eslint-plugin-secure-coding 2.3.2 → 2.3.3

package/src/rules/no-insufficient-postmessage-validation/index.d.ts

@@ -1,14 +0,0 @@
-import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
-export interface Options extends SecurityRuleOptions {
-    /** Allowed origins for postMessage communication */
-    allowedOrigins?: string[];
-    /** Whether to allow wildcard origins in development */
-    allowWildcardInDev?: boolean;
-    /** Message event handler patterns to check */
-    messageHandlerPatterns?: string[];
-    /** Origins considered safe (e.g., localhost, development domains) */
-    safeOrigins?: string[];
-    /** Whether to perform deep origin validation analysis */
-    deepValidation?: boolean;
-}
-export declare const noInsufficientPostmessageValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-insufficient-postmessage-validation/index.js

@@ -1,392 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noInsufficientPostmessageValidation = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-const eslint_devkit_2 = require("@interlace/eslint-devkit");
-const eslint_devkit_3 = require("@interlace/eslint-devkit");
-exports.noInsufficientPostmessageValidation = (0, eslint_devkit_1.createRule)({
-    name: 'no-insufficient-postmessage-validation',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Detects insufficient postMessage origin validation',
-        },
-        fixable: 'code',
-        hasSuggestions: true,
-        messages: {
-            insufficientPostmessageValidation: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Insufficient postMessage Validation',
-                cwe: 'CWE-20',
-                description: 'postMessage origin validation is insufficient',
-                severity: '{{severity}}',
-                fix: '{{safeAlternative}}',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            wildcardOrigin: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Wildcard postMessage Origin',
-                cwe: 'CWE-20',
-                description: 'postMessage uses wildcard origin (*)',
-                severity: 'CRITICAL',
-                fix: 'Use specific trusted origins instead of "*"',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            missingOriginCheck: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Missing Origin Check',
-                cwe: 'CWE-20',
-                description: 'Message handler missing origin validation',
-                severity: 'HIGH',
-                fix: 'Check event.origin against trusted origins',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            unsafeMessageHandler: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.SECURITY,
-                issueName: 'Unsafe Message Handler',
-                cwe: 'CWE-20',
-                description: 'Message event handler processes data without validation',
-                severity: 'MEDIUM',
-                fix: 'Validate event.origin and event.data before processing',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            useSpecificOrigins: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Use Specific Origins',
-                description: 'Specify trusted origins explicitly',
-                severity: 'LOW',
-                fix: 'postMessage(data, "https://trusted-domain.com")',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            validateMessageOrigin: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Validate Message Origin',
-                description: 'Validate message origin before processing',
-                severity: 'LOW',
-                fix: 'if (event.origin === "https://trusted.com") { /* process */ }',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            implementOriginWhitelist: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.INFO,
-                issueName: 'Implement Origin Whitelist',
-                description: 'Use whitelist of allowed origins',
-                severity: 'LOW',
-                fix: 'const allowedOrigins = ["https://app1.com", "https://app2.com"];',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            strategyOriginValidation: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'Origin Validation Strategy',
-                description: 'Validate message origins against trusted list',
-                severity: 'LOW',
-                fix: 'Check event.origin against predefined allowed origins',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            strategyContentValidation: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'Content Validation Strategy',
-                description: 'Validate message content in addition to origin',
-                severity: 'LOW',
-                fix: 'Validate both event.origin and event.data structure',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            }),
-            strategyEnvironmentSeparation: (0, eslint_devkit_2.formatLLMMessage)({
-                icon: eslint_devkit_2.MessageIcons.STRATEGY,
-                issueName: 'Environment Separation Strategy',
-                description: 'Use different origins for different environments',
-                severity: 'LOW',
-                fix: 'Use environment-specific origin validation',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage',
-            })
-        },
-        schema: [
-            {
-                type: 'object',
-                properties: {
-                    allowedOrigins: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                    },
-                    allowWildcardInDev: {
-                        type: 'boolean',
-                        default: false,
-                        description: 'Allow wildcard origins in development environment'
-                    },
-                    messageHandlerPatterns: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: ['addEventListener', 'onmessage', 'postMessage'],
-                    },
-                    trustedSanitizers: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                        description: 'Additional function names to consider as origin validators',
-                    },
-                    trustedAnnotations: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                        description: 'Additional JSDoc annotations to consider as safe markers',
-                    },
-                    strictMode: {
-                        type: 'boolean',
-                        default: false,
-                        description: 'Disable all false positive detection (strict mode)',
-                    },
-                    safeOrigins: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: ['localhost', '127.0.0.1', '0.0.0.0'],
-                        description: 'Origins considered safe for postMessage communication',
-                    },
-                    deepValidation: {
-                        type: 'boolean',
-                        default: false,
-                        description: 'Enable deep AST analysis for origin validation detection',
-                    },
-                },
-                additionalProperties: false,
-            },
-        ],
-    },
-    defaultOptions: [
-        {
-            allowedOrigins: [],
-            allowWildcardInDev: false,
-            messageHandlerPatterns: ['addEventListener', 'onmessage', 'postMessage'],
-            trustedSanitizers: [],
-            trustedAnnotations: [],
-            strictMode: false,
-            safeOrigins: ['localhost', '127.0.0.1', '0.0.0.0'],
-            deepValidation: false,
-        },
-    ],
-    create(context) {
-        const options = context.options[0] || {};
-        const { allowedOrigins = [], allowWildcardInDev = false, trustedSanitizers = [], trustedAnnotations = [], strictMode = false, deepValidation = false, } = options;
-        const sourceCode = context.sourceCode || context.sourceCode;
-        const filename = context.filename || context.getFilename();
-        // Create safety checker for false positive detection
-        const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
-            trustedSanitizers,
-            trustedAnnotations,
-            trustedOrmPatterns: [],
-            strictMode,
-        });
-        /**
-         * Check if origin validation is present in a message handler
-         *
-         * ⚠️ STATIC ANALYSIS LIMITATION:
-         * This can only detect simple patterns. Complex validation logic
-         * (external functions, runtime config, dynamic validation) cannot
-         * be detected statically.
-         */
-        const hasOriginValidation = (functionNode) => {
-            if (deepValidation) {
-                // Deep AST analysis (more thorough but slower)
-                try {
-                    let hasOriginCheck = false;
-                    const checkNode = (node) => {
-                        // Check for event.origin comparisons
-                        if (node.type === 'BinaryExpression' &&
-                            ((node.left.type === 'MemberExpression' &&
-                                node.left.property.type === 'Identifier' &&
-                                node.left.property.name === 'origin' &&
-                                node.left.object.type === 'Identifier') ||
-                                (node.right.type === 'MemberExpression' &&
-                                    node.right.property.type === 'Identifier' &&
-                                    node.right.property.name === 'origin' &&
-                                    node.right.object.type === 'Identifier'))) {
-                            hasOriginCheck = true;
-                            return;
-                        }
-                        // Check for includes() calls on origin arrays
-                        if (node.type === 'CallExpression' &&
-                            node.callee.type === 'MemberExpression' &&
-                            node.callee.property.type === 'Identifier' &&
-                            node.callee.property.name === 'includes') {
-                            const objectText = sourceCode.getText(node.callee.object).toLowerCase();
-                            if (objectText.includes('origin') || objectText.includes('allowed')) {
-                                hasOriginCheck = true;
-                                return;
-                            }
-                        }
-                        // Recursively check child nodes
-                        for (const key in node) {
-                            if (key === 'parent' || key === 'range' || key === 'loc')
-                                continue;
-                            const child = node[key];
-                            if (child && typeof child === 'object' && 'type' in child) {
-                                checkNode(child);
-                            }
-                            else if (Array.isArray(child)) {
-                                child.forEach(item => {
-                                    if (item && typeof item === 'object' && 'type' in item) {
-                                        checkNode(item);
-                                    }
-                                });
-                            }
-                        }
-                    };
-                    checkNode(functionNode);
-                    return hasOriginCheck;
-                }
-                catch {
-                    // If AST traversal fails, fall back to simple text matching
-                    return false;
-                }
-            }
-            else {
-                // Simple text-based check (faster, less accurate)
-                const functionText = sourceCode.getText(functionNode).toLowerCase();
-                return functionText.includes('event.origin') ||
-                    (functionText.includes('origin') && functionText.includes('event'));
-            }
-        };
-        return {
-            // Check postMessage calls with wildcard origins
-            CallExpression(node) {
-                const callee = node.callee;
-                // Check for any postMessage() calls
-                if (callee.type === 'MemberExpression' &&
-                    callee.property.type === 'Identifier' &&
-                    callee.property.name === 'postMessage') {
-                    // Check allowed origins for non-wildcard origins
-                    const args = node.arguments;
-                    if (args.length >= 2) {
-                        const targetOrigin = args[1];
-                        if (targetOrigin.type === 'Literal' &&
-                            typeof targetOrigin.value === 'string' &&
-                            targetOrigin.value !== '*') {
-                            // Check if origin is explicitly allowed
-                            const originValue = targetOrigin.value;
-                            const isAllowed = allowedOrigins.includes(originValue) ||
-                                allowedOrigins.includes('*') ||
-                                allowedOrigins.length === 0; // If no restrictions, allow all specific origins
-                            if (!isAllowed) {
-                                /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                                if (safetyChecker.isSafe(node, context)) {
-                                    return;
-                                }
-                                /* c8 ignore stop */
-                                context.report({
-                                    node: targetOrigin,
-                                    messageId: 'useSpecificOrigins',
-                                    data: {
-                                        filePath: filename,
-                                        line: String(node.loc?.start.line ?? 0),
-                                        origin: originValue,
-                                    },
-                                });
-                            }
-                        }
-                        // Check for wildcard origin
-                        if (targetOrigin.type === 'Literal' &&
-                            typeof targetOrigin.value === 'string' &&
-                            targetOrigin.value === '*') {
-                            // Check if origin is explicitly allowed
-                            const originValue = targetOrigin.value;
-                            const isAllowed = allowedOrigins.includes(originValue) || allowedOrigins.includes('*');
-                            // Allow if explicitly allowed OR in development if configured
-                            if (!isAllowed && !allowWildcardInDev) {
-                                // TEMP: bypass safety checker
-                                // if (safetyChecker.isSafe(node, context)) {
-                                //   return;
-                                // }
-                                context.report({
-                                    node: targetOrigin,
-                                    messageId: 'wildcardOrigin',
-                                    data: {
-                                        filePath: filename,
-                                        line: String(node.loc?.start.line ?? 0),
-                                    },
-                                });
-                            }
-                        }
-                    }
-                }
-                // Check for addEventListener('message', ...) and IPC calls
-                // Check for addEventListener('message', ...)
-                if (callee.type === 'MemberExpression' &&
-                    callee.property.type === 'Identifier' &&
-                    callee.property.name === 'addEventListener') {
-                    const args = node.arguments;
-                    if (args.length >= 2) {
-                        const eventType = args[0];
-                        const handler = args[1];
-                        // Check if it's a message event
-                        if (eventType.type === 'Literal' &&
-                            typeof eventType.value === 'string' &&
-                            eventType.value === 'message') {
-                            // Check if handler is a function and lacks origin validation
-                            if (handler.type === 'FunctionExpression' ||
-                                handler.type === 'ArrowFunctionExpression') {
-                                if (!hasOriginValidation(handler)) {
-                                    /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                                    if (safetyChecker.isSafe(node, context)) {
-                                        return;
-                                    }
-                                    /* c8 ignore stop */
-                                    context.report({
-                                        node: handler,
-                                        messageId: 'missingOriginCheck',
-                                        data: {
-                                            filePath: filename,
-                                            line: String(node.loc?.start.line ?? 0),
-                                        },
-                                    });
-                                }
-                            }
-                        }
-                    }
-                }
-            },
-            // Check for window.onmessage assignments
-            AssignmentExpression(node) {
-                const left = node.left;
-                if (left.type === 'MemberExpression' &&
-                    left.property.type === 'Identifier' &&
-                    left.property.name === 'onmessage' &&
-                    left.object.type === 'Identifier' &&
-                    left.object.name === 'window') {
-                    const handler = node.right;
-                    if (handler && (handler.type === 'FunctionExpression' ||
-                        handler.type === 'ArrowFunctionExpression')) {
-                        if (!hasOriginValidation(handler)) {
-                            /* c8 ignore start -- safetyChecker requires JSDoc annotations not testable via RuleTester */
-                            if (safetyChecker.isSafe(node, context)) {
-                                return;
-                            }
-                            /* c8 ignore stop */
-                            context.report({
-                                node: handler,
-                                messageId: 'missingOriginCheck',
-                                data: {
-                                    filePath: filename,
-                                    line: String(node.loc?.start.line ?? 0),
-                                },
-                            });
-                        }
-                    }
-                }
-            },
-            // Check for event.data usage without origin validation
-            MemberExpression(node) {
-                // Look for event.data usage
-                if (node.property.type === 'Identifier' &&
-                    node.property.name === 'data' &&
-                    node.object.type === 'Identifier' &&
-                    node.object.name === 'event') {
-                    // For now, simplify: only flag if we're clearly in an unsafe context
-                    // The addEventListener check above should handle most cases
-                    // This is a simplified version to avoid complex AST traversal issues
-                    // Only flag if this is clearly in a message handler without validation
-                    // We'll rely on the addEventListener check for the main logic
-                    return;
-                }
-            },
-        };
-    },
-});

package/src/rules/no-insufficient-random/index.d.ts

@@ -1,9 +0,0 @@
-export interface Options {
-    /** Allow Math.random() in test files. Default: false */
-    allowInTests?: boolean;
-    /** Additional weak PRNG patterns to detect. Default: [] */
-    additionalWeakPatterns?: string[];
-    /** Trusted random libraries. Default: ['crypto'] */
-    trustedLibraries?: string[];
-}
-export declare const noInsufficientRandom: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/no-insufficient-random/index.js

@@ -1,208 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noInsufficientRandom = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-const eslint_devkit_2 = require("@interlace/eslint-devkit");
-const WEAK_RANDOM_PATTERNS = [
-    {
-        pattern: /\bMath\.random\b/i,
-        name: 'Math.random()',
-        category: 'math',
-        alternatives: ['crypto.getRandomValues()', 'crypto.randomBytes()'],
-        example: {
-            bad: 'const random = Math.random();',
-            good: 'const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
-        },
-        effort: '5 minutes'
-    },
-    {
-        pattern: /\brandom\(\)/i,
-        name: 'random()',
-        category: 'library',
-        alternatives: ['crypto.getRandomValues()'],
-        example: {
-            bad: 'const random = random();',
-            good: 'const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
-        },
-        effort: '5 minutes'
-    }
-];
-/**
- * Check if a string contains a weak random pattern
- */
-function containsWeakRandom(value, additionalPatterns) {
-    // Check standard patterns
-    for (const pattern of WEAK_RANDOM_PATTERNS) {
-        if (pattern.pattern.test(value)) {
-            return pattern;
-        }
-    }
-    // Check additional patterns
-    for (const additionalPattern of additionalPatterns) {
-        const regex = new RegExp(`\\b${additionalPattern}\\b`, 'i');
-        if (regex.test(value)) {
-            return {
-                pattern: regex,
-                name: additionalPattern,
-                category: 'custom',
-                alternatives: ['crypto.getRandomValues()'],
-                example: {
-                    bad: `${additionalPattern}()`,
-                    good: 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)'
-                },
-                effort: '10 minutes'
-            };
-        }
-    }
-    return null;
-}
-/**
- * Check if a MemberExpression is Math.random()
- */
-function isMathRandom(node) {
-    return (node.object.type === 'Identifier' &&
-        node.object.name === 'Math' &&
-        node.property.type === 'Identifier' &&
-        node.property.name === 'random');
-}
-/**
- * Generate refactoring suggestions
- */
-function generateSuggestions(pattern) {
-    const suggestions = [];
-    if (pattern.category === 'math') {
-        suggestions.push({
-            messageId: 'useCryptoRandomValues',
-            fix: 'Use crypto.getRandomValues(): const random = crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1);'
-        });
-    }
-    else {
-        suggestions.push({
-            messageId: 'useSecureRandom',
-            fix: 'Use crypto.getRandomValues() or crypto.randomBytes() for secure random number generation'
-        });
-    }
-    return suggestions;
-}
-exports.noInsufficientRandom = (0, eslint_devkit_2.createRule)({
-    name: 'no-insufficient-random',
-    meta: {
-        type: 'problem',
-        deprecated: true,
-        replacedBy: ['@see eslint-plugin-crypto/no-math-random-crypto'],
-        docs: {
-            description: 'Detects weak random number generation (Math.random(), weak PRNG)',
-        },
-        hasSuggestions: true,
-        messages: {
-            insufficientRandom: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'Weak random number generation',
-                cwe: 'CWE-338',
-                description: 'Use of weak pseudo-random number generator: {{pattern}}',
-                severity: 'HIGH',
-                fix: '{{safeAlternative}}',
-                documentationLink: 'https://cwe.mitre.org/data/definitions/338.html',
-            }),
-            useCryptoRandomValues: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use Crypto Random',
-                description: 'Use crypto.getRandomValues()',
-                severity: 'LOW',
-                fix: 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)',
-                documentationLink: 'https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues',
-            }),
-            useSecureRandom: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use Secure Random',
-                description: 'Use crypto for secure random generation',
-                severity: 'LOW',
-                fix: 'crypto.randomBytes() or crypto.getRandomValues()',
-                documentationLink: 'https://nodejs.org/api/crypto.html#cryptorandombytessize-callback',
-            }),
-        },
-        schema: [
-            {
-                type: 'object',
-                properties: {
-                    allowInTests: {
-                        type: 'boolean',
-                        default: false,
-                        description: 'Allow Math.random() in test files',
-                    },
-                    additionalWeakPatterns: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                        description: 'Additional weak PRNG patterns to detect',
-                    },
-                },
-                additionalProperties: false,
-            },
-        ],
-    },
-    defaultOptions: [
-        {
-            allowInTests: false,
-            additionalWeakPatterns: [],
-        },
-    ],
-    create(context, [options = {}]) {
-        const { allowInTests = false, additionalWeakPatterns = [], } = options;
-        const filename = context.getFilename();
-        const isTestFile = allowInTests && /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(filename);
-        /**
-         * Check if a call expression uses weak random generation
-         */
-        function checkCallExpression(node) {
-            if (isTestFile) {
-                return;
-            }
-            // Check for Math.random() calls
-            if (node.callee.type === 'MemberExpression' && isMathRandom(node.callee)) {
-                const pattern = containsWeakRandom('Math.random()', additionalWeakPatterns);
-                if (pattern) {
-                    const safeAlternative = pattern.alternatives[0];
-                    const suggestions = generateSuggestions(pattern);
-                    context.report({
-                        node: node.callee,
-                        messageId: 'insufficientRandom',
-                        data: {
-                            pattern: pattern.name,
-                            safeAlternative: `Use ${safeAlternative}: ${pattern.example.good}`,
-                        },
-                        suggest: suggestions.map(step => ({
-                            messageId: step.messageId,
-                            fix: (fixer) => {
-                                // Replace Math.random() with crypto.getRandomValues()
-                                return fixer.replaceText(node, 'crypto.getRandomValues(new Uint32Array(1))[0] / (0xFFFFFFFF + 1)');
-                            },
-                        })),
-                    });
-                }
-                return;
-            }
-            // Check for standalone random() function calls (if configured)
-            if (node.callee.type === 'Identifier' && additionalWeakPatterns.length > 0) {
-                const sourceCode = context.sourceCode || context.sourceCode;
-                const callText = sourceCode.getText(node);
-                const pattern = containsWeakRandom(callText, additionalWeakPatterns);
-                if (pattern) {
-                    const safeAlternative = pattern.alternatives[0];
-                    context.report({
-                        node: node.callee,
-                        messageId: 'insufficientRandom',
-                        data: {
-                            pattern: pattern.name,
-                            safeAlternative: `Use ${safeAlternative}: ${pattern.example.good}`,
-                        },
-                        // Custom patterns cannot be safely auto-fixed - error message provides guidance
-                    });
-                }
-            }
-        }
-        return {
-            CallExpression: checkCallExpression,
-        };
-    },
-});

package/src/rules/no-ldap-injection/index.d.ts

@@ -1,10 +0,0 @@
-import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
-export interface Options extends SecurityRuleOptions {
-    /** LDAP-related function names to check */
-    ldapFunctions?: string[];
-    /** Functions that safely escape LDAP input */
-    ldapEscapeFunctions?: string[];
-    /** Functions that validate LDAP input */
-    ldapValidationFunctions?: string[];
-}
-export declare const noLdapInjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;