eslint-plugin-secure-coding 2.3.2 → 2.3.3

package/src/rules/require-secure-defaults/index.ts

@@ -0,0 +1,54 @@
+/**
+ * @fileoverview Ensure secure default configurations
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/453.html
+ */
+
+import { createRule, formatLLMMessage, MessageIcons } from '@interlace/eslint-devkit';
+import type { TSESTree } from '@interlace/eslint-devkit';
+
+type MessageIds = 'violationDetected';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type, @typescript-eslint/no-empty-interface -- Rule has no configurable options
+export interface Options {}
+
+type RuleOptions = [Options?];
+
+export const requireSecureDefaults = createRule<RuleOptions, MessageIds>({
+  name: 'require-secure-defaults',
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'Ensure secure default configurations',
+      category: 'Security',
+      recommended: true,
+      owaspMobile: ['M8'],
+      cweIds: ["CWE-453"],
+    },
+    messages: {
+      violationDetected: formatLLMMessage({
+        icon: MessageIcons.SECURITY,
+        issueName: 'violation Detected',
+        cwe: 'CWE-1188',
+        description: 'Ensure secure default configurations detected - Insecure default values',
+        severity: 'MEDIUM',
+        fix: 'Review and apply secure practices',
+        documentationLink: 'https://cwe.mitre.org/data/definitions/1188.html',
+      })
+    },
+    schema: [],
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      Property(node: TSESTree.Property) {
+        if (node.key.type === 'Identifier' && 
+            ['secure', 'strictSSL', 'verify'].includes(node.key.name) &&
+            node.value.type === 'Literal' && 
+            node.value.value === false) {
+          context.report({ node, messageId: 'violationDetected' });
+        }
+      },
+    };
+  },
+});

package/src/rules/require-secure-defaults/require-secure-defaults.test.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Tests for require-secure-defaults
+ * 
+ * Coverage: Comprehensive test suite with valid and invalid cases
+ */
+
+import { RuleTester } from '@typescript-eslint/rule-tester';
+import { requireSecureDefaults } from './index';
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+  },
+});
+
+ruleTester.run('require-secure-defaults', requireSecureDefaults, {
+  valid: [
+    { code: "const config = { secure: true, httpOnly: true }" },
+    { code: "cookie({ secure: true })" }
+  ],
+
+  invalid: [
+    { code: "cookie({ secure: false })", errors: [{ messageId: 'violationDetected' }] }
+  ],
+});

package/src/rules/require-secure-deletion/index.ts

@@ -0,0 +1,52 @@
+/**
+ * @fileoverview Require secure data deletion patterns
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/459.html
+ */
+
+import { createRule, formatLLMMessage, MessageIcons } from '@interlace/eslint-devkit';
+import type { TSESTree } from '@interlace/eslint-devkit';
+
+type MessageIds = 'violationDetected';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type, @typescript-eslint/no-empty-interface -- Rule has no configurable options
+export interface Options {}
+
+type RuleOptions = [Options?];
+
+export const requireSecureDeletion = createRule<RuleOptions, MessageIds>({
+  name: 'require-secure-deletion',
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'Require secure data deletion patterns',
+      category: 'Security',
+      recommended: true,
+      owaspMobile: ['M9'],
+      cweIds: ["CWE-459"],
+    },
+    messages: {
+      violationDetected: formatLLMMessage({
+        icon: MessageIcons.SECURITY,
+        issueName: 'violation Detected',
+        cwe: 'CWE-459',
+        description: 'Require secure data deletion patterns detected - delete without secure wipe',
+        severity: 'MEDIUM',
+        fix: 'Review and apply secure practices',
+        documentationLink: 'https://cwe.mitre.org/data/definitions/459.html',
+      })
+    },
+    schema: [],
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      
+      UnaryExpression(node: TSESTree.UnaryExpression) {
+        if (node.operator === 'delete') {
+          context.report({ node, messageId: 'violationDetected' });
+        }
+      },
+    };
+  },
+});

package/src/rules/require-secure-deletion/require-secure-deletion.test.ts

@@ -0,0 +1,29 @@
+/**
+ * @fileoverview Tests for require-secure-deletion
+ */
+
+import { RuleTester } from '@typescript-eslint/rule-tester';
+import { requireSecureDeletion } from './index';
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+  },
+});
+
+ruleTester.run('require-secure-deletion', requireSecureDeletion, {
+  valid: [
+    // Secure deletion patterns
+    { code: "secureDelete(file)" },
+    { code: "data = null; gc()" },
+    { code: "const x = 1" },
+  ],
+
+  invalid: [
+    // Using delete operator (doesn't securely wipe)
+    { code: "delete user.password", errors: [{ messageId: 'violationDetected' }] },
+    { code: "delete sensitiveData.token", errors: [{ messageId: 'violationDetected' }] },
+    { code: "delete obj.secret", errors: [{ messageId: 'violationDetected' }] },
+  ],
+});

package/src/rules/require-storage-encryption/index.ts

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview Require encryption for persistent storage
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/311.html
+ */
+
+import { createRule, formatLLMMessage, MessageIcons } from '@interlace/eslint-devkit';
+import type { TSESTree } from '@interlace/eslint-devkit';
+
+type MessageIds = 'violationDetected';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type, @typescript-eslint/no-empty-interface -- Rule has no configurable options
+export interface Options {}
+
+type RuleOptions = [Options?];
+
+export const requireStorageEncryption = createRule<RuleOptions, MessageIds>({
+  name: 'require-storage-encryption',
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'Require encryption for persistent storage',
+      category: 'Security',
+      recommended: true,
+      owaspMobile: ['M9'],
+      cweIds: ["CWE-311"],
+    },
+    messages: {
+      violationDetected: formatLLMMessage({
+        icon: MessageIcons.SECURITY,
+        issueName: 'violation Detected',
+        cwe: 'CWE-312',
+        description: 'Require encryption for persistent storage detected - Storage without encryption',
+        severity: 'HIGH',
+        fix: 'Review and apply secure practices',
+        documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
+      })
+    },
+    schema: [],
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      
+      CallExpression(node: TSESTree.CallExpression) {
+        if (node.callee.type === 'MemberExpression' &&
+            ['setItem', 'writeFile'].includes(node.callee.property.name)) {
+          // Check for encryption wrapper
+          const hasEncryption = node.arguments.some(arg =>
+            arg.type === 'CallExpression' &&
+            arg.callee.name?.includes('encrypt')
+          );
+          if (!hasEncryption) {
+            context.report({ node, messageId: 'violationDetected' });
+          }
+        }
+      },
+    };
+  },
+});

package/src/rules/require-storage-encryption/require-storage-encryption.test.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Tests for require-storage-encryption
+ * 
+ * Coverage: Comprehensive test suite with valid and invalid cases
+ */
+
+import { RuleTester } from '@typescript-eslint/rule-tester';
+import { requireStorageEncryption } from './index';
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+  },
+});
+
+ruleTester.run('require-storage-encryption', requireStorageEncryption, {
+  valid: [
+    { code: "await SecureStore.setItemAsync('token', token)" },
+    { code: "const encrypted = encrypt(data)" }
+  ],
+
+  invalid: [
+    { code: "AsyncStorage.setItem('password', pwd)", errors: [{ messageId: 'violationDetected' }] }
+  ],
+});

package/src/rules/require-url-validation/index.ts

@@ -0,0 +1,85 @@
+/**
+ * @fileoverview Enforce URL validation before navigation
+ */
+
+import { createRule, formatLLMMessage, MessageIcons } from '@interlace/eslint-devkit';
+import type { TSESTree } from '@interlace/eslint-devkit';
+
+type MessageIds = 'violationDetected';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-object-type, @typescript-eslint/no-empty-interface -- Rule has no configurable options
+export interface Options {}
+
+type RuleOptions = [Options?];
+
+export const requireUrlValidation = createRule<RuleOptions, MessageIds>({
+  name: 'require-url-validation',
+  meta: {
+    type: 'problem',
+    docs: {
+      description: 'Enforce URL validation before navigation',
+    },
+    messages: {
+      violationDetected: formatLLMMessage({
+        icon: MessageIcons.SECURITY,
+        issueName: 'URL Validation Required',
+        cwe: 'CWE-601',
+        description: 'Unvalidated URL used for navigation - this is a security risk',
+        severity: 'HIGH',
+        fix: 'Validate URLs before using them for navigation',
+        documentationLink: 'https://cwe.mitre.org/data/definitions/601.html',
+      })
+    },
+    schema: [],
+  },
+  defaultOptions: [],
+  create(context) {
+    function report(node: TSESTree.Node) {
+      context.report({ node, messageId: 'violationDetected' });
+    }
+    
+    return {
+      AssignmentExpression(node: TSESTree.AssignmentExpression) {
+        // Detect window.location assignment from user input
+        if (node.left.type === 'MemberExpression' &&
+            node.left.object.type === 'Identifier' &&
+            node.left.object.name === 'window' &&
+            node.left.property.type === 'Identifier' &&
+            node.left.property.name === 'location') {
+          
+          // Flag if right side is a variable (not a literal URL)
+          if (node.right.type === 'Identifier') {
+            report(node);
+          }
+        }
+        
+        // Detect location.href assignment
+        if (node.left.type === 'MemberExpression' &&
+            node.left.object.type === 'Identifier' &&
+            node.left.object.name === 'location' &&
+            node.left.property.type === 'Identifier' &&
+            node.left.property.name === 'href') {
+          
+          if (node.right.type === 'Identifier') {
+            report(node);
+          }
+        }
+      },
+      
+      CallExpression(node: TSESTree.CallExpression) {
+        // Detect window.open with variable URL
+        if (node.callee.type === 'MemberExpression' &&
+            node.callee.object.type === 'Identifier' &&
+            node.callee.object.name === 'window' &&
+            node.callee.property.type === 'Identifier' &&
+            node.callee.property.name === 'open') {
+          
+          const urlArg = node.arguments[0];
+          if (urlArg && urlArg.type === 'Identifier') {
+            report(node);
+          }
+        }
+      },
+    };
+  },
+});

package/src/rules/require-url-validation/require-url-validation.test.ts

@@ -0,0 +1,32 @@
+/**
+ * @fileoverview Tests for require-url-validation
+ */
+
+import { RuleTester } from '@typescript-eslint/rule-tester';
+import { requireUrlValidation } from './index';
+
+const ruleTester = new RuleTester({
+  languageOptions: {
+    ecmaVersion: 2022,
+    sourceType: 'module',
+  },
+});
+
+ruleTester.run('require-url-validation', requireUrlValidation, {
+  valid: [
+    // Safe static URLs
+    { code: "window.location = 'https://example.com'" },
+    { code: "location.href = 'https://safe.com'" },
+    { code: "window.open('https://example.com')" },
+    // Non-navigation code
+    { code: "const url = 'https://example.com'" },
+    { code: "const x = 1" },
+  ],
+
+  invalid: [
+    // Variable URLs without validation
+    { code: "window.location = userUrl", errors: [{ messageId: 'violationDetected' }] },
+    { code: "location.href = redirectUrl", errors: [{ messageId: 'violationDetected' }] },
+    { code: "window.open(targetUrl)", errors: [{ messageId: 'violationDetected' }] },
+  ],
+});

package/src/types/{index.d.ts → index.ts}

@@ -1,18 +1,20 @@
 /**
  * eslint-plugin-secure-coding Type Exports
- *
+ * 
  * Barrel file that exports all security rule Options types with consistent naming.
- *
+ * 
  * Usage:
  * ```typescript
  * import type { NoSqlInjectionOptions } from 'eslint-plugin-secure-coding/types';
- *
+ * 
  * const config: NoSqlInjectionOptions = {
  *   allowDynamicTableNames: false,
  *   strategy: 'parameterize',
  * };
  * ```
  */
+
+// Injection Rules
 import type { Options as NoSqlInjectionOptions } from '../rules/no-sql-injection';
 import type { Options as DatabaseInjectionOptions } from '../rules/database-injection';
 import type { Options as DetectEvalWithExpressionOptions } from '../rules/detect-eval-with-expression';
@@ -24,48 +26,137 @@ import type { Options as NoXpathInjectionOptions } from '../rules/no-xpath-injec
 import type { Options as NoLdapInjectionOptions } from '../rules/no-ldap-injection';
 import type { Options as NoDirectiveInjectionOptions } from '../rules/no-directive-injection';
 import type { Options as NoFormatStringInjectionOptions } from '../rules/no-format-string-injection';
+
+// Path & File Rules
 import type { Options as DetectNonLiteralFsFilenameOptions } from '../rules/detect-non-literal-fs-filename';
 import type { Options as NoZipSlipOptions } from '../rules/no-zip-slip';
 import type { Options as NoToctouVulnerabilityOptions } from '../rules/no-toctou-vulnerability';
+
+// Regex Rules
 import type { Options as DetectNonLiteralRegexpOptions } from '../rules/detect-non-literal-regexp';
 import type { Options as NoRedosVulnerableRegexOptions } from '../rules/no-redos-vulnerable-regex';
 import type { Options as NoUnsafeRegexConstructionOptions } from '../rules/no-unsafe-regex-construction';
+
+// Object & Prototype Rules
 import type { Options as DetectObjectInjectionOptions } from '../rules/detect-object-injection';
 import type { Options as NoUnsafeDeserializationOptions } from '../rules/no-unsafe-deserialization';
+
+// Credentials & Crypto Rules
 import type { Options as NoHardcodedCredentialsOptions } from '../rules/no-hardcoded-credentials';
 import type { Options as NoWeakCryptoOptions } from '../rules/no-weak-crypto';
 import type { Options as NoInsufficientRandomOptions } from '../rules/no-insufficient-random';
 import type { Options as NoTimingAttackOptions } from '../rules/no-timing-attack';
 import type { Options as NoInsecureComparisonOptions } from '../rules/no-insecure-comparison';
 import type { Options as NoInsecureJwtOptions } from '../rules/no-insecure-jwt';
+
+// Input Validation & XSS Rules
 import type { Options as NoUnvalidatedUserInputOptions } from '../rules/no-unvalidated-user-input';
 import type { Options as NoUnsanitizedHtmlOptions } from '../rules/no-unsanitized-html';
 import type { Options as NoUnescapedUrlParameterOptions } from '../rules/no-unescaped-url-parameter';
 import type { Options as NoImproperSanitizationOptions } from '../rules/no-improper-sanitization';
 import type { Options as NoImproperTypeValidationOptions } from '../rules/no-improper-type-validation';
+
+// Authentication & Authorization Rules
 import type { Options as NoMissingAuthenticationOptions } from '../rules/no-missing-authentication';
 import type { Options as NoPrivilegeEscalationOptions } from '../rules/no-privilege-escalation';
 import type { Options as NoWeakPasswordRecoveryOptions } from '../rules/no-weak-password-recovery';
+
+// Session & Cookies Rules
 import type { Options as NoInsecureCookieSettingsOptions } from '../rules/no-insecure-cookie-settings';
 import type { Options as NoMissingCsrfProtectionOptions } from '../rules/no-missing-csrf-protection';
 import type { Options as NoDocumentCookieOptions } from '../rules/no-document-cookie';
+
+// Network & Headers Rules
 import type { Options as NoMissingCorsCheckOptions } from '../rules/no-missing-cors-check';
 import type { Options as NoMissingSecurityHeadersOptions } from '../rules/no-missing-security-headers';
 import type { Options as NoInsecureRedirectsOptions } from '../rules/no-insecure-redirects';
 import type { Options as NoUnencryptedTransmissionOptions } from '../rules/no-unencrypted-transmission';
 import type { Options as NoClickjackingOptions } from '../rules/no-clickjacking';
+
+// Data Exposure Rules
 import type { Options as NoExposedSensitiveDataOptions } from '../rules/no-exposed-sensitive-data';
 import type { Options as NoSensitiveDataExposureOptions } from '../rules/no-sensitive-data-exposure';
+
+// Buffer & Memory Rules
 import type { Options as NoBufferOverreadOptions } from '../rules/no-buffer-overread';
+
+// Resource & DoS Rules
 import type { Options as NoUnlimitedResourceAllocationOptions } from '../rules/no-unlimited-resource-allocation';
 import type { Options as NoUncheckedLoopConditionOptions } from '../rules/no-unchecked-loop-condition';
+
+// Platform Specific Rules
 import type { Options as NoElectronSecurityIssuesOptions } from '../rules/no-electron-security-issues';
 import type { Options as NoInsufficientPostmessageValidationOptions } from '../rules/no-insufficient-postmessage-validation';
-export type { NoSqlInjectionOptions, DatabaseInjectionOptions, DetectEvalWithExpressionOptions, DetectChildProcessOptions, NoUnsafeDynamicRequireOptions, NoGraphqlInjectionOptions, NoXxeInjectionOptions, NoXpathInjectionOptions, NoLdapInjectionOptions, NoDirectiveInjectionOptions, NoFormatStringInjectionOptions, DetectNonLiteralFsFilenameOptions, NoZipSlipOptions, NoToctouVulnerabilityOptions, DetectNonLiteralRegexpOptions, NoRedosVulnerableRegexOptions, NoUnsafeRegexConstructionOptions, DetectObjectInjectionOptions, NoUnsafeDeserializationOptions, NoHardcodedCredentialsOptions, NoWeakCryptoOptions, NoInsufficientRandomOptions, NoTimingAttackOptions, NoInsecureComparisonOptions, NoInsecureJwtOptions, NoUnvalidatedUserInputOptions, NoUnsanitizedHtmlOptions, NoUnescapedUrlParameterOptions, NoImproperSanitizationOptions, NoImproperTypeValidationOptions, NoMissingAuthenticationOptions, NoPrivilegeEscalationOptions, NoWeakPasswordRecoveryOptions, NoInsecureCookieSettingsOptions, NoMissingCsrfProtectionOptions, NoDocumentCookieOptions, NoMissingCorsCheckOptions, NoMissingSecurityHeadersOptions, NoInsecureRedirectsOptions, NoUnencryptedTransmissionOptions, NoClickjackingOptions, NoExposedSensitiveDataOptions, NoSensitiveDataExposureOptions, NoBufferOverreadOptions, NoUnlimitedResourceAllocationOptions, NoUncheckedLoopConditionOptions, NoElectronSecurityIssuesOptions, NoInsufficientPostmessageValidationOptions, };
+
+// Export all types with consistent naming
+export type {
+  // Injection
+  NoSqlInjectionOptions,
+  DatabaseInjectionOptions,
+  DetectEvalWithExpressionOptions,
+  DetectChildProcessOptions,
+  NoUnsafeDynamicRequireOptions,
+  NoGraphqlInjectionOptions,
+  NoXxeInjectionOptions,
+  NoXpathInjectionOptions,
+  NoLdapInjectionOptions,
+  NoDirectiveInjectionOptions,
+  NoFormatStringInjectionOptions,
+  // Path & File
+  DetectNonLiteralFsFilenameOptions,
+  NoZipSlipOptions,
+  NoToctouVulnerabilityOptions,
+  // Regex
+  DetectNonLiteralRegexpOptions,
+  NoRedosVulnerableRegexOptions,
+  NoUnsafeRegexConstructionOptions,
+  // Object & Prototype
+  DetectObjectInjectionOptions,
+  NoUnsafeDeserializationOptions,
+  // Credentials & Crypto
+  NoHardcodedCredentialsOptions,
+  NoWeakCryptoOptions,
+  NoInsufficientRandomOptions,
+  NoTimingAttackOptions,
+  NoInsecureComparisonOptions,
+  NoInsecureJwtOptions,
+  // Input Validation & XSS
+  NoUnvalidatedUserInputOptions,
+  NoUnsanitizedHtmlOptions,
+  NoUnescapedUrlParameterOptions,
+  NoImproperSanitizationOptions,
+  NoImproperTypeValidationOptions,
+  // Authentication & Authorization
+  NoMissingAuthenticationOptions,
+  NoPrivilegeEscalationOptions,
+  NoWeakPasswordRecoveryOptions,
+  // Session & Cookies
+  NoInsecureCookieSettingsOptions,
+  NoMissingCsrfProtectionOptions,
+  NoDocumentCookieOptions,
+  // Network & Headers
+  NoMissingCorsCheckOptions,
+  NoMissingSecurityHeadersOptions,
+  NoInsecureRedirectsOptions,
+  NoUnencryptedTransmissionOptions,
+  NoClickjackingOptions,
+  // Data Exposure
+  NoExposedSensitiveDataOptions,
+  NoSensitiveDataExposureOptions,
+  // Buffer & Memory
+  NoBufferOverreadOptions,
+  // Resource & DoS
+  NoUnlimitedResourceAllocationOptions,
+  NoUncheckedLoopConditionOptions,
+  // Platform Specific
+  NoElectronSecurityIssuesOptions,
+  NoInsufficientPostmessageValidationOptions,
+};
+
 /**
  * Combined type for all security rule options
  * Useful for creating unified configuration objects
- *
+ * 
  * @example
  * ```typescript
  * const config: AllSecurityRulesOptions = {
@@ -80,52 +171,65 @@ export type { NoSqlInjectionOptions, DatabaseInjectionOptions, DetectEvalWithExp
  * ```
  */
 export type AllSecurityRulesOptions = {
-    'no-sql-injection'?: NoSqlInjectionOptions;
-    'database-injection'?: DatabaseInjectionOptions;
-    'detect-eval-with-expression'?: DetectEvalWithExpressionOptions;
-    'detect-child-process'?: DetectChildProcessOptions;
-    'no-unsafe-dynamic-require'?: NoUnsafeDynamicRequireOptions;
-    'no-graphql-injection'?: NoGraphqlInjectionOptions;
-    'no-xxe-injection'?: NoXxeInjectionOptions;
-    'no-xpath-injection'?: NoXpathInjectionOptions;
-    'no-ldap-injection'?: NoLdapInjectionOptions;
-    'no-directive-injection'?: NoDirectiveInjectionOptions;
-    'no-format-string-injection'?: NoFormatStringInjectionOptions;
-    'detect-non-literal-fs-filename'?: DetectNonLiteralFsFilenameOptions;
-    'no-zip-slip'?: NoZipSlipOptions;
-    'no-toctou-vulnerability'?: NoToctouVulnerabilityOptions;
-    'detect-non-literal-regexp'?: DetectNonLiteralRegexpOptions;
-    'no-redos-vulnerable-regex'?: NoRedosVulnerableRegexOptions;
-    'no-unsafe-regex-construction'?: NoUnsafeRegexConstructionOptions;
-    'detect-object-injection'?: DetectObjectInjectionOptions;
-    'no-unsafe-deserialization'?: NoUnsafeDeserializationOptions;
-    'no-hardcoded-credentials'?: NoHardcodedCredentialsOptions;
-    'no-weak-crypto'?: NoWeakCryptoOptions;
-    'no-insufficient-random'?: NoInsufficientRandomOptions;
-    'no-timing-attack'?: NoTimingAttackOptions;
-    'no-insecure-comparison'?: NoInsecureComparisonOptions;
-    'no-insecure-jwt'?: NoInsecureJwtOptions;
-    'no-unvalidated-user-input'?: NoUnvalidatedUserInputOptions;
-    'no-unsanitized-html'?: NoUnsanitizedHtmlOptions;
-    'no-unescaped-url-parameter'?: NoUnescapedUrlParameterOptions;
-    'no-improper-sanitization'?: NoImproperSanitizationOptions;
-    'no-improper-type-validation'?: NoImproperTypeValidationOptions;
-    'no-missing-authentication'?: NoMissingAuthenticationOptions;
-    'no-privilege-escalation'?: NoPrivilegeEscalationOptions;
-    'no-weak-password-recovery'?: NoWeakPasswordRecoveryOptions;
-    'no-insecure-cookie-settings'?: NoInsecureCookieSettingsOptions;
-    'no-missing-csrf-protection'?: NoMissingCsrfProtectionOptions;
-    'no-document-cookie'?: NoDocumentCookieOptions;
-    'no-missing-cors-check'?: NoMissingCorsCheckOptions;
-    'no-missing-security-headers'?: NoMissingSecurityHeadersOptions;
-    'no-insecure-redirects'?: NoInsecureRedirectsOptions;
-    'no-unencrypted-transmission'?: NoUnencryptedTransmissionOptions;
-    'no-clickjacking'?: NoClickjackingOptions;
-    'no-exposed-sensitive-data'?: NoExposedSensitiveDataOptions;
-    'no-sensitive-data-exposure'?: NoSensitiveDataExposureOptions;
-    'no-buffer-overread'?: NoBufferOverreadOptions;
-    'no-unlimited-resource-allocation'?: NoUnlimitedResourceAllocationOptions;
-    'no-unchecked-loop-condition'?: NoUncheckedLoopConditionOptions;
-    'no-electron-security-issues'?: NoElectronSecurityIssuesOptions;
-    'no-insufficient-postmessage-validation'?: NoInsufficientPostmessageValidationOptions;
+  // Injection
+  'no-sql-injection'?: NoSqlInjectionOptions;
+  'database-injection'?: DatabaseInjectionOptions;
+  'detect-eval-with-expression'?: DetectEvalWithExpressionOptions;
+  'detect-child-process'?: DetectChildProcessOptions;
+  'no-unsafe-dynamic-require'?: NoUnsafeDynamicRequireOptions;
+  'no-graphql-injection'?: NoGraphqlInjectionOptions;
+  'no-xxe-injection'?: NoXxeInjectionOptions;
+  'no-xpath-injection'?: NoXpathInjectionOptions;
+  'no-ldap-injection'?: NoLdapInjectionOptions;
+  'no-directive-injection'?: NoDirectiveInjectionOptions;
+  'no-format-string-injection'?: NoFormatStringInjectionOptions;
+  // Path & File
+  'detect-non-literal-fs-filename'?: DetectNonLiteralFsFilenameOptions;
+  'no-zip-slip'?: NoZipSlipOptions;
+  'no-toctou-vulnerability'?: NoToctouVulnerabilityOptions;
+  // Regex
+  'detect-non-literal-regexp'?: DetectNonLiteralRegexpOptions;
+  'no-redos-vulnerable-regex'?: NoRedosVulnerableRegexOptions;
+  'no-unsafe-regex-construction'?: NoUnsafeRegexConstructionOptions;
+  // Object & Prototype
+  'detect-object-injection'?: DetectObjectInjectionOptions;
+  'no-unsafe-deserialization'?: NoUnsafeDeserializationOptions;
+  // Credentials & Crypto
+  'no-hardcoded-credentials'?: NoHardcodedCredentialsOptions;
+  'no-weak-crypto'?: NoWeakCryptoOptions;
+  'no-insufficient-random'?: NoInsufficientRandomOptions;
+  'no-timing-attack'?: NoTimingAttackOptions;
+  'no-insecure-comparison'?: NoInsecureComparisonOptions;
+  'no-insecure-jwt'?: NoInsecureJwtOptions;
+  // Input Validation & XSS
+  'no-unvalidated-user-input'?: NoUnvalidatedUserInputOptions;
+  'no-unsanitized-html'?: NoUnsanitizedHtmlOptions;
+  'no-unescaped-url-parameter'?: NoUnescapedUrlParameterOptions;
+  'no-improper-sanitization'?: NoImproperSanitizationOptions;
+  'no-improper-type-validation'?: NoImproperTypeValidationOptions;
+  // Authentication & Authorization
+  'no-missing-authentication'?: NoMissingAuthenticationOptions;
+  'no-privilege-escalation'?: NoPrivilegeEscalationOptions;
+  'no-weak-password-recovery'?: NoWeakPasswordRecoveryOptions;
+  // Session & Cookies
+  'no-insecure-cookie-settings'?: NoInsecureCookieSettingsOptions;
+  'no-missing-csrf-protection'?: NoMissingCsrfProtectionOptions;
+  'no-document-cookie'?: NoDocumentCookieOptions;
+  // Network & Headers
+  'no-missing-cors-check'?: NoMissingCorsCheckOptions;
+  'no-missing-security-headers'?: NoMissingSecurityHeadersOptions;
+  'no-insecure-redirects'?: NoInsecureRedirectsOptions;
+  'no-unencrypted-transmission'?: NoUnencryptedTransmissionOptions;
+  'no-clickjacking'?: NoClickjackingOptions;
+  // Data Exposure
+  'no-exposed-sensitive-data'?: NoExposedSensitiveDataOptions;
+  'no-sensitive-data-exposure'?: NoSensitiveDataExposureOptions;
+  // Buffer & Memory
+  'no-buffer-overread'?: NoBufferOverreadOptions;
+  // Resource & DoS
+  'no-unlimited-resource-allocation'?: NoUnlimitedResourceAllocationOptions;
+  'no-unchecked-loop-condition'?: NoUncheckedLoopConditionOptions;
+  // Platform Specific
+  'no-electron-security-issues'?: NoElectronSecurityIssuesOptions;
+  'no-insufficient-postmessage-validation'?: NoInsufficientPostmessageValidationOptions;
 };