/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-buffer-overread
 * Detects buffer access beyond bounds (CWE-126)
 *
 * Buffer overread occurs when reading from buffers beyond their allocated
 * length, potentially leading to information disclosure, crashes, or
 * other security issues.
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe buffer access patterns
 * - Bounds checking operations
 * - JSDoc annotations (@safe, @validated)
 * - Input validation functions
 */
import type { TSESLint, SecurityRuleOptions } from '@interlace/eslint-devkit';
type MessageIds = 'bufferOverread' | 'unsafeBufferAccess' | 'missingBoundsCheck' | 'negativeBufferIndex' | 'userControlledBufferIndex' | 'unsafeBufferSlice' | 'bufferLengthNotChecked' | 'useSafeBufferAccess' | 'validateBufferIndices' | 'checkBufferBounds' | 'strategyBoundsChecking' | 'strategyInputValidation' | 'strategySafeBuffers';
export interface Options extends SecurityRuleOptions {
    /** Buffer methods to check for bounds safety */
    bufferMethods?: string[];
    /** Functions that validate buffer indices */
    boundsCheckFunctions?: string[];
    /** Buffer types to monitor */
    bufferTypes?: string[];
    /** Additional function names to consider as buffer index validators */
    trustedSanitizers?: string[];
    /** Additional JSDoc annotations to consider as safe markers */
    strictMode?: boolean;
}
type RuleOptions = [Options?];
export declare const noBufferOverread: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};