@sun-asterisk/sunlint 1.3.39 → 1.3.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (488) hide show
  1. package/config/rules/rules-registry-generated.json +134 -108
  2. package/core/rule-selection-service.js +11 -0
  3. package/docs/GENERATED_FILES_QUICK_REFERENCE.md +96 -0
  4. package/docs/GENERATED_FILE_HANDLING_SUMMARY.md +152 -0
  5. package/docs/skills/CREATE_NEW_DART_RULE.md +161 -14
  6. package/origin-rules/dart-en.md +151 -163
  7. package/package.json +2 -1
  8. package/rules/dart/D002_dispose_resources/config.json +25 -0
  9. package/rules/dart/D003_prefer_widgets_over_methods/config.json +14 -0
  10. package/rules/dart/D004_avoid_shrinkwrap_listview/config.json +13 -0
  11. package/rules/dart/D005_limit_widget_nesting/config.json +13 -0
  12. package/rules/dart/D006_prefer_extracting_large_callbacks/config.json +25 -0
  13. package/rules/dart/D007_prefer_init_first_dispose_last/config.json +10 -0
  14. package/rules/dart/D008_avoid_long_functions/config.json +12 -0
  15. package/rules/dart/D009_limit_function_parameters/config.json +13 -0
  16. package/rules/dart/D010_limit_cyclomatic_complexity/config.json +12 -0
  17. package/rules/dart/D011_prefer_named_parameters/config.json +12 -0
  18. package/rules/dart/D012_prefer_named_boolean_parameters/config.json +9 -0
  19. package/rules/dart/D013_single_public_class/config.json +10 -0
  20. package/rules/dart/D014_unsafe_collection_access/config.json +10 -0
  21. package/rules/dart/D015_copywith_all_parameters/config.json +9 -0
  22. package/rules/dart/D016_project_should_have_tests/config.json +24 -0
  23. package/rules/dart/D017_pubspec_dependencies_review/config.json +23 -0
  24. package/rules/dart/D018_remove_commented_code/config.json +13 -0
  25. package/rules/dart/D019_avoid_single_child_multi_child_widget/config.json +21 -0
  26. package/rules/dart/D020_limit_if_else_branches/config.json +12 -0
  27. package/rules/dart/D021_avoid_negated_boolean_checks/config.json +14 -0
  28. package/rules/dart/D022_use_setstate_correctly/config.json +14 -0
  29. package/rules/dart/D023_avoid_unnecessary_method_overrides/config.json +13 -0
  30. package/rules/dart/D024_avoid_unnecessary_stateful_widget/config.json +9 -0
  31. package/rules/dart/D025_avoid_nested_conditional_expressions/config.json +9 -0
  32. package/skill-assets/sunlint-code-quality/AGENTS.md +80 -0
  33. package/skill-assets/sunlint-code-quality/SKILL.md +176 -0
  34. package/skill-assets/sunlint-code-quality/rules/csharp/C006-verb-noun-functions.md +36 -0
  35. package/skill-assets/sunlint-code-quality/rules/csharp/C013-no-dead-code.md +38 -0
  36. package/skill-assets/sunlint-code-quality/rules/csharp/C014-dependency-injection.md +45 -0
  37. package/skill-assets/sunlint-code-quality/rules/csharp/C017-no-constructor-logic.md +46 -0
  38. package/skill-assets/sunlint-code-quality/rules/csharp/C018-generic-errors.md +38 -0
  39. package/skill-assets/sunlint-code-quality/rules/csharp/C019-error-log-level.md +29 -0
  40. package/skill-assets/sunlint-code-quality/rules/csharp/C020-no-unused-imports.md +30 -0
  41. package/skill-assets/sunlint-code-quality/rules/csharp/C022-no-unused-variables.md +33 -0
  42. package/skill-assets/sunlint-code-quality/rules/csharp/C023-no-duplicate-names.md +36 -0
  43. package/skill-assets/sunlint-code-quality/rules/csharp/C024-centralize-constants.md +33 -0
  44. package/skill-assets/sunlint-code-quality/rules/csharp/C029-catch-log-root-cause.md +40 -0
  45. package/skill-assets/sunlint-code-quality/rules/csharp/C030-custom-error-classes.md +38 -0
  46. package/skill-assets/sunlint-code-quality/rules/csharp/C033-separate-data-access.md +53 -0
  47. package/skill-assets/sunlint-code-quality/rules/csharp/C035-error-context-logging.md +31 -0
  48. package/skill-assets/sunlint-code-quality/rules/csharp/C041-no-hardcoded-secrets.md +25 -0
  49. package/skill-assets/sunlint-code-quality/rules/csharp/C042-boolean-naming.md +27 -0
  50. package/skill-assets/sunlint-code-quality/rules/csharp/C052-controller-parsing.md +41 -0
  51. package/skill-assets/sunlint-code-quality/rules/csharp/C060-superclass-logic.md +33 -0
  52. package/skill-assets/sunlint-code-quality/rules/csharp/C067-no-hardcoded-config.md +24 -0
  53. package/skill-assets/sunlint-code-quality/rules/csharp/S003-open-redirect.md +47 -0
  54. package/skill-assets/sunlint-code-quality/rules/csharp/S004-no-log-credentials.md +28 -0
  55. package/skill-assets/sunlint-code-quality/rules/csharp/S005-server-authorization.md +51 -0
  56. package/skill-assets/sunlint-code-quality/rules/csharp/S006-default-credentials.md +42 -0
  57. package/skill-assets/sunlint-code-quality/rules/csharp/S007-output-encoding.md +36 -0
  58. package/skill-assets/sunlint-code-quality/rules/csharp/S009-approved-crypto.md +37 -0
  59. package/skill-assets/sunlint-code-quality/rules/csharp/S010-csprng.md +32 -0
  60. package/skill-assets/sunlint-code-quality/rules/csharp/S011-encrypted-client-hello.md +36 -0
  61. package/skill-assets/sunlint-code-quality/rules/csharp/S012-secrets-management.md +35 -0
  62. package/skill-assets/sunlint-code-quality/rules/csharp/S013-tls-connections.md +36 -0
  63. package/skill-assets/sunlint-code-quality/rules/csharp/S016-no-sensitive-query-string.md +39 -0
  64. package/skill-assets/sunlint-code-quality/rules/csharp/S017-parameterized-queries.md +47 -0
  65. package/skill-assets/sunlint-code-quality/rules/csharp/S019-email-input-sanitization.md +35 -0
  66. package/skill-assets/sunlint-code-quality/rules/csharp/S020-eval-code-execution.md +56 -0
  67. package/skill-assets/sunlint-code-quality/rules/csharp/S022-context-escaping.md +50 -0
  68. package/skill-assets/sunlint-code-quality/rules/csharp/S023-dynamic-js-encoding.md +34 -0
  69. package/skill-assets/sunlint-code-quality/rules/csharp/S025-server-validation.md +56 -0
  70. package/skill-assets/sunlint-code-quality/rules/csharp/S026-tls-encryption.md +28 -0
  71. package/skill-assets/sunlint-code-quality/rules/csharp/S027-mtls-validation.md +40 -0
  72. package/skill-assets/sunlint-code-quality/rules/csharp/S028-upload-limits.md +50 -0
  73. package/skill-assets/sunlint-code-quality/rules/csharp/S029-csrf-protection.md +42 -0
  74. package/skill-assets/sunlint-code-quality/rules/csharp/S030-directory-browsing.md +26 -0
  75. package/skill-assets/sunlint-code-quality/rules/csharp/S031-secure-cookie-flag.md +35 -0
  76. package/skill-assets/sunlint-code-quality/rules/csharp/S032-httponly-cookie.md +31 -0
  77. package/skill-assets/sunlint-code-quality/rules/csharp/S033-samesite-cookie.md +36 -0
  78. package/skill-assets/sunlint-code-quality/rules/csharp/S034-host-prefix-cookie.md +31 -0
  79. package/skill-assets/sunlint-code-quality/rules/csharp/S035-app-hostnames.md +26 -0
  80. package/skill-assets/sunlint-code-quality/rules/csharp/S036-internal-file-paths.md +36 -0
  81. package/skill-assets/sunlint-code-quality/rules/csharp/S037-anti-cache-headers.md +33 -0
  82. package/skill-assets/sunlint-code-quality/rules/csharp/S039-tls-certificate-validation.md +41 -0
  83. package/skill-assets/sunlint-code-quality/rules/csharp/S041-logout-invalidation.md +36 -0
  84. package/skill-assets/sunlint-code-quality/rules/csharp/S042-long-lived-sessions.md +47 -0
  85. package/skill-assets/sunlint-code-quality/rules/csharp/S044-critical-changes-reauth.md +45 -0
  86. package/skill-assets/sunlint-code-quality/rules/csharp/S045-brute-force-protection.md +48 -0
  87. package/skill-assets/sunlint-code-quality/rules/csharp/S047-oauth-csrf-protection.md +53 -0
  88. package/skill-assets/sunlint-code-quality/rules/csharp/S048-oauth-redirect-validation.md +37 -0
  89. package/skill-assets/sunlint-code-quality/rules/csharp/S049-auth-code-expiry.md +33 -0
  90. package/skill-assets/sunlint-code-quality/rules/csharp/S050-token-entropy.md +33 -0
  91. package/skill-assets/sunlint-code-quality/rules/csharp/S051-password-length.md +35 -0
  92. package/skill-assets/sunlint-code-quality/rules/csharp/S052-otp-entropy.md +26 -0
  93. package/skill-assets/sunlint-code-quality/rules/csharp/S053-generic-error-messages.md +32 -0
  94. package/skill-assets/sunlint-code-quality/rules/csharp/S054-no-default-admin.md +31 -0
  95. package/skill-assets/sunlint-code-quality/rules/csharp/S055-content-type-validation.md +44 -0
  96. package/skill-assets/sunlint-code-quality/rules/csharp/S056-log-injection.md +33 -0
  97. package/skill-assets/sunlint-code-quality/rules/csharp/S057-synchronized-time.md +27 -0
  98. package/skill-assets/sunlint-code-quality/rules/csharp/S058-ssrf-protection.md +54 -0
  99. package/skill-assets/sunlint-code-quality/rules/go/C006-verb-noun-functions.md +45 -0
  100. package/skill-assets/sunlint-code-quality/rules/go/C013-no-dead-code.md +48 -0
  101. package/skill-assets/sunlint-code-quality/rules/go/C014-dependency-injection.md +85 -0
  102. package/skill-assets/sunlint-code-quality/rules/go/C017-no-constructor-logic.md +67 -0
  103. package/skill-assets/sunlint-code-quality/rules/go/C018-generic-errors.md +63 -0
  104. package/skill-assets/sunlint-code-quality/rules/go/C019-error-log-level.md +50 -0
  105. package/skill-assets/sunlint-code-quality/rules/go/C020-no-unused-imports.md +45 -0
  106. package/skill-assets/sunlint-code-quality/rules/go/C022-no-unused-variables.md +34 -0
  107. package/skill-assets/sunlint-code-quality/rules/go/C023-no-duplicate-names.md +41 -0
  108. package/skill-assets/sunlint-code-quality/rules/go/C024-centralize-constants.md +55 -0
  109. package/skill-assets/sunlint-code-quality/rules/go/C029-catch-log-root-cause.md +56 -0
  110. package/skill-assets/sunlint-code-quality/rules/go/C030-custom-error-classes.md +69 -0
  111. package/skill-assets/sunlint-code-quality/rules/go/C033-separate-data-access.md +68 -0
  112. package/skill-assets/sunlint-code-quality/rules/go/C035-error-context-logging.md +48 -0
  113. package/skill-assets/sunlint-code-quality/rules/go/C041-no-hardcoded-secrets.md +45 -0
  114. package/skill-assets/sunlint-code-quality/rules/go/C042-boolean-naming.md +42 -0
  115. package/skill-assets/sunlint-code-quality/rules/go/C052-controller-parsing.md +62 -0
  116. package/skill-assets/sunlint-code-quality/rules/go/C060-superclass-logic.md +60 -0
  117. package/skill-assets/sunlint-code-quality/rules/go/C067-no-hardcoded-config.md +51 -0
  118. package/skill-assets/sunlint-code-quality/rules/go/S003-open-redirect.md +80 -0
  119. package/skill-assets/sunlint-code-quality/rules/go/S004-no-log-credentials.md +66 -0
  120. package/skill-assets/sunlint-code-quality/rules/go/S005-server-authorization.md +55 -0
  121. package/skill-assets/sunlint-code-quality/rules/go/S006-default-credentials.md +47 -0
  122. package/skill-assets/sunlint-code-quality/rules/go/S007-output-encoding.md +50 -0
  123. package/skill-assets/sunlint-code-quality/rules/go/S009-approved-crypto.md +63 -0
  124. package/skill-assets/sunlint-code-quality/rules/go/S010-csprng.md +53 -0
  125. package/skill-assets/sunlint-code-quality/rules/go/S011-encrypted-client-hello.md +34 -0
  126. package/skill-assets/sunlint-code-quality/rules/go/S012-secrets-management.md +49 -0
  127. package/skill-assets/sunlint-code-quality/rules/go/S013-tls-connections.md +61 -0
  128. package/skill-assets/sunlint-code-quality/rules/go/S016-no-sensitive-query-string.md +42 -0
  129. package/skill-assets/sunlint-code-quality/rules/go/S017-parameterized-queries.md +36 -0
  130. package/skill-assets/sunlint-code-quality/rules/go/S019-email-input-sanitization.md +44 -0
  131. package/skill-assets/sunlint-code-quality/rules/go/S020-eval-code-execution.md +47 -0
  132. package/skill-assets/sunlint-code-quality/rules/go/S022-context-escaping.md +49 -0
  133. package/skill-assets/sunlint-code-quality/rules/go/S023-dynamic-js-encoding.md +51 -0
  134. package/skill-assets/sunlint-code-quality/rules/go/S025-server-validation.md +57 -0
  135. package/skill-assets/sunlint-code-quality/rules/go/S026-tls-encryption.md +46 -0
  136. package/skill-assets/sunlint-code-quality/rules/go/S027-mtls-validation.md +52 -0
  137. package/skill-assets/sunlint-code-quality/rules/go/S028-upload-limits.md +58 -0
  138. package/skill-assets/sunlint-code-quality/rules/go/S029-csrf-protection.md +53 -0
  139. package/skill-assets/sunlint-code-quality/rules/go/S030-directory-browsing.md +53 -0
  140. package/skill-assets/sunlint-code-quality/rules/go/S031-secure-cookie-flag.md +48 -0
  141. package/skill-assets/sunlint-code-quality/rules/go/S032-httponly-cookie.md +42 -0
  142. package/skill-assets/sunlint-code-quality/rules/go/S033-samesite-cookie.md +49 -0
  143. package/skill-assets/sunlint-code-quality/rules/go/S034-host-prefix-cookie.md +44 -0
  144. package/skill-assets/sunlint-code-quality/rules/go/S035-app-hostnames.md +50 -0
  145. package/skill-assets/sunlint-code-quality/rules/go/S036-internal-file-paths.md +56 -0
  146. package/skill-assets/sunlint-code-quality/rules/go/S037-anti-cache-headers.md +43 -0
  147. package/skill-assets/sunlint-code-quality/rules/go/S039-tls-certificate-validation.md +41 -0
  148. package/skill-assets/sunlint-code-quality/rules/go/S041-logout-invalidation.md +46 -0
  149. package/skill-assets/sunlint-code-quality/rules/go/S042-long-lived-sessions.md +58 -0
  150. package/skill-assets/sunlint-code-quality/rules/go/S044-critical-changes-reauth.md +53 -0
  151. package/skill-assets/sunlint-code-quality/rules/go/S045-brute-force-protection.md +55 -0
  152. package/skill-assets/sunlint-code-quality/rules/go/S047-oauth-csrf-protection.md +51 -0
  153. package/skill-assets/sunlint-code-quality/rules/go/S048-oauth-redirect-validation.md +58 -0
  154. package/skill-assets/sunlint-code-quality/rules/go/S049-auth-code-expiry.md +52 -0
  155. package/skill-assets/sunlint-code-quality/rules/go/S050-token-entropy.md +53 -0
  156. package/skill-assets/sunlint-code-quality/rules/go/S051-password-length.md +49 -0
  157. package/skill-assets/sunlint-code-quality/rules/go/S052-otp-entropy.md +48 -0
  158. package/skill-assets/sunlint-code-quality/rules/go/S053-generic-error-messages.md +51 -0
  159. package/skill-assets/sunlint-code-quality/rules/go/S054-no-default-admin.md +43 -0
  160. package/skill-assets/sunlint-code-quality/rules/go/S055-content-type-validation.md +52 -0
  161. package/skill-assets/sunlint-code-quality/rules/go/S056-log-injection.md +40 -0
  162. package/skill-assets/sunlint-code-quality/rules/go/S057-synchronized-time.md +40 -0
  163. package/skill-assets/sunlint-code-quality/rules/go/S058-ssrf-protection.md +70 -0
  164. package/skill-assets/sunlint-code-quality/rules/java/C006-verb-noun-functions.md +36 -0
  165. package/skill-assets/sunlint-code-quality/rules/java/C013-no-dead-code.md +175 -0
  166. package/skill-assets/sunlint-code-quality/rules/java/C014-dependency-injection.md +42 -0
  167. package/skill-assets/sunlint-code-quality/rules/java/C017-no-constructor-logic.md +39 -0
  168. package/skill-assets/sunlint-code-quality/rules/java/C018-generic-errors.md +28 -0
  169. package/skill-assets/sunlint-code-quality/rules/java/C019-error-log-level.md +34 -0
  170. package/skill-assets/sunlint-code-quality/rules/java/C020-no-unused-imports.md +34 -0
  171. package/skill-assets/sunlint-code-quality/rules/java/C022-no-unused-variables.md +31 -0
  172. package/skill-assets/sunlint-code-quality/rules/java/C023-no-duplicate-names.md +37 -0
  173. package/skill-assets/sunlint-code-quality/rules/java/C024-centralize-constants.md +36 -0
  174. package/skill-assets/sunlint-code-quality/rules/java/C029-catch-log-root-cause.md +42 -0
  175. package/skill-assets/sunlint-code-quality/rules/java/C030-custom-error-classes.md +50 -0
  176. package/skill-assets/sunlint-code-quality/rules/java/C033-separate-data-access.md +46 -0
  177. package/skill-assets/sunlint-code-quality/rules/java/C035-error-context-logging.md +38 -0
  178. package/skill-assets/sunlint-code-quality/rules/java/C041-no-hardcoded-secrets.md +34 -0
  179. package/skill-assets/sunlint-code-quality/rules/java/C042-boolean-naming.md +27 -0
  180. package/skill-assets/sunlint-code-quality/rules/java/C052-controller-parsing.md +39 -0
  181. package/skill-assets/sunlint-code-quality/rules/java/C060-superclass-logic.md +32 -0
  182. package/skill-assets/sunlint-code-quality/rules/java/C067-no-hardcoded-config.md +31 -0
  183. package/skill-assets/sunlint-code-quality/rules/java/S003-open-redirect.md +38 -0
  184. package/skill-assets/sunlint-code-quality/rules/java/S004-no-log-credentials.md +36 -0
  185. package/skill-assets/sunlint-code-quality/rules/java/S005-server-authorization.md +53 -0
  186. package/skill-assets/sunlint-code-quality/rules/java/S006-default-credentials.md +39 -0
  187. package/skill-assets/sunlint-code-quality/rules/java/S007-output-encoding.md +49 -0
  188. package/skill-assets/sunlint-code-quality/rules/java/S009-approved-crypto.md +40 -0
  189. package/skill-assets/sunlint-code-quality/rules/java/S010-csprng.md +36 -0
  190. package/skill-assets/sunlint-code-quality/rules/java/S011-encrypted-client-hello.md +27 -0
  191. package/skill-assets/sunlint-code-quality/rules/java/S012-secrets-management.md +34 -0
  192. package/skill-assets/sunlint-code-quality/rules/java/S013-tls-connections.md +40 -0
  193. package/skill-assets/sunlint-code-quality/rules/java/S016-no-sensitive-query-string.md +36 -0
  194. package/skill-assets/sunlint-code-quality/rules/java/S017-parameterized-queries.md +47 -0
  195. package/skill-assets/sunlint-code-quality/rules/java/S019-email-input-sanitization.md +32 -0
  196. package/skill-assets/sunlint-code-quality/rules/java/S020-eval-code-execution.md +45 -0
  197. package/skill-assets/sunlint-code-quality/rules/java/S022-context-escaping.md +28 -0
  198. package/skill-assets/sunlint-code-quality/rules/java/S023-dynamic-js-encoding.md +28 -0
  199. package/skill-assets/sunlint-code-quality/rules/java/S025-server-validation.md +58 -0
  200. package/skill-assets/sunlint-code-quality/rules/java/S026-tls-encryption.md +57 -0
  201. package/skill-assets/sunlint-code-quality/rules/java/S027-mtls-validation.md +26 -0
  202. package/skill-assets/sunlint-code-quality/rules/java/S028-upload-limits.md +35 -0
  203. package/skill-assets/sunlint-code-quality/rules/java/S029-csrf-protection.md +35 -0
  204. package/skill-assets/sunlint-code-quality/rules/java/S030-directory-browsing.md +38 -0
  205. package/skill-assets/sunlint-code-quality/rules/java/S031-secure-cookie-flag.md +38 -0
  206. package/skill-assets/sunlint-code-quality/rules/java/S032-httponly-cookie.md +31 -0
  207. package/skill-assets/sunlint-code-quality/rules/java/S033-samesite-cookie.md +42 -0
  208. package/skill-assets/sunlint-code-quality/rules/java/S034-host-prefix-cookie.md +35 -0
  209. package/skill-assets/sunlint-code-quality/rules/java/S035-app-hostnames.md +23 -0
  210. package/skill-assets/sunlint-code-quality/rules/java/S036-internal-file-paths.md +39 -0
  211. package/skill-assets/sunlint-code-quality/rules/java/S037-anti-cache-headers.md +37 -0
  212. package/skill-assets/sunlint-code-quality/rules/java/S039-tls-certificate-validation.md +43 -0
  213. package/skill-assets/sunlint-code-quality/rules/java/S041-logout-invalidation.md +53 -0
  214. package/skill-assets/sunlint-code-quality/rules/java/S042-long-lived-sessions.md +36 -0
  215. package/skill-assets/sunlint-code-quality/rules/java/S044-critical-changes-reauth.md +28 -0
  216. package/skill-assets/sunlint-code-quality/rules/java/S045-brute-force-protection.md +38 -0
  217. package/skill-assets/sunlint-code-quality/rules/java/S047-oauth-csrf-protection.md +33 -0
  218. package/skill-assets/sunlint-code-quality/rules/java/S048-oauth-redirect-validation.md +25 -0
  219. package/skill-assets/sunlint-code-quality/rules/java/S049-auth-code-expiry.md +23 -0
  220. package/skill-assets/sunlint-code-quality/rules/java/S050-token-entropy.md +20 -0
  221. package/skill-assets/sunlint-code-quality/rules/java/S051-password-length.md +20 -0
  222. package/skill-assets/sunlint-code-quality/rules/java/S052-otp-entropy.md +23 -0
  223. package/skill-assets/sunlint-code-quality/rules/java/S053-generic-error-messages.md +21 -0
  224. package/skill-assets/sunlint-code-quality/rules/java/S054-no-default-admin.md +16 -0
  225. package/skill-assets/sunlint-code-quality/rules/java/S055-content-type-validation.md +36 -0
  226. package/skill-assets/sunlint-code-quality/rules/java/S056-log-injection.md +38 -0
  227. package/skill-assets/sunlint-code-quality/rules/java/S057-synchronized-time.md +35 -0
  228. package/skill-assets/sunlint-code-quality/rules/java/S058-ssrf-protection.md +56 -0
  229. package/skill-assets/sunlint-code-quality/rules/kotlin/C006-verb-noun-functions.md +45 -0
  230. package/skill-assets/sunlint-code-quality/rules/kotlin/C013-no-dead-code.md +49 -0
  231. package/skill-assets/sunlint-code-quality/rules/kotlin/C014-dependency-injection.md +64 -0
  232. package/skill-assets/sunlint-code-quality/rules/kotlin/C017-no-constructor-logic.md +68 -0
  233. package/skill-assets/sunlint-code-quality/rules/kotlin/C018-generic-errors.md +46 -0
  234. package/skill-assets/sunlint-code-quality/rules/kotlin/C019-error-log-level.md +50 -0
  235. package/skill-assets/sunlint-code-quality/rules/kotlin/C020-no-unused-imports.md +44 -0
  236. package/skill-assets/sunlint-code-quality/rules/kotlin/C022-no-unused-variables.md +39 -0
  237. package/skill-assets/sunlint-code-quality/rules/kotlin/C023-no-duplicate-names.md +47 -0
  238. package/skill-assets/sunlint-code-quality/rules/kotlin/C024-centralize-constants.md +58 -0
  239. package/skill-assets/sunlint-code-quality/rules/kotlin/C029-catch-log-root-cause.md +50 -0
  240. package/skill-assets/sunlint-code-quality/rules/kotlin/C030-custom-error-classes.md +72 -0
  241. package/skill-assets/sunlint-code-quality/rules/kotlin/C033-separate-data-access.md +69 -0
  242. package/skill-assets/sunlint-code-quality/rules/kotlin/C035-error-context-logging.md +47 -0
  243. package/skill-assets/sunlint-code-quality/rules/kotlin/C041-no-hardcoded-secrets.md +47 -0
  244. package/skill-assets/sunlint-code-quality/rules/kotlin/C042-boolean-naming.md +42 -0
  245. package/skill-assets/sunlint-code-quality/rules/kotlin/C052-controller-parsing.md +71 -0
  246. package/skill-assets/sunlint-code-quality/rules/kotlin/C060-superclass-logic.md +60 -0
  247. package/skill-assets/sunlint-code-quality/rules/kotlin/C067-no-hardcoded-config.md +51 -0
  248. package/skill-assets/sunlint-code-quality/rules/kotlin/S003-open-redirect.md +66 -0
  249. package/skill-assets/sunlint-code-quality/rules/kotlin/S004-no-log-credentials.md +59 -0
  250. package/skill-assets/sunlint-code-quality/rules/kotlin/S005-server-authorization.md +75 -0
  251. package/skill-assets/sunlint-code-quality/rules/kotlin/S006-default-credentials.md +49 -0
  252. package/skill-assets/sunlint-code-quality/rules/kotlin/S007-output-encoding.md +62 -0
  253. package/skill-assets/sunlint-code-quality/rules/kotlin/S009-approved-crypto.md +51 -0
  254. package/skill-assets/sunlint-code-quality/rules/kotlin/S010-csprng.md +61 -0
  255. package/skill-assets/sunlint-code-quality/rules/kotlin/S011-encrypted-client-hello.md +48 -0
  256. package/skill-assets/sunlint-code-quality/rules/kotlin/S012-secrets-management.md +53 -0
  257. package/skill-assets/sunlint-code-quality/rules/kotlin/S013-tls-connections.md +61 -0
  258. package/skill-assets/sunlint-code-quality/rules/kotlin/S016-no-sensitive-query-string.md +51 -0
  259. package/skill-assets/sunlint-code-quality/rules/kotlin/S017-parameterized-queries.md +41 -0
  260. package/skill-assets/sunlint-code-quality/rules/kotlin/S019-email-input-sanitization.md +50 -0
  261. package/skill-assets/sunlint-code-quality/rules/kotlin/S020-eval-code-execution.md +57 -0
  262. package/skill-assets/sunlint-code-quality/rules/kotlin/S022-context-escaping.md +58 -0
  263. package/skill-assets/sunlint-code-quality/rules/kotlin/S023-dynamic-js-encoding.md +57 -0
  264. package/skill-assets/sunlint-code-quality/rules/kotlin/S025-server-validation.md +59 -0
  265. package/skill-assets/sunlint-code-quality/rules/kotlin/S026-tls-encryption.md +50 -0
  266. package/skill-assets/sunlint-code-quality/rules/kotlin/S027-mtls-validation.md +60 -0
  267. package/skill-assets/sunlint-code-quality/rules/kotlin/S028-upload-limits.md +67 -0
  268. package/skill-assets/sunlint-code-quality/rules/kotlin/S029-csrf-protection.md +57 -0
  269. package/skill-assets/sunlint-code-quality/rules/kotlin/S030-directory-browsing.md +50 -0
  270. package/skill-assets/sunlint-code-quality/rules/kotlin/S031-secure-cookie-flag.md +51 -0
  271. package/skill-assets/sunlint-code-quality/rules/kotlin/S032-httponly-cookie.md +49 -0
  272. package/skill-assets/sunlint-code-quality/rules/kotlin/S033-samesite-cookie.md +54 -0
  273. package/skill-assets/sunlint-code-quality/rules/kotlin/S034-host-prefix-cookie.md +50 -0
  274. package/skill-assets/sunlint-code-quality/rules/kotlin/S035-app-hostnames.md +59 -0
  275. package/skill-assets/sunlint-code-quality/rules/kotlin/S036-internal-file-paths.md +61 -0
  276. package/skill-assets/sunlint-code-quality/rules/kotlin/S037-anti-cache-headers.md +58 -0
  277. package/skill-assets/sunlint-code-quality/rules/kotlin/S039-tls-certificate-validation.md +62 -0
  278. package/skill-assets/sunlint-code-quality/rules/kotlin/S041-logout-invalidation.md +71 -0
  279. package/skill-assets/sunlint-code-quality/rules/kotlin/S042-long-lived-sessions.md +57 -0
  280. package/skill-assets/sunlint-code-quality/rules/kotlin/S044-critical-changes-reauth.md +64 -0
  281. package/skill-assets/sunlint-code-quality/rules/kotlin/S045-brute-force-protection.md +64 -0
  282. package/skill-assets/sunlint-code-quality/rules/kotlin/S047-oauth-csrf-protection.md +74 -0
  283. package/skill-assets/sunlint-code-quality/rules/kotlin/S048-oauth-redirect-validation.md +61 -0
  284. package/skill-assets/sunlint-code-quality/rules/kotlin/S049-auth-code-expiry.md +70 -0
  285. package/skill-assets/sunlint-code-quality/rules/kotlin/S050-token-entropy.md +65 -0
  286. package/skill-assets/sunlint-code-quality/rules/kotlin/S051-password-length.md +52 -0
  287. package/skill-assets/sunlint-code-quality/rules/kotlin/S052-otp-entropy.md +55 -0
  288. package/skill-assets/sunlint-code-quality/rules/kotlin/S053-generic-error-messages.md +66 -0
  289. package/skill-assets/sunlint-code-quality/rules/kotlin/S054-no-default-admin.md +57 -0
  290. package/skill-assets/sunlint-code-quality/rules/kotlin/S055-content-type-validation.md +58 -0
  291. package/skill-assets/sunlint-code-quality/rules/kotlin/S056-log-injection.md +47 -0
  292. package/skill-assets/sunlint-code-quality/rules/kotlin/S057-synchronized-time.md +49 -0
  293. package/skill-assets/sunlint-code-quality/rules/kotlin/S058-ssrf-protection.md +69 -0
  294. package/skill-assets/sunlint-code-quality/rules/php/C006-verb-noun-functions.md +46 -0
  295. package/skill-assets/sunlint-code-quality/rules/php/C013-no-dead-code.md +53 -0
  296. package/skill-assets/sunlint-code-quality/rules/php/C014-dependency-injection.md +71 -0
  297. package/skill-assets/sunlint-code-quality/rules/php/C017-no-constructor-logic.md +68 -0
  298. package/skill-assets/sunlint-code-quality/rules/php/C018-generic-errors.md +50 -0
  299. package/skill-assets/sunlint-code-quality/rules/php/C019-error-log-level.md +54 -0
  300. package/skill-assets/sunlint-code-quality/rules/php/C020-no-unused-imports.md +55 -0
  301. package/skill-assets/sunlint-code-quality/rules/php/C022-no-unused-variables.md +51 -0
  302. package/skill-assets/sunlint-code-quality/rules/php/C023-no-duplicate-names.md +61 -0
  303. package/skill-assets/sunlint-code-quality/rules/php/C024-centralize-constants.md +60 -0
  304. package/skill-assets/sunlint-code-quality/rules/php/C029-catch-log-root-cause.md +57 -0
  305. package/skill-assets/sunlint-code-quality/rules/php/C030-custom-error-classes.md +62 -0
  306. package/skill-assets/sunlint-code-quality/rules/php/C033-separate-data-access.md +79 -0
  307. package/skill-assets/sunlint-code-quality/rules/php/C035-error-context-logging.md +54 -0
  308. package/skill-assets/sunlint-code-quality/rules/php/C041-no-hardcoded-secrets.md +59 -0
  309. package/skill-assets/sunlint-code-quality/rules/php/C042-boolean-naming.md +52 -0
  310. package/skill-assets/sunlint-code-quality/rules/php/C052-controller-parsing.md +66 -0
  311. package/skill-assets/sunlint-code-quality/rules/php/C060-superclass-logic.md +54 -0
  312. package/skill-assets/sunlint-code-quality/rules/php/C067-no-hardcoded-config.md +55 -0
  313. package/skill-assets/sunlint-code-quality/rules/php/S003-open-redirect.md +60 -0
  314. package/skill-assets/sunlint-code-quality/rules/php/S004-no-log-credentials.md +67 -0
  315. package/skill-assets/sunlint-code-quality/rules/php/S005-server-authorization.md +57 -0
  316. package/skill-assets/sunlint-code-quality/rules/php/S006-default-credentials.md +61 -0
  317. package/skill-assets/sunlint-code-quality/rules/php/S007-output-encoding.md +61 -0
  318. package/skill-assets/sunlint-code-quality/rules/php/S009-approved-crypto.md +53 -0
  319. package/skill-assets/sunlint-code-quality/rules/php/S010-csprng.md +47 -0
  320. package/skill-assets/sunlint-code-quality/rules/php/S011-encrypted-client-hello.md +41 -0
  321. package/skill-assets/sunlint-code-quality/rules/php/S012-secrets-management.md +60 -0
  322. package/skill-assets/sunlint-code-quality/rules/php/S013-tls-connections.md +67 -0
  323. package/skill-assets/sunlint-code-quality/rules/php/S016-no-sensitive-query-string.md +61 -0
  324. package/skill-assets/sunlint-code-quality/rules/php/S017-parameterized-queries.md +44 -0
  325. package/skill-assets/sunlint-code-quality/rules/php/S019-email-input-sanitization.md +54 -0
  326. package/skill-assets/sunlint-code-quality/rules/php/S020-eval-code-execution.md +57 -0
  327. package/skill-assets/sunlint-code-quality/rules/php/S022-context-escaping.md +58 -0
  328. package/skill-assets/sunlint-code-quality/rules/php/S023-dynamic-js-encoding.md +62 -0
  329. package/skill-assets/sunlint-code-quality/rules/php/S025-server-validation.md +63 -0
  330. package/skill-assets/sunlint-code-quality/rules/php/S026-tls-encryption.md +48 -0
  331. package/skill-assets/sunlint-code-quality/rules/php/S027-mtls-validation.md +62 -0
  332. package/skill-assets/sunlint-code-quality/rules/php/S028-upload-limits.md +60 -0
  333. package/skill-assets/sunlint-code-quality/rules/php/S029-csrf-protection.md +65 -0
  334. package/skill-assets/sunlint-code-quality/rules/php/S030-directory-browsing.md +40 -0
  335. package/skill-assets/sunlint-code-quality/rules/php/S031-secure-cookie-flag.md +55 -0
  336. package/skill-assets/sunlint-code-quality/rules/php/S032-httponly-cookie.md +54 -0
  337. package/skill-assets/sunlint-code-quality/rules/php/S033-samesite-cookie.md +52 -0
  338. package/skill-assets/sunlint-code-quality/rules/php/S034-host-prefix-cookie.md +49 -0
  339. package/skill-assets/sunlint-code-quality/rules/php/S035-app-hostnames.md +49 -0
  340. package/skill-assets/sunlint-code-quality/rules/php/S036-internal-file-paths.md +56 -0
  341. package/skill-assets/sunlint-code-quality/rules/php/S037-anti-cache-headers.md +56 -0
  342. package/skill-assets/sunlint-code-quality/rules/php/S039-tls-certificate-validation.md +54 -0
  343. package/skill-assets/sunlint-code-quality/rules/php/S041-logout-invalidation.md +63 -0
  344. package/skill-assets/sunlint-code-quality/rules/php/S042-long-lived-sessions.md +57 -0
  345. package/skill-assets/sunlint-code-quality/rules/php/S044-critical-changes-reauth.md +71 -0
  346. package/skill-assets/sunlint-code-quality/rules/php/S045-brute-force-protection.md +67 -0
  347. package/skill-assets/sunlint-code-quality/rules/php/S047-oauth-csrf-protection.md +72 -0
  348. package/skill-assets/sunlint-code-quality/rules/php/S048-oauth-redirect-validation.md +54 -0
  349. package/skill-assets/sunlint-code-quality/rules/php/S049-auth-code-expiry.md +71 -0
  350. package/skill-assets/sunlint-code-quality/rules/php/S050-token-entropy.md +58 -0
  351. package/skill-assets/sunlint-code-quality/rules/php/S051-password-length.md +59 -0
  352. package/skill-assets/sunlint-code-quality/rules/php/S052-otp-entropy.md +45 -0
  353. package/skill-assets/sunlint-code-quality/rules/php/S053-generic-error-messages.md +59 -0
  354. package/skill-assets/sunlint-code-quality/rules/php/S054-no-default-admin.md +62 -0
  355. package/skill-assets/sunlint-code-quality/rules/php/S055-content-type-validation.md +58 -0
  356. package/skill-assets/sunlint-code-quality/rules/php/S056-log-injection.md +48 -0
  357. package/skill-assets/sunlint-code-quality/rules/php/S057-synchronized-time.md +52 -0
  358. package/skill-assets/sunlint-code-quality/rules/php/S058-ssrf-protection.md +65 -0
  359. package/skill-assets/sunlint-code-quality/rules/python/C006-verb-noun-functions.md +30 -0
  360. package/skill-assets/sunlint-code-quality/rules/python/C013-no-dead-code.md +24 -0
  361. package/skill-assets/sunlint-code-quality/rules/python/C014-dependency-injection.md +68 -0
  362. package/skill-assets/sunlint-code-quality/rules/python/C017-no-constructor-logic.md +30 -0
  363. package/skill-assets/sunlint-code-quality/rules/python/C018-generic-errors.md +25 -0
  364. package/skill-assets/sunlint-code-quality/rules/python/C019-error-log-level.md +26 -0
  365. package/skill-assets/sunlint-code-quality/rules/python/C020-no-unused-imports.md +28 -0
  366. package/skill-assets/sunlint-code-quality/rules/python/C022-no-unused-variables.md +24 -0
  367. package/skill-assets/sunlint-code-quality/rules/python/C023-no-duplicate-names.md +27 -0
  368. package/skill-assets/sunlint-code-quality/rules/python/C024-centralize-constants.md +27 -0
  369. package/skill-assets/sunlint-code-quality/rules/python/C029-catch-log-root-cause.md +61 -0
  370. package/skill-assets/sunlint-code-quality/rules/python/C030-custom-error-classes.md +28 -0
  371. package/skill-assets/sunlint-code-quality/rules/python/C033-separate-data-access.md +53 -0
  372. package/skill-assets/sunlint-code-quality/rules/python/C035-error-context-logging.md +26 -0
  373. package/skill-assets/sunlint-code-quality/rules/python/C041-no-hardcoded-secrets.md +23 -0
  374. package/skill-assets/sunlint-code-quality/rules/python/C042-boolean-naming.md +24 -0
  375. package/skill-assets/sunlint-code-quality/rules/python/C052-controller-parsing.md +34 -0
  376. package/skill-assets/sunlint-code-quality/rules/python/C060-superclass-logic.md +26 -0
  377. package/skill-assets/sunlint-code-quality/rules/python/C067-no-hardcoded-config.md +22 -0
  378. package/skill-assets/sunlint-code-quality/rules/python/S003-open-redirect.md +16 -0
  379. package/skill-assets/sunlint-code-quality/rules/python/S004-no-log-credentials.md +16 -0
  380. package/skill-assets/sunlint-code-quality/rules/python/S005-server-authorization.md +16 -0
  381. package/skill-assets/sunlint-code-quality/rules/python/S006-default-credentials.md +16 -0
  382. package/skill-assets/sunlint-code-quality/rules/python/S007-output-encoding.md +16 -0
  383. package/skill-assets/sunlint-code-quality/rules/python/S009-approved-crypto.md +16 -0
  384. package/skill-assets/sunlint-code-quality/rules/python/S010-csprng.md +16 -0
  385. package/skill-assets/sunlint-code-quality/rules/python/S011-encrypted-client-hello.md +16 -0
  386. package/skill-assets/sunlint-code-quality/rules/python/S012-secrets-management.md +16 -0
  387. package/skill-assets/sunlint-code-quality/rules/python/S013-tls-connections.md +16 -0
  388. package/skill-assets/sunlint-code-quality/rules/python/S016-no-sensitive-query-string.md +16 -0
  389. package/skill-assets/sunlint-code-quality/rules/python/S017-parameterized-queries.md +51 -0
  390. package/skill-assets/sunlint-code-quality/rules/python/S019-email-input-sanitization.md +16 -0
  391. package/skill-assets/sunlint-code-quality/rules/python/S020-eval-code-execution.md +51 -0
  392. package/skill-assets/sunlint-code-quality/rules/python/S022-context-escaping.md +16 -0
  393. package/skill-assets/sunlint-code-quality/rules/python/S023-dynamic-js-encoding.md +16 -0
  394. package/skill-assets/sunlint-code-quality/rules/python/S025-server-validation.md +16 -0
  395. package/skill-assets/sunlint-code-quality/rules/python/S026-tls-encryption.md +16 -0
  396. package/skill-assets/sunlint-code-quality/rules/python/S027-mtls-validation.md +16 -0
  397. package/skill-assets/sunlint-code-quality/rules/python/S028-upload-limits.md +16 -0
  398. package/skill-assets/sunlint-code-quality/rules/python/S029-csrf-protection.md +16 -0
  399. package/skill-assets/sunlint-code-quality/rules/python/S030-directory-browsing.md +16 -0
  400. package/skill-assets/sunlint-code-quality/rules/python/S031-secure-cookie-flag.md +16 -0
  401. package/skill-assets/sunlint-code-quality/rules/python/S032-httponly-cookie.md +16 -0
  402. package/skill-assets/sunlint-code-quality/rules/python/S033-samesite-cookie.md +16 -0
  403. package/skill-assets/sunlint-code-quality/rules/python/S034-host-prefix-cookie.md +16 -0
  404. package/skill-assets/sunlint-code-quality/rules/python/S035-app-hostnames.md +16 -0
  405. package/skill-assets/sunlint-code-quality/rules/python/S036-internal-file-paths.md +50 -0
  406. package/skill-assets/sunlint-code-quality/rules/python/S037-anti-cache-headers.md +16 -0
  407. package/skill-assets/sunlint-code-quality/rules/python/S039-tls-certificate-validation.md +16 -0
  408. package/skill-assets/sunlint-code-quality/rules/python/S041-logout-invalidation.md +16 -0
  409. package/skill-assets/sunlint-code-quality/rules/python/S042-long-lived-sessions.md +16 -0
  410. package/skill-assets/sunlint-code-quality/rules/python/S044-critical-changes-reauth.md +16 -0
  411. package/skill-assets/sunlint-code-quality/rules/python/S045-brute-force-protection.md +16 -0
  412. package/skill-assets/sunlint-code-quality/rules/python/S047-oauth-csrf-protection.md +16 -0
  413. package/skill-assets/sunlint-code-quality/rules/python/S048-oauth-redirect-validation.md +16 -0
  414. package/skill-assets/sunlint-code-quality/rules/python/S049-auth-code-expiry.md +16 -0
  415. package/skill-assets/sunlint-code-quality/rules/python/S050-token-entropy.md +16 -0
  416. package/skill-assets/sunlint-code-quality/rules/python/S051-password-length.md +16 -0
  417. package/skill-assets/sunlint-code-quality/rules/python/S052-otp-entropy.md +16 -0
  418. package/skill-assets/sunlint-code-quality/rules/python/S053-generic-error-messages.md +16 -0
  419. package/skill-assets/sunlint-code-quality/rules/python/S054-no-default-admin.md +16 -0
  420. package/skill-assets/sunlint-code-quality/rules/python/S055-content-type-validation.md +16 -0
  421. package/skill-assets/sunlint-code-quality/rules/python/S056-log-injection.md +16 -0
  422. package/skill-assets/sunlint-code-quality/rules/python/S057-synchronized-time.md +16 -0
  423. package/skill-assets/sunlint-code-quality/rules/python/S058-ssrf-protection.md +57 -0
  424. package/skill-assets/sunlint-code-quality/rules/typescript/C006-verb-noun-functions.md +45 -0
  425. package/skill-assets/sunlint-code-quality/rules/typescript/C013-no-dead-code.md +51 -0
  426. package/skill-assets/sunlint-code-quality/rules/typescript/C014-dependency-injection.md +69 -0
  427. package/skill-assets/sunlint-code-quality/rules/typescript/C017-no-constructor-logic.md +60 -0
  428. package/skill-assets/sunlint-code-quality/rules/typescript/C018-generic-errors.md +47 -0
  429. package/skill-assets/sunlint-code-quality/rules/typescript/C019-error-log-level.md +50 -0
  430. package/skill-assets/sunlint-code-quality/rules/typescript/C020-no-unused-imports.md +55 -0
  431. package/skill-assets/sunlint-code-quality/rules/typescript/C022-no-unused-variables.md +59 -0
  432. package/skill-assets/sunlint-code-quality/rules/typescript/C023-no-duplicate-names.md +58 -0
  433. package/skill-assets/sunlint-code-quality/rules/typescript/C024-centralize-constants.md +56 -0
  434. package/skill-assets/sunlint-code-quality/rules/typescript/C029-catch-log-root-cause.md +53 -0
  435. package/skill-assets/sunlint-code-quality/rules/typescript/C030-custom-error-classes.md +60 -0
  436. package/skill-assets/sunlint-code-quality/rules/typescript/C033-separate-data-access.md +69 -0
  437. package/skill-assets/sunlint-code-quality/rules/typescript/C035-error-context-logging.md +50 -0
  438. package/skill-assets/sunlint-code-quality/rules/typescript/C041-no-hardcoded-secrets.md +47 -0
  439. package/skill-assets/sunlint-code-quality/rules/typescript/C042-boolean-naming.md +42 -0
  440. package/skill-assets/sunlint-code-quality/rules/typescript/C052-controller-parsing.md +64 -0
  441. package/skill-assets/sunlint-code-quality/rules/typescript/C060-superclass-logic.md +67 -0
  442. package/skill-assets/sunlint-code-quality/rules/typescript/C067-no-hardcoded-config.md +52 -0
  443. package/skill-assets/sunlint-code-quality/rules/typescript/S003-open-redirect.md +76 -0
  444. package/skill-assets/sunlint-code-quality/rules/typescript/S004-no-log-credentials.md +71 -0
  445. package/skill-assets/sunlint-code-quality/rules/typescript/S005-server-authorization.md +68 -0
  446. package/skill-assets/sunlint-code-quality/rules/typescript/S006-default-credentials.md +69 -0
  447. package/skill-assets/sunlint-code-quality/rules/typescript/S007-output-encoding.md +60 -0
  448. package/skill-assets/sunlint-code-quality/rules/typescript/S009-approved-crypto.md +53 -0
  449. package/skill-assets/sunlint-code-quality/rules/typescript/S010-csprng.md +53 -0
  450. package/skill-assets/sunlint-code-quality/rules/typescript/S011-encrypted-client-hello.md +45 -0
  451. package/skill-assets/sunlint-code-quality/rules/typescript/S012-secrets-management.md +47 -0
  452. package/skill-assets/sunlint-code-quality/rules/typescript/S013-tls-connections.md +70 -0
  453. package/skill-assets/sunlint-code-quality/rules/typescript/S016-no-sensitive-query-string.md +53 -0
  454. package/skill-assets/sunlint-code-quality/rules/typescript/S017-parameterized-queries.md +55 -0
  455. package/skill-assets/sunlint-code-quality/rules/typescript/S019-email-input-sanitization.md +56 -0
  456. package/skill-assets/sunlint-code-quality/rules/typescript/S020-eval-code-execution.md +58 -0
  457. package/skill-assets/sunlint-code-quality/rules/typescript/S022-context-escaping.md +48 -0
  458. package/skill-assets/sunlint-code-quality/rules/typescript/S023-dynamic-js-encoding.md +52 -0
  459. package/skill-assets/sunlint-code-quality/rules/typescript/S025-server-validation.md +62 -0
  460. package/skill-assets/sunlint-code-quality/rules/typescript/S026-tls-encryption.md +47 -0
  461. package/skill-assets/sunlint-code-quality/rules/typescript/S027-mtls-validation.md +50 -0
  462. package/skill-assets/sunlint-code-quality/rules/typescript/S028-upload-limits.md +65 -0
  463. package/skill-assets/sunlint-code-quality/rules/typescript/S029-csrf-protection.md +62 -0
  464. package/skill-assets/sunlint-code-quality/rules/typescript/S030-directory-browsing.md +52 -0
  465. package/skill-assets/sunlint-code-quality/rules/typescript/S031-secure-cookie-flag.md +48 -0
  466. package/skill-assets/sunlint-code-quality/rules/typescript/S032-httponly-cookie.md +36 -0
  467. package/skill-assets/sunlint-code-quality/rules/typescript/S033-samesite-cookie.md +46 -0
  468. package/skill-assets/sunlint-code-quality/rules/typescript/S034-host-prefix-cookie.md +50 -0
  469. package/skill-assets/sunlint-code-quality/rules/typescript/S035-app-hostnames.md +49 -0
  470. package/skill-assets/sunlint-code-quality/rules/typescript/S036-internal-file-paths.md +53 -0
  471. package/skill-assets/sunlint-code-quality/rules/typescript/S037-anti-cache-headers.md +52 -0
  472. package/skill-assets/sunlint-code-quality/rules/typescript/S039-tls-certificate-validation.md +51 -0
  473. package/skill-assets/sunlint-code-quality/rules/typescript/S041-logout-invalidation.md +58 -0
  474. package/skill-assets/sunlint-code-quality/rules/typescript/S042-long-lived-sessions.md +55 -0
  475. package/skill-assets/sunlint-code-quality/rules/typescript/S044-critical-changes-reauth.md +69 -0
  476. package/skill-assets/sunlint-code-quality/rules/typescript/S045-brute-force-protection.md +59 -0
  477. package/skill-assets/sunlint-code-quality/rules/typescript/S047-oauth-csrf-protection.md +60 -0
  478. package/skill-assets/sunlint-code-quality/rules/typescript/S048-oauth-redirect-validation.md +59 -0
  479. package/skill-assets/sunlint-code-quality/rules/typescript/S049-auth-code-expiry.md +73 -0
  480. package/skill-assets/sunlint-code-quality/rules/typescript/S050-token-entropy.md +48 -0
  481. package/skill-assets/sunlint-code-quality/rules/typescript/S051-password-length.md +60 -0
  482. package/skill-assets/sunlint-code-quality/rules/typescript/S052-otp-entropy.md +49 -0
  483. package/skill-assets/sunlint-code-quality/rules/typescript/S053-generic-error-messages.md +61 -0
  484. package/skill-assets/sunlint-code-quality/rules/typescript/S054-no-default-admin.md +64 -0
  485. package/skill-assets/sunlint-code-quality/rules/typescript/S055-content-type-validation.md +64 -0
  486. package/skill-assets/sunlint-code-quality/rules/typescript/S056-log-injection.md +48 -0
  487. package/skill-assets/sunlint-code-quality/rules/typescript/S057-synchronized-time.md +57 -0
  488. package/skill-assets/sunlint-code-quality/rules/typescript/S058-ssrf-protection.md +63 -0
package/skill-assets/sunlint-code-quality/rules/python/C020-no-unused-imports.md ADDED
@@ -0,0 +1,28 @@
1
+ ---
2
+ title: Do Not Import Unused Modules
3
+ impact: MEDIUM
4
+ impactDescription: improves load time and reduces confusion
5
+ tags: clean-code, performance, quality, python
6
+ ---
7
+
8
+ ## Do Not Import Unused Modules
9
+
10
+ Unused imports increase the noise in the file and can sometimes lead to circular dependency issues or unnecessary memory usage.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ import os
15
+ import sys # sys is never used
16
+ from pyspark.sql import functions as F
17
+
18
+ def my_func():
19
+ return F.col("id")
20
+ ```
21
+
22
+ **Correct:**
23
+ ```python
24
+ from pyspark.sql import functions as F
25
+
26
+ def my_func():
27
+ return F.col("id")
28
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C022-no-unused-variables.md ADDED
@@ -0,0 +1,24 @@
1
+ ---
2
+ title: Do Not Leave Unused Variables
3
+ impact: MEDIUM
4
+ impactDescription: reduces noise and potential bugs
5
+ tags: clean-code, quality, python
6
+ ---
7
+
8
+ ## Do Not Leave Unused Variables
9
+
10
+ Variables that are declared but never used indicate unfinished work or bugs.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ def process(data):
15
+ result = transform(data)
16
+ temp_var = 10 # Never used
17
+ return result
18
+ ```
19
+
20
+ **Correct:**
21
+ ```python
22
+ def process(data):
23
+ return transform(data)
24
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C023-no-duplicate-names.md ADDED
@@ -0,0 +1,27 @@
1
+ ---
2
+ title: No Duplicate Variable Names in Scope
3
+ impact: MEDIUM
4
+ impactDescription: prevents shadowing and logic errors
5
+ tags: naming, clean-code, quality, python
6
+ ---
7
+
8
+ ## No Duplicate Variable Names in Scope
9
+
10
+ Reusing variable names in the same scope (shadowing) makes code hard to read and can lead to unexpected behavior.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ def filter_data(df):
15
+ df = df.filter(col("id") > 0)
16
+ # Reusing 'df' name for a different purpose might be confusing if logic grows
17
+ df = 10
18
+ return df
19
+ ```
20
+
21
+ **Correct:**
22
+ ```python
23
+ def filter_data(df):
24
+ filtered_df = df.filter(col("id") > 0)
25
+ count = 10
26
+ return filtered_df
27
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C024-centralize-constants.md ADDED
@@ -0,0 +1,27 @@
1
+ ---
2
+ title: Centralize Constants
3
+ impact: MEDIUM
4
+ impactDescription: improves maintainability and prevents magic strings
5
+ tags: maintenance, quality, python, pyspark
6
+ ---
7
+
8
+ ## Centralize Constants
9
+
10
+ Avoid "magic strings" or numbers scattered across the code. Centralize them in a config or constants file.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ df = df.filter(col("status") == "ACTIVE") # Magic string
15
+ df.write.save("s3://my-bucket/output") # Hardcoded path
16
+ ```
17
+
18
+ **Correct:**
19
+ ```python
20
+ # constants.py
21
+ ORDER_STATUS_ACTIVE = "ACTIVE"
22
+ OUTPUT_PATH = "s3://my-bucket/output"
23
+
24
+ # main.py
25
+ df = df.filter(col("status") == ORDER_STATUS_ACTIVE)
26
+ df.write.save(OUTPUT_PATH)
27
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C029-catch-log-root-cause.md ADDED
@@ -0,0 +1,61 @@
1
+ ---
2
+ title: All Catch Blocks Must Log Root Cause
3
+ impact: HIGH
4
+ impactDescription: enables debugging and incident response
5
+ tags: error-handling, logging, debugging, observability, quality, python, pyspark
6
+ ---
7
+
8
+ ## All Catch Blocks Must Log Root Cause
9
+
10
+ Silent failures make debugging impossible. Without proper logging, you cannot trace issues in production. In PySpark, unlogged exceptions in executors can lead to data loss or silent corruption.
11
+
12
+ **Incorrect (silent or minimal logging):**
13
+
14
+ ```python
15
+ try:
16
+ process_payment(order)
17
+ except Exception:
18
+ pass # Empty except - silent failure!
19
+
20
+ try:
21
+ save_user(user)
22
+ except Exception as e:
23
+ return None # No logging, no context
24
+ ```
25
+
26
+ **Correct (comprehensive error logging):**
27
+
28
+ ```python
29
+ import logging
30
+
31
+ logger = logging.getLogger(__name__)
32
+
33
+ try:
34
+ process_payment(order)
35
+ except Exception as error:
36
+ logger.error('Payment processing failed', extra={
37
+ 'order_id': order.id,
38
+ 'user_id': order.user_id,
39
+ 'amount': order.amount,
40
+ 'error_msg': str(error),
41
+ 'exc_info': True, # Capture stack trace
42
+ 'request_id': getattr(context, 'request_id', None)
43
+ })
44
+ raise PaymentFailedError('Payment could not be processed') from error
45
+
46
+ # PySpark Context
47
+ try:
48
+ df.write.save(path)
49
+ except Exception as error:
50
+ logger.error(f'Failed to save Spark DataFrame to {path}', exc_info=True)
51
+ raise SparkProcessError(f"Spark write failed for {path}") from error
52
+ ```
53
+
54
+ **Log context should include:**
55
+ - Error message and stack trace (using `exc_info=True`)
56
+ - Relevant entity IDs (order, user, etc.)
57
+ - Request/correlation ID
58
+ - Input parameters that caused the error
59
+ - Timing information
60
+
61
+ **Tools:** Static analyzer, Pylint, PR review
package/skill-assets/sunlint-code-quality/rules/python/C030-custom-error-classes.md ADDED
@@ -0,0 +1,28 @@
1
+ ---
2
+ title: Use Custom Error Classes
3
+ impact: HIGH
4
+ impactDescription: enables specific error handling and better logging
5
+ tags: error-handling, quality, python, pyspark
6
+ ---
7
+
8
+ ## Use Custom Error Classes
9
+
10
+ Custom error classes provide context and allow for granular error handling.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ def process_spark(df):
15
+ if df.count() == 0:
16
+ raise Exception("Empty dataframe")
17
+ ```
18
+
19
+ **Correct:**
20
+ ```python
21
+ class EmptyDatasetError(Exception):
22
+ """Raised when the input Spark DataFrame is empty"""
23
+ pass
24
+
25
+ def process_spark(df):
26
+ if df.count() == 0:
27
+ raise EmptyDatasetError("Input orders table is empty")
28
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C033-separate-data-access.md ADDED
@@ -0,0 +1,53 @@
1
+ ---
2
+ title: Separate Processing and Data Access Layers
3
+ impact: HIGH
4
+ impactDescription: improves testability and maintainability of business logic
5
+ tags: architecture, data-access, layers, quality, python, pyspark
6
+ ---
7
+
8
+ ## Separate Processing and Data Access Layers
9
+
10
+ Mixing business logic with data storage code (SQL, API calls, file I/O) makes code hard to test and maintain. Separating these layers allows you to test business logic without a database or cluster.
11
+
12
+ **Incorrect (mixed logic and I/O):**
13
+
14
+ ```python
15
+ def process_orders_and_save(spark, input_path, output_path):
16
+ # Data Access + Logic mixed
17
+ df = spark.read.parquet(input_path)
18
+
19
+ # Business logic
20
+ df = df.filter(col("amount") > 100)
21
+ df = df.withColumn("tax", col("amount") * 0.1)
22
+
23
+ # Data Access mixed
24
+ df.write.mode("overwrite").parquet(output_path)
25
+ ```
26
+
27
+ **Correct (separated layers):**
28
+
29
+ ```python
30
+ # Processing Layer (Business Logic - Pure Spark transformations)
31
+ def calculate_tax(df):
32
+ """Business logic that is easy to unit test with mock data"""
33
+ return df.filter(col("amount") > 100) \
34
+ .withColumn("tax", col("amount") * 0.1)
35
+
36
+ # Task/Service Layer (Orchestration)
37
+ def run_order_job(spark, config):
38
+ # Data Access: Read
39
+ raw_df = spark.read.parquet(config['input_path'])
40
+
41
+ # Logic: Transform
42
+ processed_df = calculate_tax(raw_df)
43
+
44
+ # Data Access: Write
45
+ processed_df.write.mode("overwrite").parquet(config['output_path'])
46
+ ```
47
+
48
+ **Benefits:**
49
+ - **Unit Testability**: You can test `calculate_tax` with small, local DataFrames.
50
+ - **Flexibility**: You can change storage (Parquet to Delta) without touching business logic.
51
+ - **Readability**: The purpose of each function is clear.
52
+
53
+ **Tools:** Static analyzer, PR review
package/skill-assets/sunlint-code-quality/rules/python/C035-error-context-logging.md ADDED
@@ -0,0 +1,26 @@
1
+ ---
2
+ title: Log All Relevant Context on Errors
3
+ impact: HIGH
4
+ impactDescription: speeds up troubleshooting
5
+ tags: logging, troubleshooting, quality, python
6
+ ---
7
+
8
+ ## Log All Relevant Context on Errors
9
+
10
+ When an error occurs, log the metadata (IDs, parameters) needed to reproduce it.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ except Exception as e:
15
+ logger.error("Upload failed")
16
+ ```
17
+
18
+ **Correct:**
19
+ ```python
20
+ except Exception as e:
21
+ logger.error(f"Upload failed for user {user_id}", extra={
22
+ "file_id": file_id,
23
+ "bucket": bucket_name,
24
+ "exc_info": True
25
+ })
26
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C041-no-hardcoded-secrets.md ADDED
@@ -0,0 +1,23 @@
1
+ ---
2
+ title: No Hardcoded Secrets in Repo
3
+ impact: CRITICAL
4
+ impactDescription: prevents compromise of credentials
5
+ tags: security, secrets, python
6
+ ---
7
+
8
+ ## No Hardcoded Secrets in Repo
9
+
10
+ Never commit API keys, passwords, or tokens to version control.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ AWS_SECRET = "AKIA-SECRET-KEY-123"
15
+ db_pass = "admin123"
16
+ ```
17
+
18
+ **Correct:**
19
+ ```python
20
+ import os
21
+ AWS_SECRET = os.environ.get("AWS_SECRET_KEY")
22
+ # Or use a secrets manager
23
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C042-boolean-naming.md ADDED
@@ -0,0 +1,24 @@
1
+ ---
2
+ title: Boolean Names: is/has/should Prefix
3
+ impact: MEDIUM
4
+ impactDescription: clarifies variable type and intent
5
+ tags: naming, booleans, quality, python
6
+ ---
7
+
8
+ ## Boolean Names: is/has/should Prefix
9
+
10
+ Boolean variables should be named as questions that yield a yes/no answer.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ valid = True
15
+ active = False
16
+ login = True
17
+ ```
18
+
19
+ **Correct:**
20
+ ```python
21
+ is_valid = True
22
+ has_access = False
23
+ should_login = True
24
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C052-controller-parsing.md ADDED
@@ -0,0 +1,34 @@
1
+ ---
2
+ title: Separate Parsing from Controllers
3
+ impact: MEDIUM
4
+ impactDescription: improves clarity and reuse of logic
5
+ tags: architecture, controller, quality, python
6
+ ---
7
+
8
+ ## Separate Parsing from Controllers
9
+
10
+ In web apps (Flask/FastAPI), separate input validation/parsing from the main request logic.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ @app.route('/user')
15
+ def get_user():
16
+ user_id = request.args.get('id')
17
+ if not user_id or len(user_id) < 5:
18
+ return "Invalid ID", 400
19
+ # ... business logic ...
20
+ ```
21
+
22
+ **Correct:**
23
+ ```python
24
+ def parse_user_id(args):
25
+ user_id = args.get('id')
26
+ if not user_id or len(user_id) < 5:
27
+ raise InvalidInputError()
28
+ return user_id
29
+
30
+ @app.route('/user')
31
+ def get_user():
32
+ user_id = parse_user_id(request.args)
33
+ # ... business logic ...
34
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C060-superclass-logic.md ADDED
@@ -0,0 +1,26 @@
1
+ ---
2
+ title: Do Not Ignore Superclass Logic
3
+ impact: MEDIUM
4
+ impactDescription: prevents breaking parent class behavior
5
+ tags: oop, inheritance, quality, python
6
+ ---
7
+
8
+ ## Do Not Ignore Superclass Logic
9
+
10
+ When overriding methods, usually you should call `super()` to ensure parent logic is executed.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ class MySparkApp(BaseApp):
15
+ def initialize(self):
16
+ # ❌ Forgot super().initialize()
17
+ self.setup_custom()
18
+ ```
19
+
20
+ **Correct:**
21
+ ```python
22
+ class MySparkApp(BaseApp):
23
+ def initialize(self):
24
+ super().initialize()
25
+ self.setup_custom()
26
+ ```
package/skill-assets/sunlint-code-quality/rules/python/C067-no-hardcoded-config.md ADDED
@@ -0,0 +1,22 @@
1
+ ---
2
+ title: No Hardcoded Configuration Values
3
+ impact: MEDIUM
4
+ impactDescription: enables environment-specific deployments
5
+ tags: config, architecture, quality, python, pyspark
6
+ ---
7
+
8
+ ## No Hardcoded Configuration Values
9
+
10
+ Environment-specific values (URLs, paths, flags) should be in config files, not code.
11
+
12
+ **Incorrect:**
13
+ ```python
14
+ endpoint = "https://prod-api.example.com"
15
+ ```
16
+
17
+ **Correct:**
18
+ ```python
19
+ import yaml
20
+ config = yaml.safe_load(open("config.yaml"))
21
+ endpoint = config['api_endpoint']
22
+ ```
package/skill-assets/sunlint-code-quality/rules/python/S003-open-redirect.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: URL Redirects Must Be In Allow List
3
+ impact: LOW
4
+ impactDescription: prevents open redirect vulnerabilities
5
+ tags: redirect, url, allow-list, validation, security
6
+ ---
7
+
8
+ ## URL Redirects Must Be In Allow List
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S004-no-log-credentials.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Do Not Log Credentials Or Tokens
3
+ impact: MEDIUM
4
+ impactDescription: prevents credential exposure in logs
5
+ tags: logging, credentials, tokens, secrets, security
6
+ ---
7
+
8
+ ## Do Not Log Credentials Or Tokens
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S005-server-authorization.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Enforce Authorization At Trusted Service Layer
3
+ impact: CRITICAL
4
+ impactDescription: prevents client-side authorization bypass
5
+ tags: authorization, server-side, middleware, access-control, security
6
+ ---
7
+
8
+ ## Enforce Authorization At Trusted Service Layer
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S006-default-credentials.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Do Not Use Default Credentials
3
+ impact: CRITICAL
4
+ impactDescription: prevents trivial compromise via known credentials
5
+ tags: credentials, default, passwords, configuration, security
6
+ ---
7
+
8
+ ## Do Not Use Default Credentials
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S007-output-encoding.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Output Encoding Before Interpreter Use
3
+ impact: HIGH
4
+ impactDescription: prevents XSS and injection attacks
5
+ tags: xss, encoding, output, html, security
6
+ ---
7
+
8
+ ## Output Encoding Before Interpreter Use
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S009-approved-crypto.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Use Only Approved Crypto Algorithms
3
+ impact: MEDIUM
4
+ impactDescription: ensures cryptographic strength
5
+ tags: cryptography, algorithms, hashing, encryption, security
6
+ ---
7
+
8
+ ## Use Only Approved Crypto Algorithms
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S010-csprng.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Use CSPRNG For Security Purposes
3
+ impact: HIGH
4
+ impactDescription: prevents predictable tokens and session hijacking
5
+ tags: random, csprng, tokens, session, cryptography, security
6
+ ---
7
+
8
+ ## Use CSPRNG For Security Purposes
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S011-encrypted-client-hello.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Enable Encrypted Client Hello (ECH)
3
+ impact: MEDIUM
4
+ impactDescription: protects SNI from eavesdropping
5
+ tags: tls, ech, sni, privacy, security
6
+ ---
7
+
8
+ ## Enable Encrypted Client Hello (ECH)
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S012-secrets-management.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Use Secrets Management For Backend Secrets
3
+ impact: CRITICAL
4
+ impactDescription: centralizes and secures credential storage
5
+ tags: secrets, vault, credentials, configuration, security
6
+ ---
7
+
8
+ ## Use Secrets Management For Backend Secrets
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S013-tls-connections.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Always Use TLS For All Connections
3
+ impact: HIGH
4
+ impactDescription: protects data in transit from eavesdropping
5
+ tags: tls, https, encryption, transport, security
6
+ ---
7
+
8
+ ## Always Use TLS For All Connections
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S016-no-sensitive-query-string.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Do Not Pass Sensitive Data In Query String
3
+ impact: HIGH
4
+ impactDescription: prevents credential leakage in logs and history
5
+ tags: url, query-string, sensitive-data, leakage, security
6
+ ---
7
+
8
+ ## Do Not Pass Sensitive Data In Query String
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)
package/skill-assets/sunlint-code-quality/rules/python/S017-parameterized-queries.md ADDED
@@ -0,0 +1,51 @@
1
+ ---
2
+ title: Always Use Parameterized Queries
3
+ impact: CRITICAL
4
+ impactDescription: prevents SQL and NoSQL injection attacks
5
+ tags: injection, sql, spark-sql, database, parameterized, security, python, pyspark
6
+ ---
7
+
8
+ ## Always Use Parameterized Queries
9
+
10
+ SQL injection is one of the top security vulnerabilities. Direct string concatenation allows attackers to execute arbitrary database commands, steal data, or destroy databases. In PySpark, this often happens when building Spark SQL queries with f-strings.
11
+
12
+ **Incorrect (string concatenation):**
13
+
14
+ ```python
15
+ # SQL Injection vulnerability in standard SQL
16
+ user_id = request.args.get('id')
17
+ query = f"SELECT * FROM users WHERE id = '{user_id}'"
18
+ cursor.execute(query)
19
+
20
+ # SQL Injection vulnerability in PySpark SQL
21
+ table_name = "orders"
22
+ status = request.args.get('status')
23
+ # UNFAIR: f-string allows manipulation of the SQL structure
24
+ spark.sql(f"SELECT * FROM {table_name} WHERE status = '{status}'")
25
+ ```
26
+
27
+ **Correct (parameterized queries):**
28
+
29
+ ```python
30
+ # Parameterized query - standard DB-API
31
+ user_id = request.args.get('id')
32
+ cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
33
+
34
+ # Safe PySpark SQL (Spark 3.4+)
35
+ spark.sql(
36
+ "SELECT * FROM {table} WHERE status = {status}",
37
+ args={"table": "orders", "status": status}
38
+ )
39
+
40
+ # Safe PySpark using DataFrame API (Recommended)
41
+ from pyspark.sql.functions import col
42
+ status = request.args.get('status')
43
+ df = spark.table("orders").filter(col("status") == status)
44
+ ```
45
+
46
+ **Benefits:**
47
+ - Prevents malicious code execution
48
+ - Improves query performance through plan caching
49
+ - Handles type escaping automatically
50
+
51
+ **Tools:** Bandit (B608), SonarQube, Semgrep
package/skill-assets/sunlint-code-quality/rules/python/S019-email-input-sanitization.md ADDED
@@ -0,0 +1,16 @@
1
+ ---
2
+ title: Sanitize Input Before Sending Emails
3
+ impact: MEDIUM
4
+ impactDescription: prevents email header injection
5
+ tags: email, injection, sanitization, input-validation, security
6
+ ---
7
+
8
+ ## Sanitize Input Before Sending Emails
9
+
10
+ This rule ensures high quality and security in Python and PySpark applications.
11
+
12
+ **Implementation Guidance:**
13
+ - Follow standard Python best practices (PEP 8)
14
+ - Use type hints for better clarity
15
+ - For PySpark, prefer DataFrame API over SQL strings where possible
16
+ - Ensure proper resource management (using \`with\` statements)