/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-zip-slip
 * Detects zip slip/archive extraction vulnerabilities (CWE-22)
 *
 * Zip slip vulnerabilities occur when extracting archives without properly
 * validating file paths, allowing attackers to write files outside the
 * intended extraction directory using path traversal sequences like "../".
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe archive extraction patterns
 * - Path validation functions
 * - JSDoc annotations (@safe, @validated)
 * - Trusted extraction libraries
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'zipSlipVulnerability' | 'unsafeArchiveExtraction' | 'pathTraversalInArchive' | 'unvalidatedArchivePath' | 'dangerousArchiveDestination' | 'useSafeArchiveExtraction' | 'validateArchivePaths' | 'sanitizeArchiveNames' | 'strategyPathValidation' | 'strategySafeLibraries' | 'strategySandboxing';
export interface Options {
    /** Archive extraction functions to check */
    archiveFunctions?: string[];
    /** Functions that safely validate archive paths */
    pathValidationFunctions?: string[];
    /** Safe archive extraction libraries */
    safeLibraries?: string[];
}
type RuleOptions = [Options?];
export declare const noZipSlip: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};