npm - eslint-plugin-secure-coding - Versions diffs - 2.3.2 → 2.3.3 - Mend

eslint-plugin-secure-coding 2.3.2 → 2.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/src/rules/database-injection/index.js DELETED Viewed

@@ -1,406 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.databaseInjection = void 0;
-const eslint_devkit_1 = require("@interlace/eslint-devkit");
-const eslint_devkit_2 = require("@interlace/eslint-devkit");
-exports.databaseInjection = (0, eslint_devkit_2.createRule)({
-    name: 'database-injection',
-    meta: {
-        type: 'problem',
-        docs: {
-            description: 'Detects SQL and NoSQL injection vulnerabilities with framework-specific fixes',
-        },
-        messages: (() => {
-            const databaseInjection = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.SECURITY,
-                issueName: 'SQL Injection',
-                cwe: 'CWE-89',
-                description: 'SQL Injection detected',
-                severity: 'CRITICAL',
-                fix: 'Use parameterized query: db.query("SELECT * FROM users WHERE id = ?", [userId])',
-                documentationLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            });
-            const usePrisma = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use Prisma',
-                description: 'Use Prisma ORM',
-                severity: 'LOW',
-                fix: 'await prisma.user.findMany({ where: { id } })',
-                documentationLink: 'https://www.prisma.io/docs',
-            });
-            const useTypeORM = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use TypeORM',
-                description: 'Use TypeORM with QueryBuilder',
-                severity: 'LOW',
-                fix: 'userRepository.createQueryBuilder().where("id = :id", { id })',
-                documentationLink: 'https://typeorm.io/',
-            });
-            const useParameterized = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use Parameterized',
-                description: 'Use parameterized query',
-                severity: 'LOW',
-                fix: 'db.query("SELECT * FROM users WHERE id = ?", [userId])',
-                documentationLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            });
-            const useMongoSanitize = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.INFO,
-                issueName: 'Use mongo-sanitize',
-                description: 'Use mongo-sanitize for MongoDB',
-                severity: 'LOW',
-                fix: 'sanitize(req.body)',
-                documentationLink: 'https://github.com/vkarpov15/mongo-sanitize',
-            });
-            const strategyParameterize = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.STRATEGY,
-                issueName: 'Parameterize Strategy',
-                description: 'Use parameterized queries',
-                severity: 'LOW',
-                fix: 'Use ? or :name placeholders for user input',
-                documentationLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            });
-            const strategyORM = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.STRATEGY,
-                issueName: 'ORM Strategy',
-                description: 'Migrate to ORM for automatic protection',
-                severity: 'LOW',
-                fix: 'Use Prisma, TypeORM, or Sequelize',
-                documentationLink: 'https://www.prisma.io/docs/concepts/overview/why-prisma',
-            });
-            const strategySanitize = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.STRATEGY,
-                issueName: 'Sanitize Strategy',
-                description: 'Add input sanitization',
-                severity: 'LOW',
-                fix: 'Sanitize input as last resort',
-                documentationLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            });
-            const strategyAuto = (0, eslint_devkit_1.formatLLMMessage)({
-                icon: eslint_devkit_1.MessageIcons.STRATEGY,
-                issueName: 'Auto Strategy',
-                description: 'Apply context-aware injection prevention',
-                severity: 'LOW',
-                fix: 'Use context-appropriate protection',
-                documentationLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            });
-            return {
-                databaseInjection,
-                usePrisma,
-                useTypeORM,
-                useParameterized,
-                useMongoSanitize,
-                strategyParameterize,
-                strategyORM,
-                strategySanitize,
-                strategyAuto,
-            };
-        })(),
-        schema: [
-            {
-                type: 'object',
-                properties: {
-                    detectNoSQL: {
-                        type: 'boolean',
-                        default: true,
-                    },
-                    detectORMs: {
-                        type: 'boolean',
-                        default: true,
-                        description: 'Detect unsafe ORM usage',
-                    },
-                    trustedSources: {
-                        type: 'array',
-                        items: { type: 'string' },
-                        default: [],
-                    },
-                    frameworkHints: {
-                        type: 'boolean',
-                        default: true,
-                        description: 'Provide framework-specific suggestions',
-                    },
-                    strategy: {
-                        type: 'string',
-                        enum: ['parameterize', 'orm', 'sanitize', 'auto'],
-                        default: 'auto',
-                        description: 'Strategy for fixing injection (auto = smart detection)'
-                    },
-                },
-                additionalProperties: false,
-            },
-        ],
-    },
-    defaultOptions: [
-        {
-            detectNoSQL: true,
-            detectORMs: true,
-            trustedSources: [],
-            frameworkHints: true,
-            strategy: 'auto',
-        },
-    ],
-    create(context) {
-        const options = context.options[0] || {};
-        const { detectNoSQL = true, strategy = 'auto' } = options || {};
-        const sourceCode = context.sourceCode || context.sourceCode;
-        /**
-         * Select message ID based on strategy
-         * @todo Consider using this for suggestions in future versions
-         */
-        const selectStrategyMessage = () => {
-            switch (strategy) {
-                case 'parameterize':
-                    return 'strategyParameterize';
-                case 'orm':
-                    return 'strategyORM';
-                case 'sanitize':
-                    return 'strategySanitize';
-                case 'auto':
-                default:
-                    // Auto mode: prefer parameterized queries
-                    return 'useParameterized';
-            }
-        };
-        const filename = context.filename || context.getFilename();
-        /**
-         * SQL keywords for detection
-         */
-        const SQL_KEYWORDS = [
-            'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE', 'ALTER',
-            'EXEC', 'EXECUTE', 'TRUNCATE', 'GRANT', 'REVOKE', 'WHERE', 'FROM', 'JOIN'
-        ];
-        /**
-         * NoSQL patterns
-         */
-        const NOSQL_PATTERNS = [
-            'find', 'findOne', 'findById', 'updateOne', 'updateMany', 'deleteOne',
-            'deleteMany', 'aggregate', '$where', '$regex'
-        ];
-        /**
-         * NoSQL query patterns in template literals (e.g., `this.name === "${userName}"`)
-         */
-        const NOSQL_QUERY_PATTERNS = [
-            /this\.\w+\s*===?\s*["']/i, // this.name === "value"
-            /this\.\w+\s*!==?\s*["']/i, // this.name !== "value"
-            /\$\w+\s*===?\s*["']/i, // $where === "value"
-        ];
-        /**
-         * Check if text contains SQL keywords
-         */
-        function containsSQLKeywords(text) {
-            const upperText = text.toUpperCase();
-            return SQL_KEYWORDS.some(keyword => upperText.includes(keyword));
-        }
-        /**
-         * Check if code is using NoSQL operations
-         */
-        function isNoSQLOperation(node) {
-            const text = sourceCode.getText(node);
-            return NOSQL_PATTERNS.some(pattern => text.includes(pattern));
-        }
-        /**
-         * Check if expression is tainted (contains user input)
-         */
-        function isTainted(node) {
-            const text = sourceCode.getText(node);
-            const { trustedSources = [] } = options;
-            // High confidence taint sources
-            const highConfidenceSources = [
-                'req.body', 'req.query', 'req.params', 'request.body',
-                'params.', 'query.', 'body.', 'input.', 'userInput'
-            ];
-            // Medium confidence taint sources
-            const mediumConfidenceSources = [
-                'props.', 'state.', 'context.', 'event.', 'data.'
-            ];
-            for (const source of highConfidenceSources) {
-                if (text.includes(source)) {
-                    return { tainted: true, source, confidence: 'high' };
-                }
-            }
-            for (const source of mediumConfidenceSources) {
-                if (text.includes(source)) {
-                    return { tainted: true, source, confidence: 'medium' };
-                }
-            }
-            // Check if this source is explicitly trusted (only for low-confidence sources)
-            for (const trusted of trustedSources) {
-                if (text.includes(trusted)) {
-                    return { tainted: false, confidence: 'low' };
-                }
-            }
-            // Check if it's a variable (low confidence)
-            if (node.type === 'Identifier' && !text.match(/^[A-Z_]+$/)) {
-                return { tainted: true, source: 'variable', confidence: 'low' };
-            }
-            return { tainted: false, confidence: 'low' };
-        }
-        /**
-         * Analyze vulnerability and provide detailed report
-         */
-        function analyzeVulnerability(node, vulnType) {
-            const taintInfo = isTainted(node);
-            return {
-                type: vulnType,
-                pattern: taintInfo.tainted
-                    ? `User input (${taintInfo.source}) in query`
-                    : 'Dynamic query construction',
-                severity: taintInfo.confidence === 'high' ? 'critical' : taintInfo.confidence === 'medium' ? 'high' : 'medium',
-                exploitability: taintInfo.confidence === 'high'
-                    ? 'Easily exploitable via API parameters'
-                    : 'Exploitable with access to input sources',
-                cwe: vulnType === 'SQL' ? 'CWE-89' : 'CWE-943',
-                owasp: 'A03:2021 - Injection',
-            };
-        }
-        /**
-         * Report additional strategy-specific suggestions
-         */
-        function reportStrategySuggestions(node) {
-            const strategyMessageId = selectStrategyMessage();
-            if (strategyMessageId !== 'useParameterized') { // Don't duplicate the main message
-                context.report({
-                    node,
-                    messageId: strategyMessageId,
-                });
-            }
-        }
-        /**
-         * Check template literal for SQL or NoSQL injection
-         */
-        function checkTemplateLiteral(node) {
-            const text = sourceCode.getText(node);
-            // Check for SQL injection
-            if (containsSQLKeywords(text) && node.expressions.length > 0) {
-                // Check if any expression is tainted
-                const taintedExprs = node.expressions.filter((expr) => isTainted(expr).tainted);
-                if (taintedExprs.length > 0) {
-                    const vulnDetails = analyzeVulnerability(node, 'SQL');
-                    const data = {
-                        type: vulnDetails.type,
-                        severity: vulnDetails.severity.toUpperCase(),
-                        filePath: filename,
-                        line: String(node.loc?.start.line ?? 0),
-                        cwe: vulnDetails.cwe,
-                        cweCode: vulnDetails.cwe.replace('CWE-', ''),
-                        currentExample: `db.query(\`SELECT * FROM users WHERE id = ${'${userId}'}\`)`,
-                        fixExample: `Use parameterized: db.query("SELECT * FROM users WHERE id = ?", [userId])`,
-                        docLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-                    };
-                    context.report({
-                        node,
-                        messageId: 'databaseInjection',
-                        data,
-                    });
-                    reportStrategySuggestions(node);
-                    return;
-                }
-            }
-            // Check for NoSQL injection patterns in template literals
-            if (detectNoSQL && node.expressions.length > 0) {
-                const hasNoSQLPattern = NOSQL_QUERY_PATTERNS.some(pattern => pattern.test(text));
-                if (hasNoSQLPattern) {
-                    // Check if any expression is tainted
-                    const taintedExprs = node.expressions.filter((expr) => isTainted(expr).tainted);
-                    if (taintedExprs.length > 0) {
-                        const vulnDetails = analyzeVulnerability(node, 'NoSQL');
-                        const data = {
-                            type: vulnDetails.type,
-                            severity: vulnDetails.severity.toUpperCase(),
-                            filePath: filename,
-                            line: String(node.loc?.start.line ?? 0),
-                            cwe: vulnDetails.cwe,
-                            cweCode: vulnDetails.cwe.replace('CWE-', ''),
-                            currentExample: `const query = \`this.name === "${'${userName}'}"\``,
-                            fixExample: `Sanitize input: const query = \`this.name === "\${mongoSanitize(userName)}"\``,
-                            docLink: 'https://owasp.org/www-community/attacks/NoSQL_Injection',
-                        };
-                        context.report({
-                            node,
-                            messageId: 'databaseInjection',
-                            data,
-                        });
-                        reportStrategySuggestions(node);
-                        return;
-                    }
-                }
-            }
-        }
-        /**
-         * Check NoSQL operations
-         */
-        function checkNoSQLOperation(node) {
-            if (!detectNoSQL)
-                return;
-            if (!isNoSQLOperation(node))
-                return;
-            // Check if arguments contain user input
-            const taintedArgs = node.arguments.filter((arg) => isTainted(arg).tainted);
-            if (taintedArgs.length === 0)
-                return;
-            const vulnDetails = analyzeVulnerability(node, 'NoSQL');
-            const data = {
-                type: vulnDetails.type,
-                severity: vulnDetails.severity.toUpperCase(),
-                filePath: filename,
-                line: String(node.loc?.start.line ?? 0),
-                cwe: vulnDetails.cwe,
-                cweCode: vulnDetails.cwe.replace('CWE-', ''),
-                currentExample: `User.findOne({ email: req.body.email })`,
-                fixExample: `Sanitize input: User.findOne({ email: mongoSanitize(req.body.email) })`,
-                docLink: 'https://owasp.org/www-community/attacks/NoSQL_Injection',
-            };
-            context.report({
-                node,
-                messageId: 'databaseInjection',
-                data,
-            });
-            reportStrategySuggestions(node);
-        }
-        /**
-         * Check binary expression (string concatenation) for SQL injection
-         */
-        function checkBinaryExpression(node) {
-            // Only check string concatenation with + operator
-            if (node.operator !== '+')
-                return;
-            // Get the full text of the binary expression
-            const text = sourceCode.getText(node);
-            // Check if it contains SQL keywords
-            if (!containsSQLKeywords(text))
-                return;
-            // Check if any part of the expression is tainted
-            const taintInfo = isTainted(node);
-            if (!taintInfo.tainted) {
-                // Also check left and right sides individually
-                const leftTainted = isTainted(node.left).tainted;
-                const rightTainted = isTainted(node.right).tainted;
-                if (!leftTainted && !rightTainted)
-                    return;
-            }
-            const vulnDetails = analyzeVulnerability(node, 'SQL');
-            const data = {
-                type: vulnDetails.type,
-                severity: vulnDetails.severity.toUpperCase(),
-                filePath: filename,
-                line: String(node.loc?.start.line ?? 0),
-                cwe: vulnDetails.cwe,
-                cweCode: vulnDetails.cwe.replace('CWE-', ''),
-                currentExample: `const query = "SELECT * FROM users WHERE name = '" + userName + "'"`,
-                fixExample: `Use parameterized: db.query("SELECT * FROM users WHERE name = ?", [userName])`,
-                docLink: 'https://owasp.org/www-community/attacks/SQL_Injection',
-            };
-            context.report({
-                node,
-                messageId: 'databaseInjection',
-                data,
-            });
-            reportStrategySuggestions(node);
-        }
-        return {
-            TemplateLiteral: checkTemplateLiteral,
-            CallExpression: checkNoSQLOperation,
-            BinaryExpression: checkBinaryExpression,
-        };
-    },
-});

package/src/rules/detect-child-process/index.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-export interface Options {
-    /** Allow exec() with literal strings. Default: false (stricter) */
-    allowLiteralStrings?: boolean;
-    /** Allow spawn() with literal arguments. Default: false (stricter) */
-    allowLiteralSpawn?: boolean;
-    /** Additional child_process methods to check */
-    additionalMethods?: string[];
-    /** Strategy for fixing command injection: 'validate', 'sanitize', 'restrict', or 'auto' */
-    strategy?: 'validate' | 'sanitize' | 'restrict' | 'auto';
-}
-export declare const detectChildProcess: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;