no-nonnull-assertion-on-security-input
Disallow TypeScript non-null assertions on likely security-sensitive input values.
Targeted pattern scopeโ
TypeScript non-null assertions on security-sensitive input values.
What this rule reportsโ
TS non-null assertions on identifiers/properties with security-sensitive names.
Why this rule existsโ
Non-null assertions can hide validation gaps and bypass defensive checks on attacker-controlled input.
โ Incorrectโ
const safe = userInput!;
โ Correctโ
const safe = validateInput(userInput);
ESLint flat config exampleโ
import sdl from "eslint-plugin-sdl-2";
export default [
{
plugins: { sdl },
rules: {
"sdl/no-nonnull-assertion-on-security-input": "error",
},
},
];
When not to use itโ
Disable only if the value has already been validated by a reviewed guard that this rule cannot statically recognize.
Package documentationโ
Further readingโ
Rule catalog ID: R043