eslint-plugin-secure-coding 1.0.0

package/src/rules/security/no-improper-type-validation.js

@@ -0,0 +1,420 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noImproperTypeValidation = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const eslint_devkit_3 = require("@interlace/eslint-devkit");
+exports.noImproperTypeValidation = (0, eslint_devkit_1.createRule)({
+    name: 'no-improper-type-validation',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects improper type validation in user input handling',
+        },
+        fixable: 'code',
+        hasSuggestions: true,
+        messages: {
+            improperTypeValidation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.SECURITY,
+                issueName: 'Improper Type Validation',
+                cwe: 'CWE-1287',
+                description: 'Type validation may be bypassed or incomplete',
+                severity: '{{severity}}',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1287.html',
+            }),
+            unsafeTypeofCheck: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Unsafe typeof Check',
+                cwe: 'CWE-1287',
+                description: 'typeof check misses null values',
+                severity: 'MEDIUM',
+                fix: 'Use value != null && typeof value === "object"',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/typeof',
+            }),
+            unsafeInstanceofUsage: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Unsafe instanceof Usage',
+                cwe: 'CWE-1287',
+                description: 'instanceof may fail across contexts',
+                severity: 'LOW',
+                fix: 'Use Array.isArray() or typeof checks',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/instanceof',
+            }),
+            looseEqualityTypeCheck: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Loose Equality Type Check',
+                cwe: 'CWE-1287',
+                description: 'Loose equality may cause type confusion',
+                severity: 'LOW',
+                fix: 'Use strict equality (===) for type checking',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Equality',
+            }),
+            missingNullCheck: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Missing Null Check',
+                cwe: 'CWE-1287',
+                description: 'Type check doesn\'t handle null values',
+                severity: 'MEDIUM',
+                fix: 'Check for both null and undefined',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/typeof',
+            }),
+            unreliableConstructorCheck: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Unreliable Constructor Check',
+                cwe: 'CWE-1287',
+                description: 'constructor.name can be spoofed',
+                severity: 'MEDIUM',
+                fix: 'Use Object.prototype.toString.call() or duck typing',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/constructor',
+            }),
+            incompleteTypeValidation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.WARNING,
+                issueName: 'Incomplete Type Validation',
+                cwe: 'CWE-1287',
+                description: 'Type validation is incomplete',
+                severity: 'LOW',
+                fix: 'Use comprehensive type checking',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1287.html',
+            }),
+            useTypeofCorrectly: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Use typeof Correctly',
+                description: 'Use typeof with null checks for objects',
+                severity: 'LOW',
+                fix: 'if (value != null && typeof value === "object")',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/typeof',
+            }),
+            useProperTypeGuards: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Use Proper Type Guards',
+                description: 'Use proper type guard functions',
+                severity: 'LOW',
+                fix: 'Array.isArray(), Number.isNaN(), etc.',
+                documentationLink: 'https://www.typescriptlang.org/docs/handbook/advanced-types.html#type-guards-and-differentiating-types',
+            }),
+            validateUserInput: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.INFO,
+                issueName: 'Validate User Input',
+                description: 'Validate user input before processing',
+                severity: 'LOW',
+                fix: 'Use schema validation libraries',
+                documentationLink: 'https://joi.dev/',
+            }),
+            strategyTypeGuards: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Type Guards Strategy',
+                description: 'Use type guards for runtime type checking',
+                severity: 'LOW',
+                fix: 'Implement custom type guard functions',
+                documentationLink: 'https://www.typescriptlang.org/docs/handbook/advanced-types.html#type-guards-and-differentiating-types',
+            }),
+            strategySchemaValidation: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Schema Validation Strategy',
+                description: 'Use schema validation for complex inputs',
+                severity: 'LOW',
+                fix: 'Use Joi, Yup, or Zod for input validation',
+                documentationLink: 'https://joi.dev/',
+            }),
+            strategyDefensiveProgramming: (0, eslint_devkit_2.formatLLMMessage)({
+                icon: eslint_devkit_2.MessageIcons.STRATEGY,
+                issueName: 'Defensive Programming Strategy',
+                description: 'Use defensive programming techniques',
+                severity: 'LOW',
+                fix: 'Check types and handle edge cases explicitly',
+                documentationLink: 'https://en.wikipedia.org/wiki/Defensive_programming',
+            })
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    userInputVariables: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'],
+                    },
+                    safeTypeCheckFunctions: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['isArray', 'isString', 'isNumber', 'isObject', 'validateType', 'checkType'],
+                    },
+                    allowInstanceofSameRealm: {
+                        type: 'boolean',
+                        default: true,
+                        description: 'Allow instanceof for same-realm objects'
+                    },
+                    trustedSanitizers: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional function names to consider as type validators',
+                    },
+                    trustedAnnotations: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional JSDoc annotations to consider as safe markers',
+                    },
+                    strictMode: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Disable all false positive detection (strict mode)',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            userInputVariables: ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'],
+            safeTypeCheckFunctions: ['isArray', 'isString', 'isNumber', 'isObject', 'validateType', 'checkType'],
+            allowInstanceofSameRealm: true,
+            trustedSanitizers: [],
+            trustedAnnotations: [],
+            strictMode: false,
+        },
+    ],
+    create(context) {
+        const options = context.options[0] || {};
+        const { userInputVariables = ['req', 'request', 'body', 'query', 'params', 'input', 'data', 'userInput'], allowInstanceofSameRealm = true, trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
+        const sourceCode = context.sourceCode || context.sourceCode;
+        const filename = context.filename || context.getFilename();
+        // Create safety checker for false positive detection
+        const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
+            trustedSanitizers,
+            trustedAnnotations,
+            trustedOrmPatterns: [],
+            strictMode,
+        });
+        /**
+         * Check if a variable is user input
+         */
+        const isUserInput = (varName) => {
+            return userInputVariables.some(input => varName.includes(input));
+        };
+        /**
+         * Check if a typeof check is unsafe
+         */
+        const isUnsafeTypeof = (node) => {
+            if (node.operator !== '===' && node.operator !== '!==') {
+                return false;
+            }
+            const left = node.left;
+            const right = node.right;
+            // Check for typeof x === 'object' (misses null)
+            if (left.type === 'UnaryExpression' &&
+                left.operator === 'typeof' &&
+                right.type === 'Literal' &&
+                right.value === 'object') {
+                return true;
+            }
+            return false;
+        };
+        /**
+         * Check if instanceof usage is unsafe
+         */
+        const isUnsafeInstanceof = (node) => {
+            if (node.operator !== 'instanceof') {
+                return false;
+            }
+            if (!allowInstanceofSameRealm) {
+                return true;
+            }
+            // instanceof is generally safe within the same realm
+            // but can be problematic across different contexts/windows
+            return false;
+        };
+        /**
+         * Check if equality is loose and used for type checking
+         */
+        const isLooseEqualityTypeCheck = (node) => {
+            if (node.operator !== '==' && node.operator !== '!=') {
+                return false;
+            }
+            const leftText = sourceCode.getText(node.left).toLowerCase();
+            const rightText = sourceCode.getText(node.right).toLowerCase();
+            // Check if comparing against null/undefined with loose equality
+            return (leftText.includes('null') || rightText.includes('null') ||
+                leftText.includes('undefined') || rightText.includes('undefined'));
+        };
+        /**
+         * Check for unreliable constructor checks
+         */
+        const isUnreliableConstructorCheck = (node) => {
+            return node.property.type === 'Identifier' &&
+                node.property.name === 'name' &&
+                node.object.type === 'MemberExpression' &&
+                node.object.property.type === 'Identifier' &&
+                node.object.property.name === 'constructor';
+        };
+        return {
+            // Check binary expressions for type validation issues
+            BinaryExpression(node) {
+                // Check for unsafe typeof usage
+                if (isUnsafeTypeof(node)) {
+                    // Check if this involves user input
+                    const left = node.left;
+                    if (left.argument.type === 'Identifier' && isUserInput(left.argument.name)) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node,
+                            messageId: 'unsafeTypeofCheck',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                            suggest: [
+                                {
+                                    messageId: 'useTypeofCorrectly',
+                                    fix: () => null // Would need complex AST manipulation
+                                },
+                            ],
+                        });
+                    }
+                }
+                // Check for unsafe instanceof usage
+                if (isUnsafeInstanceof(node)) {
+                    const left = node.left;
+                    if (left.type === 'Identifier' && isUserInput(left.name)) {
+                        context.report({
+                            node,
+                            messageId: 'unsafeInstanceofUsage',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                        });
+                    }
+                }
+                // Check for loose equality in type checks
+                if (isLooseEqualityTypeCheck(node)) {
+                    const left = node.left;
+                    const right = node.right;
+                    // Check if this involves user input variables
+                    const leftText = sourceCode.getText(left);
+                    const rightText = sourceCode.getText(right);
+                    if ((left.type === 'Identifier' && isUserInput(left.name)) ||
+                        (right.type === 'Identifier' && isUserInput(right.name)) ||
+                        leftText.includes('null') || rightText.includes('null')) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node,
+                            messageId: 'looseEqualityTypeCheck',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                        });
+                    }
+                }
+            },
+            // Check member expressions for constructor.name usage
+            MemberExpression(node) {
+                if (isUnreliableConstructorCheck(node)) {
+                    // Check if this involves user input
+                    let current = node;
+                    let involvesUserInput = false;
+                    // Walk up to find if this is used with user input
+                    while (current.parent) {
+                        current = current.parent;
+                        if (current.type === 'VariableDeclarator' &&
+                            current.init === node) {
+                            // This is assignment - check if assigned to user input
+                            involvesUserInput = true;
+                            break;
+                        }
+                        if (current.type === 'BinaryExpression' &&
+                            (current.left === node || current.right === node)) {
+                            // Used in comparison - likely type checking
+                            involvesUserInput = true;
+                            break;
+                        }
+                    }
+                    if (involvesUserInput) {
+                        // FALSE POSITIVE REDUCTION
+                        if (safetyChecker.isSafe(node, context)) {
+                            return;
+                        }
+                        context.report({
+                            node,
+                            messageId: 'unreliableConstructorCheck',
+                            data: {
+                                filePath: filename,
+                                line: String(node.loc?.start.line ?? 0),
+                            },
+                        });
+                    }
+                }
+            },
+            // Check call expressions for type checking functions
+            CallExpression(node) {
+                const callee = node.callee;
+                // Check for safe type checking functions
+                if (callee.type === 'MemberExpression' &&
+                    callee.property.type === 'Identifier') {
+                    const methodName = callee.property.name;
+                    const objectName = callee.object.type === 'Identifier' ? callee.object.name : '';
+                    // Check for proper type guards
+                    if (['isArray', 'isString', 'isNumber', 'isObject'].includes(methodName) &&
+                        objectName && ['Array', 'Number', 'String', 'Object'].includes(objectName)) {
+                        // This is good - using proper type guards
+                        return;
+                    }
+                }
+                // Check for typeof usage in function calls
+                if (callee.type === 'Identifier' && callee.name === 'typeof') {
+                    // This is unusual - typeof is normally a unary operator
+                    // But if used as a function call, it's likely wrong
+                    context.report({
+                        node,
+                        messageId: 'improperTypeValidation',
+                        data: {
+                            filePath: filename,
+                            line: String(node.loc?.start.line ?? 0),
+                            severity: 'LOW',
+                            safeAlternative: 'Use typeof as unary operator: typeof value',
+                        },
+                    });
+                }
+            },
+            // Check if statements for incomplete type validation
+            IfStatement(node) {
+                const test = node.test;
+                // Look for if statements that only check one aspect of type
+                if (test.type === 'BinaryExpression') {
+                    const testText = sourceCode.getText(test).toLowerCase();
+                    // Check for incomplete null checks
+                    if ((testText.includes('!= null') || testText.includes('== null')) &&
+                        !testText.includes('!== undefined') && !testText.includes('=== undefined')) {
+                        // Check if this involves user input
+                        if ((test.left.type === 'Identifier' && isUserInput(test.left.name)) ||
+                            (test.right.type === 'Identifier' && isUserInput(test.right.name))) {
+                            // FALSE POSITIVE REDUCTION
+                            if (safetyChecker.isSafe(node, context)) {
+                                return;
+                            }
+                            context.report({
+                                node: test,
+                                messageId: 'missingNullCheck',
+                                data: {
+                                    filePath: filename,
+                                    line: String(node.loc?.start.line ?? 0),
+                                },
+                            });
+                        }
+                    }
+                }
+            }
+        };
+    },
+});
+//# sourceMappingURL=no-improper-type-validation.js.map

package/src/rules/security/no-improper-type-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-improper-type-validation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-improper-type-validation.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AA8BrB,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yDAAyD;SACvE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,wFAAwF;aAC5G,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,qDAAqD;aACzE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;qBACrF;oBACD,sBAAsB,EAAE;wBACtB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;qBACtF;oBACD,wBAAwB,EAAE;wBACxB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,yCAAyC;qBACvD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;YAC/F,sBAAsB,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;YACpG,wBAAwB,EAAE,IAAI;YAC9B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAChG,wBAAwB,GAAG,IAAI,EAC/B,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAW,EAAE;YAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAA+B,EAAW,EAAE;YAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YAEzB,gDAAgD;YAChD,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAC/B,IAAI,CAAC,QAAQ,KAAK,QAAQ;gBAC1B,KAAK,CAAC,IAAI,KAAK,SAAS;gBACxB,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAA+B,EAAW,EAAE;YACtE,IAAI,IAAI,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,2DAA2D;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,IAA+B,EAAW,EAAE;YAC5E,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAE/D,gEAAgE;YAChE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvD,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7E,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,4BAA4B,GAAG,CAAC,IAA+B,EAAW,EAAE;YAChF,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM;gBAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,aAAa,CAAC;QACrD,CAAC,CAAC;QAEF,OAAO;YACL,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,gCAAgC;gBAChC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzB,oCAAoC;oBACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAgC,CAAC;oBACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3E,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;4BACD,OAAO,EAAE;gCACP;oCACE,SAAS,EAAE,oBAAoB;oCAC/B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,sCAAsC;iCACvD;6BACF;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACzD,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,0CAA0C;gBAC1C,IAAI,wBAAwB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,8CAA8C;oBAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAE5C,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtD,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACxD,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wBAE5D,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,wBAAwB;4BACnC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,IAAI,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,oCAAoC;oBACpC,IAAI,OAAO,GAAkB,IAAI,CAAC;oBAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;oBAE9B,kDAAkD;oBAClD,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;wBACtB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;wBACzB,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;4BACrC,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;4BAC1B,uDAAuD;4BACvD,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;wBACD,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB;4BACnC,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;4BACtD,4CAA4C;4BAC5C,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;oBACH,CAAC;oBAED,IAAI,iBAAiB,EAAE,CAAC;wBACtB,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,4BAA4B;4BACvC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,yCAAyC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjF,+BAA+B;oBAC/B,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACpE,UAAU,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/E,0CAA0C;wBAC1C,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7D,wDAAwD;oBACxD,oDAAoD;oBACpD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,wBAAwB;wBACnC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;4BACvC,QAAQ,EAAE,KAAK;4BACf,eAAe,EAAE,4CAA4C;yBAC9D;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,WAAW,CAAC,IAA0B;gBACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBAEvB,4DAA4D;gBAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBAExD,mCAAmC;oBACnC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;wBAC9D,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;wBAE/E,oCAAoC;wBACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4BAChE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;4BAEvE,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,kBAAkB;gCAC7B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-insecure-comparison.d.ts

@@ -0,0 +1,7 @@
+export interface Options {
+    /** Allow insecure comparison in test files. Default: false */
+    allowInTests?: boolean;
+    /** Additional patterns to ignore. Default: [] */
+    ignorePatterns?: string[];
+}
+export declare const noInsecureComparison: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/security/no-insecure-comparison.js

@@ -0,0 +1,125 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noInsecureComparison = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+exports.noInsecureComparison = (0, eslint_devkit_2.createRule)({
+    name: 'no-insecure-comparison',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects insecure comparison operators (==, !=) that can lead to type coercion vulnerabilities',
+        },
+        fixable: 'code',
+        hasSuggestions: true,
+        messages: {
+            insecureComparison: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Insecure Comparison',
+                cwe: 'CWE-697',
+                description: 'Insecure comparison operator ({{operator}}) detected - can lead to type coercion vulnerabilities',
+                severity: 'HIGH',
+                fix: 'Use strict equality ({{strictOperator}}) instead: {{example}}',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/697.html',
+            }),
+            useStrictEquality: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Strict Equality',
+                description: 'Use strict equality operator',
+                severity: 'LOW',
+                fix: 'Replace == with === and != with !==',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Strict_equality',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow insecure comparison in test files',
+                    },
+                    ignorePatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional patterns to ignore',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInTests: false,
+            ignorePatterns: [],
+        },
+    ],
+    create(context, [options = {}]) {
+        const { allowInTests = false, ignorePatterns = [], } = options;
+        const filename = context.getFilename();
+        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        const sourceCode = context.sourceCode || context.sourceCode;
+        /**
+         * Check if a string matches any ignore pattern
+         */
+        function matchesIgnorePattern(text, patterns) {
+            return patterns.some(pattern => {
+                try {
+                    const regex = new RegExp(pattern, 'i');
+                    return regex.test(text);
+                }
+                catch {
+                    // Invalid regex - treat as literal string match
+                    return text.toLowerCase().includes(pattern.toLowerCase());
+                }
+            });
+        }
+        /**
+         * Check BinaryExpression for insecure comparison operators
+         */
+        function checkBinaryExpression(node) {
+            if (isTestFile) {
+                return;
+            }
+            // Check for insecure comparison operators
+            if (node.operator === '==' || node.operator === '!=') {
+                const text = sourceCode.getText(node);
+                // Check if it matches any ignore pattern
+                if (matchesIgnorePattern(text, ignorePatterns)) {
+                    return;
+                }
+                const strictOperator = node.operator === '==' ? '===' : '!==';
+                const leftText = sourceCode.getText(node.left);
+                const rightText = sourceCode.getText(node.right);
+                const example = `${leftText} ${strictOperator} ${rightText}`;
+                context.report({
+                    node: node,
+                    messageId: 'insecureComparison',
+                    data: {
+                        operator: node.operator,
+                        strictOperator,
+                        example,
+                    },
+                    fix: (fixer) => {
+                        return fixer.replaceText(node, example);
+                    },
+                    suggest: [
+                        {
+                            messageId: 'useStrictEquality',
+                            fix: (fixer) => {
+                                return fixer.replaceText(node, example);
+                            },
+                        },
+                    ],
+                });
+            }
+        }
+        return {
+            BinaryExpression: checkBinaryExpression,
+        };
+    },
+});
+//# sourceMappingURL=no-insecure-comparison.js.map

package/src/rules/security/no-insecure-comparison.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"no-insecure-comparison.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insecure-comparison.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAczC,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,+FAA+F;SAC7G;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,kGAAkG;gBAC/G,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,yCAAyC;qBACvD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+BAA+B;qBAC7C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D;;WAEG;QACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;YAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,gDAAgD;oBAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED;;WAEG;QACH,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAEtC,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,GAAG,QAAQ,IAAI,cAAc,IAAI,SAAS,EAAE,CAAC;gBAE7D,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,IAAI;oBACV,SAAS,EAAE,oBAAoB;oBAC/B,IAAI,EAAE;wBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,cAAc;wBACd,OAAO;qBACR;oBACD,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;wBACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC1C,CAAC;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,mBAAmB;4BAC9B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;4BAC1C,CAAC;yBACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-insecure-cookie-settings.d.ts

@@ -0,0 +1,9 @@
+export interface Options {
+    /** Allow insecure cookies in test files. Default: false */
+    allowInTests?: boolean;
+    /** Cookie library patterns to recognize. Default: ['cookie', 'js-cookie', 'universal-cookie'] */
+    cookieLibraries?: string[];
+    /** Additional safe patterns to ignore. Default: [] */
+    ignorePatterns?: string[];
+}
+export declare const noInsecureCookieSettings: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;