/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-xpath-injection
 * Detects XPath injection vulnerabilities (CWE-643)
 *
 * XPath injection occurs when user input is improperly inserted into XPath
 * queries, allowing attackers to:
 * - Access unauthorized XML nodes and data
 * - Extract sensitive information from XML documents
 * - Perform XPath-based attacks and data exfiltration
 * - Bypass authentication or authorization checks
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe XPath construction methods
 * - Input validation and sanitization
 * - JSDoc annotations (@xpath-safe, @validated)
 * - Trusted XPath libraries
 */
import type { TSESLint } from '@interlace/eslint-devkit';
import { type SecurityRuleOptions } from '@interlace/eslint-devkit';
type MessageIds = 'xpathInjection' | 'unsafeXpathConcatenation' | 'unvalidatedXpathInput' | 'dangerousXpathExpression' | 'useParameterizedXpath' | 'escapeXpathInput' | 'validateXpathQueries' | 'strategyParameterizedQueries' | 'strategyInputValidation' | 'strategySafeConstruction';
export interface Options extends SecurityRuleOptions {
    /** XPath-related function names to check */
    xpathFunctions?: string[];
    /** Functions that safely construct XPath queries */
    safeXpathConstructors?: string[];
    /** Functions that validate/sanitize XPath input */
    xpathValidationFunctions?: string[];
}
type RuleOptions = [Options?];
export declare const noXpathInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};