/**
 * Copyright (c) 2025 Ofri Peretz
 * Licensed under the MIT License. Use of this source code is governed by the
 * MIT license that can be found in the LICENSE file.
 */
/**
 * ESLint Rule: no-xxe-injection
 * Detects XML External Entity (XXE) injection vulnerabilities (CWE-611)
 *
 * XXE injection occurs when XML parsers process external entity references,
 * allowing attackers to:
 * - Read sensitive local files
 * - Make HTTP requests to internal services
 * - Cause DoS through entity expansion (billion laughs)
 * - Perform SSRF attacks
 *
 * False Positive Reduction:
 * This rule uses security utilities to reduce false positives by detecting:
 * - Safe XML libraries (libxmljs with secure config, xmldom with entity resolution disabled)
 * - Proper parser configuration
 * - JSDoc annotations (@safe, @xxe-safe)
 * - Input validation and sanitization
 */
import type { TSESLint } from '@interlace/eslint-devkit';
type MessageIds = 'xxeInjection' | 'unsafeXmlParser' | 'externalEntityEnabled' | 'untrustedXmlSource';
export interface Options {
    /** Parser options that indicate safe configuration */
    safeParserOptions?: string[];
    /** Functions that validate/sanitize XML input */
    xmlValidationFunctions?: string[];
}
type RuleOptions = [Options?];
export declare const noXxeInjection: TSESLint.RuleModule<MessageIds, RuleOptions, unknown, TSESLint.RuleListener> & {
    name: string;
};
export {};