eslint-plugin-secure-coding 1.0.0

package/src/rules/security/no-exposed-sensitive-data.js

@@ -0,0 +1,341 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noExposedSensitiveData = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+/**
+ * Default sensitive data patterns
+ */
+const DEFAULT_SENSITIVE_PATTERNS = [
+    'ssn',
+    'social',
+    'credit',
+    'card',
+    'password',
+    'secret',
+    'token',
+    'apiKey',
+    'apikey',
+    'api_key',
+    'privateKey',
+    'private_key',
+    'accessToken',
+    'access_token',
+    'refreshToken',
+    'refresh_token',
+    'authToken',
+    'auth_token',
+];
+/**
+ * Default logging/output patterns
+ */
+const DEFAULT_LOGGING_PATTERNS = [
+    'log',
+    'console',
+    'print',
+    'debug',
+    'error',
+    'warn',
+    'info',
+    'trace',
+    'response',
+    'res.',
+    'req.',
+];
+/**
+ * Sensitive data regex patterns
+ */
+const SENSITIVE_DATA_PATTERNS = {
+    // SSN pattern (XXX-XX-XXXX)
+    ssn: /\b\d{3}-\d{2}-\d{4}\b/,
+    // Credit card pattern (basic - 13-19 digits, may have spaces/dashes)
+    creditCard: /\b(?:\d{4}[-\s]?){3}\d{1,4}\b/,
+    // Email with sensitive context
+    sensitiveEmail: /\b(?:password|secret|token|key|credential)[\w.-]*@[\w.-]+\.\w+\b/i,
+};
+/**
+ * Check if a string contains sensitive data patterns
+ */
+function containsSensitiveData(value, sensitivePatterns) {
+    // Check for SSN pattern
+    if (SENSITIVE_DATA_PATTERNS.ssn.test(value)) {
+        return { isSensitive: true, type: 'SSN pattern detected' };
+    }
+    // Check for credit card pattern
+    if (SENSITIVE_DATA_PATTERNS.creditCard.test(value)) {
+        return { isSensitive: true, type: 'Credit card pattern detected' };
+    }
+    // Check for sensitive keywords in variable names or values
+    const lowerValue = value.toLowerCase();
+    for (const pattern of sensitivePatterns) {
+        if (lowerValue.includes(pattern.toLowerCase())) {
+            // Check if it's in a sensitive context (not just a comment or documentation)
+            if (/\b(?:log|console|print|debug|error|warn|info|trace|response|res\.|req\.|body|query|params)\b/i.test(value) ||
+                /\b(?:password|secret|token|key|credential)\s*[:=]/i.test(value)) {
+                return { isSensitive: true, type: `Sensitive data keyword: ${pattern}` };
+            }
+        }
+    }
+    return { isSensitive: false, type: '' };
+}
+/**
+ * Check if a string matches any ignore pattern
+ */
+function matchesIgnorePattern(text, patterns) {
+    return patterns.some(pattern => {
+        try {
+            const regex = new RegExp(pattern, 'i');
+            return regex.test(text);
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/**
+ * Check if a node is in a logging or output context
+ */
+function isInLoggingContext(node, sourceCode, loggingPatterns) {
+    // Build regex pattern from logging patterns
+    const patternRegex = new RegExp(`\\b(?:${loggingPatterns.map(p => p.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')})\\b`, 'i');
+    let current = node;
+    // Check parent chain for logging calls
+    while (current && 'parent' in current && current.parent) {
+        current = current.parent;
+        if (current.type === 'CallExpression') {
+            const callExpr = current;
+            const callText = sourceCode.getText(current);
+            // Check if it's a logging method call
+            if (callExpr.callee.type === 'MemberExpression') {
+                const memberExpr = callExpr.callee;
+                if (memberExpr.object.type === 'Identifier' && memberExpr.property.type === 'Identifier') {
+                    const objName = memberExpr.object.name.toLowerCase();
+                    const propName = memberExpr.property.name.toLowerCase();
+                    // Check against logging patterns
+                    if (loggingPatterns.some(p => objName.includes(p.toLowerCase()) || propName.includes(p.toLowerCase()))) {
+                        return true;
+                    }
+                }
+            }
+            // Also check for patterns in the call text
+            if (patternRegex.test(callText)) {
+                return true;
+            }
+        }
+        // Check if it's in an object expression that's being logged
+        if (current.type === 'ObjectExpression') {
+            // Check if parent is a CallExpression with logging
+            if (current.parent && current.parent.type === 'CallExpression') {
+                const parentCall = current.parent;
+                const callText = sourceCode.getText(parentCall);
+                if (patternRegex.test(callText)) {
+                    return true;
+                }
+            }
+        }
+    }
+    return false;
+}
+exports.noExposedSensitiveData = (0, eslint_devkit_2.createRule)({
+    name: 'no-exposed-sensitive-data',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects exposure of PII/sensitive data (SSN, credit card numbers in logs, etc.)',
+        },
+        hasSuggestions: true,
+        messages: {
+            exposedSensitiveData: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Exposed Sensitive Data',
+                cwe: 'CWE-200',
+                description: 'Sensitive data exposure detected: {{issue}}',
+                severity: 'CRITICAL',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/200.html',
+            }),
+            sanitizeData: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Sanitize Data',
+                description: 'Remove or mask sensitive information',
+                severity: 'LOW',
+                fix: 'Mask or remove sensitive data before logging/transmitting',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/200.html',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow sensitive data in test files',
+                    },
+                    sensitivePatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Patterns to detect sensitive data',
+                    },
+                    loggingPatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Logging/output patterns to detect',
+                    },
+                    ignorePatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional safe patterns to ignore',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInTests: false,
+            sensitivePatterns: [],
+            loggingPatterns: [],
+            ignorePatterns: [],
+        },
+    ],
+    create(context, [options = {}]) {
+        const { allowInTests = false, sensitivePatterns, loggingPatterns, ignorePatterns = [], } = options;
+        const patternsToCheck = sensitivePatterns && sensitivePatterns.length > 0
+            ? sensitivePatterns
+            : DEFAULT_SENSITIVE_PATTERNS;
+        const loggingPatternsToCheck = loggingPatterns && loggingPatterns.length > 0
+            ? loggingPatterns
+            : DEFAULT_LOGGING_PATTERNS;
+        const filename = context.getFilename();
+        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        const sourceCode = context.sourceCode || context.sourceCode;
+        function checkLiteral(node) {
+            if (isTestFile) {
+                return;
+            }
+            if (typeof node.value !== 'string') {
+                return;
+            }
+            const value = node.value;
+            const text = sourceCode.getText(node);
+            // Check if it matches any ignore pattern
+            if (matchesIgnorePattern(text, ignorePatterns)) {
+                return;
+            }
+            // Only check if in logging/output context
+            if (!isInLoggingContext(node, sourceCode, loggingPatternsToCheck)) {
+                return;
+            }
+            const { isSensitive, type } = containsSensitiveData(value, patternsToCheck);
+            if (isSensitive) {
+                // For SSN and credit card patterns, don't provide auto-fix suggestions
+                // as they require manual review
+                const isPatternMatch = type.includes('pattern detected');
+                context.report({
+                    node,
+                    messageId: 'exposedSensitiveData',
+                    data: {
+                        issue: `${type} in logging/output context`,
+                        safeAlternative: 'Remove or mask sensitive data before logging: logger.info({ userId: user.id }) instead of logger.info({ password: user.password })',
+                    },
+                    ...(isPatternMatch ? {} : {
+                        suggest: [
+                            {
+                                messageId: 'sanitizeData',
+                                fix(fixer) {
+                                    // Suggest removing or masking the sensitive data
+                                    return fixer.replaceText(node, '"***REDACTED***"');
+                                },
+                            },
+                        ],
+                    }),
+                });
+            }
+        }
+        function checkIdentifier(node) {
+            if (isTestFile) {
+                return;
+            }
+            const name = node.name;
+            const text = sourceCode.getText(node);
+            // Check if it matches any ignore pattern
+            if (matchesIgnorePattern(text, ignorePatterns)) {
+                return;
+            }
+            // Only check if in logging/output context
+            if (!isInLoggingContext(node, sourceCode, loggingPatternsToCheck)) {
+                return;
+            }
+            // Check if identifier name contains sensitive patterns
+            const lowerName = name.toLowerCase();
+            for (const pattern of patternsToCheck) {
+                if (lowerName.includes(pattern.toLowerCase())) {
+                    // Check if it's being accessed in a sensitive way
+                    if (node.parent) {
+                        const parentText = sourceCode.getText(node.parent);
+                        // Build regex pattern from logging patterns
+                        const loggingPatternRegex = new RegExp(`\\b(?:${loggingPatternsToCheck.map(p => p.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|')})\\b`, 'i');
+                        if (loggingPatternRegex.test(parentText)) {
+                            // Get the actual property name from context
+                            const actualPropertyName = name;
+                            context.report({
+                                node,
+                                messageId: 'exposedSensitiveData',
+                                data: {
+                                    issue: `Sensitive variable "${name}" exposed in logging/output`,
+                                    safeAlternative: `Remove or mask sensitive data: logger.info({ userId: user.id }) instead of logger.info({ ${actualPropertyName}: user.${actualPropertyName} })`,
+                                },
+                                // Don't provide auto-fix suggestions for identifiers (too risky)
+                            });
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        function checkMemberExpression(node) {
+            if (isTestFile) {
+                return;
+            }
+            const text = sourceCode.getText(node);
+            // Check if it matches any ignore pattern
+            if (matchesIgnorePattern(text, ignorePatterns)) {
+                return;
+            }
+            // Only check if in logging/output context
+            if (!isInLoggingContext(node, sourceCode, loggingPatternsToCheck)) {
+                return;
+            }
+            // Check if property name contains sensitive patterns
+            if (node.property.type === 'Identifier') {
+                const propertyName = node.property.name.toLowerCase();
+                for (const pattern of patternsToCheck) {
+                    if (propertyName.includes(pattern.toLowerCase())) {
+                        const objectName = node.object.type === 'Identifier' ? node.object.name : 'object';
+                        context.report({
+                            node,
+                            messageId: 'exposedSensitiveData',
+                            data: {
+                                issue: `Sensitive property "${node.property.name}" exposed in logging/output`,
+                                safeAlternative: `Remove or mask sensitive data: logger.info({ userId: user.id }) instead of logger.info({ ${node.property.name}: ${objectName}.${node.property.name} })`,
+                            },
+                            // Don't provide auto-fix suggestions for property access (too risky)
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        return {
+            Literal: checkLiteral,
+            Identifier: checkIdentifier,
+            MemberExpression: checkMemberExpression,
+        };
+    },
+});
+//# sourceMappingURL=no-exposed-sensitive-data.js.map

package/src/rules/security/no-exposed-sensitive-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-exposed-sensitive-data.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-exposed-sensitive-data.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAoBtD;;GAEG;AACH,MAAM,0BAA0B,GAAG;IACjC,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,UAAU;IACV,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,YAAY;IACZ,aAAa;IACb,aAAa;IACb,cAAc;IACd,cAAc;IACd,eAAe;IACf,WAAW;IACX,YAAY;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,KAAK;IACL,SAAS;IACT,OAAO;IACP,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,UAAU;IACV,MAAM;IACN,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,4BAA4B;IAC5B,GAAG,EAAE,uBAAuB;IAE5B,qEAAqE;IACrE,UAAU,EAAE,+BAA+B;IAE3C,+BAA+B;IAC/B,cAAc,EAAE,mEAAmE;CACpF,CAAC;AAEF;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAa,EACb,iBAA2B;IAE3B,wBAAwB;IACxB,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC;IAC7D,CAAC;IAED,gCAAgC;IAChC,IAAI,uBAAuB,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC;IACrE,CAAC;IAED,2DAA2D;IAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACvC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,6EAA6E;YAC7E,IACE,+FAA+F,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC3G,oDAAoD,CAAC,IAAI,CAAC,KAAK,CAAC,EAChE,CAAC;gBACD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,2BAA2B,OAAO,EAAE,EAAE,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAmB,EACnB,UAA+B,EAC/B,eAAyB;IAEzB,4CAA4C;IAC5C,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,SAAS,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAC3F,GAAG,CACJ,CAAC;IAEF,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,uCAAuC;IACvC,OAAO,OAAO,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACxD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAE1C,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,OAAkC,CAAC;YACpD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAE7C,sCAAsC;YACtC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAChD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;gBACnC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACzF,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAExD,iCAAiC;oBACjC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACvG,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACxC,mDAAmD;YACnD,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAiC,CAAC;gBAC7D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAChD,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAChC,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEY,QAAA,sBAAsB,GAAG,IAAA,0BAAU,EAA0B;IACxE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,iFAAiF;SAC/F;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oCAAoC;qBAClD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,mCAAmC;qBACjD;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,mCAAmC;qBACjD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,iBAAiB,EAAE,EAAE;YACrB,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,iBAAiB,EACjB,eAAe,EACf,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,eAAe,GAAG,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC;YACvE,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC,0BAA0B,CAAC;QAE/B,MAAM,sBAAsB,GAAG,eAAe,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;YAC1E,CAAC,CAAC,eAAe;YACjB,CAAC,CAAC,wBAAwB,CAAC;QAE7B,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,YAAY,CAAC,IAAsB;YAC1C,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YACzB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAE5E,IAAI,WAAW,EAAE,CAAC;gBAChB,uEAAuE;gBACvE,gCAAgC;gBAChC,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;gBACzD,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,sBAAsB;oBACjC,IAAI,EAAE;wBACJ,KAAK,EAAE,GAAG,IAAI,4BAA4B;wBAC1C,eAAe,EAAE,oIAAoI;qBACtJ;oBACD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;wBACxB,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,cAAc;gCACzB,GAAG,CAAC,KAAyB;oCAC3B,iDAAiD;oCACjD,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;gCACrD,CAAC;6BACF;yBACF;qBACF,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,eAAe,CAAC,IAAyB;YAChD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,uDAAuD;YACvD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC9C,kDAAkD;oBAClD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;wBAChB,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACnD,4CAA4C;wBAC5C,MAAM,mBAAmB,GAAG,IAAI,MAAM,CACpC,SAAS,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAClG,GAAG,CACJ,CAAC;wBACF,IAAI,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;4BACzC,4CAA4C;4BAC5C,MAAM,kBAAkB,GAAG,IAAI,CAAC;4BAChC,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,sBAAsB;gCACjC,IAAI,EAAE;oCACJ,KAAK,EAAE,uBAAuB,IAAI,6BAA6B;oCAC/D,eAAe,EAAE,4FAA4F,kBAAkB,UAAU,kBAAkB,KAAK;iCACjK;gCACD,iEAAiE;6BAClE,CAAC,CAAC;4BACH,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtD,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;oBACtC,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;wBAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC;wBACnF,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,sBAAsB;4BACjC,IAAI,EAAE;gCACJ,KAAK,EAAE,uBAAuB,IAAI,CAAC,QAAQ,CAAC,IAAI,6BAA6B;gCAC7E,eAAe,EAAE,4FAA4F,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK;6BAC1K;4BACD,qEAAqE;yBACtE,CAAC,CAAC;wBACL,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,eAAe;YAC3B,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-format-string-injection.d.ts

@@ -0,0 +1,17 @@
+export interface Options {
+    /** Functions that use format strings */
+    formatFunctions?: string[];
+    /** Format specifiers to detect */
+    formatSpecifiers?: string[];
+    /** Variables that contain user input */
+    userInputVariables?: string[];
+    /** Safe formatting libraries */
+    safeFormatLibraries?: string[];
+    /** Additional function names to consider as sanitizers */
+    trustedSanitizers?: string[];
+    /** Additional JSDoc annotations to consider as safe markers */
+    trustedAnnotations?: string[];
+    /** Disable all false positive detection (strict mode) */
+    strictMode?: boolean;
+}
+export declare const noFormatStringInjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;