Static Analysis Rules

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
Join the Preview!

Code Analysis is in Preview.

Code Analysis is not available for the site.

Overview

Datadog Static Analysis provides out-of-the-box rules to help detect violations in your CI/CD pipelines in code reviews and identify bugs, security, and maintainability issues. For more information, see the Setup documentation.

Ruleset ID: csharp-best-practices Rules to enforce C# best practices.
avoid-call-gc-suppress-finalize
>
no-empty-finalizer
>
finalizer-no-exception
>
avoid-formattablestring
>
no-nested-ternary
>
avoid-notimplementedexception
>
sealed-class-protected-members
>
redundant-modifiers
>
no-sleep-in-tests
>
avoid-gc-collect
>
dispose-objects-once
>
comparison-nan
>
no-exception-special-methods
>
use-specific-exceptions
>
avoid-non-existing-operators
>
objects-ensure-use
>
exception-must-be-thrown
>
catch-nullreference
>
no-empty-default
>
tostring-not-return-null
>
use-assembly-load
>
Ruleset ID: csharp-code-style Rules to enforce C# code style.
short-class-name
>
short-method-name
>
class-naming-conventions
>
variable-naming-conventions
>
interface-first-letter
>
Ruleset ID: csharp-inclusive Rules to make your C# code more inclusive.
Ruleset ID: csharp-security Rules focused on finding security issues in your C# code.
Ruleset ID: github-actions Rules to check your GitHub Actions and detect unsafe patterns, such as permissions or version pinning.
Ruleset ID: go-best-practices Rules to make writing Go code faster and easier. From code style to preventing bugs, this ruleset helps developers writing performant, maintainable, and efficient Go code.
avoid-bare-return
>
time-parse-format
>
avoid-empty-critical-sections
>
valid-regular-expression
>
manual-string-trimming
>
negative-zero
>
redundant-nil-check
>
loop-regexp-match
>
superfluous-else
>
useless-bitwise-operation
>
bad-nil-guard
>
invalid-host-port-pair
>
merge-declaration-assignment
>
comparing-address-nil
>
comparison-true
>
defer-lock
>
redefine-builtin-id
>
redundant-negation
>
math-pow-expansion
>
inefficient-string-comparison
>
invalid-seek-value
>
do-not-compare-nan
>
omit-default-slice-index
>
redundant-type-var-declaration
>
compare-identical
>
unnecessary-blank-identifier
>
mod-one-always-zero
>
simplify-boolean-expression
>
simplify-pointer-operation
>
Ruleset ID: go-security Detect common security issues (such as SQL injection, XSS, or shell injection) in your Go codebase.
command-injection
>
unescape-template-data-js
>
grpc-client-insecure
>
grpc-server-insecure
>
avoid-rat-setstring
>
import-cgi
>
tls-skip-verify
>
http-request-secure
>
chmod-permissions
>
decompression-bomb
>
range-memory-aliasing
>
cookie-secure
>
session-secure
>
unsafe-reflection
>
Ruleset ID: java-best-practices Rules to enforce Java best practices.
avoid-calendar-creation
>
avoid-string-instantiation
>
avoid-reassigning-parameters
>
redundant-initializer
>
avoid-printstacktrace
>
default-label-not-last-in-switch
>
add-empty-string
>
return-internal-array
>
avoid-reassigning-catch-vars
>
while-loop-with-literal-boolean
>
preserve-stack-trace
>
replace-vector-with-list
>
array-is-stored-directly
>
replace-hashtable-with-map
>
missing-switch-statement-default
>
simplify-test-assertions-boolean
>
Ruleset ID: java-code-style Rules to enforce Java code style.
Ruleset ID: java-inclusive Rules for Java to avoid inappropriate wording in the code and comments.
Ruleset ID: java-security Rules focused on finding security issues in Java code.
keygenerator-avoid-des
>
ldap-injection
>
sql-string-tainted
>
avoid-null-cipher
>
sql-injection
>
json-unsafe-deserialization
>
spring-request-file-tainted
>
bad-hexa-concatenation
>
cookies-http-only
>
spring-csrf-disable
>
message-digest-custom
>
no-des-cipher
>
unvalidated-redirect
>
aes-ecb-insecure
>
cipher-padding-oracle
>
trust-boundaries
>
ignore-saml-comment
>
algorithm-no-hardcoded-secret
>
path-traversal-file-read
>
command-injection
>
object-deserialization
>
http-parameter-pollution
>
ldap-entry-poisoning
>
path-traversal
>
tainted-url-host
>
xss-protection
>
weak-message-digest-sha1
>
smtp-insecure-connection
>
spring-csrf-requestmapping
>
sql-injection-turbine
>
sql-injection-hibernate
>
potential-sql-injection
>
unencrypted-socket
>
Ruleset ID: javascript-best-practices Rules to enforce JavaScript best practices.
no-duplicate-case
>
no-dupe-class-members
>
no-unused-expressions
>
Ruleset ID: javascript-browser-security Rules focused on finding security issues in your JavaScript web applications.
event-check-origin
>
react-dangerously-inner-html
>
local-storage-sensitive-data
>
postmessage-permissive-origin
>
Ruleset ID: javascript-common-security Rules focused on finding security issues in your JavaScript code.
axios-avoid-insecure-http
>
xml-no-external-entities
>
unique-function-arguments
>
Ruleset ID: javascript-inclusive Rules for JavaScript to avoid inappropriate wording in the code and comments.
Ruleset ID: javascript-node-security Rules to identify potential security hotspots in Node. This may include false positives that require further triage.
detect-eval-with-expression
>
command-injection
>
hardcoded-hmac-key
>
log-sensitive-data
>
avoid-crypto-rc4
>
detect-non-literal-require
>
avoid-crypto-sha1
>
sql-injection
>
variable-sql-statement-injection
>
detect-non-literal-fs-filename
>