npm - @lipemat/eslint-config - Versions diffs - 5.0.1 → 5.1.0-beta.1 - Mend

@lipemat/eslint-config 5.0.1 → 5.1.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/helpers/config.js CHANGED Viewed

@@ -29,3 +29,4 @@ export function getConfig(configs) {
     };
     return mergedConfig.configs;
 }
+//# sourceMappingURL=config.js.map

package/helpers/config.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"config.js","sourceRoot":"","sources":["config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,mBAAmB,EAAC,MAAM,2CAA2C,CAAC;AAM9E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,SAAS,CAAE,OAA4B;IACtD,MAAM,IAAI,GAAG;QACZ,OAAO;KACP,CAAC;IACF,MAAM,YAAY,GAAqB;QACtC,GAAG,IAAI;QACP,GAAG,mBAAmB,CAAoB,eAAe,EAAE,IAAI,CAAE;KACjE,CAAC;IACF,OAAO,YAAY,CAAC,OAAO,CAAC;AAC7B,CAAC"}

package/{types/helpers/config.d.ts → helpers/config.ts} RENAMED Viewed

@@ -1,7 +1,9 @@
-import type { FlatConfig } from '@typescript-eslint/utils/ts-eslint';
-export type ExtensionConfigs = {
-    configs: FlatConfig.Config[];
-};
+import {getExtensionsConfig} from '@lipemat/js-boilerplate/helpers/config.js';
+import type {FlatConfig} from '@typescript-eslint/utils/ts-eslint';
+export type ExtensionConfigs = { configs: FlatConfig.Config[] };
 /**
  * Get a config from our /index.js merged with any
  * matching configuration from the project directory.
@@ -22,4 +24,13 @@ export type ExtensionConfigs = {
  *     return config
  * }
  */
-export declare function getConfig(configs: FlatConfig.Config[]): FlatConfig.Config[];
+export function getConfig( configs: FlatConfig.Config[] ): FlatConfig.Config[] {
+	const BASE = {
+		configs,
+	};
+	const mergedConfig: ExtensionConfigs = {
+		...BASE,
+		...getExtensionsConfig<ExtensionConfigs>( 'eslint.config', BASE ),
+	};
+	return mergedConfig.configs;
+}

package/index.js CHANGED Viewed

@@ -137,3 +137,4 @@ export default [
     ...fixupConfigRules(flatCompat.extends('plugin:deprecation/recommended')),
     ...mergedConfig,
 ];
+//# sourceMappingURL=index.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lipemat/eslint-config",
-  "version": "5.0.1",
+  "version": "5.1.0-beta.1",
   "license": "MIT",
   "description": "Eslint configuration for all @lipemat packages",
   "engines": {
@@ -8,12 +8,10 @@
   },
   "type": "module",
   "main": "index.js",
-  "types": "types",
   "files": [
     "index.js",
-    "helpers/**/*.js",
-    "plugins/**/*.js",
-    "types"
+    "helpers",
+    "plugins"
   ],
   "repository": {
     "type": "git",
@@ -24,11 +22,11 @@
   },
   "homepage": "https://github.com/lipemat/eslint-config#readme",
   "scripts": {
-    "build": "tsc --project ./plugins --declaration --declarationDir types",
+    "build": "tsc --project ./plugins",
     "prepublishOnly": "yarn run build",
     "test": "lipemat-js-boilerplate test",
     "validate-ts": "tsc --project ./plugins --noEmit",
-    "watch": "tsc --project ./plugins --watch --inlineSourceMap"
+    "watch": "tsc --project ./plugins --watch"
   },
   "dependencies": {
     "@eslint/compat": "^1.2.4",
@@ -52,18 +50,17 @@
     "@types/jquery": "^3.5.16",
     "@types/node": "^20",
     "@typescript-eslint/rule-tester": "^8.40.0",
-    "@typescript-eslint/types": "^8.40.0",
     "dompurify": "^3.2.6",
     "execa": "^5.1.1",
     "jest": "^29",
     "jest-runner-eslint": "^2.2.1",
-    "typescript": "5.8.3"
+    "typescript": "~5.8.3"
   },
   "peerDependencies": {
-    "typescript": "^5.8.3"
+    "typescript": "~5.8.3"
   },
   "resolutions": {
     "@babel/runtime": "^7.27.0"
   },
-  "packageManager": "yarn@4.9.2"
+  "packageManager": "yarn@4.9.4"
 }

package/plugins/security/helpers/dom-purify.js CHANGED Viewed

@@ -16,3 +16,4 @@ export function isSanitized(node) {
     }
     return false;
 }
+//# sourceMappingURL=dom-purify.js.map

package/plugins/security/helpers/dom-purify.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dom-purify.js","sourceRoot":"","sources":["dom-purify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAAgB,MAAM,0BAA0B,CAAC;AAGvE;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAE,IAAsF;IAClH,IAAK,cAAc,CAAC,cAAc,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QACnD,OAAO,KAAK,CAAC;IACd,CAAC;IACD,IAAK,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACzF,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACrH,OAAO,WAAW,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE;YAC3D,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IACtG,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC"}

package/plugins/security/helpers/dom-purify.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import {AST_NODE_TYPES, type TSESTree} from '@typescript-eslint/utils';
+import type ESTree from 'estree';
+/**
+ * Check if a node is a call to a known sanitization function.
+ * - Currently recognizes `sanitize(...)` and `DOMPurify.sanitize(...)`.
+ */
+export function isSanitized( node: ESTree.Expression | TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): boolean {
+	if ( AST_NODE_TYPES.CallExpression !== node.type ) {
+		return false;
+	}
+	if ( AST_NODE_TYPES.Identifier === node.callee.type && 'sanitize' === node.callee.name ) {
+		return true;
+	}
+	if ( AST_NODE_TYPES.MemberExpression === node.callee.type && AST_NODE_TYPES.Identifier === node.callee.object.type ) {
+		return 'dompurify' === node.callee.object.name.toLowerCase() &&
+			AST_NODE_TYPES.Identifier === node.callee.property.type && 'sanitize' === node.callee.property.name;
+	}
+	return false;
+}

package/plugins/security/helpers/element.js CHANGED Viewed

@@ -16,3 +16,4 @@ export function isDomElementType(expression, context) {
     }
     return name.startsWith('HTML') && name.endsWith('Element');
 }
+//# sourceMappingURL=element.js.map

package/plugins/security/helpers/element.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"element.js","sourceRoot":"","sources":["element.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,OAAO,EAAC,MAAM,eAAe,CAAC;AAEtC;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAuE,UAA2C,EAAE,OAAgB;IACnK,MAAM,IAAI,GAAS,OAAO,CAAW,UAAU,EAAE,OAAO,CAAE,CAAC;IAE3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,EAAE,EAAE,WAAW,IAAI,EAAE,CAAC;IACjD,4FAA4F;IAC5F,IAAK,SAAS,KAAK,IAAI,EAAG,CAAC;QAC1B,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC,UAAU,CAAE,MAAM,CAAE,IAAI,IAAI,CAAC,QAAQ,CAAE,SAAS,CAAE,CAAC;AAChE,CAAC"}

package/plugins/security/helpers/element.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type {TSESLint, TSESTree} from '@typescript-eslint/utils';
+import type {Type} from 'typescript';
+import {getType} from './ts-types.js';
+/**
+ * Is the type of variable being passed a DOM element?
+ *
+ * - DOM elements are of the type `HTML{*}Element`.
+ * - DOM elements do not require sanitization.
+ *
+ * @link https://typescript-eslint.io/developers/custom-rules/#typed-rules
+ */
+export function isDomElementType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>( expression: TSESTree.CallExpressionArgument, context: Context ): boolean {
+	const type: Type = getType<Context>( expression, context );
+	const name = type.getSymbol()?.escapedName ?? '';
+	// Match any type that ends with "Element", e.g., HTMLElement, HTMLDivElement, Element, etc.
+	if ( 'Element' === name ) {
+		return true;
+	}
+	return name.startsWith( 'HTML' ) && name.endsWith( 'Element' );
+}

package/plugins/security/helpers/string.js CHANGED Viewed

@@ -37,3 +37,4 @@ export function isSafeLiteralString(node) {
     }
     return !/^\s*(?:javascript|data|vbscript|about|livescript)\s*:/i.test(decodeURIComponent(node.value.replace(/[\u0000-\u001F\u007F]+/g, '')));
 }
+//# sourceMappingURL=string.js.map

package/plugins/security/helpers/string.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"string.js","sourceRoot":"","sources":["string.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AAEtF,OAAO,EAAC,OAAO,EAAC,MAAM,eAAe,CAAC;AAEtC;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAE,IAAqC,EAAE,OAA4D;IAChI,MAAM,IAAI,GAAG,OAAO,CAAE,IAAI,EAAE,OAAO,CAAE,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,eAAe,IAAI,IAAI,IAAI,QAAQ,KAAK,IAAI,CAAC,aAAa,CAAC;IAC7E,OAAO,CAAE,cAAc,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,KAAK,CAAE,IAAI,CAAE,cAAc,CAAC,eAAe,KAAK,IAAI,CAAC,IAAI,CAAE,IAAI,OAAO,IAAI,SAAS,CAAC;AAC/J,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAE,IAAkE;IAClG,OAAO,cAAc,CAAC,OAAO,KAAK,IAAI,CAAC,IAAI,IAAI,QAAQ,KAAK,OAAO,IAAI,CAAC,KAAK,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAE,IAAkE;IACtG,IAAK,cAAc,CAAC,qBAAqB,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QAC1D,OAAO,mBAAmB,CAAE,IAAI,CAAC,UAAU,CAAE,IAAI,mBAAmB,CAAE,IAAI,CAAC,SAAS,CAAE,CAAC;IACxF,CAAC;IAED,IAAK,CAAE,eAAe,CAAE,IAAI,CAAE,EAAG,CAAC;QACjC,OAAO,KAAK,CAAC;IACd,CAAC;IACD,IAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAE,SAAS,CAAE,EAAG,CAAC;QACxC,OAAO,KAAK,CAAC;IACd,CAAC;IACD,OAAO,CAAE,wDAAwD,CAAC,IAAI,CAAE,kBAAkB,CAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAE,yBAAyB,EAAE,EAAE,CAAE,CAAE,CAAE,CAAC;AACrJ,CAAC"}

package/plugins/security/helpers/string.ts ADDED Viewed

@@ -0,0 +1,44 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import {getType} from './ts-types.js';
+/**
+ * Is the node of type string.
+ * - String literals.
+ * - constants of type string.
+ * - template literals.
+ * - intrinsic type string.
+ */
+export function isStringLike( node: TSESTree.CallExpressionArgument, context: Readonly<TSESLint.RuleContext<string, readonly []>> ): boolean {
+	const type = getType( node, context );
+	const literal = type.isStringLiteral();
+	const intrinsic = 'intrinsicName' in type && 'string' === type.intrinsicName;
+	return ( AST_NODE_TYPES.Literal === node.type && 'string' === typeof node.value ) || ( AST_NODE_TYPES.TemplateLiteral === node.type ) || literal || intrinsic;
+}
+/**
+ * Check if a node is a literal string
+ */
+export function isLiteralString( node: TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): node is TSESTree.StringLiteral {
+	return AST_NODE_TYPES.Literal === node.type && 'string' === typeof node.value;
+}
+/**
+ * Check if a node is a literal string that is safe to use in an HTML context.
+ * - Must be a literal string. Or a conditional expression where both branches are safe literal strings.
+ * - Must not contain `<script`.
+ * - Must not start with a dangerous protocol (javascript:, data:, vbscript:, about:, livescript:).
+ */
+export function isSafeLiteralString( node: TSESTree.Property['value'] | TSESTree.CallExpressionArgument ): boolean {
+	if ( AST_NODE_TYPES.ConditionalExpression === node.type ) {
+		return isSafeLiteralString( node.consequent ) && isSafeLiteralString( node.alternate );
+	}
+	if ( ! isLiteralString( node ) ) {
+		return false;
+	}
+	if ( node.value.includes( '<script' ) ) {
+		return false;
+	}
+	return ! /^\s*(?:javascript|data|vbscript|about|livescript)\s*:/i.test( decodeURIComponent( node.value.replace( /[\u0000-\u001F\u007F]+/g, '' ) ) );
+}

package/plugins/security/helpers/ts-types.js CHANGED Viewed

@@ -7,3 +7,4 @@ export function getType(expression, context) {
     const type = getTypeAtLocation(expression);
     return type.getNonNullableType();
 }
+//# sourceMappingURL=ts-types.js.map

package/plugins/security/helpers/ts-types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"ts-types.js","sourceRoot":"","sources":["ts-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,WAAW,EAA+B,MAAM,0BAA0B,CAAC;AAGnF;;GAEG;AACH,MAAM,UAAU,OAAO,CAAuE,UAA2C,EAAE,OAAgB;IAC1J,MAAM,EAAC,iBAAiB,EAAC,GAAG,WAAW,CAAC,iBAAiB,CAAE,OAAO,CAAE,CAAC;IACrE,MAAM,IAAI,GAAG,iBAAiB,CAAE,UAAU,CAAE,CAAC;IAC7C,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;AAClC,CAAC"}

package/plugins/security/helpers/ts-types.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import {ESLintUtils, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import type {Type} from 'typescript';
+/**
+ * Get the TypeScript type of node.
+ */
+export function getType<Context extends Readonly<TSESLint.RuleContext<string, readonly []>>>( expression: TSESTree.CallExpressionArgument, context: Context ): Type {
+	const {getTypeAtLocation} = ESLintUtils.getParserServices( context );
+	const type = getTypeAtLocation( expression );
+	return type.getNonNullableType();
+}

package/plugins/security/index.js CHANGED Viewed

@@ -6,6 +6,7 @@ import htmlStringConcat from './rules/html-string-concat.js';
 import jqueryExecuting from './rules/jquery-executing.js';
 import vulnerableTagStripping from './rules/vulnerable-tag-stripping.js';
 import windowEscaping from './rules/window-escaping.js';
+import noAtHtmlTags from './rules/no-at-html-tags.js';
 import { readFileSync } from 'fs';
 import { resolve } from 'path';
 const pkg = JSON.parse(readFileSync(resolve('./package.json'), 'utf8'));
@@ -21,11 +22,13 @@ const plugin = {
         'html-sinks': htmlSinks,
         'html-string-concat': htmlStringConcat,
         'jquery-executing': jqueryExecuting,
+        'no-at-html-tags': noAtHtmlTags,
         'vulnerable-tag-stripping': vulnerableTagStripping,
         'window-escaping': windowEscaping,
     },
     configs: {
         recommended: {},
+        svelte: {},
     },
 };
 // Freeze the plugin to prevent modifications and use the plugin within.
@@ -45,5 +48,12 @@ plugin.configs = Object.freeze({
             '@lipemat/security/window-escaping': 'error',
         },
     },
+    svelte: {
+        files: ['**/*.svelte', '*.svelte'],
+        rules: {
+            '@lipemat/security/no-at-html-tags': 'error',
+        },
+    },
 });
 export default plugin;
+//# sourceMappingURL=index.js.map

package/plugins/security/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,MAAM,uCAAuC,CAAC;AAC5E,OAAO,uBAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,qBAAqB,MAAM,oCAAoC,CAAC;AACvE,OAAO,SAAS,MAAM,uBAAuB,CAAC;AAC9C,OAAO,gBAAgB,MAAM,+BAA+B,CAAC;AAC7D,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,sBAAsB,MAAM,qCAAqC,CAAC;AACzE,OAAO,cAAc,MAAM,4BAA4B,CAAC;AACxD,OAAO,YAAY,MAAM,4BAA4B,CAAC;AACtD,OAAO,EAAC,YAAY,EAAC,MAAM,IAAI,CAAC;AAChC,OAAO,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAI7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACrB,YAAY,CAAE,OAAO,CAAE,gBAAgB,CAAE,EAAE,MAAM,CAAE,CACnD,CAAC;AAUF,MAAM,MAAM,GAAW;IACtB,IAAI,EAAE;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,GAAG,CAAC,OAAO;KACpB;IACD,KAAK,EAAE;QACN,4BAA4B,EAAE,uBAAuB;QACrD,2BAA2B,EAAE,uBAAuB;QACpD,yBAAyB,EAAE,qBAAqB;QAChD,YAAY,EAAE,SAAS;QACvB,oBAAoB,EAAE,gBAAgB;QACtC,kBAAkB,EAAE,eAAe;QACnC,iBAAiB,EAAE,YAAY;QAC/B,0BAA0B,EAAE,sBAAsB;QAClD,iBAAiB,EAAE,cAAc;KACjC;IACD,OAAO,EAAE;QACR,WAAW,EAAE,EAAE;QACf,MAAM,EAAE,EAAE;KACV;CACD,CAAC;AAEF,wEAAwE;AACxE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAE;IAC/B,WAAW,EAAE;QACZ,OAAO,EAAE;YACR,mBAAmB,EAAE,MAAM;SAC3B;QACD,KAAK,EAAE;YACN,8CAA8C,EAAE,OAAO;YACvD,6CAA6C,EAAE,OAAO;YACtD,2CAA2C,EAAE,OAAO;YACpD,8BAA8B,EAAE,OAAO;YACvC,sCAAsC,EAAE,OAAO;YAC/C,oCAAoC,EAAE,OAAO;YAC7C,4CAA4C,EAAE,OAAO;YACrD,mCAAmC,EAAE,OAAO;SAC5C;KACD;IACD,MAAM,EAAE;QACP,KAAK,EAAE,CAAE,aAAa,EAAE,UAAU,CAAE;QACpC,KAAK,EAAE;YACN,mCAAmC,EAAE,OAAO;SAC5C;KACD;CACD,CAAE,CAAC;AAEJ,eAAe,MAAM,CAAC"}

package/plugins/security/index.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import dangerouslySetInnerHtml from './rules/dangerously-set-inner-html.js';
+import htmlExecutingAssignment from './rules/html-executing-assignment.js';
+import htmlExecutingFunction from './rules/html-executing-function.js';
+import htmlSinks from './rules/html-sinks.js';
+import htmlStringConcat from './rules/html-string-concat.js';
+import jqueryExecuting from './rules/jquery-executing.js';
+import vulnerableTagStripping from './rules/vulnerable-tag-stripping.js';
+import windowEscaping from './rules/window-escaping.js';
+import noAtHtmlTags from './rules/no-at-html-tags.js';
+import {readFileSync} from 'fs';
+import {resolve} from 'path';
+import type {FlatConfig} from '@typescript-eslint/utils/ts-eslint';
+const pkg = JSON.parse(
+	readFileSync( resolve( './package.json' ), 'utf8' ),
+);
+type Plugin = FlatConfig.Plugin & {
+	configs: {
+		recommended: FlatConfig.Config;
+		svelte: FlatConfig.Config;
+	}
+}
+const plugin: Plugin = {
+	meta: {
+		name: pkg.name,
+		version: pkg.version,
+	},
+	rules: {
+		'dangerously-set-inner-html': dangerouslySetInnerHtml,
+		'html-executing-assignment': htmlExecutingAssignment,
+		'html-executing-function': htmlExecutingFunction,
+		'html-sinks': htmlSinks,
+		'html-string-concat': htmlStringConcat,
+		'jquery-executing': jqueryExecuting,
+		'no-at-html-tags': noAtHtmlTags,
+		'vulnerable-tag-stripping': vulnerableTagStripping,
+		'window-escaping': windowEscaping,
+	},
+	configs: {
+		recommended: {},
+		svelte: {},
+	},
+};
+// Freeze the plugin to prevent modifications and use the plugin within.
+plugin.configs = Object.freeze( {
+	recommended: {
+		plugins: {
+			'@lipemat/security': plugin,
+		},
+		rules: {
+			'@lipemat/security/dangerously-set-inner-html': 'error',
+			'@lipemat/security/html-executing-assignment': 'error',
+			'@lipemat/security/html-executing-function': 'error',
+			'@lipemat/security/html-sinks': 'error',
+			'@lipemat/security/html-string-concat': 'error',
+			'@lipemat/security/jquery-executing': 'error',
+			'@lipemat/security/vulnerable-tag-stripping': 'error',
+			'@lipemat/security/window-escaping': 'error',
+		},
+	},
+	svelte: {
+		files: [ '**/*.svelte', '*.svelte' ],
+		rules: {
+			'@lipemat/security/no-at-html-tags': 'error',
+		},
+	},
+} );
+export default plugin;

package/plugins/security/package.json ADDED Viewed

@@ -0,0 +1,25 @@
+{
+  "name": "@lipemat/eslint-plugin-security",
+  "description": "ESLint rules to replace PHPCS security scanning",
+  "version": "1.0.0",
+  "private": true,
+  "license": "MIT",
+  "type": "module",
+  "main": "index.js",
+  "source": "index.ts",
+  "files": [
+    "index.ts",
+    "index.js",
+    "rules/",
+    "helpers/"
+  ],
+  "dependencies": {
+    "eslint": "^9",
+    "@typescript-eslint/utils": "^8.40.0"
+  },
+  "peerDependencies": {
+    "eslint": "^9",
+    "@typescript-eslint/parser": "^8.40.0",
+    "typescript": "~5.8.3"
+  }
+}

package/plugins/security/rules/dangerously-set-inner-html.js CHANGED Viewed

@@ -74,3 +74,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=dangerously-set-inner-html.js.map

package/plugins/security/rules/dangerously-set-inner-html.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dangerously-set-inner-html.js","sourceRoot":"","sources":["dangerously-set-inner-html.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AAEtF,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAKrD,SAAS,yBAAyB,CAAE,IAA2B;IAC9D,OAAO,CACN,cAAc,KAAK,IAAI,CAAC,IAAI;QAC5B,yBAAyB,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,CAC5C,CAAC;AACH,CAAC;AAED,SAAS,+BAA+B,CAAE,IAA2B;IACpE,2CAA2C;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;IACvB,IAAK,IAAI,KAAK,GAAG,EAAG,CAAC;QACpB,OAAO,IAAI,CAAC,CAAC,oBAAoB;IAClC,CAAC;IACD,IAAK,cAAc,CAAC,sBAAsB,KAAK,GAAG,CAAC,IAAI,EAAG,CAAC;QAC1D,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;IAC5B,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,IAAI,EAAG,CAAC;QACrD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAE,CAAC,CAAC,EAAE,CAAC,CAC3C,cAAc,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI;QAClC,CACC,CAAE,cAAc,CAAC,UAAU,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAE;YACvE,CAAE,cAAc,CAAC,OAAO,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,KAAK,CAAC,CAAC,GAAG,CAAC,KAAK,CAAE,CACrE,CACD,CAAE,CAAC;IACJ,IAAK,SAAS,KAAK,QAAQ,IAAI,OAAO,IAAI,QAAQ,EAAG,CAAC;QACrD,OAAO,QAAQ,CAAC,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAGD,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE,SAAS;QACf,cAAc,EAAE,IAAI;QACpB,IAAI,EAAE;YACL,WAAW,EAAE,8DAA8D;SAC3E;QACD,QAAQ,EAAE;YACT,kBAAkB,EAAE,sGAAsG;YAE1H,cAAc;YACd,SAAS,EAAE,sDAAsD;YACjE,QAAQ,EAAE,4CAA4C;SACtD;QACD,MAAM,EAAE,EAAE;KACV;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,YAAY,CAAE,IAA2B;gBACxC,IAAK,CAAE,yBAAyB,CAAE,IAAI,CAAE,EAAG,CAAC;oBAC3C,OAAO;gBACR,CAAC;gBACD,MAAM,SAAS,GAAG,+BAA+B,CAAE,IAAI,CAAE,CAAC;gBAC1D,IAAK,IAAI,KAAK,SAAS,IAAI,WAAW,CAAE,SAAS,CAAE,EAAG,CAAC;oBACtD,OAAO;gBACR,CAAC;gBAED,OAAO,CAAC,MAAM,CAAE;oBACf,IAAI;oBACJ,SAAS,EAAE,oBAAoB;oBAC/B,OAAO,EAAE;wBACR;4BACC,SAAS,EAAE,WAAW;4BACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;gCACpC,OAAO,KAAK,CAAC,WAAW,CAAE,IAAI,EAAE,yDAAyD,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,SAAS,CAAE,MAAM,CAAE,CAAC;4BAC1I,CAAC;yBACD;wBACD;4BACC,SAAS,EAAE,UAAU;4BACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;gCACpC,OAAO,KAAK,CAAC,WAAW,CAAE,IAAI,EAAE,+CAA+C,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,SAAS,CAAE,MAAM,CAAE,CAAC;4BAChI,CAAC;yBACD;qBACD;iBACD,CAAE,CAAC;YACL,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/plugins/security/rules/dangerously-set-inner-html.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import {isSanitized} from '../helpers/dom-purify.js';
+type Messages = 'dangerousInnerHtml' | 'sanitize' | 'domPurify';
+type Context = TSESLint.RuleContext<Messages, []>;
+function isDangerouslySetInnerHTML( node: TSESTree.JSXAttribute ): boolean {
+	return (
+		'JSXAttribute' === node.type &&
+		'dangerouslySetInnerHTML' === node.name.name
+	);
+}
+function getDangerouslySetInnerHTMLValue( node: TSESTree.JSXAttribute ): null | TSESTree.Property['value'] {
+	// Expecting value like: {{ __html: expr }}
+	const val = node.value;
+	if ( null === val ) {
+		return null; // No value provided
+	}
+	if ( AST_NODE_TYPES.JSXExpressionContainer !== val.type ) {
+		return null;
+	}
+	const expr = val.expression;
+	if ( AST_NODE_TYPES.ObjectExpression !== expr.type ) {
+		return null;
+	}
+	const htmlProp = expr.properties.find( p => (
+		AST_NODE_TYPES.Property === p.type &&
+		(
+			( AST_NODE_TYPES.Identifier === p.key.type && '__html' === p.key.name ) ||
+			( AST_NODE_TYPES.Literal === p.key.type && '__html' === p.key.value )
+		)
+	) );
+	if ( undefined !== htmlProp && 'value' in htmlProp ) {
+		return htmlProp.value;
+	}
+	return null;
+}
+const plugin: TSESLint.RuleModule<Messages> = {
+	defaultOptions: [],
+	meta: {
+		type: 'problem',
+		hasSuggestions: true,
+		docs: {
+			description: 'Disallow using unsanitized values in dangerouslySetInnerHTML',
+		},
+		messages: {
+			dangerousInnerHtml: 'Any HTML passed to `dangerouslySetInnerHTML` gets executed. Please make sure it\'s properly escaped.',
+			// Suggestions
+			domPurify: 'Wrap the content with a `DOMPurify.sanitize()` call.',
+			sanitize: 'Wrap the content with a `sanitize()` call.',
+		},
+		schema: [],
+	},
+	create( context: Context ): TSESLint.RuleListener {
+		return {
+			JSXAttribute( node: TSESTree.JSXAttribute ) {
+				if ( ! isDangerouslySetInnerHTML( node ) ) {
+					return;
+				}
+				const htmlValue = getDangerouslySetInnerHTMLValue( node );
+				if ( null === htmlValue || isSanitized( htmlValue ) ) {
+					return;
+				}
+				context.report( {
+					node,
+					messageId: 'dangerousInnerHtml',
+					suggest: [
+						{
+							messageId: 'domPurify',
+							fix: ( fixer: TSESLint.RuleFixer ) => {
+								return fixer.replaceText( node, `dangerouslySetInnerHTML={{__html: DOMPurify.sanitize( ${context.sourceCode.getText( htmlValue )} )}}` );
+							},
+						},
+						{
+							messageId: 'sanitize',
+							fix: ( fixer: TSESLint.RuleFixer ) => {
+								return fixer.replaceText( node, `dangerouslySetInnerHTML={{__html: sanitize( ${context.sourceCode.getText( htmlValue )} )}}` );
+							},
+						},
+					],
+				} );
+			},
+		};
+	},
+};
+export default plugin;

package/plugins/security/rules/html-executing-assignment.js CHANGED Viewed

@@ -66,3 +66,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=html-executing-assignment.js.map

package/plugins/security/rules/html-executing-assignment.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"html-executing-assignment.js","sourceRoot":"","sources":["html-executing-assignment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AACtF,OAAO,EAAC,mBAAmB,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAOvD,MAAM,iBAAiB,GAAuB;IAC7C,WAAW;IACX,WAAW;CACX,CAAC;AAEF,SAAS,gBAAgB,CAAE,YAAoB;IAC9C,OAAO,iBAAiB,CAAC,QAAQ,CAAE,YAAgC,CAAE,CAAC;AACvE,CAAC;AAED,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE;YACL,WAAW,EAAE,0EAA0E;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACT,QAAQ,EAAE,wFAAwF;YAElG,cAAc;YACd,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,6CAA6C;SACvD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KACf;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,oBAAoB,CAAE,IAAmC;gBACxD,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAG,CAAC;oBACnH,OAAO;gBACR,CAAC;gBACD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC7C,IAAK,CAAE,gBAAgB,CAAE,YAAY,CAAE,EAAG,CAAC;oBAC1C,OAAO;gBACR,CAAC;gBACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBACzB,IAAK,CAAE,mBAAmB,CAAE,KAAK,CAAE,IAAI,CAAE,WAAW,CAAE,KAAK,CAAE,IAAI,gBAAgB,CAAW,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAE,EAAG,CAAC;oBAC1H,OAAO,CAAC,MAAM,CAAE;wBACf,IAAI;wBACJ,SAAS,EAAE,UAAU;wBACrB,IAAI,EAAE;4BACL,YAAY;yBACZ;wBACD,OAAO,EAAE;4BACR;gCACC,SAAS,EAAE,WAAW;gCACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,KAAK,CAAE,CAAC;oCACtD,OAAO,KAAK,CAAC,WAAW,CAAE,KAAK,EAAE,uBAAuB,SAAS,IAAI,CAAE,CAAC;gCACzE,CAAC;6BACD;4BACD;gCACC,SAAS,EAAE,UAAU;gCACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,KAAK,CAAE,CAAC;oCACtD,OAAO,KAAK,CAAC,WAAW,CAAE,KAAK,EAAE,aAAa,SAAS,IAAI,CAAE,CAAC;gCAC/D,CAAC;6BACD;yBACD;qBACD,CAAE,CAAC;gBACL,CAAC;YACF,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/plugins/security/rules/html-executing-assignment.ts ADDED Viewed

@@ -0,0 +1,78 @@
+import {AST_NODE_TYPES, type TSESLint, type TSESTree} from '@typescript-eslint/utils';
+import {isSafeLiteralString} from '../helpers/string.js';
+import {isSanitized} from '../helpers/dom-purify.js';
+import {isDomElementType} from '../helpers/element.js';
+type UnsafeProperties = 'innerHTML' | 'outerHTML';
+type Messages = 'executed' | 'sanitize' | 'domPurify';
+type Context = TSESLint.RuleContext<Messages, []>;
+const UNSAFE_PROPERTIES: UnsafeProperties[] = [
+	'innerHTML',
+	'outerHTML',
+];
+function isUnsafeProperty( propertyName: string ): propertyName is UnsafeProperties {
+	return UNSAFE_PROPERTIES.includes( propertyName as UnsafeProperties );
+}
+const plugin: TSESLint.RuleModule<Messages> = {
+	defaultOptions: [],
+	meta: {
+		docs: {
+			description: 'Disallow using unsanitized values in HTML executing property assignments',
+		},
+		hasSuggestions: true,
+		messages: {
+			executed: 'Any HTML used with `{{propertyName}}` gets executed. Make sure it\'s properly escaped.',
+			// Suggestions
+			domPurify: 'Wrap the argument with a `DOMPurify.sanitize()` call.',
+			sanitize: 'Wrap the argument with a `sanitize()` call.',
+		},
+		schema: [],
+		type: 'problem',
+	},
+	create( context: Context ): TSESLint.RuleListener {
+		return {
+			AssignmentExpression( node: TSESTree.AssignmentExpression ) {
+				if ( AST_NODE_TYPES.MemberExpression !== node.left.type || AST_NODE_TYPES.Identifier !== node.left.property.type ) {
+					return;
+				}
+				const propertyName = node.left.property.name;
+				if ( ! isUnsafeProperty( propertyName ) ) {
+					return;
+				}
+				const value = node.right;
+				if ( ! isSafeLiteralString( value ) && ! isSanitized( value ) && isDomElementType<Context>( node.left.object, context ) ) {
+					context.report( {
+						node,
+						messageId: 'executed',
+						data: {
+							propertyName,
+						},
+						suggest: [
+							{
+								messageId: 'domPurify',
+								fix: ( fixer: TSESLint.RuleFixer ) => {
+									const valueText = context.sourceCode.getText( value );
+									return fixer.replaceText( value, `DOMPurify.sanitize( ${valueText} )` );
+								},
+							},
+							{
+								messageId: 'sanitize',
+								fix: ( fixer: TSESLint.RuleFixer ) => {
+									const valueText = context.sourceCode.getText( value );
+									return fixer.replaceText( value, `sanitize( ${valueText} )` );
+								},
+							},
+						],
+					} );
+				}
+			},
+		};
+	},
+};
+export default plugin;

package/plugins/security/rules/html-executing-function.js CHANGED Viewed

@@ -129,3 +129,4 @@ const plugin = {
     },
 };
 export default plugin;
+//# sourceMappingURL=html-executing-function.js.map

package/plugins/security/rules/html-executing-function.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"html-executing-function.js","sourceRoot":"","sources":["html-executing-function.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,cAAc,EAA+B,MAAM,0BAA0B,CAAC;AACtF,OAAO,EAAC,YAAY,EAAC,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAC,mBAAmB,EAAC,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,gBAAgB,EAAC,MAAM,uBAAuB,CAAC;AAkBvD,MAAM,gBAAgB,GAA6B;IAClD,gBAAgB;IAChB,kBAAkB;CAClB,CAAC;AAEF,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAe;IAChD,oBAAoB;IACpB,cAAc;CACd,CAAE,CAAC;AAEJ,MAAM,cAAc,GAAG;IACtB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,oBAAoB,EAAE,SAAS,EAAE,aAAa,EAAE,cAAc;CACjD,CAAC;AAE5C,SAAS,gBAAgB,CAAE,UAAkB;IAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAE,UAAoC,CAAE,CAAC;AAC1E,CAAC;AAED,SAAS,cAAc,CAAE,UAAkB;IAC1C,OAAO,cAAc,CAAC,QAAQ,CAAE,UAAyB,CAAE,CAAC;AAC7D,CAAC;AAED,SAAS,iBAAiB,CAAE,UAAkB;IAC7C,OAAO,kBAAkB,CAAC,GAAG,CAAE,UAAyB,CAAE,CAAC;AAC5D,CAAC;AAGD,SAAS,eAAe,CAAE,IAA6B;IACtD,IAAI,UAAU,GAAG,EAAE,CAAC;IACpB,IAAK,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACtD,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;IAC/B,CAAC;SAAM,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,EAAG,CAAC;QACnE,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAG,CAAC;YACpC,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;YACrC,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAG,CAAC;gBACtC,UAAU,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC/C,CAAC;QACF,CAAC;aAAM,IAAK,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAG,CAAC;YAC7C,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACxC,CAAC;IACF,CAAC;IACD,IAAK,gBAAgB,CAAE,UAAU,CAAE,EAAG,CAAC;QACtC,OAAO,UAAU,CAAC;IACnB,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAGD,SAAS,oBAAoB,CAAE,IAA6B,EAAE,OAAgB;IAC7E,IAAK,cAAc,CAAC,gBAAgB,KAAK,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAG,CAAC;QACvH,OAAO,IAAI,CAAC;IACb,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC7C,IAAK,CAAE,gBAAgB,CAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAE,EAAG,CAAC;QACzD,OAAO,IAAI,CAAC,CAAC,+CAA+C;IAC7D,CAAC;IAED,IAAK,CAAE,cAAc,CAAE,UAAU,CAAE,EAAG,CAAC;QACtC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,IAAK,YAAY,CAAE,IAAI,CAAE,EAAG,CAAC;QAC5B,OAAO,IAAI,CAAC,CAAC,mCAAmC;IACjD,CAAC;IACD,OAAO,UAAU,CAAC;AACnB,CAAC;AAGD,MAAM,MAAM,GAAkC;IAC7C,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACL,IAAI,EAAE;YACL,WAAW,EAAE,kEAAkE;SAC/E;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACT,gBAAgB,EAAE,sFAAsF;YACxG,kBAAkB,EAAE,wFAAwF;YAC5G,KAAK,EAAE,6EAA6E;YACpF,MAAM,EAAE,8EAA8E;YACtF,MAAM,EAAE,8EAA8E;YACtF,kBAAkB,EAAE,0FAA0F;YAC9G,OAAO,EAAE,+EAA+E;YACxF,WAAW,EAAE,mFAAmF;YAChG,YAAY,EAAE,sFAAsF;YAEpG,cAAc;YACd,SAAS,EAAE,uDAAuD;YAClE,QAAQ,EAAE,6CAA6C;SACvD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAEf;IACD,MAAM,CAAE,OAAgB;QACvB,OAAO;YACN,cAAc,CAAE,IAA6B;gBAC5C,IAAI,MAAmD,CAAC;gBACxD,MAAM,cAAc,GAAG,eAAe,CAAE,IAAI,CAAE,CAAC;gBAE/C,IAAK,IAAI,KAAK,cAAc,EAAG,CAAC;oBAC/B,MAAM,GAAG,cAAc,CAAC;gBACzB,CAAC;qBAAM,CAAC;oBACP,MAAM,GAAG,oBAAoB,CAAE,IAAI,EAAE,OAAO,CAAE,CAAC;oBAC/C,IAAK,IAAI,KAAK,MAAM,EAAG,CAAC;wBACvB,OAAO;oBACR,CAAC;gBACF,CAAC;gBAED,IAAI,GAAG,GAAoC,IAAI,CAAC,SAAS,CAAE,CAAC,CAAE,CAAC;gBAC/D,IAAK,iBAAiB,CAAE,MAAM,CAAE,EAAG,CAAC;oBACnC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAE,CAAC,CAAE,CAAC;gBAC3B,CAAC;gBAED,IAAK,CAAE,mBAAmB,CAAE,GAAG,CAAE,IAAI,CAAE,WAAW,CAAE,GAAG,CAAE,IAAI,CAAE,gBAAgB,CAAW,GAAG,EAAE,OAAO,CAAE,EAAG,CAAC;oBAC3G,OAAO,CAAC,MAAM,CAAE;wBACf,IAAI;wBACJ,SAAS,EAAE,MAAM;wBACjB,OAAO,EAAE;4BACR;gCACC,SAAS,EAAE,WAAW;gCACtB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,GAAG,CAAE,CAAC;oCAClD,OAAO,KAAK,CAAC,WAAW,CAAE,GAAG,EAAE,uBAAuB,OAAO,IAAI,CAAE,CAAC;gCACrE,CAAC;6BACD;4BACD;gCACC,SAAS,EAAE,UAAU;gCACrB,GAAG,EAAE,CAAE,KAAyB,EAAG,EAAE;oCACpC,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAE,GAAG,CAAE,CAAC;oCAClD,OAAO,KAAK,CAAC,WAAW,CAAE,GAAG,EAAE,aAAa,OAAO,IAAI,CAAE,CAAC;gCAC3D,CAAC;6BACD;yBACD;qBACD,CAAE,CAAC;gBACL,CAAC;YACF,CAAC;SACD,CAAC;IACH,CAAC;CACD,CAAC;AAEF,eAAe,MAAM,CAAC"}