Enabled recommended eslint-plugin-security lint rules (#360)

* Enabled recommended eslint-plugin-security lint rules

* Enabling scan for test code

Author: soumeh01

eslint.config.mjs

@@ -14,8 +14,9 @@
  * limitations under the License.
  */
 
-import js from '@eslint/js';
-import tseslint from 'typescript-eslint';
+import js from "@eslint/js";
+import tseslint from "typescript-eslint";
+import eslintPluginSecurity from "eslint-plugin-security";
 
 export default [
     {
@@ -35,7 +36,8 @@ export default [
     {
         files: ['**/*.ts', '**/*.js'],
         plugins: {
-            "@typescript-eslint": tseslint.plugin
+            "@typescript-eslint": tseslint.plugin,
+            security: eslintPluginSecurity,
         },
         languageOptions: {
             ecmaVersion: 9,
@@ -48,52 +50,27 @@ export default [
             }
         },
         rules: {
+            // TypeScript-specific
             "@typescript-eslint/no-unused-vars": [
                 "warn",
                 {
                     "argsIgnorePattern": "^_"
                 }
             ],
-            "block-spacing": [
-                "error",
-                "always"
-            ],
-            "brace-style": [
-                "error",
-                "1tbs",
-                {
-                    "allowSingleLine": true
-                }
-            ],
-            "eol-last": [
-                "error"
-            ],
-            "indent": [
-                "error",
-                4,
-                {
-                    "SwitchCase": 1
-                }
-            ],
-            "linebreak-style": [
-                "error",
-                "unix"
-            ],
-            "no-trailing-spaces": [
-                "error"
-            ],
-            "object-curly-spacing": [
-                "error",
-                "always"
-            ],
-            "quotes": [
-                "error",
-                "single"
-            ],
-            "semi": [
-                "error",
-                "always"
-            ]
+
+            // Security rules
+            ...eslintPluginSecurity.configs.recommended.rules,
+
+            // Code style rules
+            "block-spacing": ["error", "always"],
+            "brace-style": ["error", "1tbs", { allowSingleLine: true }],
+            "eol-last": ["error"],
+            "indent": ["error", 4, { SwitchCase: 1 }],
+            "linebreak-style": ["error", "unix"],
+            "no-trailing-spaces": ["error"],
+            "object-curly-spacing": ["error", "always"],
+            "quotes": ["error", "single"],
+            "semi": ["error", "always"],
         },
     }
 ];

package.json

@@ -116,11 +116,12 @@
     "@vscode/vsce": "^3.6.0",
     "@yarnpkg/lockfile": "^1.1.0",
     "eslint": "^9.30.1",
+    "eslint-plugin-security": "^3.0.1",
     "extract-zip": "^2.0.1",
     "globby": "^14.1.0",
     "jest": "^30.0.4",
-    "markdownlint-cli": "^0.45.0",
     "markdown-link-check": "^3.13.7",
+    "markdownlint-cli": "^0.45.0",
     "node-fetch": "^3.3.2",
     "octokit": "^5.0.3",
     "tempfile": "^5.0.0",

yarn.lock

@@ -2939,6 +2939,13 @@ escodegen@^2.1.0:
   optionalDependencies:
     source-map "~0.6.1"
 
+eslint-plugin-security@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/eslint-plugin-security/-/eslint-plugin-security-3.0.1.tgz#bc52904f77c3b74c3942e12bdb0751831a3223d2"
+  integrity sha512-XjVGBhtDZJfyuhIxnQ/WMm385RbX3DBu7H1J7HNNhmB2tnGxMeqVSnYv79oAj992ayvIBZghsymwkYFS6cGH4Q==
+  dependencies:
+    safe-regex "^2.1.1"
+
 [email protected]:
   version "5.1.1"
   resolved "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz"
@@ -5485,6 +5492,11 @@ reduce-flatten@^2.0.0:
   resolved "https://registry.npmjs.org/reduce-flatten/-/reduce-flatten-2.0.0.tgz"
   integrity sha512-EJ4UNY/U1t2P/2k6oqotuX2Cc3T6nxJwsM0N0asT7dhrtH1ltUxDn4NalSYmPE2rCkVpcf/X6R0wDwcFpzhd4w==
 
+regexp-tree@~0.1.1:
+  version "0.1.27"
+  resolved "https://registry.yarnpkg.com/regexp-tree/-/regexp-tree-0.1.27.tgz#2198f0ef54518ffa743fe74d983b56ffd631b6cd"
+  integrity sha512-iETxpjK6YoRWJG5o6hXLwvjYAoW+FEZn9os0PD/b6AP6xQwsa/Y7lCVgIixBbUPMfhu+i2LtdeAqVTgGlQarfA==
+
 require-directory@^2.1.1:
   version "2.1.1"
   resolved "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz"
@@ -5548,6 +5560,13 @@ safe-buffer@^5.0.1, safe-buffer@^5.1.0, safe-buffer@~5.2.0:
   resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz"
   integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
 
+safe-regex@^2.1.1:
+  version "2.1.1"
+  resolved "https://registry.yarnpkg.com/safe-regex/-/safe-regex-2.1.1.tgz#f7128f00d056e2fe5c11e81a1324dd974aadced2"
+  integrity sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==
+  dependencies:
+    regexp-tree "~0.1.1"
+
 "safer-buffer@>= 2.1.2 < 3.0.0":
   version "2.1.2"
   resolved "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"