eslint-plugin-secure-coding 2.3.3 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +51 -1
- package/README.md +2 -2
- package/package.json +1 -1
- package/src/index.d.ts +32 -0
- package/src/index.js +416 -0
- package/src/rules/detect-child-process/index.d.ts +11 -0
- package/src/rules/detect-child-process/index.js +529 -0
- package/src/rules/detect-eval-with-expression/index.d.ts +9 -0
- package/src/rules/detect-eval-with-expression/index.js +392 -0
- package/src/rules/detect-mixed-content/index.d.ts +8 -0
- package/src/rules/detect-mixed-content/index.js +44 -0
- package/src/rules/detect-non-literal-fs-filename/index.d.ts +7 -0
- package/src/rules/detect-non-literal-fs-filename/index.js +454 -0
- package/src/rules/detect-non-literal-regexp/index.d.ts +9 -0
- package/src/rules/detect-non-literal-regexp/index.js +403 -0
- package/src/rules/detect-object-injection/index.d.ts +11 -0
- package/src/rules/detect-object-injection/index.js +560 -0
- package/src/rules/detect-suspicious-dependencies/index.d.ts +8 -0
- package/src/rules/detect-suspicious-dependencies/index.js +71 -0
- package/src/rules/detect-weak-password-validation/index.d.ts +6 -0
- package/src/rules/detect-weak-password-validation/index.js +58 -0
- package/src/rules/no-allow-arbitrary-loads/index.d.ts +8 -0
- package/src/rules/no-allow-arbitrary-loads/index.js +47 -0
- package/src/rules/no-arbitrary-file-access/index.d.ts +13 -0
- package/src/rules/no-arbitrary-file-access/index.js +195 -0
- package/src/rules/no-buffer-overread/index.d.ts +29 -0
- package/src/rules/no-buffer-overread/index.js +606 -0
- package/src/rules/no-clickjacking/index.d.ts +10 -0
- package/src/rules/no-clickjacking/index.js +396 -0
- package/src/rules/no-client-side-auth-logic/index.d.ts +6 -0
- package/src/rules/no-client-side-auth-logic/index.js +69 -0
- package/src/rules/no-credentials-in-query-params/index.d.ts +8 -0
- package/src/rules/no-credentials-in-query-params/index.js +57 -0
- package/src/rules/no-data-in-temp-storage/index.d.ts +6 -0
- package/src/rules/no-data-in-temp-storage/index.js +64 -0
- package/src/rules/no-debug-code-in-production/index.d.ts +8 -0
- package/src/rules/no-debug-code-in-production/index.js +51 -0
- package/src/rules/no-directive-injection/index.d.ts +12 -0
- package/src/rules/no-directive-injection/index.js +457 -0
- package/src/rules/no-disabled-certificate-validation/index.d.ts +6 -0
- package/src/rules/no-disabled-certificate-validation/index.js +61 -0
- package/src/rules/no-dynamic-dependency-loading/index.d.ts +8 -0
- package/src/rules/no-dynamic-dependency-loading/index.js +51 -0
- package/src/rules/no-electron-security-issues/index.d.ts +10 -0
- package/src/rules/no-electron-security-issues/index.js +423 -0
- package/src/rules/no-exposed-debug-endpoints/index.d.ts +6 -0
- package/src/rules/no-exposed-debug-endpoints/index.js +62 -0
- package/src/rules/no-exposed-sensitive-data/index.d.ts +11 -0
- package/src/rules/no-exposed-sensitive-data/index.js +340 -0
- package/src/rules/no-format-string-injection/index.d.ts +17 -0
- package/src/rules/no-format-string-injection/index.js +660 -0
- package/src/rules/no-graphql-injection/index.d.ts +12 -0
- package/src/rules/no-graphql-injection/index.js +411 -0
- package/src/rules/no-hardcoded-credentials/index.d.ts +26 -0
- package/src/rules/no-hardcoded-credentials/index.js +376 -0
- package/src/rules/no-hardcoded-session-tokens/index.d.ts +6 -0
- package/src/rules/no-hardcoded-session-tokens/index.js +59 -0
- package/src/rules/no-http-urls/index.d.ts +12 -0
- package/src/rules/no-http-urls/index.js +114 -0
- package/src/rules/no-improper-sanitization/index.d.ts +12 -0
- package/src/rules/no-improper-sanitization/index.js +411 -0
- package/src/rules/no-improper-type-validation/index.d.ts +10 -0
- package/src/rules/no-improper-type-validation/index.js +475 -0
- package/src/rules/no-insecure-comparison/index.d.ts +7 -0
- package/src/rules/no-insecure-comparison/index.js +193 -0
- package/src/rules/no-insecure-redirects/index.d.ts +7 -0
- package/src/rules/no-insecure-redirects/index.js +216 -0
- package/src/rules/no-insecure-websocket/index.d.ts +6 -0
- package/src/rules/no-insecure-websocket/index.js +61 -0
- package/src/rules/no-ldap-injection/index.d.ts +10 -0
- package/src/rules/no-ldap-injection/index.js +455 -0
- package/src/rules/no-missing-authentication/index.d.ts +13 -0
- package/src/rules/no-missing-authentication/index.js +333 -0
- package/src/rules/no-missing-cors-check/index.d.ts +9 -0
- package/src/rules/no-missing-cors-check/index.js +399 -0
- package/src/rules/no-missing-csrf-protection/index.d.ts +11 -0
- package/src/rules/no-missing-csrf-protection/index.js +180 -0
- package/src/rules/no-missing-security-headers/index.d.ts +7 -0
- package/src/rules/no-missing-security-headers/index.js +218 -0
- package/src/rules/no-password-in-url/index.d.ts +8 -0
- package/src/rules/no-password-in-url/index.js +54 -0
- package/src/rules/no-permissive-cors/index.d.ts +8 -0
- package/src/rules/no-permissive-cors/index.js +65 -0
- package/src/rules/no-pii-in-logs/index.d.ts +8 -0
- package/src/rules/no-pii-in-logs/index.js +70 -0
- package/src/rules/no-privilege-escalation/index.d.ts +13 -0
- package/src/rules/no-privilege-escalation/index.js +321 -0
- package/src/rules/no-redos-vulnerable-regex/index.d.ts +7 -0
- package/src/rules/no-redos-vulnerable-regex/index.js +306 -0
- package/src/rules/no-sensitive-data-exposure/index.d.ts +11 -0
- package/src/rules/no-sensitive-data-exposure/index.js +250 -0
- package/src/rules/no-sensitive-data-in-analytics/index.d.ts +8 -0
- package/src/rules/no-sensitive-data-in-analytics/index.js +62 -0
- package/src/rules/no-sensitive-data-in-cache/index.d.ts +8 -0
- package/src/rules/no-sensitive-data-in-cache/index.js +52 -0
- package/src/rules/no-toctou-vulnerability/index.d.ts +7 -0
- package/src/rules/no-toctou-vulnerability/index.js +208 -0
- package/src/rules/no-tracking-without-consent/index.d.ts +6 -0
- package/src/rules/no-tracking-without-consent/index.js +67 -0
- package/src/rules/no-unchecked-loop-condition/index.d.ts +12 -0
- package/src/rules/no-unchecked-loop-condition/index.js +646 -0
- package/src/rules/no-unencrypted-transmission/index.d.ts +11 -0
- package/src/rules/no-unencrypted-transmission/index.js +236 -0
- package/src/rules/no-unescaped-url-parameter/index.d.ts +9 -0
- package/src/rules/no-unescaped-url-parameter/index.js +355 -0
- package/src/rules/no-unlimited-resource-allocation/index.d.ts +12 -0
- package/src/rules/no-unlimited-resource-allocation/index.js +643 -0
- package/src/rules/no-unsafe-deserialization/index.d.ts +10 -0
- package/src/rules/no-unsafe-deserialization/index.js +491 -0
- package/src/rules/no-unsafe-dynamic-require/index.d.ts +5 -0
- package/src/rules/no-unsafe-dynamic-require/index.js +106 -0
- package/src/rules/no-unsafe-regex-construction/index.d.ts +9 -0
- package/src/rules/no-unsafe-regex-construction/index.js +291 -0
- package/src/rules/no-unvalidated-deeplinks/index.d.ts +6 -0
- package/src/rules/no-unvalidated-deeplinks/index.js +62 -0
- package/src/rules/no-unvalidated-user-input/index.d.ts +9 -0
- package/src/rules/no-unvalidated-user-input/index.js +420 -0
- package/src/rules/no-verbose-error-messages/index.d.ts +8 -0
- package/src/rules/no-verbose-error-messages/index.js +68 -0
- package/src/rules/no-weak-password-recovery/index.d.ts +12 -0
- package/src/rules/no-weak-password-recovery/index.js +424 -0
- package/src/rules/no-xpath-injection/index.d.ts +10 -0
- package/src/rules/no-xpath-injection/index.js +487 -0
- package/src/rules/no-xxe-injection/index.d.ts +7 -0
- package/src/rules/no-xxe-injection/index.js +266 -0
- package/src/rules/no-zip-slip/index.d.ts +9 -0
- package/src/rules/no-zip-slip/index.js +445 -0
- package/src/rules/require-backend-authorization/index.d.ts +6 -0
- package/src/rules/require-backend-authorization/index.js +60 -0
- package/src/rules/require-code-minification/index.d.ts +8 -0
- package/src/rules/require-code-minification/index.js +47 -0
- package/src/rules/require-csp-headers/index.d.ts +6 -0
- package/src/rules/require-csp-headers/index.js +64 -0
- package/src/rules/require-data-minimization/index.d.ts +8 -0
- package/src/rules/require-data-minimization/index.js +53 -0
- package/src/rules/require-dependency-integrity/index.d.ts +6 -0
- package/src/rules/require-dependency-integrity/index.js +64 -0
- package/src/rules/require-https-only/index.d.ts +8 -0
- package/src/rules/require-https-only/index.js +62 -0
- package/src/rules/require-mime-type-validation/index.d.ts +6 -0
- package/src/rules/require-mime-type-validation/index.js +66 -0
- package/src/rules/require-network-timeout/index.d.ts +8 -0
- package/src/rules/require-network-timeout/index.js +50 -0
- package/src/rules/require-package-lock/index.d.ts +8 -0
- package/src/rules/require-package-lock/index.js +63 -0
- package/src/rules/require-secure-credential-storage/index.d.ts +8 -0
- package/src/rules/require-secure-credential-storage/index.js +50 -0
- package/src/rules/require-secure-defaults/index.d.ts +8 -0
- package/src/rules/require-secure-defaults/index.js +47 -0
- package/src/rules/require-secure-deletion/index.d.ts +8 -0
- package/src/rules/require-secure-deletion/index.js +44 -0
- package/src/rules/require-storage-encryption/index.d.ts +8 -0
- package/src/rules/require-storage-encryption/index.js +50 -0
- package/src/rules/require-url-validation/index.d.ts +6 -0
- package/src/rules/require-url-validation/index.js +72 -0
- package/src/types/index.d.ts +106 -0
- package/src/types/index.js +16 -0
- package/src/index.ts +0 -605
- package/src/rules/__tests__/integration-demo.test.ts +0 -290
- package/src/rules/__tests__/integration-llm.test.ts +0 -89
- package/src/rules/database-injection/database-injection.test.ts +0 -456
- package/src/rules/database-injection/index.ts +0 -488
- package/src/rules/detect-child-process/detect-child-process.test.ts +0 -207
- package/src/rules/detect-child-process/index.ts +0 -634
- package/src/rules/detect-eval-with-expression/detect-eval-with-expression.test.ts +0 -416
- package/src/rules/detect-eval-with-expression/index.ts +0 -463
- package/src/rules/detect-mixed-content/detect-mixed-content.test.ts +0 -28
- package/src/rules/detect-mixed-content/index.ts +0 -52
- package/src/rules/detect-non-literal-fs-filename/detect-non-literal-fs-filename.test.ts +0 -269
- package/src/rules/detect-non-literal-fs-filename/index.ts +0 -551
- package/src/rules/detect-non-literal-regexp/detect-non-literal-regexp.test.ts +0 -189
- package/src/rules/detect-non-literal-regexp/index.ts +0 -490
- package/src/rules/detect-object-injection/detect-object-injection.test.ts +0 -440
- package/src/rules/detect-object-injection/index.ts +0 -674
- package/src/rules/detect-suspicious-dependencies/detect-suspicious-dependencies.test.ts +0 -32
- package/src/rules/detect-suspicious-dependencies/index.ts +0 -84
- package/src/rules/detect-weak-password-validation/detect-weak-password-validation.test.ts +0 -31
- package/src/rules/detect-weak-password-validation/index.ts +0 -68
- package/src/rules/no-allow-arbitrary-loads/index.ts +0 -54
- package/src/rules/no-allow-arbitrary-loads/no-allow-arbitrary-loads.test.ts +0 -28
- package/src/rules/no-arbitrary-file-access/index.ts +0 -238
- package/src/rules/no-arbitrary-file-access/no-arbitrary-file-access.test.ts +0 -119
- package/src/rules/no-buffer-overread/index.ts +0 -724
- package/src/rules/no-buffer-overread/no-buffer-overread.test.ts +0 -313
- package/src/rules/no-clickjacking/index.ts +0 -481
- package/src/rules/no-clickjacking/no-clickjacking.test.ts +0 -253
- package/src/rules/no-client-side-auth-logic/index.ts +0 -81
- package/src/rules/no-client-side-auth-logic/no-client-side-auth-logic.test.ts +0 -33
- package/src/rules/no-credentials-in-query-params/index.ts +0 -69
- package/src/rules/no-credentials-in-query-params/no-credentials-in-query-params.test.ts +0 -33
- package/src/rules/no-credentials-in-storage-api/index.ts +0 -64
- package/src/rules/no-credentials-in-storage-api/no-credentials-in-storage-api.test.ts +0 -31
- package/src/rules/no-data-in-temp-storage/index.ts +0 -75
- package/src/rules/no-data-in-temp-storage/no-data-in-temp-storage.test.ts +0 -33
- package/src/rules/no-debug-code-in-production/index.ts +0 -59
- package/src/rules/no-debug-code-in-production/no-debug-code-in-production.test.ts +0 -26
- package/src/rules/no-directive-injection/index.ts +0 -551
- package/src/rules/no-directive-injection/no-directive-injection.test.ts +0 -305
- package/src/rules/no-disabled-certificate-validation/index.ts +0 -72
- package/src/rules/no-disabled-certificate-validation/no-disabled-certificate-validation.test.ts +0 -33
- package/src/rules/no-document-cookie/index.ts +0 -113
- package/src/rules/no-document-cookie/no-document-cookie.test.ts +0 -382
- package/src/rules/no-dynamic-dependency-loading/index.ts +0 -60
- package/src/rules/no-dynamic-dependency-loading/no-dynamic-dependency-loading.test.ts +0 -27
- package/src/rules/no-electron-security-issues/index.ts +0 -504
- package/src/rules/no-electron-security-issues/no-electron-security-issues.test.ts +0 -324
- package/src/rules/no-exposed-debug-endpoints/index.ts +0 -73
- package/src/rules/no-exposed-debug-endpoints/no-exposed-debug-endpoints.test.ts +0 -40
- package/src/rules/no-exposed-sensitive-data/index.ts +0 -428
- package/src/rules/no-exposed-sensitive-data/no-exposed-sensitive-data.test.ts +0 -75
- package/src/rules/no-format-string-injection/index.ts +0 -801
- package/src/rules/no-format-string-injection/no-format-string-injection.test.ts +0 -437
- package/src/rules/no-graphql-injection/index.ts +0 -508
- package/src/rules/no-graphql-injection/no-graphql-injection.test.ts +0 -371
- package/src/rules/no-hardcoded-credentials/index.ts +0 -478
- package/src/rules/no-hardcoded-credentials/no-hardcoded-credentials.test.ts +0 -639
- package/src/rules/no-hardcoded-session-tokens/index.ts +0 -69
- package/src/rules/no-hardcoded-session-tokens/no-hardcoded-session-tokens.test.ts +0 -42
- package/src/rules/no-http-urls/index.ts +0 -131
- package/src/rules/no-http-urls/no-http-urls.test.ts +0 -60
- package/src/rules/no-improper-sanitization/index.ts +0 -502
- package/src/rules/no-improper-sanitization/no-improper-sanitization.test.ts +0 -156
- package/src/rules/no-improper-type-validation/index.ts +0 -572
- package/src/rules/no-improper-type-validation/no-improper-type-validation.test.ts +0 -372
- package/src/rules/no-insecure-comparison/index.ts +0 -232
- package/src/rules/no-insecure-comparison/no-insecure-comparison.test.ts +0 -218
- package/src/rules/no-insecure-cookie-settings/index.ts +0 -391
- package/src/rules/no-insecure-cookie-settings/no-insecure-cookie-settings.test.ts +0 -409
- package/src/rules/no-insecure-jwt/index.ts +0 -467
- package/src/rules/no-insecure-jwt/no-insecure-jwt.test.ts +0 -259
- package/src/rules/no-insecure-redirects/index.ts +0 -267
- package/src/rules/no-insecure-redirects/no-insecure-redirects.test.ts +0 -108
- package/src/rules/no-insecure-websocket/index.ts +0 -72
- package/src/rules/no-insecure-websocket/no-insecure-websocket.test.ts +0 -42
- package/src/rules/no-insufficient-postmessage-validation/index.ts +0 -497
- package/src/rules/no-insufficient-postmessage-validation/no-insufficient-postmessage-validation.test.ts +0 -360
- package/src/rules/no-insufficient-random/index.ts +0 -288
- package/src/rules/no-insufficient-random/no-insufficient-random.test.ts +0 -246
- package/src/rules/no-ldap-injection/index.ts +0 -547
- package/src/rules/no-ldap-injection/no-ldap-injection.test.ts +0 -317
- package/src/rules/no-missing-authentication/index.ts +0 -408
- package/src/rules/no-missing-authentication/no-missing-authentication.test.ts +0 -350
- package/src/rules/no-missing-cors-check/index.ts +0 -453
- package/src/rules/no-missing-cors-check/no-missing-cors-check.test.ts +0 -392
- package/src/rules/no-missing-csrf-protection/index.ts +0 -229
- package/src/rules/no-missing-csrf-protection/no-missing-csrf-protection.test.ts +0 -222
- package/src/rules/no-missing-security-headers/index.ts +0 -266
- package/src/rules/no-missing-security-headers/no-missing-security-headers.test.ts +0 -98
- package/src/rules/no-password-in-url/index.ts +0 -64
- package/src/rules/no-password-in-url/no-password-in-url.test.ts +0 -27
- package/src/rules/no-permissive-cors/index.ts +0 -78
- package/src/rules/no-permissive-cors/no-permissive-cors.test.ts +0 -28
- package/src/rules/no-pii-in-logs/index.ts +0 -83
- package/src/rules/no-pii-in-logs/no-pii-in-logs.test.ts +0 -26
- package/src/rules/no-postmessage-origin-wildcard/index.ts +0 -67
- package/src/rules/no-postmessage-origin-wildcard/no-postmessage-origin-wildcard.test.ts +0 -27
- package/src/rules/no-privilege-escalation/index.ts +0 -403
- package/src/rules/no-privilege-escalation/no-privilege-escalation.test.ts +0 -306
- package/src/rules/no-redos-vulnerable-regex/index.ts +0 -379
- package/src/rules/no-redos-vulnerable-regex/no-redos-vulnerable-regex.test.ts +0 -83
- package/src/rules/no-sensitive-data-exposure/index.ts +0 -294
- package/src/rules/no-sensitive-data-exposure/no-sensitive-data-exposure.test.ts +0 -262
- package/src/rules/no-sensitive-data-in-analytics/index.ts +0 -73
- package/src/rules/no-sensitive-data-in-analytics/no-sensitive-data-in-analytics.test.ts +0 -42
- package/src/rules/no-sensitive-data-in-cache/index.ts +0 -59
- package/src/rules/no-sensitive-data-in-cache/no-sensitive-data-in-cache.test.ts +0 -32
- package/src/rules/no-sql-injection/index.ts +0 -424
- package/src/rules/no-sql-injection/no-sql-injection.test.ts +0 -303
- package/src/rules/no-timing-attack/index.ts +0 -552
- package/src/rules/no-timing-attack/no-timing-attack.test.ts +0 -348
- package/src/rules/no-toctou-vulnerability/index.ts +0 -250
- package/src/rules/no-toctou-vulnerability/no-toctou-vulnerability.test.ts +0 -60
- package/src/rules/no-tracking-without-consent/index.ts +0 -78
- package/src/rules/no-tracking-without-consent/no-tracking-without-consent.test.ts +0 -34
- package/src/rules/no-unchecked-loop-condition/index.ts +0 -781
- package/src/rules/no-unchecked-loop-condition/no-unchecked-loop-condition.test.ts +0 -459
- package/src/rules/no-unencrypted-local-storage/index.ts +0 -73
- package/src/rules/no-unencrypted-local-storage/no-unencrypted-local-storage.test.ts +0 -41
- package/src/rules/no-unencrypted-transmission/index.ts +0 -296
- package/src/rules/no-unencrypted-transmission/no-unencrypted-transmission.test.ts +0 -287
- package/src/rules/no-unescaped-url-parameter/index.ts +0 -424
- package/src/rules/no-unescaped-url-parameter/no-unescaped-url-parameter.test.ts +0 -263
- package/src/rules/no-unlimited-resource-allocation/index.ts +0 -767
- package/src/rules/no-unlimited-resource-allocation/no-unlimited-resource-allocation.test.ts +0 -544
- package/src/rules/no-unsafe-deserialization/index.ts +0 -593
- package/src/rules/no-unsafe-deserialization/no-unsafe-deserialization.test.ts +0 -310
- package/src/rules/no-unsafe-dynamic-require/index.ts +0 -125
- package/src/rules/no-unsafe-dynamic-require/no-unsafe-dynamic-require.test.ts +0 -151
- package/src/rules/no-unsafe-regex-construction/index.ts +0 -370
- package/src/rules/no-unsafe-regex-construction/no-unsafe-regex-construction.test.ts +0 -181
- package/src/rules/no-unsanitized-html/index.ts +0 -400
- package/src/rules/no-unsanitized-html/no-unsanitized-html.test.ts +0 -488
- package/src/rules/no-unvalidated-deeplinks/index.ts +0 -73
- package/src/rules/no-unvalidated-deeplinks/no-unvalidated-deeplinks.test.ts +0 -29
- package/src/rules/no-unvalidated-user-input/index.ts +0 -498
- package/src/rules/no-unvalidated-user-input/no-unvalidated-user-input.test.ts +0 -463
- package/src/rules/no-verbose-error-messages/index.ts +0 -83
- package/src/rules/no-verbose-error-messages/no-verbose-error-messages.test.ts +0 -34
- package/src/rules/no-weak-crypto/index.ts +0 -447
- package/src/rules/no-weak-crypto/no-weak-crypto.test.ts +0 -297
- package/src/rules/no-weak-password-recovery/index.ts +0 -509
- package/src/rules/no-weak-password-recovery/no-weak-password-recovery.test.ts +0 -184
- package/src/rules/no-xpath-injection/index.ts +0 -596
- package/src/rules/no-xpath-injection/no-xpath-injection.test.ts +0 -405
- package/src/rules/no-xxe-injection/index.ts +0 -342
- package/src/rules/no-xxe-injection/no-xxe-injection.test.ts +0 -122
- package/src/rules/no-zip-slip/index.ts +0 -526
- package/src/rules/no-zip-slip/no-zip-slip.test.ts +0 -305
- package/src/rules/require-backend-authorization/index.ts +0 -71
- package/src/rules/require-backend-authorization/require-backend-authorization.test.ts +0 -31
- package/src/rules/require-code-minification/index.ts +0 -54
- package/src/rules/require-code-minification/require-code-minification.test.ts +0 -30
- package/src/rules/require-csp-headers/index.ts +0 -74
- package/src/rules/require-csp-headers/require-csp-headers.test.ts +0 -34
- package/src/rules/require-data-minimization/index.ts +0 -65
- package/src/rules/require-data-minimization/require-data-minimization.test.ts +0 -31
- package/src/rules/require-dependency-integrity/index.ts +0 -78
- package/src/rules/require-dependency-integrity/require-dependency-integrity.test.ts +0 -44
- package/src/rules/require-https-only/index.ts +0 -75
- package/src/rules/require-https-only/require-https-only.test.ts +0 -26
- package/src/rules/require-mime-type-validation/index.ts +0 -77
- package/src/rules/require-mime-type-validation/require-mime-type-validation.test.ts +0 -32
- package/src/rules/require-network-timeout/index.ts +0 -58
- package/src/rules/require-network-timeout/require-network-timeout.test.ts +0 -26
- package/src/rules/require-package-lock/index.ts +0 -75
- package/src/rules/require-package-lock/require-package-lock.test.ts +0 -27
- package/src/rules/require-secure-credential-storage/index.ts +0 -60
- package/src/rules/require-secure-credential-storage/require-secure-credential-storage.test.ts +0 -26
- package/src/rules/require-secure-defaults/index.ts +0 -54
- package/src/rules/require-secure-defaults/require-secure-defaults.test.ts +0 -26
- package/src/rules/require-secure-deletion/index.ts +0 -52
- package/src/rules/require-secure-deletion/require-secure-deletion.test.ts +0 -29
- package/src/rules/require-storage-encryption/index.ts +0 -60
- package/src/rules/require-storage-encryption/require-storage-encryption.test.ts +0 -26
- package/src/rules/require-url-validation/index.ts +0 -85
- package/src/rules/require-url-validation/require-url-validation.test.ts +0 -32
- package/src/types/index.ts +0 -235
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview Require consent before tracking
|
|
4
|
+
*/
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.noTrackingWithoutConsent = void 0;
|
|
7
|
+
const eslint_devkit_1 = require("@interlace/eslint-devkit");
|
|
8
|
+
exports.noTrackingWithoutConsent = (0, eslint_devkit_1.createRule)({
|
|
9
|
+
name: 'no-tracking-without-consent',
|
|
10
|
+
meta: {
|
|
11
|
+
type: 'problem',
|
|
12
|
+
docs: {
|
|
13
|
+
description: 'Require consent before analytics tracking',
|
|
14
|
+
},
|
|
15
|
+
messages: {
|
|
16
|
+
violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
|
|
17
|
+
icon: eslint_devkit_1.MessageIcons.SECURITY,
|
|
18
|
+
issueName: 'Tracking Without Consent',
|
|
19
|
+
cwe: 'CWE-359',
|
|
20
|
+
description: 'Analytics tracking without consent check - violates privacy regulations',
|
|
21
|
+
severity: 'MEDIUM',
|
|
22
|
+
fix: 'Wrap tracking calls in consent check: if (hasConsent) { analytics.track(...) }',
|
|
23
|
+
documentationLink: 'https://cwe.mitre.org/data/definitions/359.html',
|
|
24
|
+
})
|
|
25
|
+
},
|
|
26
|
+
schema: [],
|
|
27
|
+
},
|
|
28
|
+
defaultOptions: [],
|
|
29
|
+
create(context) {
|
|
30
|
+
function report(node) {
|
|
31
|
+
context.report({ node, messageId: 'violationDetected' });
|
|
32
|
+
}
|
|
33
|
+
function isInsideConsentCheck(node) {
|
|
34
|
+
let current = node.parent;
|
|
35
|
+
while (current) {
|
|
36
|
+
if (current.type === 'IfStatement') {
|
|
37
|
+
return true;
|
|
38
|
+
}
|
|
39
|
+
if (current.type === 'ConditionalExpression') {
|
|
40
|
+
return true;
|
|
41
|
+
}
|
|
42
|
+
current = current.parent;
|
|
43
|
+
}
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
return {
|
|
47
|
+
CallExpression(node) {
|
|
48
|
+
// Detect analytics.track() or similar
|
|
49
|
+
if (node.callee.type === 'MemberExpression' &&
|
|
50
|
+
node.callee.object.type === 'Identifier' &&
|
|
51
|
+
node.callee.object.name === 'analytics' &&
|
|
52
|
+
node.callee.property.type === 'Identifier' &&
|
|
53
|
+
['track', 'identify', 'page'].includes(node.callee.property.name)) {
|
|
54
|
+
if (!isInsideConsentCheck(node)) {
|
|
55
|
+
report(node);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
// Google Analytics gtag
|
|
59
|
+
if (node.callee.type === 'Identifier' && node.callee.name === 'gtag') {
|
|
60
|
+
if (!isInsideConsentCheck(node)) {
|
|
61
|
+
report(node);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
},
|
|
65
|
+
};
|
|
66
|
+
},
|
|
67
|
+
});
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
|
|
2
|
+
export interface Options extends SecurityRuleOptions {
|
|
3
|
+
/** Maximum allowed loop iterations for static analysis */
|
|
4
|
+
maxStaticIterations?: number;
|
|
5
|
+
/** Variables that contain user input */
|
|
6
|
+
userInputVariables?: string[];
|
|
7
|
+
/** Allow while(true) loops with breaks */
|
|
8
|
+
allowWhileTrueWithBreak?: boolean;
|
|
9
|
+
/** Maximum recursion depth to allow */
|
|
10
|
+
maxRecursionDepth?: number;
|
|
11
|
+
}
|
|
12
|
+
export declare const noUncheckedLoopCondition: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
|