@sun-asterisk/sunlint/rules/security/S020_no_eval_dynamic_code/config.json

☀️ SunLint - Multi-language static analysis tool for code quality and security | Sun* Engineering Standards

{
  "id": "S020",
  "name": "Avoid using eval() or executing dynamic code",
  "category": "security",
  "description": "S020 - Avoid using eval() or executing dynamic code as it can lead to code injection vulnerabilities and compromise application security.",
  "severity": "error",
  "enabled": true,
  "semantic": {
    "enabled": true,
    "priority": "high",
    "fallback": "heuristic"
  },
  "patterns": {
    "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
    "exclude": [
      "**/*.test.js",
      "**/*.test.ts",
      "**/*.spec.js",
      "**/*.spec.ts",
      "**/node_modules/**",
      "**/dist/**",
      "**/build/**"
    ]
  },
  "analysis": {
    "approach": "symbol-based-primary",
    "fallback": "regex-based",
    "depth": 2,
    "timeout": 5000
  },
  "validation": {
    "dangerousFunctions": [
      "eval",
      "Function",
      "setTimeout",
      "setInterval",
      "execScript",
      "setImmediate"
    ],
    "dangerousPatterns": [
      "new Function",
      "window.eval",
      "global.eval",
      "globalThis.eval"
    ],
    "dynamicCodeIndicators": [
      "code",
      "script",
      "expression",
      "formula",
      "template"
    ]
  }
}