/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-sensitive-data-exposure
 * Detects PII/credentials in logs, responses, or error messages
 * Priority 5: Security with Data Flow Analysis
 * CWE-532: Information Exposure Through Log Files
 *
 * @see https://cwe.mitre.org/data/definitions/532.html
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'sensitiveDataExposure' | 'redactData' | 'useMasking' | 'removeFromLogs';
export interface Options {
    /** Sensitive data patterns. Default: ['password', 'secret', 'token', 'key', 'ssn', 'credit', 'card'] */
    sensitivePatterns?: string[];
    /** Check console.log statements. Default: true */
    checkConsoleLog?: boolean;
    /** Check error messages. Default: true */
    checkErrorMessages?: boolean;
    /** Check API responses. Default: true */
    checkApiResponses?: boolean;
}
type RuleOptions = [Options?];
export declare const noSensitiveDataExposure: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};