npm - eslint-plugin-secure-coding - Versions diffs - 2.3.2 → 2.3.3 - Mend

eslint-plugin-secure-coding 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/src/index.d.ts DELETED Viewed

@@ -1,32 +0,0 @@
-/**
- * eslint-plugin-secure-coding
- *
- * A comprehensive security-focused ESLint plugin with 48+ rules
- * for detecting and preventing security vulnerabilities in JavaScript/TypeScript code.
- *
- * Features:
- * - LLM-optimized error messages with CWE references
- * - OWASP Top 10 coverage
- * - Auto-fix capabilities where safe
- * - Structured context for AI assistants
- *
- * @see https://github.com/ofri-peretz/eslint#readme
- */
-import { TSESLint } from '@interlace/eslint-devkit';
-/**
- * Collection of all security ESLint rules
- */
-export declare const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>>;
-/**
- * ESLint Plugin object
- */
-export declare const plugin: TSESLint.FlatConfig.Plugin;
-export declare const configs: Record<string, TSESLint.FlatConfig.Config>;
-/**
- * Default export for ESLint plugin
- */
-export default plugin;
-/**
- * Re-export all types from the types barrel
- */
-export type { NoSqlInjectionOptions, DatabaseInjectionOptions, DetectEvalWithExpressionOptions, DetectChildProcessOptions, NoUnsafeDynamicRequireOptions, NoGraphqlInjectionOptions, NoXxeInjectionOptions, NoXpathInjectionOptions, NoLdapInjectionOptions, NoDirectiveInjectionOptions, NoFormatStringInjectionOptions, DetectNonLiteralFsFilenameOptions, NoZipSlipOptions, NoToctouVulnerabilityOptions, DetectNonLiteralRegexpOptions, NoRedosVulnerableRegexOptions, NoUnsafeRegexConstructionOptions, DetectObjectInjectionOptions, NoUnsafeDeserializationOptions, NoHardcodedCredentialsOptions, NoWeakCryptoOptions, NoInsufficientRandomOptions, NoTimingAttackOptions, NoInsecureComparisonOptions, NoInsecureJwtOptions, NoUnvalidatedUserInputOptions, NoUnsanitizedHtmlOptions, NoUnescapedUrlParameterOptions, NoImproperSanitizationOptions, NoImproperTypeValidationOptions, NoMissingAuthenticationOptions, NoPrivilegeEscalationOptions, NoWeakPasswordRecoveryOptions, NoInsecureCookieSettingsOptions, NoMissingCsrfProtectionOptions, NoDocumentCookieOptions, NoMissingCorsCheckOptions, NoMissingSecurityHeadersOptions, NoInsecureRedirectsOptions, NoUnencryptedTransmissionOptions, NoClickjackingOptions, NoExposedSensitiveDataOptions, NoSensitiveDataExposureOptions, NoBufferOverreadOptions, NoUnlimitedResourceAllocationOptions, NoUncheckedLoopConditionOptions, NoElectronSecurityIssuesOptions, NoInsufficientPostmessageValidationOptions, AllSecurityRulesOptions, } from './types/index';

package/src/index.js DELETED Viewed

@@ -1,465 +0,0 @@
-"use strict";
-/**
- * eslint-plugin-secure-coding
- *
- * A comprehensive security-focused ESLint plugin with 48+ rules
- * for detecting and preventing security vulnerabilities in JavaScript/TypeScript code.
- *
- * Features:
- * - LLM-optimized error messages with CWE references
- * - OWASP Top 10 coverage
- * - Auto-fix capabilities where safe
- * - Structured context for AI assistants
- *
- * @see https://github.com/ofri-peretz/eslint#readme
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.configs = exports.plugin = exports.rules = void 0;
-// Security rules - Injection
-const no_sql_injection_1 = require("./rules/no-sql-injection");
-const database_injection_1 = require("./rules/database-injection");
-const detect_eval_with_expression_1 = require("./rules/detect-eval-with-expression");
-const detect_child_process_1 = require("./rules/detect-child-process");
-const no_unsafe_dynamic_require_1 = require("./rules/no-unsafe-dynamic-require");
-const no_graphql_injection_1 = require("./rules/no-graphql-injection");
-const no_xxe_injection_1 = require("./rules/no-xxe-injection");
-const no_xpath_injection_1 = require("./rules/no-xpath-injection");
-const no_ldap_injection_1 = require("./rules/no-ldap-injection");
-const no_directive_injection_1 = require("./rules/no-directive-injection");
-const no_format_string_injection_1 = require("./rules/no-format-string-injection");
-// Security rules - Path & File
-const detect_non_literal_fs_filename_1 = require("./rules/detect-non-literal-fs-filename");
-const no_zip_slip_1 = require("./rules/no-zip-slip");
-const no_toctou_vulnerability_1 = require("./rules/no-toctou-vulnerability");
-// Security rules - Regex
-const detect_non_literal_regexp_1 = require("./rules/detect-non-literal-regexp");
-const no_redos_vulnerable_regex_1 = require("./rules/no-redos-vulnerable-regex");
-const no_unsafe_regex_construction_1 = require("./rules/no-unsafe-regex-construction");
-// Security rules - Object & Prototype
-const detect_object_injection_1 = require("./rules/detect-object-injection");
-const no_unsafe_deserialization_1 = require("./rules/no-unsafe-deserialization");
-// Security rules - Credentials & Crypto
-const no_hardcoded_credentials_1 = require("./rules/no-hardcoded-credentials");
-const no_weak_crypto_1 = require("./rules/no-weak-crypto");
-const no_insufficient_random_1 = require("./rules/no-insufficient-random");
-const no_timing_attack_1 = require("./rules/no-timing-attack");
-const no_insecure_comparison_1 = require("./rules/no-insecure-comparison");
-const no_insecure_jwt_1 = require("./rules/no-insecure-jwt");
-// Security rules - Input Validation & XSS
-const no_unvalidated_user_input_1 = require("./rules/no-unvalidated-user-input");
-const no_unsanitized_html_1 = require("./rules/no-unsanitized-html");
-const no_unescaped_url_parameter_1 = require("./rules/no-unescaped-url-parameter");
-const no_improper_sanitization_1 = require("./rules/no-improper-sanitization");
-const no_improper_type_validation_1 = require("./rules/no-improper-type-validation");
-// Security rules - Authentication & Authorization
-const no_missing_authentication_1 = require("./rules/no-missing-authentication");
-const no_privilege_escalation_1 = require("./rules/no-privilege-escalation");
-const no_weak_password_recovery_1 = require("./rules/no-weak-password-recovery");
-// Security rules - Session & Cookies
-const no_insecure_cookie_settings_1 = require("./rules/no-insecure-cookie-settings");
-const no_missing_csrf_protection_1 = require("./rules/no-missing-csrf-protection");
-const no_document_cookie_1 = require("./rules/no-document-cookie");
-// Security rules - Network & Headers
-const no_missing_cors_check_1 = require("./rules/no-missing-cors-check");
-const no_missing_security_headers_1 = require("./rules/no-missing-security-headers");
-const no_insecure_redirects_1 = require("./rules/no-insecure-redirects");
-const no_unencrypted_transmission_1 = require("./rules/no-unencrypted-transmission");
-const no_clickjacking_1 = require("./rules/no-clickjacking");
-// Security rules - Data Exposure
-const no_exposed_sensitive_data_1 = require("./rules/no-exposed-sensitive-data");
-const no_sensitive_data_exposure_1 = require("./rules/no-sensitive-data-exposure");
-// Security rules - Buffer & Memory
-const no_buffer_overread_1 = require("./rules/no-buffer-overread");
-// Security rules - Resource & DoS
-const no_unlimited_resource_allocation_1 = require("./rules/no-unlimited-resource-allocation");
-const no_unchecked_loop_condition_1 = require("./rules/no-unchecked-loop-condition");
-// Security rules - Platform Specific
-const no_electron_security_issues_1 = require("./rules/no-electron-security-issues");
-const no_insufficient_postmessage_validation_1 = require("./rules/no-insufficient-postmessage-validation");
-// OWASP Mobile Top 10 2023/2024 - Mobile Security Rules (40 rules)
-// M1: Improper Credential Usage (3 rules)
-const no_credentials_in_storage_api_1 = require("./rules/no-credentials-in-storage-api");
-const no_credentials_in_query_params_1 = require("./rules/no-credentials-in-query-params");
-const require_secure_credential_storage_1 = require("./rules/require-secure-credential-storage");
-// M2: Inadequate Supply Chain Security (4 rules)
-const require_dependency_integrity_1 = require("./rules/require-dependency-integrity");
-const detect_suspicious_dependencies_1 = require("./rules/detect-suspicious-dependencies");
-const no_dynamic_dependency_loading_1 = require("./rules/no-dynamic-dependency-loading");
-const require_package_lock_1 = require("./rules/require-package-lock");
-// M3: Insecure Authentication/Authorization (5 rules)
-const no_client_side_auth_logic_1 = require("./rules/no-client-side-auth-logic");
-const require_backend_authorization_1 = require("./rules/require-backend-authorization");
-const no_hardcoded_session_tokens_1 = require("./rules/no-hardcoded-session-tokens");
-const detect_weak_password_validation_1 = require("./rules/detect-weak-password-validation");
-const no_password_in_url_1 = require("./rules/no-password-in-url");
-// M4: Insufficient Input/Output Validation (6 rules)
-const no_unvalidated_deeplinks_1 = require("./rules/no-unvalidated-deeplinks");
-const require_url_validation_1 = require("./rules/require-url-validation");
-const no_arbitrary_file_access_1 = require("./rules/no-arbitrary-file-access");
-const require_mime_type_validation_1 = require("./rules/require-mime-type-validation");
-const no_postmessage_origin_wildcard_1 = require("./rules/no-postmessage-origin-wildcard");
-const require_csp_headers_1 = require("./rules/require-csp-headers");
-// M5: Insecure Communication (7 rules)
-const no_http_urls_1 = require("./rules/no-http-urls");
-const no_disabled_certificate_validation_1 = require("./rules/no-disabled-certificate-validation");
-const require_https_only_1 = require("./rules/require-https-only");
-const no_insecure_websocket_1 = require("./rules/no-insecure-websocket");
-const detect_mixed_content_1 = require("./rules/detect-mixed-content");
-const no_allow_arbitrary_loads_1 = require("./rules/no-allow-arbitrary-loads");
-const require_network_timeout_1 = require("./rules/require-network-timeout");
-// M6: Inadequate Privacy Controls (4 rules)
-const no_pii_in_logs_1 = require("./rules/no-pii-in-logs");
-const no_tracking_without_consent_1 = require("./rules/no-tracking-without-consent");
-const require_data_minimization_1 = require("./rules/require-data-minimization");
-const no_sensitive_data_in_analytics_1 = require("./rules/no-sensitive-data-in-analytics");
-// M7: Insufficient Binary Protections (2 rules)
-const no_debug_code_in_production_1 = require("./rules/no-debug-code-in-production");
-const require_code_minification_1 = require("./rules/require-code-minification");
-// M8: Security Misconfiguration (4 rules)
-const no_verbose_error_messages_1 = require("./rules/no-verbose-error-messages");
-const no_exposed_debug_endpoints_1 = require("./rules/no-exposed-debug-endpoints");
-const require_secure_defaults_1 = require("./rules/require-secure-defaults");
-const no_permissive_cors_1 = require("./rules/no-permissive-cors");
-// M9: Insecure Data Storage (5 rules)
-const no_unencrypted_local_storage_1 = require("./rules/no-unencrypted-local-storage");
-const no_sensitive_data_in_cache_1 = require("./rules/no-sensitive-data-in-cache");
-const require_storage_encryption_1 = require("./rules/require-storage-encryption");
-const no_data_in_temp_storage_1 = require("./rules/no-data-in-temp-storage");
-const require_secure_deletion_1 = require("./rules/require-secure-deletion");
-/**
- * Collection of all security ESLint rules
- */
-exports.rules = {
-    // Flat rule names (recommended usage)
-    'no-sql-injection': no_sql_injection_1.noSqlInjection,
-    'database-injection': database_injection_1.databaseInjection,
-    'detect-eval-with-expression': detect_eval_with_expression_1.detectEvalWithExpression,
-    'detect-child-process': detect_child_process_1.detectChildProcess,
-    'no-unsafe-dynamic-require': no_unsafe_dynamic_require_1.noUnsafeDynamicRequire,
-    'no-graphql-injection': no_graphql_injection_1.noGraphqlInjection,
-    'no-xxe-injection': no_xxe_injection_1.noXxeInjection,
-    'no-xpath-injection': no_xpath_injection_1.noXpathInjection,
-    'no-ldap-injection': no_ldap_injection_1.noLdapInjection,
-    'no-directive-injection': no_directive_injection_1.noDirectiveInjection,
-    'no-format-string-injection': no_format_string_injection_1.noFormatStringInjection,
-    'detect-non-literal-fs-filename': detect_non_literal_fs_filename_1.detectNonLiteralFsFilename,
-    'no-zip-slip': no_zip_slip_1.noZipSlip,
-    'no-toctou-vulnerability': no_toctou_vulnerability_1.noToctouVulnerability,
-    'detect-non-literal-regexp': detect_non_literal_regexp_1.detectNonLiteralRegexp,
-    'no-redos-vulnerable-regex': no_redos_vulnerable_regex_1.noRedosVulnerableRegex,
-    'no-unsafe-regex-construction': no_unsafe_regex_construction_1.noUnsafeRegexConstruction,
-    'detect-object-injection': detect_object_injection_1.detectObjectInjection,
-    'no-unsafe-deserialization': no_unsafe_deserialization_1.noUnsafeDeserialization,
-    'no-hardcoded-credentials': no_hardcoded_credentials_1.noHardcodedCredentials,
-    'no-weak-crypto': no_weak_crypto_1.noWeakCrypto,
-    'no-insufficient-random': no_insufficient_random_1.noInsufficientRandom,
-    'no-timing-attack': no_timing_attack_1.noTimingAttack,
-    'no-insecure-comparison': no_insecure_comparison_1.noInsecureComparison,
-    'no-insecure-jwt': no_insecure_jwt_1.noInsecureJwt,
-    'no-unvalidated-user-input': no_unvalidated_user_input_1.noUnvalidatedUserInput,
-    'no-unsanitized-html': no_unsanitized_html_1.noUnsanitizedHtml,
-    'no-unescaped-url-parameter': no_unescaped_url_parameter_1.noUnescapedUrlParameter,
-    'no-improper-sanitization': no_improper_sanitization_1.noImproperSanitization,
-    'no-improper-type-validation': no_improper_type_validation_1.noImproperTypeValidation,
-    'no-missing-authentication': no_missing_authentication_1.noMissingAuthentication,
-    'no-privilege-escalation': no_privilege_escalation_1.noPrivilegeEscalation,
-    'no-weak-password-recovery': no_weak_password_recovery_1.noWeakPasswordRecovery,
-    'no-insecure-cookie-settings': no_insecure_cookie_settings_1.noInsecureCookieSettings,
-    'no-missing-csrf-protection': no_missing_csrf_protection_1.noMissingCsrfProtection,
-    'no-document-cookie': no_document_cookie_1.noDocumentCookie,
-    'no-missing-cors-check': no_missing_cors_check_1.noMissingCorsCheck,
-    'no-missing-security-headers': no_missing_security_headers_1.noMissingSecurityHeaders,
-    'no-insecure-redirects': no_insecure_redirects_1.noInsecureRedirects,
-    'no-unencrypted-transmission': no_unencrypted_transmission_1.noUnencryptedTransmission,
-    'no-clickjacking': no_clickjacking_1.noClickjacking,
-    'no-exposed-sensitive-data': no_exposed_sensitive_data_1.noExposedSensitiveData,
-    'no-sensitive-data-exposure': no_sensitive_data_exposure_1.noSensitiveDataExposure,
-    'no-buffer-overread': no_buffer_overread_1.noBufferOverread,
-    'no-unlimited-resource-allocation': no_unlimited_resource_allocation_1.noUnlimitedResourceAllocation,
-    'no-unchecked-loop-condition': no_unchecked_loop_condition_1.noUncheckedLoopCondition,
-    'no-electron-security-issues': no_electron_security_issues_1.noElectronSecurityIssues,
-    'no-insufficient-postmessage-validation': no_insufficient_postmessage_validation_1.noInsufficientPostmessageValidation,
-    // OWASP Mobile Top 10 2023/2024 rules (40 rules)
-    // M1: Improper Credential Usage (3 rules)
-    'no-credentials-in-storage-api': no_credentials_in_storage_api_1.noCredentialsInStorageApi,
-    'no-credentials-in-query-params': no_credentials_in_query_params_1.noCredentialsInQueryParams,
-    'require-secure-credential-storage': require_secure_credential_storage_1.requireSecureCredentialStorage,
-    // M2: Inadequate Supply Chain Security (4 rules)
-    'require-dependency-integrity': require_dependency_integrity_1.requireDependencyIntegrity,
-    'detect-suspicious-dependencies': detect_suspicious_dependencies_1.detectSuspiciousDependencies,
-    'no-dynamic-dependency-loading': no_dynamic_dependency_loading_1.noDynamicDependencyLoading,
-    'require-package-lock': require_package_lock_1.requirePackageLock,
-    // M3: Insecure Authentication/Authorization (5 rules)
-    'no-client-side-auth-logic': no_client_side_auth_logic_1.noClientSideAuthLogic,
-    'require-backend-authorization': require_backend_authorization_1.requireBackendAuthorization,
-    'no-hardcoded-session-tokens': no_hardcoded_session_tokens_1.noHardcodedSessionTokens,
-    'detect-weak-password-validation': detect_weak_password_validation_1.detectWeakPasswordValidation,
-    'no-password-in-url': no_password_in_url_1.noPasswordInUrl,
-    // M4: Insufficient Input/Output Validation (6 rules)
-    'no-unvalidated-deeplinks': no_unvalidated_deeplinks_1.noUnvalidatedDeeplinks,
-    'require-url-validation': require_url_validation_1.requireUrlValidation,
-    'no-arbitrary-file-access': no_arbitrary_file_access_1.noArbitraryFileAccess,
-    'require-mime-type-validation': require_mime_type_validation_1.requireMimeTypeValidation,
-    'no-postmessage-origin-wildcard': no_postmessage_origin_wildcard_1.noPostmessageOriginWildcard,
-    'require-csp-headers': require_csp_headers_1.requireCspHeaders,
-    // M5: Insecure Communication (7 rules)
-    'no-http-urls': no_http_urls_1.noHttpUrls,
-    'no-disabled-certificate-validation': no_disabled_certificate_validation_1.noDisabledCertificateValidation,
-    'require-https-only': require_https_only_1.requireHttpsOnly,
-    'no-insecure-websocket': no_insecure_websocket_1.noInsecureWebsocket,
-    'detect-mixed-content': detect_mixed_content_1.detectMixedContent,
-    'no-allow-arbitrary-loads': no_allow_arbitrary_loads_1.noAllowArbitraryLoads,
-    'require-network-timeout': require_network_timeout_1.requireNetworkTimeout,
-    // M6: Inadequate Privacy Controls (4 rules)
-    'no-pii-in-logs': no_pii_in_logs_1.noPiiInLogs,
-    'no-tracking-without-consent': no_tracking_without_consent_1.noTrackingWithoutConsent,
-    'require-data-minimization': require_data_minimization_1.requireDataMinimization,
-    'no-sensitive-data-in-analytics': no_sensitive_data_in_analytics_1.noSensitiveDataInAnalytics,
-    // M7: Insufficient Binary Protections (2 rules)
-    'no-debug-code-in-production': no_debug_code_in_production_1.noDebugCodeInProduction,
-    'require-code-minification': require_code_minification_1.requireCodeMinification,
-    // M8: Security Misconfiguration (4 rules)
-    'no-verbose-error-messages': no_verbose_error_messages_1.noVerboseErrorMessages,
-    'no-exposed-debug-endpoints': no_exposed_debug_endpoints_1.noExposedDebugEndpoints,
-    'require-secure-defaults': require_secure_defaults_1.requireSecureDefaults,
-    'no-permissive-cors': no_permissive_cors_1.noPermissiveCors,
-    // M9: Insecure Data Storage (5 rules)
-    'no-unencrypted-local-storage': no_unencrypted_local_storage_1.noUnencryptedLocalStorage,
-    'no-sensitive-data-in-cache': no_sensitive_data_in_cache_1.noSensitiveDataInCache,
-    'require-storage-encryption': require_storage_encryption_1.requireStorageEncryption,
-    'no-data-in-temp-storage': no_data_in_temp_storage_1.noDataInTempStorage,
-    'require-secure-deletion': require_secure_deletion_1.requireSecureDeletion,
-};
-/**
- * ESLint Plugin object
- */
-exports.plugin = {
-    meta: {
-        name: 'eslint-plugin-secure-coding',
-        version: '1.0.0',
-    },
-    rules: exports.rules,
-};
-/**
- * Preset configurations for security rules
- */
-const recommendedRules = {
-    // Critical - Injection vulnerabilities (OWASP A03)
-    'secure-coding/no-sql-injection': 'error',
-    'secure-coding/database-injection': 'error',
-    'secure-coding/detect-eval-with-expression': 'error',
-    'secure-coding/detect-child-process': 'error',
-    'secure-coding/no-unsafe-dynamic-require': 'error',
-    'secure-coding/no-graphql-injection': 'error',
-    'secure-coding/no-xxe-injection': 'error',
-    'secure-coding/no-xpath-injection': 'error',
-    'secure-coding/no-ldap-injection': 'error',
-    'secure-coding/no-directive-injection': 'error',
-    'secure-coding/no-format-string-injection': 'error',
-    // Critical - Path traversal & file operations
-    'secure-coding/detect-non-literal-fs-filename': 'error',
-    'secure-coding/no-zip-slip': 'error',
-    'secure-coding/no-toctou-vulnerability': 'error',
-    // Critical - Deserialization
-    'secure-coding/no-unsafe-deserialization': 'error',
-    // High - Regex vulnerabilities
-    'secure-coding/detect-non-literal-regexp': 'warn',
-    'secure-coding/no-redos-vulnerable-regex': 'error',
-    'secure-coding/no-unsafe-regex-construction': 'warn',
-    // High - Prototype pollution
-    'secure-coding/detect-object-injection': 'warn',
-    // Critical - Cryptography (OWASP A02)
-    'secure-coding/no-hardcoded-credentials': 'error',
-    'secure-coding/no-weak-crypto': 'error',
-    'secure-coding/no-insufficient-random': 'warn',
-    'secure-coding/no-timing-attack': 'error',
-    'secure-coding/no-insecure-comparison': 'warn',
-    'secure-coding/no-insecure-jwt': 'error',
-    // Critical - XSS vulnerabilities (OWASP A03)
-    'secure-coding/no-unvalidated-user-input': 'warn',
-    'secure-coding/no-unsanitized-html': 'error',
-    'secure-coding/no-unescaped-url-parameter': 'warn',
-    'secure-coding/no-improper-sanitization': 'error',
-    'secure-coding/no-improper-type-validation': 'warn',
-    // High - Authentication & Authorization (OWASP A01, A07)
-    'secure-coding/no-missing-authentication': 'warn',
-    'secure-coding/no-privilege-escalation': 'warn',
-    'secure-coding/no-weak-password-recovery': 'error',
-    // High - Session & Cookies
-    'secure-coding/no-insecure-cookie-settings': 'warn',
-    'secure-coding/no-missing-csrf-protection': 'warn',
-    'secure-coding/no-document-cookie': 'warn',
-    // High - Network & Headers (OWASP A05)
-    'secure-coding/no-missing-cors-check': 'warn',
-    'secure-coding/no-missing-security-headers': 'warn',
-    'secure-coding/no-insecure-redirects': 'warn',
-    'secure-coding/no-unencrypted-transmission': 'warn',
-    'secure-coding/no-clickjacking': 'error',
-    // High - Data Exposure (OWASP A01)
-    'secure-coding/no-exposed-sensitive-data': 'error',
-    'secure-coding/no-sensitive-data-exposure': 'warn',
-    // Medium - Buffer & Memory
-    'secure-coding/no-buffer-overread': 'error',
-    // Medium - Resource & DoS
-    'secure-coding/no-unlimited-resource-allocation': 'error',
-    'secure-coding/no-unchecked-loop-condition': 'error',
-    // Medium - Platform specific
-    'secure-coding/no-electron-security-issues': 'error',
-    'secure-coding/no-insufficient-postmessage-validation': 'error',
-    // Mobile & General Security (OWASP Mobile)
-    'secure-coding/no-credentials-in-storage-api': 'error',
-    'secure-coding/no-credentials-in-query-params': 'error',
-    'secure-coding/no-http-urls': 'error',
-    'secure-coding/require-https-only': 'error',
-    'secure-coding/no-pii-in-logs': 'warn',
-    'secure-coding/no-verbose-error-messages': 'warn',
-    'secure-coding/no-hardcoded-session-tokens': 'error',
-    'secure-coding/detect-mixed-content': 'error',
-    'secure-coding/no-unvalidated-deeplinks': 'error',
-    'secure-coding/no-postmessage-origin-wildcard': 'error',
-    'secure-coding/no-insecure-websocket': 'error',
-    'secure-coding/detect-suspicious-dependencies': 'warn',
-};
-exports.configs = {
-    /**
-     * Recommended security configuration
-     *
-     * Enables all security rules with sensible severity levels:
-     * - Critical injection vulnerabilities as errors
-     * - Important security issues as warnings
-     */
-    recommended: {
-        plugins: {
-            'secure-coding': exports.plugin,
-        },
-        rules: recommendedRules,
-    },
-    /**
-     * Strict security configuration
-     *
-     * All security rules set to 'error' for maximum protection
-     */
-    strict: {
-        plugins: {
-            'secure-coding': exports.plugin,
-        },
-        rules: Object.fromEntries(Object.keys(exports.rules).map(ruleName => [`secure-coding/${ruleName}`, 'error'])),
-    },
-    /**
-     * OWASP Top 10 focused configuration
-     *
-     * Rules mapped to OWASP Top 10 2021 categories
-     */
-    'owasp-top-10': {
-        plugins: {
-            'secure-coding': exports.plugin,
-        },
-        rules: {
-            // A01:2021 – Broken Access Control
-            'secure-coding/no-missing-authentication': 'error',
-            'secure-coding/no-privilege-escalation': 'error',
-            'secure-coding/no-exposed-sensitive-data': 'error',
-            'secure-coding/no-insecure-redirects': 'error',
-            // A02:2021 – Cryptographic Failures
-            'secure-coding/no-hardcoded-credentials': 'error',
-            'secure-coding/no-weak-crypto': 'error',
-            'secure-coding/no-insufficient-random': 'error',
-            'secure-coding/no-insecure-jwt': 'error',
-            'secure-coding/no-unencrypted-transmission': 'error',
-            'secure-coding/no-sensitive-data-exposure': 'error',
-            // A03:2021 – Injection
-            'secure-coding/no-sql-injection': 'error',
-            'secure-coding/database-injection': 'error',
-            'secure-coding/detect-eval-with-expression': 'error',
-            'secure-coding/detect-child-process': 'error',
-            'secure-coding/no-graphql-injection': 'error',
-            'secure-coding/no-xxe-injection': 'error',
-            'secure-coding/no-xpath-injection': 'error',
-            'secure-coding/no-ldap-injection': 'error',
-            'secure-coding/no-unsanitized-html': 'error',
-            'secure-coding/no-unescaped-url-parameter': 'error',
-            // A04:2021 – Insecure Design
-            'secure-coding/no-weak-password-recovery': 'error',
-            'secure-coding/no-improper-type-validation': 'error',
-            // A05:2021 – Security Misconfiguration
-            'secure-coding/no-missing-security-headers': 'error',
-            'secure-coding/no-missing-cors-check': 'error',
-            'secure-coding/no-insecure-cookie-settings': 'error',
-            'secure-coding/no-clickjacking': 'error',
-            'secure-coding/no-electron-security-issues': 'error',
-            // A07:2021 – Identification and Authentication Failures
-            'secure-coding/no-timing-attack': 'error',
-            'secure-coding/no-insecure-comparison': 'error',
-            'secure-coding/no-missing-csrf-protection': 'error',
-            // A08:2021 – Software and Data Integrity Failures
-            'secure-coding/no-unsafe-deserialization': 'error',
-            'secure-coding/no-unsafe-dynamic-require': 'error',
-        },
-    },
-    /**
-     * OWASP Mobile Top 10 focused configuration
-     *
-     * Rules mapped to OWASP Mobile Top 10 2024 categories
-     */
-    'owasp-mobile-top-10': {
-        plugins: {
-            'secure-coding': exports.plugin,
-        },
-        rules: {
-            // M1: Improper Credential Usage
-            'secure-coding/no-credentials-in-storage-api': 'error',
-            'secure-coding/no-credentials-in-query-params': 'error',
-            'secure-coding/require-secure-credential-storage': 'error',
-            'secure-coding/no-hardcoded-credentials': 'error',
-            // M2: Inadequate Supply Chain Security
-            'secure-coding/require-dependency-integrity': 'error',
-            'secure-coding/detect-suspicious-dependencies': 'error',
-            'secure-coding/no-dynamic-dependency-loading': 'error',
-            'secure-coding/require-package-lock': 'error',
-            // M3: Insecure Authentication/Authorization
-            'secure-coding/no-client-side-auth-logic': 'error',
-            'secure-coding/require-backend-authorization': 'error',
-            'secure-coding/no-hardcoded-session-tokens': 'error',
-            'secure-coding/detect-weak-password-validation': 'error',
-            'secure-coding/no-password-in-url': 'error',
-            // M4: Insufficient Input/Output Validation
-            'secure-coding/no-unvalidated-deeplinks': 'error',
-            'secure-coding/require-url-validation': 'error',
-            'secure-coding/no-arbitrary-file-access': 'error',
-            'secure-coding/require-mime-type-validation': 'error',
-            'secure-coding/no-postmessage-origin-wildcard': 'error',
-            'secure-coding/require-csp-headers': 'error',
-            // M5: Insecure Communication
-            'secure-coding/no-http-urls': 'error',
-            'secure-coding/no-disabled-certificate-validation': 'error',
-            'secure-coding/require-https-only': 'error',
-            'secure-coding/no-insecure-websocket': 'error',
-            'secure-coding/detect-mixed-content': 'error',
-            'secure-coding/no-allow-arbitrary-loads': 'error',
-            'secure-coding/require-network-timeout': 'error',
-            // M6: Inadequate Privacy Controls
-            'secure-coding/no-pii-in-logs': 'error',
-            'secure-coding/no-tracking-without-consent': 'error',
-            'secure-coding/require-data-minimization': 'error',
-            'secure-coding/no-sensitive-data-in-analytics': 'error',
-            // M7: Insufficient Binary Protections
-            'secure-coding/no-debug-code-in-production': 'error',
-            'secure-coding/require-code-minification': 'error',
-            // M8: Security Misconfiguration
-            'secure-coding/no-verbose-error-messages': 'error',
-            'secure-coding/no-exposed-debug-endpoints': 'error',
-            'secure-coding/require-secure-defaults': 'error',
-            'secure-coding/no-permissive-cors': 'error',
-            // M9: Insecure Data Storage
-            'secure-coding/no-unencrypted-local-storage': 'error',
-            'secure-coding/no-sensitive-data-in-cache': 'error',
-            'secure-coding/require-storage-encryption': 'error',
-            'secure-coding/no-data-in-temp-storage': 'error',
-            'secure-coding/require-secure-deletion': 'error',
-        },
-    },
-};
-/**
- * Default export for ESLint plugin
- */
-exports.default = exports.plugin;

package/src/rules/database-injection/index.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-export interface Options {
-    /** Detect NoSQL injection patterns. Default: true */
-    detectNoSQL?: boolean;
-    /** Detect ORM-specific vulnerabilities. Default: true */
-    detectORMs?: boolean;
-    /** Trusted data sources that bypass detection */
-    trustedSources?: string[];
-    /** Show framework-specific recommendations. Default: true */
-    frameworkHints?: boolean;
-    /** Strategy for fixing injection: 'parameterize', 'orm', 'sanitize', 'auto' */
-    strategy?: 'parameterize' | 'orm' | 'sanitize' | 'auto';
-}
-export declare const databaseInjection: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;