eslint-plugin-secure-coding 1.0.0

package/src/rules/security/detect-object-injection.js

@@ -0,0 +1,411 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectObjectInjection = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+const eslint_devkit_2 = require("@interlace/eslint-devkit");
+const OBJECT_INJECTION_PATTERNS = [
+    {
+        pattern: '__proto__',
+        dangerous: true,
+        vulnerability: 'prototype-pollution',
+        safeAlternative: 'Object.create(null) or Map',
+        example: {
+            bad: 'obj[userInput] = value; // if userInput is "__proto__"',
+            good: 'const map = new Map(); map.set(userInput, value);'
+        },
+        effort: '15-20 minutes',
+        riskLevel: 'critical'
+    },
+    {
+        pattern: 'prototype',
+        dangerous: true,
+        vulnerability: 'prototype-pollution',
+        safeAlternative: 'Avoid prototype manipulation',
+        example: {
+            bad: 'obj[userInput] = value; // if userInput is "prototype"',
+            good: 'if (!obj.hasOwnProperty(userInput)) obj[userInput] = value;'
+        },
+        effort: '10-15 minutes',
+        riskLevel: 'high'
+    },
+    {
+        pattern: 'constructor',
+        dangerous: true,
+        vulnerability: 'method-injection',
+        safeAlternative: 'Validate property names against whitelist',
+        example: {
+            bad: 'obj[userInput] = value; // if userInput is "constructor"',
+            good: 'const ALLOWED_KEYS = [\'name\', \'age\', \'email\']; if (ALLOWED_KEYS.includes(userInput)) obj[userInput] = value;'
+        },
+        effort: '10-15 minutes',
+        riskLevel: 'medium'
+    }
+];
+exports.detectObjectInjection = (0, eslint_devkit_2.createRule)({
+    name: 'detect-object-injection',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detects variable[key] as a left- or right-hand assignment operand',
+        },
+        messages: {
+            // 🎯 Token optimization: 37% reduction (54→34 tokens) - removes verbose current/fix/doc labels
+            objectInjection: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.WARNING,
+                issueName: 'Object injection',
+                cwe: 'CWE-915',
+                description: 'Object injection/Prototype pollution (incl. model/tool outputs)',
+                severity: '{{riskLevel}}',
+                fix: '{{safeAlternative}}',
+                documentationLink: 'https://portswigger.net/web-security/prototype-pollution',
+            }),
+            useMapInstead: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Map',
+                description: 'Use Map instead of plain objects',
+                severity: 'LOW',
+                fix: 'const map = new Map(); map.set(key, value);',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Map',
+            }),
+            useHasOwnProperty: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use hasOwnProperty',
+                description: 'Check hasOwnProperty to avoid prototype properties',
+                severity: 'LOW',
+                fix: 'if (obj.hasOwnProperty(key)) { obj[key] = value; }',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwnProperty',
+            }),
+            whitelistKeys: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Whitelist Keys',
+                description: 'Whitelist allowed property names',
+                severity: 'LOW',
+                fix: 'const ALLOWED = ["name", "email"]; if (ALLOWED.includes(key)) obj[key] = value; // reject model/tool-supplied unknown keys',
+                documentationLink: 'https://portswigger.net/web-security/prototype-pollution',
+            }),
+            useObjectCreate: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Use Object.create(null)',
+                description: 'Create clean objects without prototypes',
+                severity: 'LOW',
+                fix: 'const obj = Object.create(null);',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/create',
+            }),
+            freezePrototypes: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.INFO,
+                issueName: 'Freeze Prototypes',
+                description: 'Freeze Object.prototype to prevent pollution',
+                severity: 'LOW',
+                fix: 'Object.freeze(Object.prototype);',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze',
+            }),
+            strategyValidate: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Validate Input',
+                description: 'Add input validation before property access',
+                severity: 'LOW',
+                fix: 'Validate key against allowed values before access',
+                documentationLink: 'https://portswigger.net/web-security/prototype-pollution',
+            }),
+            strategyWhitelist: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Whitelist Properties',
+                description: 'Whitelist allowed property names only',
+                severity: 'LOW',
+                fix: 'Define allowed keys and validate against them',
+                documentationLink: 'https://portswigger.net/web-security/prototype-pollution',
+            }),
+            strategyFreeze: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.STRATEGY,
+                issueName: 'Freeze Prototypes',
+                description: 'Freeze prototypes to prevent pollution',
+                severity: 'LOW',
+                fix: 'Object.freeze(Object.prototype) at app startup',
+                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze',
+            })
+        },
+        schema: [
+            {
+                type: 'object',
+                properties: {
+                    allowLiterals: {
+                        type: 'boolean',
+                        default: false,
+                        description: 'Allow bracket notation with literal strings'
+                    },
+                    additionalMethods: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: [],
+                        description: 'Additional object methods to check for injection'
+                    },
+                    dangerousProperties: {
+                        type: 'array',
+                        items: { type: 'string' },
+                        default: ['__proto__', 'prototype', 'constructor'],
+                        description: 'Properties to consider dangerous'
+                    },
+                    strategy: {
+                        type: 'string',
+                        enum: ['validate', 'whitelist', 'freeze', 'auto'],
+                        default: 'auto',
+                        description: 'Strategy for fixing object injection (auto = smart detection)'
+                    }
+                },
+                additionalProperties: false,
+            },
+        ],
+    },
+    defaultOptions: [
+        {
+            allowLiterals: false,
+            additionalMethods: [],
+            dangerousProperties: ['__proto__', 'prototype', 'constructor'],
+            strategy: 'auto'
+        },
+    ],
+    create(context) {
+        const options = context.options[0] || {};
+        const { allowLiterals = false, dangerousProperties = ['__proto__', 'prototype', 'constructor'], } = options || {};
+        // Track MemberExpressions that are part of AssignmentExpressions to avoid double-reporting
+        const handledMemberExpressions = new WeakSet();
+        // Check if TypeScript parser services are available for type-aware checking
+        const hasTypeInfo = (0, eslint_devkit_1.hasParserServices)(context);
+        const parserServices = hasTypeInfo ? (0, eslint_devkit_1.getParserServices)(context) : null;
+        /**
+         * Check if a node is a literal string (potentially safe)
+         */
+        const isLiteralString = (node) => {
+            return node.type === 'Literal' && typeof node.value === 'string';
+        };
+        /**
+         * Check if a property is part of a typed union (safe access)
+         *
+         * Type-Aware Enhancement:
+         * When TypeScript parser services are available, we can check if a variable
+         * is typed as a union of string literals (e.g., 'name' | 'email').
+         * Such accesses are safe because the values are statically constrained.
+         *
+         * @example
+         * // This is now detected as SAFE (no false positive):
+         * const key: 'name' | 'email' = getKey();
+         * obj[key] = value;
+         *
+         * // This is still detected as DANGEROUS:
+         * const key: string = getUserInput();
+         * obj[key] = value;
+         */
+        const isTypedUnionAccess = (propertyNode) => {
+            // Check if property is a literal string (typed access like obj['name'])
+            if (isLiteralString(propertyNode)) {
+                return true; // Literal strings are safe - they're typed at compile time
+            }
+            // Type-aware check: If we have TypeScript type information, check if the
+            // property key is constrained to a union of safe string literals
+            if (parserServices && propertyNode.type === 'Identifier') {
+                try {
+                    const type = (0, eslint_devkit_1.getTypeOfNode)(propertyNode, parserServices);
+                    // Check if the type is a union of safe string literals
+                    // (excludes '__proto__', 'prototype', 'constructor')
+                    if ((0, eslint_devkit_1.isUnionOfSafeStringLiterals)(type, dangerousProperties)) {
+                        return true; // Safe - statically constrained to safe values
+                    }
+                    // Also check for single string literal type (e.g., const key: 'name' = ...)
+                    const literalValues = (0, eslint_devkit_1.getStringLiteralValues)(type);
+                    if (literalValues && literalValues.length === 1) {
+                        // Single literal - safe if not dangerous
+                        if (!dangerousProperties.includes(literalValues[0])) {
+                            return true;
+                        }
+                    }
+                }
+                catch {
+                    // If type checking fails, fall back to treating as potentially dangerous
+                    // This can happen with malformed AST or missing type information
+                }
+            }
+            // Without type information, treat all identifiers as potentially dangerous
+            return false;
+        };
+        /**
+         * Check if property access is potentially dangerous
+         */
+        const isDangerousPropertyAccess = (propertyNode) => {
+            // Check if it's a literal string first
+            if (isLiteralString(propertyNode)) {
+                const propName = String(propertyNode.value);
+                // DANGEROUS: Literal strings that match dangerous properties (always flag these)
+                // Check this BEFORE checking typed union access
+                if (dangerousProperties.includes(propName)) {
+                    return true;
+                }
+                // SAFE: Typed union access (obj[typedKey] where typedKey is 'primary' | 'secondary')
+                // Only safe if it's NOT a dangerous property
+                if (isTypedUnionAccess(propertyNode)) {
+                    return false;
+                }
+                // SAFE: Literal strings that are NOT dangerous properties (if allowLiterals is true)
+                if (allowLiterals) {
+                    return false;
+                }
+                // If allowLiterals is false, non-dangerous literal strings are still considered safe
+                // (they're static and known at compile time)
+                return false;
+            }
+            // DANGEROUS: Any untyped/dynamic property access (e.g., obj[userInput])
+            return true;
+        };
+        /**
+         * Extract property access information
+         */
+        const extractPropertyAccess = (node) => {
+            const sourceCode = context.sourceCode || context.sourceCode;
+            let object;
+            let property;
+            let propertyNode;
+            let isAssignment = false;
+            if (node.type === 'AssignmentExpression' && node.left.type === 'MemberExpression') {
+                // Assignment: obj[key] = value
+                object = sourceCode.getText(node.left.object);
+                property = sourceCode.getText(node.left.property);
+                propertyNode = node.left.property;
+                isAssignment = true;
+            }
+            else if (node.type === 'MemberExpression') {
+                // Access: obj[key]
+                object = sourceCode.getText(node.object);
+                property = sourceCode.getText(node.property);
+                propertyNode = node.property;
+                isAssignment = false;
+            }
+            else {
+                return { object: '', property: '', propertyNode: node, isAssignment: false, pattern: null };
+            }
+            // Check if property matches dangerous patterns
+            const pattern = OBJECT_INJECTION_PATTERNS.find(p => new RegExp(p.pattern, 'i').test(property) ||
+                dangerousProperties.includes(property.replace(/['"]/g, ''))) || null;
+            return { object, property, propertyNode, isAssignment, pattern };
+        };
+        /**
+         * Determine if this is a high-risk assignment
+         */
+        const isHighRiskAssignment = (node) => {
+            if (node.left.type !== 'MemberExpression') {
+                return false;
+            }
+            // Only check computed member access (bracket notation)
+            // Dot notation (obj.name) is safe
+            if (!node.left.computed) {
+                return false;
+            }
+            const { propertyNode } = extractPropertyAccess(node);
+            // Check for dangerous property access in assignment
+            return isDangerousPropertyAccess(propertyNode);
+        };
+        /**
+         * Determine if this is a high-risk member access
+         */
+        const isHighRiskMemberAccess = (node) => {
+            // Only check computed member access (bracket notation)
+            if (!node.computed) {
+                return false;
+            }
+            const { propertyNode } = extractPropertyAccess(node);
+            // Check for dangerous property access
+            return isDangerousPropertyAccess(propertyNode);
+        };
+        /**
+         * Determine risk level based on the pattern and context
+         */
+        const determineRiskLevel = (pattern, isAssignment) => {
+            if (pattern?.riskLevel === 'critical' || (pattern && isAssignment)) {
+                return 'CRITICAL';
+            }
+            if (pattern?.riskLevel === 'high' || isAssignment) {
+                return 'HIGH';
+            }
+            return 'MEDIUM';
+        };
+        /**
+         * Check assignment expressions for object injection
+         */
+        const checkAssignmentExpression = (node) => {
+            if (!isHighRiskAssignment(node)) {
+                return;
+            }
+            // Mark the MemberExpression as handled to avoid double-reporting
+            if (node.left.type === 'MemberExpression') {
+                handledMemberExpressions.add(node.left);
+            }
+            const { object, property, isAssignment, pattern } = extractPropertyAccess(node);
+            const riskLevel = determineRiskLevel(pattern, isAssignment);
+            context.report({
+                node,
+                messageId: 'objectInjection',
+                data: {
+                    pattern: `${object}[${property}]`,
+                    riskLevel,
+                    vulnerability: pattern?.vulnerability || 'object injection',
+                    safeAlternative: pattern?.safeAlternative || 'Use Map or property whitelisting',
+                },
+                suggest: [
+                    {
+                        messageId: 'useMapInstead',
+                        fix: () => null
+                    },
+                    {
+                        messageId: 'useHasOwnProperty',
+                        fix: () => null
+                    },
+                    {
+                        messageId: 'whitelistKeys',
+                        fix: () => null
+                    },
+                    {
+                        messageId: 'useObjectCreate',
+                        fix: () => null
+                    },
+                    {
+                        messageId: 'freezePrototypes',
+                        fix: () => null
+                    }
+                ]
+            });
+        };
+        /**
+         * Check member expressions for object injection
+         */
+        const checkMemberExpression = (node) => {
+            if (!isHighRiskMemberAccess(node)) {
+                return;
+            }
+            // Skip if this MemberExpression was already handled as part of an AssignmentExpression
+            if (handledMemberExpressions.has(node)) {
+                return;
+            }
+            // Also check parent - if it's an AssignmentExpression and this node is the left side, skip
+            // (This handles cases where WeakSet check didn't work due to visitor order)
+            const parent = node.parent;
+            if (parent && parent.type === 'AssignmentExpression' && parent.left === node) {
+                return;
+            }
+            const { object, property, isAssignment, pattern } = extractPropertyAccess(node);
+            const riskLevel = determineRiskLevel(pattern, isAssignment);
+            context.report({
+                node,
+                messageId: 'objectInjection',
+                data: {
+                    pattern: `${object}[${property}]`,
+                    riskLevel,
+                    vulnerability: pattern?.vulnerability || 'object injection',
+                    safeAlternative: pattern?.safeAlternative || 'Use Map or property whitelisting',
+                }
+            });
+        };
+        return {
+            AssignmentExpression: checkAssignmentExpression,
+            MemberExpression: checkMemberExpression
+        };
+    },
+});
+//# sourceMappingURL=detect-object-injection.js.map

package/src/rules/security/detect-object-injection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect-object-injection.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/detect-object-injection.ts"],"names":[],"mappings":";;;AAcA,4DAQkC;AAClC,4DAAsD;AA0CtD,MAAM,yBAAyB,GAA6B;IAC1D;QACE,OAAO,EAAE,WAAW;QACpB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,qBAAqB;QACpC,eAAe,EAAE,4BAA4B;QAC7C,OAAO,EAAE;YACP,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE,mDAAmD;SAC1D;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,UAAU;KACtB;IACD;QACE,OAAO,EAAE,WAAW;QACpB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,qBAAqB;QACpC,eAAe,EAAE,8BAA8B;QAC/C,OAAO,EAAE;YACP,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE,6DAA6D;SACpE;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,MAAM;KAClB;IACD;QACE,OAAO,EAAE,aAAa;QACtB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,kBAAkB;QACjC,eAAe,EAAE,2CAA2C;QAC5D,OAAO,EAAE;YACP,GAAG,EAAE,0DAA0D;YAC/D,IAAI,EAAE,oHAAoH;SAC3H;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,QAAQ;KACpB;CACF,CAAC;AAEW,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,mEAAmE;SACjF;QACD,QAAQ,EAAE;YACR,+FAA+F;YAC/F,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,kBAAkB;gBAC7B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,iEAAiE;gBAC9E,QAAQ,EAAE,eAAe;gBACzB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,SAAS;gBACpB,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,oDAAoD;gBACjE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,4HAA4H;gBACjI,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,8CAA8C;gBAC3D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,6CAA6C;qBAC3D;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,kDAAkD;qBAChE;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC;wBAClD,WAAW,EAAE,kCAAkC;qBAChD;oBACD,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACjD,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,+DAA+D;qBAC7E;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,KAAK;YACpB,iBAAiB,EAAE,EAAE;YACrB,mBAAmB,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC;YAC9D,QAAQ,EAAE,MAAM;SACjB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,aAAa,GAAG,KAAK,EACrB,mBAAmB,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,GAChE,GAAY,OAAO,IAAI,EAAE,CAAC;QAE3B,2FAA2F;QAC3F,MAAM,wBAAwB,GAAG,IAAI,OAAO,EAA6B,CAAC;QAE1E,4EAA4E;QAC5E,MAAM,WAAW,GAAG,IAAA,iCAAiB,EAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEvE;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,IAAmB,EAAW,EAAE;YACvD,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;QACnE,CAAC,CAAC;QAEF;;;;;;;;;;;;;;;;WAgBG;QACH,MAAM,kBAAkB,GAAG,CAAC,YAA2B,EAAW,EAAE;YAClE,wEAAwE;YACxE,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC,CAAC,2DAA2D;YAC1E,CAAC;YAED,yEAAyE;YACzE,iEAAiE;YACjE,IAAI,cAAc,IAAI,YAAY,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,IAAA,6BAAa,EAAC,YAAY,EAAE,cAAc,CAAC,CAAC;oBAEzD,uDAAuD;oBACvD,qDAAqD;oBACrD,IAAI,IAAA,2CAA2B,EAAC,IAAI,EAAE,mBAAmB,CAAC,EAAE,CAAC;wBAC3D,OAAO,IAAI,CAAC,CAAC,+CAA+C;oBAC9D,CAAC;oBAED,4EAA4E;oBAC5E,MAAM,aAAa,GAAG,IAAA,sCAAsB,EAAC,IAAI,CAAC,CAAC;oBACnD,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAChD,yCAAyC;wBACzC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACpD,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,yEAAyE;oBACzE,iEAAiE;gBACnE,CAAC;YACH,CAAC;YAED,2EAA2E;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,YAA2B,EAAW,EAAE;YACzE,uCAAuC;YACvC,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,MAAM,QAAQ,GAAG,MAAM,CAAE,YAAiC,CAAC,KAAK,CAAC,CAAC;gBAElE,iFAAiF;gBACjF,gDAAgD;gBAChD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAEH,qFAAqF;gBACnF,6CAA6C;gBAC/C,IAAI,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;oBACrC,OAAO,KAAK,CAAC;gBACf,CAAC;gBAEC,qFAAqF;gBACrF,IAAI,aAAa,EAAE,CAAC;oBAClB,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,qFAAqF;gBACrF,6CAA6C;gBAC7C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,wEAAwE;YACxE,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA+D,EAM5F,EAAE;YACF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAE5D,IAAI,MAAc,CAAC;YACnB,IAAI,QAAgB,CAAC;YACrB,IAAI,YAA2B,CAAC;YAChC,IAAI,YAAY,GAAG,KAAK,CAAC;YAEzB,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAsB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAClF,+BAA+B;gBAC/B,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9C,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAClD,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAClC,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,mBAAmB;gBACnB,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACzC,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC7C,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAC7B,YAAY,GAAG,KAAK,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC9F,CAAC;YAED,+CAA+C;YAC/C,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjD,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACzC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAC5D,IAAI,IAAI,CAAC;YAEV,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,oBAAoB,GAAG,CAAC,IAAmC,EAAW,EAAE;YAC5E,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC1C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,uDAAuD;YACvD,kCAAkC;YAClC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAErD,oDAAoD;YACpD,OAAO,yBAAyB,CAAC,YAAY,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,sBAAsB,GAAG,CAAC,IAA+B,EAAW,EAAE;YAC1E,uDAAuD;YACvD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAErD,sCAAsC;YACtC,OAAO,yBAAyB,CAAC,YAAY,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,OAAsC,EAAE,YAAqB,EAAU,EAAE;YACnG,IAAI,OAAO,EAAE,SAAS,KAAK,UAAU,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,EAAE,CAAC;gBACnE,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,IAAI,OAAO,EAAE,SAAS,KAAK,MAAM,IAAI,YAAY,EAAE,CAAC;gBAClD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,IAAmC,EAAE,EAAE;YACxE,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC1C,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAE5D,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,iBAAiB;gBAC5B,IAAI,EAAE;oBACJ,OAAO,EAAE,GAAG,MAAM,IAAI,QAAQ,GAAG;oBACjC,SAAS;oBACT,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,kBAAkB;oBAC3D,eAAe,EAAE,OAAO,EAAE,eAAe,IAAI,kCAAkC;iBAChF;gBACD,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,mBAAmB;wBAC9B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,kBAAkB;wBAC7B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA+B,EAAE,EAAE;YAChE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO;YACT,CAAC;YAED,uFAAuF;YACvF,IAAI,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,OAAO;YACT,CAAC;YAED,2FAA2F;YAC3F,4EAA4E;YAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAmC,CAAC;YACxD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAC7E,OAAO;YACT,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAE5D,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,iBAAiB;gBAC5B,IAAI,EAAE;oBACJ,OAAO,EAAE,GAAG,MAAM,IAAI,QAAQ,GAAG;oBACjC,SAAS;oBACT,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,kBAAkB;oBAC3D,eAAe,EAAE,OAAO,EAAE,eAAe,IAAI,kCAAkC;iBAChF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/security/no-buffer-overread.d.ts

@@ -0,0 +1,14 @@
+import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
+export interface Options extends SecurityRuleOptions {
+    /** Buffer methods to check for bounds safety */
+    bufferMethods?: string[];
+    /** Functions that validate buffer indices */
+    boundsCheckFunctions?: string[];
+    /** Buffer types to monitor */
+    bufferTypes?: string[];
+    /** Additional function names to consider as buffer index validators */
+    trustedSanitizers?: string[];
+    /** Additional JSDoc annotations to consider as safe markers */
+    strictMode?: boolean;
+}
+export declare const noBufferOverread: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;