/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-unsafe-deserialization
 * Detects unsafe deserialization of untrusted data (CWE-502)
 *
 * Unsafe deserialization occurs when untrusted data is deserialized in a way that
 * allows attackers to execute arbitrary code or manipulate application logic.
 * This includes:
 * - Using dangerous deserialization libraries
 * - eval() or Function() on untrusted data
 * - YAML/XML parsers that can execute code
 * - Unsafe use of serialization libraries
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe deserialization patterns
 * - Input validation and sanitization
 * - JSDoc annotations (@safe, @validated)
 * - Trusted deserialization libraries
 */
import type { TSESLint } from '@interlace/eslint-devkit';
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
type MessageIds = 'unsafeDeserialization' | 'dangerousEvalUsage' | 'unsafeYamlParsing' | 'dangerousFunctionConstructor' | 'untrustedDeserializationInput' | 'useSafeDeserializer' | 'validateBeforeDeserialization' | 'avoidEval' | 'strategySafeLibraries' | 'strategyInputValidation' | 'strategySandboxing';
export interface Options extends SecurityRuleOptions {
    /** Dangerous deserialization functions to detect */
    dangerousFunctions?: string[];
    /** Safe deserialization libraries */
    safeLibraries?: string[];
    /** Functions that validate input before deserialization */
    validationFunctions?: string[];
}
type RuleOptions = [Options?];
export declare const noUnsafeDeserialization: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};