npm - eslint-plugin-secure-coding - Versions diffs - 1.0.0 - Mend

eslint-plugin-secure-coding 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/src/rules/security/no-insufficient-postmessage-validation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"no-insufficient-postmessage-validation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insufficient-postmessage-validation.ts"],"names":[],"mappings":";;;AAsCA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAiCrB,QAAA,mCAAmC,GAAG,IAAA,0BAAU,EAA0B;IACrF,IAAI,EAAE,wCAAwC;IAC9C,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,oDAAoD;SAClE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,iCAAiC,EAAE,IAAA,gCAAgB,EAAC;gBAClD,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qCAAqC;gBAChD,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,yDAAyD;gBACtE,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,wDAAwD;gBAC7D,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,4BAA4B;gBACvC,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kEAAkE;gBACvE,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;YACF,6BAA6B,EAAE,IAAA,gCAAgB,EAAC;gBAC9C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iCAAiC;gBAC5C,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,qEAAqE;aACzF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,mDAAmD;qBACjE;oBACD,sBAAsB,EAAE;wBACtB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,aAAa,CAAC;qBAC1D;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,4DAA4D;qBAC1E;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;oBACD,WAAW,EAAE;wBACX,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC;wBAC9C,WAAW,EAAE,uDAAuD;qBACrE;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,0DAA0D;qBACxE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,cAAc,EAAE,EAAE;YAClB,kBAAkB,EAAE,KAAK;YACzB,sBAAsB,EAAE,CAAC,kBAAkB,EAAE,WAAW,EAAE,aAAa,CAAC;YACxE,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;YACjB,WAAW,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC;YAClD,cAAc,EAAE,KAAK;SACtB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,cAAc,GAAG,EAAE,EACnB,kBAAkB,GAAG,KAAK,EAC1B,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,EAClB,cAAc,GAAG,KAAK,GACvB,GAAY,OAAO,CAAC;QAGrB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;;;;;;WAOG;QACH,MAAM,mBAAmB,GAAG,CAAC,YAA2G,EAAW,EAAE;YACnJ,IAAI,cAAc,EAAE,CAAC;gBACnB,+CAA+C;gBAC/C,IAAI,CAAC;oBACH,IAAI,cAAc,GAAG,KAAK,CAAC;oBAE3B,MAAM,SAAS,GAAG,CAAC,IAAmB,EAAQ,EAAE;wBAC9C,qCAAqC;wBACrC,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BAChC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gCACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gCACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ;gCACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC;gCACxC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,kBAAkB;oCACtC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oCACzC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ;oCACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,EAAE,CAAC;4BAChD,cAAc,GAAG,IAAI,CAAC;4BACtB,OAAO;wBACT,CAAC;wBAED,8CAA8C;wBAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;4BAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;4BACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BAC7C,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;4BACxE,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gCACpE,cAAc,GAAG,IAAI,CAAC;gCACtB,OAAO;4BACT,CAAC;wBACH,CAAC;wBAED,gCAAgC;wBAChC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;4BACvB,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,KAAK;gCAAE,SAAS;4BACnE,MAAM,KAAK,GAAI,IAA2C,CAAC,GAAG,CAAC,CAAC;4BAChE,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAK,KAAgB,EAAE,CAAC;gCACtE,SAAS,CAAC,KAAsB,CAAC,CAAC;4BACpC,CAAC;iCAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gCAChC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;oCACnB,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAK,IAAe,EAAE,CAAC;wCACnE,SAAS,CAAC,IAAqB,CAAC,CAAC;oCACnC,CAAC;gCACH,CAAC,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC,CAAC;oBAEF,SAAS,CAAC,YAAY,CAAC,CAAC;oBACxB,OAAO,cAAc,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC;oBACP,4DAA4D;oBAC5D,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,kDAAkD;gBAClD,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpE,OAAO,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC;oBACrC,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC,CAAC;QAEF,OAAO;YACL,gDAAgD;YAChD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,oCAAoC;gBACpC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBAE3C,iDAAiD;oBACjD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAC7B,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS;4BAC/B,OAAO,YAAY,CAAC,KAAK,KAAK,QAAQ;4BACtC,YAAY,CAAC,KAAK,KAAK,GAAG,EAAE,CAAC;4BAE/B,wCAAwC;4BACxC,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC;4BACvC,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC;gCACrC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC;gCAC5B,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,iDAAiD;4BAE/F,IAAI,CAAC,SAAS,EAAE,CAAC;gCACf,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCAED,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,YAAY;oCAClB,SAAS,EAAE,oBAAoB;oCAC/B,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;wCACvC,MAAM,EAAE,WAAW;qCACpB;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;wBAED,4BAA4B;wBAC5B,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS;4BAC/B,OAAO,YAAY,CAAC,KAAK,KAAK,QAAQ;4BACtC,YAAY,CAAC,KAAK,KAAK,GAAG,EAAE,CAAC;4BAE/B,wCAAwC;4BACxC,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC;4BACvC,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;4BAEvF,8DAA8D;4BAC9D,IAAI,CAAC,SAAS,IAAI,CAAC,kBAAkB,EAAE,CAAC;gCACtC,8BAA8B;gCAC9B,6CAA6C;gCAC7C,YAAY;gCACZ,IAAI;gCAEJ,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,YAAY;oCAClB,SAAS,EAAE,gBAAgB;oCAC3B,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,2DAA2D;gBAE3D,6CAA6C;gBAC7C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAEhD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAExB,gCAAgC;wBAChC,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS;4BAC5B,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ;4BACnC,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;4BAElC,6DAA6D;4BAC7D,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;gCACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;gCAE/C,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;oCAClC,2BAA2B;oCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wCACxC,OAAO;oCACT,CAAC;oCAED,OAAO,CAAC,MAAM,CAAC;wCACb,IAAI,EAAE,OAAO;wCACb,SAAS,EAAE,oBAAoB;wCAC/B,IAAI,EAAE;4CACJ,QAAQ,EAAE,QAAQ;4CAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yCACxC;qCACF,CAAC,CAAC;gCACL,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,yCAAyC;YACzC,oBAAoB,CAAC,IAAmC;gBACtD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;oBAChC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW;oBAClC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAElC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC;oBAC3B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,oBAAoB;wBACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,CAAC,EAAE,CAAC;wBAE5D,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;4BAClC,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,OAAO;gCACb,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,uDAAuD;YACvD,gBAAgB,CAAC,IAA+B;gBAC9C,4BAA4B;gBAC5B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM;oBAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAEjC,qEAAqE;oBACrE,4DAA4D;oBAC5D,qEAAqE;oBAErE,uEAAuE;oBACvE,8DAA8D;oBAC9D,OAAO;gBACT,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-insufficient-random.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export interface Options {
+    /** Allow Math.random() in test files. Default: false */
+    allowInTests?: boolean;
+    /** Additional weak PRNG patterns to detect. Default: [] */
+    additionalWeakPatterns?: string[];
+    /** Trusted random libraries. Default: ['crypto'] */
+    trustedLibraries?: string[];
+}
+export declare const noInsufficientRandom: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/security/no-insufficient-random.js ADDED Viewed

@@ -0,0 +1,207 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noInsufficientRandom = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const WEAK_RANDOM_PATTERNS = [
+    {
+        pattern: /\bMath\.random\b/i,
+        name: 'Math.random()',
+        category: 'math',
+        alternatives: ['crypto.getRandomValues()', 'crypto.randomBytes()'],
+        example: {
+            bad: 'const random = Math.random();',
+            good: 'const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
+        },
+        effort: '5 minutes'
+    },
+    {
+        pattern: /\brandom\(\)/i,
+        name: 'random()',
+        category: 'library',
+        alternatives: ['crypto.getRandomValues()'],
+        example: {
+            bad: 'const random = random();',
+            good: 'const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
+        },
+        effort: '5 minutes'
+    }
+];
+/**
+ * Check if a string contains a weak random pattern
+ */
+function containsWeakRandom(value, additionalPatterns) {
+    // Check standard patterns
+    for (const pattern of WEAK_RANDOM_PATTERNS) {
+        if (pattern.pattern.test(value)) {
+            return pattern;
+        }
+    }
+    // Check additional patterns
+    for (const additionalPattern of additionalPatterns) {
+        const regex = new RegExp(`\\b${additionalPattern}\\b`, 'i');
+        if (regex.test(value)) {
+            return {
+                pattern: regex,
+                name: additionalPattern,
+                category: 'custom',
+                alternatives: ['crypto.getRandomValues()'],
+                example: {
+                    bad: `${additionalPattern}()`,
+                    good: 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)'
+                },
+                effort: '10 minutes'
+            };
+        }
+    }
+    return null;
+}
+/**
+ * Check if a MemberExpression is Math.random()
+ */
+function isMathRandom(node) {
+    return (node.object.type === 'Identifier' &&
+        node.object.name === 'Math' &&
+        node.property.type === 'Identifier' &&
+        node.property.name === 'random');
+}
+/**
+ * Generate refactoring suggestions
+ */
+function generateSuggestions(pattern) {
+    const suggestions = [];
+    if (pattern.category === 'math') {
+        suggestions.push({
+            messageId: 'useCryptoRandomValues',
+            fix: 'Use crypto.getRandomValues(): const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
+        });
+    }
+    else {
+        suggestions.push({
+            messageId: 'useSecureRandom',
+            fix: 'Use crypto.getRandomValues() or crypto.randomBytes() for secure random number generation'
+        });
+    }
+    return suggestions;
+}
+exports.noInsufficientRandom = (0, eslint_devkit_2.createRule)({
+    name: 'no-insufficient-random',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects weak random number generation (Math.random(), weak PRNG)',
+        },
+        hasSuggestions: true,
+        messages: {
+            insufficientRandom: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Weak random number generation',
+                cwe: 'CWE-338',
+                description: 'Use of weak pseudo-random number generator: {{pattern}}',
+                severity: 'HIGH',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/338.html',
+            }),
+            useCryptoRandomValues: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Crypto Random',
+                description: 'Use crypto.getRandomValues()',
+                severity: 'LOW',
+                fix: 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues',
+            }),
+            useSecureRandom: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Secure Random',
+                description: 'Use crypto for secure random generation',
+                severity: 'LOW',
+                fix: 'crypto.randomBytes() or crypto.getRandomValues()',
+                documentationLink: 'https://nodejs.org/api/crypto.html#cryptorandombytessize-callback',
+            }),
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowInTests: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow Math.random() in test files',
+                    },
+                    additionalWeakPatterns: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional weak PRNG patterns to detect',
+                    },
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowInTests: false,
+            additionalWeakPatterns: [],
+        },
+    ],
+    create(context, [options = {}]) {
+        const { allowInTests = false, additionalWeakPatterns = [], } = options;
+        const filename = context.getFilename();
+        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
+        /**
+         * Check if a call expression uses weak random generation
+         */
+        function checkCallExpression(node) {
+            if (isTestFile) {
+                return;
+            }
+            // Check for Math.random() calls
+            if (node.callee.type === 'MemberExpression' && isMathRandom(node.callee)) {
+                const pattern = containsWeakRandom('Math.random()', additionalWeakPatterns);
+                if (pattern) {
+                    const safeAlternative = pattern.alternatives[0];
+                    const suggestions = generateSuggestions(pattern);
+                    context.report({
+                        node: node.callee,
+                        messageId: 'insufficientRandom',
+                        data: {
+                            pattern: pattern.name,
+                            safeAlternative: `Use ${safeAlternative}: ${pattern.example.good}`,
+                        },
+                        suggest: suggestions.map(step => ({
+                            messageId: step.messageId,
+                            fix: (fixer) => {
+                                // Replace Math.random() with crypto.getRandomValues()
+                                return fixer.replaceText(node, 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)');
+                            },
+                        })),
+                    });
+                }
+                return;
+            }
+            // Check for standalone random() function calls (if configured)
+            if (node.callee.type === 'Identifier' && additionalWeakPatterns.length > 0) {
+                const sourceCode = context.sourceCode || context.sourceCode;
+                const callText = sourceCode.getText(node);
+                const pattern = containsWeakRandom(callText, additionalWeakPatterns);
+                if (pattern) {
+                    const safeAlternative = pattern.alternatives[0];
+                    context.report({
+                        node: node.callee,
+                        messageId: 'insufficientRandom',
+                        data: {
+                            pattern: pattern.name,
+                            safeAlternative: `Use ${safeAlternative}: ${pattern.example.good}`,
+                        },
+                        // Custom patterns cannot be safely auto-fixed - error message provides guidance
+                    });
+                }
+            }
+        }
+        return {
+            CallExpression: checkCallExpression,
+        };
+    },
+});
+//# sourceMappingURL=no-insufficient-random.js.map

package/src/rules/security/no-insufficient-random.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"no-insufficient-random.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insufficient-random.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAyCtD,MAAM,oBAAoB,GAAwB;IAChD;QACE,OAAO,EAAE,mBAAmB;QAC5B,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,YAAY,EAAE,CAAC,0BAA0B,EAAE,sBAAsB,CAAC;QAClE,OAAO,EAAE;YACP,GAAG,EAAE,+BAA+B;YACpC,IAAI,EAAE,kFAAkF;SACzF;QACD,MAAM,EAAE,WAAW;KACpB;IACD;QACE,OAAO,EAAE,eAAe;QACxB,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,0BAA0B,CAAC;QAC1C,OAAO,EAAE;YACP,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAE,kFAAkF;SACzF;QACD,MAAM,EAAE,WAAW;KACpB;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,kBAAkB,CACzB,KAAa,EACb,kBAA4B;IAE5B,0BAA0B;IAC1B,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;QACnD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,iBAAiB,KAAK,EAAE,GAAG,CAAC,CAAC;QAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,QAAQ;gBAClB,YAAY,EAAE,CAAC,0BAA0B,CAAC;gBAC1C,OAAO,EAAE;oBACP,GAAG,EAAE,GAAG,iBAAiB,IAAI;oBAC7B,IAAI,EAAE,kEAAkE;iBACzE;gBACD,MAAM,EAAE,YAAY;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAA+B;IACnD,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM;QAC3B,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;QACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAChC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,OAA0B;IAE1B,MAAM,WAAW,GAA6C,EAAE,CAAC;IAEjE,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAChC,WAAW,CAAC,IAAI,CAAC;YACf,SAAS,EAAE,uBAAuB;YAClC,GAAG,EAAE,gHAAgH;SACtH,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,IAAI,CAAC;YACf,SAAS,EAAE,iBAAiB;YAC5B,GAAG,EAAE,0FAA0F;SAChG,CAAC,CAAC;IACL,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAEY,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,kEAAkE;SAChF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,yDAAyD;gBACtE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kEAAkE;gBACvE,iBAAiB,EAAE,yEAAyE;aAC7F,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,mCAAmC;qBACjD;oBACD,sBAAsB,EAAE;wBACtB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,yCAAyC;qBACvD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,sBAAsB,EAAE,EAAE;SAC3B;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,sBAAsB,GAAG,EAAE,GAC5B,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpF;;WAEG;QACH,SAAS,mBAAmB,CAAC,IAA6B;YACxD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,gCAAgC;YAChC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzE,MAAM,OAAO,GAAG,kBAAkB,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;gBAE5E,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;oBAChD,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;oBAEjD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,EAAE;4BACJ,OAAO,EAAE,OAAO,CAAC,IAAI;4BACrB,eAAe,EAAE,OAAO,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE;yBACnE;wBACD,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;4BAChC,SAAS,EAAE,IAAI,CAAC,SAAS;4BACzB,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,sDAAsD;gCACtD,OAAO,KAAK,CAAC,WAAW,CACtB,IAAI,EACJ,kEAAkE,CACnE,CAAC;4BACJ,CAAC;yBACF,CAAC,CAAC;qBACJ,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO;YACT,CAAC;YAED,+DAA+D;YAC/D,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,sBAAsB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;gBAC5D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAE1C,MAAM,OAAO,GAAG,kBAAkB,CAAC,QAAQ,EAAE,sBAAsB,CAAC,CAAC;gBAErE,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;oBAEhD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,EAAE;4BACJ,OAAO,EAAE,OAAO,CAAC,IAAI;4BACrB,eAAe,EAAE,OAAO,eAAe,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE;yBACnE;wBACD,gFAAgF;qBACjF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-ldap-injection.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
+export interface Options extends SecurityRuleOptions {
+    /** LDAP-related function names to check */
+    ldapFunctions?: string[];
+    /** Functions that safely escape LDAP input */
+    ldapEscapeFunctions?: string[];
+    /** Functions that validate LDAP input */
+    ldapValidationFunctions?: string[];
+}
+export declare const noLdapInjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;