npm - eslint-plugin-secure-coding - Versions diffs - 2.3.2 → 2.3.3 - Mend

eslint-plugin-secure-coding 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/src/rules/no-tracking-without-consent/index.js DELETED Viewed

@@ -1,67 +0,0 @@
-"use strict";
-/**
- * @fileoverview Require consent before tracking
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noTrackingWithoutConsent = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-exports.noTrackingWithoutConsent = (0, eslint_devkit_1.createRule)({
-    name: 'no-tracking-without-consent',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Require consent before analytics tracking',
-        },
-        messages: {
-            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'Tracking Without Consent',
-                cwe: 'CWE-359',
-                description: 'Analytics tracking without consent check - violates privacy regulations',
-                severity: 'MEDIUM',
-                fix: 'Wrap tracking calls in consent check: if (hasConsent) { analytics.track(...) }',
-                documentationLink: 'https://cwe.mitre.org/data/definitions/359.html',
-            })
-        },
-        schema: [],
-    },
-    defaultOptions: [],
-    create(context) {
-        function report(node) {
-            context.report({ node, messageId: 'violationDetected' });
-        }
-        function isInsideConsentCheck(node) {
-            let current = node.parent;
-            while (current) {
-                if (current.type === 'IfStatement') {
-                    return true;
-                }
-                if (current.type === 'ConditionalExpression') {
-                    return true;
-                }
-                current = current.parent;
-            }
-            return false;
-        }
-        return {
-            CallExpression(node) {
-                // Detect analytics.track() or similar
-                if (node.callee.type === 'MemberExpression' &&
-                    node.callee.object.type === 'Identifier' &&
-                    node.callee.object.name === 'analytics' &&
-                    node.callee.property.type === 'Identifier' &&
-                    ['track', 'identify', 'page'].includes(node.callee.property.name)) {
-                    if (!isInsideConsentCheck(node)) {
-                        report(node);
-                    }
-                }
-                // Google Analytics gtag
-                if (node.callee.type === 'Identifier' && node.callee.name === 'gtag') {
-                    if (!isInsideConsentCheck(node)) {
-                        report(node);
-                    }
-                }
-            },
-        };
-    },
-});

package/src/rules/no-unchecked-loop-condition/index.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
-export interface Options extends SecurityRuleOptions {
-    /** Maximum allowed loop iterations for static analysis */
-    maxStaticIterations?: number;
-    /** Variables that contain user input */
-    userInputVariables?: string[];
-    /** Allow while(true) loops with breaks */
-    allowWhileTrueWithBreak?: boolean;
-    /** Maximum recursion depth to allow */
-    maxRecursionDepth?: number;
-}
-export declare const noUncheckedLoopCondition: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;