eslint-plugin-secure-coding 2.0.4 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/package.json +2 -2
  2. package/src/rules/security/detect-child-process.js +89 -19
  3. package/src/rules/security/detect-child-process.js.map +1 -1
  4. package/src/rules/security/no-buffer-overread.js +74 -1
  5. package/src/rules/security/no-buffer-overread.js.map +1 -1
  6. package/src/rules/security/no-directive-injection.js +6 -2
  7. package/src/rules/security/no-directive-injection.js.map +1 -1
  8. package/src/rules/security/no-improper-sanitization.js +6 -6
  9. package/src/rules/security/no-improper-sanitization.js.map +1 -1
  10. package/src/rules/security/no-improper-type-validation.js +54 -3
  11. package/src/rules/security/no-improper-type-validation.js.map +1 -1
  12. package/src/rules/security/no-insecure-comparison.js +67 -0
  13. package/src/rules/security/no-insecure-comparison.js.map +1 -1
  14. package/src/rules/security/no-insecure-jwt.js +48 -8
  15. package/src/rules/security/no-insecure-jwt.js.map +1 -1
  16. package/src/rules/security/no-privilege-escalation.js +35 -0
  17. package/src/rules/security/no-privilege-escalation.js.map +1 -1
  18. package/src/rules/security/no-toctou-vulnerability.js +106 -62
  19. package/src/rules/security/no-toctou-vulnerability.js.map +1 -1
  20. package/src/rules/security/no-unescaped-url-parameter.js +91 -1
  21. package/src/rules/security/no-unescaped-url-parameter.js.map +1 -1
  22. package/src/rules/security/no-unsanitized-html.js +15 -48
  23. package/src/rules/security/no-unsanitized-html.js.map +1 -1
package/src/rules/security/no-toctou-vulnerability.js CHANGED
@@ -82,81 +82,125 @@ exports.noToctouVulnerability = (0, eslint_devkit_2.createRule)({
82
82
  * Check for TOCTOU patterns
83
83
  */
84
84
  function checkCallExpression(node) {
85
- const nodeText = sourceCode.getText(node);
86
- // Only flag file operations (not checks) that are part of check-then-use patterns
87
- if (!/\b(fs\.readFileSync|fs\.writeFileSync|fs\.openSync|fs\.unlinkSync)\s*\(/.test(nodeText)) {
88
- return; // Not a file operation we care about
85
+ // 1. Identify the file operation (Use)
86
+ let useMethodName = '';
87
+ if (node.callee.type === 'MemberExpression' && node.callee.property.type === 'Identifier') {
88
+ const objectName = node.callee.object.type === 'Identifier' ? node.callee.object.name : '';
89
+ if (objectName === 'fs' || objectName === 'fsPromises') {
90
+ useMethodName = node.callee.property.name;
91
+ }
92
+ }
93
+ else if (node.callee.type === 'Identifier') {
94
+ useMethodName = node.callee.name;
89
95
  }
90
- // Check if this operation is inside an if statement that contains a file check
96
+ const riskyUseMethods = ['readFileSync', 'writeFileSync', 'readFile', 'writeFile', 'openSync', 'open', 'unlinkSync', 'unlink'];
97
+ if (!riskyUseMethods.includes(useMethodName)) {
98
+ return;
99
+ }
100
+ const useArg = node.arguments[0];
101
+ if (!useArg)
102
+ return;
103
+ // 2. Walk up to find the condition (Check)
91
104
  let current = node.parent;
92
105
  while (current) {
93
106
  if (current.type === 'IfStatement') {
94
- // Check if the test (condition) contains a file check
95
- const test = current.test;
96
- if (test.type === 'CallExpression') {
97
- const testText = sourceCode.getText(test);
98
- if (/\b(fs\.existsSync|fs\.statSync|fs\.accessSync)\s*\(/.test(testText)) {
99
- // Check if the file paths match
100
- const testCall = test;
101
- const currentCall = node;
102
- if (testCall.arguments.length > 0 && currentCall.arguments.length > 0) {
103
- const testArg = testCall.arguments[0];
104
- const currentArg = currentCall.arguments[0];
105
- if (testArg.type === 'Literal' && currentArg.type === 'Literal' &&
106
- testArg.value === currentArg.value) {
107
- context.report({
108
- node,
109
- messageId: 'toctouVulnerability',
110
- suggest: [
111
- {
112
- messageId: 'useAtomicOperations',
113
- fix: () => null,
114
- },
115
- {
116
- messageId: 'useFsPromises',
117
- fix: () => null,
118
- },
119
- {
120
- messageId: 'addProperLocking',
121
- fix: () => null,
122
- },
123
- ],
124
- });
125
- return; // Found a match, stop searching
107
+ // Extract the condition node
108
+ let condition = current.test;
109
+ // Handle negated condition: if (!exists(path)) { create(path) } -> also TOCTOU but different logic?
110
+ // Actually TOCTOU is usually Check(exists) -> Use(read).
111
+ // If (!exists) -> create is Check -> Use.
112
+ // But strict TOCTOU is checking state then acting.
113
+ // If checking for negation
114
+ if (condition.type === 'UnaryExpression' && condition.operator === '!') {
115
+ condition = condition.argument;
116
+ }
117
+ if (condition.type === 'CallExpression') {
118
+ // Check if it's a file check method
119
+ let checkMethodName = '';
120
+ if (condition.callee.type === 'MemberExpression' && condition.callee.property.type === 'Identifier') {
121
+ checkMethodName = condition.callee.property.name;
122
+ }
123
+ else if (condition.callee.type === 'Identifier') {
124
+ checkMethodName = condition.callee.name;
125
+ }
126
+ const checkMethods = ['existsSync', 'statSync', 'accessSync', 'exists', 'stat', 'access'];
127
+ if (checkMethods.includes(checkMethodName)) {
128
+ // Compare arguments
129
+ const checkArg = condition.arguments[0];
130
+ if (checkArg) {
131
+ // Method 1: Identifier match (same variable)
132
+ if (checkArg.type === 'Identifier' && useArg.type === 'Identifier' && checkArg.name === useArg.name) {
133
+ reportToctou(node);
134
+ return;
135
+ }
136
+ // Method 2: Text match (fallback)
137
+ const checkArgText = sourceCode.getText(checkArg).replace(/\s/g, '');
138
+ const useArgText = sourceCode.getText(useArg).replace(/\s/g, '');
139
+ if (checkArgText === useArgText) {
140
+ reportToctou(node);
141
+ return;
126
142
  }
127
143
  }
128
144
  }
129
- }
130
- // Also check for stat-then-use patterns
131
- if (test.type === 'CallExpression' || test.type === 'MemberExpression') {
132
- const testText = sourceCode.getText(test);
133
- // Pattern: if (stats.isFile()) { ... fs.unlinkSync("file") ... }
134
- if (testText.includes('isFile') && nodeText.includes('fs.unlinkSync')) {
135
- context.report({
136
- node,
137
- messageId: 'toctouVulnerability',
138
- suggest: [
139
- {
140
- messageId: 'useAtomicOperations',
141
- fix: () => null,
142
- },
143
- {
144
- messageId: 'useFsPromises',
145
- fix: () => null,
146
- },
147
- {
148
- messageId: 'addProperLocking',
149
- fix: () => null,
150
- },
151
- ],
152
- });
153
- return; // Found a match, stop searching
145
+ // Handle stats.isFile() / stats.isDirectory() pattern
146
+ if (condition.callee.type === 'MemberExpression' &&
147
+ condition.callee.property.type === 'Identifier' &&
148
+ ['isFile', 'isDirectory'].includes(condition.callee.property.name) &&
149
+ condition.callee.object.type === 'Identifier') {
150
+ const statsVarName = condition.callee.object.name;
151
+ let currentScope = sourceCode.getScope(condition);
152
+ let variable = null;
153
+ while (currentScope) {
154
+ variable = currentScope.variables.find(v => v.name === statsVarName);
155
+ if (variable)
156
+ break;
157
+ currentScope = currentScope.upper;
158
+ }
159
+ if (variable && variable.defs.length > 0) {
160
+ const def = variable.defs[0];
161
+ if (def.type === 'Variable' && def.node.init && def.node.init.type === 'CallExpression') {
162
+ const init = def.node.init;
163
+ if (init.callee.type === 'MemberExpression' &&
164
+ init.callee.property.type === 'Identifier' &&
165
+ ['statSync', 'lstatSync', 'stat', 'lstat'].includes(init.callee.property.name)) {
166
+ const statArg = init.arguments[0];
167
+ if (statArg) {
168
+ const checkArgText = sourceCode.getText(statArg).replace(/\s/g, '');
169
+ const useArgText = sourceCode.getText(useArg).replace(/\s/g, '');
170
+ if (checkArgText === useArgText) {
171
+ reportToctou(node);
172
+ return;
173
+ }
174
+ }
175
+ }
176
+ }
177
+ }
154
178
  }
155
179
  }
156
180
  }
157
181
  current = current.parent;
158
182
  }
159
183
  }
184
+ function reportToctou(node) {
185
+ context.report({
186
+ node,
187
+ messageId: 'toctouVulnerability',
188
+ suggest: [
189
+ {
190
+ messageId: 'useAtomicOperations',
191
+ fix: () => null,
192
+ },
193
+ {
194
+ messageId: 'useFsPromises',
195
+ fix: () => null,
196
+ },
197
+ {
198
+ messageId: 'addProperLocking',
199
+ fix: () => null,
200
+ },
201
+ ],
202
+ });
203
+ }
160
204
  return {
161
205
  CallExpression: checkCallExpression,
162
206
  };
package/src/rules/security/no-toctou-vulnerability.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-toctou-vulnerability.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-toctou-vulnerability.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAkBzC,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,mDAAmD;SACjE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0DAA0D;gBAC/D,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,6CAA6C;aACjE,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,oDAAoD;aACxE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;qBACd;oBACD,SAAS,EAAE;wBACT,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,eAAe,CAAC;qBAC3D;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,eAAe,CAAC;SAC7D;KACF;IACD,MAAM,CAAC,OAAsD,EAAE,CAAC,OAAO,GAAG,EAAE,CAAC;QAC3E,MAAM,EACV,aAAa,GAAG,IAAI,EACnB,GAAY,OAAO,IAAI,EAAE,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,aAAa,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D;;WAEG;QACH,SAAS,mBAAmB,CAAC,IAA6B;YACxD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE1C,kFAAkF;YAClF,IAAI,CAAC,yEAAyE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9F,OAAO,CAAC,qCAAqC;YAC/C,CAAC;YAED,+EAA+E;YAC/E,IAAI,OAAO,GAA8B,IAAI,CAAC,MAAM,CAAC;YACrD,OAAO,OAAO,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACnC,sDAAsD;oBACtD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;oBAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACnC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBAC1C,IAAI,qDAAqD,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACzE,gCAAgC;4BAChC,MAAM,QAAQ,GAAG,IAAI,CAAC;4BACtB,MAAM,WAAW,GAAG,IAAI,CAAC;4BAEzB,IAAI,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gCACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gCACtC,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gCAE5C,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS;oCAC3D,OAAO,CAAC,KAAK,KAAK,UAAU,CAAC,KAAK,EAAE,CAAC;oCACvC,OAAO,CAAC,MAAM,CAAC;wCACb,IAAI;wCACJ,SAAS,EAAE,qBAAqB;wCAChC,OAAO,EAAE;4CACP;gDACE,SAAS,EAAE,qBAAqB;gDAChC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;6CAChB;4CACD;gDACE,SAAS,EAAE,eAAe;gDAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;6CAChB;4CACD;gDACE,SAAS,EAAE,kBAAkB;gDAC7B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;6CAChB;yCACF;qCACF,CAAC,CAAC;oCACH,OAAO,CAAC,gCAAgC;gCAC1C,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,wCAAwC;oBACxC,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBACvE,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBAE1C,iEAAiE;wBACjE,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;4BACtE,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,qBAAqB;gCAChC,OAAO,EAAE;oCACP;wCACE,SAAS,EAAE,qBAAqB;wCAChC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qCAChB;oCACD;wCACE,SAAS,EAAE,eAAe;wCAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qCAChB;oCACD;wCACE,SAAS,EAAE,kBAAkB;wCAC7B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qCAChB;iCACF;6BACF,CAAC,CAAC;4BACH,OAAO,CAAC,gCAAgC;wBAC1C,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,OAAO;YACL,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-toctou-vulnerability.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-toctou-vulnerability.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAkBzC,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,mDAAmD;SACjE;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0DAA0D;gBAC/D,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,qBAAqB;gBAClC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,yDAAyD;gBAC9D,iBAAiB,EAAE,6CAA6C;aACjE,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,oDAAoD;aACxE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;qBACd;oBACD,SAAS,EAAE;wBACT,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,eAAe,CAAC;qBAC3D;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,eAAe,CAAC;SAC7D;KACF;IACD,MAAM,CAAC,OAAsD,EAAE,CAAC,OAAO,GAAG,EAAE,CAAC;QAC3E,MAAM,EACV,aAAa,GAAG,IAAI,EACnB,GAAY,OAAO,IAAI,EAAE,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,aAAa,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAErF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D;;WAEG;QACH,SAAS,mBAAmB,CAAC,IAA6B;YACxD,uCAAuC;YACvC,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1F,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,IAAI,UAAU,KAAK,IAAI,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;oBACtD,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC7C,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC7C,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACnC,CAAC;YAED,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;YAC/H,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC7C,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM;gBAAE,OAAO;YAEpB,2CAA2C;YAC3C,IAAI,OAAO,GAA8B,IAAI,CAAC,MAAM,CAAC;YACrD,OAAO,OAAO,EAAE,CAAC;gBACf,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;oBACnC,6BAA6B;oBAC7B,IAAI,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;oBAE7B,qGAAqG;oBACrG,yDAAyD;oBACzD,0CAA0C;oBAC1C,mDAAmD;oBAEnD,2BAA2B;oBAC3B,IAAI,SAAS,CAAC,IAAI,KAAK,iBAAiB,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;wBACtE,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC;oBAClC,CAAC;oBAED,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACvC,oCAAoC;wBACpC,IAAI,eAAe,GAAG,EAAE,CAAC;wBACzB,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;4BACnG,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACpD,CAAC;6BAAM,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;4BACjD,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;wBAC3C,CAAC;wBAED,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;wBAC1F,IAAI,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;4BAE1C,oBAAoB;4BACpB,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;4BACxC,IAAI,QAAQ,EAAE,CAAC;gCACX,6CAA6C;gCAC7C,IAAI,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;oCAClG,YAAY,CAAC,IAAI,CAAC,CAAC;oCACnB,OAAO;gCACX,CAAC;gCAED,kCAAkC;gCAClC,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gCACrE,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gCACjE,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;oCAC9B,YAAY,CAAC,IAAI,CAAC,CAAC;oCACnB,OAAO;gCACX,CAAC;4BACL,CAAC;wBACJ,CAAC;wBAED,sDAAsD;wBACtD,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;4BAC5C,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BAC/C,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BAClE,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;4BAEhD,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;4BAClD,IAAI,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;4BAClD,IAAI,QAAQ,GAAG,IAAI,CAAC;4BAEpB,OAAO,YAAY,EAAE,CAAC;gCAClB,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;gCACrE,IAAI,QAAQ;oCAAE,MAAM;gCACpB,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC;4BACtC,CAAC;4BAED,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gCACvC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gCAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oCACtF,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;oCAC3B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;wCACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;wCAC1C,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wCAE7E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;wCAClC,IAAI,OAAO,EAAE,CAAC;4CACV,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;4CACpE,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;4CACjE,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;gDAC9B,YAAY,CAAC,IAAI,CAAC,CAAC;gDACnB,OAAO;4CACX,CAAC;wCACL,CAAC;oCACT,CAAC;gCACL,CAAC;4BACL,CAAC;wBACL,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,SAAS,YAAY,CAAC,IAAmB;YACtC,OAAO,CAAC,MAAM,CAAC;gBACd,IAAI;gBACJ,SAAS,EAAE,qBAAqB;gBAChC,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,qBAAqB;wBAChC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,kBAAkB;wBAC7B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,cAAc,EAAE,mBAAmB;SACpC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/security/no-unescaped-url-parameter.js CHANGED
@@ -57,7 +57,11 @@ function matchesIgnorePattern(text, ignorePatterns) {
57
57
  * Check if a node is a URL construction pattern
58
58
  */
59
59
  function isUrlConstruction(node, sourceCode) {
60
- const text = sourceCode.getText(node);
60
+ let text = sourceCode.getText(node);
61
+ // For template literals, combine raw strings to improve pattern detection
62
+ if (node.type === 'TemplateLiteral') {
63
+ text = node.quasis.map(q => q.value.raw).join('');
64
+ }
61
65
  // Check for URL construction patterns
62
66
  const urlPatterns = [
63
67
  /\bhttps?:\/\//, // HTTP/HTTPS URLs
@@ -257,9 +261,95 @@ exports.noUnescapedUrlParameter = (0, eslint_devkit_2.createRule)({
257
261
  }
258
262
  }
259
263
  }
264
+ function isUserControlled(node, visited = new Set()) {
265
+ const text = sourceCode.getText(node);
266
+ const patterns = [
267
+ /\breq\.(query|params|body|headers|cookies)/,
268
+ /\brequest\.(query|params|body)/,
269
+ /\buserInput\b/i,
270
+ /\binput\b/i,
271
+ /\bsearchParams\b/,
272
+ /\bparam\b/i,
273
+ /\breturnUrl\b/i,
274
+ /\burl\b/i,
275
+ /\bredirect\b/i,
276
+ /\bnext\b/i,
277
+ ];
278
+ if (patterns.some(p => p.test(text)))
279
+ return true;
280
+ // Trace identifiers
281
+ if (node.type === 'Identifier') {
282
+ if (visited.has(node.name))
283
+ return false;
284
+ visited.add(node.name);
285
+ const scope = sourceCode.getScope(node);
286
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
287
+ const variable = scope.variables.find((v) => v.name === node.name);
288
+ if (variable && variable.defs.length > 0) {
289
+ const def = variable.defs[0];
290
+ if (def.type === 'Variable' && def.node.init) {
291
+ const init = def.node.init;
292
+ // Check if init is constructed from other user inputs
293
+ if (isUserControlled(init, visited))
294
+ return true;
295
+ // Check if init is a TemplateLiteral containing user inputs in expressions
296
+ if (init.type === 'TemplateLiteral') {
297
+ return init.expressions.some(expr => isUserControlled(expr, visited));
298
+ }
299
+ // Check if init is BinaryExpression (concatenation)
300
+ if (init.type === 'BinaryExpression') {
301
+ return isUserControlled(init.left, visited) || isUserControlled(init.right, visited);
302
+ }
303
+ }
304
+ }
305
+ }
306
+ return false;
307
+ }
260
308
  return {
261
309
  TemplateLiteral: checkTemplateLiteral,
262
310
  BinaryExpression: checkBinaryExpression,
311
+ AssignmentExpression(node) {
312
+ if (isTestFile)
313
+ return;
314
+ // Check for window.location = ... or window.location.href = ...
315
+ const left = node.left;
316
+ let isLocationAssignment = false;
317
+ if (left.type === 'MemberExpression') {
318
+ const objectName = left.object.type === 'Identifier' ? left.object.name :
319
+ (left.object.type === 'MemberExpression' ? sourceCode.getText(left.object) : '');
320
+ const propName = left.property.type === 'Identifier' ? left.property.name : '';
321
+ if ((objectName === 'window' && propName === 'location') ||
322
+ (propName === 'href' && objectName.includes('location'))) {
323
+ isLocationAssignment = true;
324
+ }
325
+ }
326
+ else if (left.type === 'Identifier' && left.name === 'location') {
327
+ // In browser location = ... is valid
328
+ isLocationAssignment = true;
329
+ }
330
+ if (isLocationAssignment) {
331
+ const right = node.right;
332
+ const rightText = sourceCode.getText(right);
333
+ // Skip TemplateLiteral and BinaryExpression as they are covered by their own visitors
334
+ if (right.type === 'TemplateLiteral' || right.type === 'BinaryExpression') {
335
+ return;
336
+ }
337
+ if (matchesIgnorePattern(rightText, ignorePatterns))
338
+ return;
339
+ if (isInsideEncodingCall(right, sourceCode, trustedLibraries))
340
+ return;
341
+ if (isUserControlled(right)) {
342
+ context.report({
343
+ node: right,
344
+ messageId: 'unescapedUrlParameter',
345
+ data: {
346
+ parameter: rightText,
347
+ safeAlternative: 'Validate and encode URL before redirecting',
348
+ }
349
+ });
350
+ }
351
+ }
352
+ }
263
353
  };
264
354
  },
265
355
  });
package/src/rules/security/no-unescaped-url-parameter.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-unescaped-url-parameter.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unescaped-url-parameter.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,oBAAoB,CAC3B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,0CAA0C;YAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC/B,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACvE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,uCAAuC;YACvC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAmB,EAAE,UAA+B;IAC7E,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtC,sCAAsC;IACtC,MAAM,WAAW,GAAG;QAClB,eAAe,EAAG,kBAAkB;QACpC,kBAAkB;QAClB,iBAAiB,EAAG,gBAAgB;QACpC,YAAY,EAAG,QAAQ;QACvB,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,UAAU,EAAG,mBAAmB;KACjC,CAAC;IAEF,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAEY,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,4BAA4B;IAClC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,kCAAkC;SAChD;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,kEAAkE;aACtF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,8CAA8C;qBAC5D;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;wBAC/B,WAAW,EAAE,oCAAoC;qBAClD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;YACxC,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EACzC,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,oBAAoB,CAAC,IAA8B;YAC1D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,wCAAwC;YACxC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,UAAU,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACnE,SAAS;gBACX,CAAC;gBAED,qCAAqC;gBACrC,MAAM,iBAAiB,GAAG;oBACxB,4CAA4C;oBAC5C,gCAAgC;oBAChC,gBAAgB;oBAChB,YAAY;oBACZ,kBAAkB;oBAClB,YAAY,EAAE,yBAAyB;iBACxC,CAAC;gBAEF,+DAA+D;gBAC/D,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAChD,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,6DAA6D;oBAC7D,CAAC,UAAU,CAAC,IAAI,KAAK,kBAAkB;wBACtC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;4BAC/B,wDAAwD;4BACxD,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAChC,CAAC,CAAC,CAAC,CAAC;gBAExB,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE,uBAAuB;wBAClC,IAAI,EAAE;4BACJ,SAAS,EAAE,IAAI;4BACf,eAAe,EAAE,0GAA0G,IAAI,OAAO;yBACvI;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,uBAAuB;gCAClC,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;4BACD;gCACE,SAAS,EAAE,oBAAoB;gCAC/B,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBAC1B,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;oBACzC,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBAClC,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAEjD,yCAAyC;oBACzC,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,gCAAgC;oBAChC,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACnE,OAAO;oBACT,CAAC;oBAED,qCAAqC;oBACrC,MAAM,iBAAiB,GAAG;wBACxB,4BAA4B;wBAC5B,gCAAgC;wBAChC,eAAe;wBACf,WAAW;qBACZ,CAAC;oBAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBAE/E,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,IAAI,CAAC,KAAK;4BAChB,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,SAAS,EAAE,SAAS;gCACpB,eAAe,EAAE,6BAA6B,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,SAAS,GAAG;6BACjH;4BACD,OAAO,EAAE;gCACP;oCACE,SAAS,EAAE,uBAAuB;oCAClC,6DAA6D;oCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;iCAC1C;6BACF;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,eAAe,EAAE,oBAAoB;YACrC,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-unescaped-url-parameter.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unescaped-url-parameter.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,oBAAoB,CAC3B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,0CAA0C;YAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;gBAC/B,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACvE,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,uCAAuC;YACvC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAmB,EAAE,UAA+B;IAC7E,IAAI,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEpC,0EAA0E;IAC1E,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACpC,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,sCAAsC;IACtC,MAAM,WAAW,GAAG;QAClB,eAAe,EAAG,kBAAkB;QACpC,kBAAkB;QAClB,iBAAiB,EAAG,gBAAgB;QACpC,YAAY,EAAG,QAAQ;QACvB,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,UAAU,EAAG,mBAAmB;KACjC,CAAC;IAEF,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAEY,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,4BAA4B;IAClC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,kCAAkC;SAChD;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,qBAAqB;gBAChC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,kEAAkE;aACtF,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,8CAA8C;qBAC5D;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;wBAC/B,WAAW,EAAE,oCAAoC;qBAClD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC;YACxC,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,EACzC,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,oBAAoB,CAAC,IAA8B;YAC1D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;gBACzC,OAAO;YACT,CAAC;YAED,wCAAwC;YACxC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,yCAAyC;gBACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,IAAI,oBAAoB,CAAC,UAAU,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACnE,SAAS;gBACX,CAAC;gBAED,qCAAqC;gBACrC,MAAM,iBAAiB,GAAG;oBACxB,4CAA4C;oBAC5C,gCAAgC;oBAChC,gBAAgB;oBAChB,YAAY;oBACZ,kBAAkB;oBAClB,YAAY,EAAE,yBAAyB;iBACxC,CAAC;gBAEF,+DAA+D;gBAC/D,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC1C,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAChD,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,6DAA6D;oBAC7D,CAAC,UAAU,CAAC,IAAI,KAAK,kBAAkB;wBACtC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;4BAC/B,wDAAwD;4BACxD,OAAO,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAChC,CAAC,CAAC,CAAC,CAAC;gBAExB,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE,uBAAuB;wBAClC,IAAI,EAAE;4BACJ,SAAS,EAAE,IAAI;4BACf,eAAe,EAAE,0GAA0G,IAAI,OAAO;yBACvI;wBACD,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,uBAAuB;gCAClC,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;4BACD;gCACE,SAAS,EAAE,oBAAoB;gCAC/B,6DAA6D;gCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;6BAC1C;yBACF;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBAC1B,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;oBACzC,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBAClC,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAEjD,yCAAyC;oBACzC,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;wBACpD,OAAO;oBACT,CAAC;oBAED,gCAAgC;oBAChC,IAAI,oBAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACnE,OAAO;oBACT,CAAC;oBAED,qCAAqC;oBACrC,MAAM,iBAAiB,GAAG;wBACxB,4BAA4B;wBAC5B,gCAAgC;wBAChC,eAAe;wBACf,WAAW;qBACZ,CAAC;oBAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;oBAE/E,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,IAAI,CAAC,KAAK;4BAChB,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,SAAS,EAAE,SAAS;gCACpB,eAAe,EAAE,6BAA6B,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,SAAS,GAAG;6BACjH;4BACD,OAAO,EAAE;gCACP;oCACE,SAAS,EAAE,uBAAuB;oCAClC,6DAA6D;oCAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;iCAC1C;6BACF;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,gBAAgB,CAAC,IAAmB,EAAE,UAAU,IAAI,GAAG,EAAU;YACxE,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,MAAM,QAAQ,GAAG;gBACf,4CAA4C;gBAC5C,gCAAgC;gBAChC,gBAAgB;gBAChB,YAAY;gBACZ,kBAAkB;gBAClB,YAAY;gBACZ,gBAAgB;gBAChB,UAAU;gBACV,eAAe;gBACf,WAAW;aACZ,CAAC;YAEF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;YAElD,oBAAoB;YACpB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEvB,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACxC,8DAA8D;gBAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;gBAExE,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACzC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;wBAC5C,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;wBAC3B,sDAAsD;wBACtD,IAAI,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC;4BAAE,OAAO,IAAI,CAAC;wBAEjD,2EAA2E;wBAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;4BAClC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;wBAC1E,CAAC;wBAED,oDAAoD;wBACpD,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BACnC,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;wBACzF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO;YACL,eAAe,EAAE,oBAAoB;YACrC,gBAAgB,EAAE,qBAAqB;YACvC,oBAAoB,CAAC,IAAmC;gBACtD,IAAI,UAAU;oBAAE,OAAO;gBAEvB,gEAAgE;gBAChE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,IAAI,oBAAoB,GAAG,KAAK,CAAC;gBAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAClC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACxD,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAClG,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAE/E,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,QAAQ,KAAK,UAAU,CAAC;wBACpD,CAAC,QAAQ,KAAK,MAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;wBAC3D,oBAAoB,GAAG,IAAI,CAAC;oBAChC,CAAC;gBACN,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/D,qCAAqC;oBACrC,oBAAoB,GAAG,IAAI,CAAC;gBACjC,CAAC;gBAED,IAAI,oBAAoB,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBACzB,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAE5C,sFAAsF;oBACtF,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBACxE,OAAO;oBACX,CAAC;oBAED,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC;wBAAE,OAAO;oBAC5D,IAAI,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC;wBAAE,OAAO;oBAErE,IAAI,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC1B,OAAO,CAAC,MAAM,CAAC;4BACZ,IAAI,EAAE,KAAK;4BACX,SAAS,EAAE,uBAAuB;4BAClC,IAAI,EAAE;gCACJ,SAAS,EAAE,SAAS;gCACpB,eAAe,EAAE,4CAA4C;6BAC9D;yBACH,CAAC,CAAC;oBACP,CAAC;gBACN,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/security/no-unsanitized-html.js CHANGED
@@ -143,10 +143,14 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
143
143
  if (isTestFile) {
144
144
  return;
145
145
  }
146
- // Check if left side is innerHTML
146
+ // Check if left side is a dangerous DOM property
147
147
  if (node.left.type === 'MemberExpression' &&
148
- node.left.property.type === 'Identifier' &&
149
- node.left.property.name === 'innerHTML') {
148
+ node.left.property.type === 'Identifier') {
149
+ const propertyName = node.left.property.name;
150
+ const dangerousProps = ['innerHTML', 'outerHTML'];
151
+ if (!dangerousProps.includes(propertyName)) {
152
+ return; // Not a dangerous property
153
+ }
150
154
  const memberExpr = node.left;
151
155
  const property = memberExpr.property;
152
156
  const text = sourceCode.getText(memberExpr);
@@ -186,49 +190,13 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
186
190
  if (isInsideSanitizationCall(node.right, sourceCode, trustedLibraries)) {
187
191
  return;
188
192
  }
189
- // Check if the right side matches user input patterns
190
- const rightText = sourceCode.getText(node.right);
191
- // Check if it's an identifier that matches user input patterns
192
- let isUserInput = false;
193
- if (node.right.type === 'Identifier') {
194
- const identifierName = node.right.name.toLowerCase();
195
- // Direct match for common user input variable names
196
- const userInputNames = ['userinput', 'userdata', 'html', 'content', 'text'];
197
- isUserInput = userInputNames.includes(identifierName);
198
- // Also check patterns
199
- const userInputPatterns = [
200
- /\breq\.(body|query|params|headers|cookies)/,
201
- /\brequest\.(body|query|params)/,
202
- ];
203
- isUserInput = isUserInput || userInputPatterns.some(pattern => pattern.test(identifierName)) ||
204
- userInputPatterns.some(pattern => pattern.test(rightText));
205
- }
206
- else {
207
- const userInputPatterns = [
208
- /\b(userInput|userData|html|content|text)\b/i,
209
- /\breq\.(body|query|params|headers|cookies)/,
210
- /\brequest\.(body|query|params)/,
211
- ];
212
- isUserInput = userInputPatterns.some(pattern => pattern.test(rightText));
213
- }
214
- // If it doesn't match user input patterns, check if it's a known safe variable
215
- if (!isUserInput) {
216
- if (matchesIgnorePattern(rightText, ignorePatterns)) {
217
- return;
218
- }
219
- // If it's not user input and not in ignore patterns, it might be safe
220
- // But we still want to report it if it's an identifier that could be user input
221
- if (node.right.type === 'Identifier') {
222
- const identifierName = node.right.name.toLowerCase();
223
- const suspiciousPatterns = ['data', 'input', 'value', 'param', 'arg'];
224
- if (!suspiciousPatterns.some(pattern => identifierName.includes(pattern))) {
225
- return; // Doesn't look like user input
226
- }
227
- }
228
- else {
229
- return; // Not an identifier and doesn't match patterns, might be safe
230
- }
193
+ // If right side is a literal string/number, allow it
194
+ if (node.right.type === 'Literal') {
195
+ return;
231
196
  }
197
+ // For innerHTML/outerHTML, we should flag ANY non-sanitized assignment
198
+ // This is more aggressive but safer - innerHTML should ALWAYS be sanitized
199
+ // unless it's a literal or explicitly sanitized
232
200
  // Build suggestions array - conditionally include based on context
233
201
  // For allowInTests option, don't provide suggestions (test expects none)
234
202
  const suggestions = allowInTests && !isTestFile
@@ -242,15 +210,14 @@ exports.noUnsanitizedHtml = (0, eslint_devkit_2.createRule)({
242
210
  },
243
211
  {
244
212
  messageId: 'useSanitizeLibrary',
245
- // eslint-disable-next-line @typescript-eslint/no-unused-vars
246
- fix: (_fixer) => null,
213
+ fix: () => [],
247
214
  },
248
215
  ];
249
216
  context.report({
250
217
  node: memberExpr,
251
218
  messageId: 'unsanitizedHtml',
252
219
  data: {
253
- htmlSource: 'innerHTML',
220
+ htmlSource: propertyName,
254
221
  safeAlternative: 'Use textContent or sanitize with DOMPurify: element.textContent = userInput; or element.innerHTML = DOMPurify.sanitize(html);',
255
222
  },
256
223
  suggest: suggestions,
package/src/rules/security/no-unsanitized-html.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"no-unsanitized-html.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unsanitized-html.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,wBAAwB,CAC/B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,4CAA4C;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACzE,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC1E,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAA,0BAAU,EAA0B;IACnE,IAAI,EAAE,qBAAqB;IAC3B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yEAAyE;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gEAAgE;gBACrE,iBAAiB,EAAE,4FAA4F;aAChH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,sCAAsC;qBACpD;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;wBAC9C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;YACvD,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC,EACxD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,kCAAkC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;gBAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA+B,CAAC;gBAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,sEAAsE;gBACtE,oFAAoF;gBACpF,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC5C,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;oBAC1C,IAAI,oBAAoB,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;wBACrD,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,iCAAiC;gBACjC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,oEAAoE;gBACpE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1E,OAAO;wBACT,CAAC;wBACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;oBACD,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,mEAAmE;gBACnE,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,sDAAsD;gBACtD,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAEjD,+DAA+D;gBAC/D,IAAI,WAAW,GAAG,KAAK,CAAC;gBACxB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACrC,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrD,oDAAoD;oBACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;oBAC5E,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;oBAEtD,sBAAsB;oBACtB,MAAM,iBAAiB,GAAG;wBACxB,4CAA4C;wBAC5C,gCAAgC;qBACjC,CAAC;oBACF,WAAW,GAAG,WAAW,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;wBAC/E,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC1E,CAAC;qBAAM,CAAC;oBACN,MAAM,iBAAiB,GAAG;wBACxB,6CAA6C;wBAC7C,4CAA4C;wBAC5C,gCAAgC;qBACjC,CAAC;oBACF,WAAW,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3E,CAAC;gBAED,+EAA+E;gBAC/E,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,IAAI,oBAAoB,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,CAAC;wBACpD,OAAO;oBACT,CAAC;oBACD,sEAAsE;oBACtE,gFAAgF;oBAChF,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACrC,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBACrD,MAAM,kBAAkB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;wBACtE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;4BAC1E,OAAO,CAAC,+BAA+B;wBACzC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,8DAA8D;oBACxE,CAAC;gBACH,CAAC;gBAED,mEAAmE;gBACnE,yEAAyE;gBACzE,MAAM,WAAW,GACf,YAAY,IAAI,CAAC,UAAU;oBACzB,CAAC,CAAC,SAAS,CAAC,oEAAoE;oBAChF,CAAC,CAAC;wBACE;4BACE,SAAS,EAAE,gBAAgB;4BAC3B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;4BACpD,CAAC;yBACF;wBACD;4BACE,SAAS,EAAE,oBAAoB;4BAC/B,6DAA6D;4BAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;yBAC1C;qBACF,CAAC;gBAER,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,WAAW;wBACvB,eAAe,EAAE,+HAA+H;qBACjJ;oBACD,OAAO,EAAE,WAAW;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,iBAAiB,CAAC,IAA2B;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACvC,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAErC,oCAAoC;YACpC,IAAI,aAAa,KAAK,yBAAyB,EAAE,CAAC;gBAChD,kCAAkC;gBAClC,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;oBAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;oBAEzC,+CAA+C;oBAC/C,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC3C,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,CAC7C,CAAC,IAAqD,EAA6B,EAAE,CACnF,IAAI,CAAC,IAAI,KAAK,UAAU;4BACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;4BAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ,CAC7B,CAAC;wBAEF,IAAI,YAAY,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;4BACvC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;4BAErC,kCAAkC;4BAClC,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gCACxC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;gCAChC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wCACzE,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;gCACD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wCAC1E,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;4BACH,CAAC;4BAED,iDAAiD;4BACjD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;4BACpD,IAAI,gBAAgB,GAAG,KAAK,CAAC;4BAE7B,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCACpC,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gCACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;gCAC5E,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;4BAC7D,CAAC;4BAED,MAAM,iBAAiB,GAAG;gCACxB,6CAA6C;gCAC7C,4CAA4C;gCAC5C,gCAAgC;6BACjC,CAAC;4BAEF,gBAAgB,GAAG,gBAAgB,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;4BAEtG,IAAI,gBAAgB,EAAE,CAAC;gCACrB,6BAA6B;4BAC/B,CAAC;iCAAM,CAAC;gCACN,sCAAsC;gCACtC,IAAI,oBAAoB,CAAC,aAAa,EAAE,cAAc,CAAC,EAAE,CAAC;oCACxD,OAAO;gCACT,CAAC;gCACD,sEAAsE;gCACtE,OAAO;4BACT,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,yBAAyB;wBACrC,eAAe,EAAE,4HAA4H;qBAC9I;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,4BAA4B;4BACvC,6DAA6D;4BAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;yBAC1C;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,YAAY,EAAE,iBAAiB;SAChC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-unsanitized-html.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/security/no-unsanitized-html.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAiBtD;;GAEG;AACH,SAAS,wBAAwB,CAC/B,IAAmB,EACnB,UAA+B,EAC/B,gBAA0B;IAE1B,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAE9B,4CAA4C;YAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC7B,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACzE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oDAAoD;YACpD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC7C,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;oBACzE,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC1E,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1C,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,cAAwB;IAClE,OAAO,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAA,0BAAU,EAA0B;IACnE,IAAI,EAAE,qBAAqB;IAC3B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yEAAyE;SACvF;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,mEAAmE;aACvF,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,0BAA0B,EAAE,IAAA,gCAAgB,EAAC;gBAC3C,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gEAAgE;gBACrE,iBAAiB,EAAE,4FAA4F;aAChH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,sCAAsC;qBACpD;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;wBAC9C,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,gBAAgB,EAAE,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC;YACvD,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,gBAAgB,GAAG,CAAC,WAAW,EAAE,eAAe,EAAE,KAAK,CAAC,EACxD,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,yBAAyB,CAAC,IAAmC;YACpE,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,iDAAiD;YACjD,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;gBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAE7C,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC7C,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;gBAElD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC3C,OAAO,CAAC,2BAA2B;gBACrC,CAAC;gBAED,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC7B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAA+B,CAAC;gBAC5D,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAE5C,sEAAsE;gBACtE,oFAAoF;gBACpF,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC5C,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;oBAC1C,IAAI,oBAAoB,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,CAAC;wBACrD,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,iCAAiC;gBACjC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;oBAC/C,OAAO;gBACT,CAAC;gBAED,oEAAoE;gBACpE,0DAA0D;gBAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;oBACjC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAC1E,OAAO;wBACT,CAAC;wBACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;oBACD,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;4BACzE,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,mEAAmE;gBACnE,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC;oBACvE,OAAO;gBACT,CAAC;gBAED,qDAAqD;gBACrD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBAClC,OAAO;gBACT,CAAC;gBAED,uEAAuE;gBACvE,2EAA2E;gBAC3E,gDAAgD;gBAEhD,mEAAmE;gBACnE,yEAAyE;gBACzE,MAAM,WAAW,GACf,YAAY,IAAI,CAAC,UAAU;oBACzB,CAAC,CAAC,SAAS,CAAC,oEAAoE;oBAChF,CAAC,CAAC;wBACE;4BACE,SAAS,EAAE,gBAAgB;4BAC3B,GAAG,EAAE,CAAC,KAAyB,EAAE,EAAE;gCACjC,OAAO,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;4BACpD,CAAC;yBACF;wBACD;4BACE,SAAS,EAAE,oBAAoB;4BAC/B,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE;yBACd;qBACF,CAAC;gBAER,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,YAAY;wBACxB,eAAe,EAAE,+HAA+H;qBACjJ;oBACD,OAAO,EAAE,WAAW;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,iBAAiB,CAAC,IAA2B;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;gBACvC,OAAO;YACT,CAAC;YAED,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAErC,oCAAoC;YACpC,IAAI,aAAa,KAAK,yBAAyB,EAAE,CAAC;gBAChD,kCAAkC;gBAClC,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;oBAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;oBAEzC,+CAA+C;oBAC/C,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBAC3C,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,CAC7C,CAAC,IAAqD,EAA6B,EAAE,CACnF,IAAI,CAAC,IAAI,KAAK,UAAU;4BACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;4BAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,QAAQ,CAC7B,CAAC;wBAEF,IAAI,YAAY,IAAI,YAAY,CAAC,KAAK,EAAE,CAAC;4BACvC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;4BAErC,kCAAkC;4BAClC,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gCACxC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;gCAChC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCACpD,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wCACzE,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;gCACD,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oCAC7C,IAAI,CAAC,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;wCAC1E,OAAO,CAAC,iBAAiB;oCAC3B,CAAC;gCACH,CAAC;4BACH,CAAC;4BAED,iDAAiD;4BACjD,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;4BACpD,IAAI,gBAAgB,GAAG,KAAK,CAAC;4BAE7B,IAAI,SAAS,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCACpC,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gCACpD,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;gCAC5E,gBAAgB,GAAG,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;4BAC7D,CAAC;4BAED,MAAM,iBAAiB,GAAG;gCACxB,6CAA6C;gCAC7C,4CAA4C;gCAC5C,gCAAgC;6BACjC,CAAC;4BAEF,gBAAgB,GAAG,gBAAgB,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;4BAEtG,IAAI,gBAAgB,EAAE,CAAC;gCACrB,6BAA6B;4BAC/B,CAAC;iCAAM,CAAC;gCACN,sCAAsC;gCACtC,IAAI,oBAAoB,CAAC,aAAa,EAAE,cAAc,CAAC,EAAE,CAAC;oCACxD,OAAO;gCACT,CAAC;gCACD,sEAAsE;gCACtE,OAAO;4BACT,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,yBAAyB;wBACrC,eAAe,EAAE,4HAA4H;qBAC9I;oBACD,OAAO,EAAE;wBACP;4BACE,SAAS,EAAE,4BAA4B;4BACvC,6DAA6D;4BAC7D,GAAG,EAAE,CAAC,MAA0B,EAAE,EAAE,CAAC,IAAI;yBAC1C;qBACF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,YAAY,EAAE,iBAAiB;SAChC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}