feat: add C++ language support and hook tests (#539)

- agents: cpp-build-resolver, cpp-reviewer - commands: cpp-build, cpp-review, cpp-test - rules: cpp/ (coding-style, hooks, patterns, security, testing) - tests: 9 new hook test files with comprehensive coverage Cherry-picked from PR #436.
2026-03-30 13:43:26 +08:00 · 2026-03-16 14:31:49 -07:00
parent f12bb90924
commit b6595974c2
19 changed files with 2471 additions and 0 deletions
--- a/rules/cpp/security.md
+++ b/rules/cpp/security.md
@@ -0,0 +1,51 @@
+---
+paths:
+  - "**/*.cpp"
+  - "**/*.hpp"
+  - "**/*.cc"
+  - "**/*.hh"
+  - "**/*.cxx"
+  - "**/*.h"
+  - "**/CMakeLists.txt"
+---
+# C++ Security
+
+> This file extends [common/security.md](../common/security.md) with C++ specific content.
+
+## Memory Safety
+
+- Never use raw `new`/`delete` — use smart pointers
+- Never use C-style arrays — use `std::array` or `std::vector`
+- Never use `malloc`/`free` — use C++ allocation
+- Avoid `reinterpret_cast` unless absolutely necessary
+
+## Buffer Overflows
+
+- Use `std::string` over `char*`
+- Use `.at()` for bounds-checked access when safety matters
+- Never use `strcpy`, `strcat`, `sprintf` — use `std::string` or `fmt::format`
+
+## Undefined Behavior
+
+- Always initialize variables
+- Avoid signed integer overflow
+- Never dereference null or dangling pointers
+- Use sanitizers in CI:
+  ```bash
+  cmake -DCMAKE_CXX_FLAGS="-fsanitize=address,undefined" ..
+  ```
+
+## Static Analysis
+
+- Use **clang-tidy** for automated checks:
+  ```bash
+  clang-tidy --checks='*' src/*.cpp
+  ```
+- Use **cppcheck** for additional analysis:
+  ```bash
+  cppcheck --enable=all src/
+  ```
+
+## Reference
+
+See skill: `cpp-coding-standards` for detailed security guidelines.