Static Analysis Rules

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Code Analysis is not available for the site.

Try the Beta!

Code Analysis is in public beta.

Overview

Datadog Static Analysis provides out-of-the-box rules to help detect violations in your CI/CD pipelines in code reviews and identify bugs, security, and maintainability issues. For more information, see the Setup documentation.

Ruleset ID: csharp-best-practices Rules to enforce C# best practices.
avoid-call-gc-suppress-finalize
>
no-empty-finalizer
>
finalizer-no-exception
>
avoid-formattablestring
>
no-nested-ternary
>
avoid-notimplementedexception
>
sealed-class-protected-members
>
redundant-modifiers
>
no-sleep-in-tests
>
avoid-gc-collect
>
dispose-objects-once
>
comparison-nan
>
no-exception-special-methods
>
use-specific-exceptions
>
avoid-non-existing-operators
>
objects-ensure-use
>
exception-must-be-thrown
>
catch-nullreference
>
no-empty-default
>
tostring-not-return-null
>
use-assembly-load
>
Ruleset ID: csharp-code-style Rules to enforce C# code style.
short-class-name
>
short-method-name
>
class-naming-conventions
>
variable-naming-conventions
>
interface-first-letter
>
Ruleset ID: csharp-inclusive Rules to make your C# code more inclusive.
Ruleset ID: csharp-security Rules focused on finding security issues in your C# code.
Ruleset ID: go-best-practices Rules to make writing Go code faster and easier. From code style to preventing bugs, this ruleset helps developers writing performant, maintainable, and efficient Go code.
avoid-bare-return
>
time-parse-format
>
avoid-empty-critical-sections
>
valid-regular-expression
>
manual-string-trimming
>
negative-zero
>
redundant-nil-check
>
loop-regexp-match
>
superfluous-else
>
useless-bitwise-operation
>
invalid-host-port-pair
>
merge-declaration-assignment
>
comparing-address-nil
>
comparison-true
>
defer-lock
>
redefine-builtin-id
>
redundant-negation
>
math-pow-expanstion
>
inefficient-string-comparison
>
invalid-seek-value
>
do-not-compare-nan
>
omit-default-slice-index
>
redundant-type-var-declaration
>
compare-identical
>
unnecessary-blank-identifier
>
mod-one-always-zero
>
simplify-boolean-expression
>
simplify-pointer-operation
>
Ruleset ID: go-security Detect common security issues (such as SQL injection, XSS, or shell injection) in your Go codebase.
command-injection
>
unescape-template-data-js
>
grpc-client-insecure
>
grpc-server-insecure
>
avoid-rat-setstring
>
import-cgi
>
tls-skip-verify
>
http-request-secure
>
chmod-permissions
>
decompression-bomb
>
range-memory-aliasing
>
cookie-secure
>
session-secure
>
unsafe-reflection
>
Ruleset ID: java-best-practices Rules to enforce Java best practices.
avoid-calendar-creation
>
avoid-string-instantiation
>
avoid-reassigning-parameters
>
redundant-initializer
>
avoid-printstacktrace
>
default-label-not-last-in-switch
>
add-empty-string
>
return-internal-array
>
avoid-reassigning-catch-vars
>
while-loop-with-literal-boolean
>
preserve-stack-trace
>
replace-vector-with-list
>
array-is-stored-directly
>
replace-hashtable-with-map
>
missing-switch-statement-default
>
simplify-test-assertions-boolean
>
constants-in-interfaces
>
Ruleset ID: java-code-style Rules to enforce Java code style.
Ruleset ID: java-inclusive Rules for Java to avoid inappropriate wording in the code and comments.
Ruleset ID: java-security Rules focused on finding security issues in Java code.
keygenerator-avoid-des
>
ldap-injection
>
sql-string-tainted
>
avoid-null-cipher
>
sql-injection
>
json-unsafe-deserialization
>
spring-request-file-tainted
>
bad-hexa-concatenation
>
cookies-http-only
>
spring-csrf-disable
>
message-digest-custom
>
no-des-cipher
>
unvalidated-redirect
>
aes-ecb-insecure
>
cipher-padding-oracle
>
trust-boundaries
>
ignore-saml-comment
>
algorithm-no-hardcoded-secret
>
path-traversal-file-read
>
command-injection
>
object-deserialization
>
http-parameter-pollution
>
ldap-entry-poisoning
>
path-traversal
>
xss-protection
>
weak-message-digest-sha1
>
smtp-insecure-connection
>
spring-csrf-requestmapping
>
sql-injection-turbine
>
sql-injection-hibernate
>
potential-sql-injection
>
unencrypted-socket
>
Ruleset ID: javascript-best-practices Rules to enforce JavaScript best practices.
no-duplicate-case
>
no-dupe-class-members
>
Ruleset ID: javascript-browser-security Rules focused on finding security issues in your JavaScript web applications.
event-check-origin
>
react-dangerously-inner-html
>
local-storage-sensitive-data
>
postmessage-permissive-origin
>
Ruleset ID: javascript-common-security Rules focused on finding security issues in your JavaScript code.
axios-avoid-insecure-http
>
xml-no-external-entities
>
unique-function-arguments
>
Ruleset ID: javascript-inclusive Rules for JavaScript to avoid inappropriate wording in the code and comments.
Ruleset ID: javascript-node-security Rules to identify potential security hotspots in Node. This may include false positives that require further triage.
Ruleset ID: jsx-react This plugin exports a recommended configuration that enforces React good practices.
Ruleset ID: python-best-practices Best practices for Python to write efficient and bug-free code.
function-already-exists
>
assertraises-specific-exception
>
avoid-string-concat
>
unreachable-code
>
function-variable-argument-name
>
self-assignment
>
no-base-exception
>
return-outside-function
>
any-type-disallow
>
no-bare-except
>
finally-no-break-continue-return
>
no-datetime-today
>
no-double-unary-operator
>
dataclass-special-methods
>
comparison-constant-left
>
ambiguous-function-name
>
ambiguous-variable-name
>
import-modules-twice
>
no-assert-on-tuples
>
init-no-return-value
>
comment-fixme-todo-ownership
>
no-duplicate-base-class
>
type-check-isinstance
>
Ruleset ID: python-code-style Rules to enforce Python code style.
Ruleset ID: python-django Rules specifically for Django best practices and security.
model-charfield-max-length
>
os-system-from-request
>
subprocess-from-request
>
jsonresponse-no-content-type
>
no-unicode-on-models
>
open-filename-from-request
>
http-response-from-request
>
Ruleset ID: python-flask Rules specifically for Flask best practices and security.
Ruleset ID: python-inclusive Rules for Python to avoid inappropriate wording in the code and comments.
Ruleset ID: python-pandas

A set of rules to check that pandas code is used appropriately.

  • Ensures import declarations follow coding guidelines.
  • Avoid deprecated code and methods.
  • Avoid inefficient code whenever possible.
Ruleset ID: python-security

Rules focused on finding security and vulnerability issues in your Python code, including those found in the OWASP10 and SANS25.

  • Use of bad encryption and hashing protocols
  • Lack of access control
  • Security misconfiguration
  • SQL injections
  • Hardcoded credentials
  • Shell injection
  • Unsafe deserialization
html-string-from-parameters
>
variable-sql-statement-injection
>
https://static.datadoghq.com/static/images/logos/python_avatar.svg