eslint-plugin-sdl-2 1.0.4

package/dist/rules/no-angularjs-enable-svg.js

@@ -0,0 +1,48 @@
+import { arrayIncludes } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const isExplicitlyDisabledSvgLiteral = (argument) => argument?.type === "Literal" &&
+    arrayIncludes([
+        0,
+        "0",
+        false,
+        "false",
+    ], argument.value);
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            "CallExpression[callee.object.name='$sanitizeProvider'][callee.property.name='enableSvg']"(node) {
+                if (node.arguments.length !== 1) {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (isExplicitlyDisabledSvgLiteral(firstArgument)) {
+                    return;
+                }
+                context.report({
+                    messageId: "doNotEnableSVG",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow enabling AngularJS sanitizer SVG support via $sanitizeProvider.enableSvg(true).",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-angularjs-enable-svg",
+        },
+        messages: {
+            doNotEnableSVG: "Do not enable SVG support in AngularJS sanitizer.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-angularjs-enable-svg",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-angularjs-enable-svg.js.map

package/dist/rules/no-angularjs-enable-svg.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-enable-svg.js","sourceRoot":"","sources":["../../src/rules/no-angularjs-enable-svg.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,MAAM,8BAA8B,GAAG,CACnC,QAAmC,EAC5B,EAAE,CACT,QAAQ,EAAE,IAAI,KAAK,SAAS;IAC5B,aAAa,CACT;QACI,CAAC;QACD,GAAG;QACH,KAAK;QACL,OAAO;KACV,EACD,QAAQ,CAAC,KAAK,CACjB,CAAC;AAEN,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,OAAO;YACH,0FAA0F,CACtF,IAA6B;gBAE7B,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC9B,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IAAI,8BAA8B,CAAC,aAAa,CAAC,EAAE,CAAC;oBAChD,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,gBAAgB;oBAC3B,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,0FAA0F;YAC9F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,qFAAqF;SAC7F;QACD,QAAQ,EAAE;YACN,cAAc,EAAE,mDAAmD;SACtE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,yBAAyB;CAClC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-angularjs-ng-bind-html-without-sanitize.d.ts.map

package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-ng-bind-html-without-sanitize.d.ts","sourceRoot":"","sources":["../../src/rules/no-angularjs-ng-bind-html-without-sanitize.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAUzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAiEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js

@@ -0,0 +1,64 @@
+import { arrayFirst } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+const hasNgBindHtmlPattern = (text) => /\bng-bind-html\b/iu.test(text);
+const hasKnownSanitizePattern = (text) => /\b(?:ngsanitize|\$sanitize|sanitize)\b/iu.test(text);
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            Literal(node) {
+                if (typeof node.value !== "string") {
+                    return;
+                }
+                if (!hasNgBindHtmlPattern(node.value)) {
+                    return;
+                }
+                if (hasKnownSanitizePattern(node.value)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+            TemplateLiteral(node) {
+                if (node.expressions.length > 0) {
+                    return;
+                }
+                const templateValue = arrayFirst(node.quasis)?.value.cooked;
+                if (typeof templateValue !== "string") {
+                    return;
+                }
+                if (!hasNgBindHtmlPattern(templateValue)) {
+                    return;
+                }
+                if (hasKnownSanitizePattern(templateValue)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow AngularJS ng-bind-html usage without explicit sanitization context.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-angularjs-ng-bind-html-without-sanitize",
+        },
+        messages: {
+            default: "Avoid ng-bind-html unless sanitization is explicitly configured and enforced.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-angularjs-ng-bind-html-without-sanitize",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-angularjs-ng-bind-html-without-sanitize.js.map

package/dist/rules/no-angularjs-ng-bind-html-without-sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-ng-bind-html-without-sanitize.js","sourceRoot":"","sources":["../../src/rules/no-angularjs-ng-bind-html-without-sanitize.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAW,EAAE,CACnD,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEpC,MAAM,uBAAuB,GAAG,CAAC,IAAY,EAAW,EAAE,CACtD,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAE1D,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,OAAO,CAAC,IAAsB;gBAC1B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACjC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,IAAI,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;YACD,eAAe,CAAC,IAA8B;gBAC1C,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO;gBACX,CAAC;gBAED,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC;gBAE5D,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,CAAC;oBACvC,OAAO;gBACX,CAAC;gBAED,IAAI,uBAAuB,CAAC,aAAa,CAAC,EAAE,CAAC;oBACzC,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,SAAS;oBACpB,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,8EAA8E;YAClF,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,wGAAwG;SAChH;QACD,QAAQ,EAAE;YACN,OAAO,EACH,+EAA+E;SACtF;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,4CAA4C;CACrD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-angularjs-sanitization-whitelist.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-angularjs-sanitization-whitelist.d.ts.map

package/dist/rules/no-angularjs-sanitization-whitelist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-sanitization-whitelist.d.ts","sourceRoot":"","sources":["../../src/rules/no-angularjs-sanitization-whitelist.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA+BtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-angularjs-sanitization-whitelist.js

@@ -0,0 +1,32 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            "CallExpression[arguments.length>0][callee.object.name='$compileProvider'][callee.property.name=/^(?:aHref|imgSrc)SanitizationWhitelist$/]"(node) {
+                context.report({
+                    messageId: "noSanitizationWhitelist",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow AngularJS sanitizer whitelist mutations via $compileProvider.*SanitizationWhitelist.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-angularjs-sanitization-whitelist",
+        },
+        messages: {
+            noSanitizationWhitelist: "Do not modify AngularJS sanitization whitelists.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-angularjs-sanitization-whitelist",
+});
+export default rule;
+//# sourceMappingURL=no-angularjs-sanitization-whitelist.js.map

package/dist/rules/no-angularjs-sanitization-whitelist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-sanitization-whitelist.js","sourceRoot":"","sources":["../../src/rules/no-angularjs-sanitization-whitelist.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,OAAO;YACH,2IAA2I,CACvI,IAAI;gBAEJ,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,yBAAyB;oBACpC,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,+FAA+F;YACnG,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,iGAAiG;SACzG;QACD,QAAQ,EAAE;YACN,uBAAuB,EACnB,kDAAkD;SACzD;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,qCAAqC;CAC9C,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-angularjs-sce-resource-url-wildcard.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-angularjs-sce-resource-url-wildcard.d.ts.map

package/dist/rules/no-angularjs-sce-resource-url-wildcard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-sce-resource-url-wildcard.d.ts","sourceRoot":"","sources":["../../src/rules/no-angularjs-sce-resource-url-wildcard.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA0BzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAiEtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-angularjs-sce-resource-url-wildcard.js

@@ -0,0 +1,69 @@
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isWildcardValue = (value) => value.includes("*");
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                if (getMemberPropertyName(node.callee) !==
+                    "resourceUrlWhitelist") {
+                    return;
+                }
+                const [firstArgument] = node.arguments;
+                if (firstArgument === undefined ||
+                    firstArgument.type === "SpreadElement" ||
+                    firstArgument.type !== "ArrayExpression") {
+                    return;
+                }
+                for (const elementNode of firstArgument.elements) {
+                    if (elementNode === null ||
+                        elementNode.type === "SpreadElement" ||
+                        elementNode.type !== "Literal" ||
+                        typeof elementNode.value !== "string") {
+                        continue;
+                    }
+                    if (!isWildcardValue(elementNode.value)) {
+                        continue;
+                    }
+                    context.report({
+                        messageId: "default",
+                        node: elementNode,
+                    });
+                }
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow wildcard entries in AngularJS SCE resource URL whitelists.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-angularjs-sce-resource-url-wildcard",
+        },
+        messages: {
+            default: "Do not use wildcard resourceUrlWhitelist entries for AngularJS SCE configuration.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-angularjs-sce-resource-url-wildcard",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-angularjs-sce-resource-url-wildcard.js.map

package/dist/rules/no-angularjs-sce-resource-url-wildcard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-angularjs-sce-resource-url-wildcard.js","sourceRoot":"","sources":["../../src/rules/no-angularjs-sce-resource-url-wildcard.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,KAAa,EAAW,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAExE,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,IACI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC;oBAClC,sBAAsB,EACxB,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC;gBAEvC,IACI,aAAa,KAAK,SAAS;oBAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;oBACtC,aAAa,CAAC,IAAI,KAAK,iBAAiB,EAC1C,CAAC;oBACC,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,WAAW,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;oBAC/C,IACI,WAAW,KAAK,IAAI;wBACpB,WAAW,CAAC,IAAI,KAAK,eAAe;wBACpC,WAAW,CAAC,IAAI,KAAK,SAAS;wBAC9B,OAAO,WAAW,CAAC,KAAK,KAAK,QAAQ,EACvC,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;wBACtC,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,WAAW;qBACpB,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,qEAAqE;YACzE,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,oGAAoG;SAC5G;QACD,QAAQ,EAAE;YACN,OAAO,EACH,mFAAmF;SAC1F;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,wCAAwC;CACjD,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-child-process-exec.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-child-process-exec.d.ts.map

package/dist/rules/no-child-process-exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-child-process-exec.d.ts","sourceRoot":"","sources":["../../src/rules/no-child-process-exec.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AA6DzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAgJtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-child-process-exec.js

@@ -0,0 +1,141 @@
+import { isDefined, setHas } from "ts-extras";
+import { createRule } from "../_internal/create-rule.js";
+import { getMemberPropertyName, getPropertyName, } from "../_internal/estree-utils.js";
+const CHILD_PROCESS_MODULE_NAMES = new Set([
+    "child_process",
+    "node:child_process",
+]);
+const DISALLOWED_CHILD_PROCESS_METHOD_NAMES = new Set(["exec", "execSync"]);
+const isDisallowedChildProcessMethodName = (value) => isDefined(value) && setHas(DISALLOWED_CHILD_PROCESS_METHOD_NAMES, value);
+const isChildProcessModuleSource = (value) => setHas(CHILD_PROCESS_MODULE_NAMES, value);
+const isRequireCallFromChildProcess = (expression) => {
+    if (expression?.type !== "CallExpression" ||
+        expression.callee.type !== "Identifier" ||
+        expression.callee.name !== "require") {
+        return false;
+    }
+    const [firstArgument] = expression.arguments;
+    return (firstArgument !== undefined &&
+        firstArgument.type !== "SpreadElement" &&
+        firstArgument.type === "Literal" &&
+        typeof firstArgument.value === "string" &&
+        isChildProcessModuleSource(firstArgument.value));
+};
+const getPatternIdentifier = (pattern) => {
+    if (pattern.type === "Identifier") {
+        return pattern;
+    }
+    if (pattern.type === "AssignmentPattern" &&
+        pattern.left.type === "Identifier") {
+        return pattern.left;
+    }
+    return undefined;
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const childProcessExecBindingNames = new Set();
+        const childProcessNamespaceBindingNames = new Set();
+        return {
+            CallExpression(node) {
+                if (node.callee.type === "Identifier") {
+                    if (!setHas(childProcessExecBindingNames, node.callee.name)) {
+                        return;
+                    }
+                    context.report({
+                        messageId: "default",
+                        node: node.callee,
+                    });
+                    return;
+                }
+                if (node.callee.type !== "MemberExpression") {
+                    return;
+                }
+                const methodName = getMemberPropertyName(node.callee);
+                if (!isDisallowedChildProcessMethodName(methodName)) {
+                    return;
+                }
+                if (node.callee.object.type === "Identifier" &&
+                    setHas(childProcessNamespaceBindingNames, node.callee.object.name)) {
+                    context.report({
+                        messageId: "default",
+                        node: node.callee,
+                    });
+                    return;
+                }
+                if (node.callee.object.type === "CallExpression" &&
+                    isRequireCallFromChildProcess(node.callee.object)) {
+                    context.report({
+                        messageId: "default",
+                        node: node.callee,
+                    });
+                }
+            },
+            ImportDeclaration(node) {
+                if (!isChildProcessModuleSource(node.source.value)) {
+                    return;
+                }
+                for (const specifierNode of node.specifiers) {
+                    if (specifierNode.type === "ImportDefaultSpecifier" ||
+                        specifierNode.type === "ImportNamespaceSpecifier") {
+                        childProcessNamespaceBindingNames.add(specifierNode.local.name);
+                        continue;
+                    }
+                    const importedName = specifierNode.imported.type === "Identifier"
+                        ? specifierNode.imported.name
+                        : specifierNode.imported.value;
+                    if (!isDisallowedChildProcessMethodName(importedName)) {
+                        continue;
+                    }
+                    childProcessExecBindingNames.add(specifierNode.local.name);
+                }
+            },
+            VariableDeclarator(node) {
+                if (!isRequireCallFromChildProcess(node.init)) {
+                    return;
+                }
+                if (node.id.type === "Identifier") {
+                    childProcessNamespaceBindingNames.add(node.id.name);
+                    return;
+                }
+                if (node.id.type !== "ObjectPattern") {
+                    return;
+                }
+                for (const propertyNode of node.id.properties) {
+                    if (propertyNode.type !== "Property" ||
+                        propertyNode.computed) {
+                        continue;
+                    }
+                    const importedName = getPropertyName(propertyNode);
+                    if (!isDisallowedChildProcessMethodName(importedName)) {
+                        continue;
+                    }
+                    const localIdentifier = getPatternIdentifier(propertyNode.value);
+                    if (localIdentifier === undefined) {
+                        continue;
+                    }
+                    childProcessExecBindingNames.add(localIdentifier.name);
+                }
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow child_process.exec() and execSync() shell-backed execution APIs.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-child-process-exec",
+        },
+        messages: {
+            default: "Do not use child_process.exec() or execSync(); prefer execFile(), spawn(), or other argv-separated process launches.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-child-process-exec",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-child-process-exec.js.map

package/dist/rules/no-child-process-exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-child-process-exec.js","sourceRoot":"","sources":["../../src/rules/no-child-process-exec.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EACH,qBAAqB,EACrB,eAAe,GAClB,MAAM,8BAA8B,CAAC;AAItC,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC;IACvC,eAAe;IACf,oBAAoB;CACvB,CAAC,CAAC;AACH,MAAM,qCAAqC,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAE5E,MAAM,kCAAkC,GAAG,CACvC,KAAyB,EACG,EAAE,CAC9B,SAAS,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;AAE7E,MAAM,0BAA0B,GAAG,CAAC,KAAa,EAAW,EAAE,CAC1D,MAAM,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAE9C,MAAM,6BAA6B,GAAG,CAClC,UAAsC,EACD,EAAE;IACvC,IACI,UAAU,EAAE,IAAI,KAAK,gBAAgB;QACrC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QACvC,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EACtC,CAAC;QACC,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,CAAC,aAAa,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC;IAE7C,OAAO,CACH,aAAa,KAAK,SAAS;QAC3B,aAAa,CAAC,IAAI,KAAK,eAAe;QACtC,aAAa,CAAC,IAAI,KAAK,SAAS;QAChC,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,0BAA0B,CAAC,aAAa,CAAC,KAAK,CAAC,CAClD,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CACzB,OAAmC,EACJ,EAAE;IACjC,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,IACI,OAAO,CAAC,IAAI,KAAK,mBAAmB;QACpC,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,EACpC,CAAC;QACC,OAAO,OAAO,CAAC,IAAI,CAAC;IACxB,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,MAAM,4BAA4B,GAAG,IAAI,GAAG,EAAU,CAAC;QACvD,MAAM,iCAAiC,GAAG,IAAI,GAAG,EAAU,CAAC;QAE5D,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACpC,IACI,CAAC,MAAM,CAAC,4BAA4B,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EACzD,CAAC;wBACC,OAAO;oBACX,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,IAAI,CAAC,MAAM;qBACpB,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,OAAO;gBACX,CAAC;gBAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAEtD,IAAI,CAAC,kCAAkC,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClD,OAAO;gBACX,CAAC;gBAED,IACI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,MAAM,CACF,iCAAiC,EACjC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAC1B,EACH,CAAC;oBACC,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,IAAI,CAAC,MAAM;qBACpB,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IACI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB;oBAC5C,6BAA6B,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EACnD,CAAC;oBACC,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,IAAI,CAAC,MAAM;qBACpB,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YACD,iBAAiB,CAAC,IAAgC;gBAC9C,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;oBACjD,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,aAAa,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1C,IACI,aAAa,CAAC,IAAI,KAAK,wBAAwB;wBAC/C,aAAa,CAAC,IAAI,KAAK,0BAA0B,EACnD,CAAC;wBACC,iCAAiC,CAAC,GAAG,CACjC,aAAa,CAAC,KAAK,CAAC,IAAI,CAC3B,CAAC;wBACF,SAAS;oBACb,CAAC;oBAED,MAAM,YAAY,GACd,aAAa,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;wBACxC,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI;wBAC7B,CAAC,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAEvC,IAAI,CAAC,kCAAkC,CAAC,YAAY,CAAC,EAAE,CAAC;wBACpD,SAAS;oBACb,CAAC;oBAED,4BAA4B,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/D,CAAC;YACL,CAAC;YACD,kBAAkB,CAAC,IAAiC;gBAChD,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5C,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,iCAAiC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;oBACpD,OAAO;gBACX,CAAC;gBAED,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACnC,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;oBAC5C,IACI,YAAY,CAAC,IAAI,KAAK,UAAU;wBAChC,YAAY,CAAC,QAAQ,EACvB,CAAC;wBACC,SAAS;oBACb,CAAC;oBAED,MAAM,YAAY,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;oBAEnD,IAAI,CAAC,kCAAkC,CAAC,YAAY,CAAC,EAAE,CAAC;wBACpD,SAAS;oBACb,CAAC;oBAED,MAAM,eAAe,GAAG,oBAAoB,CACxC,YAAY,CAAC,KAAK,CACrB,CAAC;oBAEF,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;wBAChC,SAAS;oBACb,CAAC;oBAED,4BAA4B,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;gBAC3D,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,2EAA2E;YAC/E,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,mFAAmF;SAC3F;QACD,QAAQ,EAAE;YACN,OAAO,EACH,sHAAsH;SAC7H;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,uBAAuB;CAChC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-child-process-shell-true.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-child-process-shell-true.d.ts.map

package/dist/rules/no-child-process-shell-true.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-child-process-shell-true.d.ts","sourceRoot":"","sources":["../../src/rules/no-child-process-shell-true.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAuEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA2CtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-child-process-shell-true.js

@@ -0,0 +1,89 @@
+import { createRule } from "../_internal/create-rule.js";
+const getMemberPropertyName = (memberExpression) => {
+    if (!memberExpression.computed &&
+        memberExpression.property.type === "Identifier") {
+        return memberExpression.property.name;
+    }
+    if (memberExpression.property.type === "Literal" &&
+        typeof memberExpression.property.value === "string") {
+        return memberExpression.property.value;
+    }
+    return undefined;
+};
+const isTruthyLiteral = (node) => node.type === "Literal" && node.value === true;
+const hasShellTrueOption = (optionsNode) => {
+    if (optionsNode.type !== "ObjectExpression") {
+        return false;
+    }
+    for (const propertyNode of optionsNode.properties) {
+        if (propertyNode.type !== "Property" || propertyNode.kind !== "init") {
+            continue;
+        }
+        const keyName = propertyNode.key.type === "Identifier"
+            ? propertyNode.key.name
+            : propertyNode.key.type === "Literal" &&
+                typeof propertyNode.key.value === "string"
+                ? propertyNode.key.value
+                : undefined;
+        if (keyName !== "shell") {
+            continue;
+        }
+        if (isTruthyLiteral(propertyNode.value)) {
+            return true;
+        }
+    }
+    return false;
+};
+const isTargetChildProcessMethod = (node) => {
+    if (node.callee.type === "Identifier") {
+        return node.callee.name === "spawn" || node.callee.name === "execFile";
+    }
+    if (node.callee.type !== "MemberExpression") {
+        return false;
+    }
+    const methodName = getMemberPropertyName(node.callee);
+    return methodName === "spawn" || methodName === "execFile";
+};
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (!isTargetChildProcessMethod(node)) {
+                    return;
+                }
+                for (const argumentNode of node.arguments) {
+                    if (argumentNode.type === "SpreadElement") {
+                        continue;
+                    }
+                    if (!hasShellTrueOption(argumentNode)) {
+                        continue;
+                    }
+                    context.report({
+                        messageId: "default",
+                        node: argumentNode,
+                    });
+                }
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow child_process spawn/execFile options that enable shell: true.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-child-process-shell-true",
+        },
+        messages: {
+            default: "Do not enable shell: true for child_process execution paths.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-child-process-shell-true",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-child-process-shell-true.js.map

package/dist/rules/no-child-process-shell-true.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-child-process-shell-true.js","sourceRoot":"","sources":["../../src/rules/no-child-process-shell-true.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,MAAM,qBAAqB,GAAG,CAC1B,gBAA2C,EACzB,EAAE;IACpB,IACI,CAAC,gBAAgB,CAAC,QAAQ;QAC1B,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EACjD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC1C,CAAC;IAED,IACI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;QAC5C,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EACrD,CAAC;QACC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;IAC3C,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,IAAgC,EAAW,EAAE,CAClE,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;AAEnD,MAAM,kBAAkB,GAAG,CAAC,WAAgC,EAAW,EAAE;IACrE,IAAI,WAAW,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,KAAK,MAAM,YAAY,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;QAChD,IAAI,YAAY,CAAC,IAAI,KAAK,UAAU,IAAI,YAAY,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YACnE,SAAS;QACb,CAAC;QAED,MAAM,OAAO,GACT,YAAY,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;YAClC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI;YACvB,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,KAAK,SAAS;gBACjC,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,KAAK,QAAQ;gBAC5C,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK;gBACxB,CAAC,CAAC,SAAS,CAAC;QAEtB,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACtB,SAAS;QACb,CAAC;QAED,IAAI,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,0BAA0B,GAAG,CAAC,IAA6B,EAAW,EAAE;IAC1E,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC;IAC3E,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEtD,OAAO,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,UAAU,CAAC;AAC/D,CAAC,CAAC;AAEF,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAwB;IAC1E,MAAM,CAAC,OAAO;QACV,OAAO;YACH,cAAc,CAAC,IAA6B;gBACxC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpC,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACxC,IAAI,YAAY,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;wBACxC,SAAS;oBACb,CAAC;oBAED,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;wBACpC,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,SAAS,EAAE,SAAS;wBACpB,IAAI,EAAE,YAAY;qBACrB,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,wEAAwE;YAC5E,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,yFAAyF;SACjG;QACD,QAAQ,EAAE;YACN,OAAO,EACH,8DAA8D;SACrE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,6BAA6B;CACtC,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-cookies.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-cookies.d.ts.map

package/dist/rules/no-cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-cookies.d.ts","sourceRoot":"","sources":["../../src/rules/no-cookies.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CAoCtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-cookies.js

@@ -0,0 +1,38 @@
+import { getFullTypeChecker, isDocumentObject, } from "../_internal/ast-utils.js";
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const fullTypeChecker = getFullTypeChecker(context);
+        return {
+            "MemberExpression[property.name='cookie']"(node) {
+                if (!isDocumentObject(node.object, context, fullTypeChecker)) {
+                    return;
+                }
+                context.report({
+                    messageId: "doNotUseCookies",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow document.cookie usage to avoid insecure legacy client-side storage patterns.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-cookies",
+        },
+        messages: {
+            doNotUseCookies: "Do not use HTTP cookies in modern applications.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-cookies",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-cookies.js.map

package/dist/rules/no-cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-cookies.js","sourceRoot":"","sources":["../../src/rules/no-cookies.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,kBAAkB,EAClB,gBAAgB,GACnB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,MAAM,IAAI,GAAkC,UAAU,CAAC;IACnD,MAAM,CAAC,OAAO;QACV,MAAM,eAAe,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEpD,OAAO;YACH,0CAA0C,CACtC,IAA+B;gBAE/B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;oBAC3D,OAAO;gBACX,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACX,SAAS,EAAE,iBAAiB;oBAC5B,IAAI;iBACP,CAAC,CAAC;YACP,CAAC;SACJ,CAAC;IACN,CAAC;IACD,cAAc,EAAE,EAAE;IAClB,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,WAAW,EACP,uFAAuF;YAC3F,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,KAAK;YAClB,GAAG,EAAE,wEAAwE;SAChF;QACD,QAAQ,EAAE;YACN,eAAe,EAAE,iDAAiD;SACrE;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,SAAS;KAClB;IACD,IAAI,EAAE,YAAY;CACrB,CAAC,CAAC;AAEH,eAAe,IAAI,CAAC;AACpB,iIAAiI"}

package/dist/rules/no-document-domain.d.ts

@@ -0,0 +1,5 @@
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+declare const rule: ReturnType<typeof createRule>;
+export default rule;
+//# sourceMappingURL=no-document-domain.d.ts.map

package/dist/rules/no-document-domain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-document-domain.d.ts","sourceRoot":"","sources":["../../src/rules/no-document-domain.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,2BAA2B;AAC3B,QAAA,MAAM,IAAI,EAAE,UAAU,CAAC,OAAO,UAAU,CA8CtC,CAAC;AAEH,eAAe,IAAI,CAAC"}

package/dist/rules/no-document-domain.js

@@ -0,0 +1,41 @@
+import { getFullTypeChecker, isDocumentObject, } from "../_internal/ast-utils.js";
+import { createRule } from "../_internal/create-rule.js";
+/** Rule implementation. */
+const rule = createRule({
+    create(context) {
+        const fullTypeChecker = getFullTypeChecker(context);
+        return {
+            "AssignmentExpression[operator='='][left.property.name='domain']"(node) {
+                if (node.left.type !== "MemberExpression") {
+                    return;
+                }
+                if (!isDocumentObject(node.left.object, context, fullTypeChecker)) {
+                    return;
+                }
+                context.report({
+                    messageId: "default",
+                    node,
+                });
+            },
+        };
+    },
+    defaultOptions: [],
+    meta: {
+        deprecated: false,
+        docs: {
+            description: "disallow writes to document.domain that can weaken same-origin policy guarantees.",
+            frozen: false,
+            recommended: false,
+            url: "https://nick2bad4u.github.io/eslint-plugin-SDL-2/docs/rules/no-document-domain",
+        },
+        messages: {
+            default: "Do not write to document.domain.",
+        },
+        schema: [],
+        type: "problem",
+    },
+    name: "no-document-domain",
+});
+export default rule;
+/* eslint-enable @typescript-eslint/prefer-readonly-parameter-types -- Restore linting after rule implementation declarations. */
+//# sourceMappingURL=no-document-domain.js.map