Interlace ESLint
ESLint Interlace
Secure CodingRules

no-sensitive-data-in-cache

This rule security rule for mobile applications.

Security rule for mobile applications

Rule Details

This rule security rule for mobile applications.

OWASP Mobile Top 10: Mobile
CWE: CWE-524
Severity: error

Examples

❌ Incorrect

// Insecure pattern

✅ Correct

// Secure pattern

When Not To Use It

This rule should be enabled for all mobile and web applications to ensure security best practices.

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Values from Variables

Why: Values stored in variables are not traced.

// ❌ NOT DETECTED - Value from variable
const value = userInput;
dangerousOperation(value);

Mitigation: Validate all user inputs.

Wrapper Functions

Why: Custom wrappers not recognized.

// ❌ NOT DETECTED - Wrapper
myWrapper(userInput); // Uses dangerous API internally

Mitigation: Apply rule to wrapper implementations.

Dynamic Invocation

Why: Dynamic calls not analyzed.

// ❌ NOT DETECTED - Dynamic
obj[method](userInput);

Mitigation: Avoid dynamic method invocation.

Further Reading

  • See other mobile security rules in this plugin

Category: Mobile Security
Type: Problem
Recommended: Yes

no-sensitive-data-in-analytics

This rule security rule for mobile applications.

no-toctou-vulnerability

Detects Time-of-Check-Time-of-Use (TOCTOU) race condition vulnerabilities in file system operations.

On this page

Rule DetailsExamples❌ Incorrect✅ CorrectWhen Not To Use ItKnown False NegativesValues from VariablesWrapper FunctionsDynamic InvocationFurther ReadingRelated Rules