eslint-plugin-secure-coding 1.0.0

package/src/rules/security/no-directive-injection.js

@@ -0,0 +1,446 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDirectiveInjection = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const eslint_devkit_3 = require("@interlace/eslint-devkit");
+exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
+    name: 'no-directive-injection',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects directive injection vulnerabilities in templates',
+        },
+        fixable: 'code',
+        hasSuggestions: true,
+        messages: {
+            directiveInjection: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Directive Injection',
+                cwe: 'CWE-96',
+                description: 'User input injected into directive or template',
+                severity: '{{severity}}',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            unsafeDirectiveName: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Unsafe Directive Name',
+                cwe: 'CWE-96',
+                description: 'Directive name controlled by user input',
+                severity: 'CRITICAL',
+                fix: 'Use hardcoded directive names or validate against whitelist',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            dynamicDirectiveCreation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Dynamic Directive Creation',
+                cwe: 'CWE-96',
+                description: 'Dynamic creation of directives from user input',
+                severity: 'HIGH',
+                fix: 'Validate directive names against trusted list',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            templateInjection: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Template Injection',
+                cwe: 'CWE-96',
+                description: 'User input injected into template content',
+                severity: 'HIGH',
+                fix: 'Sanitize template input or use safe rendering',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            unsafeComponentBinding: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Unsafe Component Binding',
+                cwe: 'CWE-96',
+                description: 'Dynamic component binding with user input',
+                severity: 'HIGH',
+                fix: 'Use component whitelist or validate component names',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            userControlledTemplate: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'User Controlled Template',
+                cwe: 'CWE-96',
+                description: 'Template content controlled by user input',
+                severity: 'CRITICAL',
+                fix: 'Sanitize template input before compilation',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            dangerousInnerHTML: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Dangerous innerHTML',
+                cwe: 'CWE-96',
+                description: 'innerHTML set with user-controlled content',
+                severity: 'HIGH',
+                fix: 'Use textContent or sanitize HTML content',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML',
+            }),
+            untrustedDirectiveSource: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Untrusted Directive Source',
+                cwe: 'CWE-96',
+                description: 'Directive loaded from untrusted source',
+                severity: 'MEDIUM',
+                fix: 'Load directives from trusted, verified sources',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            useTrustedDirectives: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Use Trusted Directives',
+                description: 'Use only trusted, verified directives',
+                severity: 'LOW',
+                fix: 'Maintain whitelist of allowed directives',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            sanitizeTemplateInput: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Sanitize Template Input',
+                description: 'Sanitize user input before template processing',
+                severity: 'LOW',
+                fix: 'Use DOMPurify or equivalent sanitization',
+                documentationLink: 'https://github.com/cure53/DOMPurify',
+            }),
+            validateDirectiveNames: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Validate Directive Names',
+                description: 'Validate directive names against whitelist',
+                severity: 'LOW',
+                fix: 'Check directive names before dynamic creation',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/96.html',
+            }),
+            strategyTemplateSanitization: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Template Sanitization Strategy',
+                description: 'Implement template input sanitization',
+                severity: 'LOW',
+                fix: 'Sanitize all user input before template processing',
+                documentationLink: 'https://owasp.org/www-community/xss-filter-evasion-cheatsheet',
+            }),
+            strategyContentSecurity: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Content Security Strategy',
+                description: 'Use CSP to restrict directive execution',
+                severity: 'LOW',
+                fix: 'Implement strict CSP with script-src restrictions',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP',
+            }),
+            strategyInputValidation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Input Validation Strategy',
+                description: 'Validate all template inputs',
+                severity: 'LOW',
+                fix: 'Use schema validation for template inputs',
+                documentationLink: 'https://joi.dev/',
+            })
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    trustedDirectives: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['ngIf', 'ngFor', 'ngClass', 'v-if', 'v-for', 'v-bind', 'v-on'],
+                    },
+                    userInputVariables: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'],
+                    },
+                    frameworks: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['angular', 'vue', 'react', 'svelte'],
+                    },
+                    allowDynamicInComponents: {
+                        type: 'boolean',
+                        default: false,
+                    },
+                    trustedSanitizers: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional function names to consider as template sanitizers',
+                    },
+                    trustedAnnotations: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional JSDoc annotations to consider as safe markers',
+                    },
+                    strictMode: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Disable all false positive detection (strict mode)',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            trustedDirectives: ['ngIf', 'ngFor', 'ngClass', 'v-if', 'v-for', 'v-bind', 'v-on'],
+            userInputVariables: ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'],
+            frameworks: ['angular', 'vue', 'react', 'svelte'],
+            allowDynamicInComponents: false,
+            trustedSanitizers: [],
+            trustedAnnotations: [],
+            strictMode: false,
+        },
+    ],
+    create(context) {
+        const options = context.options[0] || {};
+        const { userInputVariables = ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'], trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
+        const sourceCode = context.sourceCode || context.sourceCode;
+        const filename = context.filename || context.getFilename();
+        // Create safety checker for false positive detection
+        const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
+            trustedSanitizers,
+            trustedAnnotations,
+            trustedOrmPatterns: [],
+            strictMode,
+        });
+        /**
+         * Check if a variable contains user input
+         */
+        const isUserInput = (varName) => {
+            return userInputVariables.some(input => varName.includes(input));
+        };
+        return {
+            // Check JSX attributes for directive injection
+            JSXAttribute(node) {
+                const attrName = node.name;
+                const attrValue = node.value;
+                // Check for dangerouslySetInnerHTML
+                if (attrName.type === 'JSXIdentifier' && attrName.name === 'dangerouslySetInnerHTML') {
+                    if (attrValue && attrValue.type === 'JSXExpressionContainer') {
+                        const expression = attrValue.expression;
+                        // Check if the expression contains user input
+                        const expressionText = sourceCode.getText(expression);
+                        if (userInputVariables.some(input => expressionText.includes(input))) {
+                            // FALSE POSITIVE REDUCTION
+                            if (safetyChecker.isSafe(node, context)) {
+                                return;
+                            }
+                            context.report({
+                                node: attrValue,
+                                messageId: 'dangerousInnerHTML',
+                                data: {
+                                    filePath: filename,
+                                    line: String(node.loc?.start.line ?? 0),
+                                },
+                            });
+                        }
+                    }
+                }
+                // Check for dynamic directive names (Angular/Vue style)
+                // Check for dynamic directive names (Angular/Vue style)
+                const isNamespaceDirective = ((attrName.type === 'JSXNamespacedName' && (attrName.namespace.name === 'v' || attrName.namespace.name === 'ng')) ||
+                    (attrName.type === 'JSXIdentifier' && (attrName.name.startsWith('ng:') || attrName.name.startsWith('v:'))));
+                if (isNamespaceDirective && attrValue) {
+                    if (attrValue.type === 'JSXExpressionContainer') {
+                        const expression = attrValue.expression;
+                        // Check if directive value comes from user input
+                        if (expression.type === 'Identifier' && isUserInput(expression.name)) {
+                            // FALSE POSITIVE REDUCTION
+                            if (safetyChecker.isSafe(node, context)) {
+                                return;
+                            }
+                            context.report({
+                                node: attrValue,
+                                messageId: 'directiveInjection',
+                                data: {
+                                    filePath: filename,
+                                    line: String(node.loc?.start.line ?? 0),
+                                    severity: 'HIGH',
+                                    safeAlternative: 'Use hardcoded directive values or validate user input',
+                                },
+                            });
+                        }
+                    }
+                }
+                // Check for dynamic component binding (React/Angular)
+                if (attrName.type === 'JSXIdentifier') {
+                    const attrNameStr = attrName.name;
+                    // Check for is="" (dynamic component in Vue/Angular)
+                    if (attrNameStr === 'is' && attrValue) {
+                        if (attrValue.type === 'JSXExpressionContainer') {
+                            const expression = attrValue.expression;
+                            if (expression.type === 'Identifier' && isUserInput(expression.name)) {
+                                // FALSE POSITIVE REDUCTION
+                                if (safetyChecker.isSafe(node, context)) {
+                                    return;
+                                }
+                                context.report({
+                                    node: attrValue,
+                                    messageId: 'unsafeComponentBinding',
+                                    data: {
+                                        filePath: filename,
+                                        line: String(node.loc?.start.line ?? 0),
+                                    },
+                                });
+                            }
+                        }
+                    }
+                }
+            },
+            // Check for innerHTML assignments
+            AssignmentExpression(node) {
+                const left = node.left;
+                const right = node.right;
+                // Check for element.innerHTML = userInput
+                if (left.type === 'MemberExpression' &&
+                    left.property.type === 'Identifier' &&
+                    left.property.name === 'innerHTML') {
+                    // Check if right side contains user input
+                    const rightText = sourceCode.getText(right);
+                    if (userInputVariables.some(input => rightText.includes(input))) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node: right,
+                            messageId: 'dangerousInnerHTML',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                        });
+                    }
+                }
+            },
+            // Check for template compilation with user input
+            CallExpression(node) {
+                const callee = node.callee;
+                // Check for template compilation functions
+                if (callee.type === 'MemberExpression' &&
+                    callee.property.type === 'Identifier') {
+                    const methodName = callee.property.name;
+                    const objectName = callee.object.type === 'Identifier' ? callee.object.name : '';
+                    // Template compilation functions
+                    if (['compile', 'template', '$compile', '$interpolate'].includes(methodName) ||
+                        (objectName === 'Handlebars' && methodName === 'compile') ||
+                        (objectName === '_' && methodName === 'template')) {
+                        const args = node.arguments;
+                        if (args.length > 0) {
+                            const templateArg = args[0];
+                            // Check if template comes from user input
+                            if (templateArg.type === 'Identifier' && isUserInput(templateArg.name)) {
+                                // FALSE POSITIVE REDUCTION
+                                if (safetyChecker.isSafe(node, context)) {
+                                    return;
+                                }
+                                context.report({
+                                    node: templateArg,
+                                    messageId: 'userControlledTemplate',
+                                    data: {
+                                        filePath: filename,
+                                        line: String(node.loc?.start.line ?? 0),
+                                    },
+                                });
+                            }
+                        }
+                    }
+                    // Check for Vue.js v-html directive
+                    if (objectName === 'Vue' && methodName === 'directive') {
+                        const args = node.arguments;
+                        if (args.length >= 2) {
+                            const directiveName = args[0];
+                            if (directiveName.type === 'Identifier' && isUserInput(directiveName.name)) {
+                                // FALSE POSITIVE REDUCTION
+                                if (safetyChecker.isSafe(node, context)) {
+                                    return;
+                                }
+                                context.report({
+                                    node: directiveName,
+                                    messageId: 'unsafeDirectiveName',
+                                    data: {
+                                        filePath: filename,
+                                        line: String(node.loc?.start.line ?? 0),
+                                    },
+                                });
+                            }
+                        }
+                    }
+                }
+                // Check for Angular directive creation
+                if (callee.type === 'Identifier' && callee.name === 'directive') {
+                    const args = node.arguments;
+                    if (args.length >= 2) {
+                        const directiveName = args[0];
+                        if (directiveName.type === 'Identifier' && isUserInput(directiveName.name)) {
+                            // FALSE POSITIVE REDUCTION
+                            if (safetyChecker.isSafe(node, context)) {
+                                return;
+                            }
+                            context.report({
+                                node: directiveName,
+                                messageId: 'dynamicDirectiveCreation',
+                                data: {
+                                    filePath: filename,
+                                    line: String(node.loc?.start.line ?? 0),
+                                },
+                            });
+                        }
+                    }
+                }
+            },
+            // Check template literals for injection
+            TemplateLiteral(node) {
+                // Check if template literal is used dangerously
+                let current = node;
+                let isInDangerousContext = false;
+                while (current && !isInDangerousContext) {
+                    if (current.type === 'JSXExpressionContainer') {
+                        // Check if we are inside dangerouslySetInnerHTML attribute
+                        if (current.parent?.type === 'JSXAttribute' &&
+                            current.parent.name.type === 'JSXIdentifier' &&
+                            current.parent.name.name === 'dangerouslySetInnerHTML') {
+                            isInDangerousContext = true;
+                            break;
+                        }
+                    }
+                    else if (current.type === 'AssignmentExpression') {
+                        // Check for innerHTML assignment
+                        const left = current.left;
+                        if (left.type === 'MemberExpression' &&
+                            left.property.type === 'Identifier' &&
+                            left.property.name === 'innerHTML') {
+                            isInDangerousContext = true;
+                            break;
+                        }
+                    }
+                    current = current.parent;
+                }
+                if (isInDangerousContext) {
+                    // Check if template contains user input
+                    const hasUserInput = node.expressions.some((expr) => (expr.type === 'Identifier' && isUserInput(expr.name)) ||
+                        (expr.type === 'MemberExpression' &&
+                            expr.object.type === 'Identifier' &&
+                            isUserInput(expr.object.name)));
+                    if (hasUserInput) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node,
+                            messageId: 'templateInjection',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                                severity: 'HIGH',
+                                safeAlternative: 'Sanitize template input before insertion',
+                            },
+                        });
+                    }
+                }
+            }
+        };
+    },
+});
+//# sourceMappingURL=no-directive-injection.js.map

package/src/rules/security/no-directive-injection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-directive-injection.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-directive-injection.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAkCrB,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,0DAA0D;SACxE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,6DAA6D;gBAClE,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,+DAA+D;aACnF,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,uDAAuD;aAC3E,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC;qBACzE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;qBACrF;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;qBAC/C;oBACD,wBAAwB,EAAE;wBACxB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;qBACf;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,8DAA8D;qBAC5E;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,iBAAiB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC;YAClF,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;YAC/F,UAAU,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;YACjD,wBAAwB,EAAE,KAAK;YAC/B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAChG,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAW,EAAE;YAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC;QAEF,OAAO;YACL,+CAA+C;YAC/C,YAAY,CAAC,IAA2B;gBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;gBAE7B,oCAAoC;gBACpC,IAAI,QAAQ,CAAC,IAAI,KAAK,eAAe,IAAI,QAAQ,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBACrF,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAC7D,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;wBAExC,8CAA8C;wBAC9C,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;wBACtD,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;4BACrE,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,SAAS;gCACf,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,wDAAwD;gBACxD,wDAAwD;gBACxD,MAAM,oBAAoB,GAAG,CAC3B,CAAC,QAAQ,CAAC,IAAI,KAAK,mBAAmB,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;oBAChH,CAAC,QAAQ,CAAC,IAAI,KAAK,eAAe,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3G,CAAC;gBAEF,IAAI,oBAAoB,IAAI,SAAS,EAAE,CAAC;oBACpC,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAChD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;wBAExC,iDAAiD;wBACjD,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;4BACrE,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,SAAS;gCACf,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;oCACvC,QAAQ,EAAE,MAAM;oCAChB,eAAe,EAAE,uDAAuD;iCACzE;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACL,CAAC;gBAED,sDAAsD;gBACtD,IAAI,QAAQ,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACtC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;oBAElC,qDAAqD;oBACrD,IAAI,WAAW,KAAK,IAAI,IAAI,SAAS,EAAE,CAAC;wBACtC,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;4BAChD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;4BAExC,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gCACrE,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,SAAS;oCACf,SAAS,EAAE,wBAAwB;oCACnC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCAC1C;iCACA,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,oBAAoB,CAAC,IAAmC;gBACtD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEzB,0CAA0C;gBAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;oBAChC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAEvC,0CAA0C;oBAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAC5C,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;wBAChE,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,KAAK;4BACX,SAAS,EAAE,oBAAoB;4BAC/B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,2CAA2C;gBAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjF,iCAAiC;oBACjC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACxE,CAAC,UAAU,KAAK,YAAY,IAAI,UAAU,KAAK,SAAS,CAAC;wBACzD,CAAC,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,UAAU,CAAC,EAAE,CAAC;wBAEtD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACpB,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAE5B,0CAA0C;4BAC1C,IAAI,WAAW,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gCACvE,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,WAAW;oCACjB,SAAS,EAAE,wBAAwB;oCACnC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,oCAAoC;oBACpC,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;wBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;4BACrB,MAAM,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAE9B,IAAI,aAAa,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gCAC3E,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,aAAa;oCACnB,SAAS,EAAE,qBAAqB;oCAChC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,uCAAuC;gBACvC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,MAAM,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAE9B,IAAI,aAAa,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC3E,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,aAAa;gCACnB,SAAS,EAAE,0BAA0B;gCACrC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,eAAe,CAAC,IAA8B;gBAC5C,gDAAgD;gBAChD,IAAI,OAAO,GAA8B,IAAI,CAAC;gBAC9C,IAAI,oBAAoB,GAAG,KAAK,CAAC;gBAEjC,OAAO,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAC;oBACxC,IAAI,OAAO,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAC9C,2DAA2D;wBAC3D,IAAI,OAAO,CAAC,MAAM,EAAE,IAAI,KAAK,cAAc;4BACvC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe;4BAC5C,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;4BAC3D,oBAAoB,GAAG,IAAI,CAAC;4BAC5B,MAAM;wBACR,CAAC;oBACH,CAAC;yBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;wBACnD,iCAAiC;wBACjC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;wBAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BAChC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;4BACvC,oBAAoB,GAAG,IAAI,CAAC;4BAC5B,MAAM;wBACR,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;gBAC5C,CAAC;gBAED,IAAI,oBAAoB,EAAE,CAAC;oBACzB,wCAAwC;oBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAyB,EAAE,EAAE,CACvE,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtD,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BAChC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;4BACjC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAChC,CAAC;oBAEF,IAAI,YAAY,EAAE,CAAC;wBACjB,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;gCACvC,QAAQ,EAAE,MAAM;gCAChB,eAAe,EAAE,0CAA0C;6BAC5D;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-document-cookie.d.ts

@@ -0,0 +1,5 @@
+export interface Options {
+    /** Allow reading document.cookie for parsing */
+    allowReading?: boolean;
+}
+export declare const noDocumentCookie: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/security/no-document-cookie.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDocumentCookie = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+exports.noDocumentCookie = (0, eslint_devkit_1.createRule)({
+    name: 'no-document-cookie',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent direct usage of document.cookie - use Cookie Store API or cookie libraries instead',
+        },
+        hasSuggestions: false,
+        messages: {
+            noDocumentCookie: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Document Cookie',
+                description: 'Avoid direct document.cookie usage',
+                severity: 'MEDIUM',
+                fix: 'Use Cookie Store API or cookie library instead',
+                documentationLink: 'https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/no-document-cookie.md',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowReading: {
+                        type: 'boolean',
+                        default: true,
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [{ allowReading: true }],
+    create(context) {
+        const [options] = context.options;
+        const { allowReading = true } = options || {};
+        function isDocumentCookieAccess(node) {
+            // Check if this is accessing document.cookie
+            return (node.object.type === 'Identifier' &&
+                node.object.name === 'document' &&
+                ((node.property.type === 'Identifier' && node.property.name === 'cookie') ||
+                    (node.computed && node.property.type === 'Literal' && node.property.value === 'cookie')));
+        }
+        function isAssignmentToCookie(node) {
+            // Check if this is an assignment to document.cookie
+            const parent = node.parent;
+            // Check direct assignment
+            if (parent?.type === 'AssignmentExpression' && parent.left === node) {
+                return true;
+            }
+            // Check compound assignment (+=, -=, etc.)
+            if (parent?.type === 'AssignmentExpression' &&
+                parent.operator &&
+                parent.operator.includes('=') &&
+                parent.left === node) {
+                return true;
+            }
+            // Variable declarator (const/let/var x = document.cookie) - this is reading, not assigning
+            if (parent?.type === 'VariableDeclarator' && parent.init === node) {
+                return false;
+            }
+            return false;
+        }
+        return {
+            MemberExpression(node) {
+                if (isDocumentCookieAccess(node)) {
+                    const isAssigning = isAssignmentToCookie(node);
+                    // If allowReading is true, only flag assignments
+                    // If allowReading is false, flag everything
+                    if (allowReading && !isAssigning) {
+                        return; // Allow reading when option is enabled
+                    }
+                    // Flag document.cookie usage
+                    context.report({
+                        node,
+                        messageId: 'noDocumentCookie',
+                        data: {
+                            operation: isAssigning ? 'assignment to' : 'reading from',
+                        },
+                    });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=no-document-cookie.js.map

package/src/rules/security/no-document-cookie.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-document-cookie.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-document-cookie.ts"],"names":[],"mappings":";;;AAKA,4DAAsD;AACtD,4DAA0E;AAW7D,QAAA,gBAAgB,GAAG,IAAA,0BAAU,EAA0B;IAClE,IAAI,EAAE,oBAAoB;IAC1B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,4FAA4F;SAC1G;QACD,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE;YACR,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,kGAAkG;aACtH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;qBACd;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAExC,MAAM,CAAC,OAAsD;QAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;QAClC,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;QAE9C,SAAS,sBAAsB,CAAC,IAA+B;YAC7D,6CAA6C;YAC7C,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU;gBAC/B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC;oBACxE,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,oBAAoB,CAAC,IAA+B;YAC3D,oDAAoD;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,0BAA0B;YAC1B,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACpE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2CAA2C;YAC3C,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB;gBACvC,MAAM,CAAC,QAAQ;gBACf,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7B,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2FAA2F;YAC3F,IAAI,MAAM,EAAE,IAAI,KAAK,oBAAoB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO;YACL,gBAAgB,CAAC,IAA+B;gBAC9C,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjC,MAAM,WAAW,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;oBAE/C,iDAAiD;oBACjD,4CAA4C;oBAC5C,IAAI,YAAY,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjC,OAAO,CAAC,uCAAuC;oBACjD,CAAC;oBAED,6BAA6B;oBAC7B,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,kBAAkB;wBAC7B,IAAI,EAAE;4BACJ,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc;yBAC1D;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-electron-security-issues.d.ts

@@ -0,0 +1,10 @@
+import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
+export interface Options extends SecurityRuleOptions {
+    /** Allow insecure settings in development */
+    allowInDev?: boolean;
+    /** Safe preload script patterns */
+    safePreloadPatterns?: string[];
+    /** Allowed IPC channels */
+    allowedIpcChannels?: string[];
+}
+export declare const noElectronSecurityIssues: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;