diff --git a/ide_rules/.github/instructions/codeguard-0-additional-cryptography.instructions.md b/ide_rules/.github/instructions/codeguard-0-additional-cryptography.instructions.md index a96d9e0..c4cf5d8 100644 --- a/ide_rules/.github/instructions/codeguard-0-additional-cryptography.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-additional-cryptography.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.swift,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.swift,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml' title: Additional Cryptography guidance version: 1.0.0 --- diff --git a/ide_rules/.github/instructions/codeguard-0-api-web-services.instructions.md b/ide_rules/.github/instructions/codeguard-0-api-web-services.instructions.md index 90fd12b..b8d30f2 100644 --- a/ide_rules/.github/instructions/codeguard-0-api-web-services.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-api-web-services.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml' title: API & Web services security (REST/GraphQL/SOAP), schema validation, authn/z, SSRF version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-authentication-mfa.instructions.md b/ide_rules/.github/instructions/codeguard-0-authentication-mfa.instructions.md index d025ca1..f0ddae9 100644 --- a/ide_rules/.github/instructions/codeguard-0-authentication-mfa.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-authentication-mfa.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.swift,**/*.ts,**/*.tsx +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.swift,**/*.ts,**/*.tsx' title: Authentication and MFA best practices (passwords, MFA, OAuth/OIDC, SAML, recovery, tokens) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-authorization-access-control.instructions.md b/ide_rules/.github/instructions/codeguard-0-authorization-access-control.instructions.md index 4ac1473..94ad6b0 100644 --- a/ide_rules/.github/instructions/codeguard-0-authorization-access-control.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-authorization-access-control.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.yaml,**/*.yml' title: Authorization and access control (RBAC/ABAC/ReBAC, IDOR, mass assignment, transaction auth) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-client-side-web-security.instructions.md b/ide_rules/.github/instructions/codeguard-0-client-side-web-security.instructions.md index aa6c449..850f1e8 100644 --- a/ide_rules/.github/instructions/codeguard-0-client-side-web-security.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-client-side-web-security.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.h,**/*.htm,**/*.html,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.ts,**/*.tsx,**/*.v +applyTo: '**/*.c,**/*.h,**/*.htm,**/*.html,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.ts,**/*.tsx,**/*.v' title: Client-side web security (XSS/DOM XSS, CSP, CSRF, clickjacking, XS-Leaks, third-party JS) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-cloud-orchestration-kubernetes.instructions.md b/ide_rules/.github/instructions/codeguard-0-cloud-orchestration-kubernetes.instructions.md index e16ac7c..a997301 100644 --- a/ide_rules/.github/instructions/codeguard-0-cloud-orchestration-kubernetes.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-cloud-orchestration-kubernetes.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml +applyTo: '**/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml' title: Kubernetes hardening (RBAC, admission policies, network policies, secrets, supply chain) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-data-storage.instructions.md b/ide_rules/.github/instructions/codeguard-0-data-storage.instructions.md index bb45362..0f45313 100644 --- a/ide_rules/.github/instructions/codeguard-0-data-storage.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-data-storage.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.ddl,**/*.dml,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.sql,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.ddl,**/*.dml,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.sql,**/*.yaml,**/*.yml' title: Data & storage security (DB isolation, TLS, least privilege, RLS/CLS, backups, auditing) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-devops-ci-cd-containers.instructions.md b/ide_rules/.github/instructions/codeguard-0-devops-ci-cd-containers.instructions.md index fdaab3f..44e4c4d 100644 --- a/ide_rules/.github/instructions/codeguard-0-devops-ci-cd-containers.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-devops-ci-cd-containers.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.bash,**/*.dockerfile,**/*.js,**/*.jsx,**/*.mjs,**/*.ps1,**/*.sh,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml,Dockerfile*,docker-compose* +applyTo: '**/*.bash,**/*.dockerfile,**/*.js,**/*.jsx,**/*.mjs,**/*.ps1,**/*.sh,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml,Dockerfile*,docker-compose*' title: DevOps, CI/CD, and containers (pipeline hardening, artifacts, Docker/K8s images, virtual patching, toolchain) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-file-handling-and-uploads.instructions.md b/ide_rules/.github/instructions/codeguard-0-file-handling-and-uploads.instructions.md index 14f4bac..258d87d 100644 --- a/ide_rules/.github/instructions/codeguard-0-file-handling-and-uploads.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-file-handling-and-uploads.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx' title: Secure file handling & uploads (validation, storage isolation, scanning, safe delivery) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-framework-and-languages.instructions.md b/ide_rules/.github/instructions/codeguard-0-framework-and-languages.instructions.md index 0b87459..2f168ab 100644 --- a/ide_rules/.github/instructions/codeguard-0-framework-and-languages.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-framework-and-languages.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.h,**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt,**/*.yaml,**/*.yml' title: Framework & language security guides (Django/DRF, Laravel/Symfony/Rails, .NET, Java/JAAS, Node.js, PHP config) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-iac-security.instructions.md b/ide_rules/.github/instructions/codeguard-0-iac-security.instructions.md index 7b52db5..cd377fd 100644 --- a/ide_rules/.github/instructions/codeguard-0-iac-security.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-iac-security.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.bash,**/*.c,**/*.d,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.ps1,**/*.rb,**/*.sh,**/*.yaml,**/*.yml +applyTo: '**/*.bash,**/*.c,**/*.d,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.ps1,**/*.rb,**/*.sh,**/*.yaml,**/*.yml' title: Infrastructure as Code Security version: 1.0.0 --- diff --git a/ide_rules/.github/instructions/codeguard-0-input-validation-injection.instructions.md b/ide_rules/.github/instructions/codeguard-0-input-validation-injection.instructions.md index 112369a..8736f75 100644 --- a/ide_rules/.github/instructions/codeguard-0-input-validation-injection.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-input-validation-injection.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.bash,**/*.c,**/*.ddl,**/*.dml,**/*.go,**/*.h,**/*.htm,**/*.html,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.ps1,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.sh,**/*.sql,**/*.ts,**/*.tsx +applyTo: '**/*.bash,**/*.c,**/*.ddl,**/*.dml,**/*.go,**/*.h,**/*.htm,**/*.html,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.ps1,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.sh,**/*.sql,**/*.ts,**/*.tsx' title: Input validation and injection defense (SQL/LDAP/OS), parameterization, prototype pollution version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-logging.instructions.md b/ide_rules/.github/instructions/codeguard-0-logging.instructions.md index 43b4d70..46fc614 100644 --- a/ide_rules/.github/instructions/codeguard-0-logging.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-logging.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml +applyTo: '**/*.c,**/*.h,**/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml' title: Logging & monitoring (structured telemetry, redaction, integrity, detection & alerting) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-mobile-apps.instructions.md b/ide_rules/.github/instructions/codeguard-0-mobile-apps.instructions.md index 224f619..a87e5e4 100644 --- a/ide_rules/.github/instructions/codeguard-0-mobile-apps.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-mobile-apps.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.pl,**/*.pm,**/*.swift,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt +applyTo: '**/*.java,**/*.js,**/*.jsx,**/*.kt,**/*.kts,**/*.m,**/*.mjs,**/*.pl,**/*.pm,**/*.swift,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt' title: 'Mobile app security (iOS/Android): storage, transport, code integrity, biometrics, permissions' version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-privacy-data-protection.instructions.md b/ide_rules/.github/instructions/codeguard-0-privacy-data-protection.instructions.md index c9b5d31..defb1df 100644 --- a/ide_rules/.github/instructions/codeguard-0-privacy-data-protection.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-privacy-data-protection.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.js,**/*.jsx,**/*.m,**/*.mjs,**/*.yaml,**/*.yml +applyTo: '**/*.js,**/*.jsx,**/*.m,**/*.mjs,**/*.yaml,**/*.yml' title: Privacy & data protection (minimization, classification, encryption, rights, transparency) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-session-management-and-cookies.instructions.md b/ide_rules/.github/instructions/codeguard-0-session-management-and-cookies.instructions.md index 08a0318..f915bd7 100644 --- a/ide_rules/.github/instructions/codeguard-0-session-management-and-cookies.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-session-management-and-cookies.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.htm,**/*.html,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx +applyTo: '**/*.c,**/*.go,**/*.h,**/*.htm,**/*.html,**/*.java,**/*.js,**/*.jsx,**/*.mjs,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.ts,**/*.tsx' title: Session management and secure cookies (rotation, fixation, timeouts, theft detection) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-supply-chain-security.instructions.md b/ide_rules/.github/instructions/codeguard-0-supply-chain-security.instructions.md index 150fc88..fc00a9c 100644 --- a/ide_rules/.github/instructions/codeguard-0-supply-chain-security.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-supply-chain-security.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.dockerfile,**/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml,Dockerfile*,docker-compose* +applyTo: '**/*.dockerfile,**/*.js,**/*.jsx,**/*.mjs,**/*.yaml,**/*.yml,Dockerfile*,docker-compose*' title: Dependency & supply chain security (pinning, SBOM, provenance, integrity, private registries) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-0-xml-and-serialization.instructions.md b/ide_rules/.github/instructions/codeguard-0-xml-and-serialization.instructions.md index 7076c55..65707c7 100644 --- a/ide_rules/.github/instructions/codeguard-0-xml-and-serialization.instructions.md +++ b/ide_rules/.github/instructions/codeguard-0-xml-and-serialization.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/*.c,**/*.go,**/*.h,**/*.java,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt +applyTo: '**/*.c,**/*.go,**/*.h,**/*.java,**/*.php,**/*.py,**/*.pyi,**/*.pyx,**/*.rb,**/*.wsdl,**/*.xml,**/*.xsd,**/*.xslt' title: XML security and safe deserialization (DTD/XXE hardening, schema validation, no unsafe native deserialization) version: 1.0.0 diff --git a/ide_rules/.github/instructions/codeguard-1-crypto-algorithms.instructions.md b/ide_rules/.github/instructions/codeguard-1-crypto-algorithms.instructions.md index 673e989..5052d2c 100644 --- a/ide_rules/.github/instructions/codeguard-1-crypto-algorithms.instructions.md +++ b/ide_rules/.github/instructions/codeguard-1-crypto-algorithms.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/* +applyTo: '**/*' title: Cryptographic Security Guidelines version: 1.0.0 --- diff --git a/ide_rules/.github/instructions/codeguard-1-digital-certificates.instructions.md b/ide_rules/.github/instructions/codeguard-1-digital-certificates.instructions.md index 2a78cb4..c9a98b5 100644 --- a/ide_rules/.github/instructions/codeguard-1-digital-certificates.instructions.md +++ b/ide_rules/.github/instructions/codeguard-1-digital-certificates.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/* +applyTo: '**/*' title: Certificate Best Practices version: 1.0.0 --- diff --git a/ide_rules/.github/instructions/codeguard-1-hardcoded-credentials.instructions.md b/ide_rules/.github/instructions/codeguard-1-hardcoded-credentials.instructions.md index b267068..a0e688a 100644 --- a/ide_rules/.github/instructions/codeguard-1-hardcoded-credentials.instructions.md +++ b/ide_rules/.github/instructions/codeguard-1-hardcoded-credentials.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/* +applyTo: '**/*' title: No Hardcoded Credentials version: 1.0.0 --- diff --git a/ide_rules/.github/instructions/codeguard-1-safe-c-functions.instructions.md b/ide_rules/.github/instructions/codeguard-1-safe-c-functions.instructions.md index ff74ec6..f0a7908 100644 --- a/ide_rules/.github/instructions/codeguard-1-safe-c-functions.instructions.md +++ b/ide_rules/.github/instructions/codeguard-1-safe-c-functions.instructions.md @@ -1,5 +1,5 @@ --- -applyTo: **/* +applyTo: '**/*' title: Safe C Functions and Memory and String Safety Guidelines version: 1.0.0 --- diff --git a/src/formats/copilot.py b/src/formats/copilot.py index 9a982ec..067bb62 100644 --- a/src/formats/copilot.py +++ b/src/formats/copilot.py @@ -47,7 +47,7 @@ def generate(self, rule: ProcessedRule, globs: str) -> str: yaml_lines = [] # Add applyTo (Copilot's equivalent of globs) - yaml_lines.append(f"applyTo: {globs}") + yaml_lines.append(f"applyTo: '{globs}'") # Add title title = self._format_yaml_field("title", rule.description)