eslint-plugin-secure-coding 2.2.0 → 2.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (318) hide show
  1. package/README.md +91 -12
  2. package/package.json +10 -4
  3. package/src/index.d.ts +1 -1
  4. package/src/index.js +223 -48
  5. package/src/index.js.map +1 -1
  6. package/src/rules/{security/database-injection.js → database-injection/index.js} +1 -1
  7. package/src/rules/database-injection/index.js.map +1 -0
  8. package/src/rules/{security/detect-child-process.js → detect-child-process/index.js} +1 -1
  9. package/src/rules/detect-child-process/index.js.map +1 -0
  10. package/src/rules/{security/detect-eval-with-expression.js → detect-eval-with-expression/index.js} +1 -1
  11. package/src/rules/detect-eval-with-expression/index.js.map +1 -0
  12. package/src/rules/detect-mixed-content/index.d.ts +8 -0
  13. package/src/rules/detect-mixed-content/index.js +45 -0
  14. package/src/rules/detect-mixed-content/index.js.map +1 -0
  15. package/src/rules/{security/detect-non-literal-fs-filename.js → detect-non-literal-fs-filename/index.js} +1 -1
  16. package/src/rules/detect-non-literal-fs-filename/index.js.map +1 -0
  17. package/src/rules/{security/detect-non-literal-regexp.js → detect-non-literal-regexp/index.js} +23 -6
  18. package/src/rules/detect-non-literal-regexp/index.js.map +1 -0
  19. package/src/rules/{security/detect-object-injection.js → detect-object-injection/index.js} +3 -1
  20. package/src/rules/detect-object-injection/index.js.map +1 -0
  21. package/src/rules/detect-suspicious-dependencies/index.d.ts +8 -0
  22. package/src/rules/detect-suspicious-dependencies/index.js +72 -0
  23. package/src/rules/detect-suspicious-dependencies/index.js.map +1 -0
  24. package/src/rules/detect-weak-password-validation/index.d.ts +6 -0
  25. package/src/rules/detect-weak-password-validation/index.js +59 -0
  26. package/src/rules/detect-weak-password-validation/index.js.map +1 -0
  27. package/src/rules/no-allow-arbitrary-loads/index.d.ts +8 -0
  28. package/src/rules/no-allow-arbitrary-loads/index.js +48 -0
  29. package/src/rules/no-allow-arbitrary-loads/index.js.map +1 -0
  30. package/src/rules/no-arbitrary-file-access/index.d.ts +6 -0
  31. package/src/rules/no-arbitrary-file-access/index.js +63 -0
  32. package/src/rules/no-arbitrary-file-access/index.js.map +1 -0
  33. package/src/rules/{security/no-buffer-overread.js → no-buffer-overread/index.js} +9 -5
  34. package/src/rules/no-buffer-overread/index.js.map +1 -0
  35. package/src/rules/{security/no-clickjacking.js → no-clickjacking/index.js} +23 -9
  36. package/src/rules/no-clickjacking/index.js.map +1 -0
  37. package/src/rules/no-client-side-auth-logic/index.d.ts +6 -0
  38. package/src/rules/no-client-side-auth-logic/index.js +70 -0
  39. package/src/rules/no-client-side-auth-logic/index.js.map +1 -0
  40. package/src/rules/no-credentials-in-query-params/index.d.ts +8 -0
  41. package/src/rules/no-credentials-in-query-params/index.js +58 -0
  42. package/src/rules/no-credentials-in-query-params/index.js.map +1 -0
  43. package/src/rules/no-credentials-in-storage-api/index.d.ts +6 -0
  44. package/src/rules/no-credentials-in-storage-api/index.js +55 -0
  45. package/src/rules/no-credentials-in-storage-api/index.js.map +1 -0
  46. package/src/rules/no-data-in-temp-storage/index.d.ts +6 -0
  47. package/src/rules/no-data-in-temp-storage/index.js +65 -0
  48. package/src/rules/no-data-in-temp-storage/index.js.map +1 -0
  49. package/src/rules/no-debug-code-in-production/index.d.ts +8 -0
  50. package/src/rules/no-debug-code-in-production/index.js +52 -0
  51. package/src/rules/no-debug-code-in-production/index.js.map +1 -0
  52. package/src/rules/{security/no-directive-injection.js → no-directive-injection/index.js} +17 -9
  53. package/src/rules/no-directive-injection/index.js.map +1 -0
  54. package/src/rules/no-disabled-certificate-validation/index.d.ts +6 -0
  55. package/src/rules/no-disabled-certificate-validation/index.js +62 -0
  56. package/src/rules/no-disabled-certificate-validation/index.js.map +1 -0
  57. package/src/rules/{security/no-document-cookie.js → no-document-cookie/index.js} +1 -1
  58. package/src/rules/no-document-cookie/index.js.map +1 -0
  59. package/src/rules/no-dynamic-dependency-loading/index.d.ts +8 -0
  60. package/src/rules/no-dynamic-dependency-loading/index.js +52 -0
  61. package/src/rules/no-dynamic-dependency-loading/index.js.map +1 -0
  62. package/src/rules/{security/no-electron-security-issues.js → no-electron-security-issues/index.js} +7 -4
  63. package/src/rules/no-electron-security-issues/index.js.map +1 -0
  64. package/src/rules/no-exposed-debug-endpoints/index.d.ts +6 -0
  65. package/src/rules/no-exposed-debug-endpoints/index.js +63 -0
  66. package/src/rules/no-exposed-debug-endpoints/index.js.map +1 -0
  67. package/src/rules/{security/no-exposed-sensitive-data.js → no-exposed-sensitive-data/index.js} +1 -1
  68. package/src/rules/no-exposed-sensitive-data/index.js.map +1 -0
  69. package/src/rules/{security/no-format-string-injection.js → no-format-string-injection/index.js} +17 -9
  70. package/src/rules/no-format-string-injection/index.js.map +1 -0
  71. package/src/rules/{security/no-graphql-injection.js → no-graphql-injection/index.js} +5 -3
  72. package/src/rules/no-graphql-injection/index.js.map +1 -0
  73. package/src/rules/{security/no-hardcoded-credentials.js → no-hardcoded-credentials/index.js} +1 -1
  74. package/src/rules/no-hardcoded-credentials/index.js.map +1 -0
  75. package/src/rules/no-hardcoded-session-tokens/index.d.ts +6 -0
  76. package/src/rules/no-hardcoded-session-tokens/index.js +60 -0
  77. package/src/rules/no-hardcoded-session-tokens/index.js.map +1 -0
  78. package/src/rules/no-http-urls/index.d.ts +12 -0
  79. package/src/rules/no-http-urls/index.js +115 -0
  80. package/src/rules/no-http-urls/index.js.map +1 -0
  81. package/src/rules/{security/no-improper-sanitization.js → no-improper-sanitization/index.js} +9 -5
  82. package/src/rules/no-improper-sanitization/index.js.map +1 -0
  83. package/src/rules/{security/no-improper-type-validation.js → no-improper-type-validation/index.js} +11 -6
  84. package/src/rules/no-improper-type-validation/index.js.map +1 -0
  85. package/src/rules/{security/no-insecure-comparison.js → no-insecure-comparison/index.js} +1 -1
  86. package/src/rules/no-insecure-comparison/index.js.map +1 -0
  87. package/src/rules/{security/no-insecure-cookie-settings.js → no-insecure-cookie-settings/index.js} +1 -1
  88. package/src/rules/no-insecure-cookie-settings/index.js.map +1 -0
  89. package/src/rules/{security/no-insecure-jwt.js → no-insecure-jwt/index.js} +3 -2
  90. package/src/rules/no-insecure-jwt/index.js.map +1 -0
  91. package/src/rules/{security/no-insecure-redirects.js → no-insecure-redirects/index.js} +3 -1
  92. package/src/rules/no-insecure-redirects/index.js.map +1 -0
  93. package/src/rules/no-insecure-websocket/index.d.ts +6 -0
  94. package/src/rules/no-insecure-websocket/index.js +62 -0
  95. package/src/rules/no-insecure-websocket/index.js.map +1 -0
  96. package/src/rules/{security/no-insufficient-postmessage-validation.js → no-insufficient-postmessage-validation/index.js} +7 -4
  97. package/src/rules/no-insufficient-postmessage-validation/index.js.map +1 -0
  98. package/src/rules/{security/no-insufficient-random.js → no-insufficient-random/index.js} +1 -1
  99. package/src/rules/no-insufficient-random/index.js.map +1 -0
  100. package/src/rules/{security/no-ldap-injection.js → no-ldap-injection/index.js} +15 -8
  101. package/src/rules/no-ldap-injection/index.js.map +1 -0
  102. package/src/rules/{security/no-missing-authentication.js → no-missing-authentication/index.js} +13 -1
  103. package/src/rules/no-missing-authentication/index.js.map +1 -0
  104. package/src/rules/{security/no-missing-cors-check.js → no-missing-cors-check/index.js} +1 -52
  105. package/src/rules/no-missing-cors-check/index.js.map +1 -0
  106. package/src/rules/{security/no-missing-csrf-protection.js → no-missing-csrf-protection/index.js} +1 -1
  107. package/src/rules/no-missing-csrf-protection/index.js.map +1 -0
  108. package/src/rules/{security/no-missing-security-headers.js → no-missing-security-headers/index.js} +1 -1
  109. package/src/rules/no-missing-security-headers/index.js.map +1 -0
  110. package/src/rules/no-password-in-url/index.d.ts +8 -0
  111. package/src/rules/no-password-in-url/index.js +56 -0
  112. package/src/rules/no-password-in-url/index.js.map +1 -0
  113. package/src/rules/no-permissive-cors/index.d.ts +8 -0
  114. package/src/rules/no-permissive-cors/index.js +65 -0
  115. package/src/rules/no-permissive-cors/index.js.map +1 -0
  116. package/src/rules/no-pii-in-logs/index.d.ts +8 -0
  117. package/src/rules/no-pii-in-logs/index.js +72 -0
  118. package/src/rules/no-pii-in-logs/index.js.map +1 -0
  119. package/src/rules/no-postmessage-origin-wildcard/index.d.ts +8 -0
  120. package/src/rules/no-postmessage-origin-wildcard/index.js +58 -0
  121. package/src/rules/no-postmessage-origin-wildcard/index.js.map +1 -0
  122. package/src/rules/{security/no-privilege-escalation.js → no-privilege-escalation/index.js} +3 -35
  123. package/src/rules/no-privilege-escalation/index.js.map +1 -0
  124. package/src/rules/{security/no-redos-vulnerable-regex.js → no-redos-vulnerable-regex/index.js} +1 -1
  125. package/src/rules/no-redos-vulnerable-regex/index.js.map +1 -0
  126. package/src/rules/{security/no-sensitive-data-exposure.js → no-sensitive-data-exposure/index.js} +1 -1
  127. package/src/rules/no-sensitive-data-exposure/index.js.map +1 -0
  128. package/src/rules/no-sensitive-data-in-analytics/index.d.ts +8 -0
  129. package/src/rules/no-sensitive-data-in-analytics/index.js +63 -0
  130. package/src/rules/no-sensitive-data-in-analytics/index.js.map +1 -0
  131. package/src/rules/no-sensitive-data-in-cache/index.d.ts +8 -0
  132. package/src/rules/no-sensitive-data-in-cache/index.js +53 -0
  133. package/src/rules/no-sensitive-data-in-cache/index.js.map +1 -0
  134. package/src/rules/{security/no-sql-injection.js → no-sql-injection/index.js} +5 -1
  135. package/src/rules/no-sql-injection/index.js.map +1 -0
  136. package/src/rules/{security/no-timing-attack.js → no-timing-attack/index.js} +1 -1
  137. package/src/rules/no-timing-attack/index.js.map +1 -0
  138. package/src/rules/{security/no-toctou-vulnerability.js → no-toctou-vulnerability/index.js} +1 -1
  139. package/src/rules/no-toctou-vulnerability/index.js.map +1 -0
  140. package/src/rules/no-tracking-without-consent/index.d.ts +6 -0
  141. package/src/rules/no-tracking-without-consent/index.js +68 -0
  142. package/src/rules/no-tracking-without-consent/index.js.map +1 -0
  143. package/src/rules/{security/no-unchecked-loop-condition.js → no-unchecked-loop-condition/index.js} +25 -13
  144. package/src/rules/no-unchecked-loop-condition/index.js.map +1 -0
  145. package/src/rules/no-unencrypted-local-storage/index.d.ts +8 -0
  146. package/src/rules/no-unencrypted-local-storage/index.js +63 -0
  147. package/src/rules/no-unencrypted-local-storage/index.js.map +1 -0
  148. package/src/rules/{security/no-unencrypted-transmission.js → no-unencrypted-transmission/index.js} +1 -1
  149. package/src/rules/no-unencrypted-transmission/index.js.map +1 -0
  150. package/src/rules/{security/no-unescaped-url-parameter.js → no-unescaped-url-parameter/index.js} +1 -1
  151. package/src/rules/no-unescaped-url-parameter/index.js.map +1 -0
  152. package/src/rules/{security/no-unlimited-resource-allocation.js → no-unlimited-resource-allocation/index.js} +29 -62
  153. package/src/rules/no-unlimited-resource-allocation/index.js.map +1 -0
  154. package/src/rules/{security/no-unsafe-deserialization.js → no-unsafe-deserialization/index.js} +3 -2
  155. package/src/rules/no-unsafe-deserialization/index.js.map +1 -0
  156. package/src/rules/{security/no-unsafe-dynamic-require.js → no-unsafe-dynamic-require/index.js} +1 -1
  157. package/src/rules/no-unsafe-dynamic-require/index.js.map +1 -0
  158. package/src/rules/{security/no-unsafe-regex-construction.js → no-unsafe-regex-construction/index.js} +1 -1
  159. package/src/rules/no-unsafe-regex-construction/index.js.map +1 -0
  160. package/src/rules/{security/no-unsanitized-html.js → no-unsanitized-html/index.js} +1 -45
  161. package/src/rules/no-unsanitized-html/index.js.map +1 -0
  162. package/src/rules/no-unvalidated-deeplinks/index.d.ts +6 -0
  163. package/src/rules/no-unvalidated-deeplinks/index.js +63 -0
  164. package/src/rules/no-unvalidated-deeplinks/index.js.map +1 -0
  165. package/src/rules/{security/no-unvalidated-user-input.js → no-unvalidated-user-input/index.js} +1 -1
  166. package/src/rules/no-unvalidated-user-input/index.js.map +1 -0
  167. package/src/rules/no-verbose-error-messages/index.d.ts +8 -0
  168. package/src/rules/no-verbose-error-messages/index.js +68 -0
  169. package/src/rules/no-verbose-error-messages/index.js.map +1 -0
  170. package/src/rules/{security/no-weak-crypto.js → no-weak-crypto/index.js} +1 -1
  171. package/src/rules/no-weak-crypto/index.js.map +1 -0
  172. package/src/rules/{security/no-weak-password-recovery.js → no-weak-password-recovery/index.js} +21 -8
  173. package/src/rules/no-weak-password-recovery/index.js.map +1 -0
  174. package/src/rules/{security/no-xpath-injection.js → no-xpath-injection/index.js} +3 -2
  175. package/src/rules/no-xpath-injection/index.js.map +1 -0
  176. package/src/rules/{security/no-xxe-injection.js → no-xxe-injection/index.js} +2 -5
  177. package/src/rules/no-xxe-injection/index.js.map +1 -0
  178. package/src/rules/{security/no-zip-slip.js → no-zip-slip/index.js} +1 -1
  179. package/src/rules/no-zip-slip/index.js.map +1 -0
  180. package/src/rules/require-backend-authorization/index.d.ts +6 -0
  181. package/src/rules/require-backend-authorization/index.js +61 -0
  182. package/src/rules/require-backend-authorization/index.js.map +1 -0
  183. package/src/rules/require-code-minification/index.d.ts +8 -0
  184. package/src/rules/require-code-minification/index.js +48 -0
  185. package/src/rules/require-code-minification/index.js.map +1 -0
  186. package/src/rules/require-csp-headers/index.d.ts +6 -0
  187. package/src/rules/require-csp-headers/index.js +65 -0
  188. package/src/rules/require-csp-headers/index.js.map +1 -0
  189. package/src/rules/require-data-minimization/index.d.ts +8 -0
  190. package/src/rules/require-data-minimization/index.js +54 -0
  191. package/src/rules/require-data-minimization/index.js.map +1 -0
  192. package/src/rules/require-dependency-integrity/index.d.ts +6 -0
  193. package/src/rules/require-dependency-integrity/index.js +65 -0
  194. package/src/rules/require-dependency-integrity/index.js.map +1 -0
  195. package/src/rules/require-https-only/index.d.ts +8 -0
  196. package/src/rules/require-https-only/index.js +64 -0
  197. package/src/rules/require-https-only/index.js.map +1 -0
  198. package/src/rules/require-mime-type-validation/index.d.ts +6 -0
  199. package/src/rules/require-mime-type-validation/index.js +67 -0
  200. package/src/rules/require-mime-type-validation/index.js.map +1 -0
  201. package/src/rules/require-network-timeout/index.d.ts +8 -0
  202. package/src/rules/require-network-timeout/index.js +51 -0
  203. package/src/rules/require-network-timeout/index.js.map +1 -0
  204. package/src/rules/require-package-lock/index.d.ts +8 -0
  205. package/src/rules/require-package-lock/index.js +64 -0
  206. package/src/rules/require-package-lock/index.js.map +1 -0
  207. package/src/rules/require-secure-credential-storage/index.d.ts +8 -0
  208. package/src/rules/require-secure-credential-storage/index.js +51 -0
  209. package/src/rules/require-secure-credential-storage/index.js.map +1 -0
  210. package/src/rules/require-secure-defaults/index.d.ts +8 -0
  211. package/src/rules/require-secure-defaults/index.js +48 -0
  212. package/src/rules/require-secure-defaults/index.js.map +1 -0
  213. package/src/rules/require-secure-deletion/index.d.ts +8 -0
  214. package/src/rules/require-secure-deletion/index.js +45 -0
  215. package/src/rules/require-secure-deletion/index.js.map +1 -0
  216. package/src/rules/require-storage-encryption/index.d.ts +8 -0
  217. package/src/rules/require-storage-encryption/index.js +51 -0
  218. package/src/rules/require-storage-encryption/index.js.map +1 -0
  219. package/src/rules/require-url-validation/index.d.ts +6 -0
  220. package/src/rules/require-url-validation/index.js +73 -0
  221. package/src/rules/require-url-validation/index.js.map +1 -0
  222. package/src/types/index.d.ts +48 -48
  223. package/src/rules/security/database-injection.js.map +0 -1
  224. package/src/rules/security/detect-child-process.js.map +0 -1
  225. package/src/rules/security/detect-eval-with-expression.js.map +0 -1
  226. package/src/rules/security/detect-non-literal-fs-filename.js.map +0 -1
  227. package/src/rules/security/detect-non-literal-regexp.js.map +0 -1
  228. package/src/rules/security/detect-object-injection.js.map +0 -1
  229. package/src/rules/security/no-buffer-overread.js.map +0 -1
  230. package/src/rules/security/no-clickjacking.js.map +0 -1
  231. package/src/rules/security/no-directive-injection.js.map +0 -1
  232. package/src/rules/security/no-document-cookie.js.map +0 -1
  233. package/src/rules/security/no-electron-security-issues.js.map +0 -1
  234. package/src/rules/security/no-exposed-sensitive-data.js.map +0 -1
  235. package/src/rules/security/no-format-string-injection.js.map +0 -1
  236. package/src/rules/security/no-graphql-injection.js.map +0 -1
  237. package/src/rules/security/no-hardcoded-credentials.js.map +0 -1
  238. package/src/rules/security/no-improper-sanitization.js.map +0 -1
  239. package/src/rules/security/no-improper-type-validation.js.map +0 -1
  240. package/src/rules/security/no-insecure-comparison.js.map +0 -1
  241. package/src/rules/security/no-insecure-cookie-settings.js.map +0 -1
  242. package/src/rules/security/no-insecure-jwt.js.map +0 -1
  243. package/src/rules/security/no-insecure-redirects.js.map +0 -1
  244. package/src/rules/security/no-insufficient-postmessage-validation.js.map +0 -1
  245. package/src/rules/security/no-insufficient-random.js.map +0 -1
  246. package/src/rules/security/no-ldap-injection.js.map +0 -1
  247. package/src/rules/security/no-missing-authentication.js.map +0 -1
  248. package/src/rules/security/no-missing-cors-check.js.map +0 -1
  249. package/src/rules/security/no-missing-csrf-protection.js.map +0 -1
  250. package/src/rules/security/no-missing-security-headers.js.map +0 -1
  251. package/src/rules/security/no-privilege-escalation.js.map +0 -1
  252. package/src/rules/security/no-redos-vulnerable-regex.js.map +0 -1
  253. package/src/rules/security/no-sensitive-data-exposure.js.map +0 -1
  254. package/src/rules/security/no-sql-injection.js.map +0 -1
  255. package/src/rules/security/no-timing-attack.js.map +0 -1
  256. package/src/rules/security/no-toctou-vulnerability.js.map +0 -1
  257. package/src/rules/security/no-unchecked-loop-condition.js.map +0 -1
  258. package/src/rules/security/no-unencrypted-transmission.js.map +0 -1
  259. package/src/rules/security/no-unescaped-url-parameter.js.map +0 -1
  260. package/src/rules/security/no-unlimited-resource-allocation.js.map +0 -1
  261. package/src/rules/security/no-unsafe-deserialization.js.map +0 -1
  262. package/src/rules/security/no-unsafe-dynamic-require.js.map +0 -1
  263. package/src/rules/security/no-unsafe-regex-construction.js.map +0 -1
  264. package/src/rules/security/no-unsanitized-html.js.map +0 -1
  265. package/src/rules/security/no-unvalidated-user-input.js.map +0 -1
  266. package/src/rules/security/no-weak-crypto.js.map +0 -1
  267. package/src/rules/security/no-weak-password-recovery.js.map +0 -1
  268. package/src/rules/security/no-xpath-injection.js.map +0 -1
  269. package/src/rules/security/no-xxe-injection.js.map +0 -1
  270. package/src/rules/security/no-zip-slip.js.map +0 -1
  271. /package/src/rules/{security/database-injection.d.ts → database-injection/index.d.ts} +0 -0
  272. /package/src/rules/{security/detect-child-process.d.ts → detect-child-process/index.d.ts} +0 -0
  273. /package/src/rules/{security/detect-eval-with-expression.d.ts → detect-eval-with-expression/index.d.ts} +0 -0
  274. /package/src/rules/{security/detect-non-literal-fs-filename.d.ts → detect-non-literal-fs-filename/index.d.ts} +0 -0
  275. /package/src/rules/{security/detect-non-literal-regexp.d.ts → detect-non-literal-regexp/index.d.ts} +0 -0
  276. /package/src/rules/{security/detect-object-injection.d.ts → detect-object-injection/index.d.ts} +0 -0
  277. /package/src/rules/{security/no-buffer-overread.d.ts → no-buffer-overread/index.d.ts} +0 -0
  278. /package/src/rules/{security/no-clickjacking.d.ts → no-clickjacking/index.d.ts} +0 -0
  279. /package/src/rules/{security/no-directive-injection.d.ts → no-directive-injection/index.d.ts} +0 -0
  280. /package/src/rules/{security/no-document-cookie.d.ts → no-document-cookie/index.d.ts} +0 -0
  281. /package/src/rules/{security/no-electron-security-issues.d.ts → no-electron-security-issues/index.d.ts} +0 -0
  282. /package/src/rules/{security/no-exposed-sensitive-data.d.ts → no-exposed-sensitive-data/index.d.ts} +0 -0
  283. /package/src/rules/{security/no-format-string-injection.d.ts → no-format-string-injection/index.d.ts} +0 -0
  284. /package/src/rules/{security/no-graphql-injection.d.ts → no-graphql-injection/index.d.ts} +0 -0
  285. /package/src/rules/{security/no-hardcoded-credentials.d.ts → no-hardcoded-credentials/index.d.ts} +0 -0
  286. /package/src/rules/{security/no-improper-sanitization.d.ts → no-improper-sanitization/index.d.ts} +0 -0
  287. /package/src/rules/{security/no-improper-type-validation.d.ts → no-improper-type-validation/index.d.ts} +0 -0
  288. /package/src/rules/{security/no-insecure-comparison.d.ts → no-insecure-comparison/index.d.ts} +0 -0
  289. /package/src/rules/{security/no-insecure-cookie-settings.d.ts → no-insecure-cookie-settings/index.d.ts} +0 -0
  290. /package/src/rules/{security/no-insecure-jwt.d.ts → no-insecure-jwt/index.d.ts} +0 -0
  291. /package/src/rules/{security/no-insecure-redirects.d.ts → no-insecure-redirects/index.d.ts} +0 -0
  292. /package/src/rules/{security/no-insufficient-postmessage-validation.d.ts → no-insufficient-postmessage-validation/index.d.ts} +0 -0
  293. /package/src/rules/{security/no-insufficient-random.d.ts → no-insufficient-random/index.d.ts} +0 -0
  294. /package/src/rules/{security/no-ldap-injection.d.ts → no-ldap-injection/index.d.ts} +0 -0
  295. /package/src/rules/{security/no-missing-authentication.d.ts → no-missing-authentication/index.d.ts} +0 -0
  296. /package/src/rules/{security/no-missing-cors-check.d.ts → no-missing-cors-check/index.d.ts} +0 -0
  297. /package/src/rules/{security/no-missing-csrf-protection.d.ts → no-missing-csrf-protection/index.d.ts} +0 -0
  298. /package/src/rules/{security/no-missing-security-headers.d.ts → no-missing-security-headers/index.d.ts} +0 -0
  299. /package/src/rules/{security/no-privilege-escalation.d.ts → no-privilege-escalation/index.d.ts} +0 -0
  300. /package/src/rules/{security/no-redos-vulnerable-regex.d.ts → no-redos-vulnerable-regex/index.d.ts} +0 -0
  301. /package/src/rules/{security/no-sensitive-data-exposure.d.ts → no-sensitive-data-exposure/index.d.ts} +0 -0
  302. /package/src/rules/{security/no-sql-injection.d.ts → no-sql-injection/index.d.ts} +0 -0
  303. /package/src/rules/{security/no-timing-attack.d.ts → no-timing-attack/index.d.ts} +0 -0
  304. /package/src/rules/{security/no-toctou-vulnerability.d.ts → no-toctou-vulnerability/index.d.ts} +0 -0
  305. /package/src/rules/{security/no-unchecked-loop-condition.d.ts → no-unchecked-loop-condition/index.d.ts} +0 -0
  306. /package/src/rules/{security/no-unencrypted-transmission.d.ts → no-unencrypted-transmission/index.d.ts} +0 -0
  307. /package/src/rules/{security/no-unescaped-url-parameter.d.ts → no-unescaped-url-parameter/index.d.ts} +0 -0
  308. /package/src/rules/{security/no-unlimited-resource-allocation.d.ts → no-unlimited-resource-allocation/index.d.ts} +0 -0
  309. /package/src/rules/{security/no-unsafe-deserialization.d.ts → no-unsafe-deserialization/index.d.ts} +0 -0
  310. /package/src/rules/{security/no-unsafe-dynamic-require.d.ts → no-unsafe-dynamic-require/index.d.ts} +0 -0
  311. /package/src/rules/{security/no-unsafe-regex-construction.d.ts → no-unsafe-regex-construction/index.d.ts} +0 -0
  312. /package/src/rules/{security/no-unsanitized-html.d.ts → no-unsanitized-html/index.d.ts} +0 -0
  313. /package/src/rules/{security/no-unvalidated-user-input.d.ts → no-unvalidated-user-input/index.d.ts} +0 -0
  314. /package/src/rules/{security/no-weak-crypto.d.ts → no-weak-crypto/index.d.ts} +0 -0
  315. /package/src/rules/{security/no-weak-password-recovery.d.ts → no-weak-password-recovery/index.d.ts} +0 -0
  316. /package/src/rules/{security/no-xpath-injection.d.ts → no-xpath-injection/index.d.ts} +0 -0
  317. /package/src/rules/{security/no-xxe-injection.d.ts → no-xxe-injection/index.d.ts} +0 -0
  318. /package/src/rules/{security/no-zip-slip.d.ts → no-zip-slip/index.d.ts} +0 -0
package/src/rules/detect-child-process/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-child-process/index.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAyCtD,MAAM,gBAAgB,GAAqB;IACzC;QACE,MAAM,EAAE,MAAM;QACd,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC;QACvC,OAAO,EAAE;YACP,GAAG,EAAE,8BAA8B;YACnC,IAAI,EAAE;gBACJ,yDAAyD;gBACzD,sDAAsD;aACvD;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;QAC/C,OAAO,EAAE;YACP,GAAG,EAAE,wCAAwC;YAC7C,IAAI,EAAE;gBACJ,mEAAmE;gBACnE,gEAAgE;aACjE;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,OAAO;QACf,SAAS,EAAE,KAAK;QAChB,aAAa,EAAE,oBAAoB;QACnC,gBAAgB,EAAE,CAAC,uBAAuB,CAAC;QAC3C,OAAO,EAAE;YACP,GAAG,EAAE,wCAAwC;YAC7C,IAAI,EAAE;gBACJ,wDAAwD;gBACxD,oCAAoC;aACrC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,OAAO,CAAC;QAC3B,OAAO,EAAE;YACP,GAAG,EAAE,2CAA2C;YAChD,IAAI,EAAE;gBACJ,wDAAwD;gBACxD,oCAAoC;aACrC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,cAAc;QACtB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,WAAW,CAAC;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,qCAAqC;YAC1C,IAAI,EAAE;gBACJ,4DAA4D;gBAC5D,oCAAoC;aACrC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,KAAK;QAChB,aAAa,EAAE,oBAAoB;QACnC,gBAAgB,EAAE,CAAC,2BAA2B,CAAC;QAC/C,OAAO,EAAE;YACP,GAAG,EAAE,4CAA4C;YACjD,IAAI,EAAE;gBACJ,4DAA4D;gBAC5D,oCAAoC;aACrC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,MAAM;QACd,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,OAAO,CAAC;QAC3B,OAAO,EAAE;YACP,GAAG,EAAE,kBAAkB;YACvB,IAAI,EAAE;gBACJ,oDAAoD;gBACpD,+BAA+B;aAChC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,mBAAmB;QAClC,gBAAgB,EAAE,CAAC,WAAW,CAAC;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,sBAAsB;YAC3B,IAAI,EAAE;gBACJ,4EAA4E;gBAC5E,+BAA+B;aAChC;SACF;QACD,MAAM,EAAE,eAAe;KACxB;CACF,CAAC;AAEW,QAAA,kBAAkB,GAAG,IAAA,0BAAU,EAA0B;IACpE,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,8DAA8D;SAC5E;QACD,QAAQ,EAAE;YACR,8EAA8E;YAC9E,4BAA4B,EAAE,IAAA,gCAAgB,EAAC;gBAC7C,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,mBAAmB;gBAC9B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4BAA4B;gBACzC,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,2DAA2D;aAC/E,CAAC;YACF,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,oCAAoC;gBACjD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,2FAA2F;aAC/G,CAAC;YACF,QAAQ,EAAE,IAAA,gCAAgB,EAAC;gBACzB,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,WAAW;gBACtB,WAAW,EAAE,qCAAqC;gBAClD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,4CAA4C;gBACjD,iBAAiB,EAAE,kFAAkF;aACtG,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,4CAA4C;gBACzD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uCAAuC;gBAC5C,iBAAiB,EAAE,uCAAuC;aAC3D,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,2DAA2D;aAC/E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,yBAAyB;gBACtC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,iFAAiF;aACrG,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,2DAA2D;aAC/E,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,2DAA2D;aAC/E,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,sCAAsC;gBACnD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,wCAAwC;gBAC7C,iBAAiB,EAAE,2DAA2D;aAC/E,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,mBAAmB,EAAE;wBACnB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,mCAAmC;qBACjD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,sCAAsC;qBACpD;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,2CAA2C;qBACzD;oBACD,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,CAAC;wBAClD,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,gEAAgE;qBAC9E;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,mBAAmB,EAAE,KAAK;YAC1B,iBAAiB,EAAE,KAAK;YACxB,iBAAiB,EAAE,EAAE;YACrB,QAAQ,EAAE,MAAM;SACjB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,mBAAmB,GAAG,KAAK,EAC3B,iBAAiB,GAAG,KAAK,EACzB,iBAAiB,GAAG,EAAE,GACvB,GAAY,OAAO,IAAI,EAAE,CAAC;QAE3B;;WAEG;QACH,MAAM,gBAAgB,GAAG;YACvB,MAAM;YACN,UAAU;YACV,UAAU;YACV,cAAc;YACd,OAAO;YACP,WAAW;YACX,MAAM;YACN,UAAU;YACV,GAAG,iBAAiB;SACrB,CAAC;QAEF;;;WAGG;QACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QACzD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C;;WAEG;QACH,MAAM,sBAAsB,GAAG,CAAC,IAAmB,EAAW,EAAE;YAC9D,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBACpC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,gCAAgC;YAChC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAAqB,EAAW,EAAE;YAC5D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CACtB,GAAG,CAAC,IAAI,KAAK,SAAS;gBACtB,CAAC,GAAG,CAAC,IAAI,KAAK,iBAAiB;oBAC9B,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAwB,EAAE,EAAE,CAAC,EAAE,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAC3E,CAAC;QACJ,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAA6B,EAKvD,EAAE;YACF,IAAI,MAAM,GAAG,SAAS,CAAC;YACvB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/C,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YACrC,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC7C,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YAC5B,CAAC;YAED,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAkB,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE5F,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC;YAExE,6CAA6C;YAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAkB,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC;YAE3F,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QAC9C,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,OAAuB,EAAU,EAAE;YACnE,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;gBACvB,KAAK,MAAM,CAAC;gBACZ,KAAK,UAAU;oBACb,OAAO;wBACL,iDAAiD;wBACjD,gEAAgE;wBAChE,iEAAiE;wBACjE,6CAA6C;wBAC7C,wDAAwD;qBACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,OAAO;oBACV,OAAO;wBACL,+DAA+D;wBAC/D,iDAAiD;wBACjD,qDAAqD;wBACrD,iDAAiD;wBACjD,4DAA4D;qBAC7D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,UAAU;oBACb,OAAO;wBACL,2DAA2D;wBAC3D,8CAA8C;wBAC9C,+CAA+C;wBAC/C,iCAAiC;wBACjC,oCAAoC;qBACrC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,cAAc;oBACjB,OAAO;wBACL,mEAAmE;wBACnE,8CAA8C;wBAC9C,+CAA+C;wBAC/C,iCAAiC;wBACjC,oCAAoC;qBACrC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,WAAW;oBACd,OAAO;wBACL,+DAA+D;wBAC/D,iDAAiD;wBACjD,qDAAqD;wBACrD,iDAAiD;wBACjD,6CAA6C;qBAC9C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,MAAM;oBACT,OAAO;wBACL,uDAAuD;wBACvD,mDAAmD;wBACnD,0DAA0D;wBAC1D,iCAAiC;wBACjC,kEAAkE;qBACnE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,UAAU;oBACb,OAAO;wBACL,+DAA+D;wBAC/D,mDAAmD;wBACnD,8DAA8D;wBAC9D,yDAAyD;wBACzD,sEAAsE;qBACvE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf;oBACE,OAAO;wBACL,oDAAoD;wBACpD,+CAA+C;wBAC/C,2DAA2D;wBAC3D,0CAA0C;wBAC1C,kCAAkC;qBACnC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,OAA8B,EAAE,SAAkB,EAAkC,EAAE;YAChH,IAAI,OAAO,EAAE,SAAS,IAAI,SAAS,EAAE,CAAC;gBACpC,OAAO,UAAU,CAAC;YACpB,CAAC;YACD,IAAI,OAAO,EAAE,SAAS,IAAI,SAAS,EAAE,CAAC;gBACpC,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAC1B,IAA6B,EACyB,EAAE;YACxD,0BAA0B;YAC1B,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAC1C,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,6CAA6C;gBAC7C,IACE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAC1C,CAAC;oBACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrF,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC/D,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA6B,EAAE,EAAE;YAC9D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO;YACT,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAEtE,sCAAsC;YACtC,IAAI,mBAAmB,IAAI,MAAM,KAAK,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC3D,OAAO;YACT,CAAC;YAED,oCAAoC;YACpC,IAAI,iBAAiB,IAAI,MAAM,KAAK,OAAO,IAAI,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClF,OAAO;YACT,CAAC;YAED,4BAA4B;YAC5B,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACzD,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,qCAAqC,CAAC;YAClG,MAAM,YAAY,GAAG,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iCAAiC,CAAC;YAE/F,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,8BAA8B;gBACzC,IAAI,EAAE;oBACJ,MAAM;oBACN,IAAI;oBACJ,SAAS;oBACT,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,mBAAmB;oBAC5D,YAAY;oBACZ,KAAK;oBACL,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,eAAe;iBAC3C;gBACD,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,aAAa;wBACxB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,UAAU;wBACrB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,uBAAuB,GAAG,CAAC,IAAgC,EAAE,EAAE;YACnE,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,KAAK,eAAe,EAAE,CAAC;gBAC1C,OAAO;YACT,CAAC;YAED,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACxC,IAAI,SAAS,CAAC,IAAI,KAAK,wBAAwB,IAAI,SAAS,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;oBACjG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;gBAED,IAAI,SAAS,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACzC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,IAAiC,EAAE,EAAE;YACrE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACf,OAAO;YACT,CAAC;YAED,uCAAuC;YACvC,IACE,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY;gBAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,gBAAgB;gBACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;gBACnC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS;gBACzC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,eAAe,EAChD,CAAC;gBACD,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,6CAA6C;YAC7C,IACE,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,eAAe;gBAChC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,gBAAgB;gBACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACtC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;gBACnC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS;gBACzC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,eAAe,EAChD,CAAC;gBACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;oBACtC,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC/D,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAC1F,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,OAAO;YACL,cAAc,EAAE,qBAAqB;YACrC,iBAAiB,EAAE,uBAAuB;YAC1C,kBAAkB,EAAE,wBAAwB;SAC7C,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/{security/detect-eval-with-expression.js → detect-eval-with-expression/index.js} RENAMED
@@ -390,4 +390,4 @@ exports.detectEvalWithExpression = (0, eslint_devkit_2.createRule)({
390
390
  };
391
391
  },
392
392
  });
393
- //# sourceMappingURL=detect-eval-with-expression.js.map
393
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-eval-with-expression/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-eval-with-expression/index.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAqCtD,MAAM,aAAa,GAAkB;IACnC;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,MAAM;QAChB,eAAe,EAAE,cAAc;QAC/B,OAAO,EAAE;YACP,GAAG,EAAE,uCAAuC;YAC5C,IAAI,EAAE,6CAA6C;SACpD;QACD,MAAM,EAAE,WAAW;KACpB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,QAAQ,EAAE,MAAM;QAChB,eAAe,EAAE,uCAAuC;QACxD,OAAO,EAAE;YACP,GAAG,EAAE,gDAAgD;YACrD,IAAI,EAAE,8EAA8E;SACrF;QACD,MAAM,EAAE,WAAW;KACpB;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,sCAAsC;QACvD,OAAO,EAAE;YACP,GAAG,EAAE,qCAAqC;YAC1C,IAAI,EAAE,wCAAwC;SAC/C;QACD,MAAM,EAAE,WAAW;KACpB;IACD;QACE,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,QAAQ;QAClB,eAAe,EAAE,+BAA+B;QAChD,OAAO,EAAE;YACP,GAAG,EAAE,2BAA2B;YAChC,IAAI,EAAE,yFAAyF;SAChG;QACD,MAAM,EAAE,WAAW;KACpB;CACF,CAAC;AAEW,QAAA,wBAAwB,GAAG,IAAA,0BAAU,EAA0B;IAC1E,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,0EAA0E;SACxF;QACD,QAAQ,EAAE;YACR,4FAA4F;YAC5F,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4DAA4D;gBACzE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mCAAmC;gBAC9C,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0EAA0E;gBACvF,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,kBAAkB,EAAE,IAAA,gCAAgB,EAAC;gBACnC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wCAAwC;gBACnD,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,kEAAkE;gBAC/E,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,wDAAwD;gBAC7D,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,sBAAsB,EAAE,IAAA,gCAAgB,EAAC;gBACvC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,qCAAqC;gBAChD,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,4DAA4D;gBACzE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,8BAA8B;gBACzC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,iBAAiB;gBACtB,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,wCAAwC;gBACnD,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,iDAAiD;gBACtD,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,6BAA6B;gBACxC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gCAAgC;gBAC3C,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,+CAA+C;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,mBAAmB,EAAE;wBACnB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,oDAAoD;qBAClE;oBACD,uBAAuB,EAAE;wBACvB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,4CAA4C;qBAC1D;oBACD,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,CAAC;wBAChD,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,yDAAyD;qBACvE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,mBAAmB,EAAE,KAAK;YAC1B,uBAAuB,EAAE,EAAE;YAC3B,QAAQ,EAAE,MAAM;SACjB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,mBAAmB,GAAG,KAAK,EAC3B,uBAAuB,GAAG,EAAE,EAC5B,QAAQ,GAAG,MAAM,EAClB,GAAY,OAAO,IAAI,EAAE,CAAC;QAE3B;;;WAGG;QACH,MAAM,aAAa,GAAG;YACpB,MAAM;YACN,UAAU;YACV,GAAG,uBAAuB;SAC3B,CAAC;QAEF;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,IAAmB,EAAW,EAAE;YACvD,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,OAA2B,EAAc,EAAE;YACxE,QAAQ,QAAQ,EAAE,CAAC;gBACjB,KAAK,QAAQ;oBACX,OAAO,gBAAgB,CAAC;gBAC1B,KAAK,UAAU;oBACb,OAAO,kBAAkB,CAAC;gBAC5B,KAAK,UAAU;oBACb,OAAO,kBAAkB,CAAC;gBAC5B,KAAK,MAAM,CAAC;gBACZ;oBACE,gDAAgD;oBAChD,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;wBAC3C,OAAO,cAAc,CAAC;oBACxB,CAAC;oBACD,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAC7C,OAAO,iBAAiB,CAAC;oBAC3B,CAAC;oBACD,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;wBAC/C,OAAO,oBAAoB,CAAC;oBAC9B,CAAC;oBACD,OAAO,kBAAkB,CAAC,CAAC,2CAA2C;YAC1E,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,aAAa,GAAG,CAAC,UAAkB,EAAsB,EAAE;YAC/D,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;gBACpC,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBACtD,OAAO,OAAO,CAAC;gBACjB,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,OAA2B,EAAU,EAAE;YACvE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,oCAAoC;oBACpC,mDAAmD;oBACnD,gEAAgE;oBAChE,uDAAuD;oBACvD,sCAAsC;iBACvC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;YAED,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACzB,KAAK,MAAM;oBACT,OAAO;wBACL,wCAAwC;wBACxC,yCAAyC;wBACzC,6CAA6C;wBAC7C,8CAA8C;qBAC/C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,MAAM;oBACT,OAAO;wBACL,kDAAkD;wBAClD,8CAA8C;wBAC9C,mCAAmC;wBACnC,uDAAuD;qBACxD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,UAAU;oBACb,OAAO;wBACL,8CAA8C;wBAC9C,+CAA+C;wBAC/C,wDAAwD;wBACxD,mCAAmC;qBACpC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,QAAQ;oBACX,OAAO;wBACL,oDAAoD;wBACpD,wCAAwC;wBACxC,kCAAkC;wBAClC,sDAAsD;qBACvD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf;oBACE,OAAO;wBACL,sCAAsC;wBACtC,yCAAyC;wBACzC,0CAA0C;wBAC1C,uCAAuC;qBACxC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,iBAAiB,GAAG,CAAC,IAA6B,EAAU,EAAE;YAClE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAE5D,+BAA+B;YAC/B,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/C,CAAC;YAED,OAAO,oBAAoB,CAAC;QAC9B,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAAC,IAA6B,EAAE,EAAE;YAC5D,gDAAgD;YAChD,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACjC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAE7C,yDAAyD;gBACzD,IAAI,mBAAmB;oBACnB,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;oBACzB,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,OAAO;gBACT,CAAC;gBAED,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;oBACzB,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM;oBAC3B,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvC,OAAO;gBACT,CAAC;gBAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC3C,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;gBAChD,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;gBAEzD,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU;wBACV,eAAe,EAAE,OAAO,EAAE,QAAQ,IAAI,wBAAwB;wBAC9D,eAAe,EAAE,OAAO,EAAE,eAAe,IAAI,sBAAsB;wBACnE,KAAK;wBACL,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,eAAe;qBAC3C;oBACD,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;wBACjB;4BACE,SAAS,EAAE,iBAAiB;4BAC5B,IAAI,EAAE;gCACJ,eAAe,EAAE,OAAO,CAAC,eAAe;gCACxC,WAAW,EAAE,OAAO,CAAC,eAAe;6BACrC;4BACD,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,8CAA8C;yBAC/D;qBACF,CAAC,CAAC,CAAC,SAAS;iBACd,CAAC,CAAC;YACL,CAAC;YAED,4CAA4C;YAC5C,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,eAAe;gBACpC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAE3C,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC3C,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBAC1C,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;gBAEzD,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,gBAAgB,UAAU,GAAG;wBACzC,eAAe,EAAE,sBAAsB;wBACvC,eAAe,EAAE,oCAAoC;wBACrD,KAAK,EAAE;4BACL,wDAAwD;4BACxD,wCAAwC;4BACxC,kCAAkC;4BAClC,uCAAuC;yBACxC,CAAC,IAAI,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,YAAY;qBACrB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAA4B,EAAE,EAAE;YAC1D,iCAAiC;YACjC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBACzE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;gBAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAkB,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAClG,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBAC1C,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;gBAEzD,OAAO,CAAC,MAAM,CAAC;oBACb,IAAI;oBACJ,SAAS,EAAE,iBAAiB;oBAC5B,IAAI,EAAE;wBACJ,UAAU,EAAE,gBAAgB,UAAU,GAAG;wBACzC,eAAe,EAAE,sBAAsB;wBACvC,eAAe,EAAE,oCAAoC;wBACrD,KAAK,EAAE;4BACL,wDAAwD;4BACxD,wCAAwC;4BACxC,kCAAkC;4BAClC,uCAAuC;yBACxC,CAAC,IAAI,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,YAAY;qBACrB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC;QAEF,OAAO;YACL,cAAc,EAAE,mBAAmB;YACnC,aAAa,EAAE,kBAAkB;SAClC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/detect-mixed-content/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ /**
2
+ * @fileoverview Detect HTTP resources in HTTPS pages
3
+ * @see https://owasp.org/www-project-mobile-top-10/
4
+ * @see https://cwe.mitre.org/data/definitions/311.html
5
+ */
6
+ export interface Options {
7
+ }
8
+ export declare const detectMixedContent: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/detect-mixed-content/index.js ADDED
@@ -0,0 +1,45 @@
1
+ "use strict";
2
+ /**
3
+ * @fileoverview Detect HTTP resources in HTTPS pages
4
+ * @see https://owasp.org/www-project-mobile-top-10/
5
+ * @see https://cwe.mitre.org/data/definitions/311.html
6
+ */
7
+ Object.defineProperty(exports, "__esModule", { value: true });
8
+ exports.detectMixedContent = void 0;
9
+ const eslint_devkit_1 = require("@interlace/eslint-devkit");
10
+ exports.detectMixedContent = (0, eslint_devkit_1.createRule)({
11
+ name: 'detect-mixed-content',
12
+ meta: {
13
+ type: 'problem',
14
+ docs: {
15
+ description: 'Detect HTTP resources in HTTPS pages',
16
+ category: 'Security',
17
+ recommended: true,
18
+ owaspMobile: ['M5'],
19
+ cweIds: ["CWE-311"],
20
+ },
21
+ messages: {
22
+ violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
23
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
24
+ issueName: 'violation Detected',
25
+ cwe: 'CWE-311',
26
+ description: 'Detect HTTP resources in HTTPS pages detected - Literal containing http:// in HTTPS context',
27
+ severity: 'MEDIUM',
28
+ fix: 'Review and apply secure practices',
29
+ documentationLink: 'https://cwe.mitre.org/data/definitions/311.html',
30
+ })
31
+ },
32
+ schema: [],
33
+ },
34
+ defaultOptions: [],
35
+ create(context) {
36
+ return {
37
+ Literal(node) {
38
+ if (typeof node.value === 'string' && node.value.startsWith('http://')) {
39
+ context.report({ node, messageId: 'violationDetected' });
40
+ }
41
+ },
42
+ };
43
+ },
44
+ });
45
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-mixed-content/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-mixed-content/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,kBAAkB,GAAG,IAAA,0BAAU,EAA0B;IACpE,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,sCAAsC;YACnD,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,6FAA6F;gBAC1G,QAAQ,EAAE,QAAQ;gBAClB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YAEL,OAAO,CAAC,IAAsB;gBAC5B,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBACvE,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/{security/detect-non-literal-fs-filename.js → detect-non-literal-fs-filename/index.js} RENAMED
@@ -319,4 +319,4 @@ exports.detectNonLiteralFsFilename = (0, eslint_devkit_2.createRule)({
319
319
  };
320
320
  },
321
321
  });
322
- //# sourceMappingURL=detect-non-literal-fs-filename.js.map
322
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-non-literal-fs-filename/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-non-literal-fs-filename/index.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAgCtD,MAAM,aAAa,GAAkB;IACnC;QACE,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,aAAa;QAC5B,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE;YACP,GAAG,EAAE,iCAAiC;YACtC,IAAI,EAAE,wGAAwG;SAC/G;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,WAAW;QACnB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,aAAa;QAC5B,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE;YACP,GAAG,EAAE,wCAAwC;YAC7C,IAAI,EAAE,8GAA8G;SACrH;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,MAAM;QACd,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,gBAAgB;QAC/B,WAAW,EAAE,kDAAkD;QAC/D,OAAO,EAAE;YACP,GAAG,EAAE,6BAA6B;YAClC,IAAI,EAAE,0IAA0I;SACjJ;QACD,MAAM,EAAE,eAAe;KACxB;IACD;QACE,MAAM,EAAE,SAAS;QACjB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,qBAAqB;QACpC,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE;YACP,GAAG,EAAE,+BAA+B;YACpC,IAAI,EAAE,iJAAiJ;SACxJ;QACD,MAAM,EAAE,eAAe;KACxB;CACF,CAAC;AAEW,QAAA,0BAA0B,GAAG,IAAA,0BAAU,EAA0B;IAC5E,IAAI,EAAE,gCAAgC;IACtC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,oHAAoH;SAClI;QACD,QAAQ,EAAE;YACR,sFAAsF;YACtF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,IAAI;gBACV,SAAS,EAAE,gBAAgB;gBAC3B,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,eAAe;gBACzB,GAAG,EAAE,iBAAiB;gBACtB,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,mDAAmD;aACvE,CAAC;YACF,YAAY,EAAE,IAAA,gCAAgB,EAAC;gBAC7B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,eAAe;gBAC1B,WAAW,EAAE,iDAAiD;gBAC9D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0BAA0B;gBAC/B,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,uBAAuB;gBAClC,WAAW,EAAE,0BAA0B;gBACvC,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,qDAAqD;gBAC1D,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;YACF,mBAAmB,EAAE,IAAA,gCAAgB,EAAC;gBACpC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,mCAAmC;gBAChD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6EAA6E;gBAClF,iBAAiB,EAAE,wDAAwD;aAC5E,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,4BAA4B;qBAC1C;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,gCAAgC;qBAC9C;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,mDAAmD;qBACjE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,KAAK;YACpB,iBAAiB,EAAE,EAAE;SACtB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACV,aAAa,GAAG,KAAK,EACf,iBAAiB,GAAG,EAAE,EAE3B,GAAY,OAAO,IAAI,EAAE,CAAC;QAEvB;;WAEG;QACH,MAAM,gBAAgB,GAAG;YACvB,UAAU,EAAE,cAAc;YAC1B,WAAW,EAAE,eAAe;YAC5B,YAAY,EAAE,gBAAgB;YAC9B,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,WAAW;YACpB,SAAS,EAAE,aAAa;YACxB,QAAQ,EAAE,YAAY;YACtB,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,YAAY;YACtB,kBAAkB,EAAE,mBAAmB;YACvC,GAAG,iBAAiB;SACrB,CAAC;QAEF;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,IAAmB,EAAW,EAAE;YACvD,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,oBAAoB,GAAG,CAAC,OAAe,EAAW,EAAE;YACxD,OAAO,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAAC,IAA6B,EAKxD,EAAE;YACF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;gBACxC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI;gBAC3B,CAAC,CAAC,SAAS,CAAC;YAE5B,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC;YAEzE,qCAAqC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACtE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAC5D,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAE1D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QAC/C,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,QAA8B,EAAE,OAAe,EAAW,EAAE;YACnF,+BAA+B;YAC/B,IAAI,aAAa,IAAI,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,mDAAmD;YACnD,IAAI,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3E,OAAO,IAAI,CAAC;YACd,CAAC;YAED,+BAA+B;YAC/B,OAAO,CAAC,QAAQ,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,SAAsB,EAAU,EAAE;YAClE,QAAQ,SAAS,CAAC,MAAM,EAAE,CAAC;gBACzB,KAAK,UAAU,CAAC;gBAChB,KAAK,WAAW;oBACd,OAAO;wBACL,yDAAyD;wBACzD,yDAAyD;wBACzD,2EAA2E;wBAC3E,2CAA2C;wBAC3C,4CAA4C;qBAC7C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,MAAM;oBACT,OAAO;wBACL,gDAAgD;wBAChD,iEAAiE;wBACjE,yDAAyD;wBACzD,qDAAqD;wBACrD,0CAA0C;qBAC3C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,SAAS;oBACZ,OAAO;wBACL,uEAAuE;wBACvE,uDAAuD;wBACvD,8CAA8C;wBAC9C,iDAAiD;wBACjD,wDAAwD;qBACzD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf;oBACE,OAAO;wBACL,mDAAmD;wBACnD,mDAAmD;wBACnD,mDAAmD;wBACnD,4DAA4D;wBAC5D,wCAAwC;qBACzC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,SAAsB,EAAE,OAAe,EAAU,EAAE;YAC7E,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;gBACxB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,WAAW,GAAG,CAAC,IAA6B,EAAE,EAAE;YACpD,kCAAkC;YAClC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;gBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;gBACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI;gBAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC/C,OAAO;YACT,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAE7C,iCAAiC;YACjC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC3C,OAAO;YACT,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YAExE,0CAA0C;YAC1C,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;gBACrC,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,SAAS,IAAI,aAAa,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,oCAAoC,CAAC;YACrG,MAAM,WAAW,GAAG,SAAS,EAAE,WAAW,IAAI,oCAAoC,CAAC;YAEnF,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,iBAAiB;gBAC5B,IAAI,EAAE;oBACJ,MAAM;oBACN,IAAI;oBACJ,SAAS;oBACT,aAAa,EAAE,SAAS,EAAE,aAAa,IAAI,gBAAgB;oBAC3D,WAAW;oBACX,KAAK;oBACL,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,eAAe;iBAC7C;gBACD,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,cAAc;wBACzB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,aAAa;wBACxB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,qBAAqB;wBAChC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,OAAO;YACL,cAAc,EAAE,WAAW;SAC5B,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/{security/detect-non-literal-regexp.js → detect-non-literal-regexp/index.js} RENAMED
@@ -142,18 +142,35 @@ exports.detectNonLiteralRegexp = (0, eslint_devkit_2.createRule)({
142
142
  const { allowLiterals = false, maxPatternLength = 100 } = options || {};
143
143
  /**
144
144
  * Check if a node is a literal string (potentially safe)
145
+ * Includes template literals without expressions
145
146
  */
146
147
  const isLiteralString = (node) => {
147
- return node.type === 'Literal' && typeof node.value === 'string';
148
+ if (node.type === 'Literal' && typeof node.value === 'string') {
149
+ return true;
150
+ }
151
+ // Template literals without expressions are also static/safe
152
+ if (node.type === 'TemplateLiteral' && node.expressions.length === 0) {
153
+ return true;
154
+ }
155
+ return false;
148
156
  };
149
157
  /**
150
158
  * Check if a regex pattern contains dangerous ReDoS patterns
159
+ * Only flag truly dangerous patterns like nested quantifiers: (a+)+, (a*)*
151
160
  */
152
161
  const hasReDoSPatterns = (pattern) => {
153
- // Common ReDoS patterns
154
- return /(?:\*\*|\+\+|\\?\\?|\\*\\*)/.test(pattern) || // Nested quantifiers
155
- /(a+)+b|(x+)+y|(a*)*b/.test(pattern) || // Exponential backtracking
156
- /([a-zA-Z]+)*[a-zA-Z]/.test(pattern); // Polynomial backtracking
162
+ // Detect truly dangerous nested quantifier patterns that cause exponential backtracking
163
+ // Pattern like (a+)+, (a*)+, (a+)*, (a*)*, ([a-z]+)+
164
+ const nestedQuantifierPatterns = [
165
+ /\([^)]*[+*]\)[+*]/, // (something+)+ or (something*)* patterns
166
+ /\([^)]*[+*]\)\{[0-9,]+\}/, // (something+){n,m} patterns
167
+ ];
168
+ for (const dangerousPattern of nestedQuantifierPatterns) {
169
+ if (dangerousPattern.test(pattern)) {
170
+ return true;
171
+ }
172
+ }
173
+ return false;
157
174
  };
158
175
  /**
159
176
  * Extract regex pattern from RegExp construction
@@ -384,4 +401,4 @@ exports.detectNonLiteralRegexp = (0, eslint_devkit_2.createRule)({
384
401
  };
385
402
  },
386
403
  });
387
- //# sourceMappingURL=detect-non-literal-regexp.js.map
404
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-non-literal-regexp/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-non-literal-regexp/index.ts"],"names":[],"mappings":";;;AASA,4DAA0E;AAC1E,4DAAsD;AAuBtD,qCAAqC;AACrC,MAAM,eAAe,GAAG,CAAC,IAAmB,EAA4E,EAAE;IACxH,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACxF,CAAC,CAAC;AAeF,MAAM,eAAe,GAAoB;IACvC;QACE,OAAO,EAAE,oBAAoB;QAC7B,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,OAAO;QACtB,eAAe,EAAE,8BAA8B;QAC/C,OAAO,EAAE;YACP,GAAG,EAAE,uBAAuB;YAC5B,IAAI,EAAE,oEAAoE;SAC3E;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,MAAM;KAClB;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,OAAO;QACtB,eAAe,EAAE,8CAA8C;QAC/D,OAAO,EAAE;YACP,GAAG,EAAE,qBAAqB;YAC1B,IAAI,EAAE,+GAA+G;SACtH;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,MAAM;KAClB;IACD;QACE,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,OAAO;QACtB,eAAe,EAAE,6CAA6C;QAC9D,OAAO,EAAE;YACP,GAAG,EAAE,UAAU,EAAE,mBAAmB;YACpC,IAAI,EAAE,WAAW,EAAE,6CAA6C;SACjE;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,UAAU;KACtB;CACF,CAAC;AAEW,QAAA,sBAAsB,GAAG,IAAA,0BAAU,EAA0B;IACxE,IAAI,EAAE,2BAA2B;IACjC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,mHAAmH;SACjI;QACD,QAAQ,EAAE;YACR,mFAAmF;YACnF,WAAW,EAAE,IAAA,gCAAgB,EAAC;gBAC5B,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,qBAAqB;gBAChC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,8BAA8B;gBAC3C,QAAQ,EAAE,eAAe;gBACzB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,uDAAuD;gBAC5D,iBAAiB,EAAE,yFAAyF;aAC7G,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,kBAAkB;gBAC7B,WAAW,EAAE,+BAA+B;gBAC5C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+DAA+D;gBACpE,iBAAiB,EAAE,wCAAwC;aAC5D,CAAC;YACF,UAAU,EAAE,IAAA,gCAAgB,EAAC;gBAC3B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,aAAa;gBACxB,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,0CAA0C;gBAC/C,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,4FAA4F;aAChH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,qCAAqC;qBACnD;oBACD,kBAAkB,EAAE;wBAClB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,8CAA8C;qBAC5D;oBACD,gBAAgB,EAAE;wBAChB,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,GAAG;wBACZ,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,kDAAkD;qBAChE;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,KAAK;YACpB,kBAAkB,EAAE,EAAE;YACtB,gBAAgB,EAAE,GAAG;SACtB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACV,aAAa,GAAG,KAAK,EACf,gBAAgB,GAAG,GAAG,EAE3B,GAAY,OAAO,IAAI,EAAE,CAAC;QAEvB;;;WAGG;QACH,MAAM,eAAe,GAAG,CAAC,IAAmB,EAAW,EAAE;YACvD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,6DAA6D;YAC7D,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;;WAGG;QACH,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAW,EAAE;YACpD,wFAAwF;YACxF,qDAAqD;YACrD,MAAM,wBAAwB,GAAG;gBAC/B,mBAAmB,EAAE,0CAA0C;gBAC/D,0BAA0B,EAAE,6BAA6B;aAC1D,CAAC;YAEF,KAAK,MAAM,gBAAgB,IAAI,wBAAwB,EAAE,CAAC;gBACxD,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnC,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,cAAc,GAAG,CAAC,IAAsD,EAM5E,EAAE;YACF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAE5D,6BAA6B;YAC7B,IAAI,WAAW,GAAG,QAAQ,CAAC;YAC3B,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACvE,WAAW,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC1C,CAAC;YAED,gCAAgC;YAChC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACzE,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YACtE,MAAM,MAAM,GAAG,WAAW,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC7C,MAAM,CAAE,WAAgC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;YAEvF,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAClE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,mBAAmB,GAAG,CAAC,OAAe,EAAE,SAAkB,EAAwB,EAAE;YACxF,sDAAsD;YACtD,IAAI,SAAS,EAAE,CAAC;gBACd,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;oBACnC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBAChD,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;gBACD,sCAAsC;gBACtC,OAAO;oBACL,OAAO,EAAE,SAAS;oBAClB,SAAS,EAAE,IAAI;oBACf,aAAa,EAAE,OAAO;oBACtB,eAAe,EAAE,8BAA8B;oBAC/C,OAAO,EAAE;wBACP,GAAG,EAAE,OAAO;wBACZ,IAAI,EAAE,8DAA8D;qBACrE;oBACD,MAAM,EAAE,eAAe;oBACvB,SAAS,EAAE,MAAM;iBAClB,CAAC;YACJ,CAAC;YAED,4CAA4C;YAC5C,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,eAAe;oBACxB,SAAS,EAAE,IAAI;oBACf,aAAa,EAAE,OAAO;oBACtB,eAAe,EAAE,+CAA+C;oBAChE,OAAO,EAAE;wBACP,GAAG,EAAE,OAAO;wBACZ,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,qBAAqB;qBAC7D;oBACD,MAAM,EAAE,eAAe;oBACvB,SAAS,EAAE,MAAM;iBAClB,CAAC;YACJ,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,wBAAwB,GAAG,CAAC,aAA4B,EAAU,EAAE;YACxE,IAAI,aAAa,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACxC,OAAO;oBACL,oDAAoD;oBACpD,+CAA+C;oBAC/C,oEAAoE;oBACpE,qCAAqC;oBACrC,2CAA2C;iBAC5C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;YAED,IAAI,aAAa,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;gBAC9C,OAAO;oBACL,gDAAgD;oBAChD,2DAA2D;oBAC3D,+CAA+C;oBAC/C,+CAA+C;oBAC/C,iDAAiD;iBAClD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;YAED,QAAQ,aAAa,CAAC,aAAa,EAAE,CAAC;gBACpC,KAAK,OAAO;oBACV,OAAO;wBACL,mDAAmD;wBACnD,8CAA8C;wBAC9C,6CAA6C;wBAC7C,8CAA8C;wBAC9C,8CAA8C;qBAC/C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf,KAAK,WAAW;oBACd,OAAO;wBACL,oDAAoD;wBACpD,wCAAwC;wBACxC,qDAAqD;wBACrD,uDAAuD;wBACvD,yCAAyC;qBAC1C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAEf;oBACE,OAAO;wBACL,4CAA4C;wBAC5C,2CAA2C;wBAC3C,yCAAyC;wBACzC,uCAAuC;wBACvC,yCAAyC;qBAC1C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,CAAC;QACH,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,aAA4B,EAAE,OAAe,EAAU,EAAE;YACnF,IAAI,aAAa,CAAC,SAAS,KAAK,UAAU,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxE,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;gBACvC,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,IAAsD,EAAE,EAAE;YACjF,qCAAqC;YACrC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;YACxF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;YAExH,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,EAAE,CAAC;gBAClC,OAAO;YACT,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;YAEzE,gEAAgE;YAChE,IAAI,aAAa,IAAI,WAAW,IAAI,eAAe,CAAC,WAAW,CAAC,IAAI,MAAM,IAAI,gBAAgB,EAAE,CAAC;gBAC/F,kDAAkD;gBAClD,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,OAAO;gBACT,CAAC;YACH,CAAC;YAED,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE9D,qEAAqE;YACrE,MAAM,sBAAsB,GAAG,aAAa,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3D,OAAO,EAAE,SAAS;gBAClB,SAAS,EAAE,IAAI;gBACf,aAAa,EAAE,OAAgB;gBAC/B,eAAe,EAAE,4BAA4B;gBAC7C,OAAO,EAAE;oBACP,GAAG,EAAE,OAAO;oBACZ,IAAI,EAAE,kBAAkB;iBACzB;gBACD,MAAM,EAAE,eAAe;gBACvB,SAAS,EAAE,QAAiB;aAC7B,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAEV,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC;YACtE,MAAM,KAAK,GAAG,wBAAwB,CAAC,sBAAsB,CAAC,CAAC;YAE/D,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,aAAa;gBACxB,IAAI,EAAE;oBACJ,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;oBACtE,SAAS;oBACT,aAAa,EAAE,sBAAsB,CAAC,aAAa;oBACnD,eAAe,EAAE,sBAAsB,CAAC,eAAe;oBACvD,KAAK;oBACL,MAAM,EAAE,sBAAsB,CAAC,MAAM;iBACtC;gBACD,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,gBAAgB;wBAC3B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,YAAY;wBACvB,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,IAAmB,EAAE,EAAE;YACjD,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;YAEnC,2BAA2B;YAC3B,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAE1D,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,SAAS,GAAG,kBAAkB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;oBAC7D,MAAM,KAAK,GAAG,wBAAwB,CAAC,aAAa,CAAC,CAAC;oBAEtD,OAAO,CAAC,MAAM,CAAC;wBACb,IAAI;wBACJ,SAAS,EAAE,aAAa;wBACxB,IAAI,EAAE;4BACJ,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;4BACtE,SAAS;4BACT,aAAa,EAAE,aAAa,CAAC,aAAa;4BAC1C,eAAe,EAAE,aAAa,CAAC,eAAe;4BAC9C,KAAK;4BACL,MAAM,EAAE,aAAa,CAAC,MAAM;yBAC7B;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,OAAO;YACL,cAAc,EAAE,eAAe;YAC/B,aAAa,EAAE,eAAe;YAC9B,OAAO,EAAE,kBAAkB;SAC5B,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/{security/detect-object-injection.js → detect-object-injection/index.js} RENAMED
@@ -202,6 +202,7 @@ exports.detectObjectInjection = (0, eslint_devkit_2.createRule)({
202
202
  }
203
203
  // Type-aware check: If we have TypeScript type information, check if the
204
204
  // property key is constrained to a union of safe string literals
205
+ /* c8 ignore start -- TypeScript parser services often unavailable in RuleTester */
205
206
  if (parserServices && propertyNode.type === 'Identifier') {
206
207
  try {
207
208
  const type = (0, eslint_devkit_1.getTypeOfNode)(propertyNode, parserServices);
@@ -224,6 +225,7 @@ exports.detectObjectInjection = (0, eslint_devkit_2.createRule)({
224
225
  // This can happen with malformed AST or missing type information
225
226
  }
226
227
  }
228
+ /* c8 ignore stop */
227
229
  // Without type information, treat all identifiers as potentially dangerous
228
230
  return false;
229
231
  };
@@ -408,4 +410,4 @@ exports.detectObjectInjection = (0, eslint_devkit_2.createRule)({
408
410
  };
409
411
  },
410
412
  });
411
- //# sourceMappingURL=detect-object-injection.js.map
413
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-object-injection/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-object-injection/index.ts"],"names":[],"mappings":";;;AAcA,4DAQkC;AAClC,4DAAsD;AA0CtD,MAAM,yBAAyB,GAA6B;IAC1D;QACE,OAAO,EAAE,WAAW;QACpB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,qBAAqB;QACpC,eAAe,EAAE,4BAA4B;QAC7C,OAAO,EAAE;YACP,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE,mDAAmD;SAC1D;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,UAAU;KACtB;IACD;QACE,OAAO,EAAE,WAAW;QACpB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,qBAAqB;QACpC,eAAe,EAAE,8BAA8B;QAC/C,OAAO,EAAE;YACP,GAAG,EAAE,wDAAwD;YAC7D,IAAI,EAAE,6DAA6D;SACpE;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,MAAM;KAClB;IACD;QACE,OAAO,EAAE,aAAa;QACtB,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,kBAAkB;QACjC,eAAe,EAAE,2CAA2C;QAC5D,OAAO,EAAE;YACP,GAAG,EAAE,0DAA0D;YAC/D,IAAI,EAAE,oHAAoH;SAC3H;QACD,MAAM,EAAE,eAAe;QACvB,SAAS,EAAE,QAAQ;KACpB;CACF,CAAC;AAEW,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,yBAAyB;IAC/B,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,mEAAmE;SACjF;QACD,QAAQ,EAAE;YACR,+FAA+F;YAC/F,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,OAAO;gBAC1B,SAAS,EAAE,kBAAkB;gBAC7B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,iEAAiE;gBAC9E,QAAQ,EAAE,eAAe;gBACzB,GAAG,EAAE,qBAAqB;gBAC1B,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,SAAS;gBACpB,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,sFAAsF;aAC1G,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,oBAAoB;gBAC/B,WAAW,EAAE,oDAAoD;gBACjE,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,oDAAoD;gBACzD,iBAAiB,EAAE,wGAAwG;aAC5H,CAAC;YACF,aAAa,EAAE,IAAA,gCAAgB,EAAC;gBAC9B,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,kCAAkC;gBAC/C,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,4HAA4H;gBACjI,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,eAAe,EAAE,IAAA,gCAAgB,EAAC;gBAChC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,yBAAyB;gBACpC,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,IAAI;gBACvB,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,8CAA8C;gBAC3D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,kCAAkC;gBACvC,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;YACF,gBAAgB,EAAE,IAAA,gCAAgB,EAAC;gBACjC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,gBAAgB;gBAC3B,WAAW,EAAE,6CAA6C;gBAC1D,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,mDAAmD;gBACxD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,sBAAsB;gBACjC,WAAW,EAAE,uCAAuC;gBACpD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,+CAA+C;gBACpD,iBAAiB,EAAE,0DAA0D;aAC9E,CAAC;YACF,cAAc,EAAE,IAAA,gCAAgB,EAAC;gBAC/B,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,mBAAmB;gBAC9B,WAAW,EAAE,wCAAwC;gBACrD,QAAQ,EAAE,KAAK;gBACf,GAAG,EAAE,gDAAgD;gBACrD,iBAAiB,EAAE,gGAAgG;aACpH,CAAC;SACH;QACD,MAAM,EAAE;YACN;gBACE,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,aAAa,EAAE;wBACb,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,KAAK;wBACd,WAAW,EAAE,6CAA6C;qBAC3D;oBACD,iBAAiB,EAAE;wBACjB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,EAAE;wBACX,WAAW,EAAE,kDAAkD;qBAChE;oBACD,mBAAmB,EAAE;wBACnB,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wBACzB,OAAO,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC;wBAClD,WAAW,EAAE,kCAAkC;qBAChD;oBACD,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC;wBACjD,OAAO,EAAE,MAAM;wBACf,WAAW,EAAE,+DAA+D;qBAC7E;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,cAAc,EAAE;QACd;YACE,aAAa,EAAE,KAAK;YACpB,iBAAiB,EAAE,EAAE;YACrB,mBAAmB,EAAE,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC;YAC9D,QAAQ,EAAE,MAAM;SACjB;KACF;IACD,MAAM,CAAC,OAAsD;QAC3D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,EACJ,aAAa,GAAG,KAAK,EACrB,mBAAmB,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,GAChE,GAAY,OAAO,IAAI,EAAE,CAAC;QAE3B,2FAA2F;QAC3F,MAAM,wBAAwB,GAAG,IAAI,OAAO,EAA6B,CAAC;QAE1E,4EAA4E;QAC5E,MAAM,WAAW,GAAG,IAAA,iCAAiB,EAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEvE;;WAEG;QACH,MAAM,eAAe,GAAG,CAAC,IAAmB,EAAW,EAAE;YACvD,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;QACnE,CAAC,CAAC;QAEF;;;;;;;;;;;;;;;;WAgBG;QACH,MAAM,kBAAkB,GAAG,CAAC,YAA2B,EAAW,EAAE;YAClE,wEAAwE;YACxE,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC,CAAC,2DAA2D;YAC1E,CAAC;YAED,yEAAyE;YACzE,iEAAiE;YACjE,mFAAmF;YACnF,IAAI,cAAc,IAAI,YAAY,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,IAAA,6BAAa,EAAC,YAAY,EAAE,cAAc,CAAC,CAAC;oBAEzD,uDAAuD;oBACvD,qDAAqD;oBACrD,IAAI,IAAA,2CAA2B,EAAC,IAAI,EAAE,mBAAmB,CAAC,EAAE,CAAC;wBAC3D,OAAO,IAAI,CAAC,CAAC,+CAA+C;oBAC9D,CAAC;oBAED,4EAA4E;oBAC5E,MAAM,aAAa,GAAG,IAAA,sCAAsB,EAAC,IAAI,CAAC,CAAC;oBACnD,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAChD,yCAAyC;wBACzC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACpD,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,yEAAyE;oBACzE,iEAAiE;gBACnE,CAAC;YACH,CAAC;YACD,oBAAoB;YAEpB,2EAA2E;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,YAA2B,EAAW,EAAE;YACzE,uCAAuC;YACvC,IAAI,eAAe,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,MAAM,QAAQ,GAAG,MAAM,CAAE,YAAiC,CAAC,KAAK,CAAC,CAAC;gBAElE,iFAAiF;gBACjF,gDAAgD;gBAChD,IAAI,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAEH,qFAAqF;gBACnF,6CAA6C;gBAC/C,IAAI,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;oBACrC,OAAO,KAAK,CAAC;gBACf,CAAC;gBAEC,qFAAqF;gBACrF,IAAI,aAAa,EAAE,CAAC;oBAClB,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,qFAAqF;gBACrF,6CAA6C;gBAC7C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,wEAAwE;YACxE,OAAO,IAAI,CAAC;QACd,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA+D,EAM5F,EAAE;YACF,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC;YAE5D,IAAI,MAAc,CAAC;YACnB,IAAI,QAAgB,CAAC;YACrB,IAAI,YAA2B,CAAC;YAChC,IAAI,YAAY,GAAG,KAAK,CAAC;YAEzB,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAsB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAClF,+BAA+B;gBAC/B,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9C,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAClD,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAClC,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC5C,mBAAmB;gBACnB,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACzC,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC7C,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;gBAC7B,YAAY,GAAG,KAAK,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YAC9F,CAAC;YAED,+CAA+C;YAC/C,MAAM,OAAO,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACjD,IAAI,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACzC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAC5D,IAAI,IAAI,CAAC;YAEV,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;QACnE,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,oBAAoB,GAAG,CAAC,IAAmC,EAAW,EAAE;YAC5E,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC1C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,uDAAuD;YACvD,kCAAkC;YAClC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAErD,oDAAoD;YACpD,OAAO,yBAAyB,CAAC,YAAY,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,sBAAsB,GAAG,CAAC,IAA+B,EAAW,EAAE;YAC1E,uDAAuD;YACvD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,EAAE,YAAY,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAErD,sCAAsC;YACtC,OAAO,yBAAyB,CAAC,YAAY,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,kBAAkB,GAAG,CAAC,OAAsC,EAAE,YAAqB,EAAU,EAAE;YACnG,IAAI,OAAO,EAAE,SAAS,KAAK,UAAU,IAAI,CAAC,OAAO,IAAI,YAAY,CAAC,EAAE,CAAC;gBACnE,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,IAAI,OAAO,EAAE,SAAS,KAAK,MAAM,IAAI,YAAY,EAAE,CAAC;gBAClD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,yBAAyB,GAAG,CAAC,IAAmC,EAAE,EAAE;YACxE,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YAED,iEAAiE;YACjE,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAC1C,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAE5D,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,iBAAiB;gBAC5B,IAAI,EAAE;oBACJ,OAAO,EAAE,GAAG,MAAM,IAAI,QAAQ,GAAG;oBACjC,SAAS;oBACT,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,kBAAkB;oBAC3D,eAAe,EAAE,OAAO,EAAE,eAAe,IAAI,kCAAkC;iBAChF;gBACD,OAAO,EAAE;oBACP;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,mBAAmB;wBAC9B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,eAAe;wBAC1B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,iBAAiB;wBAC5B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;oBACD;wBACE,SAAS,EAAE,kBAAkB;wBAC7B,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI;qBAChB;iBACF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF;;WAEG;QACH,MAAM,qBAAqB,GAAG,CAAC,IAA+B,EAAE,EAAE;YAChE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO;YACT,CAAC;YAED,uFAAuF;YACvF,IAAI,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,OAAO;YACT,CAAC;YAED,2FAA2F;YAC3F,4EAA4E;YAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAmC,CAAC;YACxD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBAC7E,OAAO;YACT,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,kBAAkB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YAE5D,OAAO,CAAC,MAAM,CAAC;gBACb,IAAI;gBACJ,SAAS,EAAE,iBAAiB;gBAC5B,IAAI,EAAE;oBACJ,OAAO,EAAE,GAAG,MAAM,IAAI,QAAQ,GAAG;oBACjC,SAAS;oBACT,aAAa,EAAE,OAAO,EAAE,aAAa,IAAI,kBAAkB;oBAC3D,eAAe,EAAE,OAAO,EAAE,eAAe,IAAI,kCAAkC;iBAChF;aACF,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,OAAO;YACL,oBAAoB,EAAE,yBAAyB;YAC/C,gBAAgB,EAAE,qBAAqB;SACxC,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/detect-suspicious-dependencies/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ /**
2
+ * @fileoverview Detect potential typosquatting in dependencies
3
+ * @see https://owasp.org/www-project-mobile-top-10/
4
+ * @see https://cwe.mitre.org/data/definitions/506.html
5
+ */
6
+ export interface Options {
7
+ }
8
+ export declare const detectSuspiciousDependencies: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/detect-suspicious-dependencies/index.js ADDED
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+ /**
3
+ * @fileoverview Detect potential typosquatting in dependencies
4
+ * @see https://owasp.org/www-project-mobile-top-10/
5
+ * @see https://cwe.mitre.org/data/definitions/506.html
6
+ */
7
+ Object.defineProperty(exports, "__esModule", { value: true });
8
+ exports.detectSuspiciousDependencies = void 0;
9
+ const eslint_devkit_1 = require("@interlace/eslint-devkit");
10
+ exports.detectSuspiciousDependencies = (0, eslint_devkit_1.createRule)({
11
+ name: 'detect-suspicious-dependencies',
12
+ meta: {
13
+ type: 'problem',
14
+ docs: {
15
+ description: 'Detect typosquatting in package names',
16
+ },
17
+ messages: {
18
+ violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
19
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
20
+ issueName: 'Suspicious Dependency',
21
+ cwe: 'CWE-506',
22
+ description: 'Suspicious package name detected - possible typosquatting',
23
+ severity: 'HIGH',
24
+ fix: 'Verify package authenticity on npm registry',
25
+ documentationLink: 'https://cwe.mitre.org/data/definitions/506.html',
26
+ })
27
+ },
28
+ schema: [],
29
+ },
30
+ defaultOptions: [],
31
+ create(context) {
32
+ const popularPackages = ['react', 'lodash', 'express', 'axios', 'webpack'];
33
+ function levenshtein(a, b) {
34
+ const matrix = [];
35
+ for (let i = 0; i <= b.length; i++) {
36
+ matrix[i] = [i];
37
+ }
38
+ for (let j = 0; j <= a.length; j++) {
39
+ matrix[0][j] = j;
40
+ }
41
+ for (let i = 1; i <= b.length; i++) {
42
+ for (let j = 1; j <= a.length; j++) {
43
+ if (b.charAt(i - 1) === a.charAt(j - 1)) {
44
+ matrix[i][j] = matrix[i - 1][j - 1];
45
+ }
46
+ else {
47
+ matrix[i][j] = Math.min(matrix[i - 1][j - 1] + 1, matrix[i][j - 1] + 1, matrix[i - 1][j] + 1);
48
+ }
49
+ }
50
+ }
51
+ return matrix[b.length][a.length];
52
+ }
53
+ return {
54
+ ImportDeclaration(node) {
55
+ const source = node.source.value;
56
+ if (typeof source === 'string' && !source.startsWith('.') && !source.startsWith('@')) {
57
+ for (const popular of popularPackages) {
58
+ const distance = levenshtein(source, popular);
59
+ if (distance > 0 && distance <= 2) {
60
+ context.report({
61
+ node,
62
+ messageId: 'violationDetected',
63
+ data: { name: source, similar: popular },
64
+ });
65
+ }
66
+ }
67
+ }
68
+ },
69
+ };
70
+ },
71
+ });
72
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-suspicious-dependencies/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-suspicious-dependencies/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,4BAA4B,GAAG,IAAA,0BAAU,EAA0B;IAC9E,IAAI,EAAE,gCAAgC;IACtC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,uCAAuC;SACrD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,2DAA2D;gBACxE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,6CAA6C;gBAClD,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAE3E,SAAS,WAAW,CAAC,CAAS,EAAE,CAAS;YACvC,MAAM,MAAM,GAAG,EAAE,CAAC;YAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;wBACxC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;oBACtC,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CACrB,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACxB,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACpB,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CACrB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QAED,OAAO;YACL,iBAAiB,CAAC,IAAgC;gBAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;gBACjC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrF,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;wBACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;wBAC9C,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;4BAClC,OAAO,CAAC,MAAM,CAAC;gCACb,IAAI;gCACJ,SAAS,EAAE,mBAAmB;gCAC9B,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE;6BACzC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/detect-weak-password-validation/index.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ /**
2
+ * @fileoverview Identify weak password requirements
3
+ */
4
+ export interface Options {
5
+ }
6
+ export declare const detectWeakPasswordValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/detect-weak-password-validation/index.js ADDED
@@ -0,0 +1,59 @@
1
+ "use strict";
2
+ /**
3
+ * @fileoverview Identify weak password requirements
4
+ */
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.detectWeakPasswordValidation = void 0;
7
+ const eslint_devkit_1 = require("@interlace/eslint-devkit");
8
+ exports.detectWeakPasswordValidation = (0, eslint_devkit_1.createRule)({
9
+ name: 'detect-weak-password-validation',
10
+ meta: {
11
+ type: 'problem',
12
+ docs: {
13
+ description: 'Identify weak password requirements',
14
+ },
15
+ messages: {
16
+ violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
17
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
18
+ issueName: 'Weak Password Validation',
19
+ cwe: 'CWE-521',
20
+ description: 'Password length requirement is too weak (less than 8 characters)',
21
+ severity: 'CRITICAL',
22
+ fix: 'Require at least 12 characters with complexity requirements',
23
+ documentationLink: 'https://cwe.mitre.org/data/definitions/521.html',
24
+ })
25
+ },
26
+ schema: [],
27
+ },
28
+ defaultOptions: [],
29
+ create(context) {
30
+ function report(node) {
31
+ context.report({ node, messageId: 'violationDetected' });
32
+ }
33
+ return {
34
+ BinaryExpression(node) {
35
+ // Detect weak length requirements like password.length >= 4
36
+ if (['>=', '>', '==', '==='].includes(node.operator)) {
37
+ // Check if left side is .length
38
+ if (node.left.type === 'MemberExpression' &&
39
+ node.left.property.type === 'Identifier' &&
40
+ node.left.property.name === 'length') {
41
+ // Check if comparing to a weak number
42
+ if (node.right.type === 'Literal' &&
43
+ typeof node.right.value === 'number' &&
44
+ node.right.value < 8) {
45
+ // Check if variable name suggests password
46
+ if (node.left.object.type === 'Identifier') {
47
+ const varName = node.left.object.name.toLowerCase();
48
+ if (varName.includes('password') || varName.includes('pwd') || varName.includes('pass')) {
49
+ report(node);
50
+ }
51
+ }
52
+ }
53
+ }
54
+ }
55
+ },
56
+ };
57
+ },
58
+ });
59
+ //# sourceMappingURL=index.js.map
package/src/rules/detect-weak-password-validation/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/detect-weak-password-validation/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,4BAA4B,GAAG,IAAA,0BAAU,EAA0B;IAC9E,IAAI,EAAE,iCAAiC;IACvC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,qCAAqC;SACnD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,0BAA0B;gBACrC,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,kEAAkE;gBAC/E,QAAQ,EAAE,UAAU;gBACpB,GAAG,EAAE,6DAA6D;gBAClE,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO;YACL,gBAAgB,CAAC,IAA+B;gBAC9C,4DAA4D;gBAC5D,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrD,gCAAgC;oBAChC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB;wBACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;wBACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAEzC,sCAAsC;wBACtC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;4BAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ;4BACpC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;4BAEzB,2CAA2C;4BAC3C,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gCAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;gCACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oCACxF,MAAM,CAAC,IAAI,CAAC,CAAC;gCACf,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/no-allow-arbitrary-loads/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ /**
2
+ * @fileoverview Prevent configuration allowing insecure loads
3
+ * @see https://owasp.org/www-project-mobile-top-10/
4
+ * @see https://cwe.mitre.org/data/definitions/749.html
5
+ */
6
+ export interface Options {
7
+ }
8
+ export declare const noAllowArbitraryLoads: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/no-allow-arbitrary-loads/index.js ADDED
@@ -0,0 +1,48 @@
1
+ "use strict";
2
+ /**
3
+ * @fileoverview Prevent configuration allowing insecure loads
4
+ * @see https://owasp.org/www-project-mobile-top-10/
5
+ * @see https://cwe.mitre.org/data/definitions/749.html
6
+ */
7
+ Object.defineProperty(exports, "__esModule", { value: true });
8
+ exports.noAllowArbitraryLoads = void 0;
9
+ const eslint_devkit_1 = require("@interlace/eslint-devkit");
10
+ exports.noAllowArbitraryLoads = (0, eslint_devkit_1.createRule)({
11
+ name: 'no-allow-arbitrary-loads',
12
+ meta: {
13
+ type: 'problem',
14
+ docs: {
15
+ description: 'Prevent configuration allowing insecure loads',
16
+ category: 'Security',
17
+ recommended: true,
18
+ owaspMobile: ['M5'],
19
+ cweIds: ["CWE-749"],
20
+ },
21
+ messages: {
22
+ violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
23
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
24
+ issueName: 'violation Detected',
25
+ cwe: 'CWE-295',
26
+ description: 'Prevent configuration allowing insecure loads detected - allowArbitraryLoads: true',
27
+ severity: 'HIGH',
28
+ fix: 'Review and apply secure practices',
29
+ documentationLink: 'https://cwe.mitre.org/data/definitions/295.html',
30
+ })
31
+ },
32
+ schema: [],
33
+ },
34
+ defaultOptions: [],
35
+ create(context) {
36
+ return {
37
+ Property(node) {
38
+ if (node.key.type === 'Identifier' &&
39
+ node.key.name === 'allowArbitraryLoads' &&
40
+ node.value.type === 'Literal' &&
41
+ node.value.value === true) {
42
+ context.report({ node, messageId: 'violationDetected' });
43
+ }
44
+ },
45
+ };
46
+ },
47
+ });
48
+ //# sourceMappingURL=index.js.map
package/src/rules/no-allow-arbitrary-loads/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-allow-arbitrary-loads/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,4DAAsF;AAUzE,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,0BAA0B;IAChC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,+CAA+C;YAC5D,QAAQ,EAAE,UAAU;YACpB,WAAW,EAAE,IAAI;YACjB,WAAW,EAAE,CAAC,IAAI,CAAC;YACnB,MAAM,EAAE,CAAC,SAAS,CAAC;SACpB;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,oBAAoB;gBAC/B,GAAG,EAAE,SAAS;gBACd,WAAW,EAAE,oFAAoF;gBACjG,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,mCAAmC;gBACxC,iBAAiB,EAAE,iDAAiD;aACrE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,OAAO;YACL,QAAQ,CAAC,IAAuB;gBAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,YAAY;oBAC9B,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,qBAAqB;oBACvC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,SAAS;oBAC7B,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;oBAC9B,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}
package/src/rules/no-arbitrary-file-access/index.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ /**
2
+ * @fileoverview Prevent file access from user input
3
+ */
4
+ export interface Options {
5
+ }
6
+ export declare const noArbitraryFileAccess: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/no-arbitrary-file-access/index.js ADDED
@@ -0,0 +1,63 @@
1
+ "use strict";
2
+ /**
3
+ * @fileoverview Prevent file access from user input
4
+ */
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.noArbitraryFileAccess = void 0;
7
+ const eslint_devkit_1 = require("@interlace/eslint-devkit");
8
+ exports.noArbitraryFileAccess = (0, eslint_devkit_1.createRule)({
9
+ name: 'no-arbitrary-file-access',
10
+ meta: {
11
+ type: 'problem',
12
+ docs: {
13
+ description: 'Prevent file access from user input',
14
+ },
15
+ messages: {
16
+ violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
17
+ icon: eslint_devkit_1.MessageIcons.SECURITY,
18
+ issueName: 'Arbitrary File Access',
19
+ cwe: 'CWE-22',
20
+ description: 'File path from user input - path traversal vulnerability',
21
+ severity: 'HIGH',
22
+ fix: 'Validate and sanitize file paths, use allowlists',
23
+ documentationLink: 'https://cwe.mitre.org/data/definitions/22.html',
24
+ })
25
+ },
26
+ schema: [],
27
+ },
28
+ defaultOptions: [],
29
+ create(context) {
30
+ function report(node) {
31
+ context.report({ node, messageId: 'violationDetected' });
32
+ }
33
+ const fsReadMethods = ['readFile', 'readFileSync', 'readdir', 'readdirSync', 'stat', 'statSync'];
34
+ const fsWriteMethods = ['writeFile', 'writeFileSync', 'appendFile', 'appendFileSync'];
35
+ const userInputSources = ['req', 'request', 'params', 'query', 'body'];
36
+ return {
37
+ CallExpression(node) {
38
+ // Detect fs.* with user input
39
+ if (node.callee.type === 'MemberExpression' &&
40
+ node.callee.object.type === 'Identifier' &&
41
+ node.callee.object.name === 'fs' &&
42
+ node.callee.property.type === 'Identifier' &&
43
+ [...fsReadMethods, ...fsWriteMethods].includes(node.callee.property.name)) {
44
+ const pathArg = node.arguments[0];
45
+ // Flag if path is a variable (not a literal)
46
+ if (pathArg && pathArg.type === 'Identifier') {
47
+ report(node);
48
+ return; // Already reported
49
+ }
50
+ // Flag if path is from a member expression (user input sources)
51
+ if (pathArg?.type === 'MemberExpression' &&
52
+ pathArg.object.type === 'Identifier') {
53
+ const objName = pathArg.object.name.toLowerCase();
54
+ if (userInputSources.includes(objName)) {
55
+ report(node);
56
+ }
57
+ }
58
+ }
59
+ },
60
+ };
61
+ },
62
+ });
63
+ //# sourceMappingURL=index.js.map
package/src/rules/no-arbitrary-file-access/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../packages/eslint-plugin-secure-coding/src/rules/no-arbitrary-file-access/index.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,4DAAsF;AAUzE,QAAA,qBAAqB,GAAG,IAAA,0BAAU,EAA0B;IACvE,IAAI,EAAE,0BAA0B;IAChC,IAAI,EAAE;QACJ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE;YACJ,WAAW,EAAE,qCAAqC;SACnD;QACD,QAAQ,EAAE;YACR,iBAAiB,EAAE,IAAA,gCAAgB,EAAC;gBAClC,IAAI,EAAE,4BAAY,CAAC,QAAQ;gBAC3B,SAAS,EAAE,uBAAuB;gBAClC,GAAG,EAAE,QAAQ;gBACb,WAAW,EAAE,0DAA0D;gBACvE,QAAQ,EAAE,MAAM;gBAChB,GAAG,EAAE,kDAAkD;gBACvD,iBAAiB,EAAE,gDAAgD;aACpE,CAAC;SACH;QACD,MAAM,EAAE,EAAE;KACX;IACD,cAAc,EAAE,EAAE;IAClB,MAAM,CAAC,OAAO;QACZ,SAAS,MAAM,CAAC,IAAmB;YACjC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QACjG,MAAM,cAAc,GAAG,CAAC,WAAW,EAAE,eAAe,EAAE,YAAY,EAAE,gBAAgB,CAAC,CAAC;QACtF,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAEvE,OAAO;YACL,cAAc,CAAC,IAA6B;gBAC1C,8BAA8B;gBAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBACvC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,IAAI;oBAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBAC1C,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAE9E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oBAElC,6CAA6C;oBAC7C,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC7C,MAAM,CAAC,IAAI,CAAC,CAAC;wBACb,OAAO,CAAC,mBAAmB;oBAC7B,CAAC;oBAED,gEAAgE;oBAChE,IAAI,OAAO,EAAE,IAAI,KAAK,kBAAkB;wBACpC,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBACzC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;wBAClD,IAAI,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;4BACvC,MAAM,CAAC,IAAI,CAAC,CAAC;wBACf,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC"}