Add security static analysis rules for C, Java, and Swift

[ESS-ENN]

Summary by CodeRabbit

Release Notes

• New Security Rules

  • Added a rule to detect misuse of sizeof(this) in C programming.
  • Introduced a rule to prevent hard-coded database secrets in Java.
  • Created a rule to identify insecure biometric authentication in Swift.

• Test Cases

  • Added test cases for each new security rule to validate detection mechanisms.

• Snapshots

  • Created snapshot files to support new security rule testing.

These updates enhance code security by detecting potential vulnerabilities in C, Java, and Swift programming practices.

[coderabbitai]

Walkthrough

This pull request introduces three new security-focused static analysis rules across different programming languages: C, Java, and Swift. The rules aim to address specific security and code quality concerns. In C, a rule warns about incorrect usage of sizeof(this). In Java, a rule detects hard-coded database connection secrets. In Swift, a rule highlights potential vulnerabilities in biometric authentication implementations. Each rule is accompanied by test cases and snapshot configurations to validate its functionality.

Changes

File	Change Summary
rules/c/security/sizeof-this-c.yml	New rule to prevent misuse of sizeof(this) in C
rules/java/security/drivermanager-hardcoded-secret-java.yml	New rule to detect hard-coded secrets in database connections
rules/swift/security/insecure-biometrics-swift.yml	New rule to identify insecure biometric authentication methods
tests/__snapshots__/drivermanager-hardcoded-secret-java-snapshot.yml	Added snapshot for hard-coded secret detection in Java
tests/__snapshots__/insecure-biometrics-swift-snapshot.yml	Added snapshot for biometric security evaluation
tests/__snapshots__/sizeof-this-c-snapshot.yml	Added snapshot entry for sizeof(this) rule
tests/__snapshots__/sizeof-this-cpp-snapshot.yml	Added snapshot with example of sizeof(this) usage
tests/c/sizeof-this-c-test.yml	New test case for sizeof(this) usage in C
tests/java/drivermanager-hardcoded-secret-java-test.yml	New test case for hard-coded secrets in Java
tests/swift/insecure-biometrics-swift-test.yml	New test case for biometric security validation

Possibly related PRs

• Add static analysis rules for C++ and Rust security checks #128: The new rule in sizeof-this-cpp.yml addresses the misuse of sizeof(this) in C++, which is directly related to the changes made in the main PR regarding the introduction of a similar rule in sizeof-this-c.yml for C programming. Both rules aim to prevent the incorrect application of the sizeof operator on pointers.

Suggested reviewers

• ganeshpatro321

Poem

🐰 A rabbit's code review delight,
Catching secrets hidden from sight,
Sizeof and connections so bold,
Security stories now told,
Safe code dancing in the light! 🔍

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ESS-ENN
❌ Sakshis

---

Sakshis seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (12)

tests/swift/insecure-biometrics-swift-test.yml (3)

2-4: Enhance test coverage with more valid cases.

Consider adding more valid test cases to demonstrate proper biometric authentication implementations using Keychain Services. This will help developers understand the correct approach.

valid:
  - |
    abc.anyFunc()
+ - |
+   abc.accessControl(withBiometrics: .biometryAny)
+ - |
+   abc.accessControl(withBiometrics: .biometryCurrentSet)

---

5-7: Add more invalid test cases for comprehensive detection.

Include additional patterns of insecure biometric implementations to improve rule coverage.

invalid:
  - |
    abc.evaluatePolicy()
+ - |
+   abc.evaluatePolicy(LAPolicy.deviceOwnerAuthenticationWithBiometrics)
+ - |
+   abc.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics)

🧰 Tools

🪛 yamllint (1.35.1)

[error] 7-7: no new line character at the end of file

(new-line-at-end-of-file)

---

7-7: Add newline at end of file.

Add a newline character at the end of the file to comply with YAML formatting standards.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 7-7: no new line character at the end of file

(new-line-at-end-of-file)

rules/swift/security/insecure-biometrics-swift.yml (2)

4-10: Fix message indentation.

The message contains inconsistent indentation which might affect readability.

message: >-
  The application was observed to leverage biometrics via Local
-      Authentication, which returns a simple boolean result for authentication.
-      This design is subject to bypass with runtime tampering tools such as
-      Frida, Substrate, and others. Although this is limited to rooted
-      (jailbroken) devices, consider implementing biometric authentication the
-      reliable way - via Keychain Services.
+  Authentication, which returns a simple boolean result for authentication.
+  This design is subject to bypass with runtime tampering tools such as
+  Frida, Substrate, and others. Although this is limited to rooted
+  (jailbroken) devices, consider implementing biometric authentication the
+  reliable way - via Keychain Services.

---

11-15: Enhance documentation with code examples.

The note section provides good references but could be more helpful with concrete code examples showing both incorrect and correct implementations.

note: >-
  [CWE-305] Authentication Bypass by Primary Weakness
  [REFERENCES]
      - https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06f-testing-local-authentication
      - https://shirazkhan030.medium.com/biometric-authentication-in-ios-6c53c54f17df
+  [EXAMPLES]
+  Incorrect:
+    let context = LAContext()
+    context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics) { success, error in }
+  
+  Correct:
+    let access = SecAccessControlCreateWithFlags(
+      kCFAllocatorDefault,
+      kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
+      .biometryAny,
+      nil
+    )

rules/java/security/drivermanager-hardcoded-secret-java.yml (2)

51-76: Remove trailing whitespace and consider additional scenarios.

The pattern should also consider:

1. Setter methods like setPassword() that might be called after construction
2. Other common data source implementations like BasicDataSource

Also, fix the trailing whitespace on lines 52, 64, and 72.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 52-52: trailing spaces

(trailing-spaces)

---

[error] 64-64: trailing spaces

(trailing-spaces)

---

[error] 72-72: trailing spaces

(trailing-spaces)

---

84-89: Strengthen the constraints for better detection.

Consider adding constraints to detect:

1. Common default passwords
2. Short passwords
3. Simple patterns (e.g., "123456", "password")

Also, remove the excessive blank lines at the end of the file.

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 89-89: too many blank lines

(2 > 0) (empty-lines)

tests/c/sizeof-this-c-test.yml (1)

2-4: Enhance valid test cases with more context and variations.

The valid test case should include:

1. Complete class/struct context
2. Different valid patterns (e.g., sizeof(*this), sizeof(Foo))
3. Template class scenarios

 valid:
   - |
-    sizeof(*this);
+    struct Foo {
+      uint64_t a;
+      uint8_t b;
+      size_t get_size() const {
+        return sizeof(*this);  // Valid: Gets size of the object
+      }
+      size_t get_type_size() const {
+        return sizeof(Foo);    // Valid: Alternative approach
+      }
+    };
+
+    template<typename T>
+    struct Bar {
+      T value;
+      size_t get_size() const {
+        return sizeof(*this);  // Valid: Works with templates
+      }
+    };

tests/__snapshots__/sizeof-this-cpp-snapshot.yml (1)

6-13: Enhance label descriptions for better clarity.

The labels could be more descriptive to better explain the issue to developers.

   labels:
     - source: sizeof(this)
       style: primary
+      message: "Using sizeof on 'this' pointer returns pointer size (typically 4 or 8 bytes)"
       start: 7
       end: 19
     - source: this
       style: secondary
+      message: "Consider using sizeof(*this) to get the actual object size"
       start: 14
       end: 18

rules/c/security/sizeof-this-c.yml (3)

4-10: Enhance error message with more specific guidance.

The error message could be more helpful by providing explicit examples of correct usage.

 message: >-
     Do not use `sizeof(this)` to get the number of bytes of the object in
-    memory. It returns the size of the pointer, not the size of the object.
+    memory. It returns the size of the pointer (typically 4 or 8 bytes), not
+    the size of the object. Use `sizeof(*this)` or `sizeof(TypeName)` instead.
 note: >-
   [CWE-467]: Use of sizeof() on a Pointer Type
   [REFERENCES]
       - https://wiki.sei.cmu.edu/confluence/display/c/ARR01-C.+Do+not+apply+the+sizeof+operator+to+a+pointer+when+taking+the+size+of+an+array
+      - https://cwe.mitre.org/data/definitions/467.html

---

45-45: Fix YAML formatting issues.

Several formatting issues were reported by yamllint:

• Trailing spaces
• Incorrect indentation
• Missing newline at end of file

               nthChild: 1              
-              
+
                 has:
-                    has:
+                  has:
                    pattern: $THIS                    
-      
+
         has: 
-      
+
 constraints:
   THIS:
-    regex: ^this$
+    regex: ^this$
+

Also applies to: 67-67, 75-75, 76-76, 79-79, 87-87, 90-90

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

12-87: Consider adding pattern for member function context.

The rule could be improved by adding a pattern to specifically match member function contexts where this is valid.

Would you like me to provide an implementation for this enhancement?

🧰 Tools

🪛 yamllint (1.35.1)

[error] 45-45: trailing spaces

(trailing-spaces)

---

[warning] 67-67: wrong indentation: expected 18 but found 20

(indentation)

---

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 76-76: trailing spaces

(trailing-spaces)

---

[error] 79-79: trailing spaces

(trailing-spaces)

---

[warning] 85-85: too many spaces after colon

(colons)

---

[error] 87-87: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 670f26f and a4c389e.

📒 Files selected for processing (10)

• rules/c/security/sizeof-this-c.yml (1 hunks)
• rules/java/security/drivermanager-hardcoded-secret-java.yml (1 hunks)
• rules/swift/security/insecure-biometrics-swift.yml (1 hunks)
• tests/__snapshots__/drivermanager-hardcoded-secret-java-snapshot.yml (1 hunks)
• tests/__snapshots__/insecure-biometrics-swift-snapshot.yml (1 hunks)
• tests/__snapshots__/sizeof-this-c-snapshot.yml (1 hunks)
• tests/__snapshots__/sizeof-this-cpp-snapshot.yml (1 hunks)
• tests/c/sizeof-this-c-test.yml (1 hunks)
• tests/java/drivermanager-hardcoded-secret-java-test.yml (1 hunks)
• tests/swift/insecure-biometrics-swift-test.yml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• tests/snapshots/sizeof-this-c-snapshot.yml
• tests/snapshots/insecure-biometrics-swift-snapshot.yml

🧰 Additional context used

🪛 yamllint (1.35.1)

tests/swift/insecure-biometrics-swift-test.yml

[error] 7-7: no new line character at the end of file

(new-line-at-end-of-file)

rules/c/security/sizeof-this-c.yml

[error] 45-45: trailing spaces

(trailing-spaces)

---

[warning] 67-67: wrong indentation: expected 18 but found 20

(indentation)

---

[error] 75-75: trailing spaces

(trailing-spaces)

---

[error] 76-76: trailing spaces

(trailing-spaces)

---

[error] 79-79: trailing spaces

(trailing-spaces)

---

[warning] 85-85: too many spaces after colon

(colons)

---

[error] 87-87: trailing spaces

(trailing-spaces)

---

[error] 90-90: no new line character at the end of file

(new-line-at-end-of-file)

rules/java/security/drivermanager-hardcoded-secret-java.yml

[warning] 17-17: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: wrong indentation: expected 5 but found 6

(indentation)

---

[error] 35-35: trailing spaces

(trailing-spaces)

---

[error] 46-46: trailing spaces

(trailing-spaces)

---

[error] 52-52: trailing spaces

(trailing-spaces)

---

[error] 64-64: trailing spaces

(trailing-spaces)

---

[error] 72-72: trailing spaces

(trailing-spaces)

---

[warning] 89-89: too many blank lines

(2 > 0) (empty-lines)

🔇 Additional comments (1)

tests/__snapshots__/drivermanager-hardcoded-secret-java-snapshot.yml (1)

1-45: LGTM! Consider adding snapshots for recommended test cases.

The snapshot definitions are well-structured and correctly highlight the relevant parts of the code. Update them when adding the suggested test cases.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

rules/swift/security/insecure-biometrics-swift.yml (1)

17-43: 🛠️ Refactor suggestion

Enhance pattern matching for comprehensive detection.

The current patterns might miss common variations of insecure biometric implementations.

rule:
  any:
   - kind: navigation_expression
-    pattern: $X.evaluatePolicy
+    patterns:
+      - pattern: $X.evaluatePolicy
+      - pattern: $X.evaluatePolicy($POLICY)
+      - pattern: $X.evaluatePolicy($POLICY, localizedReason: $REASON)
+      - pattern: LAContext().evaluatePolicy
+      - pattern: LAContext().canEvaluatePolicy

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 19-19: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: too many spaces after hyphen

(hyphens)

---

[warning] 22-22: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 23-23: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 26-26: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 28-28: too many spaces after hyphen

(hyphens)

---

[warning] 30-30: wrong indentation: expected 8 but found 9

(indentation)

---

[error] 32-32: trailing spaces

(trailing-spaces)

---

[warning] 33-33: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 36-36: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 37-37: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 40-40: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 42-42: too many spaces after hyphen

(hyphens)

---

[error] 43-43: trailing spaces

(trailing-spaces)

🧹 Nitpick comments (3)

rules/swift/security/insecure-biometrics-swift.yml (3)

1-16: Consider elevating the severity level and adding official documentation.

Given that biometric authentication bypass can lead to unauthorized access, consider changing the severity from "info" to "warning" or "error". Additionally, enhance the references section with Apple's official documentation:

• https://developer.apple.com/documentation/localauthentication
• https://developer.apple.com/documentation/security/keychain_services

-severity: info
+severity: warning

---

17-47: Fix YAML formatting issues.

The YAML structure has inconsistent indentation and trailing spaces that should be fixed for better maintainability.

 rule:
   any:
-   -  kind: navigation_expression
+    - kind: navigation_expression
       pattern: $X.evaluatePolicy
       not:
-         has:
-            stopBy: end
+        has:
+          stopBy: end
# ... continue fixing indentation for the rest of the file

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 19-19: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: too many spaces after hyphen

(hyphens)

---

[warning] 22-22: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 23-23: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 26-26: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 28-28: too many spaces after hyphen

(hyphens)

---

[warning] 30-30: wrong indentation: expected 8 but found 9

(indentation)

---

[error] 32-32: trailing spaces

(trailing-spaces)

---

[warning] 33-33: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 36-36: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 37-37: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 40-40: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 42-42: too many spaces after hyphen

(hyphens)

---

[error] 43-43: trailing spaces

(trailing-spaces)

---

[warning] 45-45: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 46-46: wrong indentation: expected 5 but found 6

(indentation)

---

17-47: Simplify rule structure for better maintainability.

The current rule structure has redundant patterns and complex nesting. Consider simplifying it while maintaining the same functionality.

 rule:
   any:
-   - kind: navigation_expression
-     pattern: $X.evaluatePolicy
-     not:
-       has:
-         stopBy: end
-         kind: tuple_expression
-         has:
-           nthChild: 2
-   - kind: navigation_expression
-     has:
-       kind: navigation_suffix
-       regex: \.evaluatePolicy$
-   - pattern: '.evaluatePolicy'
+   - pattern: $X.evaluatePolicy($ARGS)
+     where:
+       $X:
+         matches: LAContext
+       $ARGS:
+         not:
+           includes: reply
+   - pattern: $X.canEvaluatePolicy($ARGS)
+     where:
+       $X:
+         matches: LAContext

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 19-19: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: too many spaces after hyphen

(hyphens)

---

[warning] 22-22: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 23-23: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 26-26: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 28-28: too many spaces after hyphen

(hyphens)

---

[warning] 30-30: wrong indentation: expected 8 but found 9

(indentation)

---

[error] 32-32: trailing spaces

(trailing-spaces)

---

[warning] 33-33: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 36-36: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 37-37: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 40-40: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 42-42: too many spaces after hyphen

(hyphens)

---

[error] 43-43: trailing spaces

(trailing-spaces)

---

[warning] 45-45: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 46-46: wrong indentation: expected 5 but found 6

(indentation)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a4c389e and 4d28568.

📒 Files selected for processing (1)

• rules/swift/security/insecure-biometrics-swift.yml (1 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

rules/swift/security/insecure-biometrics-swift.yml

[warning] 19-19: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: too many spaces after hyphen

(hyphens)

---

[warning] 22-22: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 23-23: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 26-26: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 28-28: too many spaces after hyphen

(hyphens)

---

[warning] 30-30: wrong indentation: expected 8 but found 9

(indentation)

---

[error] 32-32: trailing spaces

(trailing-spaces)

---

[warning] 33-33: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 36-36: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 37-37: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 40-40: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 42-42: too many spaces after hyphen

(hyphens)

---

[error] 43-43: trailing spaces

(trailing-spaces)

---

[warning] 45-45: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 46-46: wrong indentation: expected 5 but found 6

(indentation)

🔇 Additional comments (1)

rules/swift/security/insecure-biometrics-swift.yml (1)

1-47: Verify rule effectiveness with test cases.

To ensure the rule catches all insecure biometric implementations while avoiding false positives, we should verify it against various test cases.

🧰 Tools

🪛 yamllint (1.35.1)

[warning] 19-19: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 19-19: too many spaces after hyphen

(hyphens)

---

[warning] 22-22: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 23-23: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 26-26: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 28-28: too many spaces after hyphen

(hyphens)

---

[warning] 30-30: wrong indentation: expected 8 but found 9

(indentation)

---

[error] 32-32: trailing spaces

(trailing-spaces)

---

[warning] 33-33: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 36-36: wrong indentation: expected 8 but found 9

(indentation)

---

[warning] 37-37: wrong indentation: expected 11 but found 12

(indentation)

---

[warning] 40-40: wrong indentation: expected 14 but found 15

(indentation)

---

[warning] 42-42: too many spaces after hyphen

(hyphens)

---

[error] 43-43: trailing spaces

(trailing-spaces)

---

[warning] 45-45: wrong indentation: expected 4 but found 3

(indentation)

---

[warning] 46-46: wrong indentation: expected 5 but found 6

(indentation)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

rules/c/security/sizeof-this-c.yml (5)

1-11: Consider elevating severity and enhancing the message.

The rule metadata is well-structured, but consider these improvements:

1. Elevate severity to error since sizeof(this) misuse can lead to buffer overflows
2. Add the correct usage pattern sizeof(*this) to the message to make it more actionable

 id: sizeof-this-c
 language: c
-severity: warning
+severity: error
 message: >-
     Do not use `sizeof(this)` to get the number of bytes of the object in
-    memory. It returns the size of the pointer, not the size of the object.
+    memory. It returns the size of the pointer, not the size of the object.
+    Use `sizeof(*this)` instead to get the actual object size.

---

65-68: Remove commented out code.

Remove these commented lines as they add noise to the rule definition. If they represent a future enhancement, create an issue to track it instead.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 68-68: trailing spaces

(trailing-spaces)

---

12-128: Consider simplifying the AST patterns.

The rule pattern has multiple branches that look similar, particularly around parameter list matching. Consider consolidating these patterns to reduce duplication and improve maintainability.

For example, the patterns at lines 44-64 and 70-98 could potentially be unified since they both match parameter declarations with similar constraints.

🧰 Tools

🪛 yamllint (1.35.1)

[error] 43-43: trailing spaces

(trailing-spaces)

---

[error] 68-68: trailing spaces

(trailing-spaces)

---

[warning] 90-90: wrong indentation: expected 18 but found 20

(indentation)

---

[error] 98-98: trailing spaces

(trailing-spaces)

---

[error] 102-102: trailing spaces

(trailing-spaces)

---

[warning] 108-108: too many spaces after colon

(colons)

---

[error] 124-124: trailing spaces

(trailing-spaces)

---

129-131: Add word boundaries to the regex pattern.

To prevent false positives where "this" appears as part of another identifier, consider adding word boundaries to the regex:

 constraints:
   THIS:
-    regex: ^this$
+    regex: \bthis\b

---

43-43: Fix YAML formatting issues.

Several formatting issues were detected by yamllint:

1. Remove trailing spaces (lines 43, 68, 98, 102, 124)
2. Fix indentation at line 90 (expected 18 spaces, found 20)
3. Fix extra space after colon at line 108

Also applies to: 68-68, 98-98, 102-102, 108-108, 124-124

🧰 Tools

🪛 yamllint (1.35.1)

[error] 43-43: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d28568 and 5333f10.

📒 Files selected for processing (1)

• rules/c/security/sizeof-this-c.yml (1 hunks)

🧰 Additional context used

🪛 yamllint (1.35.1)

rules/c/security/sizeof-this-c.yml

[error] 43-43: trailing spaces

(trailing-spaces)

---

[error] 68-68: trailing spaces

(trailing-spaces)

---

[warning] 90-90: wrong indentation: expected 18 but found 20

(indentation)

---

[error] 98-98: trailing spaces

(trailing-spaces)

---

[error] 102-102: trailing spaces

(trailing-spaces)

---

[warning] 108-108: too many spaces after colon

(colons)

---

[error] 124-124: trailing spaces

(trailing-spaces)