eslint-plugin-secure-coding 2.0.4 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/package.json +2 -2
  2. package/src/rules/security/detect-child-process.js +89 -19
  3. package/src/rules/security/detect-child-process.js.map +1 -1
  4. package/src/rules/security/no-buffer-overread.js +74 -1
  5. package/src/rules/security/no-buffer-overread.js.map +1 -1
  6. package/src/rules/security/no-directive-injection.js +6 -2
  7. package/src/rules/security/no-directive-injection.js.map +1 -1
  8. package/src/rules/security/no-improper-sanitization.js +6 -6
  9. package/src/rules/security/no-improper-sanitization.js.map +1 -1
  10. package/src/rules/security/no-improper-type-validation.js +54 -3
  11. package/src/rules/security/no-improper-type-validation.js.map +1 -1
  12. package/src/rules/security/no-insecure-comparison.js +67 -0
  13. package/src/rules/security/no-insecure-comparison.js.map +1 -1
  14. package/src/rules/security/no-insecure-jwt.js +48 -8
  15. package/src/rules/security/no-insecure-jwt.js.map +1 -1
  16. package/src/rules/security/no-privilege-escalation.js +35 -0
  17. package/src/rules/security/no-privilege-escalation.js.map +1 -1
  18. package/src/rules/security/no-toctou-vulnerability.js +106 -62
  19. package/src/rules/security/no-toctou-vulnerability.js.map +1 -1
  20. package/src/rules/security/no-unescaped-url-parameter.js +91 -1
  21. package/src/rules/security/no-unescaped-url-parameter.js.map +1 -1
  22. package/src/rules/security/no-unsanitized-html.js +15 -48
  23. package/src/rules/security/no-unsanitized-html.js.map +1 -1
package/src/rules/security/no-improper-type-validation.js CHANGED
@@ -209,6 +209,32 @@ exports.noImproperTypeValidation = (0, eslint_devkit_1.createRule)({
209
209
  left.operator === 'typeof' &&
210
210
  right.type === 'Literal' &&
211
211
  right.value === 'object') {
212
+ // Check if this node is part of a larger expression that includes a null check
213
+ let varName = '';
214
+ if (left.argument.type === 'Identifier') {
215
+ varName = left.argument.name;
216
+ }
217
+ if (varName) {
218
+ let current = node.parent;
219
+ let child = node;
220
+ while (current) {
221
+ if (current.type === 'LogicalExpression' && current.operator === '&&') {
222
+ // If we are on the right side, check the left side for null check
223
+ if (current.right === child) {
224
+ const leftText = sourceCode.getText(current.left);
225
+ if (leftText.includes(`${varName} !== null`) ||
226
+ leftText.includes(`${varName} != null`)) {
227
+ return false;
228
+ }
229
+ }
230
+ }
231
+ if (current.type.includes('Statement') || current.type.includes('Declaration')) {
232
+ break;
233
+ }
234
+ child = current;
235
+ current = current.parent;
236
+ }
237
+ }
212
238
  return true;
213
239
  }
214
240
  return false;
@@ -255,15 +281,23 @@ exports.noImproperTypeValidation = (0, eslint_devkit_1.createRule)({
255
281
  BinaryExpression(node) {
256
282
  // Check for unsafe typeof usage
257
283
  if (isUnsafeTypeof(node)) {
258
- // Check if this involves user input
259
284
  const left = node.left;
285
+ let matchesUserInput = false;
260
286
  if (left.argument.type === 'Identifier' && isUserInput(left.argument.name)) {
287
+ matchesUserInput = true;
288
+ }
289
+ else if (left.argument.type === 'MemberExpression' &&
290
+ left.argument.object.type === 'Identifier' &&
291
+ isUserInput(left.argument.object.name)) {
292
+ matchesUserInput = true;
293
+ }
294
+ if (matchesUserInput) {
261
295
  // FALSE POSITIVE REDUCTION
262
296
  if (safetyChecker.isSafe(node, context)) {
263
297
  return;
264
298
  }
265
299
  context.report({
266
- node,
300
+ node: left,
267
301
  messageId: 'unsafeTypeofCheck',
268
302
  data: {
269
303
  filePath: filename,
@@ -307,7 +341,7 @@ exports.noImproperTypeValidation = (0, eslint_devkit_1.createRule)({
307
341
  return;
308
342
  }
309
343
  context.report({
310
- node,
344
+ node: node,
311
345
  messageId: 'looseEqualityTypeCheck',
312
346
  data: {
313
347
  filePath: filename,
@@ -389,6 +423,23 @@ exports.noImproperTypeValidation = (0, eslint_devkit_1.createRule)({
389
423
  // Check if statements for incomplete type validation
390
424
  IfStatement(node) {
391
425
  const test = node.test;
426
+ // NEW: Check for implicit truthiness check on user input
427
+ if (test.type === 'Identifier' && isUserInput(test.name)) {
428
+ // FALSE POSITIVE REDUCTION
429
+ if (safetyChecker.isSafe(node, context)) {
430
+ return;
431
+ }
432
+ context.report({
433
+ node: test,
434
+ messageId: 'improperTypeValidation',
435
+ data: {
436
+ filePath: filename,
437
+ line: String(node.loc?.start.line ?? 0),
438
+ severity: 'LOW',
439
+ safeAlternative: 'Explicitly check for null/undefined or type',
440
+ }
441
+ });
442
+ }
392
443
  // Look for if statements that only check one aspect of type
393
444
  if (test.type === 'BinaryExpression') {
394
445
  const testText = sourceCode.getText(test).toLowerCase();
package/src/rules/security/no-improper-type-validation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-improper-type-validation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-improper-type-validation.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AA8BrB,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yDAAyD;SACvE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,wFAAwF;aAC5G,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,qDAAqD;aACzE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;qBACrF;oBACD,sBAAsB,EAAE;wBACtB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;qBACtF;oBACD,wBAAwB,EAAE;wBACxB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,yCAAyC;qBACvD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;YAC/F,sBAAsB,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;YACpG,wBAAwB,EAAE,IAAI;YAC9B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAChG,wBAAwB,GAAG,IAAI,EAC/B,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAW,EAAE;YAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAA+B,EAAW,EAAE;YAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YAEzB,gDAAgD;YAChD,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAC/B,IAAI,CAAC,QAAQ,KAAK,QAAQ;gBAC1B,KAAK,CAAC,IAAI,KAAK,SAAS;gBACxB,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAA+B,EAAW,EAAE;YACtE,IAAI,IAAI,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,2DAA2D;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,IAA+B,EAAW,EAAE;YAC5E,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAE/D,gEAAgE;YAChE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvD,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7E,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,4BAA4B,GAAG,CAAC,IAA+B,EAAW,EAAE;YAChF,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM;gBAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,aAAa,CAAC;QACrD,CAAC,CAAC;QAEF,OAAO;YACL,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,gCAAgC;gBAChC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzB,oCAAoC;oBACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAgC,CAAC;oBACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3E,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;4BACD,OAAO,EAAE;gCACP;oCACE,SAAS,EAAE,oBAAoB;oCAC/B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,sCAAsC;iCACvD;6BACF;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACzD,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,0CAA0C;gBAC1C,IAAI,wBAAwB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,8CAA8C;oBAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAE5C,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtD,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACxD,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wBAE5D,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,wBAAwB;4BACnC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,IAAI,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,oCAAoC;oBACpC,IAAI,OAAO,GAAkB,IAAI,CAAC;oBAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;oBAE9B,kDAAkD;oBAClD,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;wBACtB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;wBACzB,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;4BACrC,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;4BAC1B,uDAAuD;4BACvD,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;wBACD,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB;4BACnC,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;4BACtD,4CAA4C;4BAC5C,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;oBACH,CAAC;oBAED,IAAI,iBAAiB,EAAE,CAAC;wBACtB,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,4BAA4B;4BACvC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,yCAAyC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjF,+BAA+B;oBAC/B,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACpE,UAAU,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/E,0CAA0C;wBAC1C,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7D,wDAAwD;oBACxD,oDAAoD;oBACpD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,wBAAwB;wBACnC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;4BACvC,QAAQ,EAAE,KAAK;4BACf,eAAe,EAAE,4CAA4C;yBAC9D;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,WAAW,CAAC,IAA0B;gBACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBAEvB,4DAA4D;gBAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBAExD,mCAAmC;oBACnC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;wBAC9D,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;wBAE/E,oCAAoC;wBACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4BAChE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;4BAEvE,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,kBAAkB;gCAC7B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-improper-type-validation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-improper-type-validation.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AA8BrB,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yDAAyD;SACvE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,wFAAwF;aAC5G,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,2BAA2B;gBACtC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,oFAAoF;aACxG,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,iCAAiC;gBACtC,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,qDAAqD;aACzE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;qBACrF;oBACD,sBAAsB,EAAE;wBACtB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;qBACtF;oBACD,wBAAwB,EAAE;wBACxB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;wBACb,WAAW,EAAE,yCAAyC;qBACvD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;YAC/F,sBAAsB,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,WAAW,CAAC;YACpG,wBAAwB,EAAE,IAAI;YAC9B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAChG,wBAAwB,GAAG,IAAI,EAC/B,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAW,EAAE;YAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAA+B,EAAW,EAAE;YAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YAEzB,gDAAgD;YAChD,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB;gBAC/B,IAAI,CAAC,QAAQ,KAAK,QAAQ;gBAC1B,KAAK,CAAC,IAAI,KAAK,SAAS;gBACxB,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAE7B,+EAA+E;gBAC/E,IAAI,OAAO,GAAG,EAAE,CAAC;gBACjB,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACtC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACjC,CAAC;gBAED,IAAI,OAAO,EAAE,CAAC;oBACV,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;oBAC1B,IAAI,KAAK,GAAkB,IAAI,CAAC;oBAEhC,OAAO,OAAO,EAAE,CAAC;wBACb,IAAI,OAAO,CAAC,IAAI,KAAK,mBAAmB,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;4BACpE,kEAAkE;4BAClE,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;gCAC1B,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gCAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,OAAO,WAAW,CAAC;oCACxC,QAAQ,CAAC,QAAQ,CAAC,GAAG,OAAO,UAAU,CAAC,EAAE,CAAC;oCAC1C,OAAO,KAAK,CAAC;gCACjB,CAAC;4BACL,CAAC;wBACL,CAAC;wBAED,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;4BAC7E,MAAM;wBACV,CAAC;wBAED,KAAK,GAAG,OAAO,CAAC;wBAChB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;oBAC7B,CAAC;gBACL,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAA+B,EAAW,EAAE;YACtE,IAAI,IAAI,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBAC9B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,2DAA2D;YAC3D,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,IAA+B,EAAW,EAAE;YAC5E,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAE/D,gEAAgE;YAChE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvD,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7E,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,4BAA4B,GAAG,CAAC,IAA+B,EAAW,EAAE;YAChF,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,MAAM;gBAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,aAAa,CAAC;QACrD,CAAC,CAAC;QAEF,OAAO;YACL,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,gCAAgC;gBAChC,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAgC,CAAC;oBAEnD,IAAI,gBAAgB,GAAG,KAAK,CAAC;oBAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wBACzE,gBAAgB,GAAG,IAAI,CAAC;oBAC5B,CAAC;yBAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,kBAAkB;wBACzC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;wBAC1C,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;wBAChD,gBAAgB,GAAG,IAAI,CAAC;oBAC5B,CAAC;oBAED,IAAI,gBAAgB,EAAE,CAAC;wBACjB,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACtC,OAAO;wBACX,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACX,IAAI,EAAE,IAAI;4BACV,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE;gCACN,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACtC;4BACD,OAAO,EAAE;gCACT;oCACI,SAAS,EAAE,oBAAoB;oCAC/B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,sCAAsC;iCACzD;6BACA;yBACJ,CAAC,CAAC;oBACT,CAAC;gBACH,CAAC;gBAED,oCAAoC;gBACpC,IAAI,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACzD,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,0CAA0C;gBAC1C,IAAI,wBAAwB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,8CAA8C;oBAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAE5C,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtD,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACxD,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wBAE5D,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,IAAI;4BACV,SAAS,EAAE,wBAAwB;4BACnC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,gBAAgB,CAAC,IAA+B;gBAC9C,IAAI,4BAA4B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,oCAAoC;oBACpC,IAAI,OAAO,GAAkB,IAAI,CAAC;oBAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;oBAE9B,kDAAkD;oBAClD,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;wBACtB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;wBACzB,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;4BACrC,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;4BAC1B,uDAAuD;4BACvD,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;wBACD,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB;4BACnC,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;4BACtD,4CAA4C;4BAC5C,iBAAiB,GAAG,IAAI,CAAC;4BACzB,MAAM;wBACR,CAAC;oBACH,CAAC;oBAED,IAAI,iBAAiB,EAAE,CAAC;wBACtB,2BAA2B;wBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBAED,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,4BAA4B;4BACvC,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,yCAAyC;gBACzC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjF,+BAA+B;oBAC/B,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACpE,UAAU,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC/E,0CAA0C;wBAC1C,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC7D,wDAAwD;oBACxD,oDAAoD;oBACpD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,wBAAwB;wBACnC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;4BACvC,QAAQ,EAAE,KAAK;4BACf,eAAe,EAAE,4CAA4C;yBAC9D;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,WAAW,CAAC,IAA0B;gBACpC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBAEvB,yDAAyD;gBACzD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtD,2BAA2B;oBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,IAAI,EAAE,IAAI;wBACV,SAAS,EAAE,wBAAwB;wBACnC,IAAI,EAAE;4BACF,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;4BACvC,QAAQ,EAAE,KAAK;4BACf,eAAe,EAAE,6CAA6C;yBACjE;qBACJ,CAAC,CAAC;gBACR,CAAC;gBAED,4DAA4D;gBAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBACrC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBAExD,mCAAmC;oBACnC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;wBAC9D,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;wBAE/E,oCAAoC;wBACpC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;4BAChE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;4BAEvE,2BAA2B;4BAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BAED,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,kBAAkB;gCAC7B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/security/no-insecure-comparison.js CHANGED
@@ -30,6 +30,15 @@ exports.noInsecureComparison = (0, eslint_devkit_2.createRule)({
30
30
  fix: 'Replace == with === and != with !==',
31
31
  documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Strict_equality',
32
32
  }),
33
+ timingUnsafeComparison: (0, eslint_devkit_1.formatLLMMessage)({
34
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
35
+ issueName: 'Timing Attack Risk',
36
+ cwe: 'CWE-208',
37
+ description: 'Secret comparison with {{operator}} can leak timing information',
38
+ severity: 'HIGH',
39
+ fix: 'Use crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b))',
40
+ documentationLink: 'https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b',
41
+ }),
33
42
  },
34
43
  schema: [
35
44
  {
@@ -84,6 +93,64 @@ exports.noInsecureComparison = (0, eslint_devkit_2.createRule)({
84
93
  if (isTestFile) {
85
94
  return;
86
95
  }
96
+ const secretKeywords = ['secret', 'token', 'password', 'apikey', 'api_key', 'signature', 'auth', 'key', 'hash', 'digest', 'mac'];
97
+ const isSecurityContext = (() => {
98
+ let current = node;
99
+ while (current) {
100
+ if ((current.type === 'FunctionDeclaration' ||
101
+ current.type === 'FunctionExpression' ||
102
+ current.type === 'ArrowFunctionExpression') &&
103
+ 'id' in current && current.id?.name) {
104
+ if (/security|auth|crypto|hash|token|secret|insecure|verify|validate/i.test(current.id.name)) {
105
+ return true;
106
+ }
107
+ }
108
+ if (current.type === 'MethodDefinition' && current.key.type === 'Identifier') {
109
+ if (/security|auth|crypto|hash|token|secret|insecure|verify|validate/i.test(current.key.name)) {
110
+ return true;
111
+ }
112
+ }
113
+ current = current.parent;
114
+ }
115
+ return false;
116
+ })();
117
+ const isPotentialSecret = (expr) => {
118
+ const text = sourceCode.getText(expr).toLowerCase();
119
+ if (secretKeywords.some(keyword => text.includes(keyword)))
120
+ return true;
121
+ // In security contexts, treat generic terms as potential secrets
122
+ if (isSecurityContext) {
123
+ const contextKeywords = ['provided', 'expected', 'actual', 'input', 'value', 'data'];
124
+ return contextKeywords.some(keyword => text.includes(keyword));
125
+ }
126
+ return false;
127
+ };
128
+ // Timing-safe comparison for secrets even with strict equality
129
+ if ((node.operator === '===' || node.operator === '!==') &&
130
+ (isPotentialSecret(node.left) || isPotentialSecret(node.right))) {
131
+ const leftText = sourceCode.getText(node.left);
132
+ const rightText = sourceCode.getText(node.right);
133
+ // ... rest of logic uses example ...
134
+ const example = `crypto.timingSafeEqual(Buffer.from(${leftText}), Buffer.from(${rightText}))`;
135
+ context.report({
136
+ node,
137
+ messageId: 'timingUnsafeComparison',
138
+ data: {
139
+ operator: node.operator,
140
+ strictOperator: node.operator,
141
+ example: example,
142
+ },
143
+ suggest: [
144
+ {
145
+ messageId: 'useStrictEquality', // This messageId usage might be wrong for timing safe output, but kept for now or reused?
146
+ // Wait, previous code used useStrictEquality as suggest?
147
+ // Ah, the previous code had a fix/suggest structure.
148
+ fix: (fixer) => fixer.replaceText(node, example),
149
+ },
150
+ ],
151
+ });
152
+ return;
153
+ }
87
154
  // Check for insecure comparison operators
88
155
  if (node.operator === '==' || node.operator === '!=') {
89
156
  const text = sourceCode.getText(node);
package/src/rules/security/no-insecure-comparison.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-insecure-comparison.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insecure-comparison.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAczC,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,+FAA+F;SAC7G;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,kGAAkG;gBAC/G,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,yCAAyC;qBACvD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+BAA+B;qBAC7C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D;;WAEG;QACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;YAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,gDAAgD;oBAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED;;WAEG;QACH,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAEtC,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,GAAG,QAAQ,IAAI,cAAc,IAAI,SAAS,EAAE,CAAC;gBAE7D,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,IAAI;oBACV,SAAS,EAAE,oBAAoB;oBAC/B,IAAI,EAAE;wBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,cAAc;wBACd,OAAO;qBACR;oBACD,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;wBACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC1C,CAAC;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,mBAAmB;4BAC9B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;4BAC1C,CAAC;yBACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-insecure-comparison.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insecure-comparison.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAczC,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,+FAA+F;SAC7G;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,kGAAkG;gBAC/G,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,iEAAiE;gBAC9E,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4DAA4D;gBACjE,iBAAiB,EAAE,6DAA6D;aACjF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,yCAAyC;qBACvD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+BAA+B;qBAC7C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D;;WAEG;QACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;YAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC1B,CAAC;gBAAC,MAAM,CAAC;oBACP,gDAAgD;oBAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC5D,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED;;WAEG;QACH,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;YAEjI,MAAM,iBAAiB,GAAG,CAAC,GAAY,EAAE;gBACtC,IAAI,OAAO,GAA8B,IAAI,CAAC;gBAC9C,OAAO,OAAO,EAAE,CAAC;oBACb,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,qBAAqB;wBACtC,OAAO,CAAC,IAAI,KAAK,oBAAoB;wBACrC,OAAO,CAAC,IAAI,KAAK,yBAAyB,CAAC;wBAC3C,IAAI,IAAI,OAAO,IAAI,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;wBACvC,IAAI,kEAAkE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC3F,OAAO,IAAI,CAAC;wBAChB,CAAC;oBACL,CAAC;oBACD,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC1E,IAAI,kEAAkE,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC7F,OAAO,IAAI,CAAC;wBAChB,CAAC;oBACL,CAAC;oBACD,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;gBAC7B,CAAC;gBACD,OAAO,KAAK,CAAC;YAChB,CAAC,CAAC,EAAE,CAAC;YAEL,MAAM,iBAAiB,GAAG,CAAC,IAAyB,EAAW,EAAE;gBAC/D,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBACpD,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAExE,iEAAiE;gBACjE,IAAI,iBAAiB,EAAE,CAAC;oBACpB,MAAM,eAAe,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;oBACrF,OAAO,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC,CAAC;YAEF,+DAA+D;YAC/D,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,KAAK,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,CAAC;gBACpD,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;gBACpE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEjD,qCAAqC;gBACrC,MAAM,OAAO,GAAG,sCAAsC,QAAQ,kBAAkB,SAAS,IAAI,CAAC;gBAE9F,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,wBAAwB;oBACnC,IAAI,EAAE;wBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,cAAc,EAAE,IAAI,CAAC,QAAQ;wBAC7B,OAAO,EAAE,OAAO;qBACjB;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,mBAAmB,EAAE,0FAA0F;4BACzH,yDAAyD;4BACzD,qDAAqD;4BACtD,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC;yBACrE;qBACF;iBACF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACrD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAEtC,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,GAAG,QAAQ,IAAI,cAAc,IAAI,SAAS,EAAE,CAAC;gBAE7D,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,IAAI;oBACV,SAAS,EAAE,oBAAoB;oBAC/B,IAAI,EAAE;wBACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,cAAc;wBACd,OAAO;qBACR;oBACD,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;wBACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC1C,CAAC;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,mBAAmB;4BAC9B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;4BAC1C,CAAC;yBACF;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/security/no-insecure-jwt.js CHANGED
@@ -208,28 +208,68 @@ exports.noInsecureJwt = (0, eslint_devkit_1.createRule)({
208
208
  // Check for algorithm specification
209
209
  const hasAlgorithmSpec = /\b(algorithms?|alg)\s*:/i.test(sourceText);
210
210
  // Check for insecure patterns
211
- const hasNoneAlgorithm = /\b(alg|algorithms?)\s*:\s*['"`]\s*none\s*['"`]/i.test(sourceText);
212
- const hasWeakAlgorithm = /\b(alg|algorithms?)\s*:\s*['"`]\s*(HS256|HS384|HS512)\s*['"`]/i.test(sourceText);
211
+ const hasNoneAlgorithm = /\b(alg|algorithms?)\s*:\s*(\[\s*)?['"`]\s*none\s*['"`]/i.test(sourceText);
212
+ const hasEmptyAlgorithms = /\b(alg|algorithms?)\s*:\s*\[\s*\]/i.test(sourceText);
213
+ const weakAlgorithms = ['HS256', 'HS384', 'HS512']; // Define weak algorithms
214
+ const hasWeakAlgorithm = weakAlgorithms.some(alg => {
215
+ const regex = new RegExp(`['"\`]${alg}['"\`]`, 'i');
216
+ return regex.test(sourceText);
217
+ });
213
218
  return {
214
219
  sourceText,
215
220
  hasAlgorithmSpec,
216
- hasNoneAlgorithm,
221
+ hasNoneAlgorithm: hasNoneAlgorithm || hasEmptyAlgorithms,
217
222
  hasWeakAlgorithm,
218
223
  isDecodeCall: /\bdecode\b/i.test(sourceText),
219
224
  isVerifyCall: /\bverify\b/i.test(sourceText),
220
225
  };
221
226
  };
227
+ /**
228
+ * Locate the algorithms option node for precise error highlighting
229
+ */
230
+ const getAlgorithmsNode = (call) => {
231
+ const optionsArg = call.arguments[2];
232
+ if (optionsArg && optionsArg.type === 'ObjectExpression') {
233
+ const algorithmsProp = optionsArg.properties.find((prop) => prop.type === 'Property' &&
234
+ prop.key.type === 'Identifier' &&
235
+ (prop.key.name === 'algorithms' || prop.key.name === 'alg'));
236
+ if (algorithmsProp) {
237
+ return algorithmsProp.value;
238
+ }
239
+ return optionsArg;
240
+ }
241
+ return null;
242
+ };
243
+ /**
244
+ * Check if this looks like a JWT operation (verify/decode/sign)
245
+ */
246
+ const looksLikeJwtOperation = (node) => {
247
+ if (node.callee.type !== 'MemberExpression') {
248
+ return false;
249
+ }
250
+ const property = node.callee.property;
251
+ if (property.type !== 'Identifier') {
252
+ return false;
253
+ }
254
+ // Check for JWT-related method names
255
+ const jwtMethods = ['verify', 'decode', 'sign', 'encode'];
256
+ return jwtMethods.includes(property.name);
257
+ };
222
258
  return {
223
259
  // Check JWT library method calls
224
260
  CallExpression(node) {
225
- if (!isTrustedJwtLibrary(node)) {
261
+ // Check both trusted libraries AND generic JWT-like operations
262
+ const isTrusted = isTrustedJwtLibrary(node);
263
+ const looksLikeJwt = looksLikeJwtOperation(node);
264
+ if (!isTrusted && !looksLikeJwt) {
226
265
  return;
227
266
  }
228
267
  const jwtInfo = extractJwtInfo(node);
229
- // CRITICAL: Algorithm confusion attack (alg: "none")
268
+ // CRITICAL: Algorithm confusion attack (alg: "none" or algorithms: [])
230
269
  if (jwtInfo.hasNoneAlgorithm) {
270
+ const algorithmsNode = getAlgorithmsNode(node);
231
271
  context.report({
232
- node,
272
+ node: algorithmsNode ?? node,
233
273
  messageId: 'insecureJwtAlgorithm',
234
274
  data: {
235
275
  filePath: filename,
@@ -243,7 +283,7 @@ exports.noInsecureJwt = (0, eslint_devkit_1.createRule)({
243
283
  const secretArg = node.arguments[1];
244
284
  if (isWeakSecret(secretArg)) {
245
285
  context.report({
246
- node,
286
+ node: secretArg,
247
287
  messageId: 'weakJwtSecret',
248
288
  data: {
249
289
  filePath: filename,
@@ -281,7 +321,7 @@ exports.noInsecureJwt = (0, eslint_devkit_1.createRule)({
281
321
  return;
282
322
  }
283
323
  const initCall = node.init;
284
- if (!isTrustedJwtLibrary(initCall)) {
324
+ if (!isTrustedJwtLibrary(initCall) && !looksLikeJwtOperation(initCall)) {
285
325
  return;
286
326
  }
287
327
  const jwtInfo = extractJwtInfo(initCall);
package/src/rules/security/no-insecure-jwt.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-insecure-jwt.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insecure-jwt.ts"],"names":[],"mappings":";;;AAaA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAIkC;AA2BrB,QAAA,aAAa,GAAG,IAAA,0BAAU,EAA0B;IAC/D,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,oEAAoE;SAClF;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,4DAA4D;gBACjE,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oCAAoC;gBAC/C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,4CAA4C;aAChE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,4CAA4C;aAChE,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,yBAAyB,EAAE;wBACzB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,EAAE;wBACX,OAAO,EAAE,EAAE;qBACZ;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;qBACzC;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,yDAAyD;qBACvE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,yBAAyB,EAAE,EAAE;YAC7B,eAAe,EAAE,EAAE;YACnB,mBAAmB,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;YACpD,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,eAAe,GAAG,EAAE,EACpB,mBAAmB,GAAG,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC,EACrD,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,UAAyB,EAAW,EAAE;YAC1D,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC1E,OAAO,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,eAAe,CAAC;YACnD,CAAC;YACD,OAAO,KAAK,CAAC,CAAC,kDAAkD;QAClE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,OAAgC,EAAW,EAAE;YAC7E,kCAAkC;YAClC,IACE,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAC1C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBAC7C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EACzC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iCAAiC;YACjC,OAAO,IAAA,iCAAiB,EAAC,OAAO,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACjE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAAC,IAA6B,EAAW,EAAE;YACrE,0DAA0D;YAC1D,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,uCAAuC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,OAAO,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAA6B,EAAE,EAAE;YACvD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE5C,oCAAoC;YACpC,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAErE,8BAA8B;YAC9B,MAAM,gBAAgB,GAAG,iDAAiD,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5F,MAAM,gBAAgB,GAAG,gEAAgE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAE3G,OAAO;gBACL,UAAU;gBACV,gBAAgB;gBAChB,gBAAgB;gBAChB,gBAAgB;gBAChB,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;gBAC5C,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;aAC7C,CAAC;QACJ,CAAC,CAAC;QAEF,OAAO;YACL,iCAAiC;YACjC,cAAc,CAAC,IAA6B;gBAC1C,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;gBAErC,qDAAqD;gBACrD,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC7B,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,sBAAsB;wBACjC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,qDAAqD;gBACrD,IAAI,OAAO,CAAC,gBAAgB,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBACpC,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC5B,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,eAAe;4BAC1B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;oBAClD,sDAAsD;oBACtD,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,8BAA8B;wBACzC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,mBAAmB;gCAC9B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,+BAA+B;6BAChD;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,kBAAkB,CAAC,IAAiC;gBAClD,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACtD,OAAO;gBACT,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC3B,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnC,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;gBAEzC,6CAA6C;gBAC7C,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;oBAClD,2BAA2B;oBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;wBAC5C,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,sBAAsB;wBACjC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,OAAO,CAAC,IAAsB;gBAC5B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACnC,OAAO;gBACT,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEzB,mCAAmC;gBACnC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC,gBAAgB;oBAC5E,qCAAqC;oBACrC,IAAI,OAAO,GAA8B,IAAI,CAAC;oBAC9C,IAAI,UAAU,GAAG,KAAK,CAAC;oBAEvB,6DAA6D;oBAC7D,OAAO,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;wBAC9B,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC3E,UAAU,GAAG,IAAI,CAAC;4BAClB,MAAM;wBACR,CAAC;wBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;oBAC5C,CAAC;oBAED,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxD,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,kBAAkB;4BAC7B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-insecure-jwt.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-insecure-jwt.ts"],"names":[],"mappings":";;;AAaA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAIkC;AA2BrB,QAAA,aAAa,GAAG,IAAA,0BAAU,EAA0B;IAC/D,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,oEAAoE;SAClF;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,4DAA4D;gBACjE,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oCAAoC;gBAC/C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,4CAA4C;aAChE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,4CAA4C;aAChE,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,+BAA+B;gBAC1C,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,oCAAoC;aACxD,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,yBAAyB,EAAE;wBACzB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,EAAE;wBACX,OAAO,EAAE,EAAE;qBACZ;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;qBACzC;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,yDAAyD;qBACvE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,yBAAyB,EAAE,EAAE;YAC7B,eAAe,EAAE,EAAE;YACnB,mBAAmB,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;YACpD,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,eAAe,GAAG,EAAE,EACpB,mBAAmB,GAAG,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC,EACrD,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,UAAyB,EAAW,EAAE;YAC1D,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC1E,OAAO,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,eAAe,CAAC;YACnD,CAAC;YACD,OAAO,KAAK,CAAC,CAAC,kDAAkD;QAClE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,OAAgC,EAAW,EAAE;YAC7E,kCAAkC;YAClC,IACE,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAC1C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBAC7C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EACzC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iCAAiC;YACjC,OAAO,IAAA,iCAAiB,EAAC,OAAO,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACjE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAAC,IAA6B,EAAW,EAAE;YACrE,0DAA0D;YAC1D,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,uCAAuC;YACvC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,OAAO,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAA6B,EAAE,EAAE;YACvD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE5C,oCAAoC;YACpC,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAErE,8BAA8B;YAC9B,MAAM,gBAAgB,GAAG,yDAAyD,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpG,MAAM,kBAAkB,GAAG,oCAAoC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEjF,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,yBAAyB;YAC7E,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;gBACjD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,SAAS,GAAG,QAAQ,EAAE,GAAG,CAAC,CAAC;gBACpD,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,OAAO;gBACL,UAAU;gBACV,gBAAgB;gBAChB,gBAAgB,EAAE,gBAAgB,IAAI,kBAAkB;gBACxD,gBAAgB;gBAChB,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;gBAC5C,YAAY,EAAE,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;aAC7C,CAAC;QACJ,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,iBAAiB,GAAG,CACxB,IAA6B,EACP,EAAE;YACxB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACrC,IAAI,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACzD,MAAM,cAAc,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,CAC/C,CAAC,IAAI,EAA6B,EAAE,CAClC,IAAI,CAAC,IAAI,KAAK,UAAU;oBACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oBAC9B,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,CAAC,CAC9D,CAAC;gBACF,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,cAAc,CAAC,KAAK,CAAC;gBAC9B,CAAC;gBACD,OAAO,UAAU,CAAC;YACpB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA6B,EAAW,EAAE;YACvE,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,IAAI,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,qCAAqC;YACrC,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC1D,OAAO,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC;QAEF,OAAO;YACL,iCAAiC;YACjC,cAAc,CAAC,IAA6B;gBAC1C,+DAA+D;gBAC/D,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAC5C,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBAEjD,IAAI,CAAC,SAAS,IAAI,CAAC,YAAY,EAAE,CAAC;oBAChC,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;gBAErC,uEAAuE;gBACvE,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC7B,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBAC/C,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,cAAc,IAAI,IAAI;wBAC5B,SAAS,EAAE,sBAAsB;wBACjC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,qDAAqD;gBACrD,IAAI,OAAO,CAAC,gBAAgB,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBACpC,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC5B,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,SAAS;4BACf,SAAS,EAAE,eAAe;4BAC1B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;oBAClD,sDAAsD;oBACtD,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,8BAA8B;wBACzC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,mBAAmB;gCAC9B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,+BAA+B;6BAChD;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,kBAAkB,CAAC,IAAiC;gBAClD,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACtD,OAAO;gBACT,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC3B,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;gBAEzC,6CAA6C;gBAC7C,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;oBAClD,2BAA2B;oBAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;wBAC5C,OAAO;oBACT,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,sBAAsB;wBACjC,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,OAAO,CAAC,IAAsB;gBAC5B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACnC,OAAO;gBACT,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEzB,mCAAmC;gBACnC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC,gBAAgB;oBAC5E,qCAAqC;oBACrC,IAAI,OAAO,GAA8B,IAAI,CAAC;oBAC9C,IAAI,UAAU,GAAG,KAAK,CAAC;oBAEvB,6DAA6D;oBAC7D,OAAO,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;wBAC9B,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;4BAC3E,UAAU,GAAG,IAAI,CAAC;4BAClB,MAAM;wBACR,CAAC;wBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;oBAC5C,CAAC;oBAED,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxD,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,kBAAkB;4BAC7B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/security/no-privilege-escalation.js CHANGED
@@ -312,9 +312,44 @@ exports.noPrivilegeEscalation = (0, eslint_devkit_2.createRule)({
312
312
  }
313
313
  }
314
314
  }
315
+ /**
316
+ * Check ObjectExpression for role assignment in objects (e.g. arguments)
317
+ */
318
+ function checkObjectExpression(node) {
319
+ if (isTestFile)
320
+ return;
321
+ for (const prop of node.properties) {
322
+ if (prop.type === 'Property' && prop.key.type === 'Identifier') {
323
+ const keyName = prop.key.name.toLowerCase();
324
+ if (['role', 'permission', 'privilege', 'access', 'level'].includes(keyName)) {
325
+ const text = sourceCode.getText(prop);
326
+ if (matchesIgnorePattern(text, ignorePatterns))
327
+ continue;
328
+ if (containsUserInput(prop.value, sourceCode, userInputPatterns)) {
329
+ if (!isInsideRoleCheck(node, sourceCode, roleCheckPatterns)) {
330
+ context.report({
331
+ node: prop,
332
+ messageId: 'privilegeEscalation',
333
+ data: {
334
+ issue: `Role assignment in object from user input: ${sourceCode.getText(prop)}`,
335
+ },
336
+ suggest: [
337
+ {
338
+ messageId: 'addRoleCheck',
339
+ fix: (_fixer) => null, // No auto-fix for logic
340
+ },
341
+ ],
342
+ });
343
+ }
344
+ }
345
+ }
346
+ }
347
+ }
348
+ }
315
349
  return {
316
350
  AssignmentExpression: checkAssignmentExpression,
317
351
  CallExpression: checkCallExpression,
352
+ ObjectExpression: checkObjectExpression,
318
353
  };
319
354
  },
320
355
  });
package/src/rules/security/no-privilege-escalation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-privilege-escalation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-privilege-escalation.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAuBtD;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,SAAS;IACT,WAAW;IACX,SAAS;IACT,cAAc;IACd,eAAe;IACf,iBAAiB;IACjB,YAAY;IACZ,aAAa;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,8BAA8B;IAC9B,kCAAkC;IAClC,eAAe;IACf,WAAW;CACZ,CAAC;AAEF;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,IAAmB,EACnB,UAA+B,EAC/B,iBAA2B;IAE3B,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,IAAmB,EACnB,UAA+B,EAC/B,iBAA2B;IAE3B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,yEAAyE;QACzE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAA8B,CAAC;YACtD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAEtD,kDAAkD;YAClD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACnC,aAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAC5D,EAAE,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qGAAqG;YACrG,yDAAyD;YACzD,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC7B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBAClF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;gBAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACxD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACpF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YACD,oBAAoB;QACtB,CAAC;QAED,+EAA+E;QAC/E,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAwC,CAAC;YAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEnD,6CAA6C;YAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACnC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CACvD,EAAE,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,gGAAgG;YAChG,oDAAoD;YACpD,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;gBAC/B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBAClF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YACD,oBAAoB;QACtB,CAAC;QAED,8DAA8D;QAC9D,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAiC,CAAC;YAC3D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;YAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBAClF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACpF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEY,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,wDAAwD;SACtE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qFAAqF;gBAClG,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4GAA4G;gBACjH,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mEAAmE;gBACxE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,mDAAmD;qBACjE;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,mCAAmC;wBAC5C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,2BAA2B;wBACpC,WAAW,EAAE,kCAAkC;qBAChD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,yDAAyD;qBACvE;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+BAA+B;qBAC7C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,mCAAmC;YACpD,iBAAiB,EAAE,2BAA2B;YAC9C,iBAAiB,EAAE,EAAE;YACrB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,eAAe,GAAG,mCAAmC,EACrD,iBAAiB,GAAG,2BAA2B,EAC/C,iBAAiB,EAAE,2BAA2B,GAAG,EAAE,EACnD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,qDAAqD;QACrD,MAAM,iBAAiB,GAAG;YACxB,GAAG,2BAA2B;YAC9B,GAAG,2BAA2B,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;SACxE,CAAC;QAEF;;WAEG;QACH,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,4CAA4C;YAC5C,qCAAqC;YACrC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAE3D,mDAAmD;gBACnD,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAClF,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAEtC,yCAAyC;oBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;wBAC/C,OAAO;oBACT,CAAC;oBAED,0CAA0C;oBAC1C,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;wBACjE,oCAAoC;wBACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;4BAC5D,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,qBAAqB;gCAChC,IAAI,EAAE;oCACJ,KAAK,EAAE,oCAAoC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;iCAC/G;gCACD,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,cAAc;wCACzB,6DAA6D;wCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;qCAC1C;iCACF;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED;;WAEG;QACH,SAAS,mBAAmB,CAAC,IAA6B;YACxD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,6DAA6D;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAC3B,IAAI,oBAAoB,GAAG,KAAK,CAAC;YACjC,IAAI,aAAa,GAAG,EAAE,CAAC;YAEvB,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CACjE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CACxB,EAAE,CAAC;oBACF,oBAAoB,GAAG,IAAI,CAAC;oBAC5B,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAC/E,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAC1B,EAAE,CAAC;oBACF,oBAAoB,GAAG,IAAI,CAAC;oBAC5B,aAAa,GAAG,YAAY,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAEtC,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,4CAA4C;gBAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACjC,IAAI,iBAAiB,CAAC,GAAG,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;wBAC1D,oCAAoC;wBACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;4BAC5D,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,qBAAqB;gCAChC,IAAI,EAAE;oCACJ,KAAK,EAAE,wBAAwB,aAAa,2CAA2C;iCACxF;gCACD,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,cAAc;wCACzB,6DAA6D;wCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;qCAC1C;iCACF;6BACF,CAAC,CAAC;4BACH,OAAO,CAAC,uBAAuB;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-privilege-escalation.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-privilege-escalation.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAuBtD;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,SAAS;IACT,WAAW;IACX,SAAS;IACT,cAAc;IACd,eAAe;IACf,iBAAiB;IACjB,YAAY;IACZ,aAAa;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,8BAA8B;IAC9B,kCAAkC;IAClC,eAAe;IACf,WAAW;CACZ,CAAC;AAEF;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,IAAmB,EACnB,UAA+B,EAC/B,iBAA2B;IAE3B,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,IAAmB,EACnB,UAA+B,EAC/B,iBAA2B;IAE3B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,yEAAyE;QACzE,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,OAAO,CAAC,MAA8B,CAAC;YACtD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAEtD,kDAAkD;YAClD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACnC,aAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAC5D,EAAE,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qGAAqG;YACrG,yDAAyD;YACzD,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC7B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBAClF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;gBAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACxD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACpF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YACD,oBAAoB;QACtB,CAAC;QAED,+EAA+E;QAC/E,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAwC,CAAC;YAClE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEnD,6CAA6C;YAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACnC,QAAQ,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CACvD,EAAE,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,gGAAgG;YAChG,oDAAoD;YACpD,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC5C,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;gBAC/B,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;gBAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBAClF,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YACD,oBAAoB;QACtB,CAAC;QAED,8DAA8D;QAC9D,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAiC,CAAC;YAC3D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;YAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBAClF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACpF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEY,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,wDAAwD;SACtE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qFAAqF;gBAClG,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,4GAA4G;gBACjH,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mEAAmE;gBACxE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,mDAAmD;qBACjE;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,mCAAmC;wBAC5C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,2BAA2B;wBACpC,WAAW,EAAE,kCAAkC;qBAChD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,yDAAyD;qBACvE;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+BAA+B;qBAC7C;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,mCAAmC;YACpD,iBAAiB,EAAE,2BAA2B;YAC9C,iBAAiB,EAAE,EAAE;YACrB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,eAAe,GAAG,mCAAmC,EACrD,iBAAiB,GAAG,2BAA2B,EAC/C,iBAAiB,EAAE,2BAA2B,GAAG,EAAE,EACnD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,YAAY,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,qDAAqD;QACrD,MAAM,iBAAiB,GAAG;YACxB,GAAG,2BAA2B;YAC9B,GAAG,2BAA2B,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;SACxE,CAAC;QAEF;;WAEG;QACH,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,4CAA4C;YAC5C,qCAAqC;YACrC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAE3D,mDAAmD;gBACnD,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAClF,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAEtC,yCAAyC;oBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;wBAC/C,OAAO;oBACT,CAAC;oBAED,0CAA0C;oBAC1C,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;wBACjE,oCAAoC;wBACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;4BAC5D,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,qBAAqB;gCAChC,IAAI,EAAE;oCACJ,KAAK,EAAE,oCAAoC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;iCAC/G;gCACD,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,cAAc;wCACzB,6DAA6D;wCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;qCAC1C;iCACF;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED;;WAEG;QACH,SAAS,mBAAmB,CAAC,IAA6B;YACxD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,6DAA6D;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAC3B,IAAI,oBAAoB,GAAG,KAAK,CAAC;YACjC,IAAI,aAAa,GAAG,EAAE,CAAC;YAEvB,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CACjE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CACxB,EAAE,CAAC;oBACF,oBAAoB,GAAG,IAAI,CAAC;oBAC5B,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChF,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAC/E,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAC1B,EAAE,CAAC;oBACF,oBAAoB,GAAG,IAAI,CAAC;oBAC5B,aAAa,GAAG,YAAY,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,IAAI,oBAAoB,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAEtC,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,4CAA4C;gBAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACjC,IAAI,iBAAiB,CAAC,GAAG,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;wBAC1D,oCAAoC;wBACpC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;4BAC5D,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,IAAI;gCACV,SAAS,EAAE,qBAAqB;gCAChC,IAAI,EAAE;oCACJ,KAAK,EAAE,wBAAwB,aAAa,2CAA2C;iCACxF;gCACD,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,cAAc;wCACzB,6DAA6D;wCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;qCAC1C;iCACF;6BACF,CAAC,CAAC;4BACH,OAAO,CAAC,uBAAuB;wBACjC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED;;WAEG;QACH,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU;gBAAE,OAAO;YAEvB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACnC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAE5C,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC7E,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACtC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC;4BAAE,SAAS;wBAEzD,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;4BACjE,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE,CAAC;gCAC5D,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,IAAI;oCACV,SAAS,EAAE,qBAAqB;oCAChC,IAAI,EAAE;wCACJ,KAAK,EAAE,8CAA8C,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;qCAChF;oCACD,OAAO,EAAE;wCACP;4CACE,SAAS,EAAE,cAAc;4CACzB,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI,EAAE,wBAAwB;yCACpE;qCACF;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,cAAc,EAAE,mBAAmB;YACnC,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}