feat: add W014 case-without-else rule

Warn on CASE expressions that lack an ELSE branch.\nUnmatched rows silently return NULL which is often unintended.\n\nCloses #4

Author: hellozzm

sql_guard/rules/__init__.py

@@ -14,6 +14,7 @@
     UpdateWithoutWhere,
 )
 from sql_guard.rules.warnings import (
+    CaseWithoutElse,
     CommentedOutCode,
     CountDistinctUnbounded,
     FunctionOnIndexedColumn,
@@ -75,6 +76,7 @@
     OrAcrossColumns(),
     TruncateTable(),
     CountDistinctUnbounded(),
+    CaseWithoutElse(),
     # Structural (S001-S003)
     ImplicitCrossJoin(),
     DeeplyNestedSubquery(),

sql_guard/rules/warnings.py

@@ -484,6 +484,38 @@ def check_statement(self, statement: str, start_line: int, file: str) -> Finding
         return None
 
 
+class CaseWithoutElse(Rule):
+    """W014: CASE expression without ELSE returns NULL for unmatched rows.
+
+    ``CASE WHEN ... THEN ... END`` without an ``ELSE`` branch returns
+    ``NULL`` for any row that doesn't match a ``WHEN`` condition.
+    Often the author assumes the conditions are exhaustive when they
+    aren't, or downstream code can't handle NULLs.
+    """
+
+    id = "W014"
+    name = "case-without-else"
+    severity = "warning"
+    description = "CASE without ELSE returns NULL for unmatched rows"
+    multiline = True
+
+    _case = Rule._compile(r"\bCASE\b")
+    _end = Rule._compile(r"\bEND\b")
+    _else = Rule._compile(r"\bELSE\b")
+
+    def check_statement(self, statement: str, start_line: int, file: str) -> Finding | None:
+        if self._case.search(statement) and self._end.search(statement) and not self._else.search(statement):
+            return Finding(
+                rule_id=self.id,
+                severity=self.severity,
+                file=file,
+                line=start_line,
+                message="CASE without ELSE -- unmatched rows return NULL",
+                suggestion="Add an explicit ELSE clause, even if it's ELSE NULL for clarity",
+            )
+        return None
+
+
 class WindowMissingPartition(Rule):
     """W013: OVER() without PARTITION BY can yield unpredictable results."""
 

tests/fixtures/warnings.sql

@@ -34,3 +34,11 @@ FROM events;
 SELECT *
 FROM customers
 WHERE id NOT IN (SELECT customer_id FROM orders);
+
+-- W014: CASE without ELSE
+SELECT
+  CASE
+    WHEN status = 'paid' THEN 1
+    WHEN status = 'pending' THEN 0
+  END AS paid_flag
+FROM orders;

tests/test_rules.py

@@ -18,7 +18,7 @@
 
 class TestRuleRegistry:
     def test_all_rules_loaded(self) -> None:
-        assert len(ALL_RULES) == 34
+        assert len(ALL_RULES) == 35
 
     def test_10_errors(self) -> None:
         # 8 E-series + 2 T-series (T002 xp-cmdshell, T004 deprecated-outer-join).
@@ -29,7 +29,7 @@ def test_24_warnings(self) -> None:
         # 18 W-series + 3 S-series + 3 T-series (T001 with-nolock,
         # T003 cursor-declaration, T005 create-index-without-online).
         warnings = [r for r in ALL_RULES if r.severity == "warning"]
-        assert len(warnings) == 24
+        assert len(warnings) == 25
 
     def test_unique_ids(self) -> None:
         ids = [r.id for r in ALL_RULES]
@@ -193,6 +193,26 @@ def test_w016_not_in_value_list_ok(self, tmp_path) -> None:
         w016 = [f for f in result.findings if f.rule_id == "W016"]
         assert not w016
 
+    def test_w014_case_without_else(self) -> None:
+        findings = check([str(FIXTURES / "warnings.sql")])
+        w014 = [f for f in findings.findings if f.rule_id == "W014"]
+        assert len(w014) >= 1
+        assert "CASE" in w014[0].message
+
+    def test_w014_case_with_else_ok(self, tmp_path) -> None:
+        sql = tmp_path / "case_with_else.sql"
+        sql.write_text(
+            "SELECT CASE\n"
+            "  WHEN status = 'paid' THEN 1\n"
+            "  WHEN status = 'pending' THEN 0\n"
+            "  ELSE NULL\n"
+            "END AS paid_flag\n"
+            "FROM orders;\n"
+        )
+        result = check([str(sql)])
+        w014 = [f for f in result.findings if f.rule_id == "W014"]
+        assert not w014
+
 
 # ---------------------------------------------------------------------------
 # Clean file