Rules
All ESLint security rules provided by eslint-plugin-lambda-security
14 Security Rules
Comprehensive coverage of AWS Lambda and Middy security patterns for serverless applications.
All Rules
| Rule | 💼 | 🔧 | 💡 | ⚠️ | Docs |
|---|---|---|---|---|---|
| no-env-logging Detect logging of process.env which may expose secrets | |||||
| no-error-swallowing Detect empty catch blocks and missing error logging | |||||
| no-exposed-debug-endpoints Detect debug endpoints without authentication in Lambda handlers | |||||
| no-exposed-error-details Detect Lambda handlers exposing internal error details in responses | |||||
| no-hardcoded-credentials-sdk Detects hardcoded AWS credentials in SDK client configurations | |||||
| no-missing-authorization-check Security rule for lambda-security. This rule is part of eslint-plugin-lambda-security and provides LLM-optimized error messages. | |||||
| no-overly-permissive-iam-policy Security rule for lambda-security. This rule is part of eslint-plugin-lambda-security and provides LLM-optimized error messages. | |||||
| no-permissive-cors-middy Detects permissive CORS configurations in Middy middleware | |||||
| no-permissive-cors-response Detects permissive CORS headers in Lambda API Gateway responses | |||||
| no-secrets-in-env Detects secrets defined directly in environment variable configurations | |||||
| no-unbounded-batch-processing Detect processing batch records without size validation | |||||
| no-unvalidated-event-body Detect Lambda handlers using event body without validation | |||||
| no-user-controlled-requests Detect HTTP requests with user-controlled URLs (SSRF) | |||||
| require-timeout-handling Require timeout handling in Lambda handlers with external calls |
Rule Categories
CORS & Headers
Rules preventing permissive CORS responses and enforcing security headers.
Input Validation
Rules requiring validation of event body and user-controlled input.
Credential Security
Rules detecting hardcoded SDK credentials and secrets in environment variables.
Error Handling
Rules preventing error swallowing and exposed error details.
Resource Limits
Rules requiring timeout handling and preventing unbounded batch processing.