/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: detect-object-injection
 * Detects variable[key] as a left- or right-hand assignment operand (prototype pollution)
 * LLM-optimized with comprehensive object injection prevention guidance
 *
 * Type-Aware Enhancement:
 * This rule uses TypeScript type information when available to reduce false positives.
 * If a property key is constrained to a union of string literals (e.g., 'name' | 'email'),
 * the access is considered safe because the values are statically known at compile time.
 *
 * @see https://portswigger.net/web-security/prototype-pollution
 * @see https://cwe.mitre.org/data/definitions/915.html
 */
import { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'objectInjection' | 'useMapInstead' | 'useHasOwnProperty' | 'whitelistKeys' | 'useObjectCreate' | 'freezePrototypes' | 'strategyValidate' | 'strategyWhitelist' | 'strategyFreeze';
export interface Options {
    /** Allow bracket notation with literal strings. Default: false (stricter) */
    allowLiterals?: boolean;
    /** Additional object methods to check for injection */
    additionalMethods?: string[];
    /** Properties to consider dangerous. Default: __proto__, prototype, constructor */
    dangerousProperties?: string[];
    /** Strategy for fixing object injection: 'validate', 'whitelist', 'freeze', or 'auto' */
    strategy?: 'validate' | 'whitelist' | 'freeze' | 'auto';
}
type RuleOptions = [Options?];
export declare const detectObjectInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};