@addon24/eslint-config
Version:
ESLint configuration rules for WorldOfTextcraft projects - Centralized configuration for all project types
38 lines (35 loc) • 1.37 kB
JavaScript
/**
* Security Rules
*
* Sicherheitsregeln für Backend-Projekte
*/
export default {
rules: {
// Security-Regeln (erweitert)
"security/detect-unsafe-regex": "error",
"security/detect-buffer-noassert": "error",
"security/detect-child-process": "error",
"security/detect-disable-mustache-escape": "error",
"security/detect-eval-with-expression": "error",
"security/detect-no-csrf-before-method-override": "error",
"security/detect-non-literal-fs-filename": "error",
"security/detect-non-literal-regexp": "error",
"security/detect-non-literal-require": "error",
"security/detect-object-injection": "error",
"security/detect-possible-timing-attacks": "error",
"security/detect-pseudoRandomBytes": "error",
"security/detect-bidi-characters": "error",
"security/detect-new-buffer": "error",
// No Secrets Plugin
"no-secrets/no-secrets": ["error", {
"tolerance": 4.2,
"additionalRegexes": {
"Basic Auth": "Authorization:\\s*Basic\\s+[A-Za-z0-9+/=]+",
"API Key": "(api[_-]?key|apikey)\\s*[:=]\\s*['\"][a-zA-Z0-9_-]{20,}['\"]",
"Database URL": "(database[_-]?url|db[_-]?url)\\s*[:=]\\s*['\"][^'\"]+['\"]",
"JWT": "eyJ[A-Za-z0-9_-]*\\.[A-Za-z0-9_-]*\\.[A-Za-z0-9_-]*",
"Private Key": "-----BEGIN\\s+(RSA\\s+)?PRIVATE\\s+KEY-----"
}
}],
},
};