npm - eslint-plugin-secure-coding - Versions diffs - 2.2.0 → 2.2.1 - Mend

eslint-plugin-secure-coding 2.2.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (318) hide show

package/src/rules/{security/no-directive-injection.js → no-directive-injection/index.js} RENAMED Viewed

@@ -222,10 +222,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                         // Check if the expression contains user input
                         const expressionText = sourceCode.getText(expression);
                         if (userInputVariables.some(input => expressionText.includes(input))) {
-                            // FALSE POSITIVE REDUCTION
+                            /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                             if (safetyChecker.isSafe(node, context)) {
                                 return;
                             }
+                            /* c8 ignore stop */
                             context.report({
                                 node: attrValue,
                                 messageId: 'dangerousInnerHTML',
@@ -246,10 +247,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                         const expression = attrValue.expression;
                         // Check if directive value comes from user input
                         if (expression.type === 'Identifier' && isUserInput(expression.name)) {
-                            // FALSE POSITIVE REDUCTION
+                            /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                             if (safetyChecker.isSafe(node, context)) {
                                 return;
                             }
+                            /* c8 ignore stop */
                             context.report({
                                 node: attrValue,
                                 messageId: 'directiveInjection',
@@ -271,10 +273,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                         if (attrValue.type === 'JSXExpressionContainer') {
                             const expression = attrValue.expression;
                             if (expression.type === 'Identifier' && isUserInput(expression.name)) {
-                                // FALSE POSITIVE REDUCTION
+                                /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                                 if (safetyChecker.isSafe(node, context)) {
                                     return;
                                 }
+                                /* c8 ignore stop */
                                 context.report({
                                     node: attrValue,
                                     messageId: 'unsafeComponentBinding',
@@ -299,10 +302,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                     // Check if right side contains user input
                     const rightText = sourceCode.getText(right);
                     if (userInputVariables.some(input => rightText.includes(input))) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node: right,
                             messageId: 'dangerousInnerHTML',
@@ -334,10 +338,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                             const templateArg = args[0];
                             // Check if template comes from user input
                             if (templateArg.type === 'Identifier' && isUserInput(templateArg.name)) {
-                                // FALSE POSITIVE REDUCTION
+                                /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                                 if (safetyChecker.isSafe(node, context)) {
                                     return;
                                 }
+                                /* c8 ignore stop */
                                 context.report({
                                     node: templateArg,
                                     messageId: 'userControlledTemplate',
@@ -355,10 +360,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                         if (args.length >= 2) {
                             const directiveName = args[0];
                             if (directiveName.type === 'Identifier' && isUserInput(directiveName.name)) {
-                                // FALSE POSITIVE REDUCTION
+                                /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                                 if (safetyChecker.isSafe(node, context)) {
                                     return;
                                 }
+                                /* c8 ignore stop */
                                 context.report({
                                     node: directiveName,
                                     messageId: 'unsafeDirectiveName',
@@ -377,10 +383,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                     if (args.length >= 2) {
                         const directiveName = args[0];
                         if (directiveName.type === 'Identifier' && isUserInput(directiveName.name)) {
-                            // FALSE POSITIVE REDUCTION
+                            /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                             if (safetyChecker.isSafe(node, context)) {
                                 return;
                             }
+                            /* c8 ignore stop */
                             context.report({
                                 node: directiveName,
                                 messageId: 'dynamicDirectiveCreation',
@@ -427,10 +434,11 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
                             expr.object.type === 'Identifier' &&
                             isUserInput(expr.object.name)));
                     if (hasUserInput) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node,
                             messageId: 'templateInjection',
@@ -447,4 +455,4 @@ exports.noDirectiveInjection = (0, eslint_devkit_1.createRule)({
         };
     },
 });
-//# sourceMappingURL=no-directive-injection.js.map
+//# sourceMappingURL=index.js.map

package/src/rules/no-directive-injection/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-directive-injection/index.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAkCrB,QAAA,oBAAoB,GAAG,IAAA,0BAAU,EAA0B;IACtE,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,0DAA0D;SACxE;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,6DAA6D;gBAClE,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,oEAAoE;aACxF,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,gDAAgD;gBAC7D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,qCAAqC;aACzD,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;YACF,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,+DAA+D;aACnF,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,uDAAuD;aAC3E,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2CAA2C;gBAChD,iBAAiB,EAAE,kBAAkB;aACtC,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC;qBACzE;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;qBACrF;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;qBAC/C;oBACD,wBAAwB,EAAE;wBACxB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;qBACf;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,8DAA8D;qBAC5E;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,iBAAiB,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC;YAClF,kBAAkB,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC;YAC/F,UAAU,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC;YACjD,wBAAwB,EAAE,KAAK;YAC/B,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAChG,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QAErB,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAC5D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAW,EAAE;YAC/C,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACzD,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC,CAAC;QAEF,OAAO;YACL,+CAA+C;YAC/C,YAAY,CAAC,IAA2B;gBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;gBAE7B,oCAAoC;gBACpC,IAAI,QAAQ,CAAC,IAAI,KAAK,eAAe,IAAI,QAAQ,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;oBACrF,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAC7D,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;wBAExC,8CAA8C;wBAC9C,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;wBACtD,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;4BACrE,6FAA6F;4BAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BACD,oBAAoB;4BAEpB,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,SAAS;gCACf,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,wDAAwD;gBACxD,wDAAwD;gBACxD,MAAM,oBAAoB,GAAG,CAC3B,CAAC,QAAQ,CAAC,IAAI,KAAK,mBAAmB,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;oBAChH,CAAC,QAAQ,CAAC,IAAI,KAAK,eAAe,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAC3G,CAAC;gBAEF,IAAI,oBAAoB,IAAI,SAAS,EAAE,CAAC;oBACpC,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAChD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;wBAExC,iDAAiD;wBACjD,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;4BACrE,6FAA6F;4BAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BACD,oBAAoB;4BAEpB,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,SAAS;gCACf,SAAS,EAAE,oBAAoB;gCAC/B,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;oCACvC,QAAQ,EAAE,MAAM;oCAChB,eAAe,EAAE,uDAAuD;iCACzE;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACL,CAAC;gBAED,sDAAsD;gBACtD,IAAI,QAAQ,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACtC,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;oBAElC,qDAAqD;oBACrD,IAAI,WAAW,KAAK,IAAI,IAAI,SAAS,EAAE,CAAC;wBACtC,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;4BAChD,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC;4BAExC,IAAI,UAAU,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gCACrE,6FAA6F;gCAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCACD,oBAAoB;gCAEpB,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,SAAS;oCACf,SAAS,EAAE,wBAAwB;oCACnC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCAC1C;iCACA,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,oBAAoB,CAAC,IAAmC;gBACtD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACvB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAEzB,0CAA0C;gBAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;oBAChC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAEvC,0CAA0C;oBAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;oBAC5C,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;wBAChE,6FAA6F;wBAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBACD,oBAAoB;wBAEpB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI,EAAE,KAAK;4BACX,SAAS,EAAE,oBAAoB;4BAC/B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,iDAAiD;YACjD,cAAc,CAAC,IAA6B;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAE3B,2CAA2C;gBAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEjF,iCAAiC;oBACjC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;wBACxE,CAAC,UAAU,KAAK,YAAY,IAAI,UAAU,KAAK,SAAS,CAAC;wBACzD,CAAC,UAAU,KAAK,GAAG,IAAI,UAAU,KAAK,UAAU,CAAC;wBACjD,CAAC,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,QAAQ,CAAC;wBACjD,CAAC,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,QAAQ,CAAC;wBACjD,CAAC,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,QAAQ,CAAC,EAAE,CAAC;wBAE3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACpB,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAE5B,0CAA0C;4BAC1C,IAAI,WAAW,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gCACvE,6FAA6F;gCAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCACD,oBAAoB;gCAEpB,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,WAAW;oCACjB,SAAS,EAAE,wBAAwB;oCACnC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,oCAAoC;oBACpC,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;wBACvD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;4BACrB,MAAM,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;4BAE9B,IAAI,aAAa,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gCAC3E,6FAA6F;gCAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCACD,oBAAoB;gCAEpB,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,aAAa;oCACnB,SAAS,EAAE,qBAAqB;oCAChC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,uCAAuC;gBACvC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAChE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC5B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;wBACrB,MAAM,aAAa,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAE9B,IAAI,aAAa,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC3E,6FAA6F;4BAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;gCACxC,OAAO;4BACT,CAAC;4BACD,oBAAoB;4BAEpB,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI,EAAE,aAAa;gCACnB,SAAS,EAAE,0BAA0B;gCACrC,IAAI,EAAE;oCACJ,QAAQ,EAAE,QAAQ;oCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;iCACxC;6BACF,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,eAAe,CAAC,IAA8B;gBAC5C,gDAAgD;gBAChD,IAAI,OAAO,GAA8B,IAAI,CAAC;gBAC9C,IAAI,oBAAoB,GAAG,KAAK,CAAC;gBAEjC,OAAO,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAC;oBACxC,IAAI,OAAO,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;wBAC9C,2DAA2D;wBAC3D,IAAI,OAAO,CAAC,MAAM,EAAE,IAAI,KAAK,cAAc;4BACvC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe;4BAC5C,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;4BAC3D,oBAAoB,GAAG,IAAI,CAAC;4BAC5B,MAAM;wBACR,CAAC;oBACH,CAAC;yBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;wBACnD,iCAAiC;wBACjC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;wBAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BAChC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;4BACvC,oBAAoB,GAAG,IAAI,CAAC;4BAC5B,MAAM;wBACR,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;gBAC5C,CAAC;gBAED,IAAI,oBAAoB,EAAE,CAAC;oBACzB,wCAAwC;oBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAyB,EAAE,EAAE,CACvE,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtD,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;4BAChC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;4BACjC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAChC,CAAC;oBAEF,IAAI,YAAY,EAAE,CAAC;wBACjB,6FAA6F;wBAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBACD,oBAAoB;wBAEpB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,mBAAmB;4BAC9B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;gCACvC,QAAQ,EAAE,MAAM;gCAChB,eAAe,EAAE,0CAA0C;6BAC5D;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-disabled-certificate-validation/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Prevent disabled SSL/TLS certificate validation
+ */
+export interface Options {
+}
+export declare const noDisabledCertificateValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-disabled-certificate-validation/index.js ADDED Viewed

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * @fileoverview Prevent disabled SSL/TLS certificate validation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDisabledCertificateValidation = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noDisabledCertificateValidation = (0, eslint_devkit_1.createRule)({
+    name: 'no-disabled-certificate-validation',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent disabled SSL/TLS certificate validation',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Disabled Certificate Validation',
+                cwe: 'CWE-295',
+                description: 'SSL/TLS certificate validation is disabled - man-in-the-middle attack possible',
+                severity: 'CRITICAL',
+                fix: 'Remove rejectUnauthorized: false or verify: false, fix certificate issues properly',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/295.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        const dangerousProperties = ['rejectUnauthorized', 'strictSSL', 'verify'];
+        return {
+            Property(node) {
+                // Check for dangerous SSL options set to false
+                if (node.key.type === 'Identifier' &&
+                    dangerousProperties.includes(node.key.name) &&
+                    node.value.type === 'Literal' &&
+                    node.value.value === false) {
+                    report(node);
+                }
+            },
+            AssignmentExpression(node) {
+                // Check for NODE_TLS_REJECT_UNAUTHORIZED = '0'
+                if (node.left.type === 'MemberExpression' &&
+                    node.left.object.type === 'MemberExpression' &&
+                    node.left.object.object.type === 'Identifier' &&
+                    node.left.object.object.name === 'process' &&
+                    node.left.object.property.type === 'Identifier' &&
+                    node.left.object.property.name === 'env' &&
+                    node.left.property.type === 'Identifier' &&
+                    node.left.property.name === 'NODE_TLS_REJECT_UNAUTHORIZED') {
+                    if (node.right.type === 'Literal' && node.right.value === '0') {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-disabled-certificate-validation/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-disabled-certificate-validation/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,+BAA+B,GAAG,IAAA,0BAAU,EAA0B;IACjF,IAAI,EAAE,oCAAoC;IAC1C,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,iDAAiD;SAC/D;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iCAAiC;gBAC5C,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,gFAAgF;gBAC7F,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,oFAAoF;gBACzF,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,mBAAmB,GAAG,CAAC,oBAAoB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAE1E,OAAO;YACL,QAAQ,CAAC,IAAuB;gBAC9B,+CAA+C;gBAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oBAC9B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC3C,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;oBAC7B,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;oBAC/B,MAAM,CAAC,IAAI,CAAC,CAAC;gBACf,CAAC;YACH,CAAC;YAED,oBAAoB,CAAC,IAAmC;gBACtD,+CAA+C;gBAC/C,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;oBACrC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAC5C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAC1C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAC/C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK;oBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,8BAA8B,EAAE,CAAC;oBAE/D,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,GAAG,EAAE,CAAC;wBAC9D,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/{security/no-document-cookie.js → no-document-cookie/index.js} RENAMED Viewed

@@ -87,4 +87,4 @@ exports.noDocumentCookie = (0, eslint_devkit_1.createRule)({
         };
     },
 });
-//# sourceMappingURL=no-document-cookie.js.map
+//# sourceMappingURL=index.js.map

package/src/rules/no-document-cookie/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-document-cookie/index.ts"],"names":[],"mappings":";;;AAKA,4DAAsD;AACtD,4DAA0E;AAW7D,QAAA,gBAAgB,GAAG,IAAA,0BAAU,EAA0B;IAClE,IAAI,EAAE,oBAAoB;IAC1B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,4FAA4F;SAC1G;QACD,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE;YACR,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,kGAAkG;aACtH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,IAAI;qBACd;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;IAExC,MAAM,CAAC,OAAsD;QAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;QAClC,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;QAE9C,SAAS,sBAAsB,CAAC,IAA+B;YAC7D,6CAA6C;YAC7C,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU;gBAC/B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC;oBACxE,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,oBAAoB,CAAC,IAA+B;YAC3D,oDAAoD;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,0BAA0B;YAC1B,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACpE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2CAA2C;YAC3C,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB;gBACvC,MAAM,CAAC,QAAQ;gBACf,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7B,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACzB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2FAA2F;YAC3F,IAAI,MAAM,EAAE,IAAI,KAAK,oBAAoB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO;YACL,gBAAgB,CAAC,IAA+B;gBAC9C,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjC,MAAM,WAAW,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;oBAE/C,iDAAiD;oBACjD,4CAA4C;oBAC5C,IAAI,YAAY,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjC,OAAO,CAAC,uCAAuC;oBACjD,CAAC;oBAED,6BAA6B;oBAC7B,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,kBAAkB;wBAC7B,IAAI,EAAE;4BACJ,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc;yBAC1D;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-dynamic-dependency-loading/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Prevent dynamic dependency injection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/494.html
+ */
+export interface Options {
+}
+export declare const noDynamicDependencyLoading: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-dynamic-dependency-loading/index.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+/**
+ * @fileoverview Prevent dynamic dependency injection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/494.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noDynamicDependencyLoading = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noDynamicDependencyLoading = (0, eslint_devkit_1.createRule)({
+    name: 'no-dynamic-dependency-loading',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Prevent runtime dependency injection with dynamic paths',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M2'],
+            cweIds: ['CWE-494'],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-1104',
+                description: 'Dynamic import/require detected - use static imports for security',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1104.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                // Dynamic require
+                if (node.callee.name === 'require' && node.arguments[0]?.type !== 'Literal') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+            ImportExpression(node) {
+                // Dynamic import()
+                if (node.source.type !== 'Literal') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-dynamic-dependency-loading/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-dynamic-dependency-loading/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,0BAA0B,GAAG,IAAA,0BAAU,EAA0B;IAC5E,IAAI,EAAE,+BAA+B;IACrC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,yDAAyD;YACtE,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,UAAU;gBACf,WAAW,EAAE,mEAAmE;gBAChF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,kDAAkD;aACtE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,kBAAkB;gBAClB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;oBAC5E,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAED,gBAAgB,CAAC,IAA+B;gBAC9C,mBAAmB;gBACnB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBACnC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACH,CAAC;IACH,CAAC;CACF,CAAC,CAAC"}

package/src/rules/{security/no-electron-security-issues.js → no-electron-security-issues/index.js} RENAMED Viewed

@@ -281,10 +281,11 @@ exports.noElectronSecurityIssues = (0, eslint_devkit_1.createRule)({
                 const channel = channelArg.value;
                 // Check if channel is allowed
                 if (allowedIpcChannels.length > 0 && !allowedIpcChannels.includes(channel)) {
-                    // FALSE POSITIVE REDUCTION
+                    /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                     if (safetyChecker.isSafe(node, context)) {
                         return;
                     }
+                    /* c8 ignore stop */
                     context.report({
                         node: channelArg,
                         messageId: 'insecureIpcPattern',
@@ -350,10 +351,11 @@ exports.noElectronSecurityIssues = (0, eslint_devkit_1.createRule)({
                     }
                     // Check for Node.js API usage in renderer files
                     if (isRendererFile() && isNodeApiCall(node)) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node,
                             messageId: 'directNodeAccess',
@@ -382,10 +384,11 @@ exports.noElectronSecurityIssues = (0, eslint_devkit_1.createRule)({
                             if (preloadPath.includes('node_modules') ||
                                 preloadPath.includes('http') ||
                                 preloadPath.includes('remote')) {
-                                // FALSE POSITIVE REDUCTION
+                                /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                                 if (safetyChecker.isSafe(node, context)) {
                                     return;
                                 }
+                                /* c8 ignore stop */
                                 context.report({
                                     node: node.right,
                                     messageId: 'unsafePreloadScript',
@@ -418,4 +421,4 @@ exports.noElectronSecurityIssues = (0, eslint_devkit_1.createRule)({
         };
     },
 });
-//# sourceMappingURL=no-electron-security-issues.js.map
+//# sourceMappingURL=index.js.map

package/src/rules/no-electron-security-issues/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-electron-security-issues/index.ts"],"names":[],"mappings":";;;AAgBA,4DAAsD;AACtD,4DAA0E;AAC1E,4DAGkC;AAgCrB,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,uEAAuE;SACrF;QACD,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,qBAAqB,EAAE,IAAA,gCAAgB,EAAC;gBACtC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,yBAAyB;gBACpC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,cAAc;gBACxB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2DAA2D;gBACxE,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,qGAAqG;aACzH,CAAC;YACF,wBAAwB,EAAE,IAAA,gCAAgB,EAAC;gBACzC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,4BAA4B;gBACvC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,qDAAqD;gBAClE,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4DAA4D;gBACzE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,0BAA0B;gBAC/B,iBAAiB,EAAE,kFAAkF;aACtG,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,kDAAkD;gBAC/D,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,wCAAwC;gBAC7C,iBAAiB,EAAE,4EAA4E;aAChG,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0CAA0C;gBACvD,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qCAAqC;gBAC1C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,sDAAsD;gBAC3D,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,2CAA2C;gBACxD,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,iGAAiG;aACrH,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,iBAAiB;gBAC5B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,6BAA6B;gBAC1C,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,sCAAsC;gBAC3C,iBAAiB,EAAE,8CAA8C;aAClE,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,wBAAwB;gBACnC,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,6FAA6F;aACjH,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,+CAA+C;aACnE,CAAC;YACF,yBAAyB,EAAE,IAAA,gCAAgB,EAAC;gBAC1C,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,8DAA8D;gBACnE,iBAAiB,EAAE,+DAA+D;aACnF,CAAC;YACF,uBAAuB,EAAE,IAAA,gCAAgB,EAAC;gBACxC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,2BAA2B;gBACtC,WAAW,EAAE,8CAA8C;gBAC3D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,iGAAiG;aACrH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,wCAAwC;qBACtD;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,eAAe,EAAE,aAAa,CAAC;qBAC1C;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;qBACZ;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,+CAA+C;qBAC7D;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,0DAA0D;qBACxE;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,UAAU,EAAE,KAAK;YACjB,mBAAmB,EAAE,CAAC,eAAe,EAAE,aAAa,CAAC;YACrD,kBAAkB,EAAE,EAAE;YACtB,iBAAiB,EAAE,EAAE;YACrB,kBAAkB,EAAE,EAAE;YACtB,UAAU,EAAE,KAAK;SAClB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,kBAAkB,GAAG,EAAE,EACvB,iBAAiB,GAAG,EAAE,EACtB,kBAAkB,GAAG,EAAE,EACvB,UAAU,GAAG,KAAK,GACnB,GAAY,OAAO,CAAC;QACrB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAE3D,qDAAqD;QACrD,MAAM,aAAa,GAAG,IAAA,mCAAmB,EAAC;YACxC,iBAAiB;YACjB,kBAAkB;YAClB,kBAAkB,EAAE,EAAE;YACtB,UAAU;SACX,CAAC,CAAC;QAEH;;WAEG;QACH,MAAM,uBAAuB,GAAG,CAAC,IAA4B,EAAW,EAAE;YACxE,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,eAAe,CAAC;QAC9C,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,WAAsC,EAAQ,EAAE;YACjF,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;gBAC1C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU;oBACxB,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;oBAC1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;oBAEzB,qCAAqC;oBACrC,IAAI,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,aAAa,EAAE,6BAA6B,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBACnH,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;4BAC7B,MAAM,UAAU,GAAG,CACjB,CAAC,GAAG,KAAK,iBAAiB,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;gCACnD,CAAC,GAAG,KAAK,kBAAkB,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC;gCACrD,CAAC,GAAG,KAAK,aAAa,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC;gCAChD,CAAC,GAAG,KAAK,6BAA6B,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;gCAC/D,CAAC,GAAG,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,CAC7C,CAAC;4BAEF,IAAI,UAAU,EAAE,CAAC;gCACf,2BAA2B;gCAC3B,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,SAAS;gCACX,CAAC;gCAED,MAAM,SAAS,GAAG,CAChB,GAAG,KAAK,iBAAiB,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;oCACtD,GAAG,KAAK,kBAAkB,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC;wCACzD,GAAG,KAAK,aAAa,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC;4CAC/C,GAAG,KAAK,6BAA6B,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC;gDAClE,gBAAgB,CACjB,CAAC;gCAEN,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,IAAI;oCACV,SAAS;oCACT,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,SAAS,GAAG,CAAC,IAA6B,EAAW,EAAE;YAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACnC,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;gBACvD,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC1C,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnF,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,YAAY,GAAG,CAAC,IAA6B,EAAQ,EAAE;YAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC1E,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC;gBAEjC,8BAA8B;gBAC9B,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3E,6FAA6F;oBAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;wBACxC,OAAO;oBACT,CAAC;oBACD,oBAAoB;oBAEpB,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI,EAAE,UAAU;wBAChB,SAAS,EAAE,oBAAoB;wBAC/B,IAAI,EAAE;4BACJ,QAAQ,EAAE,QAAQ;4BAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;yBACxC;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,GAAY,EAAE;YACnC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC5B,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvB,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,aAAa,GAAG,CAAC,IAA6B,EAAW,EAAE;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAE3B,0DAA0D;YAC1D,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9D,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,GAAG,EAAE,IAAI,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC;oBAC7B,OAAO,CAAC,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC/F,CAAC;YACH,CAAC;YAED,mCAAmC;YACnC,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACnC,CAAC,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,OAAO;YACL,+BAA+B;YAC/B,aAAa,CAAC,IAA4B;gBACxC,IAAI,CAAC;oBACH,IAAI,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;wBAClC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;wBAC5B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BAC5D,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;wBACrC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kBAAkB;YAClB,cAAc,CAAC,IAA6B;gBAC1C,IAAI,CAAC;oBACH,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;wBACpB,YAAY,CAAC,IAAI,CAAC,CAAC;oBACrB,CAAC;oBAED,gDAAgD;oBAChD,IAAI,cAAc,EAAE,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC9C,6FAA6F;wBAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;4BACxC,OAAO;wBACT,CAAC;wBACD,oBAAoB;wBAEpB,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,kBAAkB;4BAC7B,IAAI,EAAE;gCACJ,QAAQ,EAAE,QAAQ;gCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;6BACxC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACD,CAAC;gBAAC,MAAM,CAAC;oBACP,+CAA+C;oBAC/C,OAAO;gBACT,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,oBAAoB,CAAC,IAAmC;gBACtD,IAAI,CAAC;oBACH,sCAAsC;oBACtC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;wBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;wBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAE1C,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;4BAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC;4BAErC,gDAAgD;4BAChD,IAAI,WAAW,CAAC,QAAQ,CAAC,cAAc,CAAC;gCACpC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;gCAC5B,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gCACnC,6FAA6F;gCAC7F,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oCACxC,OAAO;gCACT,CAAC;gCACD,oBAAoB;gCAEpB,OAAO,CAAC,MAAM,CAAC;oCACb,IAAI,EAAE,IAAI,CAAC,KAAK;oCAChB,SAAS,EAAE,qBAAqB;oCAChC,IAAI,EAAE;wCACJ,QAAQ,EAAE,QAAQ;wCAClB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;qCACxC;iCACF,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;YAED,6CAA6C;YAC7C,QAAQ,CAAC,IAAuB;gBAC9B,IAAI,CAAC;oBACH,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACzE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;4BAC3C,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;wBACxC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/no-exposed-debug-endpoints/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Detect debug endpoints without auth
+ */
+export interface Options {
+}
+export declare const noExposedDebugEndpoints: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-exposed-debug-endpoints/index.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+/**
+ * @fileoverview Detect debug endpoints without auth
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.noExposedDebugEndpoints = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.noExposedDebugEndpoints = (0, eslint_devkit_1.createRule)({
+    name: 'no-exposed-debug-endpoints',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Detect debug endpoints without auth',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Exposed Debug Endpoint',
+                cwe: 'CWE-489',
+                description: 'Debug endpoint exposed without authentication',
+                severity: 'HIGH',
+                fix: 'Remove debug endpoints from production or add authentication',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/489.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        const debugPaths = ['/debug', '/__debug__', '/admin', '/_admin', '/test', '/health'];
+        return {
+            CallExpression(node) {
+                // Detect app.get('/debug', handler)
+                if (node.callee.type === 'MemberExpression' &&
+                    node.callee.object.type === 'Identifier' &&
+                    ['app', 'router', 'express'].includes(node.callee.object.name) &&
+                    node.callee.property.type === 'Identifier' &&
+                    ['get', 'post', 'use'].includes(node.callee.property.name)) {
+                    const pathArg = node.arguments[0];
+                    if (pathArg && pathArg.type === 'Literal' && typeof pathArg.value === 'string') {
+                        const path = pathArg.value.toLowerCase();
+                        if (debugPaths.some(dp => path.includes(dp))) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+            Literal(node) {
+                // Flag debug path strings in general
+                if (typeof node.value === 'string') {
+                    const path = node.value.toLowerCase();
+                    if (debugPaths.some(dp => path === dp)) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});
+//# sourceMappingURL=index.js.map

package/src/rules/no-exposed-debug-endpoints/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-exposed-debug-endpoints/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,uBAAuB,GAAG,IAAA,0BAAU,EAA0B;IACzE,IAAI,EAAE,4BAA4B;IAClC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,qCAAqC;SACnD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,8DAA8D;gBACnE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAErF,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,oCAAoC;gBACpC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;oBAC9D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAC1C,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAE/D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBAClC,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBAC/E,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;wBACzC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;4BAC7C,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAsB;gBAC5B,qCAAqC;gBACrC,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;oBACtC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,EAAE,CAAC;wBACvC,MAAM,CAAC,IAAI,CAAC,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/{security/no-exposed-sensitive-data.js → no-exposed-sensitive-data/index.js} RENAMED Viewed

@@ -338,4 +338,4 @@ exports.noExposedSensitiveData = (0, eslint_devkit_2.createRule)({
         };
     },
 });
-//# sourceMappingURL=no-exposed-sensitive-data.js.map
+//# sourceMappingURL=index.js.map

package/src/rules/no-exposed-sensitive-data/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-exposed-sensitive-data/index.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAoBtD;;GAEG;AACH,MAAM,0BAA0B,GAAG;IACjC,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,UAAU;IACV,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,YAAY;IACZ,aAAa;IACb,aAAa;IACb,cAAc;IACd,cAAc;IACd,eAAe;IACf,WAAW;IACX,YAAY;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,KAAK;IACL,SAAS;IACT,OAAO;IACP,OAAO;IACP,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,UAAU;IACV,MAAM;IACN,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,uBAAuB,GAAG;IAC9B,4BAA4B;IAC5B,GAAG,EAAE,uBAAuB;IAE5B,qEAAqE;IACrE,UAAU,EAAE,+BAA+B;IAE3C,+BAA+B;IAC/B,cAAc,EAAE,mEAAmE;CACpF,CAAC;AAEF;;GAEG;AACH,SAAS,qBAAqB,CAC5B,KAAa,EACb,iBAA2B;IAE3B,wBAAwB;IACxB,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC;IAC7D,CAAC;IAED,gCAAgC;IAChC,IAAI,uBAAuB,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC;IACrE,CAAC;IAED,2DAA2D;IAC3D,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACvC,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,6EAA6E;YAC7E,IACE,+FAA+F,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC3G,oDAAoD,CAAC,IAAI,CAAC,KAAK,CAAC,EAChE,CAAC;gBACD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,2BAA2B,OAAO,EAAE,EAAE,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,QAAkB;IAC5D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAmB,EACnB,UAA+B,EAC/B,eAAyB;IAEzB,4CAA4C;IAC5C,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,SAAS,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAC3F,GAAG,CACJ,CAAC;IAEF,IAAI,OAAO,GAAyB,IAAI,CAAC;IAEzC,uCAAuC;IACvC,OAAO,OAAO,IAAI,QAAQ,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACxD,OAAO,GAAG,OAAO,CAAC,MAAuB,CAAC;QAE1C,IAAI,OAAO,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,OAAkC,CAAC;YACpD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAE7C,sCAAsC;YACtC,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAChD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;gBACnC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACzF,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;oBAExD,iCAAiC;oBACjC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;wBACvG,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,2CAA2C;YAC3C,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACxC,mDAAmD;YACnD,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,MAAiC,CAAC;gBAC7D,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAChD,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAChC,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEY,QAAA,sBAAsB,GAAG,IAAA,0BAAU,EAA0B;IACxE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,iFAAiF;SAC/F;QACD,cAAc,EAAE,IAAI;QACpB,QAAQ,EAAE;YACR,oBAAoB,EAAE,IAAA,gCAAgB,EAAC;gBACrC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wBAAwB;gBACnC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,2DAA2D;gBAChE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,YAAY,EAAE;wBACZ,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oCAAoC;qBAClD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,mCAAmC;qBACjD;oBACD,eAAe,EAAE;wBACf,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,mCAAmC;qBACjD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,YAAY,EAAE,KAAK;YACnB,iBAAiB,EAAE,EAAE;YACrB,eAAe,EAAE,EAAE;YACnB,cAAc,EAAE,EAAE;SACnB;KACF;IACD,MAAM,CACJ,OAAsD,EACtD,CAAC,OAAO,GAAG,EAAE,CAAC;QAEd,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,iBAAiB,EACjB,eAAe,EACf,cAAc,GAAG,EAAE,GACpB,GAAG,OAAkB,CAAC;QAEvB,MAAM,eAAe,GAAG,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC;YACvE,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC,0BAA0B,CAAC;QAE/B,MAAM,sBAAsB,GAAG,eAAe,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC;YAC1E,CAAC,CAAC,eAAe;YACjB,CAAC,CAAC,wBAAwB,CAAC;QAE7B,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,YAAY,IAAI,iCAAiC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;QAE5D,SAAS,YAAY,CAAC,IAAsB;YAC1C,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;YACzB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAE5E,IAAI,WAAW,EAAE,CAAC;gBAChB,uEAAuE;gBACvE,gCAAgC;gBAChC,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;gBACzD,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,sBAAsB;oBACjC,IAAI,EAAE;wBACJ,KAAK,EAAE,GAAG,IAAI,4BAA4B;wBAC1C,eAAe,EAAE,oIAAoI;qBACtJ;oBACD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;wBACxB,OAAO,EAAE;4BACP;gCACE,SAAS,EAAE,cAAc;gCACzB,GAAG,CAAC,KAAyB;oCAC3B,iDAAiD;oCACjD,OAAO,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;gCACrD,CAAC;6BACF;yBACF;qBACF,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,SAAS,eAAe,CAAC,IAAyB;YAChD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,uDAAuD;YACvD,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAC9C,kDAAkD;oBAClD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;wBAChB,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBACnD,4CAA4C;wBAC5C,MAAM,mBAAmB,GAAG,IAAI,MAAM,CACpC,SAAS,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAClG,GAAG,CACJ,CAAC;wBACF,IAAI,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;4BACzC,4CAA4C;4BAC5C,MAAM,kBAAkB,GAAG,IAAI,CAAC;4BAChC,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,sBAAsB;gCACjC,IAAI,EAAE;oCACJ,KAAK,EAAE,uBAAuB,IAAI,6BAA6B;oCAC/D,eAAe,EAAE,4FAA4F,kBAAkB,UAAU,kBAAkB,KAAK;iCACjK;gCACD,iEAAiE;6BAClE,CAAC,CAAC;4BACH,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,SAAS,qBAAqB,CAAC,IAA+B;YAC5D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAEtC,yCAAyC;YACzC,IAAI,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,UAAU,EAAE,sBAAsB,CAAC,EAAE,CAAC;gBAClE,OAAO;YACT,CAAC;YAED,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACxC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtD,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;oBACtC,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;wBAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC;wBACnF,OAAO,CAAC,MAAM,CAAC;4BACb,IAAI;4BACJ,SAAS,EAAE,sBAAsB;4BACjC,IAAI,EAAE;gCACJ,KAAK,EAAE,uBAAuB,IAAI,CAAC,QAAQ,CAAC,IAAI,6BAA6B;gCAC7E,eAAe,EAAE,4FAA4F,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK;6BAC1K;4BACD,qEAAqE;yBACtE,CAAC,CAAC;wBACL,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,YAAY;YACrB,UAAU,EAAE,eAAe;YAC3B,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}

package/src/rules/{security/no-format-string-injection.js → no-format-string-injection/index.js} RENAMED Viewed

@@ -340,10 +340,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                     (formatArg.type === 'Identifier' && dangerousVariables.has(formatArg.name)) ||
                     (formatArg.type === 'BinaryExpression' && hasUserInputInExpression(formatArg));
                 if (isFormatFromUserInput && !isConsoleMethod(node)) {
-                    // FALSE POSITIVE REDUCTION
+                    /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                     if (safetyChecker.isSafe(node, context)) {
                         return;
                     }
+                    /* c8 ignore stop */
                     context.report({
                         node: formatArg,
                         messageId: 'userControlledFormatString',
@@ -358,10 +359,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                 if (formatArg.type === 'TemplateLiteral') {
                     const hasUserInput = formatArg.expressions.some((expr) => isUserInputNode(expr));
                     if (hasUserInput) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node: formatArg,
                             messageId: 'formatStringInjection',
@@ -378,10 +380,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                 else if (formatArg.type === 'BinaryExpression' && formatArg.operator === '+') {
                     const hasUserInput = hasUserInputInExpression(formatArg);
                     if (hasUserInput) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node: formatArg,
                             messageId: 'formatStringInjection',
@@ -431,10 +434,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                         // Don't report
                     }
                     else if (hasSpecifiersInFormat && hasUserInputInArgs) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         // Choose message ID based on format string type
                         const messageId = firstArg.type === 'Literal' ? 'unsafeFormatSpecifier' : 'missingFormatValidation';
                         context.report({
@@ -519,10 +523,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                     current = current.parent;
                 }
                 if (isInDangerousContext && containsFormatSpecifiers(text)) {
-                    // FALSE POSITIVE REDUCTION
+                    /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                     if (safetyChecker.isSafe(node, context)) {
                         return;
                     }
+                    /* c8 ignore stop */
                     context.report({
                         node,
                         messageId: 'missingFormatValidation',
@@ -567,10 +572,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                         current = current.parent;
                     }
                     if (isAssignedToVariable) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node,
                             messageId: 'formatStringInjection',
@@ -609,10 +615,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                     const hasSpecifiers = node.init.quasis.some((quasi) => containsFormatSpecifiers(quasi.value.raw));
                     const hasUserInput = node.init.expressions.some((expr) => isUserInputNode(expr));
                     if (hasSpecifiers && hasUserInput) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node: node.init,
                             messageId: 'formatStringInjection',
@@ -630,10 +637,11 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
                     const hasSpecifiers = containsFormatSpecifiersInExpression(node.init);
                     const hasUserInput = hasUserInputInExpression(node.init);
                     if (hasSpecifiers && hasUserInput) {
-                        // FALSE POSITIVE REDUCTION
+                        /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
                         if (safetyChecker.isSafe(node, context)) {
                             return;
                         }
+                        /* c8 ignore stop */
                         context.report({
                             node: node.init,
                             messageId: 'formatStringInjection',
@@ -650,4 +658,4 @@ exports.noFormatStringInjection = (0, eslint_devkit_1.createRule)({
         };
     },
 });
-//# sourceMappingURL=no-format-string-injection.js.map
+//# sourceMappingURL=index.js.map