eslint-plugin-secure-coding 2.3.4 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/CHANGELOG.md +51 -1
  2. package/README.md +3 -2
  3. package/package.json +2 -9
  4. package/src/index.d.ts +1 -1
  5. package/src/index.js +0 -49
  6. package/src/types/index.d.ts +4 -29
  7. package/src/types/index.js +3 -4
  8. package/src/rules/database-injection/index.d.ts +0 -13
  9. package/src/rules/database-injection/index.js +0 -406
  10. package/src/rules/no-credentials-in-storage-api/index.d.ts +0 -6
  11. package/src/rules/no-credentials-in-storage-api/index.js +0 -54
  12. package/src/rules/no-document-cookie/index.d.ts +0 -5
  13. package/src/rules/no-document-cookie/index.js +0 -89
  14. package/src/rules/no-insecure-cookie-settings/index.d.ts +0 -9
  15. package/src/rules/no-insecure-cookie-settings/index.js +0 -306
  16. package/src/rules/no-insecure-jwt/index.d.ts +0 -10
  17. package/src/rules/no-insecure-jwt/index.js +0 -380
  18. package/src/rules/no-insufficient-postmessage-validation/index.d.ts +0 -14
  19. package/src/rules/no-insufficient-postmessage-validation/index.js +0 -392
  20. package/src/rules/no-insufficient-random/index.d.ts +0 -9
  21. package/src/rules/no-insufficient-random/index.js +0 -208
  22. package/src/rules/no-postmessage-origin-wildcard/index.d.ts +0 -8
  23. package/src/rules/no-postmessage-origin-wildcard/index.js +0 -56
  24. package/src/rules/no-sql-injection/index.d.ts +0 -10
  25. package/src/rules/no-sql-injection/index.js +0 -335
  26. package/src/rules/no-timing-attack/index.d.ts +0 -10
  27. package/src/rules/no-timing-attack/index.js +0 -447
  28. package/src/rules/no-unencrypted-local-storage/index.d.ts +0 -8
  29. package/src/rules/no-unencrypted-local-storage/index.js +0 -61
  30. package/src/rules/no-unsanitized-html/index.d.ts +0 -9
  31. package/src/rules/no-unsanitized-html/index.js +0 -335
  32. package/src/rules/no-weak-crypto/index.d.ts +0 -11
  33. package/src/rules/no-weak-crypto/index.js +0 -351
package/src/rules/no-timing-attack/index.js DELETED
@@ -1,447 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.noTimingAttack = void 0;
4
- const eslint_devkit_1 = require("@interlace/eslint-devkit");
5
- const eslint_devkit_2 = require("@interlace/eslint-devkit");
6
- const eslint_devkit_3 = require("@interlace/eslint-devkit");
7
- exports.noTimingAttack = (0, eslint_devkit_1.createRule)({
8
- name: 'no-timing-attack',
9
- meta: {
10
- type: 'problem',
11
- deprecated: true,
12
- replacedBy: ['@see eslint-plugin-crypto/no-timing-unsafe-compare'],
13
- docs: {
14
- description: 'Detects timing attack vulnerabilities in authentication code',
15
- },
16
- fixable: 'code',
17
- messages: {
18
- timingAttack: (0, eslint_devkit_2.formatLLMMessage)({
19
- icon: eslint_devkit_2.MessageIcons.SECURITY,
20
- issueName: 'Timing Attack Vulnerability',
21
- cwe: 'CWE-208',
22
- description: 'Timing attack possible - execution time reveals secret information',
23
- severity: '{{severity}}',
24
- fix: '{{safeAlternative}}',
25
- documentationLink: 'https://cwe.mitre.org/data/definitions/208.html',
26
- }),
27
- insecureStringComparison: (0, eslint_devkit_2.formatLLMMessage)({
28
- icon: eslint_devkit_2.MessageIcons.SECURITY,
29
- issueName: 'Insecure String Comparison',
30
- cwe: 'CWE-208',
31
- description: 'String comparison may leak timing information',
32
- severity: 'HIGH',
33
- fix: 'Use crypto.timingSafeEqual() for comparing secrets',
34
- documentationLink: 'https://nodejs.org/api/crypto.html#cryptotimingsafeequal',
35
- }),
36
- earlyReturnLeakage: (0, eslint_devkit_2.formatLLMMessage)({
37
- icon: eslint_devkit_2.MessageIcons.SECURITY,
38
- issueName: 'Early Return Timing Leak',
39
- cwe: 'CWE-208',
40
- description: 'Early return may leak information through timing',
41
- severity: 'MEDIUM',
42
- fix: 'Process all inputs consistently to avoid timing differences',
43
- documentationLink: 'https://cwe.mitre.org/data/definitions/208.html',
44
- }),
45
- useTimingSafeEqual: (0, eslint_devkit_2.formatLLMMessage)({
46
- icon: eslint_devkit_2.MessageIcons.INFO,
47
- issueName: 'Use Timing Safe Equal',
48
- description: 'Use crypto.timingSafeEqual for constant-time comparison',
49
- severity: 'LOW',
50
- fix: 'crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b))',
51
- documentationLink: 'https://nodejs.org/api/crypto.html#cryptotimingsafeequal',
52
- }),
53
- useConstantTimeComparison: (0, eslint_devkit_2.formatLLMMessage)({
54
- icon: eslint_devkit_2.MessageIcons.INFO,
55
- issueName: 'Constant Time Comparison',
56
- description: 'Implement constant-time comparison algorithm',
57
- severity: 'LOW',
58
- fix: 'Compare all bytes regardless of content',
59
- documentationLink: 'https://en.wikipedia.org/wiki/Timing_attack',
60
- }),
61
- avoidEarlyReturns: (0, eslint_devkit_2.formatLLMMessage)({
62
- icon: eslint_devkit_2.MessageIcons.INFO,
63
- issueName: 'Avoid Early Returns',
64
- description: 'Avoid early returns in security-sensitive code',
65
- severity: 'LOW',
66
- fix: 'Process all inputs before making decisions',
67
- documentationLink: 'https://cwe.mitre.org/data/definitions/208.html',
68
- }),
69
- strategyTimingSafe: (0, eslint_devkit_2.formatLLMMessage)({
70
- icon: eslint_devkit_2.MessageIcons.STRATEGY,
71
- issueName: 'Timing Safe Strategy',
72
- description: 'Use built-in timing-safe comparison functions',
73
- severity: 'LOW',
74
- fix: 'Use crypto.timingSafeEqual or equivalent library functions',
75
- documentationLink: 'https://nodejs.org/api/crypto.html#cryptotimingsafeequal',
76
- }),
77
- strategyConstantTime: (0, eslint_devkit_2.formatLLMMessage)({
78
- icon: eslint_devkit_2.MessageIcons.STRATEGY,
79
- issueName: 'Constant Time Strategy',
80
- description: 'Implement custom constant-time comparison',
81
- severity: 'LOW',
82
- fix: 'Compare all characters/bytes with consistent timing',
83
- documentationLink: 'https://en.wikipedia.org/wiki/Timing_attack',
84
- }),
85
- strategyConsistentTiming: (0, eslint_devkit_2.formatLLMMessage)({
86
- icon: eslint_devkit_2.MessageIcons.STRATEGY,
87
- issueName: 'Consistent Timing Strategy',
88
- description: 'Ensure consistent execution time for all inputs',
89
- severity: 'LOW',
90
- fix: 'Pad inputs or use fixed-time operations',
91
- documentationLink: 'https://cwe.mitre.org/data/definitions/208.html',
92
- })
93
- },
94
- schema: [
95
- {
96
- type: 'object',
97
- properties: {
98
- authFunctions: {
99
- type: 'array',
100
- items: { type: 'string' },
101
- default: ['authenticate', 'login', 'verifyPassword', 'checkToken', 'validateCredentials'],
102
- },
103
- sensitiveVariables: {
104
- type: 'array',
105
- items: { type: 'string' },
106
- default: ['password', 'token', 'secret', 'key', 'credentials', 'auth'],
107
- },
108
- allowEarlyReturns: {
109
- type: 'boolean',
110
- default: false,
111
- description: 'Allow early returns outside security-sensitive contexts'
112
- },
113
- trustedSanitizers: {
114
- type: 'array',
115
- items: { type: 'string' },
116
- default: [],
117
- description: 'Additional function names to consider as timing-safe',
118
- },
119
- trustedAnnotations: {
120
- type: 'array',
121
- items: { type: 'string' },
122
- default: [],
123
- description: 'Additional JSDoc annotations to consider as timing-safe markers',
124
- },
125
- strictMode: {
126
- type: 'boolean',
127
- default: false,
128
- description: 'Disable all false positive detection (strict mode)',
129
- },
130
- },
131
- additionalProperties: false,
132
- },
133
- ],
134
- },
135
- defaultOptions: [
136
- {
137
- authFunctions: ['authenticate', 'login', 'verifyPassword', 'checkToken', 'validateCredentials'],
138
- sensitiveVariables: ['password', 'token', 'secret', 'key', 'credentials', 'auth'],
139
- allowEarlyReturns: false,
140
- trustedSanitizers: ['sanitize'],
141
- trustedAnnotations: ['@timing-safe'],
142
- strictMode: false,
143
- },
144
- ],
145
- create(context) {
146
- const options = context.options[0] || {};
147
- const { authFunctions = ['authenticate', 'login', 'verifyPassword', 'checkToken', 'validateCredentials'], sensitiveVariables = ['password', 'token', 'secret', 'key', 'credentials', 'auth'], allowEarlyReturns = false, trustedSanitizers = [], trustedAnnotations = [], strictMode = false, } = options;
148
- const sourceCode = context.sourceCode || context.sourceCode;
149
- const filename = context.filename || context.getFilename();
150
- // Create safety checker for false positive detection
151
- const safetyChecker = (0, eslint_devkit_3.createSafetyChecker)({
152
- trustedSanitizers,
153
- trustedAnnotations,
154
- trustedOrmPatterns: [],
155
- strictMode,
156
- });
157
- // Pre-compute Set for O(1) lookups (performance optimization)
158
- const sensitiveVarSet = new Set(sensitiveVariables.map(s => s.toLowerCase()));
159
- const authFunctionSet = new Set(authFunctions.map(f => f.toLowerCase()));
160
- // Track variables that contain sensitive data
161
- const sensitiveVars = new Set();
162
- /**
163
- * Check if a variable name indicates sensitive/auth data
164
- * Uses Set-based lookup for O(1) performance
165
- */
166
- const isSensitiveVariable = (varName) => {
167
- const lowerName = varName.toLowerCase();
168
- // Check if any sensitive keyword is a substring
169
- for (const sensitive of sensitiveVarSet) {
170
- if (lowerName.includes(sensitive))
171
- return true;
172
- }
173
- return false;
174
- };
175
- // Pre-compute auth patterns set for O(1) lookups
176
- const authPatternSet = new Set(['auth', 'login', 'verify', 'token', 'password', 'credential', 'authenticate']);
177
- /**
178
- * Check if we're in an authentication/security context
179
- * Uses Set-based lookups for O(1) performance
180
- */
181
- const isInAuthContext = (node) => {
182
- // Check if we're inside an authentication function
183
- let current = node;
184
- /* c8 ignore start -- defensive auth context detection */
185
- while (current) {
186
- if (current.type === eslint_devkit_1.AST_NODE_TYPES.FunctionDeclaration || current.type === eslint_devkit_1.AST_NODE_TYPES.FunctionExpression || current.type === eslint_devkit_1.AST_NODE_TYPES.ArrowFunctionExpression) {
187
- const funcName = current.id?.name;
188
- if (funcName) {
189
- const lowerName = funcName.toLowerCase();
190
- // Check exact matches first (O(1) with Set)
191
- if (authFunctionSet.has(lowerName)) {
192
- return true;
193
- }
194
- // Check pattern matches for common auth function names
195
- for (const pattern of authPatternSet) {
196
- if (lowerName.includes(pattern))
197
- return true;
198
- }
199
- }
200
- }
201
- if (current.type === eslint_devkit_1.AST_NODE_TYPES.CallExpression) {
202
- const callee = current.callee;
203
- if (callee.type === eslint_devkit_1.AST_NODE_TYPES.Identifier) {
204
- const lowerName = callee.name.toLowerCase();
205
- if (authFunctionSet.has(lowerName)) {
206
- return true;
207
- }
208
- // Check pattern matches
209
- for (const pattern of authPatternSet) {
210
- if (lowerName.includes(pattern))
211
- return true;
212
- }
213
- }
214
- }
215
- current = current.parent;
216
- }
217
- // NOTE: Removed sensitiveVars.size check - it was causing false positives
218
- // by flagging every function when ANY sensitive variable exists in the file.
219
- // Instead, we now check sensitive data involvement at the specific point of use.
220
- return false;
221
- /* c8 ignore stop */
222
- };
223
- /**
224
- * Check if a comparison is timing-safe
225
- */
226
- const isTimingSafeComparison = (node) => {
227
- // Check for crypto.timingSafeEqual calls
228
- let current = node;
229
- while (current) {
230
- if (current.type === eslint_devkit_1.AST_NODE_TYPES.CallExpression) {
231
- const callee = current.callee;
232
- if (callee.type === eslint_devkit_1.AST_NODE_TYPES.MemberExpression &&
233
- callee.object.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
234
- callee.object.name === 'crypto' &&
235
- callee.property.type === eslint_devkit_1.AST_NODE_TYPES.Identifier &&
236
- callee.property.name === 'timingSafeEqual') {
237
- return true;
238
- }
239
- }
240
- current = current.parent;
241
- }
242
- return false;
243
- };
244
- /**
245
- * Check if we're inside a function that uses crypto.timingSafeEqual.
246
- * Length checks before timingSafeEqual are necessary and safe.
247
- *
248
- * Pattern:
249
- * function safeCompare(a, b) {
250
- * if (a.length !== b.length) return false; // <-- This is SAFE
251
- * return crypto.timingSafeEqual(a, b);
252
- * }
253
- */
254
- const isInTimingSafeEqualContext = (node) => {
255
- // Find enclosing function
256
- let funcNode = node;
257
- while (funcNode) {
258
- if (funcNode.type === eslint_devkit_1.AST_NODE_TYPES.FunctionDeclaration ||
259
- funcNode.type === eslint_devkit_1.AST_NODE_TYPES.FunctionExpression ||
260
- funcNode.type === eslint_devkit_1.AST_NODE_TYPES.ArrowFunctionExpression) {
261
- break;
262
- }
263
- funcNode = funcNode.parent;
264
- }
265
- if (!funcNode) {
266
- return false;
267
- }
268
- // Check if the function body contains crypto.timingSafeEqual
269
- const funcText = sourceCode.getText(funcNode);
270
- if (funcText.includes('timingSafeEqual')) {
271
- return true;
272
- }
273
- // Also check for common timing-safe comparison library patterns
274
- const timingSafePatterns = [
275
- 'scmp', // secure-compare
276
- 'safe-compare',
277
- 'constant-time',
278
- 'constantTimeCompare',
279
- ];
280
- if (timingSafePatterns.some(pattern => funcText.includes(pattern))) {
281
- return true;
282
- }
283
- return false;
284
- };
285
- /**
286
- * Check if a comparison involves only non-sensitive data like length checks
287
- */
288
- const isLengthOrNumericComparison = (node) => {
289
- const leftText = sourceCode.getText(node.left);
290
- const rightText = sourceCode.getText(node.right);
291
- // Check for .length comparisons
292
- if (leftText.includes('.length') || rightText.includes('.length')) {
293
- return true;
294
- }
295
- // Check for numeric literal comparisons
296
- if (node.left.type === eslint_devkit_1.AST_NODE_TYPES.Literal && typeof node.left.value === 'number') {
297
- return true;
298
- }
299
- if (node.right.type === eslint_devkit_1.AST_NODE_TYPES.Literal && typeof node.right.value === 'number') {
300
- return true;
301
- }
302
- return false;
303
- };
304
- /**
305
- * Check if early return is in a security-sensitive context
306
- */
307
- const isEarlyReturnInAuthContext = (node) => {
308
- // If early returns are explicitly allowed, don't flag them
309
- if (allowEarlyReturns) {
310
- /* c8 ignore next */
311
- return false;
312
- }
313
- return isInAuthContext(node);
314
- };
315
- return {
316
- // Track sensitive variable declarations
317
- VariableDeclarator(node) {
318
- if (node.id.type === 'Identifier' && isSensitiveVariable(node.id.name)) {
319
- sensitiveVars.add(node.id.name);
320
- }
321
- // Also check if the variable is assigned sensitive data
322
- if (node.init && node.id.type === 'Identifier') {
323
- const initText = sourceCode.getText(node.init).toLowerCase();
324
- if (sensitiveVariables.some(sensitive => initText.includes(sensitive))) {
325
- sensitiveVars.add(node.id.name);
326
- }
327
- }
328
- },
329
- // Check binary expressions for insecure comparisons
330
- BinaryExpression(node) {
331
- if (node.operator !== '===' && node.operator !== '==' &&
332
- node.operator !== '!==' && node.operator !== '!=') {
333
- return;
334
- }
335
- // Skip if already using timing-safe comparison
336
- if (isTimingSafeComparison(node)) {
337
- return;
338
- }
339
- // FALSE POSITIVE REDUCTION: Skip length/numeric comparisons in timing-safe contexts
340
- // Pattern: if (a.length !== b.length) return false; before crypto.timingSafeEqual
341
- if (isInTimingSafeEqualContext(node) && isLengthOrNumericComparison(node)) {
342
- return;
343
- }
344
- // FALSE POSITIVE REDUCTION: Skip if annotated as safe
345
- if (safetyChecker.isSafe(node, context)) {
346
- return;
347
- }
348
- // Check if either side involves sensitive data
349
- const leftText = sourceCode.getText(node.left).toLowerCase();
350
- const rightText = sourceCode.getText(node.right).toLowerCase();
351
- const involvesSensitiveData = [leftText, rightText].some(text => sensitiveVariables.some(sensitive => text.toLowerCase().includes(sensitive.toLowerCase())));
352
- if (!involvesSensitiveData && !isInAuthContext(node)) {
353
- return;
354
- }
355
- context.report({
356
- node,
357
- messageId: 'insecureStringComparison',
358
- data: {
359
- filePath: filename,
360
- line: String(node.loc?.start.line ?? 0),
361
- },
362
- });
363
- },
364
- // Check for early returns that could leak timing information
365
- ReturnStatement(node) {
366
- // FALSE POSITIVE REDUCTION: Skip if annotated as safe
367
- if (safetyChecker.isSafe(node, context)) {
368
- return;
369
- }
370
- // FALSE POSITIVE REDUCTION: Skip if inside a function using timingSafeEqual
371
- // Length check early returns are necessary and safe before timingSafeEqual
372
- if (isInTimingSafeEqualContext(node)) {
373
- return;
374
- }
375
- if (!isEarlyReturnInAuthContext(node)) {
376
- return;
377
- }
378
- // Look for conditional returns (if/else returns)
379
- let current = node;
380
- let isConditionalReturn = false;
381
- while (current && !isConditionalReturn) {
382
- if (current.type === 'IfStatement') {
383
- isConditionalReturn = true;
384
- break;
385
- }
386
- current = current.parent;
387
- }
388
- if (!isConditionalReturn) {
389
- return;
390
- }
391
- // Check if this return involves sensitive data
392
- const returnText = sourceCode.getText(node).toLowerCase();
393
- const involvesSensitiveData = sensitiveVariables.some(sensitive => returnText.includes(sensitive));
394
- if (!involvesSensitiveData && !isInAuthContext(node)) {
395
- return;
396
- }
397
- context.report({
398
- node,
399
- messageId: 'earlyReturnLeakage',
400
- data: {
401
- filePath: filename,
402
- line: String(node.loc?.start.line ?? 0),
403
- },
404
- });
405
- },
406
- // Check function calls for timing-sensitive operations
407
- CallExpression(node) {
408
- const callee = node.callee;
409
- // Check for insecure comparison functions
410
- if (callee.type === 'MemberExpression' &&
411
- callee.property.type === 'Identifier' &&
412
- ['equals', 'compare', 'matches'].includes(callee.property.name)) {
413
- // Skip known timing-safe libraries
414
- const objectName = callee.object.type === 'Identifier' ? callee.object.name : null;
415
- if (objectName) {
416
- // Known timing-safe comparison libraries
417
- const timingSafeLibraries = ['bcrypt', 'crypto'];
418
- if (timingSafeLibraries.includes(objectName) && callee.property.name === 'compare') {
419
- return; // bcrypt.compare and crypto.compare are timing-safe
420
- }
421
- }
422
- // Check if arguments involve sensitive data
423
- const argsText = node.arguments
424
- .map((arg) => sourceCode.getText(arg).toLowerCase())
425
- .join(' ');
426
- const involvesSensitiveData = sensitiveVariables.some(sensitive => argsText.includes(sensitive));
427
- if (involvesSensitiveData || isInAuthContext(node)) {
428
- // FALSE POSITIVE REDUCTION: Skip if annotated as safe
429
- if (safetyChecker.isSafe(node, context)) {
430
- return;
431
- }
432
- context.report({
433
- node,
434
- messageId: 'timingAttack',
435
- data: {
436
- filePath: filename,
437
- line: String(node.loc?.start.line ?? 0),
438
- severity: 'HIGH',
439
- safeAlternative: 'Use constant-time comparison functions',
440
- },
441
- });
442
- }
443
- }
444
- }
445
- };
446
- },
447
- });
package/src/rules/no-unencrypted-local-storage/index.d.ts DELETED
@@ -1,8 +0,0 @@
1
- /**
2
- * @fileoverview Prevent sensitive data in unencrypted local storage
3
- * @see https://owasp.org/www-project-mobile-top-10/
4
- * @see https://cwe.mitre.org/data/definitions/311.html
5
- */
6
- export interface Options {
7
- }
8
- export declare const noUnencryptedLocalStorage: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;
package/src/rules/no-unencrypted-local-storage/index.js DELETED
@@ -1,61 +0,0 @@
1
- "use strict";
2
- /**
3
- * @fileoverview Prevent sensitive data in unencrypted local storage
4
- * @see https://owasp.org/www-project-mobile-top-10/
5
- * @see https://cwe.mitre.org/data/definitions/311.html
6
- */
7
- Object.defineProperty(exports, "__esModule", { value: true });
8
- exports.noUnencryptedLocalStorage = void 0;
9
- const eslint_devkit_1 = require("@interlace/eslint-devkit");
10
- exports.noUnencryptedLocalStorage = (0, eslint_devkit_1.createRule)({
11
- name: 'no-unencrypted-local-storage',
12
- meta: {
13
- type: 'problem',
14
- docs: {
15
- description: 'Prevent sensitive data in unencrypted local storage',
16
- category: 'Security',
17
- recommended: true,
18
- owaspMobile: ['M9'],
19
- cweIds: ["CWE-311"],
20
- },
21
- messages: {
22
- violationDetected: (0, eslint_devkit_1.formatLLMMessage)({
23
- icon: eslint_devkit_1.MessageIcons.SECURITY,
24
- issueName: 'violation Detected',
25
- cwe: 'CWE-312',
26
- description: 'Prevent sensitive data in unencrypted local storage detected - this is a security risk',
27
- severity: 'HIGH',
28
- fix: 'Review and apply secure practices',
29
- documentationLink: 'https://cwe.mitre.org/data/definitions/312.html',
30
- })
31
- },
32
- schema: [],
33
- },
34
- defaultOptions: [],
35
- create(context) {
36
- function report(node) {
37
- context.report({
38
- node,
39
- messageId: 'violationDetected',
40
- });
41
- }
42
- return {
43
- CallExpression(node) {
44
- // Similar to no-credentials-in-storage-api but broader
45
- if (node.type === 'CallExpression' &&
46
- node.callee.type === 'MemberExpression' &&
47
- node.callee.property.name === 'setItem' &&
48
- ['localStorage', 'sessionStorage'].includes(node.callee.object.name)) {
49
- const keyArg = node.arguments[0];
50
- if (keyArg && keyArg.type === 'Literal') {
51
- const key = keyArg.value.toString().toLowerCase();
52
- const sensitiveKeys = ['creditcard', 'ssn', 'passport', 'license', 'medical', 'health'];
53
- if (sensitiveKeys.some(k => key.includes(k))) {
54
- report(node);
55
- }
56
- }
57
- }
58
- },
59
- };
60
- },
61
- });
package/src/rules/no-unsanitized-html/index.d.ts DELETED
@@ -1,9 +0,0 @@
1
- export interface Options {
2
- /** Allow unsanitized HTML in test files. Default: false */
3
- allowInTests?: boolean;
4
- /** Trusted sanitization libraries. Default: ['dompurify', 'sanitize-html', 'xss'] */
5
- trustedLibraries?: string[];
6
- /** Additional safe patterns to ignore. Default: [] */
7
- ignorePatterns?: string[];
8
- }
9
- export declare const noUnsanitizedHtml: ESLintUtils.RuleModule<MessageIds, Options, unknown, ESLintUtils.RuleListener>;