Interlace ESLint
ESLint Interlace
Secure CodingRules

require-secure-defaults

This rule security rule for mobile applications.

Security rule for mobile applications

Rule Details

This rule security rule for mobile applications.

OWASP Mobile Top 10: Mobile
CWE: CWE-1188
Severity: error

Examples

❌ Incorrect

// Insecure pattern

✅ Correct

// Secure pattern

When Not To Use It

This rule should be enabled for all mobile and web applications to ensure security best practices.

Known False Negatives

The following patterns are not detected due to static analysis limitations:

Values from Variables

Why: Values stored in variables are not traced.

// ❌ NOT DETECTED - Value from variable
const value = userInput;
dangerousOperation(value);

Mitigation: Validate all user inputs.

Wrapper Functions

Why: Custom wrappers not recognized.

// ❌ NOT DETECTED - Wrapper
myWrapper(userInput); // Uses dangerous API internally

Mitigation: Apply rule to wrapper implementations.

Dynamic Invocation

Why: Dynamic calls not analyzed.

// ❌ NOT DETECTED - Dynamic
obj[method](userInput);

Mitigation: Avoid dynamic method invocation.

Further Reading

  • See other mobile security rules in this plugin

Category: Mobile Security
Type: Problem
Recommended: Yes

require-secure-credential-storage

This rule security rule for mobile applications.

require-secure-deletion

This rule security rule for mobile applications.

On this page

Rule DetailsExamples❌ Incorrect✅ CorrectWhen Not To Use ItKnown False NegativesValues from VariablesWrapper FunctionsDynamic InvocationFurther ReadingRelated Rules