Skip to main content

no-nonnull-assertion-on-security-input

Disallow TypeScript non-null assertions on likely security-sensitive input values.

Targeted pattern scopeโ€‹

TypeScript non-null assertions on security-sensitive input values.

What this rule reportsโ€‹

TS non-null assertions on identifiers/properties with security-sensitive names.

Why this rule existsโ€‹

Non-null assertions can hide validation gaps and bypass defensive checks on attacker-controlled input.

โŒ Incorrectโ€‹

const safe = userInput!;

โœ… Correctโ€‹

const safe = validateInput(userInput);

ESLint flat config exampleโ€‹

import sdl from "eslint-plugin-sdl-2";

export default [
{
plugins: { sdl },

rules: {
"sdl/no-nonnull-assertion-on-security-input": "error",
},
},
];

When not to use itโ€‹

Disable only if the value has already been validated by a reviewed guard that this rule cannot statically recognize.

Package documentationโ€‹

Further readingโ€‹

Rule catalog ID: R043