Merge pull request #57 from project-codeguard/fix/safe-c-func

fix: apply safe-c-functions to c and cpp only

Author: ramraaj25

.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "codeguard-security",
       "source": "./",
       "description": "Comprehensive security rules for AI coding agents",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "repository": "https://github.com/project-codeguard/rules.git",
       "tags": [
         "security",

.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "codeguard-security",
   "description": "Security code review skill based on Project CodeGuard's comprehensive security rules. Helps AI coding agents write secure code and prevent common vulnerabilities.",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "author": {
     "name": "Project CodeGuard",
     "url": "https://project-codeguard.org"

.github/workflows/validate-rules.yml

@@ -51,7 +51,6 @@ jobs:
             "sources/core/codeguard-1-hardcoded-credentials.md"
             "sources/core/codeguard-1-crypto-algorithms.md"
             "sources/core/codeguard-1-digital-certificates.md"
-            "sources/core/codeguard-1-safe-c-functions.md"
             "sources/core/codeguard-SKILLS.md.template"
           )
           

docs/claude-code-skill-plugin.md

@@ -70,14 +70,13 @@ When generating or reviewing code, Claude follows this 3-step workflow:
 
 ### Rule Categories
 
-**Always-Apply Rules** (4 critical rules checked on every code operation):
+**Always-Apply Rules** (3 critical rules checked on every code operation):
 - `codeguard-1-hardcoded-credentials` - Never hardcode secrets or credentials
 - `codeguard-1-crypto-algorithms` - Use modern cryptographic algorithms
 - `codeguard-1-digital-certificates` - Validate certificate security
-- `codeguard-1-safe-c-functions` - Replace unsafe C/C++ functions
 
-**Context-Specific Rules** (18 rules applied based on technology and features):
-- Input validation, authentication, authorization, APIs, data storage, privacy, logging, cryptography, file handling, serialization, supply chain, DevOps, cloud, Kubernetes, IaC, frameworks, and mobile security
+**Context-Specific Rules** (19 rules applied based on technology and features):
+- Input validation, authentication, authorization, APIs, data storage, privacy, logging, cryptography, file handling, serialization, supply chain, DevOps, cloud, Kubernetes, IaC, frameworks, mobile security, and memory safety (C/C++)
 
 ## Usage Examples
 
@@ -155,7 +154,7 @@ For organizations, deploy CodeGuard to all developers automatically:
 
 The plugin includes 22 comprehensive security rules organized into two categories:
 
-### Always-Apply Rules (4 rules)
+### Always-Apply Rules (3 rules)
 
 These critical rules are checked on **every** code operation:
 
@@ -164,9 +163,8 @@ These critical rules are checked on **every** code operation:
 | `codeguard-1-hardcoded-credentials` | Prevent secrets, passwords, API keys, tokens in source code |
 | `codeguard-1-crypto-algorithms` | Ban weak algorithms (MD5, SHA-1, DES); use modern alternatives |
 | `codeguard-1-digital-certificates` | Validate certificate expiration, key strength, signature algorithms |
-| `codeguard-1-safe-c-functions` | Replace unsafe C/C++ functions (gets, strcpy, strcat, sprintf) |
 
-### Context-Specific Rules (18 rules)
+### Context-Specific Rules (19 rules)
 
 These rules apply based on the programming language, framework, or feature being implemented. Claude automatically selects relevant rules based on context:
 
@@ -182,6 +180,7 @@ These rules apply based on the programming language, framework, or feature being
 | **Files & Serialization** | `codeguard-0-file-handling-and-uploads`, `codeguard-0-xml-and-serialization` |
 | **Infrastructure** | `codeguard-0-supply-chain-security`, `codeguard-0-devops-ci-cd-containers`, `codeguard-0-cloud-orchestration-kubernetes`, `codeguard-0-iac-security` |
 | **Platforms** | `codeguard-0-framework-and-languages`, `codeguard-0-mobile-apps` |
+| **Memory Safety (C/C++)** | `codeguard-0-safe-c-functions` |
 
 > **Note:** Each rule file contains detailed guidance, checklists, and examples. Claude references these automatically based on the code context.
 
@@ -385,6 +384,11 @@ Found an issue with the plugin or want to improve it?
 
 ## Version History
 
+### Version 1.0.1
+- Changed `codeguard-1-safe-c-functions` from always-apply to `codeguard-0-safe-c-functions` context-specific rule (C/C++ only)
+- Updated rule counts: 3 always-apply rules, 19 context-specific rules
+- Fixed GitHub Copilot instructions to use `description` field instead of `title`
+
 ### Version 1.0.0
 - Initial release
 - 22 comprehensive security rules

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "project-codeguard"
-version = "1.0.0"
+version = "1.0.1"
 description = "AI Coding Rules for Security and Best Practices"
 requires-python = ">=3.11"
 dependencies = [

skills/software-security/SKILL.md

@@ -1,8 +1,7 @@
 ---
 name: software-security
 description: A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
-metadata:
-codeguard-version: "1.0.0"
+codeguard-version: "1.0.1"
 framework: "Project CodeGuard"
 purpose: "Embed secure-by-default practices into AI coding workflows"
 ---
@@ -25,13 +24,13 @@ When writing or reviewing code:
 - `codeguard-1-hardcoded-credentials.md` - Never hardcode secrets, passwords, API keys, or tokens
 - `codeguard-1-crypto-algorithms.md` - Use only modern, secure cryptographic algorithms
 - `codeguard-1-digital-certificates.md` - Validate and manage digital certificates securely
-- `codeguard-1-safe-c-functions.md` - Avoid unsafe C/C++ functions and use safe alternatives
 2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:
 
 
 | Language | Rule Files to Apply |
 |----------|---------------------|
-| c | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| c | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-safe-c-functions.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| cpp | codeguard-0-safe-c-functions.md |
 | d | codeguard-0-iac-security.md |
 | docker | codeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md |
 | go | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |

…ty/rules/codeguard-1-safe-c-functions.md …ty/rules/codeguard-0-safe-c-functions.mdskills/software-security/rules/codeguard-1-safe-c-functions.md renamed to skills/software-security/rules/codeguard-0-safe-c-functions.md skills/software-security/rules/codeguard-1-safe-c-functions.md renamed to skills/software-security/rules/codeguard-0-safe-c-functions.md

@@ -1,9 +1,12 @@
 ---
 description: Safe C Functions and Memory and String Safety Guidelines
-alwaysApply: true
+languages:
+- c
+- cpp
+alwaysApply: false
 ---
 
-rule_id: codeguard-1-safe-c-functions
+rule_id: codeguard-0-safe-c-functions
 
 # Prioritize Safe Memory and String Functions in C/C++
 

…ces/core/codeguard-1-safe-c-functions.md …ces/core/codeguard-0-safe-c-functions.mdsources/core/codeguard-1-safe-c-functions.md renamed to sources/core/codeguard-0-safe-c-functions.md sources/core/codeguard-1-safe-c-functions.md renamed to sources/core/codeguard-0-safe-c-functions.md

@@ -1,7 +1,9 @@
 ---
 description: Safe C Functions and Memory and String Safety Guidelines
-languages: []
-alwaysApply: true
+languages:
+- c
+- cpp
+alwaysApply: false
 ---
 
 # Prioritize Safe Memory and String Functions in C/C++

sources/core/codeguard-SKILLS.md.template

@@ -1,8 +1,7 @@
 ---
 name: software-security
 description: A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
-metadata:
-codeguard-version: "1.0.0"
+codeguard-version: "x.x.x"
 framework: "Project CodeGuard"
 purpose: "Embed secure-by-default practices into AI coding workflows"
 ---
@@ -25,7 +24,6 @@ When writing or reviewing code:
 - `codeguard-1-hardcoded-credentials.md` - Never hardcode secrets, passwords, API keys, or tokens
 - `codeguard-1-crypto-algorithms.md` - Use only modern, secure cryptographic algorithms
 - `codeguard-1-digital-certificates.md` - Validate and manage digital certificates securely
-- `codeguard-1-safe-c-functions.md` - Avoid unsafe C/C++ functions and use safe alternatives
 2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:
 <!-- LANGUAGE_MAPPINGS_START -->
 <!-- LANGUAGE_MAPPINGS_END -->