import * as parser from '@babel/parser'; import * as t from '@babel/types'; import { Rule } from '../rule'; import { CategoryType, CodeFinding, SeverityLevel } from '../../types'; /** * Rule to detect dangerous use of innerHTML */ export declare class DangerousInnerHTMLRule extends Rule { readonly id = "security-dangerous-innerhtml"; readonly name = "Dangerous innerHTML"; readonly description = "Detects potentially dangerous use of innerHTML and similar DOM APIs"; readonly category = CategoryType.Security; readonly defaultSeverity = SeverityLevel.Error; readonly requiresAST = true; private readonly dangerousProperties; private readonly reactDangerousProps; private readonly sanitizationFunctions; /** * Apply the rule to the given code * * @param code - Source code * @param ast - Parsed AST * @param filePath - Path to the file * @returns Array of findings */ apply(code: string, ast: parser.ParseResult, filePath: string): CodeFinding[]; /** * Check if a string contains dynamic content (variables, etc.) * * @param str - String to check * @returns True if the string contains dynamic content */ private containsDynamicContent; /** * Check if a node is sanitized * * @param node - AST node * @returns True if the node is sanitized */ private isSanitized; /** * Generate a suggestion for safer alternatives * * @param _ - Original code (unused) * @param propertyName - Name of the dangerous property * @returns Suggested code */ protected generateSuggestion(_: string, propertyName?: string): string; /** * Generate a suggestion for React's dangerouslySetInnerHTML * * @param _ - Original code (unused) * @returns Suggested code */ protected generateReactSuggestion(_: string): string; /** * Get the name of the function containing this code * * @param path - AST path * @returns Function name or undefined */ protected getFunctionName(path: any): string | undefined; }