Interlace ESLint
ESLint Interlace
Secure CodingRules

detect-llm-infinite-loops

Detect potential infinite reasoning loops in LLM agents.

Detect potential infinite reasoning loops in LLM agents.

OWASP LLM Top 10 2025: LLM10 - Unbounded Consumption
CWE: CWE-834
Severity: 🔴 High

Rule Details

Identifies LLM reasoning loops without iteration limits or timeouts.

❌ Incorrect

while (true) {
  await llm.complete(prompt);
}

while (reasoning) {
  await agent.reason();
}

✅ Correct

for (let i = 0; i < MAX_ITERATIONS; i++) {
  await llm.complete(prompt);
}

let iteration = 0;
while (condition && iteration < 10) {
  await agent.step();
  iteration++;
}

Options

{
  "secure-coding/detect-llm-infinite-loops": ["error"]
}

Best Practices

Set maxIterations for all agent loops. Implement execution timeouts.

Version

Introduced in v2.3.0

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Prompt from Variable

Why: Prompt content from variables not traced.

// ❌ NOT DETECTED - Prompt from variable
const prompt = buildPrompt(userInput);
await generateText({ prompt });

Mitigation: Validate all prompt components.

Nested Context

Why: Deep nesting obscures injection.

// ❌ NOT DETECTED - Nested
const messages = [{ role: 'user', content: userInput }];
await chat({ messages });

Mitigation: Validate at all levels.

Custom AI Wrappers

Why: Custom AI clients not recognized.

// ❌ NOT DETECTED - Custom wrapper
myAI.complete(userPrompt);

Mitigation: Apply rule to wrapper implementations.

detect-llm-generated-sql

Detect dangerous LLM-to-SQL patterns.

detect-llm-unrestricted-tool-access

Detect LLM agents with access to all tools without restrictions.

On this page

Rule Details❌ Incorrect✅ CorrectOptionsBest PracticesVersionKnown False NegativesPrompt from VariableNested ContextCustom AI Wrappers