eslint-plugin-secure-coding 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +196 -0
- package/CHANGELOG.md +105 -0
- package/LICENSE +23 -0
- package/README.md +377 -0
- package/package.json +80 -0
- package/src/index.d.ts +32 -0
- package/src/index.js +345 -0
- package/src/index.js.map +1 -0
- package/src/rules/security/database-injection.d.ts +13 -0
- package/src/rules/security/database-injection.js +407 -0
- package/src/rules/security/database-injection.js.map +1 -0
- package/src/rules/security/detect-child-process.d.ts +11 -0
- package/src/rules/security/detect-child-process.js +460 -0
- package/src/rules/security/detect-child-process.js.map +1 -0
- package/src/rules/security/detect-eval-with-expression.d.ts +9 -0
- package/src/rules/security/detect-eval-with-expression.js +393 -0
- package/src/rules/security/detect-eval-with-expression.js.map +1 -0
- package/src/rules/security/detect-non-literal-fs-filename.d.ts +7 -0
- package/src/rules/security/detect-non-literal-fs-filename.js +322 -0
- package/src/rules/security/detect-non-literal-fs-filename.js.map +1 -0
- package/src/rules/security/detect-non-literal-regexp.d.ts +9 -0
- package/src/rules/security/detect-non-literal-regexp.js +387 -0
- package/src/rules/security/detect-non-literal-regexp.js.map +1 -0
- package/src/rules/security/detect-object-injection.d.ts +11 -0
- package/src/rules/security/detect-object-injection.js +411 -0
- package/src/rules/security/detect-object-injection.js.map +1 -0
- package/src/rules/security/no-buffer-overread.d.ts +14 -0
- package/src/rules/security/no-buffer-overread.js +519 -0
- package/src/rules/security/no-buffer-overread.js.map +1 -0
- package/src/rules/security/no-clickjacking.d.ts +10 -0
- package/src/rules/security/no-clickjacking.js +381 -0
- package/src/rules/security/no-clickjacking.js.map +1 -0
- package/src/rules/security/no-directive-injection.d.ts +12 -0
- package/src/rules/security/no-directive-injection.js +446 -0
- package/src/rules/security/no-directive-injection.js.map +1 -0
- package/src/rules/security/no-document-cookie.d.ts +5 -0
- package/src/rules/security/no-document-cookie.js +90 -0
- package/src/rules/security/no-document-cookie.js.map +1 -0
- package/src/rules/security/no-electron-security-issues.d.ts +10 -0
- package/src/rules/security/no-electron-security-issues.js +421 -0
- package/src/rules/security/no-electron-security-issues.js.map +1 -0
- package/src/rules/security/no-exposed-sensitive-data.d.ts +11 -0
- package/src/rules/security/no-exposed-sensitive-data.js +341 -0
- package/src/rules/security/no-exposed-sensitive-data.js.map +1 -0
- package/src/rules/security/no-format-string-injection.d.ts +17 -0
- package/src/rules/security/no-format-string-injection.js +653 -0
- package/src/rules/security/no-format-string-injection.js.map +1 -0
- package/src/rules/security/no-graphql-injection.d.ts +12 -0
- package/src/rules/security/no-graphql-injection.js +410 -0
- package/src/rules/security/no-graphql-injection.js.map +1 -0
- package/src/rules/security/no-hardcoded-credentials.d.ts +26 -0
- package/src/rules/security/no-hardcoded-credentials.js +377 -0
- package/src/rules/security/no-hardcoded-credentials.js.map +1 -0
- package/src/rules/security/no-improper-sanitization.d.ts +12 -0
- package/src/rules/security/no-improper-sanitization.js +408 -0
- package/src/rules/security/no-improper-sanitization.js.map +1 -0
- package/src/rules/security/no-improper-type-validation.d.ts +10 -0
- package/src/rules/security/no-improper-type-validation.js +420 -0
- package/src/rules/security/no-improper-type-validation.js.map +1 -0
- package/src/rules/security/no-insecure-comparison.d.ts +7 -0
- package/src/rules/security/no-insecure-comparison.js +125 -0
- package/src/rules/security/no-insecure-comparison.js.map +1 -0
- package/src/rules/security/no-insecure-cookie-settings.d.ts +9 -0
- package/src/rules/security/no-insecure-cookie-settings.js +305 -0
- package/src/rules/security/no-insecure-cookie-settings.js.map +1 -0
- package/src/rules/security/no-insecure-jwt.d.ts +10 -0
- package/src/rules/security/no-insecure-jwt.js +338 -0
- package/src/rules/security/no-insecure-jwt.js.map +1 -0
- package/src/rules/security/no-insecure-redirects.d.ts +7 -0
- package/src/rules/security/no-insecure-redirects.js +215 -0
- package/src/rules/security/no-insecure-redirects.js.map +1 -0
- package/src/rules/security/no-insufficient-postmessage-validation.d.ts +14 -0
- package/src/rules/security/no-insufficient-postmessage-validation.js +390 -0
- package/src/rules/security/no-insufficient-postmessage-validation.js.map +1 -0
- package/src/rules/security/no-insufficient-random.d.ts +9 -0
- package/src/rules/security/no-insufficient-random.js +207 -0
- package/src/rules/security/no-insufficient-random.js.map +1 -0
- package/src/rules/security/no-ldap-injection.d.ts +10 -0
- package/src/rules/security/no-ldap-injection.js +449 -0
- package/src/rules/security/no-ldap-injection.js.map +1 -0
- package/src/rules/security/no-missing-authentication.d.ts +13 -0
- package/src/rules/security/no-missing-authentication.js +322 -0
- package/src/rules/security/no-missing-authentication.js.map +1 -0
- package/src/rules/security/no-missing-cors-check.d.ts +9 -0
- package/src/rules/security/no-missing-cors-check.js +449 -0
- package/src/rules/security/no-missing-cors-check.js.map +1 -0
- package/src/rules/security/no-missing-csrf-protection.d.ts +11 -0
- package/src/rules/security/no-missing-csrf-protection.js +183 -0
- package/src/rules/security/no-missing-csrf-protection.js.map +1 -0
- package/src/rules/security/no-missing-security-headers.d.ts +7 -0
- package/src/rules/security/no-missing-security-headers.js +217 -0
- package/src/rules/security/no-missing-security-headers.js.map +1 -0
- package/src/rules/security/no-privilege-escalation.d.ts +13 -0
- package/src/rules/security/no-privilege-escalation.js +321 -0
- package/src/rules/security/no-privilege-escalation.js.map +1 -0
- package/src/rules/security/no-redos-vulnerable-regex.d.ts +7 -0
- package/src/rules/security/no-redos-vulnerable-regex.js +307 -0
- package/src/rules/security/no-redos-vulnerable-regex.js.map +1 -0
- package/src/rules/security/no-sensitive-data-exposure.d.ts +11 -0
- package/src/rules/security/no-sensitive-data-exposure.js +251 -0
- package/src/rules/security/no-sensitive-data-exposure.js.map +1 -0
- package/src/rules/security/no-sql-injection.d.ts +10 -0
- package/src/rules/security/no-sql-injection.js +332 -0
- package/src/rules/security/no-sql-injection.js.map +1 -0
- package/src/rules/security/no-timing-attack.d.ts +10 -0
- package/src/rules/security/no-timing-attack.js +358 -0
- package/src/rules/security/no-timing-attack.js.map +1 -0
- package/src/rules/security/no-toctou-vulnerability.d.ts +7 -0
- package/src/rules/security/no-toctou-vulnerability.js +165 -0
- package/src/rules/security/no-toctou-vulnerability.js.map +1 -0
- package/src/rules/security/no-unchecked-loop-condition.d.ts +12 -0
- package/src/rules/security/no-unchecked-loop-condition.js +635 -0
- package/src/rules/security/no-unchecked-loop-condition.js.map +1 -0
- package/src/rules/security/no-unencrypted-transmission.d.ts +11 -0
- package/src/rules/security/no-unencrypted-transmission.js +237 -0
- package/src/rules/security/no-unencrypted-transmission.js.map +1 -0
- package/src/rules/security/no-unescaped-url-parameter.d.ts +9 -0
- package/src/rules/security/no-unescaped-url-parameter.js +266 -0
- package/src/rules/security/no-unescaped-url-parameter.js.map +1 -0
- package/src/rules/security/no-unlimited-resource-allocation.d.ts +12 -0
- package/src/rules/security/no-unlimited-resource-allocation.js +659 -0
- package/src/rules/security/no-unlimited-resource-allocation.js.map +1 -0
- package/src/rules/security/no-unsafe-deserialization.d.ts +10 -0
- package/src/rules/security/no-unsafe-deserialization.js +501 -0
- package/src/rules/security/no-unsafe-deserialization.js.map +1 -0
- package/src/rules/security/no-unsafe-dynamic-require.d.ts +5 -0
- package/src/rules/security/no-unsafe-dynamic-require.js +107 -0
- package/src/rules/security/no-unsafe-dynamic-require.js.map +1 -0
- package/src/rules/security/no-unsafe-regex-construction.d.ts +9 -0
- package/src/rules/security/no-unsafe-regex-construction.js +292 -0
- package/src/rules/security/no-unsafe-regex-construction.js.map +1 -0
- package/src/rules/security/no-unsanitized-html.d.ts +9 -0
- package/src/rules/security/no-unsanitized-html.js +347 -0
- package/src/rules/security/no-unsanitized-html.js.map +1 -0
- package/src/rules/security/no-unvalidated-user-input.d.ts +9 -0
- package/src/rules/security/no-unvalidated-user-input.js +418 -0
- package/src/rules/security/no-unvalidated-user-input.js.map +1 -0
- package/src/rules/security/no-weak-crypto.d.ts +11 -0
- package/src/rules/security/no-weak-crypto.js +350 -0
- package/src/rules/security/no-weak-crypto.js.map +1 -0
- package/src/rules/security/no-weak-password-recovery.d.ts +12 -0
- package/src/rules/security/no-weak-password-recovery.js +401 -0
- package/src/rules/security/no-weak-password-recovery.js.map +1 -0
- package/src/rules/security/no-xpath-injection.d.ts +10 -0
- package/src/rules/security/no-xpath-injection.js +487 -0
- package/src/rules/security/no-xpath-injection.js.map +1 -0
- package/src/rules/security/no-xxe-injection.d.ts +7 -0
- package/src/rules/security/no-xxe-injection.js +270 -0
- package/src/rules/security/no-xxe-injection.js.map +1 -0
- package/src/rules/security/no-zip-slip.d.ts +9 -0
- package/src/rules/security/no-zip-slip.js +446 -0
- package/src/rules/security/no-zip-slip.js.map +1 -0
- package/src/types/index.d.ts +131 -0
- package/src/types/index.js +18 -0
- package/src/types/index.js.map +1 -0
|
@@ -0,0 +1,519 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.noBufferOverread = void 0;
|
|
4
|
+
const eslint_devkit_1 = require("@interlace/eslint-devkit");
|
|
5
|
+
const eslint_devkit_2 = require("@interlace/eslint-devkit");
|
|
6
|
+
const eslint_devkit_3 = require("@interlace/eslint-devkit");
|
|
7
|
+
exports.noBufferOverread = (0, eslint_devkit_1.createRule)({
|
|
8
|
+
name: 'no-buffer-overread',
|
|
9
|
+
meta: {
|
|
10
|
+
type: 'problem',
|
|
11
|
+
docs: {
|
|
12
|
+
description: 'Detects buffer access beyond bounds',
|
|
13
|
+
},
|
|
14
|
+
fixable: 'code',
|
|
15
|
+
hasSuggestions: true,
|
|
16
|
+
messages: {
|
|
17
|
+
bufferOverread: (0, eslint_devkit_2.formatLLMMessage)({
|
|
18
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
19
|
+
issueName: 'Buffer Overread',
|
|
20
|
+
cwe: 'CWE-126',
|
|
21
|
+
description: 'Buffer access beyond allocated bounds',
|
|
22
|
+
severity: '{{severity}}',
|
|
23
|
+
fix: '{{safeAlternative}}',
|
|
24
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/126.html',
|
|
25
|
+
}),
|
|
26
|
+
unsafeBufferAccess: (0, eslint_devkit_2.formatLLMMessage)({
|
|
27
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
28
|
+
issueName: 'Unsafe Buffer Access',
|
|
29
|
+
cwe: 'CWE-126',
|
|
30
|
+
description: 'Buffer accessed without bounds validation',
|
|
31
|
+
severity: 'HIGH',
|
|
32
|
+
fix: 'Add bounds check before buffer access',
|
|
33
|
+
documentationLink: 'https://nodejs.org/api/buffer.html',
|
|
34
|
+
}),
|
|
35
|
+
missingBoundsCheck: (0, eslint_devkit_2.formatLLMMessage)({
|
|
36
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
37
|
+
issueName: 'Missing Bounds Check',
|
|
38
|
+
cwe: 'CWE-126',
|
|
39
|
+
description: 'Buffer operation missing bounds validation',
|
|
40
|
+
severity: 'MEDIUM',
|
|
41
|
+
fix: 'Validate indices before buffer operations',
|
|
42
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/126.html',
|
|
43
|
+
}),
|
|
44
|
+
negativeBufferIndex: (0, eslint_devkit_2.formatLLMMessage)({
|
|
45
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
46
|
+
issueName: 'Negative Buffer Index',
|
|
47
|
+
cwe: 'CWE-126',
|
|
48
|
+
description: 'Negative index used for buffer access',
|
|
49
|
+
severity: 'MEDIUM',
|
|
50
|
+
fix: 'Ensure buffer indices are non-negative',
|
|
51
|
+
documentationLink: 'https://nodejs.org/api/buffer.html',
|
|
52
|
+
}),
|
|
53
|
+
userControlledBufferIndex: (0, eslint_devkit_2.formatLLMMessage)({
|
|
54
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
55
|
+
issueName: 'User Controlled Buffer Index',
|
|
56
|
+
cwe: 'CWE-126',
|
|
57
|
+
description: 'Buffer accessed with user-controlled index',
|
|
58
|
+
severity: 'HIGH',
|
|
59
|
+
fix: 'Validate user input before using as buffer index',
|
|
60
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/126.html',
|
|
61
|
+
}),
|
|
62
|
+
unsafeBufferSlice: (0, eslint_devkit_2.formatLLMMessage)({
|
|
63
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
64
|
+
issueName: 'Unsafe Buffer Slice',
|
|
65
|
+
cwe: 'CWE-126',
|
|
66
|
+
description: 'Buffer slice with unvalidated indices',
|
|
67
|
+
severity: 'MEDIUM',
|
|
68
|
+
fix: 'Validate slice start/end indices',
|
|
69
|
+
documentationLink: 'https://nodejs.org/api/buffer.html#bufslicestart-end',
|
|
70
|
+
}),
|
|
71
|
+
bufferLengthNotChecked: (0, eslint_devkit_2.formatLLMMessage)({
|
|
72
|
+
icon: eslint_devkit_2.MessageIcons.SECURITY,
|
|
73
|
+
issueName: 'Buffer Length Not Checked',
|
|
74
|
+
cwe: 'CWE-126',
|
|
75
|
+
description: 'Buffer length not validated before access',
|
|
76
|
+
severity: 'MEDIUM',
|
|
77
|
+
fix: 'Check buffer.length before operations',
|
|
78
|
+
documentationLink: 'https://nodejs.org/api/buffer.html#buflength',
|
|
79
|
+
}),
|
|
80
|
+
useSafeBufferAccess: (0, eslint_devkit_2.formatLLMMessage)({
|
|
81
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
82
|
+
issueName: 'Use Safe Buffer Access',
|
|
83
|
+
description: 'Use bounds-checked buffer access methods',
|
|
84
|
+
severity: 'LOW',
|
|
85
|
+
fix: 'Use buffer.read*() with offset validation or safe wrapper functions',
|
|
86
|
+
documentationLink: 'https://nodejs.org/api/buffer.html',
|
|
87
|
+
}),
|
|
88
|
+
validateBufferIndices: (0, eslint_devkit_2.formatLLMMessage)({
|
|
89
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
90
|
+
issueName: 'Validate Buffer Indices',
|
|
91
|
+
description: 'Validate buffer indices before use',
|
|
92
|
+
severity: 'LOW',
|
|
93
|
+
fix: 'Check 0 <= index < buffer.length',
|
|
94
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/126.html',
|
|
95
|
+
}),
|
|
96
|
+
checkBufferBounds: (0, eslint_devkit_2.formatLLMMessage)({
|
|
97
|
+
icon: eslint_devkit_2.MessageIcons.INFO,
|
|
98
|
+
issueName: 'Check Buffer Bounds',
|
|
99
|
+
description: 'Always check buffer bounds',
|
|
100
|
+
severity: 'LOW',
|
|
101
|
+
fix: 'Validate buffer operations against buffer.length',
|
|
102
|
+
documentationLink: 'https://nodejs.org/api/buffer.html#buflength',
|
|
103
|
+
}),
|
|
104
|
+
strategyBoundsChecking: (0, eslint_devkit_2.formatLLMMessage)({
|
|
105
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
106
|
+
issueName: 'Bounds Checking Strategy',
|
|
107
|
+
description: 'Implement comprehensive bounds checking',
|
|
108
|
+
severity: 'LOW',
|
|
109
|
+
fix: 'Validate all buffer indices and lengths before operations',
|
|
110
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/126.html',
|
|
111
|
+
}),
|
|
112
|
+
strategyInputValidation: (0, eslint_devkit_2.formatLLMMessage)({
|
|
113
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
114
|
+
issueName: 'Input Validation Strategy',
|
|
115
|
+
description: 'Validate user input used as buffer indices',
|
|
116
|
+
severity: 'LOW',
|
|
117
|
+
fix: 'Sanitize and validate all user input before buffer operations',
|
|
118
|
+
documentationLink: 'https://nodejs.org/api/buffer.html',
|
|
119
|
+
}),
|
|
120
|
+
strategySafeBuffers: (0, eslint_devkit_2.formatLLMMessage)({
|
|
121
|
+
icon: eslint_devkit_2.MessageIcons.STRATEGY,
|
|
122
|
+
issueName: 'Safe Buffer Strategy',
|
|
123
|
+
description: 'Use safe buffer wrapper libraries',
|
|
124
|
+
severity: 'LOW',
|
|
125
|
+
fix: 'Use libraries that provide bounds-checked buffer operations',
|
|
126
|
+
documentationLink: 'https://www.npmjs.com/package/safe-buffer',
|
|
127
|
+
})
|
|
128
|
+
},
|
|
129
|
+
schema: [
|
|
130
|
+
{
|
|
131
|
+
type: 'object',
|
|
132
|
+
properties: {
|
|
133
|
+
bufferMethods: {
|
|
134
|
+
type: 'array',
|
|
135
|
+
items: { type: 'string' },
|
|
136
|
+
default: ['readUInt8', 'readUInt16LE', 'readUInt32LE', 'readInt8', 'readInt16LE', 'readInt32LE', 'writeUInt8', 'writeUInt16LE', 'writeUInt32LE', 'slice', 'copy'],
|
|
137
|
+
},
|
|
138
|
+
boundsCheckFunctions: {
|
|
139
|
+
type: 'array',
|
|
140
|
+
items: { type: 'string' },
|
|
141
|
+
default: ['validateIndex', 'checkBounds', 'safeIndex', 'validateBufferIndex'],
|
|
142
|
+
},
|
|
143
|
+
bufferTypes: {
|
|
144
|
+
type: 'array',
|
|
145
|
+
items: { type: 'string' },
|
|
146
|
+
default: ['Buffer', 'Uint8Array', 'ArrayBuffer', 'DataView'],
|
|
147
|
+
},
|
|
148
|
+
trustedSanitizers: {
|
|
149
|
+
type: 'array',
|
|
150
|
+
items: { type: 'string' },
|
|
151
|
+
default: [],
|
|
152
|
+
description: 'Additional function names to consider as buffer index validators',
|
|
153
|
+
},
|
|
154
|
+
trustedAnnotations: {
|
|
155
|
+
type: 'array',
|
|
156
|
+
items: { type: 'string' },
|
|
157
|
+
default: [],
|
|
158
|
+
description: 'Additional JSDoc annotations to consider as safe markers',
|
|
159
|
+
},
|
|
160
|
+
strictMode: {
|
|
161
|
+
type: 'boolean',
|
|
162
|
+
default: false,
|
|
163
|
+
description: 'Disable all false positive detection (strict mode)',
|
|
164
|
+
},
|
|
165
|
+
},
|
|
166
|
+
additionalProperties: false,
|
|
167
|
+
},
|
|
168
|
+
],
|
|
169
|
+
},
|
|
170
|
+
defaultOptions: [
|
|
171
|
+
{
|
|
172
|
+
bufferMethods: ['readUInt8', 'readUInt16LE', 'readUInt32LE', 'readInt8', 'readInt16LE', 'readInt32LE', 'writeUInt8', 'writeUInt16LE', 'writeUInt32LE', 'slice', 'copy'],
|
|
173
|
+
boundsCheckFunctions: ['validateIndex', 'checkBounds', 'safeIndex', 'validateBufferIndex'],
|
|
174
|
+
bufferTypes: ['Buffer', 'Uint8Array', 'ArrayBuffer', 'DataView'],
|
|
175
|
+
trustedSanitizers: [],
|
|
176
|
+
trustedAnnotations: [],
|
|
177
|
+
strictMode: false,
|
|
178
|
+
},
|
|
179
|
+
],
|
|
180
|
+
create(context) {
|
|
181
|
+
const options = context.options[0] || {};
|
|
182
|
+
const { bufferMethods = ['readUInt8', 'readUInt16LE', 'readUInt32LE', 'readInt8', 'readInt16LE', 'readInt32LE', 'writeUInt8', 'writeUInt16LE', 'writeUInt32LE', 'slice', 'copy'], boundsCheckFunctions = ['validateIndex', 'checkBounds', 'safeIndex', 'validateBufferIndex'], bufferTypes = ['Buffer', 'Uint8Array', 'ArrayBuffer', 'DataView'], trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
|
|
183
|
+
const sourceCode = context.sourceCode || context.sourceCode;
|
|
184
|
+
const filename = context.filename || context.getFilename();
|
|
185
|
+
// Create safety checker for false positive detection
|
|
186
|
+
const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
|
|
187
|
+
trustedSanitizers,
|
|
188
|
+
trustedAnnotations,
|
|
189
|
+
trustedOrmPatterns: [],
|
|
190
|
+
strictMode,
|
|
191
|
+
});
|
|
192
|
+
// Track buffer variables
|
|
193
|
+
const bufferVars = new Set();
|
|
194
|
+
/**
|
|
195
|
+
* Check if variable is a buffer type
|
|
196
|
+
*/
|
|
197
|
+
const isBufferType = (varName) => {
|
|
198
|
+
return bufferVars.has(varName) ||
|
|
199
|
+
bufferTypes.some(type => varName.toLowerCase().includes(type.toLowerCase()));
|
|
200
|
+
};
|
|
201
|
+
/**
|
|
202
|
+
* Check if index is user-controlled
|
|
203
|
+
*/
|
|
204
|
+
const isUserControlledIndex = (indexNode) => {
|
|
205
|
+
if (indexNode.type === 'Identifier') {
|
|
206
|
+
const varName = indexNode.name.toLowerCase();
|
|
207
|
+
return ['req', 'request', 'query', 'params', 'input', 'user', 'offset', 'index'].some(keyword => varName.includes(keyword));
|
|
208
|
+
}
|
|
209
|
+
return false;
|
|
210
|
+
};
|
|
211
|
+
/**
|
|
212
|
+
* Check if index has been validated
|
|
213
|
+
*/
|
|
214
|
+
const isIndexValidated = (indexNode) => {
|
|
215
|
+
// If it's a literal number, check if it's non-negative
|
|
216
|
+
if (indexNode.type === 'Literal' && typeof indexNode.value === 'number') {
|
|
217
|
+
return indexNode.value >= 0;
|
|
218
|
+
}
|
|
219
|
+
// If it's an identifier, check if it comes from a bounds check function
|
|
220
|
+
if (indexNode.type === 'Identifier') {
|
|
221
|
+
let current = indexNode;
|
|
222
|
+
// Walk up the AST to find where this variable was assigned
|
|
223
|
+
while (current) {
|
|
224
|
+
// Check if we're in a variable declaration
|
|
225
|
+
if (current.type === 'VariableDeclarator' &&
|
|
226
|
+
current.id.type === 'Identifier' &&
|
|
227
|
+
current.id.name === indexNode.name &&
|
|
228
|
+
current.init) {
|
|
229
|
+
const init = current.init;
|
|
230
|
+
// Check if assigned from a bounds check function
|
|
231
|
+
if (init.type === 'CallExpression' &&
|
|
232
|
+
init.callee.type === 'Identifier' &&
|
|
233
|
+
boundsCheckFunctions.includes(init.callee.name)) {
|
|
234
|
+
return true;
|
|
235
|
+
}
|
|
236
|
+
// Check if assigned from Math.min/max with buffer.length
|
|
237
|
+
if (init.type === 'CallExpression' &&
|
|
238
|
+
init.callee.type === 'MemberExpression' &&
|
|
239
|
+
init.callee.object.type === 'Identifier' &&
|
|
240
|
+
init.callee.object.name === 'Math' &&
|
|
241
|
+
init.callee.property.type === 'Identifier' &&
|
|
242
|
+
(init.callee.property.name === 'min' || init.callee.property.name === 'max')) {
|
|
243
|
+
return true;
|
|
244
|
+
}
|
|
245
|
+
break;
|
|
246
|
+
}
|
|
247
|
+
// Check if it's a parameter in a function - assume validated if it's a function param
|
|
248
|
+
if (current.type === 'FunctionDeclaration' ||
|
|
249
|
+
current.type === 'FunctionExpression' ||
|
|
250
|
+
current.type === 'ArrowFunctionExpression') {
|
|
251
|
+
const params = current.params;
|
|
252
|
+
for (const param of params) {
|
|
253
|
+
if (param.type === 'Identifier' && param.name === indexNode.name) {
|
|
254
|
+
return true; // Function parameters are assumed validated
|
|
255
|
+
}
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
current = current.parent;
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
// Check if it's a call to a bounds check function directly
|
|
262
|
+
if (indexNode.type === 'CallExpression' &&
|
|
263
|
+
indexNode.callee.type === 'Identifier' &&
|
|
264
|
+
boundsCheckFunctions.includes(indexNode.callee.name)) {
|
|
265
|
+
return true;
|
|
266
|
+
}
|
|
267
|
+
return false;
|
|
268
|
+
};
|
|
269
|
+
/**
|
|
270
|
+
* Check if there's a bounds check in the current scope
|
|
271
|
+
*/
|
|
272
|
+
const hasBoundsCheck = (bufferName, indexNode) => {
|
|
273
|
+
// Look for bounds checks in the current function scope
|
|
274
|
+
let current = indexNode;
|
|
275
|
+
while (current) {
|
|
276
|
+
// Check if we're in a function
|
|
277
|
+
if (current.type === 'FunctionDeclaration' ||
|
|
278
|
+
current.type === 'FunctionExpression' ||
|
|
279
|
+
current.type === 'ArrowFunctionExpression') {
|
|
280
|
+
break;
|
|
281
|
+
}
|
|
282
|
+
// Look for if statements that check bounds
|
|
283
|
+
if (current.type === 'IfStatement') {
|
|
284
|
+
const condition = current.test;
|
|
285
|
+
const conditionText = sourceCode.getText(condition).toLowerCase();
|
|
286
|
+
// Check for bounds checking patterns
|
|
287
|
+
if (conditionText.includes(`${bufferName}.length`) &&
|
|
288
|
+
(conditionText.includes('<') || conditionText.includes('<=') ||
|
|
289
|
+
conditionText.includes('>') || conditionText.includes('>=') ||
|
|
290
|
+
conditionText.includes('&&') || conditionText.includes('||'))) {
|
|
291
|
+
return true;
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
// Look for variable declarations that might be bounds checks
|
|
295
|
+
if (current.type === 'VariableDeclaration') {
|
|
296
|
+
for (const declarator of current.declarations) {
|
|
297
|
+
if (declarator.init) {
|
|
298
|
+
const initText = sourceCode.getText(declarator.init).toLowerCase();
|
|
299
|
+
if (initText.includes(`${bufferName}.length`) &&
|
|
300
|
+
(initText.includes('math.min') || initText.includes('math.max') ||
|
|
301
|
+
initText.includes('mathmin') || initText.includes('mathmax'))) {
|
|
302
|
+
return true;
|
|
303
|
+
}
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
// Look for return statements or early returns that might indicate bounds checking
|
|
308
|
+
if (current.type === 'ReturnStatement' && current.argument) {
|
|
309
|
+
const returnText = sourceCode.getText(current.argument).toLowerCase();
|
|
310
|
+
if (returnText.includes(`${bufferName}.length`)) {
|
|
311
|
+
return true;
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
current = current.parent;
|
|
315
|
+
}
|
|
316
|
+
return false;
|
|
317
|
+
};
|
|
318
|
+
/**
|
|
319
|
+
* Check if index could be negative
|
|
320
|
+
*/
|
|
321
|
+
const couldBeNegative = (indexNode) => {
|
|
322
|
+
// Check for literal negative numbers
|
|
323
|
+
// Check for literal negative numbers
|
|
324
|
+
if (indexNode.type === 'Literal' && typeof indexNode.value === 'number') {
|
|
325
|
+
return indexNode.value < 0;
|
|
326
|
+
}
|
|
327
|
+
// Check for unary minus expressions like -1, -10, etc.
|
|
328
|
+
if (indexNode.type === 'UnaryExpression' &&
|
|
329
|
+
indexNode.operator === '-' &&
|
|
330
|
+
indexNode.argument.type === 'Literal' &&
|
|
331
|
+
typeof indexNode.argument.value === 'number') {
|
|
332
|
+
return true; // -N is always negative for positive N
|
|
333
|
+
}
|
|
334
|
+
// Check for binary expressions that could be negative like userInput - 10
|
|
335
|
+
if (indexNode.type === 'BinaryExpression' && indexNode.operator === '-') {
|
|
336
|
+
// userInput - 10 could be negative, we can't be sure statically
|
|
337
|
+
return true; // Conservative: assume it could be negative
|
|
338
|
+
}
|
|
339
|
+
// For variables, we can't be sure, but we can check for obvious patterns
|
|
340
|
+
if (indexNode.type === 'Identifier') {
|
|
341
|
+
// Check if this variable is assigned a negative value somewhere
|
|
342
|
+
// This is a simplified check - in practice we'd need more sophisticated analysis
|
|
343
|
+
let current = indexNode;
|
|
344
|
+
while (current) {
|
|
345
|
+
if (current.type === 'VariableDeclarator' && current.init) {
|
|
346
|
+
if (current.init.type === 'Literal' &&
|
|
347
|
+
typeof current.init.value === 'number' &&
|
|
348
|
+
current.init.value < 0) {
|
|
349
|
+
return true;
|
|
350
|
+
}
|
|
351
|
+
// Check for unary minus assignments
|
|
352
|
+
if (current.init.type === 'UnaryExpression' &&
|
|
353
|
+
current.init.operator === '-' &&
|
|
354
|
+
current.init.argument.type === 'Literal' &&
|
|
355
|
+
typeof current.init.argument.value === 'number') {
|
|
356
|
+
return true;
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
|
+
current = current.parent;
|
|
360
|
+
}
|
|
361
|
+
}
|
|
362
|
+
return false;
|
|
363
|
+
};
|
|
364
|
+
return {
|
|
365
|
+
// Track buffer variable declarations
|
|
366
|
+
VariableDeclarator(node) {
|
|
367
|
+
if (node.id.type === 'Identifier' && node.init) {
|
|
368
|
+
const varName = node.id.name;
|
|
369
|
+
// Check if assigned a buffer type
|
|
370
|
+
if (node.init.type === 'NewExpression' &&
|
|
371
|
+
node.init.callee.type === 'Identifier' &&
|
|
372
|
+
bufferTypes.includes(node.init.callee.name)) {
|
|
373
|
+
bufferVars.add(varName);
|
|
374
|
+
}
|
|
375
|
+
// Check if assigned a buffer method result
|
|
376
|
+
if (node.init.type === 'CallExpression') {
|
|
377
|
+
const callee = node.init.callee;
|
|
378
|
+
if (callee.type === 'MemberExpression' &&
|
|
379
|
+
callee.property.type === 'Identifier' &&
|
|
380
|
+
bufferMethods.includes(callee.property.name)) {
|
|
381
|
+
bufferVars.add(varName);
|
|
382
|
+
}
|
|
383
|
+
}
|
|
384
|
+
// Check variable name patterns
|
|
385
|
+
if (bufferTypes.some(type => varName.toLowerCase().includes(type.toLowerCase()))) {
|
|
386
|
+
bufferVars.add(varName);
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
},
|
|
390
|
+
// Check member expressions (buffer[index], buffer.method())
|
|
391
|
+
MemberExpression(node) {
|
|
392
|
+
// Check for buffer[index] access
|
|
393
|
+
if (node.computed && node.object.type === 'Identifier') {
|
|
394
|
+
const bufferName = node.object.name;
|
|
395
|
+
const indexNode = node.property;
|
|
396
|
+
if (isBufferType(bufferName)) {
|
|
397
|
+
// Check for negative indices
|
|
398
|
+
if (couldBeNegative(indexNode)) {
|
|
399
|
+
context.report({
|
|
400
|
+
node,
|
|
401
|
+
messageId: 'negativeBufferIndex',
|
|
402
|
+
data: {
|
|
403
|
+
filePath: filename,
|
|
404
|
+
line: String(node.loc?.start.line ?? 0),
|
|
405
|
+
},
|
|
406
|
+
});
|
|
407
|
+
return;
|
|
408
|
+
}
|
|
409
|
+
// Check for user-controlled indices without validation
|
|
410
|
+
if (isUserControlledIndex(indexNode) && !isIndexValidated(indexNode)) {
|
|
411
|
+
// Check if there's a bounds check in scope
|
|
412
|
+
if (!hasBoundsCheck(bufferName, indexNode)) {
|
|
413
|
+
// FALSE POSITIVE REDUCTION
|
|
414
|
+
if (safetyChecker.isSafe(node, context)) {
|
|
415
|
+
return;
|
|
416
|
+
}
|
|
417
|
+
context.report({
|
|
418
|
+
node,
|
|
419
|
+
messageId: 'userControlledBufferIndex',
|
|
420
|
+
data: {
|
|
421
|
+
filePath: filename,
|
|
422
|
+
line: String(node.loc?.start.line ?? 0),
|
|
423
|
+
},
|
|
424
|
+
});
|
|
425
|
+
return;
|
|
426
|
+
}
|
|
427
|
+
}
|
|
428
|
+
// Check if there's any bounds validation
|
|
429
|
+
if (!hasBoundsCheck(bufferName, indexNode) && !isIndexValidated(indexNode)) {
|
|
430
|
+
// FALSE POSITIVE REDUCTION
|
|
431
|
+
if (safetyChecker.isSafe(node, context)) {
|
|
432
|
+
return;
|
|
433
|
+
}
|
|
434
|
+
context.report({
|
|
435
|
+
node,
|
|
436
|
+
messageId: 'unsafeBufferAccess',
|
|
437
|
+
data: {
|
|
438
|
+
filePath: filename,
|
|
439
|
+
line: String(node.loc?.start.line ?? 0),
|
|
440
|
+
},
|
|
441
|
+
});
|
|
442
|
+
}
|
|
443
|
+
}
|
|
444
|
+
}
|
|
445
|
+
// Check for buffer method calls that need bounds checking
|
|
446
|
+
if (node.property.type === 'Identifier' &&
|
|
447
|
+
bufferMethods.includes(node.property.name) &&
|
|
448
|
+
node.object.type === 'Identifier' &&
|
|
449
|
+
isBufferType(node.object.name)) {
|
|
450
|
+
// This is a parent of a CallExpression, we'll check it there
|
|
451
|
+
}
|
|
452
|
+
},
|
|
453
|
+
// Check buffer method calls
|
|
454
|
+
CallExpression(node) {
|
|
455
|
+
const callee = node.callee;
|
|
456
|
+
// Check for buffer.slice() calls
|
|
457
|
+
if (callee.type === 'MemberExpression' &&
|
|
458
|
+
callee.property.type === 'Identifier' &&
|
|
459
|
+
callee.property.name === 'slice' &&
|
|
460
|
+
callee.object.type === 'Identifier' &&
|
|
461
|
+
isBufferType(callee.object.name)) {
|
|
462
|
+
const args = node.arguments;
|
|
463
|
+
// Check slice arguments
|
|
464
|
+
for (const arg of args) {
|
|
465
|
+
if (isUserControlledIndex(arg) && !isIndexValidated(arg)) {
|
|
466
|
+
// FALSE POSITIVE REDUCTION
|
|
467
|
+
if (safetyChecker.isSafe(node, context)) {
|
|
468
|
+
continue;
|
|
469
|
+
}
|
|
470
|
+
context.report({
|
|
471
|
+
node: arg,
|
|
472
|
+
messageId: 'unsafeBufferSlice',
|
|
473
|
+
data: {
|
|
474
|
+
filePath: filename,
|
|
475
|
+
line: String(node.loc?.start.line ?? 0),
|
|
476
|
+
},
|
|
477
|
+
});
|
|
478
|
+
}
|
|
479
|
+
}
|
|
480
|
+
}
|
|
481
|
+
// Check for buffer read/write methods
|
|
482
|
+
if (callee.type === 'MemberExpression' &&
|
|
483
|
+
callee.property.type === 'Identifier' &&
|
|
484
|
+
bufferMethods.includes(callee.property.name) &&
|
|
485
|
+
callee.object.type === 'Identifier' &&
|
|
486
|
+
isBufferType(callee.object.name)) {
|
|
487
|
+
const args = node.arguments;
|
|
488
|
+
// Check offset/length arguments
|
|
489
|
+
for (const arg of args) {
|
|
490
|
+
if (isUserControlledIndex(arg) && !isIndexValidated(arg)) {
|
|
491
|
+
// FALSE POSITIVE REDUCTION
|
|
492
|
+
if (safetyChecker.isSafe(node, context)) {
|
|
493
|
+
continue;
|
|
494
|
+
}
|
|
495
|
+
context.report({
|
|
496
|
+
node: arg,
|
|
497
|
+
messageId: 'missingBoundsCheck',
|
|
498
|
+
data: {
|
|
499
|
+
filePath: filename,
|
|
500
|
+
line: String(node.loc?.start.line ?? 0),
|
|
501
|
+
},
|
|
502
|
+
});
|
|
503
|
+
}
|
|
504
|
+
}
|
|
505
|
+
}
|
|
506
|
+
},
|
|
507
|
+
// Check binary expressions that might involve buffer operations
|
|
508
|
+
BinaryExpression(node) {
|
|
509
|
+
// Look for patterns like buffer.length - something that might indicate bounds checking
|
|
510
|
+
const leftText = sourceCode.getText(node.left);
|
|
511
|
+
const rightText = sourceCode.getText(node.right);
|
|
512
|
+
if (leftText.includes('.length') || rightText.includes('.length')) {
|
|
513
|
+
// This might be a bounds check - we could analyze this further
|
|
514
|
+
}
|
|
515
|
+
}
|
|
516
|
+
};
|
|
517
|
+
},
|
|
518
|
+
});
|
|
519
|
+
//# sourceMappingURL=no-buffer-overread.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-buffer-overread.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-buffer-overread.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAqCrB,QAAA,gBAAgB,GAAG,IAAA,0BAAU,EAA0B;IAClE,IAAI,EAAE,oBAAoB;IAC1B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,qCAAqC;SACnD;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,wCAAwC;gBAC7C,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,sDAAsD;aAC1E,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,8CAA8C;aAClE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qEAAqE;gBAC1E,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,8CAA8C;aAClE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6DAA6D;gBAClE,iBAAiB,EAAE,2CAA2C;aAC/D,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC;qBAClK;oBACD,oBAAoB,EAAE;wBACpB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,qBAAqB,CAAC;qBAC9E;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC;qBAC7D;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,kEAAkE;qBAChF;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC;YACvK,oBAAoB,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,qBAAqB,CAAC;YAC1F,WAAW,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC;YAChE,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,aAAa,GAAG,CAAC,WAAW,EAAE,cAAc,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC,EACxK,oBAAoB,GAAG,CAAC,eAAe,EAAE,aAAa,EAAE,WAAW,EAAE,qBAAqB,CAAC,EAC3F,WAAW,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,CAAC,EACjE,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH,yBAAyB;QACzB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,OAAe,EAAW,EAAE;YAChD,OAAO,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;gBACvB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACtF,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,SAAwB,EAAW,EAAE;YAClE,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC9F,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC1B,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,gBAAgB,GAAG,CAAC,SAAwB,EAAW,EAAE;YAC7D,uDAAuD;YACvD,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxE,OAAO,SAAS,CAAC,KAAK,IAAI,CAAC,CAAC;YAC9B,CAAC;YAED,wEAAwE;YACxE,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACpC,IAAI,OAAO,GAA8B,SAAS,CAAC;gBAEnD,2DAA2D;gBAC3D,OAAO,OAAO,EAAE,CAAC;oBACf,2CAA2C;oBAC3C,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;wBACrC,OAAO,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY;wBAChC,OAAO,CAAC,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI;wBAClC,OAAO,CAAC,IAAI,EAAE,CAAC;wBAEjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;wBAE1B,iDAAiD;wBACjD,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;4BAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;4BACjC,oBAAoB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;4BACpD,OAAO,IAAI,CAAC;wBACd,CAAC;wBAED,yDAAyD;wBACzD,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;4BAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;4BACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;4BACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM;4BAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BAC1C,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;4BACjF,OAAO,IAAI,CAAC;wBACd,CAAC;wBAED,MAAM;oBACR,CAAC;oBAED,sFAAsF;oBACtF,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB;wBACtC,OAAO,CAAC,IAAI,KAAK,oBAAoB;wBACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;wBAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;wBAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;4BAC3B,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;gCACjE,OAAO,IAAI,CAAC,CAAC,4CAA4C;4BAC3D,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;gBAC5C,CAAC;YACH,CAAC;YAED,2DAA2D;YAC3D,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB;gBACnC,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACtC,oBAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,UAAkB,EAAE,SAAwB,EAAW,EAAE;YAC/E,uDAAuD;YACvD,IAAI,OAAO,GAA8B,SAAS,CAAC;YAEnD,OAAO,OAAO,EAAE,CAAC;gBACf,+BAA+B;gBAC/B,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB;oBACtC,OAAO,CAAC,IAAI,KAAK,oBAAoB;oBACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBAC/C,MAAM;gBACR,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACnC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;oBAC/B,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;oBAElE,qCAAqC;oBACrC,IAAI,aAAa,CAAC,QAAQ,CAAC,GAAG,UAAU,SAAS,CAAC;wBAC9C,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;4BAC3D,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC;4BAC3D,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;wBACnE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;gBAED,6DAA6D;gBAC7D,IAAI,OAAO,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBAC3C,KAAK,MAAM,UAAU,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;wBAC9C,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;4BACpB,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;4BACnE,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,UAAU,SAAS,CAAC;gCACzC,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;oCAC9D,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;gCACnE,OAAO,IAAI,CAAC;4BACd,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,kFAAkF;gBAClF,IAAI,OAAO,CAAC,IAAI,KAAK,iBAAiB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;oBAC3D,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;oBACtE,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,UAAU,SAAS,CAAC,EAAE,CAAC;wBAChD,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;gBAED,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;YAC5C,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,SAAwB,EAAW,EAAE;YAC5D,qCAAqC;YACrC,qCAAqC;YACrC,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxE,OAAO,SAAS,CAAC,KAAK,GAAG,CAAC,CAAC;YAC7B,CAAC;YAED,uDAAuD;YACvD,IAAI,SAAS,CAAC,IAAI,KAAK,iBAAiB;gBACpC,SAAS,CAAC,QAAQ,KAAK,GAAG;gBAC1B,SAAS,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;gBACrC,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACjD,OAAO,IAAI,CAAC,CAAC,uCAAuC;YACtD,CAAC;YAED,0EAA0E;YAC1E,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACxE,gEAAgE;gBAChE,OAAO,IAAI,CAAC,CAAC,4CAA4C;YAC3D,CAAC;YAED,yEAAyE;YACzE,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACpC,gEAAgE;gBAChE,iFAAiF;gBACjF,IAAI,OAAO,GAA8B,SAAS,CAAC;gBAEnD,OAAO,OAAO,EAAE,CAAC;oBACf,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;wBAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS;4BAC/B,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ;4BACtC,OAAO,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;4BAC3B,OAAO,IAAI,CAAC;wBACd,CAAC;wBACD,oCAAoC;wBACpC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,KAAK,iBAAiB;4BACvC,OAAO,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG;4BAC7B,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS;4BACxC,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BACpD,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;gBAC5C,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,OAAO;YACL,qCAAqC;YACrC,kBAAkB,CAAC,IAAiC;gBAClD,IAAI,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;oBAE7B,kCAAkC;oBAClC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe;wBAClC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;wBACtC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;wBAChD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC1B,CAAC;oBAED,2CAA2C;oBAC3C,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACxC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;wBAChC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;4BAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BACrC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;4BACjD,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBAC1B,CAAC;oBACH,CAAC;oBAED,+BAA+B;oBAC/B,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACjF,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,4DAA4D;YAC5D,gBAAgB,CAAC,IAA+B;gBAC9C,iCAAiC;gBACjC,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACvD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;oBACpC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;oBAEhC,IAAI,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC7B,6BAA6B;wBAC7B,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;4BAC/B,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,qBAAqB;gCAChC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;4BACH,OAAO;wBACT,CAAC;wBAED,uDAAuD;wBACvD,IAAI,qBAAqB,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,CAAC;4BACrE,2CAA2C;4BAC3C,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,CAAC;gCAC3C,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI;oCACJ,SAAS,EAAE,2BAA2B;oCACtC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;gCACH,OAAO;4BACT,CAAC;wBACH,CAAC;wBAED,yCAAyC;wBACzC,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,CAAC;4BAC3E,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACnC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;oBAC1C,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACjC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAEnC,6DAA6D;gBAC/D,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,iCAAiC;gBACjC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO;oBAChC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAErC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAE5B,wBAAwB;oBACxB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;wBACvB,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;4BACzD,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,SAAS;4BACX,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,GAAG;gCACT,SAAS,EAAE,mBAAmB;gCAC9B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,sCAAsC;gBACtC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBAC5C,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAErC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAE5B,gCAAgC;oBAChC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;wBACvB,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;4BACzD,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,SAAS;4BACX,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,GAAG;gCACT,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gEAAgE;YAChE,gBAAgB,CAAC,IAA+B;gBAC9C,uFAAuF;gBACvF,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEjD,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAClE,+DAA+D;gBACjE,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
|
|
2
|
+
export interface Options extends SecurityRuleOptions {
|
|
3
|
+
/** Trusted iframe sources */
|
|
4
|
+
trustedSources?: string[];
|
|
5
|
+
/** Require frame-busting code */
|
|
6
|
+
requireFrameBusting?: boolean;
|
|
7
|
+
/** Detect transparent overlays */
|
|
8
|
+
detectTransparentOverlays?: boolean;
|
|
9
|
+
}
|
|
10
|
+
export declare const noClickjacking: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
|