getdoorman 1.0.0

package/src/rules/bugs/js-database.js

@@ -0,0 +1,203 @@
+// Bug detection: Database/ORM patterns
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+function isPy(f) { return f.endsWith('.py'); }
+
+const rules = [
+  {
+    id: 'BUG-DB-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'N+1 query — database call inside loop',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\b(?:for|forEach|map)\b/.test(lines[i]) || /\.forEach\s*\(|\.map\s*\(/.test(lines[i])) {
+            let block = '';
+            let braceDepth = 0;
+            for (let j = i; j < Math.min(i + 15, lines.length); j++) {
+              block += lines[j] + '\n';
+              braceDepth += (lines[j].match(/\{/g) || []).length - (lines[j].match(/\}/g) || []).length;
+              if (braceDepth <= 0 && j > i) break;
+            }
+            // Database calls inside loop
+            if (/await\s+.*\.(findOne|findById|findUnique|findFirst|find\(|query\(|get\(|select\(|where\(|exec\()/.test(block)) {
+              findings.push({
+                ruleId: 'BUG-DB-001', category: 'bugs', severity: 'high',
+                title: 'N+1 query — database call inside loop',
+                description: 'Each loop iteration makes a separate DB query. Fetch all needed data in one query before the loop (e.g., findMany with where IN).',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-DB-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Multiple related DB operations without transaction',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // Look for sequences of await db operations
+          if (/await\s+.*\.(create|update|delete|insert|remove|save|destroy)\s*\(/.test(lines[i])) {
+            let mutationCount = 1;
+            for (let j = i + 1; j < Math.min(i + 10, lines.length); j++) {
+              if (/await\s+.*\.(create|update|delete|insert|remove|save|destroy)\s*\(/.test(lines[j])) {
+                mutationCount++;
+              }
+            }
+            if (mutationCount >= 2) {
+              // Check if wrapped in transaction
+              const context = lines.slice(Math.max(0, i - 5), Math.min(i + 15, lines.length)).join('\n');
+              if (!/transaction|prisma\.\$transaction|knex\.transaction|sequelize\.transaction|BEGIN|COMMIT|session\.startTransaction/.test(context)) {
+                findings.push({
+                  ruleId: 'BUG-DB-002', category: 'bugs', severity: 'high',
+                  title: `${mutationCount} mutations without transaction — partial failure leaves inconsistent data`,
+                  description: 'Multiple write operations should be wrapped in a transaction so they either all succeed or all fail.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-DB-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'findMany/find() without limit — returns entire table',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        if (!/prisma|mongoose|sequelize|knex|typeorm/i.test(content)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // findMany() or .find({}) without take/limit
+          if (/\.(findMany|find)\s*\(\s*(?:\{[^}]*\})?\s*\)/.test(lines[i])) {
+            const block = lines.slice(i, Math.min(i + 5, lines.length)).join(' ');
+            if (!/take\s*:|limit\s*:|\.limit\s*\(|\$limit|skip|cursor|page|paginate/i.test(block)) {
+              findings.push({
+                ruleId: 'BUG-DB-003', category: 'bugs', severity: 'high',
+                title: 'Query returns all records without limit — crashes with large tables',
+                description: 'Unbounded queries return the entire table into memory. Add take/limit to prevent OOM errors on large datasets.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-DB-004',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Sensitive data selected without field filtering',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // User.findOne() or prisma.user.findFirst() without select
+          if (/(?:User|user|Account|account|Customer|customer)\.(findOne|findFirst|findUnique|findMany)\s*\(\s*\{/.test(lines[i])) {
+            const block = lines.slice(i, Math.min(i + 8, lines.length)).join(' ');
+            if (!/select\s*:|\.select\s*\(|attributes\s*:/.test(block)) {
+              // Check if the result is sent to client
+              const afterBlock = lines.slice(i, Math.min(i + 12, lines.length)).join(' ');
+              if (/res\.(json|send)|return\s+.*user|response\.json/.test(afterBlock)) {
+                findings.push({
+                  ruleId: 'BUG-DB-004', category: 'bugs', severity: 'medium',
+                  title: 'User query without field selection — password/secrets may leak to client',
+                  description: 'Querying user records without select/attributes returns all fields including password hashes and tokens. Use select to return only needed fields.',
+                  file: fp, line: i + 1, fix: null,
+                });
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-DB-005',
+    category: 'bugs',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'Raw SQL with string interpolation',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // prisma.$queryRaw`SELECT ... ${userInput}` or knex.raw(`...${var}`)
+          // db.query(`SELECT ... ${var}`)
+          if (/\.\$?(?:queryRaw|executeRaw|raw|query)\s*\(\s*`[^`]*\$\{/.test(lines[i])) {
+            // Allow tagged template literals (Prisma.sql, Prisma.$queryRaw)
+            if (!/Prisma\.sql|sql`/.test(lines[i]) && !/Prisma\.\$queryRaw`/.test(lines[i])) {
+              findings.push({
+                ruleId: 'BUG-DB-005', category: 'bugs', severity: 'high',
+                title: 'Raw SQL with template literal interpolation — SQL injection',
+                description: 'Template literals in raw queries are NOT parameterized. Use Prisma.sql`` tagged template or parameterized queries ($1, ?, :param).',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-DB-006',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Database connection not closed on error',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // mongoose.connect or createConnection without disconnect/close on process exit
+          if (/(?:mongoose|pg|mysql|redis)\.(?:connect|createConnection|createClient|createPool)\s*\(/.test(lines[i])) {
+            if (!/process\.on\s*\(\s*['"](?:SIGINT|SIGTERM|exit)['"]/.test(content) && !/\.close\s*\(|\.disconnect\s*\(|\.end\s*\(|\.destroy\s*\(/.test(content)) {
+              findings.push({
+                ruleId: 'BUG-DB-006', category: 'bugs', severity: 'medium',
+                title: 'Database connection never closed — leaks connections on shutdown',
+                description: 'Add process.on("SIGTERM", () => connection.close()) to cleanly disconnect on shutdown. Otherwise connections pile up.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/js-error-handling.js

@@ -0,0 +1,148 @@
+// Bug detection: JavaScript error handling bugs
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-ERR-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'throw string instead of Error — loses stack trace',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\bthrow\s+['"`]/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-ERR-001', category: 'bugs', severity: 'high',
+              title: 'throw "string" — no stack trace, instanceof Error fails',
+              description: 'Throwing a string instead of an Error object loses the stack trace and breaks catch(e) { if (e instanceof Error) } patterns. Use throw new Error("message").',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-ERR-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'catch rethrows without original error — loses context',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\bcatch\s*\(\s*(\w+)\s*\)/.test(lines[i])) {
+            const errVar = lines[i].match(/catch\s*\(\s*(\w+)/)[1];
+            const body = lines.slice(i + 1, Math.min(lines.length, i + 10)).join('\n');
+            // Check for throw new Error("...") without { cause: err }
+            if (/throw\s+new\s+Error\s*\(/.test(body) && !body.includes(errVar) && !body.includes('cause')) {
+              findings.push({
+                ruleId: 'BUG-ERR-002', category: 'bugs', severity: 'high',
+                title: 'catch block throws new error without original cause',
+                description: `Caught error "${errVar}" is discarded. Pass the original: throw new Error("msg", { cause: ${errVar} })`,
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-ERR-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Error created but not thrown — new Error() without throw',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (/\bnew\s+(?:Error|TypeError|RangeError|SyntaxError)\s*\(/.test(line) && !line.includes('throw') && !line.includes('reject') && !line.includes('=')) {
+            findings.push({
+              ruleId: 'BUG-ERR-003', category: 'bugs', severity: 'high',
+              title: 'Error created but not thrown — new Error() has no effect',
+              description: 'Creating an Error object without throwing it does nothing. Add throw keyword: throw new Error("message").',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-ERR-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'console.log(err) instead of console.error — loses error stream',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        let inCatch = false;
+        let catchVar = null;
+        for (let i = 0; i < lines.length; i++) {
+          const catchMatch = lines[i].match(/\bcatch\s*\(\s*(\w+)\s*\)/);
+          if (catchMatch) { inCatch = true; catchVar = catchMatch[1]; }
+          if (inCatch && catchVar && lines[i].includes('console.log') && lines[i].includes(catchVar)) {
+            findings.push({
+              ruleId: 'BUG-ERR-004', category: 'bugs', severity: 'high',
+              title: 'console.log() for error — use console.error() for stderr',
+              description: 'Errors logged with console.log go to stdout, not stderr. Use console.error() so errors are captured by log aggregators and CI.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+          if (/^\s*\}/.test(lines[i]) && inCatch) inCatch = false;
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-ERR-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Async function without try/catch at boundary',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        if (!fp.match(/(?:route|controller|handler|api|endpoint|middleware)/i)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/(?:async\s+(?:function\s+\w+|(?:get|post|put|delete|patch)\s*\())|(?:=\s*async\s*\()/.test(lines[i])) {
+            const body = lines.slice(i, Math.min(lines.length, i + 30)).join('\n');
+            if (!body.includes('try') && !body.includes('catch') && !body.includes('errorHandler') && body.includes('await')) {
+              findings.push({
+                ruleId: 'BUG-ERR-005', category: 'bugs', severity: 'high',
+                title: 'Async handler without try/catch — unhandled rejection crashes server',
+                description: 'Async route handlers need try/catch around awaits. Without it, a rejected promise crashes the server.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/js-logic.js

@@ -0,0 +1,261 @@
+// Bug detection: JavaScript logic and control flow bugs
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-LOGIC-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'switch fallthrough — missing break statement',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/^\s*case\s+/.test(lines[i])) {
+            // Look ahead for break/return before next case/default
+            let hasBreak = false;
+            for (let j = i + 1; j < Math.min(lines.length, i + 20); j++) {
+              if (/^\s*(break|return|throw|continue)\b/.test(lines[j])) { hasBreak = true; break; }
+              if (/^\s*case\s+/.test(lines[j]) || /^\s*default\s*:/.test(lines[j])) {
+                // Check for intentional fallthrough comment
+                const between = lines.slice(i, j).join('\n');
+                if (!/fall\s*through|intentional|eslint-disable/i.test(between) && between.trim().split('\n').length > 1) {
+                  findings.push({
+                    ruleId: 'BUG-LOGIC-001', category: 'bugs', severity: 'high',
+                    title: 'switch case fallthrough — missing break/return',
+                    description: 'This case falls through to the next one without break or return. Add break; or a // fallthrough comment if intentional.',
+                    file: fp, line: i + 1, fix: null,
+                  });
+                }
+                break;
+              }
+              if (/^\s*\}\s*$/.test(lines[j])) break;
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Empty catch block — errors silently swallowed',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\bcatch\s*\(/.test(lines[i]) || /\bcatch\s*\{/.test(lines[i])) {
+            // Check if catch body is empty
+            const next3 = lines.slice(i, i + 4).join('\n');
+            if (/catch\s*(?:\(\s*\w*\s*\))?\s*\{\s*\}/.test(next3)) {
+              findings.push({
+                ruleId: 'BUG-LOGIC-002', category: 'bugs', severity: 'high',
+                title: 'Empty catch block — errors silently swallowed',
+                description: 'Catching errors without logging or handling them hides bugs. At minimum, log the error.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Assignment in conditional — likely meant comparison',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // if (x = something) — likely meant ===
+          if (/\bif\s*\((?:.*[^!=<>])([^!=<>])=([^=])/.test(line)) {
+            const match = line.match(/\bif\s*\(\s*(\w+)\s*=\s*(?!=)/);
+            if (match && !line.includes('==') && !line.includes('===')) {
+              findings.push({
+                ruleId: 'BUG-LOGIC-003', category: 'bugs', severity: 'high',
+                title: 'Assignment (=) in if condition — did you mean === ?',
+                description: 'if (x = value) assigns value to x and evaluates. This is almost always a bug — use === for comparison.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Negated condition with || instead of && (De Morgan\'s law)',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // if (!a || !b) when they likely meant if (!(a && b)) which is if (!a || !b) — actually these are the same
+          // More useful: if (!a || b) or if (a || !b) inside a guard clause that should use &&
+          // Detect: if (x !== 'a' || x !== 'b') — always true, likely meant &&
+          const m = line.match(/(\w+)\s*!==?\s*['"](\w+)['"]\s*\|\|\s*\1\s*!==?\s*['"]/);
+          if (m) {
+            findings.push({
+              ruleId: 'BUG-LOGIC-004', category: 'bugs', severity: 'high',
+              title: 'Condition is always true — x !== "a" || x !== "b" is always true',
+              description: 'If x is "a", the second check passes. If x is "b", the first check passes. You likely meant && (AND) not || (OR).',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Unreachable code after return/throw',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length - 1; i++) {
+          const line = lines[i];
+          // Must be a standalone return/throw statement (not inside ternary, not multi-line return)
+          if (!/^\s+(return|throw)\s+/.test(line)) continue;
+          if (/\bif\b|\belse\b|\?|&&|\|\|/.test(line)) continue;
+          // Skip multi-line returns (line doesn't end with ; or contains opening brace/paren/template)
+          if (/[({`+,]$/.test(line.trim()) || !/[;)]?\s*$/.test(line.trim())) continue;
+          const nextLine = lines[i + 1];
+          if (!nextLine) continue;
+          const trimmed = nextLine.trim();
+          // Skip if next line is: closing brace, comment, blank, case/default, label, else
+          if (!trimmed || /^[}\])]|^\/\/|^\/\*|^\*|^case\b|^default\b|^else\b|^break\b/.test(trimmed)) continue;
+          // Skip if it's the continuation of an object/array/template literal
+          if (/^[.?+\-*,|&]|^\}|^`/.test(trimmed)) continue;
+          // Must be actual code (starts with word char or specific statement starters)
+          if (!/^[a-zA-Z_$]/.test(trimmed)) continue;
+          findings.push({
+            ruleId: 'BUG-LOGIC-005', category: 'bugs', severity: 'high',
+            title: 'Unreachable code after return/throw',
+            description: 'Code after return or throw is never executed. Move it before the return or remove it.',
+            file: fp, line: i + 2, fix: null,
+          });
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-006',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Constant condition in loop or if — dead code or infinite loop',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (/\bif\s*\(\s*(true|false|1|0)\s*\)/.test(line)) {
+            findings.push({
+              ruleId: 'BUG-LOGIC-006', category: 'bugs', severity: 'high',
+              title: 'Constant condition — branch is always taken or never taken',
+              description: 'if(true) or if(false) is dead code. Remove the condition or the dead branch.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-007',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Duplicate key in object literal — second value overwrites first',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        // Find duplicate keys in object literals
+        const objBlockRegex = /\{([^{}]{10,500})\}/g;
+        let match;
+        while ((match = objBlockRegex.exec(content)) !== null) {
+          const block = match[1];
+          const keyRegex = /(?:^|,|\n)\s*['"]?(\w+)['"]?\s*:/g;
+          const keys = {};
+          let keyMatch;
+          while ((keyMatch = keyRegex.exec(block)) !== null) {
+            const key = keyMatch[1];
+            if (keys[key]) {
+              const lineNum = content.substring(0, match.index).split('\n').length;
+              findings.push({
+                ruleId: 'BUG-LOGIC-007', category: 'bugs', severity: 'high',
+                title: `Duplicate key "${key}" in object literal — second value overwrites first`,
+                description: 'JavaScript silently uses the last value for duplicate keys. The first assignment is lost.',
+                file: fp, line: lineNum, fix: null,
+              });
+              break;
+            }
+            keys[key] = true;
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-LOGIC-008',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Semicolon after if/for — body never executes conditionally',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\b(if|for|while)\s*\([^)]+\)\s*;/.test(lines[i]) && !/for\s*\([^)]*;\s*[^)]*;\s*[^)]*\)/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-LOGIC-008', category: 'bugs', severity: 'high',
+              title: 'Semicolon after if/for — body executes unconditionally',
+              description: 'if (condition); { body } — the semicolon ends the if statement, so the body always executes. Remove the semicolon.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;