/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-ldap-injection
 * Detects LDAP injection vulnerabilities (CWE-90)
 *
 * LDAP injection occurs when user input is improperly inserted into LDAP
 * queries, allowing attackers to:
 * - Bypass authentication and authorization
 * - Extract sensitive directory information
 * - Perform unauthorized LDAP operations
 * - Enumerate users through blind injection techniques
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe LDAP libraries with built-in escaping
 * - Input validation and sanitization functions
 * - JSDoc annotations (@ldap-safe, @escaped)
 * - Parameterized LDAP query construction
 */
import type { TSESLint } from '@interlace/eslint-devkit';
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
type MessageIds = 'ldapInjection' | 'unsafeLdapFilter' | 'unescapedLdapInput' | 'dangerousLdapOperation' | 'useLdapEscaping' | 'validateLdapInput' | 'useParameterizedLdap' | 'strategyInputValidation' | 'strategySafeLibraries' | 'strategyFilterConstruction';
export interface Options extends SecurityRuleOptions {
    /** LDAP-related function names to check */
    ldapFunctions?: string[];
    /** Functions that safely escape LDAP input */
    ldapEscapeFunctions?: string[];
    /** Functions that validate LDAP input */
    ldapValidationFunctions?: string[];
}
type RuleOptions = [Options?];
export declare const noLdapInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};