eslint-plugin-secure-coding 2.1.0 → 2.2.1

package/src/rules/require-data-minimization/index.js

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * @fileoverview Identify excessive data collection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/213.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireDataMinimization = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireDataMinimization = (0, eslint_devkit_1.createRule)({
+    name: 'require-data-minimization',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Identify excessive data collection patterns',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M6'],
+            cweIds: ['CWE-213'],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-213',
+                description: 'Excessive data collection detected - only collect data that is necessary',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/213.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            ObjectExpression(node) {
+                // Flag objects with >10 properties being collected
+                if (node.properties.length > 10) {
+                    // Check if this looks like user data collection
+                    const hasUserData = node.properties.some(p => p.type === 'Property' &&
+                        ['email', 'name', 'phone', 'address'].includes(p.key.name));
+                    if (hasUserData) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-data-minimization/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-data-minimization/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE;YACJ,WAAW,EAAE,6CAA6C;YAC1D,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,0EAA0E;gBACvF,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,gBAAgB,CAAC,IAA+B;gBAC9C,mDAAmD;gBACnD,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAChC,gDAAgD;oBAChD,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC3C,CAAC,CAAC,IAAI,KAAK,UAAU;wBACrB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAC3D,CAAC;oBAEF,IAAI,WAAW,EAAE,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-dependency-integrity/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Require integrity hashes for external resources
+ */
+export interface Options {
+}
+export declare const requireDependencyIntegrity: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-dependency-integrity/index.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * @fileoverview Require integrity hashes for external resources
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireDependencyIntegrity = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireDependencyIntegrity = (0, eslint_devkit_1.createRule)({
+    name: 'require-dependency-integrity',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require SRI (Subresource Integrity) for CDN resources',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Missing SRI',
+                cwe: 'CWE-494',
+                description: 'External resource loaded without integrity hash - supply chain risk',
+                severity: 'HIGH',
+                fix: 'Add integrity="sha384-..." and crossorigin="anonymous" attributes',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/494.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            Literal(node) {
+                if (typeof node.value !== 'string')
+                    return;
+                // Check for script/link tags without integrity
+                const value = node.value.toLowerCase();
+                if ((value.includes('<script') && value.includes('src=')) ||
+                    (value.includes('<link') && value.includes('href='))) {
+                    // Check if CDN source
+                    if (value.includes('cdn.') || value.includes('cdnjs.') ||
+                        value.includes('unpkg.') || value.includes('jsdelivr.')) {
+                        if (!value.includes('integrity=')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+            TemplateLiteral(node) {
+                const text = context.sourceCode.getText(node).toLowerCase();
+                if ((text.includes('<script') && text.includes('src=')) ||
+                    (text.includes('<link') && text.includes('href='))) {
+                    if (text.includes('cdn.') || text.includes('cdnjs.') ||
+                        text.includes('unpkg.') || text.includes('jsdelivr.')) {
+                        if (!text.includes('integrity=')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-dependency-integrity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-dependency-integrity/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,0BAA0B,GAAG,IAAA,0BAAU,EAA0B;IAC5E,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,uDAAuD;SACrE;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,aAAa;gBACxB,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,qEAAqE;gBAClF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mEAAmE;gBACxE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,OAAO,CAAC,IAAsB;gBAC5B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;oBAAE,OAAO;gBAE3C,+CAA+C;gBAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;gBACvC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrD,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBAEzD,sBAAsB;oBACtB,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAClD,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBAE5D,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;4BAClC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,eAAe,CAAC,IAA8B;gBAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;gBAE5D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACnD,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBAEvD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBAChD,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBAE1D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;4BACjC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-https-only/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Enforce HTTPS for all external requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/319.html
+ */
+export interface Options {
+}
+export declare const requireHttpsOnly: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-https-only/index.js

@@ -0,0 +1,64 @@
+"use strict";
+/**
+ * @fileoverview Enforce HTTPS for all external requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/319.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireHttpsOnly = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireHttpsOnly = (0, eslint_devkit_1.createRule)({
+    name: 'require-https-only',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Enforce HTTPS for all external requests',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M5'],
+            cweIds: ["CWE-319"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-319',
+                description: 'Enforce HTTPS for all external requests detected - this is a security risk',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/319.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        const sourceCode = context.sourceCode;
+        function report(node) {
+            context.report({
+                node,
+                messageId: 'violationDetected',
+            });
+        }
+        return {
+            CallExpression(node) {
+                // Check fetch/axios calls with http:// URLs
+                if (node.type === 'CallExpression') {
+                    const callee = node.callee;
+                    const isHttpCall = (callee.name === 'fetch' ||
+                        (callee.object?.name === 'axios' &&
+                            ['get', 'post', 'put', 'delete', 'patch'].includes(callee.property?.name)));
+                    if (isHttpCall && node.arguments[0]) {
+                        const url = node.arguments[0];
+                        if (url.type === 'Literal' &&
+                            typeof url.value === 'string' &&
+                            url.value.startsWith('http://')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-https-only/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-https-only/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,gBAAgB,GAAG,IAAA,0BAAU,EAA0B;IAClE,IAAI,EAAE,oBAAoB;IAC1B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yCAAyC;YACtD,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,4EAA4E;gBACzF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QAEtC,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,mBAAmB;aAC/B,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,cAAc,CAAC,IAA6B;gBAE5C,4CAA4C;gBAC5C,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;oBACnC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;oBAC3B,MAAM,UAAU,GACd,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO;wBACvB,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,OAAO;4BAC/B,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;oBAEhF,IAAI,UAAU,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;wBAC9B,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;4BACtB,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;4BAC7B,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;4BACpC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YAED,CAAC;SAEA,CAAC;IACN,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-mime-type-validation/index.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Require MIME type validation for uploads
+ */
+export interface Options {
+}
+export declare const requireMimeTypeValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-mime-type-validation/index.js

@@ -0,0 +1,67 @@
+"use strict";
+/**
+ * @fileoverview Require MIME type validation for uploads
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireMimeTypeValidation = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireMimeTypeValidation = (0, eslint_devkit_1.createRule)({
+    name: 'require-mime-type-validation',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require MIME type validation for file uploads',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Missing MIME Validation',
+                cwe: 'CWE-434',
+                description: 'File upload without MIME type validation - unrestricted upload vulnerability',
+                severity: 'HIGH',
+                fix: 'Add fileFilter option to validate MIME types',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/434.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            CallExpression(node) {
+                // Detect multer().single() or multer().array() without fileFilter
+                if (node.callee.type === 'MemberExpression' &&
+                    node.callee.property.type === 'Identifier' &&
+                    ['single', 'array', 'fields'].includes(node.callee.property.name)) {
+                    // Check if parent has fileFilter configuration
+                    const calleeObj = node.callee.object;
+                    if (calleeObj.type === 'CallExpression') {
+                        const multerArgs = calleeObj.arguments[0];
+                        if (multerArgs && multerArgs.type === 'ObjectExpression') {
+                            const hasFileFilter = multerArgs.properties.some((p) => p.key?.name === 'fileFilter' || p.key?.name === 'limits');
+                            if (!hasFileFilter) {
+                                report(node);
+                            }
+                        }
+                        else if (!multerArgs) {
+                            // No config at all = no validation
+                            report(node);
+                        }
+                    }
+                }
+                // Detect upload() calls directly
+                if (node.callee.type === 'Identifier' && node.callee.name === 'upload') {
+                    // Check if there's validation in arguments
+                    if (node.arguments.length === 0 ||
+                        (node.arguments[0]?.type === 'Identifier')) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-mime-type-validation/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-mime-type-validation/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,yBAAyB,GAAG,IAAA,0BAAU,EAA0B;IAC3E,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,+CAA+C;SAC7D;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,8EAA8E;gBAC3F,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,8CAA8C;gBACnD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,kEAAkE;gBAClE,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAC1C,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAEtE,+CAA+C;oBAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;oBACrC,IAAI,SAAS,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACxC,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;wBAC1C,IAAI,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BACzD,MAAM,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,IAAI,CAC9C,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,QAAQ,CACrE,CAAC;4BACF,IAAI,CAAC,aAAa,EAAE,CAAC;gCACnB,MAAM,CAAC,IAAI,CAAC,CAAC;4BACf,CAAC;wBACH,CAAC;6BAAM,IAAI,CAAC,UAAU,EAAE,CAAC;4BACvB,mCAAmC;4BACnC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,iCAAiC;gBACjC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACvE,2CAA2C;oBAC3C,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;wBAC3B,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,YAAY,CAAC,EAAE,CAAC;wBAC/C,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-network-timeout/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Require timeout limits for network requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/770.html
+ */
+export interface Options {
+}
+export declare const requireNetworkTimeout: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-network-timeout/index.js

@@ -0,0 +1,51 @@
+"use strict";
+/**
+ * @fileoverview Require timeout limits for network requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/770.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireNetworkTimeout = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireNetworkTimeout = (0, eslint_devkit_1.createRule)({
+    name: 'require-network-timeout',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require timeout limits for network requests',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M5'],
+            cweIds: ["CWE-770"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-400',
+                description: 'Require timeout limits for network requests detected - fetch/axios without timeout option',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/400.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.name === 'fetch' ||
+                    (node.callee.type === 'MemberExpression' &&
+                        node.callee.object.name === 'axios')) {
+                    const hasTimeout = node.arguments[1]?.type === 'ObjectExpression' &&
+                        node.arguments[1].properties.some(p => p.key?.name === 'timeout');
+                    if (!hasTimeout) {
+                        context.report({ node, messageId: 'violationDetected' });
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-network-timeout/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-network-timeout/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,6CAA6C;YAC1D,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2FAA2F;gBACxG,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YAEL,cAAc,CAAC,IAA6B;gBAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO;oBAC5B,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;wBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;oBAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,kBAAkB;wBAC/D,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC;oBACpE,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBAC3D,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-package-lock/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Ensure package lock file exists
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/829.html
+ */
+export interface Options {
+}
+export declare const requirePackageLock: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-package-lock/index.js

@@ -0,0 +1,64 @@
+"use strict";
+/**
+ * @fileoverview Ensure package lock file exists
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/829.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requirePackageLock = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requirePackageLock = (0, eslint_devkit_1.createRule)({
+    name: 'require-package-lock',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Ensure package-lock.json or yarn.lock exists',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M2'],
+            cweIds: ['CWE-829'],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-829',
+                description: 'Package lock file missing - commit package-lock',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/829.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        const fs = require('node:fs');
+        const path = require('node:path');
+        // Check once per file
+        let checked = false;
+        return {
+            Program(node) {
+                if (checked)
+                    return;
+                checked = true;
+                // Find project root (simplified)
+                let dir = path.dirname(context.filename);
+                let found = false;
+                for (let i = 0; i < 10; i++) {
+                    if (fs.existsSync(path.join(dir, 'package-lock.json')) ||
+                        fs.existsSync(path.join(dir, 'yarn.lock')) ||
+                        fs.existsSync(path.join(dir, 'pnpm-lock.yaml'))) {
+                        found = true;
+                        break;
+                    }
+                    dir = path.dirname(dir);
+                }
+                if (!found) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-package-lock/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-package-lock/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,kBAAkB,GAAG,IAAA,0BAAU,EAA0B;IACpE,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE;QACJ,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE;YACJ,WAAW,EAAE,8CAA8C;YAC3D,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;QAElC,sBAAsB;QACtB,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,OAAO;YACL,OAAO,CAAC,IAAsB;gBAC5B,IAAI,OAAO;oBAAE,OAAO;gBACpB,OAAO,GAAG,IAAI,CAAC;gBAEf,iCAAiC;gBACjC,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACzC,IAAI,KAAK,GAAG,KAAK,CAAC;gBAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC5B,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC;wBAClD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;wBAC1C,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC,EAAE,CAAC;wBACpD,KAAK,GAAG,IAAI,CAAC;wBACb,MAAM;oBACR,CAAC;oBACD,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC1B,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-secure-credential-storage/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Enforce secure storage patterns for credentials
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/522.html
+ */
+export interface Options {
+}
+export declare const requireSecureCredentialStorage: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-credential-storage/index.js

@@ -0,0 +1,51 @@
+"use strict";
+/**
+ * @fileoverview Enforce secure storage patterns for credentials
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/522.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureCredentialStorage = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureCredentialStorage = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-credential-storage',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Enforce secure storage patterns for credentials',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M1'],
+            cweIds: ["CWE-522"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-312',
+                description: 'Enforce secure storage patterns for credentials detected - Credentials without encryption',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type === 'MemberExpression' &&
+                    ['setItem', 'writeFile'].includes(node.callee.property.name)) {
+                    // Check for encryption wrapper
+                    const hasEncryption = node.arguments.some(arg => arg.type === 'CallExpression' &&
+                        arg.callee.name?.includes('encrypt'));
+                    if (!hasEncryption) {
+                        context.report({ node, messageId: 'violationDetected' });
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-secure-credential-storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-secure-credential-storage/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,8BAA8B,GAAG,IAAA,0BAAU,EAA0B;IAChF,IAAI,EAAE,mCAAmC;IACzC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,iDAAiD;YAC9D,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2FAA2F;gBACxG,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YAEL,cAAc,CAAC,IAA6B;gBAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjE,+BAA+B;oBAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC9C,GAAG,CAAC,IAAI,KAAK,gBAAgB;wBAC7B,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,CACrC,CAAC;oBACF,IAAI,CAAC,aAAa,EAAE,CAAC;wBACnB,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBAC3D,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-secure-defaults/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Ensure secure default configurations
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/453.html
+ */
+export interface Options {
+}
+export declare const requireSecureDefaults: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-defaults/index.js

@@ -0,0 +1,48 @@
+"use strict";
+/**
+ * @fileoverview Ensure secure default configurations
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/453.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureDefaults = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureDefaults = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-defaults',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Ensure secure default configurations',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M8'],
+            cweIds: ["CWE-453"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-1188',
+                description: 'Ensure secure default configurations detected - Insecure default values',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1188.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            Property(node) {
+                if (node.key.type === 'Identifier' &&
+                    ['secure', 'strictSSL', 'verify'].includes(node.key.name) &&
+                    node.value.type === 'Literal' &&
+                    node.value.value === false) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-secure-defaults/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-secure-defaults/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,yEAAyE;gBACtF,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,QAAQ,CAAC,IAAuB;gBAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oBAC9B,CAAC,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;oBACzD,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;oBAC7B,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;oBAC/B,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/require-secure-deletion/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Require secure data deletion patterns
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/459.html
+ */
+export interface Options {
+}
+export declare const requireSecureDeletion: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-deletion/index.js

@@ -0,0 +1,45 @@
+"use strict";
+/**
+ * @fileoverview Require secure data deletion patterns
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/459.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureDeletion = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureDeletion = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-deletion',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require secure data deletion patterns',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M9'],
+            cweIds: ["CWE-459"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-459',
+                description: 'Require secure data deletion patterns detected - delete without secure wipe',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/459.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            UnaryExpression(node) {
+                if (node.operator === 'delete') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/require-secure-deletion/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/require-secure-deletion/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,uCAAuC;YACpD,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,6EAA6E;gBAC1F,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YAEL,eAAe,CAAC,IAA8B;gBAC5C,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC/B,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}