QP06 Style Guides Practices

What this means

SiteShadow flagged signals that style/lint enforcement may be missing or disabled. This is a quality issue that becomes a security issue when inconsistent code makes review and safe refactoring harder.

Why it matters

Consistent style reduces defects and improves maintainability.

• Fewer mistakes during changes because code is predictable.
• More reliable reviews: reviewers focus on logic rather than formatting.
• Easier auditing of security-sensitive flows.

Safer examples

1) Enforce formatting and linting in CI

Use Prettier/ESLint, Black/Ruff, gofmt, etc. Fail the build on violations.

2) Use an .editorconfig

Keep indentation/line endings consistent across editors.

3) Keep rules pragmatic

Prefer a small, consistent ruleset over a brittle one nobody follows.

How SiteShadow detects it (high level)

• Detects presence/absence of common lint/format config and whether they're enforced in CI.
• Flags repos where style rules exist but appear unused/disabled.

References

• OWASP Top 10: https://owasp.org/Top10/

---

← Back to Vulnerability Library