/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-privilege-escalation
 * Detects potential privilege escalation vulnerabilities
 * CWE-269: Improper Privilege Management
 *
 * @see https://cwe.mitre.org/data/definitions/269.html
 * @see https://owasp.org/www-community/vulnerabilities/Improper_Access_Control
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'privilegeEscalation' | 'addRoleCheck';
export interface Options {
    /** Allow privilege escalation patterns in test files. Default: false */
    allowInTests?: boolean;
    /** Test file pattern regex string. Default: '\\.(test|spec)\\.(ts|tsx|js|jsx)$' */
    testFilePattern?: string;
    /** Role check patterns to recognize. Default: ['hasRole', 'checkRole', 'isAdmin', 'isAuthorized'] */
    roleCheckPatterns?: string[];
    /** User input patterns that should be validated. Default: ['req.body', 'req.query', 'req.params'] */
    userInputPatterns?: string[];
    /** Additional patterns to ignore. Default: [] */
    ignorePatterns?: string[];
}
type RuleOptions = [Options?];
export declare const noPrivilegeEscalation: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};