eslint-plugin-secure-coding 2.3.3 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (337) hide show
  1. package/CHANGELOG.md +51 -1
  2. package/README.md +2 -2
  3. package/package.json +1 -1
  4. package/src/index.d.ts +32 -0
  5. package/src/index.js +416 -0
  6. package/src/rules/detect-child-process/index.d.ts +11 -0
  7. package/src/rules/detect-child-process/index.js +529 -0
  8. package/src/rules/detect-eval-with-expression/index.d.ts +9 -0
  9. package/src/rules/detect-eval-with-expression/index.js +392 -0
  10. package/src/rules/detect-mixed-content/index.d.ts +8 -0
  11. package/src/rules/detect-mixed-content/index.js +44 -0
  12. package/src/rules/detect-non-literal-fs-filename/index.d.ts +7 -0
  13. package/src/rules/detect-non-literal-fs-filename/index.js +454 -0
  14. package/src/rules/detect-non-literal-regexp/index.d.ts +9 -0
  15. package/src/rules/detect-non-literal-regexp/index.js +403 -0
  16. package/src/rules/detect-object-injection/index.d.ts +11 -0
  17. package/src/rules/detect-object-injection/index.js +560 -0
  18. package/src/rules/detect-suspicious-dependencies/index.d.ts +8 -0
  19. package/src/rules/detect-suspicious-dependencies/index.js +71 -0
  20. package/src/rules/detect-weak-password-validation/index.d.ts +6 -0
  21. package/src/rules/detect-weak-password-validation/index.js +58 -0
  22. package/src/rules/no-allow-arbitrary-loads/index.d.ts +8 -0
  23. package/src/rules/no-allow-arbitrary-loads/index.js +47 -0
  24. package/src/rules/no-arbitrary-file-access/index.d.ts +13 -0
  25. package/src/rules/no-arbitrary-file-access/index.js +195 -0
  26. package/src/rules/no-buffer-overread/index.d.ts +29 -0
  27. package/src/rules/no-buffer-overread/index.js +606 -0
  28. package/src/rules/no-clickjacking/index.d.ts +10 -0
  29. package/src/rules/no-clickjacking/index.js +396 -0
  30. package/src/rules/no-client-side-auth-logic/index.d.ts +6 -0
  31. package/src/rules/no-client-side-auth-logic/index.js +69 -0
  32. package/src/rules/no-credentials-in-query-params/index.d.ts +8 -0
  33. package/src/rules/no-credentials-in-query-params/index.js +57 -0
  34. package/src/rules/no-data-in-temp-storage/index.d.ts +6 -0
  35. package/src/rules/no-data-in-temp-storage/index.js +64 -0
  36. package/src/rules/no-debug-code-in-production/index.d.ts +8 -0
  37. package/src/rules/no-debug-code-in-production/index.js +51 -0
  38. package/src/rules/no-directive-injection/index.d.ts +12 -0
  39. package/src/rules/no-directive-injection/index.js +457 -0
  40. package/src/rules/no-disabled-certificate-validation/index.d.ts +6 -0
  41. package/src/rules/no-disabled-certificate-validation/index.js +61 -0
  42. package/src/rules/no-dynamic-dependency-loading/index.d.ts +8 -0
  43. package/src/rules/no-dynamic-dependency-loading/index.js +51 -0
  44. package/src/rules/no-electron-security-issues/index.d.ts +10 -0
  45. package/src/rules/no-electron-security-issues/index.js +423 -0
  46. package/src/rules/no-exposed-debug-endpoints/index.d.ts +6 -0
  47. package/src/rules/no-exposed-debug-endpoints/index.js +62 -0
  48. package/src/rules/no-exposed-sensitive-data/index.d.ts +11 -0
  49. package/src/rules/no-exposed-sensitive-data/index.js +340 -0
  50. package/src/rules/no-format-string-injection/index.d.ts +17 -0
  51. package/src/rules/no-format-string-injection/index.js +660 -0
  52. package/src/rules/no-graphql-injection/index.d.ts +12 -0
  53. package/src/rules/no-graphql-injection/index.js +411 -0
  54. package/src/rules/no-hardcoded-credentials/index.d.ts +26 -0
  55. package/src/rules/no-hardcoded-credentials/index.js +376 -0
  56. package/src/rules/no-hardcoded-session-tokens/index.d.ts +6 -0
  57. package/src/rules/no-hardcoded-session-tokens/index.js +59 -0
  58. package/src/rules/no-http-urls/index.d.ts +12 -0
  59. package/src/rules/no-http-urls/index.js +114 -0
  60. package/src/rules/no-improper-sanitization/index.d.ts +12 -0
  61. package/src/rules/no-improper-sanitization/index.js +411 -0
  62. package/src/rules/no-improper-type-validation/index.d.ts +10 -0
  63. package/src/rules/no-improper-type-validation/index.js +475 -0
  64. package/src/rules/no-insecure-comparison/index.d.ts +7 -0
  65. package/src/rules/no-insecure-comparison/index.js +193 -0
  66. package/src/rules/no-insecure-redirects/index.d.ts +7 -0
  67. package/src/rules/no-insecure-redirects/index.js +216 -0
  68. package/src/rules/no-insecure-websocket/index.d.ts +6 -0
  69. package/src/rules/no-insecure-websocket/index.js +61 -0
  70. package/src/rules/no-ldap-injection/index.d.ts +10 -0
  71. package/src/rules/no-ldap-injection/index.js +455 -0
  72. package/src/rules/no-missing-authentication/index.d.ts +13 -0
  73. package/src/rules/no-missing-authentication/index.js +333 -0
  74. package/src/rules/no-missing-cors-check/index.d.ts +9 -0
  75. package/src/rules/no-missing-cors-check/index.js +399 -0
  76. package/src/rules/no-missing-csrf-protection/index.d.ts +11 -0
  77. package/src/rules/no-missing-csrf-protection/index.js +180 -0
  78. package/src/rules/no-missing-security-headers/index.d.ts +7 -0
  79. package/src/rules/no-missing-security-headers/index.js +218 -0
  80. package/src/rules/no-password-in-url/index.d.ts +8 -0
  81. package/src/rules/no-password-in-url/index.js +54 -0
  82. package/src/rules/no-permissive-cors/index.d.ts +8 -0
  83. package/src/rules/no-permissive-cors/index.js +65 -0
  84. package/src/rules/no-pii-in-logs/index.d.ts +8 -0
  85. package/src/rules/no-pii-in-logs/index.js +70 -0
  86. package/src/rules/no-privilege-escalation/index.d.ts +13 -0
  87. package/src/rules/no-privilege-escalation/index.js +321 -0
  88. package/src/rules/no-redos-vulnerable-regex/index.d.ts +7 -0
  89. package/src/rules/no-redos-vulnerable-regex/index.js +306 -0
  90. package/src/rules/no-sensitive-data-exposure/index.d.ts +11 -0
  91. package/src/rules/no-sensitive-data-exposure/index.js +250 -0
  92. package/src/rules/no-sensitive-data-in-analytics/index.d.ts +8 -0
  93. package/src/rules/no-sensitive-data-in-analytics/index.js +62 -0
  94. package/src/rules/no-sensitive-data-in-cache/index.d.ts +8 -0
  95. package/src/rules/no-sensitive-data-in-cache/index.js +52 -0
  96. package/src/rules/no-toctou-vulnerability/index.d.ts +7 -0
  97. package/src/rules/no-toctou-vulnerability/index.js +208 -0
  98. package/src/rules/no-tracking-without-consent/index.d.ts +6 -0
  99. package/src/rules/no-tracking-without-consent/index.js +67 -0
  100. package/src/rules/no-unchecked-loop-condition/index.d.ts +12 -0
  101. package/src/rules/no-unchecked-loop-condition/index.js +646 -0
  102. package/src/rules/no-unencrypted-transmission/index.d.ts +11 -0
  103. package/src/rules/no-unencrypted-transmission/index.js +236 -0
  104. package/src/rules/no-unescaped-url-parameter/index.d.ts +9 -0
  105. package/src/rules/no-unescaped-url-parameter/index.js +355 -0
  106. package/src/rules/no-unlimited-resource-allocation/index.d.ts +12 -0
  107. package/src/rules/no-unlimited-resource-allocation/index.js +643 -0
  108. package/src/rules/no-unsafe-deserialization/index.d.ts +10 -0
  109. package/src/rules/no-unsafe-deserialization/index.js +491 -0
  110. package/src/rules/no-unsafe-dynamic-require/index.d.ts +5 -0
  111. package/src/rules/no-unsafe-dynamic-require/index.js +106 -0
  112. package/src/rules/no-unsafe-regex-construction/index.d.ts +9 -0
  113. package/src/rules/no-unsafe-regex-construction/index.js +291 -0
  114. package/src/rules/no-unvalidated-deeplinks/index.d.ts +6 -0
  115. package/src/rules/no-unvalidated-deeplinks/index.js +62 -0
  116. package/src/rules/no-unvalidated-user-input/index.d.ts +9 -0
  117. package/src/rules/no-unvalidated-user-input/index.js +420 -0
  118. package/src/rules/no-verbose-error-messages/index.d.ts +8 -0
  119. package/src/rules/no-verbose-error-messages/index.js +68 -0
  120. package/src/rules/no-weak-password-recovery/index.d.ts +12 -0
  121. package/src/rules/no-weak-password-recovery/index.js +424 -0
  122. package/src/rules/no-xpath-injection/index.d.ts +10 -0
  123. package/src/rules/no-xpath-injection/index.js +487 -0
  124. package/src/rules/no-xxe-injection/index.d.ts +7 -0
  125. package/src/rules/no-xxe-injection/index.js +266 -0
  126. package/src/rules/no-zip-slip/index.d.ts +9 -0
  127. package/src/rules/no-zip-slip/index.js +445 -0
  128. package/src/rules/require-backend-authorization/index.d.ts +6 -0
  129. package/src/rules/require-backend-authorization/index.js +60 -0
  130. package/src/rules/require-code-minification/index.d.ts +8 -0
  131. package/src/rules/require-code-minification/index.js +47 -0
  132. package/src/rules/require-csp-headers/index.d.ts +6 -0
  133. package/src/rules/require-csp-headers/index.js +64 -0
  134. package/src/rules/require-data-minimization/index.d.ts +8 -0
  135. package/src/rules/require-data-minimization/index.js +53 -0
  136. package/src/rules/require-dependency-integrity/index.d.ts +6 -0
  137. package/src/rules/require-dependency-integrity/index.js +64 -0
  138. package/src/rules/require-https-only/index.d.ts +8 -0
  139. package/src/rules/require-https-only/index.js +62 -0
  140. package/src/rules/require-mime-type-validation/index.d.ts +6 -0
  141. package/src/rules/require-mime-type-validation/index.js +66 -0
  142. package/src/rules/require-network-timeout/index.d.ts +8 -0
  143. package/src/rules/require-network-timeout/index.js +50 -0
  144. package/src/rules/require-package-lock/index.d.ts +8 -0
  145. package/src/rules/require-package-lock/index.js +63 -0
  146. package/src/rules/require-secure-credential-storage/index.d.ts +8 -0
  147. package/src/rules/require-secure-credential-storage/index.js +50 -0
  148. package/src/rules/require-secure-defaults/index.d.ts +8 -0
  149. package/src/rules/require-secure-defaults/index.js +47 -0
  150. package/src/rules/require-secure-deletion/index.d.ts +8 -0
  151. package/src/rules/require-secure-deletion/index.js +44 -0
  152. package/src/rules/require-storage-encryption/index.d.ts +8 -0
  153. package/src/rules/require-storage-encryption/index.js +50 -0
  154. package/src/rules/require-url-validation/index.d.ts +6 -0
  155. package/src/rules/require-url-validation/index.js +72 -0
  156. package/src/types/index.d.ts +106 -0
  157. package/src/types/index.js +16 -0
  158. package/src/index.ts +0 -605
  159. package/src/rules/__tests__/integration-demo.test.ts +0 -290
  160. package/src/rules/__tests__/integration-llm.test.ts +0 -89
  161. package/src/rules/database-injection/database-injection.test.ts +0 -456
  162. package/src/rules/database-injection/index.ts +0 -488
  163. package/src/rules/detect-child-process/detect-child-process.test.ts +0 -207
  164. package/src/rules/detect-child-process/index.ts +0 -634
  165. package/src/rules/detect-eval-with-expression/detect-eval-with-expression.test.ts +0 -416
  166. package/src/rules/detect-eval-with-expression/index.ts +0 -463
  167. package/src/rules/detect-mixed-content/detect-mixed-content.test.ts +0 -28
  168. package/src/rules/detect-mixed-content/index.ts +0 -52
  169. package/src/rules/detect-non-literal-fs-filename/detect-non-literal-fs-filename.test.ts +0 -269
  170. package/src/rules/detect-non-literal-fs-filename/index.ts +0 -551
  171. package/src/rules/detect-non-literal-regexp/detect-non-literal-regexp.test.ts +0 -189
  172. package/src/rules/detect-non-literal-regexp/index.ts +0 -490
  173. package/src/rules/detect-object-injection/detect-object-injection.test.ts +0 -440
  174. package/src/rules/detect-object-injection/index.ts +0 -674
  175. package/src/rules/detect-suspicious-dependencies/detect-suspicious-dependencies.test.ts +0 -32
  176. package/src/rules/detect-suspicious-dependencies/index.ts +0 -84
  177. package/src/rules/detect-weak-password-validation/detect-weak-password-validation.test.ts +0 -31
  178. package/src/rules/detect-weak-password-validation/index.ts +0 -68
  179. package/src/rules/no-allow-arbitrary-loads/index.ts +0 -54
  180. package/src/rules/no-allow-arbitrary-loads/no-allow-arbitrary-loads.test.ts +0 -28
  181. package/src/rules/no-arbitrary-file-access/index.ts +0 -238
  182. package/src/rules/no-arbitrary-file-access/no-arbitrary-file-access.test.ts +0 -119
  183. package/src/rules/no-buffer-overread/index.ts +0 -724
  184. package/src/rules/no-buffer-overread/no-buffer-overread.test.ts +0 -313
  185. package/src/rules/no-clickjacking/index.ts +0 -481
  186. package/src/rules/no-clickjacking/no-clickjacking.test.ts +0 -253
  187. package/src/rules/no-client-side-auth-logic/index.ts +0 -81
  188. package/src/rules/no-client-side-auth-logic/no-client-side-auth-logic.test.ts +0 -33
  189. package/src/rules/no-credentials-in-query-params/index.ts +0 -69
  190. package/src/rules/no-credentials-in-query-params/no-credentials-in-query-params.test.ts +0 -33
  191. package/src/rules/no-credentials-in-storage-api/index.ts +0 -64
  192. package/src/rules/no-credentials-in-storage-api/no-credentials-in-storage-api.test.ts +0 -31
  193. package/src/rules/no-data-in-temp-storage/index.ts +0 -75
  194. package/src/rules/no-data-in-temp-storage/no-data-in-temp-storage.test.ts +0 -33
  195. package/src/rules/no-debug-code-in-production/index.ts +0 -59
  196. package/src/rules/no-debug-code-in-production/no-debug-code-in-production.test.ts +0 -26
  197. package/src/rules/no-directive-injection/index.ts +0 -551
  198. package/src/rules/no-directive-injection/no-directive-injection.test.ts +0 -305
  199. package/src/rules/no-disabled-certificate-validation/index.ts +0 -72
  200. package/src/rules/no-disabled-certificate-validation/no-disabled-certificate-validation.test.ts +0 -33
  201. package/src/rules/no-document-cookie/index.ts +0 -113
  202. package/src/rules/no-document-cookie/no-document-cookie.test.ts +0 -382
  203. package/src/rules/no-dynamic-dependency-loading/index.ts +0 -60
  204. package/src/rules/no-dynamic-dependency-loading/no-dynamic-dependency-loading.test.ts +0 -27
  205. package/src/rules/no-electron-security-issues/index.ts +0 -504
  206. package/src/rules/no-electron-security-issues/no-electron-security-issues.test.ts +0 -324
  207. package/src/rules/no-exposed-debug-endpoints/index.ts +0 -73
  208. package/src/rules/no-exposed-debug-endpoints/no-exposed-debug-endpoints.test.ts +0 -40
  209. package/src/rules/no-exposed-sensitive-data/index.ts +0 -428
  210. package/src/rules/no-exposed-sensitive-data/no-exposed-sensitive-data.test.ts +0 -75
  211. package/src/rules/no-format-string-injection/index.ts +0 -801
  212. package/src/rules/no-format-string-injection/no-format-string-injection.test.ts +0 -437
  213. package/src/rules/no-graphql-injection/index.ts +0 -508
  214. package/src/rules/no-graphql-injection/no-graphql-injection.test.ts +0 -371
  215. package/src/rules/no-hardcoded-credentials/index.ts +0 -478
  216. package/src/rules/no-hardcoded-credentials/no-hardcoded-credentials.test.ts +0 -639
  217. package/src/rules/no-hardcoded-session-tokens/index.ts +0 -69
  218. package/src/rules/no-hardcoded-session-tokens/no-hardcoded-session-tokens.test.ts +0 -42
  219. package/src/rules/no-http-urls/index.ts +0 -131
  220. package/src/rules/no-http-urls/no-http-urls.test.ts +0 -60
  221. package/src/rules/no-improper-sanitization/index.ts +0 -502
  222. package/src/rules/no-improper-sanitization/no-improper-sanitization.test.ts +0 -156
  223. package/src/rules/no-improper-type-validation/index.ts +0 -572
  224. package/src/rules/no-improper-type-validation/no-improper-type-validation.test.ts +0 -372
  225. package/src/rules/no-insecure-comparison/index.ts +0 -232
  226. package/src/rules/no-insecure-comparison/no-insecure-comparison.test.ts +0 -218
  227. package/src/rules/no-insecure-cookie-settings/index.ts +0 -391
  228. package/src/rules/no-insecure-cookie-settings/no-insecure-cookie-settings.test.ts +0 -409
  229. package/src/rules/no-insecure-jwt/index.ts +0 -467
  230. package/src/rules/no-insecure-jwt/no-insecure-jwt.test.ts +0 -259
  231. package/src/rules/no-insecure-redirects/index.ts +0 -267
  232. package/src/rules/no-insecure-redirects/no-insecure-redirects.test.ts +0 -108
  233. package/src/rules/no-insecure-websocket/index.ts +0 -72
  234. package/src/rules/no-insecure-websocket/no-insecure-websocket.test.ts +0 -42
  235. package/src/rules/no-insufficient-postmessage-validation/index.ts +0 -497
  236. package/src/rules/no-insufficient-postmessage-validation/no-insufficient-postmessage-validation.test.ts +0 -360
  237. package/src/rules/no-insufficient-random/index.ts +0 -288
  238. package/src/rules/no-insufficient-random/no-insufficient-random.test.ts +0 -246
  239. package/src/rules/no-ldap-injection/index.ts +0 -547
  240. package/src/rules/no-ldap-injection/no-ldap-injection.test.ts +0 -317
  241. package/src/rules/no-missing-authentication/index.ts +0 -408
  242. package/src/rules/no-missing-authentication/no-missing-authentication.test.ts +0 -350
  243. package/src/rules/no-missing-cors-check/index.ts +0 -453
  244. package/src/rules/no-missing-cors-check/no-missing-cors-check.test.ts +0 -392
  245. package/src/rules/no-missing-csrf-protection/index.ts +0 -229
  246. package/src/rules/no-missing-csrf-protection/no-missing-csrf-protection.test.ts +0 -222
  247. package/src/rules/no-missing-security-headers/index.ts +0 -266
  248. package/src/rules/no-missing-security-headers/no-missing-security-headers.test.ts +0 -98
  249. package/src/rules/no-password-in-url/index.ts +0 -64
  250. package/src/rules/no-password-in-url/no-password-in-url.test.ts +0 -27
  251. package/src/rules/no-permissive-cors/index.ts +0 -78
  252. package/src/rules/no-permissive-cors/no-permissive-cors.test.ts +0 -28
  253. package/src/rules/no-pii-in-logs/index.ts +0 -83
  254. package/src/rules/no-pii-in-logs/no-pii-in-logs.test.ts +0 -26
  255. package/src/rules/no-postmessage-origin-wildcard/index.ts +0 -67
  256. package/src/rules/no-postmessage-origin-wildcard/no-postmessage-origin-wildcard.test.ts +0 -27
  257. package/src/rules/no-privilege-escalation/index.ts +0 -403
  258. package/src/rules/no-privilege-escalation/no-privilege-escalation.test.ts +0 -306
  259. package/src/rules/no-redos-vulnerable-regex/index.ts +0 -379
  260. package/src/rules/no-redos-vulnerable-regex/no-redos-vulnerable-regex.test.ts +0 -83
  261. package/src/rules/no-sensitive-data-exposure/index.ts +0 -294
  262. package/src/rules/no-sensitive-data-exposure/no-sensitive-data-exposure.test.ts +0 -262
  263. package/src/rules/no-sensitive-data-in-analytics/index.ts +0 -73
  264. package/src/rules/no-sensitive-data-in-analytics/no-sensitive-data-in-analytics.test.ts +0 -42
  265. package/src/rules/no-sensitive-data-in-cache/index.ts +0 -59
  266. package/src/rules/no-sensitive-data-in-cache/no-sensitive-data-in-cache.test.ts +0 -32
  267. package/src/rules/no-sql-injection/index.ts +0 -424
  268. package/src/rules/no-sql-injection/no-sql-injection.test.ts +0 -303
  269. package/src/rules/no-timing-attack/index.ts +0 -552
  270. package/src/rules/no-timing-attack/no-timing-attack.test.ts +0 -348
  271. package/src/rules/no-toctou-vulnerability/index.ts +0 -250
  272. package/src/rules/no-toctou-vulnerability/no-toctou-vulnerability.test.ts +0 -60
  273. package/src/rules/no-tracking-without-consent/index.ts +0 -78
  274. package/src/rules/no-tracking-without-consent/no-tracking-without-consent.test.ts +0 -34
  275. package/src/rules/no-unchecked-loop-condition/index.ts +0 -781
  276. package/src/rules/no-unchecked-loop-condition/no-unchecked-loop-condition.test.ts +0 -459
  277. package/src/rules/no-unencrypted-local-storage/index.ts +0 -73
  278. package/src/rules/no-unencrypted-local-storage/no-unencrypted-local-storage.test.ts +0 -41
  279. package/src/rules/no-unencrypted-transmission/index.ts +0 -296
  280. package/src/rules/no-unencrypted-transmission/no-unencrypted-transmission.test.ts +0 -287
  281. package/src/rules/no-unescaped-url-parameter/index.ts +0 -424
  282. package/src/rules/no-unescaped-url-parameter/no-unescaped-url-parameter.test.ts +0 -263
  283. package/src/rules/no-unlimited-resource-allocation/index.ts +0 -767
  284. package/src/rules/no-unlimited-resource-allocation/no-unlimited-resource-allocation.test.ts +0 -544
  285. package/src/rules/no-unsafe-deserialization/index.ts +0 -593
  286. package/src/rules/no-unsafe-deserialization/no-unsafe-deserialization.test.ts +0 -310
  287. package/src/rules/no-unsafe-dynamic-require/index.ts +0 -125
  288. package/src/rules/no-unsafe-dynamic-require/no-unsafe-dynamic-require.test.ts +0 -151
  289. package/src/rules/no-unsafe-regex-construction/index.ts +0 -370
  290. package/src/rules/no-unsafe-regex-construction/no-unsafe-regex-construction.test.ts +0 -181
  291. package/src/rules/no-unsanitized-html/index.ts +0 -400
  292. package/src/rules/no-unsanitized-html/no-unsanitized-html.test.ts +0 -488
  293. package/src/rules/no-unvalidated-deeplinks/index.ts +0 -73
  294. package/src/rules/no-unvalidated-deeplinks/no-unvalidated-deeplinks.test.ts +0 -29
  295. package/src/rules/no-unvalidated-user-input/index.ts +0 -498
  296. package/src/rules/no-unvalidated-user-input/no-unvalidated-user-input.test.ts +0 -463
  297. package/src/rules/no-verbose-error-messages/index.ts +0 -83
  298. package/src/rules/no-verbose-error-messages/no-verbose-error-messages.test.ts +0 -34
  299. package/src/rules/no-weak-crypto/index.ts +0 -447
  300. package/src/rules/no-weak-crypto/no-weak-crypto.test.ts +0 -297
  301. package/src/rules/no-weak-password-recovery/index.ts +0 -509
  302. package/src/rules/no-weak-password-recovery/no-weak-password-recovery.test.ts +0 -184
  303. package/src/rules/no-xpath-injection/index.ts +0 -596
  304. package/src/rules/no-xpath-injection/no-xpath-injection.test.ts +0 -405
  305. package/src/rules/no-xxe-injection/index.ts +0 -342
  306. package/src/rules/no-xxe-injection/no-xxe-injection.test.ts +0 -122
  307. package/src/rules/no-zip-slip/index.ts +0 -526
  308. package/src/rules/no-zip-slip/no-zip-slip.test.ts +0 -305
  309. package/src/rules/require-backend-authorization/index.ts +0 -71
  310. package/src/rules/require-backend-authorization/require-backend-authorization.test.ts +0 -31
  311. package/src/rules/require-code-minification/index.ts +0 -54
  312. package/src/rules/require-code-minification/require-code-minification.test.ts +0 -30
  313. package/src/rules/require-csp-headers/index.ts +0 -74
  314. package/src/rules/require-csp-headers/require-csp-headers.test.ts +0 -34
  315. package/src/rules/require-data-minimization/index.ts +0 -65
  316. package/src/rules/require-data-minimization/require-data-minimization.test.ts +0 -31
  317. package/src/rules/require-dependency-integrity/index.ts +0 -78
  318. package/src/rules/require-dependency-integrity/require-dependency-integrity.test.ts +0 -44
  319. package/src/rules/require-https-only/index.ts +0 -75
  320. package/src/rules/require-https-only/require-https-only.test.ts +0 -26
  321. package/src/rules/require-mime-type-validation/index.ts +0 -77
  322. package/src/rules/require-mime-type-validation/require-mime-type-validation.test.ts +0 -32
  323. package/src/rules/require-network-timeout/index.ts +0 -58
  324. package/src/rules/require-network-timeout/require-network-timeout.test.ts +0 -26
  325. package/src/rules/require-package-lock/index.ts +0 -75
  326. package/src/rules/require-package-lock/require-package-lock.test.ts +0 -27
  327. package/src/rules/require-secure-credential-storage/index.ts +0 -60
  328. package/src/rules/require-secure-credential-storage/require-secure-credential-storage.test.ts +0 -26
  329. package/src/rules/require-secure-defaults/index.ts +0 -54
  330. package/src/rules/require-secure-defaults/require-secure-defaults.test.ts +0 -26
  331. package/src/rules/require-secure-deletion/index.ts +0 -52
  332. package/src/rules/require-secure-deletion/require-secure-deletion.test.ts +0 -29
  333. package/src/rules/require-storage-encryption/index.ts +0 -60
  334. package/src/rules/require-storage-encryption/require-storage-encryption.test.ts +0 -26
  335. package/src/rules/require-url-validation/index.ts +0 -85
  336. package/src/rules/require-url-validation/require-url-validation.test.ts +0 -32
  337. package/src/types/index.ts +0 -235
package/src/rules/no-document-cookie/no-document-cookie.test.ts DELETED
@@ -1,382 +0,0 @@
1
- /**
2
- * Comprehensive tests for no-document-cookie rule
3
- * Prevent direct usage of document.cookie
4
- */
5
- import { RuleTester } from '@typescript-eslint/rule-tester';
6
- import { describe, it, afterAll } from 'vitest';
7
- import parser from '@typescript-eslint/parser';
8
- import { noDocumentCookie } from './index';
9
-
10
- // Configure RuleTester for Vitest
11
- RuleTester.afterAll = afterAll;
12
- RuleTester.it = it;
13
- RuleTester.itOnly = it.only;
14
- RuleTester.describe = describe;
15
-
16
- // Use Flat Config format (ESLint 9+)
17
- const ruleTester = new RuleTester({
18
- languageOptions: {
19
- parser,
20
- ecmaVersion: 2022,
21
- sourceType: 'module',
22
- },
23
- });
24
-
25
- describe('no-document-cookie', () => {
26
- describe('basic functionality', () => {
27
- ruleTester.run('prevent document.cookie usage', noDocumentCookie, {
28
- valid: [
29
- // Other document properties
30
- {
31
- code: 'document.title = "New Title";',
32
- },
33
- {
34
- code: 'const url = document.URL;',
35
- },
36
- {
37
- code: 'document.body.appendChild(element);',
38
- },
39
- // Other objects with cookie property
40
- {
41
- code: 'response.cookie = "value";',
42
- },
43
- {
44
- code: 'const cookie = req.cookies;',
45
- },
46
- // Cookie Store API usage (recommended)
47
- {
48
- code: 'await cookieStore.set("name", "value");',
49
- },
50
- {
51
- code: 'const cookies = await cookieStore.getAll();',
52
- },
53
- // Cookie libraries
54
- {
55
- code: 'Cookies.set("name", "value");',
56
- },
57
- {
58
- code: 'const value = Cookies.get("name");',
59
- },
60
- // Reading document.cookie (allowed by default)
61
- {
62
- code: 'const cookies = document.cookie;',
63
- },
64
- {
65
- code: 'console.log(document.cookie);',
66
- },
67
- {
68
- code: 'const parsed = document.cookie.split("; ");',
69
- },
70
- ],
71
- invalid: [
72
- // Direct assignment
73
- {
74
- code: 'document.cookie = "name=value";',
75
- errors: [
76
- {
77
- messageId: 'noDocumentCookie',
78
- },
79
- ],
80
- },
81
- // Compound assignment
82
- {
83
- code: 'document.cookie += "; name=value";',
84
- errors: [
85
- {
86
- messageId: 'noDocumentCookie',
87
- },
88
- ],
89
- },
90
- ],
91
- });
92
- });
93
-
94
- describe('allowReading option', () => {
95
- ruleTester.run('allowReading option', noDocumentCookie, {
96
- valid: [
97
- // Reading is allowed by default
98
- {
99
- code: 'const cookies = document.cookie;',
100
- options: [{ allowReading: true }],
101
- },
102
- {
103
- code: 'console.log(document.cookie);',
104
- options: [{ allowReading: true }],
105
- },
106
- {
107
- code: 'const parsed = document.cookie.split("; ");',
108
- options: [{ allowReading: true }],
109
- },
110
- ],
111
- invalid: [
112
- // Assignments are still flagged
113
- {
114
- code: 'document.cookie = "name=value";',
115
- options: [{ allowReading: true }],
116
- errors: [
117
- {
118
- messageId: 'noDocumentCookie',
119
- },
120
- ],
121
- },
122
- // Reading is not allowed when disabled
123
- {
124
- code: 'const cookies = document.cookie;',
125
- options: [{ allowReading: false }],
126
- errors: [
127
- {
128
- messageId: 'noDocumentCookie',
129
- },
130
- ],
131
- },
132
- ],
133
- });
134
- });
135
-
136
- describe('complex expressions', () => {
137
- ruleTester.run('complex expressions', noDocumentCookie, {
138
- valid: [],
139
- invalid: [
140
- // In function calls
141
- {
142
- code: 'setCookie(document.cookie);',
143
- options: [{ allowReading: false }],
144
- errors: [
145
- {
146
- messageId: 'noDocumentCookie',
147
- },
148
- ],
149
- },
150
- // In ternary expressions
151
- {
152
- code: 'const value = condition ? document.cookie : "default";',
153
- options: [{ allowReading: false }],
154
- errors: [
155
- {
156
- messageId: 'noDocumentCookie',
157
- },
158
- ],
159
- },
160
- // In template literals
161
- {
162
- code: 'console.log(`Cookies: ${document.cookie}`);',
163
- options: [{ allowReading: false }],
164
- errors: [
165
- {
166
- messageId: 'noDocumentCookie',
167
- },
168
- ],
169
- },
170
- // Chained method calls
171
- {
172
- code: 'document.cookie.split(";").forEach(cookie => console.log(cookie));',
173
- options: [{ allowReading: false }],
174
- errors: [
175
- {
176
- messageId: 'noDocumentCookie',
177
- },
178
- ],
179
- },
180
- // Optional chaining
181
- {
182
- code: 'const cookies = document?.cookie;',
183
- options: [{ allowReading: false }],
184
- errors: [
185
- {
186
- messageId: 'noDocumentCookie',
187
- },
188
- ],
189
- },
190
- ],
191
- });
192
- });
193
-
194
- describe('different contexts', () => {
195
- ruleTester.run('different code contexts', noDocumentCookie, {
196
- valid: [],
197
- invalid: [
198
- // In function
199
- {
200
- code: `
201
- function getCookies() {
202
- return document.cookie;
203
- }
204
- `,
205
- options: [{ allowReading: false }],
206
- errors: [
207
- {
208
- messageId: 'noDocumentCookie',
209
- },
210
- ],
211
- },
212
- // In class method
213
- {
214
- code: `
215
- class CookieManager {
216
- getAll() {
217
- document.cookie = "test=value";
218
- return document.cookie;
219
- }
220
- }
221
- `,
222
- options: [{ allowReading: false }],
223
- errors: [
224
- {
225
- messageId: 'noDocumentCookie',
226
- },
227
- {
228
- messageId: 'noDocumentCookie',
229
- },
230
- ],
231
- },
232
- // In arrow function
233
- {
234
- code: 'const getCookie = () => document.cookie;',
235
- options: [{ allowReading: false }],
236
- errors: [
237
- {
238
- messageId: 'noDocumentCookie',
239
- },
240
- ],
241
- },
242
- // In async function
243
- {
244
- code: `
245
- async function setCookie(name, value) {
246
- document.cookie = \`\${name}=\${value}\`;
247
- }
248
- `,
249
- errors: [
250
- {
251
- messageId: 'noDocumentCookie',
252
- },
253
- ],
254
- },
255
- // In conditional
256
- {
257
- code: `
258
- if (typeof document !== 'undefined') {
259
- document.cookie += "; path=/";
260
- }
261
- `,
262
- errors: [
263
- {
264
- messageId: 'noDocumentCookie',
265
- },
266
- ],
267
- },
268
- ],
269
- });
270
- });
271
-
272
- describe('edge cases', () => {
273
- ruleTester.run('edge cases', noDocumentCookie, {
274
- valid: [
275
- // Shadowed document variable
276
- {
277
- code: `
278
- const document = { cookie: "fake" };
279
- console.log(document.cookie);
280
- `,
281
- },
282
- // Different property names
283
- {
284
- code: 'document.cookies = "value";',
285
- },
286
- {
287
- code: 'const value = document.cookieValue;',
288
- },
289
- ],
290
- invalid: [
291
- // Computed property access
292
- {
293
- code: 'document["cookie"] = "value";',
294
- errors: [
295
- {
296
- messageId: 'noDocumentCookie',
297
- },
298
- ],
299
- },
300
- // Variable assignment
301
- {
302
- code: 'let cookie = document.cookie;',
303
- options: [{ allowReading: false }],
304
- errors: [
305
- {
306
- messageId: 'noDocumentCookie',
307
- },
308
- ],
309
- },
310
- // Const assignment
311
- {
312
- code: 'const cookieString = document.cookie;',
313
- options: [{ allowReading: false }],
314
- errors: [
315
- {
316
- messageId: 'noDocumentCookie',
317
- },
318
- ],
319
- },
320
- ],
321
- });
322
- });
323
-
324
- describe('assignment detection', () => {
325
- ruleTester.run('assignment detection', noDocumentCookie, {
326
- valid: [],
327
- invalid: [
328
- // Direct assignment
329
- {
330
- code: 'document.cookie = "session=abc123";',
331
- errors: [
332
- {
333
- messageId: 'noDocumentCookie',
334
- },
335
- ],
336
- },
337
- // Assignment with path
338
- {
339
- code: 'document.cookie = "name=value; path=/";',
340
- errors: [
341
- {
342
- messageId: 'noDocumentCookie',
343
- },
344
- ],
345
- },
346
- // Compound assignment
347
- {
348
- code: 'document.cookie += "; secure";',
349
- errors: [
350
- {
351
- messageId: 'noDocumentCookie',
352
- },
353
- ],
354
- },
355
- // Assignment with expiration
356
- {
357
- code: 'document.cookie = "user=john; expires=Fri, 31 Dec 9999 23:59:59 GMT";',
358
- errors: [
359
- {
360
- messageId: 'noDocumentCookie',
361
- },
362
- ],
363
- },
364
- // Multiple assignments
365
- {
366
- code: `
367
- document.cookie = "first=value1";
368
- document.cookie = "second=value2";
369
- `,
370
- errors: [
371
- {
372
- messageId: 'noDocumentCookie',
373
- },
374
- {
375
- messageId: 'noDocumentCookie',
376
- },
377
- ],
378
- },
379
- ],
380
- });
381
- });
382
- });
package/src/rules/no-dynamic-dependency-loading/index.ts DELETED
@@ -1,60 +0,0 @@
1
- /**
2
- * @fileoverview Prevent dynamic dependency injection
3
- * @see https://owasp.org/www-project-mobile-top-10/
4
- * @see https://cwe.mitre.org/data/definitions/494.html
5
- */
6
-
7
- import { createRule, formatLLMMessage, MessageIcons } from '@interlace/eslint-devkit';
8
- import type { TSESTree } from '@interlace/eslint-devkit';
9
-
10
- type MessageIds = 'violationDetected';
11
-
12
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type, @typescript-eslint/no-empty-interface -- Rule has no configurable options
13
- export interface Options {}
14
-
15
- type RuleOptions = [Options?];
16
-
17
- export const noDynamicDependencyLoading = createRule<RuleOptions, MessageIds>({
18
- name: 'no-dynamic-dependency-loading',
19
- meta: {
20
- type: 'problem',
21
- docs: {
22
- description: 'Prevent runtime dependency injection with dynamic paths',
23
- category: 'Security',
24
- recommended: true,
25
- owaspMobile: ['M2'],
26
- cweIds: ['CWE-494'],
27
- },
28
- messages: {
29
- violationDetected: formatLLMMessage({
30
- icon: MessageIcons.SECURITY,
31
- issueName: 'violation Detected',
32
- cwe: 'CWE-1104',
33
- description: 'Dynamic import/require detected - use static imports for security',
34
- severity: 'HIGH',
35
- fix: 'Review and apply secure practices',
36
- documentationLink: 'https://cwe.mitre.org/data/definitions/1104.html',
37
- })
38
- },
39
- schema: [],
40
- },
41
- defaultOptions: [],
42
- create(context) {
43
- return {
44
- CallExpression(node: TSESTree.CallExpression) {
45
- // Dynamic require
46
- if (node.callee.name === 'require' && node.arguments[0]?.type !== 'Literal') {
47
- context.report({ node, messageId: 'violationDetected' });
48
- }
49
- },
50
-
51
- ImportExpression(node: TSESTree.ImportExpression) {
52
- // Dynamic import()
53
- if (node.source.type !== 'Literal') {
54
- context.report({ node, messageId: 'violationDetected' });
55
- }
56
- },
57
- };
58
- },
59
- });
60
-
package/src/rules/no-dynamic-dependency-loading/no-dynamic-dependency-loading.test.ts DELETED
@@ -1,27 +0,0 @@
1
- /**
2
- * @fileoverview Tests for no-dynamic-dependency-loading
3
- *
4
- * Coverage: Comprehensive test suite with valid and invalid cases
5
- */
6
-
7
- import { RuleTester } from '@typescript-eslint/rule-tester';
8
- import { noDynamicDependencyLoading } from './index';
9
-
10
- const ruleTester = new RuleTester({
11
- languageOptions: {
12
- ecmaVersion: 2022,
13
- sourceType: 'module',
14
- },
15
- });
16
-
17
- ruleTester.run('no-dynamic-dependency-loading', noDynamicDependencyLoading, {
18
- valid: [
19
- { code: "import module from './module'" },
20
- { code: "const lib = require('known-lib')" }
21
- ],
22
-
23
- invalid: [
24
- { code: "require(moduleName)", errors: [{ messageId: 'violationDetected' }] },
25
- { code: "import(userInput)", errors: [{ messageId: 'violationDetected' }] }
26
- ],
27
- });