getdoorman 1.0.0

package/src/rules/bugs/js-state.js

@@ -0,0 +1,272 @@
+// Bug detection: State management, mutation, and data flow bugs
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-STATE-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Shared mutable object between modules',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // export const/let config/state/defaults = { ... } (mutable exported object)
+          if (/^export\s+(let|var)\s+\w+\s*=\s*(\{|\[)/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-STATE-001', category: 'bugs', severity: 'high',
+              title: 'Mutable export with let/var — importers share and mutate the same object',
+              description: 'Exported let/var objects are shared across all importers. Mutations in one module affect all others. Use const with Object.freeze() or export a factory function.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Array/object parameter mutated inside function',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const funcMatch = lines[i].match(/(?:function\s+\w+|(?:const|let)\s+\w+\s*=\s*(?:async\s*)?)\s*\(\s*(\w+)/);
+          if (!funcMatch) continue;
+          const paramName = funcMatch[1];
+          if (['e', 'err', 'error', 'event', 'req', 'res', 'next', 'ctx'].includes(paramName)) continue;
+          // Check next 15 lines for mutations on the parameter
+          for (let j = i + 1; j < Math.min(i + 15, lines.length); j++) {
+            const mutateRe = new RegExp(`\\b${paramName}\\s*\\.\\s*(push|pop|shift|unshift|splice|sort|reverse)\\s*\\(`);
+            const assignRe = new RegExp(`\\b${paramName}\\s*\\[.+\\]\\s*=`);
+            const propRe = new RegExp(`\\b${paramName}\\s*\\.\\s*\\w+\\s*=`);
+            if (mutateRe.test(lines[j]) || assignRe.test(lines[j]) || propRe.test(lines[j])) {
+              // Skip if the function is clearly a method that should mutate (has 'this')
+              const context = lines.slice(i, Math.min(i + 5, lines.length)).join('\n');
+              if (/\bthis\b/.test(context)) break;
+              findings.push({
+                ruleId: 'BUG-STATE-002', category: 'bugs', severity: 'high',
+                title: `Function parameter "${paramName}" mutated — caller's data modified unexpectedly`,
+                description: 'Mutating function parameters creates spooky action-at-a-distance. Clone the parameter first: [...arr] or {...obj}.',
+                file: fp, line: j + 1, fix: null,
+              });
+              break;
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-003',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Global variable used for state',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        // File-level let/var that's not a constant
+        for (let i = 0; i < lines.length; i++) {
+          if (/^(?:let|var)\s+(\w+)\s*=/.test(lines[i]) && !/^(?:let|var)\s+\w+\s*=\s*(?:require|import)/.test(lines[i])) {
+            const varName = lines[i].match(/^(?:let|var)\s+(\w+)/)[1];
+            // Check if it's reassigned later (used as state)
+            let reassigned = false;
+            for (let j = i + 1; j < lines.length; j++) {
+              const reassignRe = new RegExp(`^\\s*${varName}\\s*[+\\-*/]?=(?!=)`);
+              if (reassignRe.test(lines[j])) {
+                reassigned = true;
+                break;
+              }
+            }
+            if (reassigned) {
+              findings.push({
+                ruleId: 'BUG-STATE-003', category: 'bugs', severity: 'medium',
+                title: `Module-level mutable variable "${varName}" used as state`,
+                description: 'Module-level mutable state causes bugs in concurrent/serverless environments. In Node.js, modules are cached so state persists across requests.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-004',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'definite',
+    title: 'Object spread only does shallow copy',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // Spread copy followed by nested mutation: const copy = {...obj}; copy.nested.prop = x
+          if (/(?:const|let|var)\s+(\w+)\s*=\s*\{\s*\.\.\./.test(lines[i])) {
+            const copyName = lines[i].match(/(?:const|let|var)\s+(\w+)/)[1];
+            for (let j = i + 1; j < Math.min(i + 10, lines.length); j++) {
+              // copy.nested.something = or copy.nested.push(
+              const deepMutate = new RegExp(`\\b${copyName}\\.(\\w+)\\.(\\w+)\\s*=|\\b${copyName}\\.(\\w+)\\.\\w+\\s*\\.\\s*(push|pop|splice)\\s*\\(`);
+              if (deepMutate.test(lines[j])) {
+                findings.push({
+                  ruleId: 'BUG-STATE-004', category: 'bugs', severity: 'high',
+                  title: 'Shallow copy via spread then deep mutation — original object modified',
+                  description: 'Spread ({...obj}) only copies one level deep. Nested objects are still shared references. Use structuredClone() or a deep clone utility.',
+                  file: fp, line: j + 1, fix: null,
+                });
+                break;
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-005',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Date object mutated unexpectedly',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // date.setHours/setDate/setMonth etc. — mutates in place
+          if (/\b\w+\.(setFullYear|setMonth|setDate|setHours|setMinutes|setSeconds|setTime|setUTCDate)\s*\(/.test(lines[i])) {
+            // Check if the date was a parameter or prop
+            const context = lines.slice(Math.max(0, i - 5), i).join('\n');
+            if (/function|=>|\.map|\.forEach/.test(context)) {
+              findings.push({
+                ruleId: 'BUG-STATE-005', category: 'bugs', severity: 'medium',
+                title: 'Date set*() mutates the original Date object',
+                description: 'Date.set*() methods mutate in place. If the Date came from outside (prop, parameter), the original is modified. Create a new Date first.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-006',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Redux/Zustand state mutated directly',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        // Detect Redux reducer pattern
+        for (let i = 0; i < lines.length; i++) {
+          if (/(?:case\s+['"`]\w+['"`]\s*:|createReducer|createSlice)/.test(lines[i])) {
+            // Look for state.x.push, state.x = in next lines (OK in createSlice/immer, not in plain reducers)
+            const isImmer = /createSlice|immer|produce/.test(content);
+            if (isImmer) continue;
+            for (let j = i + 1; j < Math.min(i + 10, lines.length); j++) {
+              if (/state\.\w+\.(push|pop|splice|shift|unshift|sort|reverse)\s*\(/.test(lines[j]) ||
+                  /state\.\w+\s*=\s*(?!\.\.\.state)/.test(lines[j])) {
+                findings.push({
+                  ruleId: 'BUG-STATE-006', category: 'bugs', severity: 'high',
+                  title: 'Direct state mutation in reducer — Redux won\'t detect the change',
+                  description: 'Redux requires immutable updates. Mutating state directly means React won\'t re-render. Return a new object: { ...state, prop: newValue }.',
+                  file: fp, line: j + 1, fix: null,
+                });
+                break;
+              }
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-007',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'localStorage used without try/catch',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/localStorage\.(getItem|setItem|removeItem)\s*\(/.test(lines[i])) {
+            // Check if inside try/catch
+            const context = lines.slice(Math.max(0, i - 5), i).join('\n');
+            if (!/try\s*\{/.test(context)) {
+              findings.push({
+                ruleId: 'BUG-STATE-007', category: 'bugs', severity: 'medium',
+                title: 'localStorage access without try/catch — throws in private browsing and when storage is full',
+                description: 'localStorage throws in Safari private mode, when storage quota is exceeded, and in some security contexts. Always wrap in try/catch.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-STATE-008',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Mutable default parameter value',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          // function foo(items = []) and then items.push inside
+          const match = lines[i].match(/(?:function\s+\w+|(?:const|let)\s+\w+\s*=\s*(?:async\s*)?)\s*\([^)]*(\w+)\s*=\s*\[\s*\]/);
+          if (!match) continue;
+          const paramName = match[1];
+          for (let j = i + 1; j < Math.min(i + 15, lines.length); j++) {
+            const mutateRe = new RegExp(`\\b${paramName}\\s*\\.\\s*(push|pop|splice|shift|unshift)\\s*\\(`);
+            if (mutateRe.test(lines[j])) {
+              findings.push({
+                ruleId: 'BUG-STATE-008', category: 'bugs', severity: 'high',
+                title: 'Default parameter array/object mutated — shared across calls in some engines',
+                description: 'While JS creates new defaults each call (unlike Python), mutating default params is confusing and error-prone. Clone first or use a different pattern.',
+                file: fp, line: j + 1, fix: null,
+              });
+              break;
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;

package/src/rules/bugs/js-type-coercion.js

@@ -0,0 +1,318 @@
+// Bug detection: JavaScript type coercion and comparison bugs
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+function isJS(f) { return JS_EXT.some(e => f.endsWith(e)); }
+
+const rules = [
+  {
+    id: 'BUG-TYPE-001',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Array.sort() without comparator — sorts numbers as strings',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/\.sort\(\s*\)/.test(lines[i])) {
+            // Check if array likely contains numbers
+            const context = lines.slice(Math.max(0, i - 5), i + 1).join('\n');
+            if (/(?:number|count|age|price|score|amount|total|id|num|index|length)/i.test(context) || /\[\s*\d/.test(context)) {
+              findings.push({
+                ruleId: 'BUG-TYPE-001', category: 'bugs', severity: 'high',
+                title: 'Array.sort() without comparator — [10, 9, 2].sort() returns [10, 2, 9]',
+                description: 'Array.sort() converts elements to strings by default. Use .sort((a, b) => a - b) for numeric sorting.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-002',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'typeof null === "object" — null check will fail',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/typeof\s+\w+\s*===?\s*['"]object['"]/.test(lines[i]) && !lines[i].includes('null')) {
+            const context = lines.slice(Math.max(0, i - 3), i + 3).join('\n');
+            if (!context.includes('!== null') && !context.includes('!= null') && !context.includes('&& ')) {
+              findings.push({
+                ruleId: 'BUG-TYPE-002', category: 'bugs', severity: 'high',
+                title: 'typeof check for "object" without null guard',
+                description: 'typeof null === "object" is true in JavaScript. Always check for null before checking typeof === "object".',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-003',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'parseInt without radix — octal/hex parsing surprise',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/parseInt\s*\(\s*\w+\s*\)/.test(lines[i]) && !/parseInt\s*\([^,]+,/.test(lines[i])) {
+            findings.push({
+              ruleId: 'BUG-TYPE-003', category: 'bugs', severity: 'high',
+              title: 'parseInt() without radix parameter',
+              description: 'parseInt("08") may return 0 in older engines (octal). Always pass radix: parseInt(str, 10).',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-004',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Floating point comparison — 0.1 + 0.2 !== 0.3',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // Detect direct equality comparison with floating point arithmetic
+          if (/===?\s*\d+\.\d+/.test(line) && /[\+\-\*\/]/.test(line) && /\d+\.\d+/.test(line)) {
+            findings.push({
+              ruleId: 'BUG-TYPE-004', category: 'bugs', severity: 'medium',
+              title: 'Direct floating-point equality comparison',
+              description: '0.1 + 0.2 !== 0.3 in IEEE 754. Use Math.abs(a - b) < Number.EPSILON or a tolerance value.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-005',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'isNaN() instead of Number.isNaN() — type coercion bug',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/[^.]isNaN\s*\(/.test(lines[i]) && !lines[i].includes('Number.isNaN')) {
+            findings.push({
+              ruleId: 'BUG-TYPE-005', category: 'bugs', severity: 'high',
+              title: 'isNaN() coerces argument — isNaN("hello") is true',
+              description: 'Global isNaN() converts the argument to a number first. Use Number.isNaN() for strict NaN checking.',
+              file: fp, line: i + 1, fix: null,
+            });
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-006',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'String concatenation with + instead of template literal',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          // Detect "string" + variable + "string" patterns (prone to coercion bugs)
+          if (/['"][^'"]*['"]\s*\+\s*\w+\s*\+\s*['"]/.test(line)) {
+            // Only flag if it looks like it could have a number coercion issue
+            if (/(?:id|count|num|amount|total|index|length|size|port)/i.test(line)) {
+              findings.push({
+                ruleId: 'BUG-TYPE-006', category: 'bugs', severity: 'medium',
+                title: 'String concatenation with + may cause type coercion',
+                description: '"Count: " + count + " items" may produce unexpected results. Use template literals: `Count: ${count} items`.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-007',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'JSON.parse without try/catch — crashes on malformed input',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (/JSON\.parse\s*\(/.test(lines[i])) {
+            const context = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join('\n');
+            if (!context.includes('try') && !context.includes('catch')) {
+              findings.push({
+                ruleId: 'BUG-TYPE-007', category: 'bugs', severity: 'high',
+                title: 'JSON.parse without try/catch — throws on invalid JSON',
+                description: 'JSON.parse() throws SyntaxError on malformed input. Wrap in try/catch to handle invalid JSON gracefully.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+  {
+    id: 'BUG-TYPE-008',
+    category: 'bugs',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Date month is 0-indexed — new Date(2024, 1, 1) is February',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const match = lines[i].match(/new\s+Date\s*\(\s*\d{4}\s*,\s*(\d{1,2})/);
+          if (match) {
+            const month = parseInt(match[1], 10);
+            if (month >= 1 && month <= 12) {
+              findings.push({
+                ruleId: 'BUG-TYPE-008', category: 'bugs', severity: 'high',
+                title: 'Date constructor month is 0-indexed — month ' + month + ' is actually ' + ['Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec'][month],
+                description: 'JavaScript Date months are 0-indexed. new Date(2024, 1, 1) is February 1st, not January. Subtract 1 from the month.',
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // BUG-TYPE-009: Loose equality (== instead of ===)
+  {
+    id: 'BUG-TYPE-009',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Loose equality (==) used instead of strict equality (===)',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (line.trim().startsWith('//')) continue;
+          // Match == or != that are NOT === or !==
+          // Use negative lookahead/lookbehind to avoid matching === and !==
+          const matches = line.matchAll(/(?<!=)(?:==|!=)(?!=)/g);
+          for (const m of matches) {
+            const idx = m.index;
+            // Skip if inside a string
+            const before = line.slice(0, idx);
+            const singleQuotes = (before.match(/'/g) || []).length;
+            const doubleQuotes = (before.match(/"/g) || []).length;
+            const backticks = (before.match(/`/g) || []).length;
+            if (singleQuotes % 2 !== 0 || doubleQuotes % 2 !== 0 || backticks % 2 !== 0) continue;
+            // Skip == null / != null checks (common intentional pattern to check null/undefined)
+            const after = line.slice(idx + 2).trim();
+            if (/^null\b/.test(after) || /^undefined\b/.test(after)) continue;
+            const beforeTrimmed = line.slice(0, idx).trimEnd();
+            if (/null$/.test(beforeTrimmed) || /undefined$/.test(beforeTrimmed)) continue;
+            findings.push({
+              ruleId: 'BUG-TYPE-009', category: 'bugs', severity: 'medium',
+              title: `Loose equality (${m[0]}) — use ${m[0] === '==' ? '===' : '!=='} instead`,
+              description: `Loose equality (${m[0]}) performs type coercion: "0" == false is true, "" == 0 is true. Use strict equality (${m[0] === '==' ? '===' : '!=='}) to avoid unexpected type coercion bugs.`,
+              file: fp, line: i + 1, fix: {
+                type: 'replace',
+                old: m[0],
+                new: m[0] === '==' ? '===' : '!==',
+              },
+            });
+            break; // One finding per line
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // BUG-TYPE-010: typeof check for arrays (should use Array.isArray)
+  {
+    id: 'BUG-TYPE-010',
+    category: 'bugs',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'typeof used for array check — use Array.isArray() instead',
+    check({ files }) {
+      const findings = [];
+      for (const [fp, content] of files) {
+        if (!isJS(fp)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i];
+          if (line.trim().startsWith('//')) continue;
+          // Check for typeof x === 'object' in context of arrays
+          if (/typeof\s+\w+\s*===?\s*['"]object['"]/.test(line)) {
+            // Look for array-related variable names or context
+            const varMatch = line.match(/typeof\s+(\w+)/);
+            if (!varMatch) continue;
+            const varName = varMatch[1];
+            // Check if it's in a context suggesting array check
+            if (/arr|list|items|elements|data|result|values|entries/i.test(varName)) {
+              // Make sure Array.isArray isn't also used nearby
+              const context = lines.slice(Math.max(0, i - 2), Math.min(lines.length, i + 3)).join(' ');
+              if (context.includes('Array.isArray')) continue;
+              findings.push({
+                ruleId: 'BUG-TYPE-010', category: 'bugs', severity: 'medium',
+                title: `typeof ${varName} === "object" doesn't distinguish arrays from objects`,
+                description: `typeof returns "object" for arrays, objects, null, Date, Map, etc. If you're checking for an array, use Array.isArray(${varName}) instead.`,
+                file: fp, line: i + 1, fix: null,
+              });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+];
+
+export default rules;