pi-lens 3.8.38 → 3.8.39

package/rules/rule-catalog.json

@@ -59,6 +59,57 @@
     { "rule_id": "missed-concurrency", "engine": "ast-grep", "language": "typescript", "family": "concurrency", "scope": "function", "canonical_concept": "sequential-awaits-parallelizable", "severity_default": "warning", "confidence": "medium", "status": "active" },
     { "rule_id": "missed-concurrency-js", "engine": "ast-grep", "language": "javascript", "family": "concurrency", "scope": "function", "canonical_concept": "sequential-awaits-parallelizable", "severity_default": "warning", "confidence": "medium", "status": "active" },
     { "rule_id": "no-await-in-loop", "engine": "ast-grep", "language": "typescript", "family": "concurrency", "scope": "function", "canonical_concept": "await-inside-loop", "severity_default": "warning", "confidence": "medium", "status": "active" },
-    { "rule_id": "no-await-in-loop-js", "engine": "ast-grep", "language": "javascript", "family": "concurrency", "scope": "function", "canonical_concept": "await-inside-loop", "severity_default": "warning", "confidence": "medium", "status": "active" }
+    { "rule_id": "no-await-in-loop-js", "engine": "ast-grep", "language": "javascript", "family": "concurrency", "scope": "function", "canonical_concept": "await-inside-loop", "severity_default": "warning", "confidence": "medium", "status": "active" },
+
+    { "rule_id": "return-in-init", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "return-in-init", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "yield-return-outside-function", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "file", "canonical_concept": "invalid-statement-context", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "notimplemented-boolean-context", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "deprecated-boolean-usage", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "exit-signature-check", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "context-manager-signature", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "return-in-generator", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "return-in-generator", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "iter-return-iterator", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "iter-protocol-violation", "severity_default": "warning", "confidence": "medium", "status": "active" },
+    { "rule_id": "switch-non-case-labels", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "function", "canonical_concept": "switch-label-violation", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-clone-override", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "class", "canonical_concept": "clone-override", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "main-should-not-throw", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "function", "canonical_concept": "main-throws-exception", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "no-threadgroup", "engine": "tree-sitter", "language": "java", "family": "security", "scope": "file", "canonical_concept": "deprecated-api-usage", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "this-in-static-context", "engine": "tree-sitter", "language": "php", "family": "reliability", "scope": "function", "canonical_concept": "this-in-static-context", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-exit-die", "engine": "tree-sitter", "language": "php", "family": "reliability", "scope": "function", "canonical_concept": "abrupt-termination", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "case-range-multiple-values", "engine": "tree-sitter", "language": "c", "family": "maintainability", "scope": "function", "canonical_concept": "case-range-single-value", "severity_default": "warning", "confidence": "medium", "status": "active" },
+    { "rule_id": "goto-label-order", "engine": "tree-sitter", "language": "c", "family": "maintainability", "scope": "function", "canonical_concept": "backward-goto", "severity_default": "warning", "confidence": "medium", "status": "active" },
+    { "rule_id": "goto-into-block", "engine": "tree-sitter", "language": "c", "family": "maintainability", "scope": "function", "canonical_concept": "goto-into-block", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "no-auto-ptr", "engine": "tree-sitter", "language": "cpp", "family": "reliability", "scope": "file", "canonical_concept": "deprecated-auto-ptr", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-memset-sensitive-data", "engine": "tree-sitter", "language": "cpp", "family": "security", "scope": "function", "canonical_concept": "insecure-memory-clear", "severity_default": "error", "confidence": "medium", "status": "active" },
+    { "rule_id": "no-scoped-lock-without-args", "engine": "tree-sitter", "language": "cpp", "family": "reliability", "scope": "function", "canonical_concept": "scoped-lock-no-mutex", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-confused-move-forward", "engine": "tree-sitter", "language": "cpp", "family": "reliability", "scope": "function", "canonical_concept": "move-forward-confusion", "severity_default": "error", "confidence": "medium", "status": "active" },
+    { "rule_id": "is-with-this", "engine": "tree-sitter", "language": "csharp", "family": "maintainability", "scope": "function", "canonical_concept": "is-operator-with-this", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "no-operator-eq-reference", "engine": "tree-sitter", "language": "csharp", "family": "maintainability", "scope": "class", "canonical_concept": "operator-eq-reference-type", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "no-dangerous-get-handle", "engine": "tree-sitter", "language": "csharp", "family": "reliability", "scope": "function", "canonical_concept": "unsafe-handle-access", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "no-thread-resume-suspend", "engine": "tree-sitter", "language": "csharp", "family": "reliability", "scope": "function", "canonical_concept": "deprecated-thread-api", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "async-await-identifiers", "engine": "tree-sitter", "language": "csharp", "family": "maintainability", "scope": "file", "canonical_concept": "keyword-as-identifier", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "in-operator-unsupported", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "in-operator-unsupported", "severity_default": "warning", "confidence": "medium", "status": "active" },
+    { "rule_id": "spring-session-attributes-setcomplete", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "class", "canonical_concept": "session-attributes-cleanup", "severity_default": "error", "confidence": "medium", "status": "active" },
+    { "rule_id": "springboot-default-package", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "file", "canonical_concept": "default-package-usage", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "prepared-statement-valid-indices", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "function", "canonical_concept": "jdbc-invalid-index", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "delete-update-where", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "sql-missing-where", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "fetch-bulk-collect-limit", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "fetch-no-limit", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "prepared-statement-indices", "engine": "tree-sitter", "language": "kotlin", "family": "reliability", "scope": "function", "canonical_concept": "jdbc-invalid-index", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "delete-where", "engine": "tree-sitter", "language": "abap", "family": "reliability", "scope": "function", "canonical_concept": "sql-missing-where", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "alter-statement", "engine": "tree-sitter", "language": "cobol", "family": "maintainability", "scope": "file", "canonical_concept": "alter-statement-usage", "severity_default": "warning", "confidence": "high", "status": "active" },
+    { "rule_id": "calc-spacing", "engine": "tree-sitter", "language": "css", "family": "reliability", "scope": "file", "canonical_concept": "calc-spacing-error", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "switch-non-case-labels-js", "engine": "tree-sitter", "language": "javascript", "family": "reliability", "scope": "function", "canonical_concept": "switch-label-violation", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-exit-methods", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "function", "canonical_concept": "abrupt-termination", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-threads-in-constructors", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "constructor", "canonical_concept": "thread-in-constructor", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "switch-fall-through", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "function", "canonical_concept": "switch-fall-through", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-wait-notify-on-thread", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "function", "canonical_concept": "wait-on-thread-instance", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-double-checked-locking", "engine": "tree-sitter", "language": "java", "family": "reliability", "scope": "function", "canonical_concept": "double-checked-locking", "severity_default": "error", "confidence": "medium", "status": "active" },
+    { "rule_id": "no-future-keywords", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "file", "canonical_concept": "future-keyword-usage", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-field-shadowing", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "class", "canonical_concept": "field-shadowing", "severity_default": "error", "confidence": "medium", "status": "active" },
+    { "rule_id": "junit-call-super", "engine": "tree-sitter", "language": "java", "family": "maintainability", "scope": "function", "canonical_concept": "missing-super-call", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "forallsave-exceptions", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "forall-no-save-exceptions", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "not-null-initialization", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "not-null-uninitialized", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "end-loop-semicolon", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "missing-semicolon", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "raise-application-error-codes", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "invalid-error-code", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "no-synchronize", "engine": "tree-sitter", "language": "plsql", "family": "reliability", "scope": "function", "canonical_concept": "synchronize-usage", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "send-file-mimetype", "engine": "tree-sitter", "language": "python", "family": "reliability", "scope": "function", "canonical_concept": "send-file-missing-mimetype", "severity_default": "error", "confidence": "high", "status": "active" },
+    { "rule_id": "noexcept-functions", "engine": "tree-sitter", "language": "cpp", "family": "reliability", "scope": "function", "canonical_concept": "missing-noexcept", "severity_default": "error", "confidence": "medium", "status": "active" }
   ]
 }

package/rules/tree-sitter-queries/abap/delete-where.yml

@@ -0,0 +1,46 @@
+# ABAP DELETE Without WHERE
+# Detects DELETE statements without WHERE in ABAP
+id: delete-where
+name: DELETE FROM Should Have WHERE Clause
+severity: error
+category: reliability
+defect_class: correctness
+inline_tier: blocking
+language: abap
+
+message: "DELETE FROM statement should have a WHERE clause"
+
+description: |
+  DELETE FROM without WHERE deletes ALL rows. Almost always a bug.
+
+  ✅ FIX: Add WHERE clause
+
+  ```abap
+  DELETE FROM employees WHERE id = lv_id.  " GOOD
+  ```
+
+query: |
+  (delete_statement
+    (delete) @DELETE
+    (from_clause)
+    (where_clause)? @WHERE)
+
+metavars:
+  - DELETE
+  - WHERE
+
+post_filter: missing_where
+
+tags:
+  - reliability
+  - abap
+  - data-loss
+
+examples:
+  bad: |
+    DELETE FROM employees.  " BAD
+
+  good: |
+    DELETE FROM employees WHERE id = 123.  " GOOD
+
+has_fix: false

package/rules/tree-sitter-queries/c/case-range-multiple-values.yml

@@ -0,0 +1,65 @@
+# Case Ranges Should Cover Multiple Values
+# Detects case statements with ranges that only cover single values
+id: case-range-multiple-values
+name: Case Ranges Should Cover Multiple Values
+severity: warning
+category: maintainability
+defect_class: correctness
+inline_tier: warning
+language: c
+
+message: "Case range should cover multiple values"
+
+description: |
+  GCC case ranges (case 1..5:) should cover multiple values.
+  Using ranges for single values is confusing and unnecessary.
+
+  ✅ FIX: Use regular case for single values, ranges for multiple
+
+  ```c
+  switch (value) {
+      case 1:           // Single value - use regular case
+          break;
+      case 10..20:      // Range - multiple values
+          break;
+  }
+  ```
+
+query: |
+  (switch_statement
+    body: (compound_statement
+      (case_statement
+        value: (range_expression
+          (number_literal) @START
+          (number_literal) @END) @RANGE)))
+
+metavars:
+  - START
+  - END
+  - RANGE
+
+post_filter: case_range_single_value
+
+tags:
+  - maintainability
+  - c
+  - gnu
+  - switch
+
+examples:
+  bad: |
+    switch (val) {
+        case 5..5:  // BAD - range with single value
+            break;
+    }
+
+  good: |
+    switch (val) {
+        case 5:  // GOOD - single value
+            break;
+        case 10..20:  // GOOD - actual range
+            break;
+    }
+
+has_fix: true
+fix_action: simplify_single_case_range

package/rules/tree-sitter-queries/c/goto-into-block.yml

@@ -0,0 +1,72 @@
+# Goto Into Block
+# Detects goto statements that jump into blocks
+id: goto-into-block
+name: Goto Should Not Jump Into Blocks
+severity: warning
+category: maintainability
+defect_class: correctness
+inline_tier: blocking
+language: c
+
+message: "goto statements should not be used to jump into blocks"
+
+description: |
+  Jumping into a block bypasses variable initialization and
+  is undefined behavior. This is a MISRA C requirement.
+
+  ✅ FIX: Jump to the block's beginning or restructure code
+
+  ```c
+  void process() {
+      if (error) {
+          goto cleanup;
+      }
+      // ... code ...
+  cleanup:
+      {  // Jump to block start
+          free_resources();
+      }
+  }
+  ```
+
+query: |
+  (function_definition
+    body: (compound_statement
+      (goto_statement
+        (statement_identifier) @TARGET) @GOTO))
+
+metavars:
+  - TARGET
+  - GOTO
+
+post_filter: goto_targets_inner_block
+
+tags:
+  - maintainability
+  - c
+  - misra
+  - undefined-behavior
+
+examples:
+  bad: |
+    void func() {
+        if (cond) {
+            goto inside;  // BAD - jumps into block
+        }
+        {
+        inside:
+            x = 1;  // Variable might not be initialized!
+        }
+    }
+
+  good: |
+    void func() {
+        if (cond) {
+            needsProcessing = true;
+        }
+        if (needsProcessing) {  // GOOD - restructure
+            x = 1;
+        }
+    }
+
+has_fix: false

package/rules/tree-sitter-queries/c/goto-label-order.yml

@@ -0,0 +1,65 @@
+# Goto Label Order
+# Detects goto statements that jump to labels declared earlier
+id: goto-label-order
+name: Goto Should Jump to Later Labels
+severity: warning
+category: maintainability
+defect_class: correctness
+inline_tier: warning
+language: c
+
+message: "goto should jump to labels declared later in the same function"
+
+description: |
+  Goto statements should only jump forward to labels declared later.
+  Backward jumps create spaghetti code and are harder to understand.
+  This is a MISRA C requirement.
+
+  ✅ FIX: Restructure to use forward jumps only
+
+  ```c
+  void process() {
+      if (error) {
+          goto cleanup;  // Forward jump - OK
+      }
+      // ... code ...
+  cleanup:
+      free_resources();
+  }
+  ```
+
+query: |
+  (function_definition
+    body: (compound_statement
+      (goto_statement
+        (statement_identifier) @LABEL) @GOTO))
+
+metavars:
+  - LABEL
+  - GOTO
+
+post_filter: goto_jumps_backward
+
+tags:
+  - maintainability
+  - c
+  - misra
+  - control-flow
+
+examples:
+  bad: |
+    void func() {
+    loop:
+        if (done) return;
+        process();
+        goto loop;  // BAD - backward jump
+    }
+
+  good: |
+    void func() {
+        while (!done) {  // GOOD - use loop instead
+            process();
+        }
+    }
+
+has_fix: false

package/rules/tree-sitter-queries/cobol/alter-statement.yml

@@ -0,0 +1,39 @@
+# COBOL ALTER Statement
+# Detects ALTER statement usage in COBOL
+id: alter-statement
+name: ALTER Should Not Be Used
+severity: warning
+category: maintainability
+defect_class: correctness
+inline_tier: warning
+language: cobol
+
+message: "ALTER should not be used - causes spaghetti code"
+
+description: |
+  ALTER changes paragraph/section execution flow at runtime.
+  This is deprecated and causes unmaintainable spaghetti code.
+
+  ✅ FIX: Restructure to use PERFORM or other control flow
+
+query: |
+  (alter_statement
+    (ALTER) @ALTER)
+
+metavars:
+  - ALTER
+
+tags:
+  - maintainability
+  - cobol
+  - brain-overload
+  - deprecated
+
+examples:
+  bad: |
+    ALTER PARA-1 TO PROCEED TO PARA-2.  -- BAD
+
+  good: |
+    PERFORM PARA-2.  -- GOOD - explicit control flow
+
+has_fix: false

package/rules/tree-sitter-queries/cpp/no-auto-ptr.yml

@@ -0,0 +1,49 @@
+# No std::auto_ptr
+# Detects usage of deprecated std::auto_ptr
+id: no-auto-ptr
+name: std::auto_ptr Should Not Be Used
+severity: error
+category: reliability
+defect_class: correctness
+inline_tier: blocking
+language: cpp
+
+message: "std::auto_ptr should not be used — use std::unique_ptr instead"
+
+description: |
+  std::auto_ptr is deprecated (since C++11) and removed in C++17.
+  It has dangerous copy semantics. Use std::unique_ptr instead.
+
+  ✅ FIX: Replace with std::unique_ptr
+
+  ```cpp
+  std::unique_ptr<MyClass> ptr = std::make_unique<MyClass>();  // GOOD
+  ```
+
+query: |
+  (template_type
+    name: (type_identifier) @NAME (#eq? @NAME "auto_ptr")
+    arguments: (template_argument_list) @ARGS)
+  ((type_identifier) @NAME
+    (#eq? @NAME "auto_ptr"))
+
+metavars:
+  - NAME
+  - ARGS
+
+tags:
+  - reliability
+  - cpp
+  - deprecated
+  - since-cpp11
+  - removed-cpp17
+
+examples:
+  bad: |
+    std::auto_ptr<MyClass> ptr(new MyClass());  // BAD - deprecated
+
+  good: |
+    std::unique_ptr<MyClass> ptr = std::make_unique<MyClass>();  // GOOD
+
+has_fix: true
+fix_action: replace_auto_with_unique_ptr

package/rules/tree-sitter-queries/cpp/no-confused-move-forward.yml

@@ -0,0 +1,59 @@
+# No Confused std::move/std::forward
+# Detects potential confusion between std::move and std::forward
+id: no-confused-move-forward
+name: std::move and std::forward Should Not Be Confused
+severity: error
+category: reliability
+defect_class: correctness
+inline_tier: blocking
+language: cpp
+
+message: "std::move and std::forward should not be confused"
+
+description: |
+  std::move unconditionally casts to rvalue, while std::forward
+  conditionally casts based on template parameter. Using the wrong
+  one can lead to subtle bugs and unexpected copies/moves.
+
+  ✅ FIX: Use std::move for known objects, std::forward for templates
+
+  ```cpp
+  template<typename T>
+  void process(T&& t) {
+      other(std::forward<T>(t));  // Correct - preserve value category
+  }
+  ```
+
+query: |
+  (call_expression
+    function: (qualified_identifier
+      name: (identifier) @FUNC
+      (#match? @FUNC "^(move|forward)$"))
+    arguments: (argument_list) @ARGS)
+
+post_filter: confused_move_forward
+
+metavars:
+  - FUNC
+  - ARGS
+
+tags:
+  - reliability
+  - cpp
+  - move-semantics
+  - cppcoreguidelines
+
+examples:
+  bad: |
+    template<typename T>
+    void wrapper(T&& t) {
+        return foo(std::move(t));  // BAD - breaks perfect forwarding
+    }
+
+  good: |
+    template<typename T>
+    void wrapper(T&& t) {
+        return foo(std::forward<T>(t));  // GOOD - preserves category
+    }
+
+has_fix: false

package/rules/tree-sitter-queries/cpp/no-memset-sensitive-data.yml

@@ -0,0 +1,57 @@
+# No Memset For Sensitive Data
+# Detects memset used to clear sensitive data
+id: no-memset-sensitive-data
+name: memset Should Not Be Used to Delete Sensitive Data
+severity: error
+category: security
+defect_class: security
+inline_tier: blocking
+language: cpp
+
+message: "memset should not be used to delete sensitive data — use SecureZeroMemory or explicit_bzero"
+
+description: |
+  memset can be optimized away by compilers, leaving sensitive data
+  in memory. Use SecureZeroMemory (Windows), explicit_bzero (Linux),
+  or std::fill with volatile for clearing passwords/keys.
+
+  ✅ FIX: Use secure memory clearing functions
+
+  ```cpp
+  #ifdef _WIN32
+  SecureZeroMemory(password, sizeof(password));
+  #else
+  explicit_bzero(password, sizeof(password));
+  #endif
+  ```
+
+query: |
+  (call_expression
+    function: (identifier) @FUNC (#eq? @FUNC "memset")
+    arguments: (argument_list) @ARGS)
+
+metavars:
+  - FUNC
+  - ARGS
+
+post_filter: memset_for_sensitive_data
+
+tags:
+  - security
+  - cpp
+  - cwe
+  - cryptography
+  - memory
+
+examples:
+  bad: |
+    char password[32];
+    // ... use password ...
+    memset(password, 0, sizeof(password));  // BAD - may be optimized away!
+
+  good: |
+    char password[32];
+    // ... use password ...
+    explicit_bzero(password, sizeof(password));  // GOOD - guaranteed clear
+
+has_fix: false

package/rules/tree-sitter-queries/cpp/no-scoped-lock-without-args.yml

@@ -0,0 +1,52 @@
+# std::scoped_lock With Constructor Args
+# Detects std::scoped_lock created without constructor arguments
+id: no-scoped-lock-without-args
+name: std::scoped_lock Should Be Created With Constructor Arguments
+severity: error
+category: reliability
+defect_class: correctness
+inline_tier: blocking
+language: cpp
+
+message: "std::scoped_lock should be created with constructor arguments"
+
+description: |
+  std::scoped_lock is designed to lock multiple mutexes atomically.
+  Creating one without arguments serves no purpose and is likely a bug.
+
+  ✅ FIX: Pass mutexes to the constructor
+
+  ```cpp
+  std::mutex m1, m2;
+  std::scoped_lock lock(m1, m2);  // GOOD - locks both
+  ```
+
+query: |
+  (declaration
+    type: (template_type
+      name: (type_identifier) @TYPE (#eq? @TYPE "scoped_lock"))
+    declarator: (init_declarator
+      initializer: (argument_list) @ARGS))
+
+metavars:
+  - TYPE
+  - ARGS
+
+post_filter: scoped_lock_empty_args
+
+tags:
+  - reliability
+  - cpp
+  - since-cpp17
+  - mutex
+  - concurrency
+
+examples:
+  bad: |
+    std::scoped_lock lock;  // BAD - no mutexes to lock!
+
+  good: |
+    std::mutex mtx;
+    std::scoped_lock lock(mtx);  // GOOD - locks mutex
+
+has_fix: false

package/rules/tree-sitter-queries/cpp/noexcept-functions.yml

@@ -0,0 +1,58 @@
+# Noexcept Functions
+# Detects functions that should be noexcept
+id: noexcept-functions
+name: Exception-Unfriendly Functions Should Be noexcept
+severity: error
+category: reliability
+defect_class: correctness
+inline_tier: blocking
+language: cpp
+
+message: "Function should be declared noexcept"
+
+description: |
+  Functions that don't throw exceptions should be marked noexcept.
+  This enables compiler optimizations and better error handling.
+  This is a MISRA C++ 2023 rule.
+
+  ✅ FIX: Add noexcept specifier
+
+  ```cpp
+  int add(int a, int b) noexcept {  // GOOD - noexcept
+      return a + b;
+  }
+  ```
+
+query: |
+  (function_definition
+    type: (primitive_type) @RET
+    (function_declarator
+      name: (identifier) @NAME)
+    body: (compound_statement) @BODY)
+
+metavars:
+  - RET
+  - NAME
+  - BODY
+
+post_filter: should_be_noexcept
+
+tags:
+  - reliability
+  - cpp
+  - misra-cpp2023
+  - performance
+
+examples:
+  bad: |
+    int add(int a, int b) {  // BAD - missing noexcept
+        return a + b;
+    }
+
+  good: |
+    int add(int a, int b) noexcept {  // GOOD
+        return a + b;
+    }
+
+has_fix: true
+fix_action: add_noexcept