-controller-parsing.md +34 -0
  376. package/skill-assets/sunlint-code-quality/rules/python/C060-superclass-logic.md +26 -0
  377. package/skill-assets/sunlint-code-quality/rules/python/C067-no-hardcoded-config.md +22 -0
  378. package/skill-assets/sunlint-code-quality/rules/python/S003-open-redirect.md +16 -0
  379. package/skill-assets/sunlint-code-quality/rules/python/S004-no-log-credentials.md +16 -0
  380. package/skill-assets/sunlint-code-quality/rules/python/S005-server-authorization.md +16 -0
  381. package/skill-assets/sunlint-code-quality/rules/python/S006-default-credentials.md +16 -0
  382. package/skill-assets/sunlint-code-quality/rules/python/S007-output-encoding.md +16 -0
  383. package/skill-assets/sunlint-code-quality/rules/python/S009-approved-crypto.md +16 -0
  384. package/skill-assets/sunlint-code-quality/rules/python/S010-csprng.md +16 -0
  385. package/skill-assets/sunlint-code-quality/rules/python/S011-encrypted-client-hello.md +16 -0
  386. package/skill-assets/sunlint-code-quality/rules/python/S012-secrets-management.md +16 -0
  387. package/skill-assets/sunlint-code-quality/rules/python/S013-tls-connections.md +16 -0
  388. package/skill-assets/sunlint-code-quality/rules/python/S016-no-sensitive-query-string.md +16 -0
  389. package/skill-assets/sunlint-code-quality/rules/python/S017-parameterized-queries.md +51 -0
  390. package/skill-assets/sunlint-code-quality/rules/python/S019-email-input-sanitization.md +16 -0
  391. package/skill-assets/sunlint-code-quality/rules/python/S020-eval-code-execution.md +51 -0
  392. package/skill-assets/sunlint-code-quality/rules/python/S022-context-escaping.md +16 -0
  393. package/skill-assets/sunlint-code-quality/rules/python/S023-dynamic-js-encoding.md +16 -0
  394. package/skill-assets/sunlint-code-quality/rules/python/S025-server-validation.md +16 -0
  395. package/skill-assets/sunlint-code-quality/rules/python/S026-tls-encryption.md +16 -0
  396. package/skill-assets/sunlint-code-quality/rules/python/S027-mtls-validation.md +16 -0
  397. package/skill-assets/sunlint-code-quality/rules/python/S028-upload-limits.md +16 -0
  398. package/skill-assets/sunlint-code-quality/rules/python/S029-csrf-protection.md +16 -0
  399. package/skill-assets/sunlint-code-quality/rules/python/S030-directory-browsing.md +16 -0
  400. package/skill-assets/sunlint-code-quality/rules/python/S031-secure-cookie-flag.md +16 -0
  401. package/skill-assets/sunlint-code-quality/rules/python/S032-httponly-cookie.md +16 -0
  402. package/skill-assets/sunlint-code-quality/rules/python/S033-samesite-cookie.md +16 -0
  403. package/skill-assets/sunlint-code-quality/rules/python/S034-host-prefix-cookie.md +16 -0
  404. package/skill-assets/sunlint-code-quality/rules/python/S035-app-hostnames.md +16 -0
  405. package/skill-assets/sunlint-code-quality/rules/python/S036-internal-file-paths.md +50 -0
  406. package/skill-assets/sunlint-code-quality/rules/python/S037-anti-cache-headers.md +16 -0
  407. package/skill-assets/sunlint-code-quality/rules/python/S039-tls-certificate-validation.md +16 -0
  408. package/skill-assets/sunlint-code-quality/rules/python/S041-logout-invalidation.md +16 -0
  409. package/skill-assets/sunlint-code-quality/rules/python/S042-long-lived-sessions.md +16 -0
  410. package/skill-assets/sunlint-code-quality/rules/python/S044-critical-changes-reauth.md +16 -0
  411. package/skill-assets/sunlint-code-quality/rules/python/S045-brute-force-protection.md +16 -0
  412. package/skill-assets/sunlint-code-quality/rules/python/S047-oauth-csrf-protection.md +16 -0
  413. package/skill-assets/sunlint-code-quality/rules/python/S048-oauth-redirect-validation.md +16 -0
  414. package/skill-assets/sunlint-code-quality/rules/python/S049-auth-code-expiry.md +16 -0
  415. package/skill-assets/sunlint-code-quality/rules/python/S050-token-entropy.md +16 -0
  416. package/skill-assets/sunlint-code-quality/rules/python/S051-password-length.md +16 -0
  417. package/skill-assets/sunlint-code-quality/rules/python/S052-otp-entropy.md +16 -0
  418. package/skill-assets/sunlint-code-quality/rules/python/S053-generic-error-messages.md +16 -0
  419. package/skill-assets/sunlint-code-quality/rules/python/S054-no-default-admin.md +16 -0
  420. package/skill-assets/sunlint-code-quality/rules/python/S055-content-type-validation.md +16 -0
  421. package/skill-assets/sunlint-code-quality/rules/python/S056-log-injection.md +16 -0
  422. package/skill-assets/sunlint-code-quality/rules/python/S057-synchronized-time.md +16 -0
  423. package/skill-assets/sunlint-code-quality/rules/python/S058-ssrf-protection.md +57 -0
  424. package/skill-assets/sunlint-code-quality/rules/typescript/C006-verb-noun-functions.md +45 -0
  425. package/skill-assets/sunlint-code-quality/rules/typescript/C013-no-dead-code.md +51 -0
  426. package/skill-assets/sunlint-code-quality/rules/typescript/C014-dependency-injection.md +69 -0
  427. package/skill-assets/sunlint-code-quality/rules/typescript/C017-no-constructor-logic.md +60 -0
  428. package/skill-assets/sunlint-code-quality/rules/typescript/C018-generic-errors.md +47 -0
  429. package/skill-assets/sunlint-code-quality/rules/typescript/C019-error-log-level.md +50 -0
  430. package/skill-assets/sunlint-code-quality/rules/typescript/C020-no-unused-imports.md +55 -0
  431. package/skill-assets/sunlint-code-quality/rules/typescript/C022-no-unused-variables.md +59 -0
  432. package/skill-assets/sunlint-code-quality/rules/typescript/C023-no-duplicate-names.md +58 -0
  433. package/skill-assets/sunlint-code-quality/rules/typescript/C024-centralize-constants.md +56 -0
  434. package/skill-assets/sunlint-code-quality/rules/typescript/C029-catch-log-root-cause.md +53 -0
  435. package/skill-assets/sunlint-code-quality/rules/typescript/C030-custom-error-classes.md +60 -0
  436. package/skill-assets/sunlint-code-quality/rules/typescript/C033-separate-data-access.md +69 -0
  437. package/skill-assets/sunlint-code-quality/rules/typescript/C035-error-context-logging.md +50 -0
  438. package/skill-assets/sunlint-code-quality/rules/typescript/C041-no-hardcoded-secrets.md +47 -0
  439. package/skill-assets/sunlint-code-quality/rules/typescript/C042-boolean-naming.md +42 -0
  440. package/skill-assets/sunlint-code-quality/rules/typescript/C052-controller-parsing.md +64 -0
  441. package/skill-assets/sunlint-code-quality/rules/typescript/C060-superclass-logic.md +67 -0
  442. package/skill-assets/sunlint-code-quality/rules/typescript/C067-no-hardcoded-config.md +52 -0
  443. package/skill-assets/sunlint-code-quality/rules/typescript/S003-open-redirect.md +76 -0
  444. package/skill-assets/sunlint-code-quality/rules/typescript/S004-no-log-credentials.md +71 -0
  445. package/skill-assets/sunlint-code-quality/rules/typescript/S005-server-authorization.md +68 -0
  446. package/skill-assets/sunlint-code-quality/rules/typescript/S006-default-credentials.md +69 -0
  447. package/skill-assets/sunlint-code-quality/rules/typescript/S007-output-encoding.md +60 -0
  448. package/skill-assets/sunlint-code-quality/rules/typescript/S009-approved-crypto.md +53 -0
  449. package/skill-assets/sunlint-code-quality/rules/typescript/S010-csprng.md +53 -0
  450. package/skill-assets/sunlint-code-quality/rules/typescript/S011-encrypted-client-hello.md +45 -0
  451. package/skill-assets/sunlint-code-quality/rules/typescript/S012-secrets-management.md +47 -0
  452. package/skill-assets/sunlint-code-quality/rules/typescript/S013-tls-connections.md +70 -0
  453. package/skill-assets/sunlint-code-quality/rules/typescript/S016-no-sensitive-query-string.md +53 -0
  454. package/skill-assets/sunlint-code-quality/rules/typescript/S017-parameterized-queries.md +55 -0
  455. package/skill-assets/sunlint-code-quality/rules/typescript/S019-email-input-sanitization.md +56 -0
  456. package/skill-assets/sunlint-code-quality/rules/typescript/S020-eval-code-execution.md +58 -0
  457. package/skill-assets/sunlint-code-quality/rules/typescript/S022-context-escaping.md +48 -0
  458. package/skill-assets/sunlint-code-quality/rules/typescript/S023-dynamic-js-encoding.md +52 -0
  459. package/skill-assets/sunlint-code-quality/rules/typescript/S025-server-validation.md +62 -0
  460. package/skill-assets/sunlint-code-quality/rules/typescript/S026-tls-encryption.md +47 -0
  461. package/skill-assets/sunlint-code-quality/rules/typescript/S027-mtls-validation.md +50 -0
  462. package/skill-assets/sunlint-code-quality/rules/typescript/S028-upload-limits.md +65 -0
  463. package/skill-assets/sunlint-code-quality/rules/typescript/S029-csrf-protection.md +62 -0
  464. package/skill-assets/sunlint-code-quality/rules/typescript/S030-directory-browsing.md +52 -0
  465. package/skill-assets/sunlint-code-quality/rules/typescript/S031-secure-cookie-flag.md +48 -0
  466. package/skill-assets/sunlint-code-quality/rules/typescript/S032-httponly-cookie.md +36 -0
  467. package/skill-assets/sunlint-code-quality/rules/typescript/S033-samesite-cookie.md +46 -0
  468. package/skill-assets/sunlint-code-quality/rules/typescript/S034-host-prefix-cookie.md +50 -0
  469. package/skill-assets/sunlint-code-quality/rules/typescript/S035-app-hostnames.md +49 -0
  470. package/skill-assets/sunlint-code-quality/rules/typescript/S036-internal-file-paths.md +53 -0
  471. package/skill-assets/sunlint-code-quality/rules/typescript/S037-anti-cache-headers.md +52 -0
  472. package/skill-assets/sunlint-code-quality/rules/typescript/S039-tls-certificate-validation.md +51 -0
  473. package/skill-assets/sunlint-code-quality/rules/typescript/S041-logout-invalidation.md +58 -0
  474. package/skill-assets/sunlint-code-quality/rules/typescript/S042-long-lived-sessions.md +55 -0
  475. package/skill-assets/sunlint-code-quality/rules/typescript/S044-critical-changes-reauth.md +69 -0
  476. package/skill-assets/sunlint-code-quality/rules/typescript/S045-brute-force-protection.md +59 -0
  477. package/skill-assets/sunlint-code-quality/rules/typescript/S047-oauth-csrf-protection.md +60 -0
  478. package/skill-assets/sunlint-code-quality/rules/typescript/S048-oauth-redirect-validation.md +59 -0
  479. package/skill-assets/sunlint-code-quality/rules/typescript/S049-auth-code-expiry.md +73 -0
  480. package/skill-assets/sunlint-code-quality/rules/typescript/S050-token-entropy.md +48 -0
  481. package/skill-assets/sunlint-code-quality/rules/typescript/S051-password-length.md +60 -0
  482. package/skill-assets/sunlint-code-quality/rules/typescript/S052-otp-entropy.md +49 -0
  483. package/skill-assets/sunlint-code-quality/rules/typescript/S053-generic-error-messages.md +61 -0
  484. package/skill-assets/sunlint-code-quality/rules/typescript/S054-no-default-admin.md +64 -0
  485. package/skill-assets/sunlint-code-quality/rules/typescript/S055-content-type-validation.md +64 -0
  486. package/skill-assets/sunlint-code-quality/rules/typescript/S056-log-injection.md +48 -0
  487. package/skill-assets/sunlint-code-quality/rules/typescript/S057-synchronized-time.md +57 -0
  488. package/skill-assets/sunlint-code-quality/rules/typescript/S058-ssrf-protection.md +63 -0
package/skill-assets/sunlint-code-quality/rules/php/S051-password-length.md ADDED
@@ -0,0 +1,59 @@
1
+ ---
2
+ title: Support 12-64 Character Passwords
3
+ impact: MEDIUM
4
+ impactDescription: promotes the use of secure passphrases over complex but short passwords
5
+ tags: password, length, passphrase, security, php
6
+ ---
7
+
8
+ ## Support 12-64 Character Passwords
9
+
10
+ Modern security standards (NIST) prioritize longer passwords (passphrases) over short passwords with complex character requirements. Do not impose overly restrictive maximum length limits (like 16 or 20 characters), as this prevents users from using secure passphrases or generated secrets.
11
+
12
+ **Incorrect (too restrictive or too short):**
13
+
14
+ ```php
15
+ // Insecure: minimum length is too short
16
+ $request->validate(['password' => 'min:6']);
17
+
18
+ // Restrictive: prevents long secure passphrases
19
+ $request->validate(['password' => 'min:8|max:16']);
20
+ ```
21
+
22
+ **Correct (promoting secure passphrases):**
23
+
24
+ ```php
25
+ // 1. Recommended Validation (Laravel)
26
+ $request->validate([
27
+ 'password' => [
28
+ 'required',
29
+ 'string',
30
+ 'min:12', // Minimum 12 characters recommended
31
+ 'max:64', // Support at least 64+ characters
32
+ ]
33
+ ]);
34
+
35
+ // 2. Using Complexity only for shorter passwords (NIST principle)
36
+ use Illuminate\Validation\Rules\Password;
37
+
38
+ $request->validate([
39
+ 'password' => [
40
+ 'required',
41
+ Password::min(12)
42
+ ->letters()
43
+ ->numbers()
44
+ ->symbols()
45
+ ->uncompromised(), // Checks against HaveIBeenPwned API
46
+ ]
47
+ ]);
48
+ ```
49
+
50
+ **Security Guidelines:**
51
+ - **Minimum 8 characters** (Internal use) or **12+ characters** (Public internet).
52
+ - **Maximum 64-128 characters** should be supported.
53
+ - **Do not use "complexity"** (Must include special chars) as a hard requirement if the password is long (e.g., > 16 characters).
54
+ - **Allow all characters**, including spaces and Unicode.
55
+
56
+ **Why 64 characters?**
57
+ Many hashing algorithms (like BCRYPT) have an internal limit around 72 characters. Support for 64-128 characters is usually sufficient for nearly all users and password managers.
58
+
59
+ **Tools:** Laravel `Rules\Password`, OWASP Password Policy, Zxcvbn (password strength estimator)
package/skill-assets/sunlint-code-quality/rules/php/S052-otp-entropy.md ADDED
@@ -0,0 +1,45 @@
1
+ ---
2
+ title: OTPs Must Have 20-bit Entropy Minimum
3
+ impact: MEDIUM
4
+ impactDescription: prevents guessing and brute-force attacks on One-Time Passwords
5
+ tags: otp, entropy, authentication, 2fa, security, php
6
+ ---
7
+
8
+ ## OTPs Must Have 20-bit Entropy Minimum
9
+
10
+ One-Time Passwords (OTPs) with low entropy, such as 4-digit codes, are susceptible to brute-force attacks. A 6-digit numeric OTP provides roughly 20 bits of entropy (1,000,000 combinations), which is the industry standard when combined with rate limiting.
11
+
12
+ **Incorrect (low entropy or predictable OTPs):**
13
+
14
+ ```php
15
+ // 1. Weak - 4 digits (only 10,000 combinations)
16
+ $otp = rand(1000, 9999);
17
+
18
+ // 2. Predictable - using non-CS PRNG
19
+ $otp = substr(mt_rand(), 0, 6);
20
+
21
+ // 3. Very Weak - based on time
22
+ $otp = substr(time(), -6);
23
+ ```
24
+
25
+ **Correct (CSPRNG generated numeric OTPs):**
26
+
27
+ ```php
28
+ // 1. 6-digit OTP (Recommended minimum)
29
+ $otp = (string)random_int(100000, 999999);
30
+
31
+ // 2. 8-digit OTP (Extra security)
32
+ $otp = (string)random_int(10000000, 99999999);
33
+
34
+ // 3. Ensuring Leading Zeros (if needed)
35
+ $otp = str_pad(random_int(0, 999999), 6, '0', STR_PAD_LEFT);
36
+ ```
37
+
38
+ **Requirements for Secure OTPs:**
39
+ - **Generation**: Always use **`random_int()`**; never use `rand()` or `mt_rand()`.
40
+ - **Length**: Minimum **6 digits** for general use.
41
+ - **Single Use**: The code must be invalidated immediately after the first use (success or failure).
42
+ - **Rate Limiting**: Strictly limit the number of verification attempts (e.g., 3-5 attempts) before destroying the code (see rule **S045**).
43
+ - **Expiry**: Codes should expire within **5-10 minutes**.
44
+
45
+ **Tools:** PHP Internal `random_int()`, Laravel RateLimiter, Security Audit
package/skill-assets/sunlint-code-quality/rules/php/S053-generic-error-messages.md ADDED
@@ -0,0 +1,59 @@
1
+ ---
2
+ title: Return Generic Error Messages
3
+ impact: HIGH
4
+ impactDescription: prevents information disclosure and user enumeration
5
+ tags: error-messages, information-disclosure, security, php
6
+ ---
7
+
8
+ ## Return Generic Error Messages
9
+
10
+ Detailed error messages (e.g., database stack traces, file paths, or specific missing user notifications) provide attackers with valuable information about your system's architecture and user accounts. While detailed logs are great for developers, they must never be shown to the end-user in production.
11
+
12
+ **Incorrect (detailed or revealing errors):**
13
+
14
+ ```php
15
+ try {
16
+ $db->execute("SELECT * FROM users WHERE id = ?", [$id]);
17
+ } catch (\Exception $e) {
18
+ // VULNERABLE: Exposes SQL structure, file paths, and potential credentials
19
+ die("Database Error: " . $e->getMessage() . " at " . $e->getFile());
20
+ }
21
+
22
+ // User Enumeration Vulnerability
23
+ if (!$userExists) {
24
+ return response()->json(['error' => 'Email not found'], 404);
25
+ }
26
+ if (!$passwordMatches) {
27
+ return response()->json(['error' => 'Incorrect password'], 401);
28
+ }
29
+ ```
30
+
31
+ **Correct (generic messages for users):**
32
+
33
+ ```php
34
+ try {
35
+ $db->execute("SELECT * FROM users WHERE id = ?", [$id]);
36
+ } catch (\Exception $e) {
37
+ // 1. Log the full details for developers
38
+ Log::error("Database query failed", ['exception' => $e]);
39
+
40
+ // 2. Return a generic message to the user
41
+ return response()->json([
42
+ 'error' => 'A system error occurred. Please contact support.',
43
+ 'request_id' => $requestId // Provide a reference for support
44
+ ], 500);
45
+ }
46
+
47
+ // 3. Prevent User Enumeration (Auth)
48
+ // Use the same message and timing for both cases
49
+ if (!$userExists || !$passwordMatches) {
50
+ return response()->json(['error' => 'Invalid email or password'], 401);
51
+ }
52
+ ```
53
+
54
+ **Global Configuration:**
55
+ - **`display_errors`**: Ensure this is set to `Off` in your production `php.ini`.
56
+ - **Laravel**: Ensure `APP_DEBUG` is set to `false` in production. This automatically swaps detailed "Whoops" pages for a generic "500 | Server Error" page.
57
+ - **Custom Exceptions**: Use custom exceptions and map them to generic messages in a central handler (e.g., `App\Exceptions\Handler`).
58
+
59
+ **Tools:** PHP `php.ini` settings, Laravel Exception Handler, OWASP ZAP (to check for information leakage)
package/skill-assets/sunlint-code-quality/rules/php/S054-no-default-admin.md ADDED
@@ -0,0 +1,62 @@
1
+ ---
2
+ title: Avoid Default Admin/Root Accounts
3
+ impact: HIGH
4
+ impactDescription: prevents attackers from gaining initial administrative access via known credentials
5
+ tags: admin, default-accounts, credentials, security, php
6
+ ---
7
+
8
+ ## Avoid Default Admin/Root Accounts
9
+
10
+ Systems that ship with default administrative accounts (e.g., `admin@example.com` / `password`) are easily compromised. Attackers use automated tools to scan for these common credentials across the web.
11
+
12
+ **Incorrect (hardcoded or weak default admin):**
13
+
14
+ ```php
15
+ // UserSeeder.php
16
+ User::create([
17
+ 'email' => 'admin@company.com',
18
+ 'password' => Hash::make('admin123'), // DEFAULT!
19
+ 'is_admin' => true,
20
+ ]);
21
+
22
+ // Production code with "test" roles
23
+ if ($user->email === 'admin@test.com') {
24
+ // Grant full access
25
+ }
26
+ ```
27
+
28
+ **Correct (secure initial setup):**
29
+
30
+ ```php
31
+ // 1. Using Environment Variables for first run
32
+ User::create([
33
+ 'name' => 'System Admin',
34
+ 'email' => env('INITIAL_ADMIN_EMAIL', 'admin@example.com'),
35
+ 'password' => Hash::make(env('INITIAL_ADMIN_PASSWORD')), // Must be set in .env
36
+ 'is_admin' => true,
37
+ ]);
38
+
39
+ // 2. Ensuring the password is not a default in Production
40
+ if (App::environment('production')) {
41
+ $password = env('INITIAL_ADMIN_PASSWORD');
42
+ if ($password === 'admin' || $password === 'password' || strlen($password) < 12) {
43
+ throw new \RuntimeException("A strong, non-default INITIAL_ADMIN_PASSWORD must be configured.");
44
+ }
45
+ }
46
+
47
+ // 3. One-time Setup Screen
48
+ public function installAdmin(Request $request) {
49
+ if (User::where('is_admin', true)->exists()) {
50
+ abort(403, "Admin already exists.");
51
+ }
52
+
53
+ // Validate and create admin...
54
+ }
55
+ ```
56
+
57
+ **Best Practices:**
58
+ - **Dynamic Selection**: Do not hardcode "admin" as the username or email. Require the user to define it during installation.
59
+ - **Force Reset**: If you must generate a default password, force the user to change it upon their first login.
60
+ - **Notification**: Log and alert administrators when an administrative account is created or its password is changed.
61
+
62
+ **Tools:** Laravel Seeders, Environment Validation, Security Audit
package/skill-assets/sunlint-code-quality/rules/php/S055-content-type-validation.md ADDED
@@ -0,0 +1,58 @@
1
+ ---
2
+ title: Validate Content-Type In REST Services
3
+ impact: MEDIUM
4
+ impactDescription: prevents content-type confusion attacks and ensures predictable parsing
5
+ tags: rest, content-type, validation, api, security, php
6
+ ---
7
+
8
+ ## Validate Content-Type In REST Services
9
+
10
+ Accepting unexpected content types (e.g., XML when you expect JSON) can lead to parsing vulnerabilities like External Entity (XXE) attacks or bypass security filters that only check for specific formats. Strict `Content-Type` validation ensures your application only processes data in the formats it was designed to handle.
11
+
12
+ **Incorrect (accepting any content type):**
13
+
14
+ ```php
15
+ // No content-type check: logic might try to parse different formats
16
+ public function store(Request $request) {
17
+ // If the client sends XML but the code expects JSON, this might crash or behave unexpectedly
18
+ $data = $request->all();
19
+ $this->service->process($data);
20
+ }
21
+ ```
22
+
23
+ **Correct (enforcing Content-Type via Middleware):**
24
+
25
+ ```php
26
+ // 1. Plain PHP Validation
27
+ $contentType = $_SERVER['CONTENT_TYPE'] ?? '';
28
+ if (strpos(strtolower($contentType), 'application/json') === false) {
29
+ header('HTTP/1.1 415 Unsupported Media Type');
30
+ die("Only application/json is supported.");
31
+ }
32
+
33
+ // 2. Laravel Middleware (Recommended)
34
+ public function handle($request, Closure $next, ...$allowedTypes)
35
+ {
36
+ $contentType = $request->header('Content-Type');
37
+
38
+ if (!$contentType || !Str::contains(strtolower($contentType), $allowedTypes)) {
39
+ return response()->json([
40
+ 'error' => 'Unsupported Media Type',
41
+ 'allowed' => $allowedTypes
42
+ ], 415);
43
+ }
44
+
45
+ return $next($request);
46
+ }
47
+
48
+ // Route Usage:
49
+ Route::post('/api/data', [DataController::class, 'store'])
50
+ ->middleware('validate.content:application/json');
51
+ ```
52
+
53
+ **Why it matters?**
54
+ - **XXE Prevention**: If you only expect JSON but a user sends XML with a malicious DOCTYPE, your server might be vulnerable to Local File Read or SSRF if an XML parser is automatically triggered.
55
+ - **Strict Parsing**: Ensures that your data validation rules are applied to the correct format.
56
+ - **API Standards**: Returning a `415 Unsupported Media Type` is the correct RESTful way to communicate protocol mismatches.
57
+
58
+ **Tools:** Laravel Middleware, Symfony Request Matcher, OWASP ZAP, Postman (testing)
package/skill-assets/sunlint-code-quality/rules/php/S056-log-injection.md ADDED
@@ -0,0 +1,48 @@
1
+ ---
2
+ title: Protect Against Log Injection
3
+ impact: HIGH
4
+ impactDescription: prevents log forging and exploitation
5
+ tags: logging, injection, sanitization, security, php
6
+ ---
7
+
8
+ ## Protect Against Log Injection
9
+
10
+ Log injection occurs when an application includes untrusted data in its logs without proper sanitization. Attackers can use this to forge log entries, hide malicious activities, or inject content that could exploit log-viewing tools.
11
+
12
+ **Incorrect (unsanitized logging):**
13
+
14
+ ```php
15
+ // Log injection vulnerability
16
+ $username = $_POST['username'];
17
+ error_log("User logged in: " . $username);
18
+ // Attacker input: "admin\n[ERROR] Database wiped by: victim"
19
+ ```
20
+
21
+ **Correct (sanitized structured logging):**
22
+
23
+ ```php
24
+ // Sanitize input before logging
25
+ function sanitizeForLog($input) {
26
+ if (!is_string($input)) return $input;
27
+ // Remove newlines and carriage returns
28
+ return str_replace(["\r", "\n", "\t"], ' ', $input);
29
+ }
30
+
31
+ $username = $_POST['username'];
32
+ error_log("User logged in: " . sanitizeForLog($username));
33
+
34
+ // Using structured logging (e.g., Monolog in Laravel)
35
+ // Structured logging handles most injection issues as the data is kept separate from the message
36
+ Log::info('User logged in', [
37
+ 'username' => $username, // Still good practice to sanitize or use a secure formatter
38
+ 'ip' => $_SERVER['REMOTE_ADDR']
39
+ ]);
40
+ ```
41
+
42
+ **Best Practices:**
43
+ 1. Avoid multi-line log entries.
44
+ 2. Neutralize newlines and tab characters in user-controlled input before logging.
45
+ 3. Use structured logging (JSON) instead of plain text strings.
46
+ 4. Limit the length of data included in logs to prevent log-overflow or denial of service on log management systems.
47
+
48
+ **Tools:** PHPStan, Psalm, SonarQube, Monolog Safe Formatters
package/skill-assets/sunlint-code-quality/rules/php/S057-synchronized-time.md ADDED
@@ -0,0 +1,52 @@
1
+ ---
2
+ title: Use Synchronized Time (UTC) In Logs
3
+ impact: MEDIUM
4
+ impactDescription: enables accurate incident correlation across distributed systems
5
+ tags: logging, time, utc, synchronization, security, php
6
+ ---
7
+
8
+ ## Use Synchronized Time (UTC) In Logs
9
+
10
+ Inconsistent or incorrect timestamps across multiple servers make it extremely difficult to correlate events during an incident investigation. You must use a synchronized time source (NTP) and log all events in UTC using the ISO 8601 format.
11
+
12
+ **Incorrect (local time or inconsistent formats):**
13
+
14
+ ```php
15
+ // Local timezone - varies by server config
16
+ Log::info("User logged in at " . date("Y-m-d H:i:s"));
17
+
18
+ // Non-standard formats
19
+ Log::info("[" . time() . "] Action performed");
20
+ ```
21
+
22
+ **Correct (UTC and ISO 8601):**
23
+
24
+ ```php
25
+ // 1. Explicitly sets UTC (Recommended for all backend apps)
26
+ date_default_timezone_set('UTC');
27
+
28
+ // 2. Using ISO 8601 format (DateTimeInterface::ATOM)
29
+ $now = (new DateTime('now', new DateTimeZone('UTC')))->format(DateTimeInterface::ATOM);
30
+ Log::info('Order processed', [
31
+ 'timestamp' => $now, // Example: 2024-05-10T15:20:00+00:00
32
+ 'order_id' => 123
33
+ ]);
34
+
35
+ // 3. In Laravel (config/app.php)
36
+ 'timezone' => 'UTC',
37
+
38
+ // 4. Using Carbon (Laravel/Symfony)
39
+ Log::info('Event', [
40
+ 'timestamp' => now()->toIso8601String()
41
+ ]);
42
+ ```
43
+
44
+ **Synchronization Strategy:**
45
+ - **Server Clock**: Use NTP (Network Time Protocol) to ensure all application and database servers are synchronized to the millisecond.
46
+ - **Internal Storage**: Store all timestamps in the database as UTC. Convert to local time only when displaying to the end-user.
47
+ - **Log Format**: Prefer structured JSON logs where the timestamp is a top-level field in ISO 8601 format.
48
+
49
+ **Why ISO 8601?**
50
+ It is unambiguous, machine-readable, and includes timezone offset information (usually `Z` or `+00:00`), making it the gold standard for log aggregation tools like Elasticsearch or Graylog.
51
+
52
+ **Tools:** NTP, Monolog (with UTC formatter), Carbon, `date_default_timezone_set()`
package/skill-assets/sunlint-code-quality/rules/php/S058-ssrf-protection.md ADDED
@@ -0,0 +1,65 @@
1
+ ---
2
+ title: Protect Against SSRF Attacks
3
+ impact: MEDIUM
4
+ impactDescription: prevents attackers from making requests from your server to internal services
5
+ tags: ssrf, url, network, internal, security, php
6
+ ---
7
+
8
+ ## Protect Against SSRF Attacks
9
+
10
+ Server-Side Request Forgery (SSRF) allows an attacker to force your server to make requests to internal services, local files, or cloud metadata endpoints (e.g., AWS metadata). This often happens when the application takes a URL from a user and fetches its content.
11
+
12
+ **Incorrect (accepting user URLs without validation):**
13
+
14
+ ```php
15
+ // SSRF vulnerability using file_get_contents
16
+ $url = $_GET['url'];
17
+ echo file_get_contents($url); // Attacker: ?url=http://169.254.169.254/latest/meta-data/
18
+
19
+ // SSRF via cURL
20
+ $ch = curl_init();
21
+ curl_setopt($ch, CURLOPT_URL, $_GET['url']);
22
+ curl_exec($ch);
23
+ ```
24
+
25
+ **Correct (strict validation and blocklists):**
26
+
27
+ ```php
28
+ $userUrl = $_GET['url'];
29
+ $parsed = parse_url($userUrl);
30
+
31
+ // 1. Force protocol (Whitelist)
32
+ $allowedProtocols = ['http', 'https'];
33
+ if (!in_array($parsed['scheme'], $allowedProtocols)) {
34
+ die("Only HTTP/HTTPS allowed");
35
+ }
36
+
37
+ // 2. Host Whitelist (Most Secure)
38
+ $allowedHosts = ['api.trusted.com', 'images.trusted.com'];
39
+ if (!in_array($parsed['host'], $allowedHosts)) {
40
+ die("Untrusted host");
41
+ }
42
+
43
+ // 3. Block Private/Internal IP Ranges (If dynamic hosts are required)
44
+ $ip = gethostbyname($parsed['host']);
45
+ $privateRanges = [
46
+ '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12',
47
+ '192.168.0.0/16', '169.254.169.254' // AWS Metadata
48
+ ];
49
+ // Use a library like `spatie/ip-range-check` to verify $ip against $privateRanges
50
+
51
+ // 4. Safe cURL usage
52
+ $ch = curl_init();
53
+ curl_setopt($ch, CURLOPT_URL, $userUrl);
54
+ curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); // Restrict protocols
55
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); // Disable redirects to prevent bypass
56
+ curl_exec($ch);
57
+ ```
58
+
59
+ **Prevention Checklist:**
60
+ - **Whitelisting**: Only allow requests to specific, trusted domains.
61
+ - **Protocol Restriction**: Only allow `http` or `https`. Disable `file://`, `gopher://`, `dict://`, etc.
62
+ - **Network Isolation**: Ensure your web server cannot reach internal databases or management interfaces directly.
63
+ - **Authentication**: Require identification for any proxying service.
64
+
65
+ **Tools:** PHP `parse_url()`, cURL security options, SonarQube, Manual Security Review
package/skill-assets/sunlint-code-quality/rules/python/C006-verb-noun-functions.md ADDED
@@ -0,0 +1,30 @@
1
+ ---
2
+ title: Use Verb-Noun Pattern for Functions
3
+ impact: MEDIUM
4
+ impactDescription: improves readability and intent discovery
5
+ tags: naming, functions, readability, quality, python
6
+ ---
7
+
8
+ ## Use Verb-Noun Pattern for Functions
9
+
10
+ Function names should clearly state what they do. Using a verb-noun pattern makes the code self-documenting.
11
+
12
+ **Incorrect (ambiguous naming):**
13
+ ```python
14
+ def data(): ...
15
+ def process(): ...
16
+ def my_function(): ...
17
+ ```
18
+
19
+ **Correct (verb-noun naming):**
20
+ ```python
21
+ def get_user_data(): ...
22
+ def process_order_status(): ...
23
+ def validate_email_address(): ...
24
+ ```
25
+
26
+ **Spark Context:**
27
+ ```python
28
+ def clean_null_values(df): ...
29
+ def aggregate_daily_sales(df): ...
30
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C013-no-dead-code.md ADDED
@@ -0,0 +1,24 @@
1
+ ---
2
+ title: Do Not Commit Dead Code
3
+ impact: MEDIUM
4
+ impactDescription: reduces noise and maintenance burden
5
+ tags: clean-code, maintenance, quality, python
6
+ ---
7
+
8
+ ## Do Not Commit Dead Code
9
+
10
+ Dead code (commented-out code or unreachable code) clutters the codebase and leads to confusion.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ def calculate_tax(amount):
15
+ # Old logic:
16
+ # return amount * 0.05
17
+ return amount * 0.08
18
+ ```
19
+
20
+ **Correct:**
21
+ ```python
22
+ def calculate_tax(amount):
23
+ return amount * 0.08
24
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C014-dependency-injection.md ADDED
@@ -0,0 +1,68 @@
1
+ ---
2
+ title: Use Dependency Injection
3
+ impact: HIGH
4
+ impactDescription: enables testability and loose coupling
5
+ tags: dependency-injection, testing, coupling, architecture, quality, python, pyspark
6
+ ---
7
+
8
+ ## Use Dependency Injection
9
+
10
+ Direct instantiation creates tight coupling, making testing difficult and changes risky. DI enables mockability, replaceability, and testability. In Python, this is often done using constructor injection or DI frameworks.
11
+
12
+ **Incorrect (hardcoded dependencies):**
13
+
14
+ ```python
15
+ class OrderService:
16
+ def __init__(self):
17
+ self.db = DatabaseConnection() # Hardcoded dependency
18
+ self.mailer = EmailService() # Hardcoded dependency
19
+
20
+ def create_order(self, data):
21
+ order = self.db.insert('orders', data)
22
+ self.mailer.send(data['email'], 'Order created')
23
+ return order
24
+ ```
25
+
26
+ **Correct (injected dependencies):**
27
+
28
+ ```python
29
+ class OrderService:
30
+ def __init__(self, db, mailer):
31
+ self.db = db
32
+ self.mailer = mailer
33
+
34
+ def create_order(self, data):
35
+ order = self.db.insert('orders', data)
36
+ self.mailer.send(data['email'], 'Order created')
37
+ return order
38
+
39
+ # Usage
40
+ service = OrderService(
41
+ db=PostgresDatabase(conn_string),
42
+ mailer=SendGridMailer(api_key)
43
+ )
44
+
45
+ # Testing with pytest/unittest.mock
46
+ from unittest.mock import MagicMock
47
+ mock_db = MagicMock()
48
+ mock_mailer = MagicMock()
49
+ test_service = OrderService(db=mock_db, mailer=mock_mailer)
50
+ ```
51
+
52
+ **PySpark Context:**
53
+ In Spark, dependencies like `SparkSession` should be passed to processing functions or classes rather than using globals like `SparkSession.builder.getOrCreate()` everywhere.
54
+
55
+ ```python
56
+ def process_data(spark: SparkSession, input_path: String):
57
+ df = spark.read.load(input_path)
58
+ # ... process
59
+ return df
60
+ ```
61
+
62
+ **Benefits:**
63
+ - Easy mocking for unit tests
64
+ - Swappable implementations (e.g., local vs cloud storage)
65
+ - Clear dependencies visible in constructor
66
+ - Supports interface-based design (using Protocols or ABCs)
67
+
68
+ **Tools:** Static analyzer, PR review, dependency-injector (library)
package/skill-assets/sunlint-code-quality/rules/python/C017-no-constructor-logic.md ADDED
@@ -0,0 +1,30 @@
1
+ ---
2
+ title: No Business Logic in Constructors
3
+ impact: MEDIUM
4
+ impactDescription: keeps instantiation simple and testable
5
+ tags: quality, construction, clean-code, python
6
+ ---
7
+
8
+ ## No Business Logic in Constructors
9
+
10
+ Constructors should only assign dependencies and state. Complex logic, I/O, or remote calls make testing and inheritance difficult.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ class SparkJob:
15
+ def __init__(self, path):
16
+ self.path = path
17
+ # ❌ I/O in constructor makes it hard to unit test
18
+ self.spark = SparkSession.builder.getOrCreate()
19
+ self.df = self.spark.read.load(path)
20
+ ```
21
+
22
+ **Correct:**
23
+ ```python
24
+ class SparkJob:
25
+ def __init__(self, spark_session):
26
+ self.spark = spark_session
27
+
28
+ def load_data(self, path):
29
+ return self.spark.read.load(path)
30
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C018-generic-errors.md ADDED
@@ -0,0 +1,25 @@
1
+ ---
2
+ title: Do Not Throw Generic Errors
3
+ impact: MEDIUM
4
+ impactDescription: prevents ambiguous error handling
5
+ tags: error-handling, quality, python
6
+ ---
7
+
8
+ ## Do Not Throw Generic Errors
9
+
10
+ Raising generic `Exception` or `RuntimeError` makes it impossible for callers to catch specific issues.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ if not user:
15
+ raise Exception("User not found")
16
+ ```
17
+
18
+ **Correct:**
19
+ ```python
20
+ class UserNotFoundError(Exception):
21
+ pass
22
+
23
+ if not user:
24
+ raise UserNotFoundError("User ID 123 not found")
25
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C019-error-log-level.md ADDED
@@ -0,0 +1,26 @@
1
+ ---
2
+ title: Do Not Use Error Log Level for Non-Critical Issues
3
+ impact: LOW
4
+ impactDescription: prevents alert fatigue
5
+ tags: logging, observability, quality, python
6
+ ---
7
+
8
+ ## Do Not Use Error Log Level for Non-Critical Issues
9
+
10
+ Reserve `ERROR` level for things that require immediate attention (e.g., job failure). Use `WARNING` or `INFO` for expected deviations.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ try:
15
+ data = fetch_optional_data()
16
+ except Exception:
17
+ logger.error("Optional data not found") # Not really an error
18
+ ```
19
+
20
+ **Correct:**
21
+ ```python
22
+ try:
23
+ data = fetch_optional_data()
24
+ except Exception:
25
+ logger.warning("Optional data not found, continuing with defaults")
26
+ ```