/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: detect-child-process
 * Detects instances of child_process & non-literal exec() calls
 * LLM-optimized with comprehensive command injection prevention guidance
 *
 * @see https://owasp.org/www-community/attacks/Command_Injection
 * @see https://cwe.mitre.org/data/definitions/78.html
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'childProcessCommandInjection' | 'useExecFile' | 'useSpawn' | 'useSaferLibrary' | 'validateInput' | 'useShellFalse' | 'strategyValidate' | 'strategySanitize' | 'strategyRestrict';
export interface Options {
    /** Allow exec() with literal strings. Default: false (stricter) */
    allowLiteralStrings?: boolean;
    /** Allow spawn() with literal arguments. Default: false (stricter) */
    allowLiteralSpawn?: boolean;
    /** Additional child_process methods to check */
    additionalMethods?: string[];
    /** Strategy for fixing command injection: 'validate', 'sanitize', 'restrict', or 'auto' */
    strategy?: 'validate' | 'sanitize' | 'restrict' | 'auto';
}
type RuleOptions = [Options?];
export declare const detectChildProcess: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};