eslint-plugin-secure-coding 1.0.0

package/src/rules/security/no-electron-security-issues.js

@@ -0,0 +1,421 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noElectronSecurityIssues = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const eslint_devkit_3 = require("@interlace/eslint-devkit");
+exports.noElectronSecurityIssues = (0, eslint_devkit_1.createRule)({
+    name: 'no-electron-security-issues',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects Electron security vulnerabilities and insecure configurations',
+        },
+        fixable: 'code',
+        hasSuggestions: true,
+        messages: {
+            electronSecurityIssue: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Electron Security Issue',
+                cwe: 'CWE-16',
+                description: 'Electron security vulnerability detected',
+                severity: '{{severity}}',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security',
+            }),
+            nodeIntegrationEnabled: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Node Integration Enabled',
+                cwe: 'CWE-16',
+                description: 'nodeIntegration enabled allows Node.js access in renderer',
+                severity: 'CRITICAL',
+                fix: 'Set nodeIntegration: false and use secure preload scripts',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#2-do-not-enable-nodejs-integration-for-remote-content',
+            }),
+            contextIsolationDisabled: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Context Isolation Disabled',
+                cwe: 'CWE-16',
+                description: 'contextIsolation disabled removes security boundary',
+                severity: 'CRITICAL',
+                fix: 'Enable contextIsolation and use preload scripts',
+                documentationLink: 'https://electronjs.org/docs/tutorial/context-isolation',
+            }),
+            webSecurityDisabled: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Web Security Disabled',
+                cwe: 'CWE-16',
+                description: 'webSecurity disabled removes CORS and security protections',
+                severity: 'HIGH',
+                fix: 'Keep webSecurity enabled',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#6-define-a-content-security-policy',
+            }),
+            insecureContentEnabled: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Insecure Content Enabled',
+                cwe: 'CWE-16',
+                description: 'allowRunningInsecureContent allows mixed content',
+                severity: 'MEDIUM',
+                fix: 'Set allowRunningInsecureContent: false',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#5-do-not-disable-websecurity',
+            }),
+            unsafePreloadScript: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Unsafe Preload Script',
+                cwe: 'CWE-16',
+                description: 'Preload script may expose sensitive APIs',
+                severity: 'HIGH',
+                fix: 'Use minimal, secure preload scripts',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#3-enable-context-isolation-for-remote-content',
+            }),
+            directNodeAccess: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Direct Node Access',
+                cwe: 'CWE-16',
+                description: 'Direct access to Node.js APIs in renderer process',
+                severity: 'HIGH',
+                fix: 'Access Node.js APIs only through secure IPC channels',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#3-enable-context-isolation-for-remote-content',
+            }),
+            insecureIpcPattern: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Insecure IPC Pattern',
+                cwe: 'CWE-16',
+                description: 'IPC communication lacks proper validation',
+                severity: 'MEDIUM',
+                fix: 'Validate IPC messages and restrict channels',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#7-do-not-use-the-ipc-transport-for-sensitive-data',
+            }),
+            missingSandbox: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Missing Sandbox',
+                cwe: 'CWE-16',
+                description: 'BrowserWindow not sandboxed',
+                severity: 'MEDIUM',
+                fix: 'Enable sandbox for untrusted content',
+                documentationLink: 'https://electronjs.org/docs/tutorial/sandbox',
+            }),
+            enableSecurityFeatures: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Enable Security Features',
+                description: 'Enable Electron security features',
+                severity: 'LOW',
+                fix: 'Set contextIsolation: true, nodeIntegration: false',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security',
+            }),
+            useContextIsolation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Use Context Isolation',
+                description: 'Use context isolation for security',
+                severity: 'LOW',
+                fix: 'Enable contextIsolation in BrowserWindow options',
+                documentationLink: 'https://electronjs.org/docs/tutorial/context-isolation',
+            }),
+            securePreloadScripts: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Secure Preload Scripts',
+                description: 'Use secure preload scripts',
+                severity: 'LOW',
+                fix: 'Limit APIs exposed in preload scripts',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#3-enable-context-isolation-for-remote-content',
+            }),
+            strategySecureDefaults: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Secure Defaults Strategy',
+                description: 'Use secure defaults for Electron applications',
+                severity: 'LOW',
+                fix: 'Start with secure configuration and relax only when necessary',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security',
+            }),
+            strategyProcessSeparation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Process Separation Strategy',
+                description: 'Separate main and renderer processes properly',
+                severity: 'LOW',
+                fix: 'Keep Node.js APIs in main process, use IPC for communication',
+                documentationLink: 'https://electronjs.org/docs/tutorial/application-architecture',
+            }),
+            strategyInputValidation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Input Validation Strategy',
+                description: 'Validate all inputs in Electron applications',
+                severity: 'LOW',
+                fix: 'Validate IPC messages and user inputs',
+                documentationLink: 'https://electronjs.org/docs/tutorial/security#7-do-not-use-the-ipc-transport-for-sensitive-data',
+            })
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInDev: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow insecure settings in development'
+                    },
+                    safePreloadPatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['contextBridge', 'ipcRenderer'],
+                    },
+                    allowedIpcChannels: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                    },
+                    trustedSanitizers: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional function names to consider as safe',
+                    },
+                    trustedAnnotations: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional JSDoc annotations to consider as safe markers',
+                    },
+                    strictMode: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Disable all false positive detection (strict mode)',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInDev: false,
+            safePreloadPatterns: ['contextBridge', 'ipcRenderer'],
+            allowedIpcChannels: [],
+            trustedSanitizers: [],
+            trustedAnnotations: [],
+            strictMode: false,
+        },
+    ],
+    create(context) {
+        const options = context.options[0] || {};
+        const { allowedIpcChannels = [], trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
+        const filename = context.filename || context.getFilename();
+        // Create safety checker for false positive detection
+        const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
+            trustedSanitizers,
+            trustedAnnotations,
+            trustedOrmPatterns: [],
+            strictMode,
+        });
+        /**
+         * Check if this is an Electron BrowserWindow creation
+         */
+        const isBrowserWindowCreation = (node) => {
+            return node.callee.type === 'Identifier' &&
+                node.callee.name === 'BrowserWindow';
+        };
+        /**
+         * Check if BrowserWindow options contain insecure settings
+         */
+        const checkBrowserWindowOptions = (optionsNode) => {
+            for (const prop of optionsNode.properties) {
+                if (prop.type === 'Property' &&
+                    prop.key.type === 'Identifier') {
+                    const key = prop.key.name;
+                    const value = prop.value;
+                    // Check for insecure boolean options
+                    if (['nodeIntegration', 'contextIsolation', 'webSecurity', 'allowRunningInsecureContent', 'sandbox'].includes(key)) {
+                        if (value.type === 'Literal') {
+                            const isInsecure = ((key === 'nodeIntegration' && value.value === true) ||
+                                (key === 'contextIsolation' && value.value === false) ||
+                                (key === 'webSecurity' && value.value === false) ||
+                                (key === 'allowRunningInsecureContent' && value.value === true) ||
+                                (key === 'sandbox' && value.value === false));
+                            if (isInsecure) {
+                                // FALSE POSITIVE REDUCTION
+                                if (safetyChecker.isSafe(prop, context)) {
+                                    continue;
+                                }
+                                const messageId = (key === 'nodeIntegration' ? 'nodeIntegrationEnabled' :
+                                    key === 'contextIsolation' ? 'contextIsolationDisabled' :
+                                        key === 'webSecurity' ? 'webSecurityDisabled' :
+                                            key === 'allowRunningInsecureContent' ? 'insecureContentEnabled' :
+                                                'missingSandbox');
+                                context.report({
+                                    node: prop,
+                                    messageId,
+                                    data: {
+                                        filePath: filename,
+                                        line: String(prop.loc?.start.line ?? 0),
+                                    },
+                                });
+                            }
+                        }
+                    }
+                }
+            }
+        };
+        /**
+         * Check if this is an IPC call
+         */
+        const isIpcCall = (node) => {
+            const callee = node.callee;
+            if (callee.type === 'MemberExpression' &&
+                callee.object.type === 'Identifier' &&
+                ['ipcMain', 'ipcRenderer'].includes(callee.object.name) &&
+                callee.property.type === 'Identifier') {
+                return ['send', 'invoke', 'handle', 'on', 'once'].includes(callee.property.name);
+            }
+            return false;
+        };
+        /**
+         * Check for unsafe IPC patterns
+         */
+        const checkIpcCall = (node) => {
+            const args = node.arguments;
+            if (args.length === 0) {
+                return;
+            }
+            // Check channel name (first argument)
+            const channelArg = args[0];
+            if (channelArg.type === 'Literal' && typeof channelArg.value === 'string') {
+                const channel = channelArg.value;
+                // Check if channel is allowed
+                if (allowedIpcChannels.length > 0 && !allowedIpcChannels.includes(channel)) {
+                    // FALSE POSITIVE REDUCTION
+                    if (safetyChecker.isSafe(node, context)) {
+                        return;
+                    }
+                    context.report({
+                        node: channelArg,
+                        messageId: 'insecureIpcPattern',
+                        data: {
+                            filePath: filename,
+                            line: String(node.loc?.start.line ?? 0),
+                        },
+                    });
+                }
+            }
+        };
+        /**
+         * Check for direct Node.js API access in renderer-like files
+         */
+        const isRendererFile = () => {
+            const fileName = filename.toLowerCase();
+            return fileName.includes('renderer') ||
+                fileName.includes('preload') ||
+                fileName.includes('ui') ||
+                fileName.includes('view');
+        };
+        /**
+         * Check for Node.js API usage
+         */
+        const isNodeApiCall = (node) => {
+            const callee = node.callee;
+            // Check for require('fs'), require('child_process'), etc.
+            if (callee.type === 'Identifier' && callee.name === 'require') {
+                const arg = node.arguments[0];
+                if (arg?.type === 'Literal' && typeof arg.value === 'string') {
+                    const moduleName = arg.value;
+                    return ['fs', 'child_process', 'os', 'path', 'crypto', 'http', 'https'].includes(moduleName);
+                }
+            }
+            // Check for global Node.js objects
+            if (callee.type === 'MemberExpression' &&
+                callee.object.type === 'Identifier' &&
+                ['process', 'global', '__dirname', '__filename'].includes(callee.object.name)) {
+                return true;
+            }
+            return false;
+        };
+        return {
+            // Check BrowserWindow creation
+            NewExpression(node) {
+                try {
+                    if (isBrowserWindowCreation(node)) {
+                        const args = node.arguments;
+                        if (args.length > 0 && args[0]?.type === 'ObjectExpression') {
+                            checkBrowserWindowOptions(args[0]);
+                        }
+                    }
+                }
+                catch {
+                    return;
+                }
+            },
+            // Check IPC calls
+            CallExpression(node) {
+                try {
+                    if (isIpcCall(node)) {
+                        checkIpcCall(node);
+                    }
+                    // Check for Node.js API usage in renderer files
+                    if (isRendererFile() && isNodeApiCall(node)) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node,
+                            messageId: 'directNodeAccess',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                        });
+                    }
+                }
+                catch {
+                    // Skip problematic nodes to avoid rule crashes
+                    return;
+                }
+            },
+            // Check for preload script issues
+            AssignmentExpression(node) {
+                try {
+                    // Look for preload script assignments
+                    if (node.left.type === 'MemberExpression' &&
+                        node.left.property.type === 'Identifier' &&
+                        node.left.property.name === 'preload') {
+                        if (node.right.type === 'Literal' && typeof node.right.value === 'string') {
+                            const preloadPath = node.right.value;
+                            // Check for potentially unsafe preload patterns
+                            if (preloadPath.includes('node_modules') ||
+                                preloadPath.includes('http') ||
+                                preloadPath.includes('remote')) {
+                                // FALSE POSITIVE REDUCTION
+                                if (safetyChecker.isSafe(node, context)) {
+                                    return;
+                                }
+                                context.report({
+                                    node: node.right,
+                                    messageId: 'unsafePreloadScript',
+                                    data: {
+                                        filePath: filename,
+                                        line: String(node.loc?.start.line ?? 0),
+                                    },
+                                });
+                            }
+                        }
+                    }
+                }
+                catch {
+                    return;
+                }
+            },
+            // Check for insecure webPreferences patterns
+            Property(node) {
+                try {
+                    if (node.key.type === 'Identifier' && node.key.name === 'webPreferences') {
+                        if (node.value.type === 'ObjectExpression') {
+                            checkBrowserWindowOptions(node.value);
+                        }
+                    }
+                }
+                catch {
+                    return;
+                }
+            }
+        };
+    },
+});
+//# sourceMappingURL=no-electron-security-issues.js.map

package/src/rules/security/no-electron-security-issues.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-electron-security-issues.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-electron-security-issues.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAgCrB,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,uEAAuE;SACrF;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2DAA2D;gBACxE,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,qDAAqD;gBAClE,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4DAA4D;gBACzE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0BAA0B;gBAC/B,iBAAiB,EAAE,kFAAkF;aACtG,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,wCAAwC;gBAC7C,iBAAiB,EAAE,4EAA4E;aAChG,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,iGAAiG;aACrH,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,6BAA6B;gBAC1C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,8CAA8C;aAClE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8DAA8D;gBACnE,iBAAiB,EAAE,+DAA+D;aACnF,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,8CAA8C;gBAC3D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,iGAAiG;aACrH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,wCAAwC;qBACtD;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,aAAa,CAAC;qBAC1C;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+CAA+C;qBAC7D;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,UAAU,EAAE,KAAK;YACjB,mBAAmB,EAAE,CAAC,eAAe,EAAE,aAAa,CAAC;YACrD,kBAAkB,EAAE,EAAE;YACtB,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,EAAE,EACvB,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QACrB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,uBAAuB,GAAG,CAAC,IAA4B,EAAW,EAAE;YACxE,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,eAAe,CAAC;QAC9C,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,WAAsC,EAAQ,EAAE;YACjF,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;gBAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;oBACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,qCAAqC;oBACrC,IAAI,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,6BAA6B,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBACnH,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;4BAC7B,MAAM,UAAU,GAAG,CACjB,CAAC,GAAG,KAAK,iBAAiB,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;gCACnD,CAAC,GAAG,KAAK,kBAAkB,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC;gCACrD,CAAC,GAAG,KAAK,aAAa,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC;gCAChD,CAAC,GAAG,KAAK,6BAA6B,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;gCAC/D,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,CAC7C,CAAC;4BAEF,IAAI,UAAU,EAAE,CAAC;gCACf,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,SAAS;gCACX,CAAC;gCAED,MAAM,SAAS,GAAG,CAChB,GAAG,KAAK,iBAAiB,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;oCACtD,GAAG,KAAK,kBAAkB,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC;wCACzD,GAAG,KAAK,aAAa,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;4CAC/C,GAAG,KAAK,6BAA6B,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;gDAClE,gBAAgB,CACjB,CAAC;gCAEN,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,IAAI;oCACV,SAAS;oCACT,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,SAAS,GAAG,CAAC,IAA6B,EAAW,EAAE;YAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACnC,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;gBACvD,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1C,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnF,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,IAA6B,EAAQ,EAAE;YAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC1E,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC;gBAEjC,8BAA8B;gBAC9B,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3E,2BAA2B;oBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,GAAY,EAAE;YACnC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC5B,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,aAAa,GAAG,CAAC,IAA6B,EAAW,EAAE;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,0DAA0D;YAC1D,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,GAAG,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC;oBAC7B,OAAO,CAAC,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC/F,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACnC,CAAC,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,OAAO;YACL,+BAA+B;YAC/B,aAAa,CAAC,IAA4B;gBACxC,IAAI,CAAC;oBACH,IAAI,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BAC5D,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;wBACrC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,cAAc,CAAC,IAA6B;gBAC1C,IAAI,CAAC;oBACH,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;wBACpB,YAAY,CAAC,IAAI,CAAC,CAAC;oBACrB,CAAC;oBAED,gDAAgD;oBAChD,IAAI,cAAc,EAAE,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC9C,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,kBAAkB;4BAC7B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACD,CAAC;gBAAC,MAAM,CAAC;oBACP,+CAA+C;oBAC/C,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,oBAAoB,CAAC,IAAmC;gBACtD,IAAI,CAAC;oBACH,sCAAsC;oBACtC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;wBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;wBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAE1C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;4BAErC,gDAAgD;4BAChD,IAAI,WAAW,CAAC,QAAQ,CAAC,cAAc,CAAC;gCACpC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;gCAC5B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gCACnC,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,IAAI,CAAC,KAAK;oCAChB,SAAS,EAAE,qBAAqB;oCAChC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;YAED,6CAA6C;YAC7C,QAAQ,CAAC,IAAuB;gBAC9B,IAAI,CAAC;oBACH,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACzE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BAC3C,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-exposed-sensitive-data.d.ts

@@ -0,0 +1,11 @@
+export interface Options {
+    /** Allow sensitive data in test files. Default: false */
+    allowInTests?: boolean;
+    /** Patterns to detect sensitive data. Default: ['ssn', 'social', 'credit', 'card', 'password', 'secret', 'token', 'apiKey'] */
+    sensitivePatterns?: string[];
+    /** Logging/output patterns to detect. Default: ['log', 'console', 'print', 'debug', 'error', 'warn', 'info', 'trace', 'response', 'res.', 'req.'] */
+    loggingPatterns?: string[];
+    /** Additional safe patterns to ignore. Default: [] */
+    ignorePatterns?: string[];
+}
+export declare const noExposedSensitiveData: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;