a06f331eb8
CI / benchmark (push) Has been skipped
install-script / posix-syntax (push) Successful in 6m1s
CI / build-onnx (push) Failing after 6m43s
init-smoke / dry-run (push) Failing after 15m57s
security / govulncheck (push) Has been cancelled
security / trivy-fs (push) Has been cancelled
CI / test (1.26, ubuntu-latest) (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
CI / test (1.26, macos-latest) (push) Has been cancelled
CI / build-windows (push) Has been cancelled
CI / lint (push) Has been cancelled
install-script / powershell-syntax (push) Has been cancelled
install-script / install (macos-14) (push) Has been cancelled
install-script / install (ubuntu-latest) (push) Has been cancelled
27 lines
1009 B
Go
27 lines
1009 B
Go
package astquery
|
|
|
|
// Idiomatic / correctness review rulepack. These detectors register
|
|
// exactly like the SAST / hygiene rules — through mustRegisterSAST —
|
|
// but carry Category = CategoryReview so the analyze layer can fan
|
|
// them out independently of the security set.
|
|
//
|
|
// Two classes of rule live here:
|
|
//
|
|
// - Decidable rules (nil-deref-prone type assertions, inverted
|
|
// error checks) fire on a self-contained structural shape and need
|
|
// no further context. They surface as-is.
|
|
//
|
|
// - Undecidable-from-AST-alone rules (check-then-act on a map, a
|
|
// query call inside a loop body that smells of N+1) are emitted
|
|
// optimistically here and then refined by the graph-grounding
|
|
// post-pass in the review layer, where the resolved call / loop
|
|
// metadata is reachable. The detectors stay pure-AST: their
|
|
// PostFilters only ever see (parser.QueryResult, []byte).
|
|
//
|
|
// All rules cover Go and Python.
|
|
|
|
func init() {
|
|
registerGoReviewRules()
|
|
registerPyReviewRules()
|
|
}
|