npm - eslint-plugin-secure-coding - Versions diffs - 2.3.3 → 2.4.0 - Mend

eslint-plugin-secure-coding 2.3.3 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (337) hide show

package/src/rules/require-data-minimization/index.js ADDED Viewed

@@ -0,0 +1,53 @@
+"use strict";
+/**
+ * @fileoverview Identify excessive data collection
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/213.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireDataMinimization = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireDataMinimization = (0, eslint_devkit_1.createRule)({
+    name: 'require-data-minimization',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Identify excessive data collection patterns',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M6'],
+            cweIds: ['CWE-213'],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-213',
+                description: 'Excessive data collection detected - only collect data that is necessary',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/213.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            ObjectExpression(node) {
+                // Flag objects with >10 properties being collected
+                if (node.properties.length > 10) {
+                    // Check if this looks like user data collection
+                    const hasUserData = node.properties.some(p => p.type === 'Property' &&
+                        ['email', 'name', 'phone', 'address'].includes(p.key.name));
+                    if (hasUserData) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-dependency-integrity/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Require integrity hashes for external resources
+ */
+export interface Options {
+}
+export declare const requireDependencyIntegrity: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-dependency-integrity/index.js ADDED Viewed

@@ -0,0 +1,64 @@
+"use strict";
+/**
+ * @fileoverview Require integrity hashes for external resources
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireDependencyIntegrity = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireDependencyIntegrity = (0, eslint_devkit_1.createRule)({
+    name: 'require-dependency-integrity',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require SRI (Subresource Integrity) for CDN resources',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Missing SRI',
+                cwe: 'CWE-494',
+                description: 'External resource loaded without integrity hash - supply chain risk',
+                severity: 'HIGH',
+                fix: 'Add integrity="sha384-..." and crossorigin="anonymous" attributes',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/494.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            Literal(node) {
+                if (typeof node.value !== 'string')
+                    return;
+                // Check for script/link tags without integrity
+                const value = node.value.toLowerCase();
+                if ((value.includes('<script') && value.includes('src=')) ||
+                    (value.includes('<link') && value.includes('href='))) {
+                    // Check if CDN source
+                    if (value.includes('cdn.') || value.includes('cdnjs.') ||
+                        value.includes('unpkg.') || value.includes('jsdelivr.')) {
+                        if (!value.includes('integrity=')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+            TemplateLiteral(node) {
+                const text = context.sourceCode.getText(node).toLowerCase();
+                if ((text.includes('<script') && text.includes('src=')) ||
+                    (text.includes('<link') && text.includes('href='))) {
+                    if (text.includes('cdn.') || text.includes('cdnjs.') ||
+                        text.includes('unpkg.') || text.includes('jsdelivr.')) {
+                        if (!text.includes('integrity=')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-https-only/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Enforce HTTPS for all external requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/319.html
+ */
+export interface Options {
+}
+export declare const requireHttpsOnly: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-https-only/index.js ADDED Viewed

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * @fileoverview Enforce HTTPS for all external requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/319.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireHttpsOnly = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireHttpsOnly = (0, eslint_devkit_1.createRule)({
+    name: 'require-https-only',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Enforce HTTPS for all external requests',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M5'],
+            cweIds: ["CWE-319"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-319',
+                description: 'Enforce HTTPS for all external requests detected - this is a security risk',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/319.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({
+                node,
+                messageId: 'violationDetected',
+            });
+        }
+        return {
+            CallExpression(node) {
+                // Check fetch/axios calls with http:// URLs
+                if (node.type === 'CallExpression') {
+                    const callee = node.callee;
+                    const isHttpCall = (callee.name === 'fetch' ||
+                        (callee.object?.name === 'axios' &&
+                            ['get', 'post', 'put', 'delete', 'patch'].includes(callee.property?.name)));
+                    if (isHttpCall && node.arguments[0]) {
+                        const url = node.arguments[0];
+                        if (url.type === 'Literal' &&
+                            typeof url.value === 'string' &&
+                            url.value.startsWith('http://')) {
+                            report(node);
+                        }
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-mime-type-validation/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Require MIME type validation for uploads
+ */
+export interface Options {
+}
+export declare const requireMimeTypeValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-mime-type-validation/index.js ADDED Viewed

@@ -0,0 +1,66 @@
+"use strict";
+/**
+ * @fileoverview Require MIME type validation for uploads
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireMimeTypeValidation = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireMimeTypeValidation = (0, eslint_devkit_1.createRule)({
+    name: 'require-mime-type-validation',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require MIME type validation for file uploads',
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'Missing MIME Validation',
+                cwe: 'CWE-434',
+                description: 'File upload without MIME type validation - unrestricted upload vulnerability',
+                severity: 'HIGH',
+                fix: 'Add fileFilter option to validate MIME types',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/434.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        function report(node) {
+            context.report({ node, messageId: 'violationDetected' });
+        }
+        return {
+            CallExpression(node) {
+                // Detect multer().single() or multer().array() without fileFilter
+                if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
+                    node.callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
+                    ['single', 'array', 'fields'].includes(node.callee.property.name)) {
+                    // Check if parent has fileFilter configuration
+                    const calleeObj = node.callee.object;
+                    if (calleeObj.type === eslint_devkit_1.AST_NODE_TYPES.CallExpression) {
+                        const multerArgs = calleeObj.arguments[0];
+                        if (multerArgs && multerArgs.type === eslint_devkit_1.AST_NODE_TYPES.ObjectExpression) {
+                            const hasFileFilter = multerArgs.properties.some((p) => p.type === eslint_devkit_1.AST_NODE_TYPES.Property && p.key.type === eslint_devkit_1.AST_NODE_TYPES.Identifier && (p.key.name === 'fileFilter' || p.key.name === 'limits'));
+                            if (!hasFileFilter) {
+                                report(node);
+                            }
+                        }
+                        else if (!multerArgs) {
+                            // No config at all = no validation
+                            report(node);
+                        }
+                    }
+                }
+                // Detect upload() calls directly
+                if (node.callee.type === eslint_devkit_1.AST_NODE_TYPES.Identifier && node.callee.name === 'upload') {
+                    // Check if there's validation in arguments
+                    if (node.arguments.length === 0 ||
+                        (node.arguments[0]?.type === eslint_devkit_1.AST_NODE_TYPES.Identifier)) {
+                        report(node);
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-network-timeout/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Require timeout limits for network requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/770.html
+ */
+export interface Options {
+}
+export declare const requireNetworkTimeout: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-network-timeout/index.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+/**
+ * @fileoverview Require timeout limits for network requests
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/770.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireNetworkTimeout = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireNetworkTimeout = (0, eslint_devkit_1.createRule)({
+    name: 'require-network-timeout',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require timeout limits for network requests',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M5'],
+            cweIds: ["CWE-770"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-400',
+                description: 'Require timeout limits for network requests detected - fetch/axios without timeout option',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/400.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.name === 'fetch' ||
+                    (node.callee.type === 'MemberExpression' &&
+                        node.callee.object.name === 'axios')) {
+                    const hasTimeout = node.arguments[1]?.type === 'ObjectExpression' &&
+                        node.arguments[1].properties.some(p => p.key?.name === 'timeout');
+                    if (!hasTimeout) {
+                        context.report({ node, messageId: 'violationDetected' });
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-package-lock/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Ensure package lock file exists
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/829.html
+ */
+export interface Options {
+}
+export declare const requirePackageLock: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-package-lock/index.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use strict";
+/**
+ * @fileoverview Ensure package lock file exists
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/829.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requirePackageLock = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requirePackageLock = (0, eslint_devkit_1.createRule)({
+    name: 'require-package-lock',
+    meta: {
+        type: 'suggestion',
+        docs: {
+            description: 'Ensure package-lock.json or yarn.lock exists',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M2'],
+            cweIds: ['CWE-829'],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-829',
+                description: 'Package lock file missing - commit package-lock',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/829.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        const fs = require('node:fs');
+        const path = require('node:path');
+        // Check once per file
+        let checked = false;
+        return {
+            Program(node) {
+                if (checked)
+                    return;
+                checked = true;
+                // Find project root (simplified)
+                let dir = path.dirname(context.filename);
+                let found = false;
+                for (let i = 0; i < 10; i++) {
+                    if (fs.existsSync(path.join(dir, 'package-lock.json')) ||
+                        fs.existsSync(path.join(dir, 'yarn.lock')) ||
+                        fs.existsSync(path.join(dir, 'pnpm-lock.yaml'))) {
+                        found = true;
+                        break;
+                    }
+                    dir = path.dirname(dir);
+                }
+                if (!found) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});

package/src/rules/require-secure-credential-storage/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Enforce secure storage patterns for credentials
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/522.html
+ */
+export interface Options {
+}
+export declare const requireSecureCredentialStorage: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-credential-storage/index.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+/**
+ * @fileoverview Enforce secure storage patterns for credentials
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/522.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureCredentialStorage = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureCredentialStorage = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-credential-storage',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Enforce secure storage patterns for credentials',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M1'],
+            cweIds: ["CWE-522"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-312',
+                description: 'Enforce secure storage patterns for credentials detected - Credentials without encryption',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type === 'MemberExpression' &&
+                    ['setItem', 'writeFile'].includes(node.callee.property.name)) {
+                    // Check for encryption wrapper
+                    const hasEncryption = node.arguments.some(arg => arg.type === 'CallExpression' &&
+                        arg.callee.name?.includes('encrypt'));
+                    if (!hasEncryption) {
+                        context.report({ node, messageId: 'violationDetected' });
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-secure-defaults/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Ensure secure default configurations
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/453.html
+ */
+export interface Options {
+}
+export declare const requireSecureDefaults: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-defaults/index.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * @fileoverview Ensure secure default configurations
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/453.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureDefaults = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureDefaults = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-defaults',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Ensure secure default configurations',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M8'],
+            cweIds: ["CWE-453"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-1188',
+                description: 'Ensure secure default configurations detected - Insecure default values',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/1188.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            Property(node) {
+                if (node.key.type === 'Identifier' &&
+                    ['secure', 'strictSSL', 'verify'].includes(node.key.name) &&
+                    node.value.type === 'Literal' &&
+                    node.value.value === false) {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});

package/src/rules/require-secure-deletion/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Require secure data deletion patterns
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/459.html
+ */
+export interface Options {
+}
+export declare const requireSecureDeletion: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-secure-deletion/index.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use strict";
+/**
+ * @fileoverview Require secure data deletion patterns
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/459.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireSecureDeletion = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireSecureDeletion = (0, eslint_devkit_1.createRule)({
+    name: 'require-secure-deletion',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require secure data deletion patterns',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M9'],
+            cweIds: ["CWE-459"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-459',
+                description: 'Require secure data deletion patterns detected - delete without secure wipe',
+                severity: 'MEDIUM',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/459.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            UnaryExpression(node) {
+                if (node.operator === 'delete') {
+                    context.report({ node, messageId: 'violationDetected' });
+                }
+            },
+        };
+    },
+});

package/src/rules/require-storage-encryption/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * @fileoverview Require encryption for persistent storage
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/311.html
+ */
+export interface Options {
+}
+export declare const requireStorageEncryption: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;

package/src/rules/require-storage-encryption/index.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+/**
+ * @fileoverview Require encryption for persistent storage
+ * @see https://owasp.org/www-project-mobile-top-10/
+ * @see https://cwe.mitre.org/data/definitions/311.html
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireStorageEncryption = void 0;
+const eslint_devkit_1 = require("@interlace/eslint-devkit");
+exports.requireStorageEncryption = (0, eslint_devkit_1.createRule)({
+    name: 'require-storage-encryption',
+    meta: {
+        type: 'problem',
+        docs: {
+            description: 'Require encryption for persistent storage',
+            category: 'Security',
+            recommended: true,
+            owaspMobile: ['M9'],
+            cweIds: ["CWE-311"],
+        },
+        messages: {
+            violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
+                icon: eslint_devkit_1.MessageIcons.SECURITY,
+                issueName: 'violation Detected',
+                cwe: 'CWE-312',
+                description: 'Require encryption for persistent storage detected - Storage without encryption',
+                severity: 'HIGH',
+                fix: 'Review and apply secure practices',
+                documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
+            })
+        },
+        schema: [],
+    },
+    defaultOptions: [],
+    create(context) {
+        return {
+            CallExpression(node) {
+                if (node.callee.type === 'MemberExpression' &&
+                    ['setItem', 'writeFile'].includes(node.callee.property.name)) {
+                    // Check for encryption wrapper
+                    const hasEncryption = node.arguments.some(arg => arg.type === 'CallExpression' &&
+                        arg.callee.name?.includes('encrypt'));
+                    if (!hasEncryption) {
+                        context.report({ node, messageId: 'violationDetected' });
+                    }
+                }
+            },
+        };
+    },
+});

package/src/rules/require-url-validation/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Enforce URL validation before navigation
+ */
+export interface Options {
+}
+export declare const requireUrlValidation: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;