diffsense 2.2.12__tar.gz → 2.2.13__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {diffsense-2.2.12/diffsense.egg-info → diffsense-2.2.13}/PKG-INFO +1 -1
- diffsense-2.2.13/config/absolute/concurrency.yaml +22 -0
- diffsense-2.2.13/config/absolute/security.yaml +24 -0
- diffsense-2.2.13/config/absolute/stability.yaml +15 -0
- diffsense-2.2.13/config/rules/cpp/exception_noexcept.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/exception_swallowed.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/maintenance_magic_number.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/null_dereference.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/performance_inefficient_copy.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/performance_unbounded_vector.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/resource_leak.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/resource_memory_leak.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/resource_raw_pointer.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/runtime_data_race.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/runtime_uninitialized.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_buffer_overflow.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_command_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_hardcoded_secret.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_integer_overflow.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_sql_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/cpp/security_unsafe_cast.yaml +8 -0
- diffsense-2.2.13/config/rules/go/exception_error_ignored.yaml +8 -0
- diffsense-2.2.13/config/rules/go/null_nil_dereference.yaml +8 -0
- diffsense-2.2.13/config/rules/go/resource_channel_leak.yaml +8 -0
- diffsense-2.2.13/config/rules/go/resource_defer_misuse.yaml +8 -0
- diffsense-2.2.13/config/rules/go/resource_goroutine_leak.yaml +8 -0
- diffsense-2.2.13/config/rules/go/runtime_goroutine_in_loop.yaml +8 -0
- diffsense-2.2.13/config/rules/go/runtime_panic_added.yaml +8 -0
- diffsense-2.2.13/config/rules/go/runtime_race_condition.yaml +8 -0
- diffsense-2.2.13/config/rules/go/security_command_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/go/security_hardcoded_secret.yaml +9 -0
- diffsense-2.2.13/config/rules/go/security_http_vulnerability.yaml +8 -0
- diffsense-2.2.13/config/rules/go/security_path_traversal.yaml +8 -0
- diffsense-2.2.13/config/rules/go/security_sql_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/go/security_unsafe_usage.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/exception_promise_reject.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/maintenance_debug_code.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/maintenance_debugger.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/maintenance_deprecated_api.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/null_type_assertion.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/performance_dynamic_import.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/performance_regex_dos.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_code_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_command_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_hardcoded_secret.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_open_redirect.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_prototype_pollution.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_sensitive_storage.yaml +8 -0
- diffsense-2.2.13/config/rules/javascript/security_xss.yaml +8 -0
- diffsense-2.2.13/config/rules/python/exception_swallowed.yaml +8 -0
- diffsense-2.2.13/config/rules/python/exception_too_generic.yaml +8 -0
- diffsense-2.2.13/config/rules/python/maintenance_debug_code.yaml +8 -0
- diffsense-2.2.13/config/rules/python/null_none_check.yaml +8 -0
- diffsense-2.2.13/config/rules/python/null_type_confusion.yaml +8 -0
- diffsense-2.2.13/config/rules/python/performance_inefficient_loop.yaml +8 -0
- diffsense-2.2.13/config/rules/python/performance_memory.yaml +8 -0
- diffsense-2.2.13/config/rules/python/resource_file_leak.yaml +8 -0
- diffsense-2.2.13/config/rules/python/runtime_mutable_default.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_code_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_command_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_hardcoded_secret.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_path_traversal.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_sensitive_import.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_sql_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/python/security_weak_crypto.yaml +8 -0
- diffsense-2.2.13/config/rules/typescript/exception_promise_reject.yaml +8 -0
- diffsense-2.2.13/config/rules/typescript/maintenance_debugger.yaml +8 -0
- diffsense-2.2.13/config/rules/typescript/security_command_injection.yaml +8 -0
- diffsense-2.2.13/config/rules/typescript/security_hardcoded_secret.yaml +9 -0
- diffsense-2.2.13/config/rules/typescript/security_prototype_pollution.yaml +8 -0
- diffsense-2.2.13/config/rules/typescript/security_xss.yaml +8 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/__init__.py +1 -2
- {diffsense-2.2.12 → diffsense-2.2.13/diffsense.egg-info}/PKG-INFO +1 -1
- diffsense-2.2.13/diffsense.egg-info/SOURCES.txt +148 -0
- diffsense-2.2.13/diffsense_mcp/_imports.py +61 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense_mcp/server.py +26 -13
- {diffsense-2.2.12 → diffsense-2.2.13}/pyproject.toml +2 -2
- diffsense-2.2.12/diffsense.egg-info/SOURCES.txt +0 -77
- {diffsense-2.2.12 → diffsense-2.2.13}/LICENSE +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/README.md +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/adapters/__init__.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/adapters/base.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/adapters/github_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/adapters/gitlab_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/adapters/local_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/banner.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/cli.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/config/__init__.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/config/rules.yaml +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/ast_detector.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/change.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/composer.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/evaluator.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/ignore_manager.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/knowledge.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/parser.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/parser_manager.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/quality_manager.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/renderer.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/rule_base.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/rule_runtime.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/rules.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/run_config.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/semantic_diff.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/signal_model.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/core/signals_registry.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense.egg-info/dependency_links.txt +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense.egg-info/entry_points.txt +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense.egg-info/requires.txt +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense.egg-info/top_level.txt +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense_mcp/__init__.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/diffsense_mcp/launcher.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/governance/lifecycle.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/main.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/__init__.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/api_compatibility.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/collection_handling.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/concurrency.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/concurrency_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/cross_language_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/exception_handling.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/go_rules.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/null_safety.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/resource_management.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/rules/yaml_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/run_audit.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/cpp_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/go_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/java_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/javascript_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/language_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/python_adapter.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/rule.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/sdk/signal.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/setup.cfg +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_adaptive_scheduling.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_cache_and_scheduling.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_critical_removal.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_entry_point_rules.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_go_cve_rules.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_inline_ignore.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_lifecycle.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_p0_concurrency.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_profile.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_regression.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_repo_ignore.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_rule_metadata.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_rules_directory.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_semantic_regression.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_signal_consistency.py +0 -0
- {diffsense-2.2.12 → diffsense-2.2.13}/tests/test_type_downgrade.py +0 -0
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: absolute.concurrency.new_thread
|
|
3
|
+
rule_type: absolute
|
|
4
|
+
is_blocking: true
|
|
5
|
+
match: 'new\s+Thread\(.*\)'
|
|
6
|
+
severity: high
|
|
7
|
+
impact: runtime
|
|
8
|
+
rationale: "Using 'new Thread()' bypasses managed thread pools, risking resource exhaustion."
|
|
9
|
+
|
|
10
|
+
- id: absolute.concurrency.fixed_threadpool_1
|
|
11
|
+
rule_type: absolute
|
|
12
|
+
match: 'Executors\.newFixedThreadPool\(1\)'
|
|
13
|
+
severity: medium
|
|
14
|
+
impact: runtime
|
|
15
|
+
rationale: "FixedThreadPool(1) can lead to request queuing and latency spikes under load."
|
|
16
|
+
|
|
17
|
+
- id: absolute.concurrency.sleep_long
|
|
18
|
+
rule_type: absolute
|
|
19
|
+
match: 'Thread\.sleep\(\d{4,}\)'
|
|
20
|
+
severity: high
|
|
21
|
+
impact: runtime
|
|
22
|
+
rationale: "Thread.sleep() for more than 1s detected. Potential for blocking I/O or deadlock."
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: absolute.security.sql_injection
|
|
3
|
+
rule_type: absolute
|
|
4
|
+
is_blocking: true
|
|
5
|
+
match: 'SELECT\s+.*\s+FROM\s+.*\s+WHERE\s+.*\s+\+\s+\w+'
|
|
6
|
+
severity: critical
|
|
7
|
+
impact: security
|
|
8
|
+
rationale: "SQL concatenation detected. Risk of SQL Injection. Use PreparedStatement instead."
|
|
9
|
+
|
|
10
|
+
- id: absolute.security.plaintext_token
|
|
11
|
+
rule_type: absolute
|
|
12
|
+
is_blocking: true
|
|
13
|
+
case_insensitive: true
|
|
14
|
+
match: '(token|password|secret|key)\s*=\s*["''][a-zA-Z0-9_\-]{16,}["'']'
|
|
15
|
+
severity: critical
|
|
16
|
+
impact: security
|
|
17
|
+
rationale: "Potential plaintext secret/token hardcoded in source code."
|
|
18
|
+
|
|
19
|
+
- id: absolute.security.http_url
|
|
20
|
+
rule_type: absolute
|
|
21
|
+
match: 'http://[a-zA-Z0-9\.\-]+'
|
|
22
|
+
severity: high
|
|
23
|
+
impact: security
|
|
24
|
+
rationale: "Plain HTTP URL detected. Use HTTPS for secure communication."
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: absolute.stability.catch_exception
|
|
3
|
+
rule_type: absolute
|
|
4
|
+
match: 'catch\s*\(\s*Exception\s+\w+\s*\)'
|
|
5
|
+
severity: medium
|
|
6
|
+
impact: maintenance
|
|
7
|
+
rationale: "Catching 'Exception' may hide critical runtime errors (e.g., NullPointerException)."
|
|
8
|
+
|
|
9
|
+
- id: absolute.stability.optional_get
|
|
10
|
+
rule_type: absolute
|
|
11
|
+
match: '\.get\(\)'
|
|
12
|
+
file: "**.java"
|
|
13
|
+
severity: high
|
|
14
|
+
impact: runtime
|
|
15
|
+
rationale: "Using Optional.get() without isPresent() check can cause NoSuchElementException."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: resource.channel_leak
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: runtime
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: 'make\s*\(\s*chan|chan\s+\w+\s*='
|
|
8
|
+
rationale: "Channel allocation introduced; verify close semantics and ownership to avoid goroutine blocking or leaks."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: resource.defer_misuse
|
|
3
|
+
language: go
|
|
4
|
+
severity: medium
|
|
5
|
+
impact: runtime
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: 'for\s*\{[\s\S]{0,200}\bdefer\s+|defer\s+\w+\s*\(\s*\w+\s*[+\-*/]'
|
|
8
|
+
rationale: "Defer in loop or defer with eager-evaluated expressions may cause resource retention and delayed release."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: go.runtime.goroutine_in_loop
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: runtime
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: 'for\s*\{[\s\S]{0,200}\bgo\s+\w'
|
|
8
|
+
rationale: "Goroutine launched inside loop may create unbounded concurrency; add backpressure or worker-pool controls."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: runtime.race_condition
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: runtime
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: '\bgo\s+\w+|\bmap\[|\bslice\b|\bchan\b'
|
|
8
|
+
rationale: "Concurrent access patterns introduced without explicit synchronization can cause race conditions."
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: go.security.hardcoded_secret
|
|
3
|
+
language: go
|
|
4
|
+
severity: critical
|
|
5
|
+
impact: security
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
case_insensitive: true
|
|
8
|
+
match: '(password|passwd|secret|token|api[_-]?key)\s*[:=]\s*"[^"]{8,}"'
|
|
9
|
+
rationale: "Hardcoded secrets detected in Go source; move credentials to environment variables or secret managers."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: security.http_vulnerability
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: security
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: 'http\.(Get|Post)\s*\([^)]*\+|http\.ListenAndServe\s*\('
|
|
8
|
+
rationale: "HTTP flow with path concatenation or direct ListenAndServe exposure may introduce security vulnerabilities."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: go.security.path_traversal
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: security
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: '(?:os\.Open|os\.ReadFile|ioutil\.ReadFile)\([^)]*\+'
|
|
8
|
+
rationale: "File path concatenation with external input can lead to path traversal; use filepath.Clean and strict allowlists."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: go.security.sql_injection
|
|
3
|
+
language: go
|
|
4
|
+
severity: critical
|
|
5
|
+
impact: security
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: 'fmt\.Sprintf\(\s*"(?:SELECT|INSERT|UPDATE|DELETE)\b'
|
|
8
|
+
rationale: "Dynamic SQL composition via fmt.Sprintf in Go introduces SQL injection risk; use parameterized queries."
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: security.unsafe_usage
|
|
3
|
+
language: go
|
|
4
|
+
severity: high
|
|
5
|
+
impact: security
|
|
6
|
+
file: "**/*.go"
|
|
7
|
+
match: '\bunsafe\.(Pointer|Sizeof|Alignof|Offsetof)\s*\('
|
|
8
|
+
rationale: "Unsafe package usage bypasses type and memory safety guarantees; review pointer arithmetic and casting carefully."
|