no-nonnull-assertion-on-security-input

Disallow TypeScript non-null assertions on likely security-sensitive input values.

Targeted pattern scope

TypeScript non-null assertions on security-sensitive input values.

What this rule reports

TS non-null assertions on identifiers/properties with security-sensitive names.

Why this rule exists

Non-null assertions can hide validation gaps and bypass defensive checks on attacker-controlled input.

❌ Incorrect

const safe = userInput!;

✅ Correct

const safe = validateInput(userInput);

ESLint flat config example

import sdl from "eslint-plugin-sdl-2";

export default [
 {
  plugins: { sdl },

  rules: {
   "sdl/no-nonnull-assertion-on-security-input": "error",
  },
 },
];

When not to use it

Disable only if the value has already been validated by a reviewed guard that this rule cannot statically recognize.

Package documentation

Rule source

Targeted pattern scope​

What this rule reports​

Why this rule exists​

❌ Incorrect​

✅ Correct​

ESLint flat config example​

When not to use it​

Package documentation​

Further reading​