eslint-plugin-sdl-2 1.0.4

package/dist/rules/no-iframe-srcdoc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-iframe-srcdoc.js","sourceRoot":"","sources":["../../src/rules/no-iframe-srcdoc.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,GACvB,MAAM,8BAA8B,CAAC;AAKtC,MAAM,kBAAkB,GAAG,CAAC,IAAgC,EAAW,EAAE;IACrE,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC;AACrD,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CACxB,aAAoC,EAClB,EAAE;IACpB,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAC9C,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,IAAmB,EAAW,EAAE;IAC/D,IACI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EACzC,CAAC;QACC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,eAAe,EAAE,CAAC;QACzD,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;IAEvC,OAAO,CACH,aAAa,KAAK,SAAS;QAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;QACtC,oBAAoB,CAAC,aAAa,CAAC,KAAK,QAAQ,CACnD,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAC1B,IAAmB,EACnB,OAA4B,EAC5B,eAAsD,EAC/C,EAAE;IACT,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,eAAe,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAErE,IAAI,QAAQ,KAAK,KAAK,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,IAAI,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC7B,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QAE/C,OAAO,cAAc,KAAK,OAAO,IAAI,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAEjD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAChD,OAAO;gBACX,CAAC;gBAED,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,qBAAqB,CAClB,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,OAAO,EACP,eAAe,CAClB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,IAAI,CAAC,KAAK;iBACnB,CAAC,CAAC;YACP,CAAC;YACD,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEtD,IACI,UAAU,KAAK,cAAc;oBAC7B,UAAU,KAAK,gBAAgB,EACjC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,EAAE,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvD,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;oBACtC,oBAAoB,CAAC,aAAa,CAAC,KAAK,QAAQ,EAClD,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,cAAc,KAAK,SAAS;oBAC5B,cAAc,CAAC,IAAI,KAAK,eAAe;oBACvC,oBAAoB,CAAC,cAAc,CAAC,KAAK,EAAE,EAC7C,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,qBAAqB,CAClB,IAAI,CAAC,MAAM,CAAC,MAAM,EAClB,OAAO,EACP,eAAe,CAClB,EACH,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,cAAc;iBACvB,CAAC,CAAC;YACP,CAAC;YACD,iBAAiB,CAAC,IAAgC;gBAC9C,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5B,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1C,IAAI,aAAa,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;wBACxC,SAAS;oBACb,CAAC;oBAED,IAAI,mBAAmB,CAAC,aAAa,CAAC,KAAK,QAAQ,EAAE,CAAC;wBAClD,SAAS;oBACb,CAAC;oBAED,IACI,gCAAgC,CAC5B,aAAa,CAAC,KAAK,CACtB,KAAK,EAAE,EACV,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,aAAa;qBACtB,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,gGAAgG;YACpG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,8EAA8E;SACtF;QACD,QAAQ,EAAE;YACN,OAAO,EACH,uFAAuF;SAC9F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,kBAAkB;CAC3B,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-inner-html.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-inner-html.d.ts.map

package/dist/rules/no-inner-html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-inner-html.d.ts","sourceRoot":"","sources":["../../src/rules/no-inner-html.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAKzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAkFtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-inner-html.js

@@ -0,0 +1,67 @@
+import { getFullTypeChecker, getNodeTypeAsString, } from "../_internal/ast-utils.js";
+import { createRule } from "../_internal/create-rule.js";
+const isEmptyStringLiteral = (node) => node.type === "Literal" && node.value === "";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const fullTypeChecker = getFullTypeChecker(context);
+        const mightBeHTMLElement = (node) => {
+            const nodeType = getNodeTypeAsString(fullTypeChecker, node, context);
+            return /HTML.*Element/u.test(nodeType) || nodeType === "any";
+        };
+        return {
+            "AssignmentExpression[left.type='MemberExpression'][left.property.name=/^(?:innerHTML|outerHTML)$/]"(node) {
+                if (isEmptyStringLiteral(node.right)) {
+                    return;
+                }
+                if (node.left.type !== "MemberExpression") {
+                    return;
+                }
+                if (!mightBeHTMLElement(node.left.object)) {
+                    return;
+                }
+                context.report({
+                    messageId: "noInnerHtml",
+                    node,
+                });
+            },
+            "CallExpression[arguments.length=2] > MemberExpression.callee[property.name='insertAdjacentHTML']"(node) {
+                if (node.parent.type !== "CallExpression") {
+                    return;
+                }
+                const secondArgument = node.parent.arguments[1];
+                if (secondArgument !== undefined &&
+                    isEmptyStringLiteral(secondArgument)) {
+                    return;
+                }
+                if (!mightBeHTMLElement(node.object)) {
+                    return;
+                }
+                context.report({
+                    messageId: "noInsertAdjacentHTML",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow unsafe direct DOM HTML writes via innerHTML/outerHTML/insertAdjacentHTML.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-inner-html",
+        },
+        messages: {
+            noInnerHtml: "Do not write to the DOM directly using innerHTML/outerHTML.",
+            noInsertAdjacentHTML: "Do not write to the DOM using insertAdjacentHTML.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-inner-html",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-inner-html.js.map

package/dist/rules/no-inner-html.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-inner-html.js","sourceRoot":"","sources":["../../src/rules/no-inner-html.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,MAAM,oBAAoB,GAAG,CAAC,IAAmB,EAAW,EAAE,CAC1D,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,EAAE,CAAC;AAEjD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,MAAM,kBAAkB,GAAG,CAAC,IAAmB,EAAW,EAAE;YACxD,MAAM,QAAQ,GAAG,mBAAmB,CAChC,eAAe,EACf,IAAI,EACJ,OAAO,CACV,CAAC;YAEF,OAAO,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,KAAK,CAAC;QACjE,CAAC,CAAC;QAEF,OAAO;YACH,oGAAoG,CAChG,IAAmC;gBAEnC,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACnC,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,aAAa;oBACxB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,kGAAkG,CAC9F,IAA+B;gBAE/B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACxC,OAAO;gBACX,CAAC;gBAED,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAEhD,IACI,cAAc,KAAK,SAAS;oBAC5B,oBAAoB,CAAC,cAAc,CAAC,EACtC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,sBAAsB;oBACjC,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,oFAAoF;YACxF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,2EAA2E;SACnF;QACD,QAAQ,EAAE;YACN,WAAW,EACP,6DAA6D;YACjE,oBAAoB,EAChB,mDAAmD;SAC1D;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,eAAe;CACxB,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-insecure-random.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-insecure-random.d.ts.map

package/dist/rules/no-insecure-random.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-random.d.ts","sourceRoot":"","sources":["../../src/rules/no-insecure-random.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAiBzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAiHtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-insecure-random.js

@@ -0,0 +1,95 @@
+import { basename, parse } from "node:path";
+import { arrayIncludes, isDefined } from "ts-extras";
+import { getFullTypeChecker, getNodeTypeAsString, } from "../_internal/ast-utils.js";
+import { createRule } from "../_internal/create-rule.js";
+const bannedRandomLibraries = [
+    "chance",
+    "random-number",
+    "random-int",
+    "random-float",
+    "random-seed",
+    "unique-random",
+];
+const isBannedRandomLibrary = (value) => arrayIncludes(bannedRandomLibraries, value);
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const fullTypeChecker = getFullTypeChecker(context);
+        return {
+            "CallExpression > MemberExpression[property.name='pseudoRandomBytes']"(node) {
+                const isUnsafe = isDefined(fullTypeChecker)
+                    ? arrayIncludes(["any", "Crypto"], getNodeTypeAsString(fullTypeChecker, node.object, context))
+                    : node.object.type === "Identifier" &&
+                        node.object.name === "crypto";
+                if (!isUnsafe) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+            "CallExpression > MemberExpression[property.name='random']"(node) {
+                const isUnsafe = isDefined(fullTypeChecker)
+                    ? arrayIncludes(["any", "Math"], getNodeTypeAsString(fullTypeChecker, node.object, context))
+                    : node.object.type === "Identifier" &&
+                        node.object.name === "Math";
+                if (!isUnsafe) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+            "CallExpression[callee.name='require'][arguments.length=1]"(node) {
+                const [sourceArgument] = node.arguments;
+                if (!isDefined(sourceArgument) ||
+                    sourceArgument.type !== "Literal" ||
+                    typeof sourceArgument.value !== "string") {
+                    return;
+                }
+                const requireName = parse(basename(sourceArgument.value)).name;
+                if (!isBannedRandomLibrary(requireName)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+            ImportDeclaration(node) {
+                const sourceText = node.source.value;
+                if (typeof sourceText !== "string") {
+                    return;
+                }
+                if (!isBannedRandomLibrary(basename(sourceText))) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow insecure pseudo-random APIs and known non-cryptographic random libraries for security-sensitive code.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-insecure-random",
+        },
+        messages: {
+            default: "Do not use pseudo-random generators for secrets such as tokens, keys, or passwords.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-insecure-random",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-insecure-random.js.map

package/dist/rules/no-insecure-random.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-random.js","sourceRoot":"","sources":["../../src/rules/no-insecure-random.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErD,OAAO,EACH,kBAAkB,EAClB,mBAAmB,GACtB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,MAAM,qBAAqB,GAAG;IAC1B,QAAQ;IACR,eAAe;IACf,YAAY;IACZ,cAAc;IACd,aAAa;IACb,eAAe;CACT,CAAC;AAEX,MAAM,qBAAqB,GAAG,CAAC,KAAa,EAAW,EAAE,CACrD,aAAa,CACT,qBAAqB,EACrB,KAA+C,CAClD,CAAC;AAEN,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,sEAAsE,CAClE,IAA+B;gBAE/B,MAAM,QAAQ,GAAG,SAAS,CAAC,eAAe,CAAC;oBACvC,CAAC,CAAC,aAAa,CACT,CAAC,KAAK,EAAE,QAAQ,CAAC,EACjB,mBAAmB,CACf,eAAe,EACf,IAAI,CAAC,MAAM,EACX,OAAO,CACV,CACJ;oBACH,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;wBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;gBAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACZ,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,2DAA2D,CACvD,IAA+B;gBAE/B,MAAM,QAAQ,GAAG,SAAS,CAAC,eAAe,CAAC;oBACvC,CAAC,CAAC,aAAa,CACT,CAAC,KAAK,EAAE,MAAM,CAAC,EACf,mBAAmB,CACf,eAAe,EACf,IAAI,CAAC,MAAM,EACX,OAAO,CACV,CACJ;oBACH,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;wBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC;gBAElC,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACZ,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,2DAA2D,CACvD,IAA6B;gBAE7B,MAAM,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAExC,IACI,CAAC,SAAS,CAAC,cAAc,CAAC;oBAC1B,cAAc,CAAC,IAAI,KAAK,SAAS;oBACjC,OAAO,cAAc,CAAC,KAAK,KAAK,QAAQ,EAC1C,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,WAAW,GAAG,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;gBAE/D,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACtC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,iBAAiB,CAAC,IAAI;gBAClB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gBAErC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;oBACjC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,gHAAgH;YACpH,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,gFAAgF;SACxF;QACD,QAAQ,EAAE;YACN,OAAO,EACH,qFAAqF;SAC5F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,oBAAoB;CAC7B,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-insecure-tls-agent-options.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-insecure-tls-agent-options.d.ts.map

package/dist/rules/no-insecure-tls-agent-options.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-tls-agent-options.d.ts","sourceRoot":"","sources":["../../src/rules/no-insecure-tls-agent-options.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAgDzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAkDtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-insecure-tls-agent-options.js

@@ -0,0 +1,73 @@
+import { createRule } from "../_internal/create-rule.js";
+const isFalseLiteral = (node) => node.type === "Literal" && node.value === false;
+const getObjectPropertyName = (propertyNode) => {
+    if (propertyNode.computed) {
+        return undefined;
+    }
+    if (propertyNode.key.type === "Identifier") {
+        return propertyNode.key.name;
+    }
+    if (propertyNode.key.type === "Literal" &&
+        typeof propertyNode.key.value === "string") {
+        return propertyNode.key.value;
+    }
+    return undefined;
+};
+const findRejectUnauthorizedFalseProperty = (objectExpression) => {
+    for (const propertyNode of objectExpression.properties) {
+        if (propertyNode.type !== "Property" || propertyNode.kind !== "init") {
+            continue;
+        }
+        if (getObjectPropertyName(propertyNode) !== "rejectUnauthorized") {
+            continue;
+        }
+        if (isFalseLiteral(propertyNode.value)) {
+            return propertyNode;
+        }
+    }
+    return undefined;
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            ObjectExpression(node) {
+                const insecureOptionProperty = findRejectUnauthorizedFalseProperty(node);
+                if (insecureOptionProperty === undefined) {
+                    return;
+                }
+                context.report({
+                    fix(fixer) {
+                        if (insecureOptionProperty.value.type !== "Literal" ||
+                            insecureOptionProperty.value.value !== false) {
+                            return null;
+                        }
+                        return fixer.replaceText(insecureOptionProperty.value, "true");
+                    },
+                    messageId: "default",
+                    node: insecureOptionProperty,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow rejectUnauthorized: false in TLS/HTTPS option objects.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-insecure-tls-agent-options",
+        },
+        fixable: "code",
+        messages: {
+            default: "Do not disable TLS certificate verification with rejectUnauthorized: false.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-insecure-tls-agent-options",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-insecure-tls-agent-options.js.map

package/dist/rules/no-insecure-tls-agent-options.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-tls-agent-options.js","sourceRoot":"","sources":["../../src/rules/no-insecure-tls-agent-options.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,cAAc,GAAG,CAAC,IAAgC,EAAW,EAAE,CACjE,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC;AAEpD,MAAM,qBAAqB,GAAG,CAC1B,YAA+B,EACb,EAAE;IACpB,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;IACjC,CAAC;IAED,IACI,YAAY,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS;QACnC,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ,EAC5C,CAAC;QACC,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC;IAClC,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,mCAAmC,GAAG,CACxC,gBAA2C,EACd,EAAE;IAC/B,KAAK,MAAM,YAAY,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;QACrD,IAAI,YAAY,CAAC,IAAI,KAAK,UAAU,IAAI,YAAY,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACnE,SAAS;QACb,CAAC;QAED,IAAI,qBAAqB,CAAC,YAAY,CAAC,KAAK,oBAAoB,EAAE,CAAC;YAC/D,SAAS;QACb,CAAC;QAED,IAAI,cAAc,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,YAAY,CAAC;QACxB,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,gBAAgB,CAAC,IAA+B;gBAC5C,MAAM,sBAAsB,GACxB,mCAAmC,CAAC,IAAI,CAAC,CAAC;gBAE9C,IAAI,sBAAsB,KAAK,SAAS,EAAE,CAAC;oBACvC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,GAAG,CAAC,KAAK;wBACL,IACI,sBAAsB,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;4BAC/C,sBAAsB,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,EAC9C,CAAC;4BACC,OAAO,IAAI,CAAC;wBAChB,CAAC;wBAED,OAAO,KAAK,CAAC,WAAW,CACpB,sBAAsB,CAAC,KAAK,EAC5B,MAAM,CACT,CAAC;oBACN,CAAC;oBACD,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,sBAAsB;iBAC/B,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,iEAAiE;YACrE,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,2FAA2F;SACnG;QACD,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE;YACN,OAAO,EACH,6EAA6E;SACpF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,+BAA+B;CACxC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-insecure-url.d.ts

@@ -0,0 +1,12 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Default insecure-protocol blocklist patterns. */
+declare const defaultBlocklist: readonly RegExp[];
+/** Default allowlisted literal URL exceptions. */
+declare const defaultExceptions: readonly RegExp[];
+/** Default source-text exceptions for variable/template contexts. */
+declare const defaultVariableExceptions: readonly RegExp[];
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export { defaultBlocklist, defaultExceptions, defaultVariableExceptions };
+export default rule;
+//# sourceMappingURL=no-insecure-url.d.ts.map

package/dist/rules/no-insecure-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-url.d.ts","sourceRoot":"","sources":["../../src/rules/no-insecure-url.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,oDAAoD;AACpD,QAAA,MAAM,gBAAgB,EAAE,SAAS,MAAM,EAAuC,CAAC;AAE/E,kDAAkD;AAClD,QAAA,MAAM,iBAAiB,EAAE,SAAS,MAAM,EAMvC,CAAC;AAEF,qEAAqE;AACrE,QAAA,MAAM,yBAAyB,EAAE,SAAS,MAAM,EAAO,CAAC;AA4DxD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA4HtC,CAAC;AAEH,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC;AAC1E,eAAe,IAAI,CAAC"}

package/dist/rules/no-insecure-url.js

@@ -0,0 +1,142 @@
+import { safeCastTo } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+/** Default insecure-protocol blocklist patterns. */
+const defaultBlocklist = [/^(?:ftp|http|telnet|ws):\/\//iu];
+/** Default allowlisted literal URL exceptions. */
+const defaultExceptions = [
+    /^http:(?:\/\/|\\u002f\\u002f)schemas\.microsoft\.com.*/iu,
+    /^http:(?:\/\/|\\u002f\\u002f)schemas\.openxmlformats\.org.*/iu,
+    /^http:(?:\/|\\u002f){2}localhost(?::|\/|\\u002f)*/iu,
+    /^http:\/\/w{3}\.w3\.org\/1999\/xhtml/iu,
+    /^http:\/\/w{3}\.w3\.org\/2000\/svg/iu,
+];
+/** Default source-text exceptions for variable/template contexts. */
+const defaultVariableExceptions = [];
+const asCaseInsensitiveRegex = (pattern) => {
+    if (pattern instanceof RegExp) {
+        // eslint-disable-next-line security/detect-non-literal-regexp -- Rebuild trusted RegExp source with normalized flags only.
+        return new RegExp(pattern.source, "iu");
+    }
+    // eslint-disable-next-line security/detect-non-literal-regexp -- User-configured regex patterns are intentionally compiled for matching behavior.
+    return new RegExp(pattern, "iu");
+};
+const matches = (patterns, value) => patterns.some((pattern) => pattern.test(value));
+const toRegexSources = (patterns) => patterns.map((pattern) => pattern.source);
+const shouldAttemptFix = (variableExceptions, context, node) => {
+    const targetNode = node.parent ?? node;
+    const targetText = context.sourceCode.getText(targetNode);
+    return !matches(variableExceptions, targetText);
+};
+const reportInsecureUrl = (context, node, replacementSourceText) => {
+    context.report({
+        fix(fixer) {
+            if (!/http:/iu.test(replacementSourceText)) {
+                return null;
+            }
+            return fixer.replaceText(node, replacementSourceText.replace(/http:/iu, "https:"));
+        },
+        messageId: "doNotUseInsecureUrl",
+        node,
+    });
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const [options = {}] = context.options;
+        const blocklist = (options.blocklist ?? defaultBlocklist).map((pattern) => asCaseInsensitiveRegex(pattern));
+        const exceptions = (options.exceptions ?? defaultExceptions).map((pattern) => asCaseInsensitiveRegex(pattern));
+        const variableExceptions = (options.varExceptions ?? defaultVariableExceptions).map((pattern) => asCaseInsensitiveRegex(pattern));
+        return {
+            Literal(node) {
+                if (typeof node.value !== "string") {
+                    return;
+                }
+                if (node.parent?.type === "JSXAttribute" &&
+                    node.parent.name.type === "JSXIdentifier" &&
+                    node.parent.name.name === "xmlns") {
+                    return;
+                }
+                if (!matches(blocklist, node.value) ||
+                    matches(exceptions, node.value)) {
+                    return;
+                }
+                if (!shouldAttemptFix(variableExceptions, context, node)) {
+                    return;
+                }
+                reportInsecureUrl(context, node, JSON.stringify(node.value));
+            },
+            TemplateElement(node) {
+                if (typeof node.value.raw !== "string" ||
+                    typeof node.value.cooked !== "string") {
+                    return;
+                }
+                const isRawMatch = shouldAttemptFix(variableExceptions, context, node) &&
+                    matches(blocklist, node.value.raw) &&
+                    !matches(exceptions, node.value.raw);
+                const isCookedMatch = matches(blocklist, node.value.cooked) &&
+                    !matches(exceptions, node.value.cooked);
+                if (!isRawMatch && !isCookedMatch) {
+                    return;
+                }
+                const escapedTemplatePart = JSON.stringify(context.sourceCode.getText(node)).slice(1, -1);
+                reportInsecureUrl(context, node, escapedTemplatePart);
+            },
+        };
+    },
+    defaultOptions: safeCastTo([
+        {
+            blocklist: toRegexSources(defaultBlocklist),
+            exceptions: toRegexSources(defaultExceptions),
+            varExceptions: toRegexSources(defaultVariableExceptions),
+        },
+    ]),
+    meta: {
+        defaultOptions: [
+            {
+                blocklist: toRegexSources(defaultBlocklist),
+                exceptions: toRegexSources(defaultExceptions),
+                varExceptions: toRegexSources(defaultVariableExceptions),
+            },
+        ],
+        deprecated: false,
+        docs: {
+            description: "disallow insecure URL protocols such as http:// and ftp:// with configurable exceptions.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-insecure-url",
+        },
+        fixable: "code",
+        messages: {
+            doNotUseInsecureUrl: "Do not use insecure URLs.",
+        },
+        schema: [
+            {
+                additionalProperties: false,
+                properties: {
+                    blocklist: {
+                        description: "Regular-expression strings that identify insecure URL patterns to block.",
+                        items: { type: "string" },
+                        type: "array",
+                    },
+                    exceptions: {
+                        description: "Regular-expression strings that identify allowed URL literals excluded from blocklist checks.",
+                        items: { type: "string" },
+                        type: "array",
+                    },
+                    varExceptions: {
+                        description: "Regular-expression strings that identify source-text contexts where automatic fixing should be skipped.",
+                        items: { type: "string" },
+                        type: "array",
+                    },
+                },
+                type: "object",
+            },
+        ],
+        type: "problem",
+    },
+    name: "no-insecure-url",
+});
+export { defaultBlocklist, defaultExceptions, defaultVariableExceptions };
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-insecure-url.js.map

package/dist/rules/no-insecure-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-url.js","sourceRoot":"","sources":["../../src/rules/no-insecure-url.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,oDAAoD;AACpD,MAAM,gBAAgB,GAAsB,CAAC,gCAAgC,CAAC,CAAC;AAE/E,kDAAkD;AAClD,MAAM,iBAAiB,GAAsB;IACzC,0DAA0D;IAC1D,+DAA+D;IAC/D,qDAAqD;IACrD,wCAAwC;IACxC,sCAAsC;CACzC,CAAC;AAEF,qEAAqE;AACrE,MAAM,yBAAyB,GAAsB,EAAE,CAAC;AAYxD,MAAM,sBAAsB,GAAG,CAAC,OAAwB,EAAU,EAAE;IAChE,IAAI,OAAO,YAAY,MAAM,EAAE,CAAC;QAC5B,2HAA2H;QAC3H,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,kJAAkJ;IAClJ,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC,CAAC;AAEF,MAAM,OAAO,GAAG,CAAC,QAA2B,EAAE,KAAa,EAAW,EAAE,CACpE,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAEpD,MAAM,cAAc,GAAG,CAAC,QAA2B,EAAqB,EAAE,CACtE,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAE9C,MAAM,gBAAgB,GAAG,CACrB,kBAAqC,EACrC,OAAkD,EAClD,IAAmB,EACZ,EAAE;IACT,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IACvC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE1D,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CACtB,OAAkD,EAClD,IAAmB,EACnB,qBAA6B,EACzB,EAAE;IACN,OAAO,CAAC,MAAM,CAAC;QACX,GAAG,CAAC,KAAK;YACL,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;gBACzC,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,KAAK,CAAC,WAAW,CACpB,IAAI,EACJ,qBAAqB,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CACrD,CAAC;QACN,CAAC;QACD,SAAS,EAAE,qBAAqB;QAChC,IAAI;KACP,CAAC,CAAC;AACP,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAsB;IACxE,MAAM,CAAC,OAAO;QACV,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;QACvC,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,gBAAgB,CAAC,CAAC,GAAG,CACzD,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAC/C,CAAC;QACF,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,UAAU,IAAI,iBAAiB,CAAC,CAAC,GAAG,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAC/C,CAAC;QACF,MAAM,kBAAkB,GAAG,CACvB,OAAO,CAAC,aAAa,IAAI,yBAAyB,CACrD,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;QAEpD,OAAO;YACH,OAAO,CAAC,IAAI;gBACR,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACjC,OAAO;gBACX,CAAC;gBAED,IACI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,cAAc;oBACpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe;oBACzC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,EACnC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IACI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC;oBAC/B,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,EACjC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;oBACvD,OAAO;gBACX,CAAC;gBAED,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACjE,CAAC;YACD,eAAe,CAAC,IAAI;gBAChB,IACI,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,QAAQ;oBAClC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,QAAQ,EACvC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,UAAU,GACZ,gBAAgB,CAAC,kBAAkB,EAAE,OAAO,EAAE,IAAI,CAAC;oBACnD,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;oBAClC,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACzC,MAAM,aAAa,GACf,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACrC,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAE5C,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;oBAChC,OAAO;gBACX,CAAC;gBAED,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CACtC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CACnC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBAEf,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE,mBAAmB,CAAC,CAAC;YAC1D,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,UAAU,CAAU;QAChC;YACI,SAAS,EAAE,cAAc,CAAC,gBAAgB,CAAC;YAC3C,UAAU,EAAE,cAAc,CAAC,iBAAiB,CAAC;YAC7C,aAAa,EAAE,cAAc,CAAC,yBAAyB,CAAC;SAC3D;KACJ,CAAC;IACF,IAAI,EAAE;QACF,cAAc,EAAE;YACZ;gBACI,SAAS,EAAE,cAAc,CAAC,gBAAgB,CAAC;gBAC3C,UAAU,EAAE,cAAc,CAAC,iBAAiB,CAAC;gBAC7C,aAAa,EAAE,cAAc,CAAC,yBAAyB,CAAC;aAC3D;SACJ;QACD,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,0FAA0F;YAC9F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,6EAA6E;SACrF;QACD,OAAO,EAAE,MAAM;QACf,QAAQ,EAAE;YACN,mBAAmB,EAAE,2BAA2B;SACnD;QACD,MAAM,EAAE;YACJ;gBACI,oBAAoB,EAAE,KAAK;gBAC3B,UAAU,EAAE;oBACR,SAAS,EAAE;wBACP,WAAW,EACP,0EAA0E;wBAC9E,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,IAAI,EAAE,OAAO;qBAChB;oBACD,UAAU,EAAE;wBACR,WAAW,EACP,+FAA+F;wBACnG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,IAAI,EAAE,OAAO;qBAChB;oBACD,aAAa,EAAE;wBACX,WAAW,EACP,yGAAyG;wBAC7G,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,IAAI,EAAE,OAAO;qBAChB;iBACJ;gBACD,IAAI,EAAE,QAAQ;aACjB;SACJ;QACD,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,iBAAiB;CAC1B,CAAC,CAAC;AAEH,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC;AAC1E,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-location-javascript-url.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-location-javascript-url.d.ts.map

package/dist/rules/no-location-javascript-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-location-javascript-url.d.ts","sourceRoot":"","sources":["../../src/rules/no-location-javascript-url.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAqDzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAoFtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-location-javascript-url.js

@@ -0,0 +1,98 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const getStaticStringValue = (node) => {
+    if (node.type === "Literal" && typeof node.value === "string") {
+        return node.value;
+    }
+    if (node.type === "TemplateLiteral" && node.expressions.length === 0) {
+        return arrayFirst(node.quasis)?.value.cooked ?? undefined;
+    }
+    return undefined;
+};
+const isJavaScriptUrl = (value) => /^\s*javascript\s*:/iu.test(value);
+const isLocationLikeLeftHand = (expression) => {
+    if (expression.type !== "MemberExpression") {
+        return false;
+    }
+    const propertyName = getMemberPropertyName(expression);
+    return propertyName === "location" || propertyName === "href";
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            AssignmentExpression(node) {
+                if (node.operator !== "=") {
+                    return;
+                }
+                if (!isLocationLikeLeftHand(node.left)) {
+                    return;
+                }
+                const assignedValue = getStaticStringValue(node.right);
+                if (typeof assignedValue !== "string" ||
+                    !isJavaScriptUrl(assignedValue)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+            CallExpression(node) {
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                const methodName = getMemberPropertyName(node.callee);
+                if (methodName !== "assign" &&
+                    methodName !== "replace" &&
+                    methodName !== "open") {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement") {
+                    return;
+                }
+                const argumentValue = getStaticStringValue(firstArgument);
+                if (typeof argumentValue !== "string" ||
+                    !isJavaScriptUrl(argumentValue)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node: firstArgument,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow assigning javascript: URLs to location-like navigation sinks.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-location-javascript-url",
+        },
+        messages: {
+            default: "Do not use javascript: URLs in location or open-like navigation sinks.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-location-javascript-url",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-location-javascript-url.js.map

package/dist/rules/no-location-javascript-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-location-javascript-url.js","sourceRoot":"","sources":["../../src/rules/no-location-javascript-url.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CACzB,IAAyB,EACP,EAAE;IACpB,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnE,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,IAAI,SAAS,CAAC;IAC9D,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,KAAa,EAAW,EAAE,CAC/C,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAEvC,MAAM,sBAAsB,GAAG,CAC3B,UAAiD,EAC1C,EAAE;IACT,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IAEvD,OAAO,YAAY,KAAK,UAAU,IAAI,YAAY,KAAK,MAAM,CAAC;AAClE,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,oBAAoB,CAAC,IAAmC;gBACpD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBACxB,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACrC,OAAO;gBACX,CAAC;gBAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEvD,IACI,OAAO,aAAa,KAAK,QAAQ;oBACjC,CAAC,eAAe,CAAC,aAAa,CAAC,EACjC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEtD,IACI,UAAU,KAAK,QAAQ;oBACvB,UAAU,KAAK,SAAS;oBACxB,UAAU,KAAK,MAAM,EACvB,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe,EACxC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,aAAa,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;gBAE1D,IACI,OAAO,aAAa,KAAK,QAAQ;oBACjC,CAAC,eAAe,CAAC,aAAa,CAAC,EACjC,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI,EAAE,aAAa;iBACtB,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,wEAAwE;YAC5E,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,wFAAwF;SAChG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,wEAAwE;SAC/E;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,4BAA4B;CACrC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-message-event-without-origin-check.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-message-event-without-origin-check.d.ts.map

package/dist/rules/no-message-event-without-origin-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-message-event-without-origin-check.d.ts","sourceRoot":"","sources":["../../src/rules/no-message-event-without-origin-check.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA6QzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAsEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}