@nodesecure/js-x-ray 11.5.0 → 12.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/AstAnalyser.d.ts +2 -2
- package/dist/AstAnalyser.d.ts.map +1 -1
- package/dist/AstAnalyser.js +23 -14
- package/dist/AstAnalyser.js.map +1 -1
- package/dist/CollectableSet.d.ts +11 -6
- package/dist/CollectableSet.d.ts.map +1 -1
- package/dist/CollectableSet.js +1 -1
- package/dist/CollectableSet.js.map +1 -1
- package/dist/CollectableSetRegistry.d.ts +1 -1
- package/dist/CollectableSetRegistry.d.ts.map +1 -1
- package/dist/CollectableSetRegistry.js +0 -2
- package/dist/CollectableSetRegistry.js.map +1 -1
- package/dist/Deobfuscator.d.ts.map +1 -1
- package/dist/Deobfuscator.js +8 -7
- package/dist/Deobfuscator.js.map +1 -1
- package/dist/EntryFilesAnalyser.d.ts +1 -1
- package/dist/EntryFilesAnalyser.d.ts.map +1 -1
- package/dist/EntryFilesAnalyser.js +2 -2
- package/dist/EntryFilesAnalyser.js.map +1 -1
- package/dist/NodeCounter.js +1 -1
- package/dist/ProbeRunner.d.ts.map +1 -1
- package/dist/ProbeRunner.js +12 -4
- package/dist/ProbeRunner.js.map +1 -1
- package/dist/SourceFile.d.ts +3 -3
- package/dist/SourceFile.d.ts.map +1 -1
- package/dist/SourceFile.js +14 -8
- package/dist/SourceFile.js.map +1 -1
- package/dist/VariableTracer.d.ts +100 -0
- package/dist/VariableTracer.d.ts.map +1 -0
- package/dist/VariableTracer.js +463 -0
- package/dist/VariableTracer.js.map +1 -0
- package/dist/contants.d.ts +1 -0
- package/dist/contants.d.ts.map +1 -1
- package/dist/contants.js +1 -0
- package/dist/contants.js.map +1 -1
- package/dist/estree/functions/arrayExpression.d.ts +15 -0
- package/dist/estree/functions/arrayExpression.d.ts.map +1 -0
- package/dist/estree/functions/arrayExpression.js +69 -0
- package/dist/estree/functions/arrayExpression.js.map +1 -0
- package/dist/estree/functions/concatBinaryExpression.d.ts +15 -0
- package/dist/estree/functions/concatBinaryExpression.d.ts.map +1 -0
- package/dist/estree/functions/concatBinaryExpression.js +46 -0
- package/dist/estree/functions/concatBinaryExpression.js.map +1 -0
- package/dist/estree/functions/extractLogicalExpression.d.ts +6 -0
- package/dist/estree/functions/extractLogicalExpression.d.ts.map +1 -0
- package/dist/estree/functions/extractLogicalExpression.js +18 -0
- package/dist/estree/functions/extractLogicalExpression.js.map +1 -0
- package/dist/estree/functions/getCallExpressionArguments.d.ts +4 -0
- package/dist/estree/functions/getCallExpressionArguments.d.ts.map +1 -0
- package/dist/estree/functions/getCallExpressionArguments.js +52 -0
- package/dist/estree/functions/getCallExpressionArguments.js.map +1 -0
- package/dist/estree/functions/getCallExpressionIdentifier.d.ts +15 -0
- package/dist/estree/functions/getCallExpressionIdentifier.d.ts.map +1 -0
- package/dist/estree/functions/getCallExpressionIdentifier.js +24 -0
- package/dist/estree/functions/getCallExpressionIdentifier.js.map +1 -0
- package/dist/estree/functions/getMemberExpressionIdentifier.d.ts +7 -0
- package/dist/estree/functions/getMemberExpressionIdentifier.d.ts.map +1 -0
- package/dist/estree/functions/getMemberExpressionIdentifier.js +63 -0
- package/dist/estree/functions/getMemberExpressionIdentifier.js.map +1 -0
- package/dist/estree/functions/getVariableDeclarationIdentifiers.d.ts +13 -0
- package/dist/estree/functions/getVariableDeclarationIdentifiers.d.ts.map +1 -0
- package/dist/estree/functions/getVariableDeclarationIdentifiers.js +123 -0
- package/dist/estree/functions/getVariableDeclarationIdentifiers.js.map +1 -0
- package/dist/estree/functions/toLiteral.d.ts +3 -0
- package/dist/estree/functions/toLiteral.d.ts.map +1 -0
- package/dist/estree/functions/toLiteral.js +4 -0
- package/dist/estree/functions/toLiteral.js.map +1 -0
- package/dist/estree/index.d.ts +11 -0
- package/dist/estree/index.d.ts.map +1 -0
- package/dist/estree/index.js +11 -0
- package/dist/estree/index.js.map +1 -0
- package/dist/estree/literal.d.ts +4 -0
- package/dist/estree/literal.d.ts.map +1 -0
- package/dist/estree/literal.js +7 -0
- package/dist/estree/literal.js.map +1 -0
- package/dist/{types/estree.d.ts → estree/types.d.ts} +5 -1
- package/dist/estree/types.d.ts.map +1 -0
- package/dist/{types/estree.js → estree/types.js} +4 -1
- package/dist/estree/types.js.map +1 -0
- package/dist/i18n/arabic.d.ts +29 -0
- package/dist/i18n/arabic.d.ts.map +1 -0
- package/dist/i18n/arabic.js +28 -0
- package/dist/i18n/arabic.js.map +1 -0
- package/dist/i18n/english.d.ts +1 -0
- package/dist/i18n/english.js +2 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.d.ts +1 -0
- package/dist/i18n/french.js +2 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/i18n/turkish.d.ts +29 -0
- package/dist/i18n/turkish.d.ts.map +1 -0
- package/dist/i18n/turkish.js +28 -0
- package/dist/i18n/turkish.js.map +1 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -1
- package/dist/index.js.map +1 -1
- package/dist/obfuscators/freejsobfuscator.d.ts +5 -0
- package/dist/obfuscators/freejsobfuscator.d.ts.map +1 -1
- package/dist/obfuscators/freejsobfuscator.js +1 -3
- package/dist/obfuscators/freejsobfuscator.js.map +1 -1
- package/dist/{JsSourceParser.d.ts → parsers/JsSourceParser.d.ts} +8 -0
- package/dist/parsers/JsSourceParser.d.ts.map +1 -0
- package/dist/{JsSourceParser.js → parsers/JsSourceParser.js} +9 -2
- package/dist/parsers/JsSourceParser.js.map +1 -0
- package/dist/parsers/TsSourceParser.d.ts +7 -0
- package/dist/parsers/TsSourceParser.d.ts.map +1 -0
- package/dist/parsers/TsSourceParser.js +25 -0
- package/dist/parsers/TsSourceParser.js.map +1 -0
- package/dist/pipelines/deobfuscate.d.ts.map +1 -1
- package/dist/pipelines/deobfuscate.js +1 -2
- package/dist/pipelines/deobfuscate.js.map +1 -1
- package/dist/probes/data-exfiltration.d.ts.map +1 -1
- package/dist/probes/data-exfiltration.js +3 -3
- package/dist/probes/data-exfiltration.js.map +1 -1
- package/dist/probes/isESMExport.d.ts +1 -1
- package/dist/probes/isFetch.d.ts.map +1 -1
- package/dist/probes/isFetch.js +2 -2
- package/dist/probes/isFetch.js.map +1 -1
- package/dist/probes/isImportDeclaration.d.ts +1 -1
- package/dist/probes/isLiteral.d.ts +1 -1
- package/dist/probes/isLiteral.d.ts.map +1 -1
- package/dist/probes/isLiteral.js +1 -3
- package/dist/probes/isLiteral.js.map +1 -1
- package/dist/probes/isMonkeyPatch.js +2 -1
- package/dist/probes/isMonkeyPatch.js.map +1 -1
- package/dist/probes/isPrototypePollution.d.ts +18 -0
- package/dist/probes/isPrototypePollution.d.ts.map +1 -0
- package/dist/probes/isPrototypePollution.js +31 -0
- package/dist/probes/isPrototypePollution.js.map +1 -0
- package/dist/probes/isRandom.d.ts +15 -0
- package/dist/probes/isRandom.d.ts.map +1 -0
- package/dist/probes/isRandom.js +29 -0
- package/dist/probes/isRandom.js.map +1 -0
- package/dist/probes/isRequire/InlinedRequire.d.ts.map +1 -1
- package/dist/probes/isRequire/InlinedRequire.js +1 -2
- package/dist/probes/isRequire/InlinedRequire.js.map +1 -1
- package/dist/probes/isRequire/RequireCallExpressionWalker.d.ts +1 -1
- package/dist/probes/isRequire/RequireCallExpressionWalker.d.ts.map +1 -1
- package/dist/probes/isRequire/RequireCallExpressionWalker.js +3 -5
- package/dist/probes/isRequire/RequireCallExpressionWalker.js.map +1 -1
- package/dist/probes/isRequire/isRequire.d.ts.map +1 -1
- package/dist/probes/isRequire/isRequire.js +3 -3
- package/dist/probes/isRequire/isRequire.js.map +1 -1
- package/dist/probes/isSerializeEnv.d.ts.map +1 -1
- package/dist/probes/isSerializeEnv.js +2 -2
- package/dist/probes/isSerializeEnv.js.map +1 -1
- package/dist/probes/isUnsafeCallee.d.ts +4 -3
- package/dist/probes/isUnsafeCallee.d.ts.map +1 -1
- package/dist/probes/isUnsafeCallee.js +12 -12
- package/dist/probes/isUnsafeCallee.js.map +1 -1
- package/dist/probes/isUnsafeCommand.js +3 -2
- package/dist/probes/isUnsafeCommand.js.map +1 -1
- package/dist/probes/isWeakCrypto.js +1 -1
- package/dist/probes/sql-injection.js +2 -1
- package/dist/probes/sql-injection.js.map +1 -1
- package/dist/utils/extractNode.js +1 -1
- package/dist/utils/getSubMemberExpressionSegments.d.ts +2 -0
- package/dist/utils/getSubMemberExpressionSegments.d.ts.map +1 -0
- package/dist/utils/getSubMemberExpressionSegments.js +9 -0
- package/dist/utils/getSubMemberExpressionSegments.js.map +1 -0
- package/dist/utils/hex.d.ts +14 -0
- package/dist/utils/hex.d.ts.map +1 -0
- package/dist/utils/hex.js +44 -0
- package/dist/utils/hex.js.map +1 -0
- package/dist/utils/index.d.ts +9 -0
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +9 -0
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/isEvilIdentifier.d.ts +3 -0
- package/dist/utils/isEvilIdentifier.d.ts.map +1 -0
- package/dist/utils/isEvilIdentifier.js +11 -0
- package/dist/utils/isEvilIdentifier.js.map +1 -0
- package/dist/utils/isOneLineExpressionExport.d.ts.map +1 -1
- package/dist/utils/isOneLineExpressionExport.js +2 -1
- package/dist/utils/isOneLineExpressionExport.js.map +1 -1
- package/dist/utils/isStringBase64.d.ts +8 -0
- package/dist/utils/isStringBase64.d.ts.map +1 -0
- package/dist/utils/isStringBase64.js +18 -0
- package/dist/utils/isStringBase64.js.map +1 -0
- package/dist/utils/isSvg.d.ts +7 -0
- package/dist/utils/isSvg.d.ts.map +1 -0
- package/dist/utils/isSvg.js +26 -0
- package/dist/utils/isSvg.js.map +1 -0
- package/dist/utils/makePrefixRemover.d.ts +2 -0
- package/dist/utils/makePrefixRemover.d.ts.map +1 -0
- package/dist/utils/makePrefixRemover.js +13 -0
- package/dist/utils/makePrefixRemover.js.map +1 -0
- package/dist/utils/patterns.d.ts +24 -0
- package/dist/utils/patterns.d.ts.map +1 -0
- package/dist/utils/patterns.js +77 -0
- package/dist/utils/patterns.js.map +1 -0
- package/dist/utils/stringSuspicionScore.d.ts +12 -0
- package/dist/utils/stringSuspicionScore.d.ts.map +1 -0
- package/dist/utils/stringSuspicionScore.js +53 -0
- package/dist/utils/stringSuspicionScore.js.map +1 -0
- package/dist/utils/stripNodePrefix.d.ts +2 -0
- package/dist/utils/stripNodePrefix.d.ts.map +1 -0
- package/dist/utils/stripNodePrefix.js +11 -0
- package/dist/utils/stripNodePrefix.js.map +1 -0
- package/dist/walker/walker.sync.js +1 -1
- package/dist/warnings.d.ts +12 -2
- package/dist/warnings.d.ts.map +1 -1
- package/dist/warnings.js +10 -0
- package/dist/warnings.js.map +1 -1
- package/package.json +4 -6
- package/dist/JsSourceParser.d.ts.map +0 -1
- package/dist/JsSourceParser.js.map +0 -1
- package/dist/types/estree.d.ts.map +0 -1
- package/dist/types/estree.js.map +0 -1
|
@@ -23,4 +23,7 @@ export function isTemplateLiteral(node) {
|
|
|
23
23
|
export function isCallExpression(node) {
|
|
24
24
|
return isNode(node) && node.type === "CallExpression";
|
|
25
25
|
}
|
|
26
|
-
|
|
26
|
+
export function noop(_name) {
|
|
27
|
+
return null;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/estree/types.ts"],"names":[],"mappings":"AAWA,MAAM,UAAU,MAAM,CACpB,KAAc;IAEd,OAAO,CACL,KAAK,KAAK,IAAI;QACd,OAAO,KAAK,KAAK,QAAQ;QACzB,MAAM,IAAI,KAAK;QACf,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,CAC/B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,IAAa;IAEb,OAAO,MAAM,CAAC,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,IAAa;IAEb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,CACL,UAAU,CAAC,IAAI,KAAK,iBAAiB;QACrC,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,KAAK,QAAQ,CACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAa;IAEb,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC;AACxD,CAAC;AAMD,MAAM,UAAU,IAAI,CAAC,KAAa;IAChC,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
declare namespace _default {
|
|
2
|
+
export { sast_warnings };
|
|
3
|
+
}
|
|
4
|
+
export default _default;
|
|
5
|
+
declare namespace sast_warnings {
|
|
6
|
+
let parsing_error: string;
|
|
7
|
+
let unsafe_import: string;
|
|
8
|
+
let unsafe_regex: string;
|
|
9
|
+
let unsafe_stmt: string;
|
|
10
|
+
let unsafe_assign: string;
|
|
11
|
+
let encoded_literal: string;
|
|
12
|
+
let suspicious_file: string;
|
|
13
|
+
let short_identifiers: string;
|
|
14
|
+
let suspicious_literal: string;
|
|
15
|
+
let obfuscated_code: string;
|
|
16
|
+
let weak_crypto: string;
|
|
17
|
+
let shady_link: string;
|
|
18
|
+
let zero_semver: string;
|
|
19
|
+
let empty_package: string;
|
|
20
|
+
let unsafe_command: string;
|
|
21
|
+
let serialize_environment: string;
|
|
22
|
+
let synchronous_io: string;
|
|
23
|
+
let data_exfiltration: string;
|
|
24
|
+
let log_usage: string;
|
|
25
|
+
let sql_injection: string;
|
|
26
|
+
let monkey_patch: string;
|
|
27
|
+
let insecure_random: string;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=arabic.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"arabic.d.ts","sourceRoot":"","sources":["../../src/i18n/arabic.js"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
const sast_warnings = {
|
|
2
|
+
parsing_error: "حدث خطأ أثناء تحليل كود JavaScript باستخدام meriyah. هذا يعني أن عملية تحويل النص إلى شجرة بناء الجملة المجردة (AST) قد فشلت. إذا واجهت هذا الخطأ، يرجى فتح بلاغ (issue) هنا.",
|
|
3
|
+
unsafe_import: "تعذر تتبع عبارة استيراد (require, require.resolve).",
|
|
4
|
+
unsafe_regex: "تم اكتشاف تعبير نمطي (RegEx) غير آمن، مما قد يؤدي إلى هجوم ReDoS.",
|
|
5
|
+
unsafe_stmt: "استخدام عبارات خطيرة مثل eval() أو Function(\"\").",
|
|
6
|
+
unsafe_assign: "إسناد قيمة لمتغير عالمي محمي مثل process أو require.",
|
|
7
|
+
encoded_literal: "تم اكتشاف قيمة نصية مشفرة (قد تكون قيمة سداسية عشرية، أو تسلسل يونيكود، أو نص Base64، إلخ).",
|
|
8
|
+
suspicious_file: "ملف مشبوه يحتوي على أكثر من عشر قيم نصية مشفرة.",
|
|
9
|
+
short_identifiers: "هذا يعني أن متوسط طول المعرفات أقل من 1.5 حرف. يظهر هذا التنبيه فقط إذا كان الملف يحتوي على أكثر من 5 معرفات.",
|
|
10
|
+
suspicious_literal: "هذا يعني أن مجموع نقاط الاشتباه لجميع القيم نصية أكبر من 3.",
|
|
11
|
+
obfuscated_code: "هناك احتمالية عالية جداً بأن الكود مخفي أو معقد (obfuscated)...",
|
|
12
|
+
weak_crypto: "يحتوي الكود على خوارزمية تشفير ضعيفة (md5, sha1...).",
|
|
13
|
+
shady_link: "تحتوي القيمة النصية على رابط (URL) لنطاق بامتداد مشبوه.",
|
|
14
|
+
zero_semver: "نسخة (Semantic Version) تبدأ بـ 0.x (مشروع غير مستقر أو بدون إصدارات رسمية).",
|
|
15
|
+
empty_package: "حزمة tarball تحتوي فقط على ملف package.json.",
|
|
16
|
+
unsafe_command: "استخدام أوامر مشبوهة في child_process مثل spawn() أو exec().",
|
|
17
|
+
serialize_environment: "يحاول الكود إجراء عملية تسلسل (serialize) لـ process.env، مما قد يؤدي إلى تسريب متغيرات البيئة.",
|
|
18
|
+
synchronous_io: "يحتوي الكود على عمليات إدخال/إخراج متزامنة (Synchronous I/O)، مما قد يؤدي إلى حظر (block) حلقة الأحداث (event loop) وتدهور الأداء.",
|
|
19
|
+
data_exfiltration: "يكتشف عمليات تسلسل لمعلومات النظام الحساسة (os.userInfo, os.networkInterfaces, os.cpus, dns.getServers)، مما قد يشير إلى جمع بيانات غير مصرح به للنقل الخارجي.",
|
|
20
|
+
log_usage: "استخدام طرق تسجيل console (log, info, warn, error, debug) التي قد تكشف عن معلومات حساسة في بيئات الإنتاج.",
|
|
21
|
+
sql_injection: "قالب نصي (Template literal) يحتوي على تعبيرات مدرجة في استعلامات SQL (SELECT, INSERT, UPDATE, DELETE) بدون معالجة صحيحة، مما يخلق ثغرات حقن SQL محتملة.",
|
|
22
|
+
monkey_patch: "تعديل النماذج الأصلية (native prototypes) أو الكائنات العالمية في وقت التشغيل، مما يؤدي إلى مخاطر أمنية تشمل اختطاف التدفق، والآثار الجانبية العالمية، والإخفاء المحتمل للأنشطة الضارة.",
|
|
23
|
+
insecure_random: "استخدام توليد أرقام عشوائية غير آمن باستخدام Math.random(). إن Math.random() ليس آمناً من الناحية التشفيرية ولا ينبغي استخدامه للعمليات الحساسة أمنياً."
|
|
24
|
+
};
|
|
25
|
+
export default {
|
|
26
|
+
sast_warnings
|
|
27
|
+
};
|
|
28
|
+
//# sourceMappingURL=arabic.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"arabic.js","sourceRoot":"","sources":["../../src/i18n/arabic.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE,+KAA+K;IAC9L,aAAa,EAAE,qDAAqD;IACpE,YAAY,EAAE,mEAAmE;IACjF,WAAW,EAAE,oDAAoD;IACjE,aAAa,EAAE,sDAAsD;IACrE,eAAe,EAAE,6FAA6F;IAC9G,eAAe,EAAE,iDAAiD;IAClE,iBAAiB,EAAE,+GAA+G;IAClI,kBAAkB,EAAE,6DAA6D;IACjF,eAAe,EAAE,iEAAiE;IAClF,WAAW,EAAE,sDAAsD;IACnE,UAAU,EAAE,yDAAyD;IACrE,WAAW,EAAE,8EAA8E;IAC3F,aAAa,EAAE,8CAA8C;IAC7D,cAAc,EAAE,8DAA8D;IAC9E,qBAAqB,EAAE,iGAAiG;IACxH,cAAc,EAAE,oIAAoI;IACpJ,iBAAiB,EAAE,gKAAgK;IACnL,SAAS,EAAE,2GAA2G;IACtH,aAAa,EAAE,yJAAyJ;IACxK,YAAY,EAAE,yLAAyL;IACvM,eAAe,EAAE,yJAAyJ;CAC3K,CAAC;AAEF,eAAe;IACb,aAAa;CACd,CAAA"}
|
package/dist/i18n/english.d.ts
CHANGED
package/dist/i18n/english.js
CHANGED
|
@@ -19,7 +19,8 @@ const sast_warnings = {
|
|
|
19
19
|
data_exfiltration: "Detects serialization of sensitive system information (os.userInfo, os.networkInterfaces, os.cpus, dns.getServers) which could indicate unauthorized data collection for external transmission.",
|
|
20
20
|
log_usage: "Usage of console logging methods (log, info, warn, error, debug) that may expose sensitive information in production environments.",
|
|
21
21
|
sql_injection: "Template literals with interpolated expressions in SQL queries (SELECT, INSERT, UPDATE, DELETE) without proper parameterization, creating potential SQL injection vulnerabilities.",
|
|
22
|
-
monkey_patch: "Modification of native prototypes or global objects at runtime, which introduces security risks including flow hijacking, global side effects, and potential concealment of malicious activities."
|
|
22
|
+
monkey_patch: "Modification of native prototypes or global objects at runtime, which introduces security risks including flow hijacking, global side effects, and potential concealment of malicious activities.",
|
|
23
|
+
insecure_random: "Usage of insecure random number generation using Math.random(). Math.random() is not cryptographically secure and should not be used for security-sensitive operations."
|
|
23
24
|
};
|
|
24
25
|
export default {
|
|
25
26
|
sast_warnings
|
package/dist/i18n/english.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE,uLAAuL;IACtM,aAAa,EAAE,uEAAuE;IACtF,YAAY,EAAE,wEAAwE;IACtF,WAAW,EAAE,6DAA6D;IAC1E,aAAa,EAAE,2DAA2D;IAC1E,eAAe,EAAE,qGAAqG;IACtH,eAAe,EAAE,6DAA6D;IAC9E,iBAAiB,EAAE,6HAA6H;IAChJ,kBAAkB,EAAE,8EAA8E;IAClG,eAAe,EAAE,gEAAgE;IACjF,WAAW,EAAE,mEAAmE;IAChF,UAAU,EAAE,6EAA6E;IACzF,WAAW,EAAE,qFAAqF;IAClG,aAAa,EAAE,wDAAwD;IACvE,cAAc,EAAE,qEAAqE;IACrF,qBAAqB,EAAE,kGAAkG;IACzH,cAAc,EAAE,uGAAuG;IACvH,iBAAiB,EAAE,iMAAiM;IACpN,SAAS,EAAE,oIAAoI;IAC/I,aAAa,EAAE,oLAAoL;IACnM,YAAY,EAAE,mMAAmM;
|
|
1
|
+
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE,uLAAuL;IACtM,aAAa,EAAE,uEAAuE;IACtF,YAAY,EAAE,wEAAwE;IACtF,WAAW,EAAE,6DAA6D;IAC1E,aAAa,EAAE,2DAA2D;IAC1E,eAAe,EAAE,qGAAqG;IACtH,eAAe,EAAE,6DAA6D;IAC9E,iBAAiB,EAAE,6HAA6H;IAChJ,kBAAkB,EAAE,8EAA8E;IAClG,eAAe,EAAE,gEAAgE;IACjF,WAAW,EAAE,mEAAmE;IAChF,UAAU,EAAE,6EAA6E;IACzF,WAAW,EAAE,qFAAqF;IAClG,aAAa,EAAE,wDAAwD;IACvE,cAAc,EAAE,qEAAqE;IACrF,qBAAqB,EAAE,kGAAkG;IACzH,cAAc,EAAE,uGAAuG;IACvH,iBAAiB,EAAE,iMAAiM;IACpN,SAAS,EAAE,oIAAoI;IAC/I,aAAa,EAAE,oLAAoL;IACnM,YAAY,EAAE,mMAAmM;IACjN,eAAe,EAAE,yKAAyK;CAC3L,CAAC;AAEF,eAAe;IACb,aAAa;CACd,CAAA"}
|
package/dist/i18n/french.d.ts
CHANGED
package/dist/i18n/french.js
CHANGED
|
@@ -21,7 +21,8 @@ const sast_warnings = {
|
|
|
21
21
|
data_exfiltration: "Détecte la sérialisation d'informations système sensibles (os.userInfo, os.networkInterfaces, os.cpus, dns.getServers) qui pourrait indiquer une collecte de données non autorisée pour transmission externe.",
|
|
22
22
|
log_usage: "Utilisation de méthodes de l'API console (log, info, warn, error, debug) qui peuvent exposer des informations sensibles en environnement de production.",
|
|
23
23
|
sql_injection: "Littéraux de gabarit avec expressions interpolées dans les requêtes SQL (SELECT, INSERT, UPDATE, DELETE) sans paramétrisation appropriée, créant des vulnérabilités potentielles d'injection SQL.",
|
|
24
|
-
monkey_patch: "Modification des prototypes natifs ou objets globaux à l'exécution, ce qui introduit des risques de sécurité incluant le détournement de flux, des effets secondaires globaux et la dissimulation potentielle d'activités malveillantes."
|
|
24
|
+
monkey_patch: "Modification des prototypes natifs ou objets globaux à l'exécution, ce qui introduit des risques de sécurité incluant le détournement de flux, des effets secondaires globaux et la dissimulation potentielle d'activités malveillantes.",
|
|
25
|
+
insecure_random: "Utilisation d'une génération de nombres aléatoires non sécurisée à l'aide de Math.random(). Math.random() n'est pas cryptographiquement sûr et ne doit pas être utilisé pour des opérations sensibles en matière de sécurité."
|
|
25
26
|
};
|
|
26
27
|
export default {
|
|
27
28
|
sast_warnings
|
package/dist/i18n/french.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE;;8EAE6D;IAC5E,aAAa,EAAE,0EAA0E;IACzF,YAAY,EAAE,mFAAmF;IACjG,WAAW,EAAE,wEAAwE;IACrF,aAAa,EAAE,6DAA6D;IAC5E,eAAe,EAAE,uIAAuI;IACxJ,iBAAiB,EAAE,sJAAsJ;IACzK,kBAAkB,EAAE,0FAA0F;IAC9G,eAAe,EAAE,wEAAwE;IACzF,eAAe,EAAE,gEAAgE;IACjF,WAAW,EAAE,gGAAgG;IAC7G,UAAU,EAAE,mFAAmF;IAC/F,WAAW,EAAE,uFAAuF;IACpG,aAAa,EAAE,8DAA8D;IAC7E,cAAc,EAAE,4EAA4E;IAC5F,qBAAqB,EAAE,mHAAmH;IAC1I,cAAc,EAAE,gHAAgH;IAChI,iBAAiB,EAAE,+MAA+M;IAClO,SAAS,EAAE,yJAAyJ;IACpK,aAAa,EAAE,mMAAmM;IAClN,YAAY,EAAE,0OAA0O;
|
|
1
|
+
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE;;8EAE6D;IAC5E,aAAa,EAAE,0EAA0E;IACzF,YAAY,EAAE,mFAAmF;IACjG,WAAW,EAAE,wEAAwE;IACrF,aAAa,EAAE,6DAA6D;IAC5E,eAAe,EAAE,uIAAuI;IACxJ,iBAAiB,EAAE,sJAAsJ;IACzK,kBAAkB,EAAE,0FAA0F;IAC9G,eAAe,EAAE,wEAAwE;IACzF,eAAe,EAAE,gEAAgE;IACjF,WAAW,EAAE,gGAAgG;IAC7G,UAAU,EAAE,mFAAmF;IAC/F,WAAW,EAAE,uFAAuF;IACpG,aAAa,EAAE,8DAA8D;IAC7E,cAAc,EAAE,4EAA4E;IAC5F,qBAAqB,EAAE,mHAAmH;IAC1I,cAAc,EAAE,gHAAgH;IAChI,iBAAiB,EAAE,+MAA+M;IAClO,SAAS,EAAE,yJAAyJ;IACpK,aAAa,EAAE,mMAAmM;IAClN,YAAY,EAAE,0OAA0O;IACxP,eAAe,EAAE,+NAA+N;CACjP,CAAC;AAEF,eAAe;IACb,aAAa;CACd,CAAA"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
declare namespace _default {
|
|
2
|
+
export { sast_warnings };
|
|
3
|
+
}
|
|
4
|
+
export default _default;
|
|
5
|
+
declare namespace sast_warnings {
|
|
6
|
+
let parsing_error: string;
|
|
7
|
+
let unsafe_import: string;
|
|
8
|
+
let unsafe_regex: string;
|
|
9
|
+
let unsafe_stmt: string;
|
|
10
|
+
let unsafe_assign: string;
|
|
11
|
+
let encoded_literal: string;
|
|
12
|
+
let suspicious_file: string;
|
|
13
|
+
let short_identifiers: string;
|
|
14
|
+
let suspicious_literal: string;
|
|
15
|
+
let obfuscated_code: string;
|
|
16
|
+
let weak_crypto: string;
|
|
17
|
+
let shady_link: string;
|
|
18
|
+
let zero_semver: string;
|
|
19
|
+
let empty_package: string;
|
|
20
|
+
let unsafe_command: string;
|
|
21
|
+
let serialize_environment: string;
|
|
22
|
+
let synchronous_io: string;
|
|
23
|
+
let data_exfiltration: string;
|
|
24
|
+
let log_usage: string;
|
|
25
|
+
let sql_injection: string;
|
|
26
|
+
let monkey_patch: string;
|
|
27
|
+
let insecure_random: string;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=turkish.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"turkish.d.ts","sourceRoot":"","sources":["../../src/i18n/turkish.js"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
const sast_warnings = {
|
|
2
|
+
parsing_error: "JavaScript kodu meriyah ile ayrıştırılırken bir hata oluştu. Bu, dizeden AST'ye dönüşümün başarısız olduğu anlamına gelir. Böyle bir hatayla karşılaşırsanız lütfen burada bir sorun (issue) açın.",
|
|
3
|
+
unsafe_import: "Bir içe aktarma (require, require.resolve) ifadesi/deyimi takip edilemedi.",
|
|
4
|
+
unsafe_regex: "Güvensiz olduğu tespit edilen bir RegEx, ReDoS Saldırısı için kullanılabilir.",
|
|
5
|
+
unsafe_stmt: "eval() veya Function(\"\") gibi tehlikeli ifadelerin kullanımı.",
|
|
6
|
+
unsafe_assign: "process veya require gibi korumalı bir globale atama yapılması.",
|
|
7
|
+
encoded_literal: "Kodlanmış bir sabit değer tespit edildi (onaltılık değer, unicode dizisi, base64 dizesi vb. olabilir).",
|
|
8
|
+
suspicious_file: "İçinde ondan fazla kodlanmış sabit değer bulunan şüpheli bir dosya.",
|
|
9
|
+
short_identifiers: "Tüm tanımlayıcıların ortalama uzunluğunun 1,5'in altında olduğu anlamına gelir. Yalnızca dosya 5'ten fazla tanımlayıcı içeriyorsa mümkündür.",
|
|
10
|
+
suspicious_literal: "Tüm sabit değerlerin toplam şüpheli puanının 3'ten büyük olduğu anlamına gelir.",
|
|
11
|
+
obfuscated_code: "Kodun karartılmış (obfuscated) olma olasılığı çok yüksek...",
|
|
12
|
+
weak_crypto: "Kod muhtemelen zayıf bir kripto algoritması içeriyor (md5, sha1...).",
|
|
13
|
+
shady_link: "Dize (Literal) şüpheli uzantılı bir alan adına giden bir URL içeriyor.",
|
|
14
|
+
zero_semver: "0.x ile başlayan sürüm (kararsız proje veya ciddi sürümleme yapılmamış).",
|
|
15
|
+
empty_package: "Paket tarball'u yalnızca bir package.json dosyası içeriyor.",
|
|
16
|
+
unsafe_command: "spawn() veya exec() gibi şüpheli child_process komutlarının kullanımı.",
|
|
17
|
+
serialize_environment: "Kod, ortam değişkenlerinin sızmasına neden olabilecek process.env'yi serileştirmeye çalışıyor.",
|
|
18
|
+
synchronous_io: "Kod, olay döngüsünü (event loop) engelleyebilecek ve performansı düşürebilecek senkronize I/O işlemleri içeriyor.",
|
|
19
|
+
data_exfiltration: "Harici iletim için yetkisiz veri toplamayı gösterebilecek hassas sistem bilgilerinin (os.userInfo, os.networkInterfaces, os.cpus, dns.getServers) serileştirilmesini algılar.",
|
|
20
|
+
log_usage: "Üretim ortamlarında hassas bilgileri ifşa edebilecek console günlükleme yöntemlerinin (log, info, warn, error, debug) kullanımı.",
|
|
21
|
+
sql_injection: "SQL sorgularında (SELECT, INSERT, UPDATE, DELETE) uygun parametreleştirme yapılmadan kullanılan ifadeler içeren şablon dizeleri, potansiyel SQL enjeksiyonu güvenlik açıkları oluşturur.",
|
|
22
|
+
monkey_patch: "Çalışma zamanında yerel prototiplerin veya global nesnelerin değiştirilmesi; akış ele geçirme, global yan etkiler ve kötü niyetli faaliyetlerin gizlenmesi dahil olmak üzere güvenlik riskleri oluşturur.",
|
|
23
|
+
insecure_random: "Math.random() kullanılarak güvensiz rastgele sayı üretimi. Math.random() kriptografik olarak güvenli değildir ve güvenliğe duyarlı işlemler için kullanılmamalıdır."
|
|
24
|
+
};
|
|
25
|
+
export default {
|
|
26
|
+
sast_warnings
|
|
27
|
+
};
|
|
28
|
+
//# sourceMappingURL=turkish.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"turkish.js","sourceRoot":"","sources":["../../src/i18n/turkish.js"],"names":[],"mappings":"AAAA,MAAM,aAAa,GAAG;IACpB,aAAa,EAAE,oMAAoM;IACnN,aAAa,EAAE,4EAA4E;IAC3F,YAAY,EAAE,+EAA+E;IAC7F,WAAW,EAAE,iEAAiE;IAC9E,aAAa,EAAE,iEAAiE;IAChF,eAAe,EAAE,wGAAwG;IACzH,eAAe,EAAE,qEAAqE;IACtF,iBAAiB,EAAE,8IAA8I;IACjK,kBAAkB,EAAE,iFAAiF;IACrG,eAAe,EAAE,6DAA6D;IAC9E,WAAW,EAAE,sEAAsE;IACnF,UAAU,EAAE,wEAAwE;IACpF,WAAW,EAAE,0EAA0E;IACvF,aAAa,EAAE,6DAA6D;IAC5E,cAAc,EAAE,wEAAwE;IACxF,qBAAqB,EAAE,gGAAgG;IACvH,cAAc,EAAE,mHAAmH;IACnI,iBAAiB,EAAE,+KAA+K;IAClM,SAAS,EAAE,kIAAkI;IAC7I,aAAa,EAAE,0LAA0L;IACzM,YAAY,EAAE,2MAA2M;IACzN,eAAe,EAAE,qKAAqK;CACvL,CAAC;AAEF,eAAe;IACb,aAAa;CACd,CAAA"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
export * from "./AstAnalyser.ts";
|
|
2
2
|
export * from "./EntryFilesAnalyser.ts";
|
|
3
|
-
export * from "./JsSourceParser.ts";
|
|
3
|
+
export * from "./parsers/JsSourceParser.ts";
|
|
4
|
+
export * from "./parsers/TsSourceParser.ts";
|
|
4
5
|
export { Pipelines, type Pipeline } from "./pipelines/index.ts";
|
|
5
6
|
export * from "./SourceFile.ts";
|
|
6
7
|
export * from "./warnings.ts";
|
|
7
8
|
export * from "./CollectableSet.ts";
|
|
8
9
|
export * from "./contants.ts";
|
|
10
|
+
export { VariableTracer, type SourceTraced, type DataIdentifierOptions, type TracedIdentifierReport } from "./VariableTracer.ts";
|
|
9
11
|
export declare function i18nLocation(): string;
|
|
10
12
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,6BAA6B,CAAC;AAC5C,OAAO,EACL,SAAS,EACT,KAAK,QAAQ,EACd,MAAM,sBAAsB,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AACpC,cAAc,eAAe,CAAC;AAC9B,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC5B,MAAM,qBAAqB,CAAC;AAE7B,wBAAgB,YAAY,WAE3B"}
|
package/dist/index.js
CHANGED
|
@@ -2,12 +2,14 @@
|
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
export * from "./AstAnalyser.js";
|
|
4
4
|
export * from "./EntryFilesAnalyser.js";
|
|
5
|
-
export * from "./JsSourceParser.js";
|
|
5
|
+
export * from "./parsers/JsSourceParser.js";
|
|
6
|
+
export * from "./parsers/TsSourceParser.js";
|
|
6
7
|
export { Pipelines } from "./pipelines/index.js";
|
|
7
8
|
export * from "./SourceFile.js";
|
|
8
9
|
export * from "./warnings.js";
|
|
9
10
|
export * from "./CollectableSet.js";
|
|
10
11
|
export * from "./contants.js";
|
|
12
|
+
export { VariableTracer } from "./VariableTracer.js";
|
|
11
13
|
export function i18nLocation() {
|
|
12
14
|
return path.join(import.meta.dirname, "i18n");
|
|
13
15
|
}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,6BAA6B,CAAC;AAC5C,OAAO,EACL,SAAS,EAEV,MAAM,sBAAsB,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAC9B,cAAc,qBAAqB,CAAC;AACpC,cAAc,eAAe,CAAC;AAC9B,OAAO,EACL,cAAc,EAIf,MAAM,qBAAqB,CAAC;AAE7B,MAAM,UAAU,YAAY;IAC1B,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAChD,CAAC"}
|
|
@@ -1,3 +1,8 @@
|
|
|
1
1
|
import { type ObfuscatedIdentifier } from "../Deobfuscator.ts";
|
|
2
|
+
declare global {
|
|
3
|
+
interface RegExpConstructor {
|
|
4
|
+
escape(str: string): string;
|
|
5
|
+
}
|
|
6
|
+
}
|
|
2
7
|
export declare function verify(identifiers: ObfuscatedIdentifier[], prefix: Record<string, number>): boolean;
|
|
3
8
|
//# sourceMappingURL=freejsobfuscator.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"freejsobfuscator.d.ts","sourceRoot":"","sources":["../../src/obfuscators/freejsobfuscator.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"freejsobfuscator.d.ts","sourceRoot":"","sources":["../../src/obfuscators/freejsobfuscator.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,oBAAoB,EAC1B,MAAM,oBAAoB,CAAC;AAI5B,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,iBAAiB;QACzB,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC;KAC7B;CACF;AAED,wBAAgB,MAAM,CACpB,WAAW,EAAE,oBAAoB,EAAE,EACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,WAM/B"}
|
|
@@ -1,10 +1,8 @@
|
|
|
1
|
-
// Import Third-party Dependencies
|
|
2
|
-
import { Utils } from "@nodesecure/sec-literal";
|
|
3
1
|
// Import Internal Dependencies
|
|
4
2
|
import {} from "../Deobfuscator.js";
|
|
5
3
|
export function verify(identifiers, prefix) {
|
|
6
4
|
const pValue = Object.keys(prefix).pop();
|
|
7
|
-
const regexStr = `^${
|
|
5
|
+
const regexStr = `^${RegExp.escape(pValue)}[a-zA-Z]{1,2}[0-9]{0,2}$`;
|
|
8
6
|
return identifiers.every(({ name }) => new RegExp(regexStr).test(name));
|
|
9
7
|
}
|
|
10
8
|
//# sourceMappingURL=freejsobfuscator.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"freejsobfuscator.js","sourceRoot":"","sources":["../../src/obfuscators/freejsobfuscator.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"freejsobfuscator.js","sourceRoot":"","sources":["../../src/obfuscators/freejsobfuscator.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAEN,MAAM,oBAAoB,CAAC;AAU5B,MAAM,UAAU,MAAM,CACpB,WAAmC,EACnC,MAA8B;IAE9B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAG,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,0BAA0B,CAAC;IAErE,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1E,CAAC"}
|
|
@@ -9,8 +9,16 @@ export type SourceParserSyntaxError = SyntaxError & {
|
|
|
9
9
|
export interface SourceParser {
|
|
10
10
|
parse(source: string, options: unknown): ESTree.Statement[];
|
|
11
11
|
}
|
|
12
|
+
export interface JsSourceParserOptions {
|
|
13
|
+
/**
|
|
14
|
+
* @default false
|
|
15
|
+
*/
|
|
16
|
+
stripTypeScriptTypes?: boolean;
|
|
17
|
+
}
|
|
12
18
|
export declare class JsSourceParser implements SourceParser {
|
|
19
|
+
#private;
|
|
13
20
|
static FileExtensions: Set<string>;
|
|
21
|
+
constructor(options?: JsSourceParserOptions);
|
|
14
22
|
parse(source: string): ESTree.Program["body"];
|
|
15
23
|
}
|
|
16
24
|
//# sourceMappingURL=JsSourceParser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"JsSourceParser.d.ts","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"AAIA,OAAO,EAGL,KAAK,MAAM,EAEZ,MAAM,SAAS,CAAC;AAUjB,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC;CAC5B,CAAC;AAEF,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;CAC7D;AAED,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED,qBAAa,cAAe,YAAW,YAAY;;IACjD,MAAM,CAAC,cAAc,cAKlB;gBAKD,OAAO,GAAE,qBAA0B;IAKrC,KAAK,CACH,MAAM,EAAE,MAAM,GACb,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;CA8B1B"}
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// Import Node.js Dependencies
|
|
2
|
+
import { stripTypeScriptTypes } from "node:module";
|
|
1
3
|
// Import Third-party Dependencies
|
|
2
4
|
import { parseModule, parse } from "meriyah";
|
|
3
5
|
// CONSTANTS
|
|
@@ -14,16 +16,21 @@ export class JsSourceParser {
|
|
|
14
16
|
".mjs",
|
|
15
17
|
".jsx"
|
|
16
18
|
]);
|
|
19
|
+
#stripTypeScriptTypes = false;
|
|
20
|
+
constructor(options = {}) {
|
|
21
|
+
this.#stripTypeScriptTypes = options.stripTypeScriptTypes ?? false;
|
|
22
|
+
}
|
|
17
23
|
parse(source) {
|
|
24
|
+
const cleanedSource = this.#stripTypeScriptTypes ? stripTypeScriptTypes(source) : source;
|
|
18
25
|
try {
|
|
19
|
-
const { body } = parseModule(
|
|
26
|
+
const { body } = parseModule(cleanedSource, structuredClone(kParsingOptions));
|
|
20
27
|
return body;
|
|
21
28
|
}
|
|
22
29
|
catch (error) {
|
|
23
30
|
const syntaxError = error;
|
|
24
31
|
const isIllegalReturn = syntaxError.description.includes("Illegal return statement");
|
|
25
32
|
if (isIllegalReturn) {
|
|
26
|
-
const { body } = parse(
|
|
33
|
+
const { body } = parse(cleanedSource, {
|
|
27
34
|
...structuredClone(kParsingOptions),
|
|
28
35
|
sourceType: "commonjs"
|
|
29
36
|
});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"JsSourceParser.js","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEnD,kCAAkC;AAClC,OAAO,EACL,WAAW,EACX,KAAK,EAGN,MAAM,SAAS,CAAC;AAEjB,YAAY;AACZ,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,IAAI;IACV,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;CACV,CAAC;AAqBF,MAAM,OAAO,cAAc;IACzB,MAAM,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC;QAC9B,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;KACP,CAAC,CAAC;IAEH,qBAAqB,GAAG,KAAK,CAAC;IAE9B,YACE,UAAiC,EAAE;QAEnC,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,IAAI,KAAK,CAAC;IACrE,CAAC;IAED,KAAK,CACH,MAAc;QAEd,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAEzF,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,WAAW,CAC1B,aAAa,EACb,eAAe,CAAC,eAAe,CAAC,CACjC,CAAC;YAEF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAc,EAAE,CAAC;YACtB,MAAM,WAAW,GAAG,KAAgC,CAAC;YACrD,MAAM,eAAe,GAAG,WAAW,CAAC,WAAW,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC;YAErF,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CACpB,aAAa,EACb;oBACE,GAAG,eAAe,CAAC,eAAe,CAAC;oBACnC,UAAU,EAAE,UAAU;iBACvB,CACF,CAAC;gBAEF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { TSESTree, type TSESTreeOptions } from "@typescript-eslint/typescript-estree";
|
|
2
|
+
export type { TSESTreeOptions };
|
|
3
|
+
export declare class TsSourceParser {
|
|
4
|
+
static FileExtensions: Set<string>;
|
|
5
|
+
parse(source: string, options?: TSESTreeOptions): TSESTree.Program["body"];
|
|
6
|
+
}
|
|
7
|
+
//# sourceMappingURL=TsSourceParser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TsSourceParser.d.ts","sourceRoot":"","sources":["../../src/parsers/TsSourceParser.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,QAAQ,EACR,KAAK,eAAe,EACrB,MAAM,sCAAsC,CAAC;AAU9C,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,qBAAa,cAAc;IACzB,MAAM,CAAC,cAAc,cAKlB;IAEH,KAAK,CACH,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,eAAoB,GAC5B,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;CAQ5B"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { parse, TSESTree } from "@typescript-eslint/typescript-estree";
|
|
3
|
+
// CONSTANTS
|
|
4
|
+
const kTypeScriptParsingOptions = {
|
|
5
|
+
jsDocParsingMode: "none",
|
|
6
|
+
jsx: true,
|
|
7
|
+
loc: true,
|
|
8
|
+
range: false
|
|
9
|
+
};
|
|
10
|
+
export class TsSourceParser {
|
|
11
|
+
static FileExtensions = new Set([
|
|
12
|
+
".ts",
|
|
13
|
+
".mts",
|
|
14
|
+
".cts",
|
|
15
|
+
".tsx"
|
|
16
|
+
]);
|
|
17
|
+
parse(source, options = {}) {
|
|
18
|
+
const { body } = parse(source, {
|
|
19
|
+
...kTypeScriptParsingOptions,
|
|
20
|
+
...options
|
|
21
|
+
});
|
|
22
|
+
return body;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
//# sourceMappingURL=TsSourceParser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TsSourceParser.js","sourceRoot":"","sources":["../../src/parsers/TsSourceParser.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EACL,KAAK,EACL,QAAQ,EAET,MAAM,sCAAsC,CAAC;AAE9C,YAAY;AACZ,MAAM,yBAAyB,GAAoB;IACjD,gBAAgB,EAAE,MAAM;IACxB,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;IACT,KAAK,EAAE,KAAK;CACb,CAAC;AAIF,MAAM,OAAO,cAAc;IACzB,MAAM,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC;QAC9B,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;KACP,CAAC,CAAC;IAEH,KAAK,CACH,MAAc,EACd,UAA2B,EAAE;QAE7B,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE;YAC7B,GAAG,yBAAyB;YAC5B,GAAG,OAAO;SACX,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deobfuscate.d.ts","sourceRoot":"","sources":["../../src/pipelines/deobfuscate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deobfuscate.d.ts","sourceRoot":"","sources":["../../src/pipelines/deobfuscate.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAMtC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAElD,qBAAa,WAAY,YAAW,QAAQ;;IAC1C,IAAI,SAAiB;IAiBrB,IAAI,CACF,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;CAgB1B"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
// Import Third-party Dependencies
|
|
2
|
-
import { joinArrayExpression } from "@nodesecure/estree-ast-utils";
|
|
3
1
|
import { match } from "ts-pattern";
|
|
4
2
|
// Import Internal Dependencies
|
|
3
|
+
import { joinArrayExpression } from "../estree/index.js";
|
|
5
4
|
import { walkEnter } from "../walker/index.js";
|
|
6
5
|
export class Deobfuscate {
|
|
7
6
|
name = "deobfuscate";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deobfuscate.js","sourceRoot":"","sources":["../../src/pipelines/deobfuscate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"deobfuscate.js","sourceRoot":"","sources":["../../src/pipelines/deobfuscate.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,+BAA+B;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/C,MAAM,OAAO,WAAW;IACtB,IAAI,GAAG,aAAa,CAAC;IAErB,mBAAmB,CACjB,IAA2B;QAE3B,MAAM,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,KAAK;gBACL,GAAG,EAAE,KAAK;aACX,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC,CAAC;IAChB,CAAC;IAED,IAAI,CACF,IAA4B;QAE5B,MAAM,IAAI,GAAG,IAAI,CAAC;QAClB,SAAS,CAAC,IAAI,EAAE,SAAS,IAAI,CAAC,IAAI;YAChC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxB,OAAO;YACT,CAAC;YAED,KAAK,CAAC,IAAI,CAAC;iBACR,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YACtD,CAAC,CAAC;iBACD,SAAS,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-exfiltration.d.ts","sourceRoot":"","sources":["../../src/probes/data-exfiltration.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"data-exfiltration.d.ts","sourceRoot":"","sources":["../../src/probes/data-exfiltration.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAOtC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEtD,OAAO,EAAiC,KAAK,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAatG,KAAK,0BAA0B,GAAG,MAAM,CAAC,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;AAExE,iBAAS,YAAY,CACnB,IAAI,EAAE,MAAM,CAAC,IAAI,EACjB,GAAG,EAAE,YAAY,GAChB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAejB;AAED,iBAAS,IAAI,CACX,IAAI,EAAE,MAAM,CAAC,cAAc,EAC3B,GAAG,EAAE,YAAY,CAAC,0BAA0B,CAAC,QAwB9C;AAED,iBAAS,UAAU,CACjB,GAAG,EAAE,YAAY,CAAC,0BAA0B,CAAC,QAoC9C;AAED,iBAAS,QAAQ,CAAC,GAAG,EAAE,YAAY,CAAC,0BAA0B,CAAC,QAO9D;AAED,QAAA,MAAM,iBAAiB;;;;;;;;CAQtB,CAAC;AAEF,eAAe,iBAAiB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
// Import
|
|
2
|
-
import { getCallExpressionIdentifier } from "
|
|
3
|
-
import { VariableTracer } from "
|
|
1
|
+
// Import Internal Dependencies
|
|
2
|
+
import { getCallExpressionIdentifier } from "../estree/index.js";
|
|
3
|
+
import { VariableTracer } from "../VariableTracer.js";
|
|
4
4
|
import { CALL_EXPRESSION_DATA } from "../contants.js";
|
|
5
5
|
import { rootLocation, toArrayLocation } from "../utils/toArrayLocation.js";
|
|
6
6
|
import { generateWarning } from "../warnings.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data-exfiltration.js","sourceRoot":"","sources":["../../src/probes/data-exfiltration.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"data-exfiltration.js","sourceRoot":"","sources":["../../src/probes/data-exfiltration.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EACL,2BAA2B,EAC5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,cAAc,EAA2B,MAAM,sBAAsB,CAAC;AAE/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,eAAe,EAA4B,MAAM,6BAA6B,CAAC;AACtG,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,YAAY;AACZ,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AAEjD,MAAM,iBAAiB,GAAG;IACxB,aAAa;IACb,sBAAsB;IACtB,SAAS;IACT,gBAAgB;CACjB,CAAC;AAIF,SAAS,YAAY,CACnB,IAAiB,EACjB,GAAiB;IAEjB,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;QAChD,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,oBAAoB,CAAC,EAAE,sBAAsB,KAAK,gBAAgB,EAAE,CAAC;QACrF,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,UAAU,GAAG,IAA6B,CAAC;IACjD,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,IAAI,CACX,IAA2B,EAC3B,GAA6C;IAE7C,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC;IAE3B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACvC,OAAO;IACT,CAAC;IACD,MAAM,EAAE,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;IAEjD,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO;IACT,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,sBAAsB,KAAK,MAAM;WACzE,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClE,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,sBAAuB,CAAC,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC;QACtE,CAAC;aACI,CAAC;YACJ,GAAG,CAAC,OAAQ,CAAC,IAAI,EAAE,sBAAuB,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CACjB,GAA6C;IAE7C,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IACpC,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC;IAC9B,MAAM;SACH,KAAK,CAAC,gBAAgB,EAAE;QACvB,2BAA2B,EAAE,IAAI;KAClC,CAAC;SACD,KAAK,CAAC,aAAa,EAAE;QACpB,UAAU,EAAE,IAAI;QAChB,2BAA2B,EAAE,IAAI;KAClC,CAAC;SACD,KAAK,CAAC,sBAAsB,EAAE;QAC7B,UAAU,EAAE,IAAI;QAChB,2BAA2B,EAAE,IAAI;KAClC,CAAC;SACD,KAAK,CAAC,SAAS,EAAE;QAChB,UAAU,EAAE,IAAI;QAChB,2BAA2B,EAAE,IAAI;KAClC,CAAC;SACD,KAAK,CAAC,gBAAgB,EAAE;QACvB,UAAU,EAAE,KAAK;QACjB,2BAA2B,EAAE,IAAI;KAClC,CAAC,CAAC;IAEL,IAAI,UAAU,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,MAAM,CAAC,EAAE,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,EACrC,UAAU,EACV,QAAQ,EACW,EAAE,EAAE;QACvB,IAAI,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,UAAU,IAAI,OAAQ,CAAC,EAAE,CAAC;YACnE,OAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,IAAI,SAAS,CAAC,CAAC,CAAC;QAClE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,GAA6C;IAC7D,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IACpC,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,OAAO,GAAG,eAAe,CAAC,mBAAmB,EACjD,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACpF,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG;IACxB,IAAI,EAAE,kBAAkB;IACxB,YAAY;IACZ,UAAU;IACV,QAAQ;IACR,IAAI;IACJ,YAAY,EAAE,KAAK;IACnB,OAAO,EAAE,EAAE;CACZ,CAAC;AAEF,eAAe,iBAAiB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isFetch.d.ts","sourceRoot":"","sources":["../../src/probes/isFetch.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isFetch.d.ts","sourceRoot":"","sources":["../../src/probes/isFetch.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAItC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEtD,iBAAS,YAAY,CACnB,IAAI,EAAE,MAAM,CAAC,IAAI,EACjB,GAAG,EAAE,YAAY,GAChB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAWjB;AAED,iBAAS,UAAU,CACjB,GAAG,EAAE,YAAY,QAKlB;AAED,iBAAS,IAAI,CACX,KAAK,EAAE,MAAM,CAAC,IAAI,EAClB,EAAE,UAAU,EAAE,EAAE,YAAY,QAG7B;;;;;;;;AAED,wBAME"}
|
package/dist/probes/isFetch.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
// Import
|
|
2
|
-
import { getCallExpressionIdentifier } from "
|
|
1
|
+
// Import Internal Dependencies
|
|
2
|
+
import { getCallExpressionIdentifier } from "../estree/index.js";
|
|
3
3
|
function validateNode(node, ctx) {
|
|
4
4
|
const { tracer } = ctx.sourceFile;
|
|
5
5
|
const id = getCallExpressionIdentifier(node);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isFetch.js","sourceRoot":"","sources":["../../src/probes/isFetch.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isFetch.js","sourceRoot":"","sources":["../../src/probes/isFetch.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAGjE,SAAS,YAAY,CACnB,IAAiB,EACjB,GAAiB;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;IAClC,MAAM,EAAE,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;IAE9C,OAAO,CAAC,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,sBAAsB,KAAK,OAAO,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,UAAU,CACjB,GAAiB;IAEjB,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC;IAE3B,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,IAAI,CACX,KAAkB,EAClB,EAAE,UAAU,EAAgB;IAE5B,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,eAAe;IACb,IAAI,EAAE,SAAS;IACf,YAAY;IACZ,UAAU;IACV,IAAI;IACJ,YAAY,EAAE,KAAK;CACpB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { ESTree } from "meriyah";
|
|
2
2
|
import { SourceFile } from "../SourceFile.ts";
|
|
3
|
-
import type { Literal } from "../types
|
|
3
|
+
import type { Literal } from "../estree/types.ts";
|
|
4
4
|
/**
|
|
5
5
|
* @description Search for ESM ImportDeclaration
|
|
6
6
|
* @see https://github.com/estree/estree/blob/master/es2015.md#importdeclaration
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { ESTree } from "meriyah";
|
|
2
2
|
import { SourceFile } from "../SourceFile.ts";
|
|
3
|
-
import type { Literal } from "../types
|
|
3
|
+
import type { Literal } from "../estree/types.ts";
|
|
4
4
|
import type { CollectableSetRegistry } from "../CollectableSetRegistry.ts";
|
|
5
5
|
/**
|
|
6
6
|
* @description Search for Literal AST Node
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isLiteral.d.ts","sourceRoot":"","sources":["../../src/probes/isLiteral.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isLiteral.d.ts","sourceRoot":"","sources":["../../src/probes/isLiteral.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAItC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAMlD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAK3E;;;;;GAKG;AACH,iBAAS,YAAY,CACnB,IAAI,EAAE,MAAM,CAAC,IAAI,GAChB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAIjB;AAED,iBAAS,IAAI,CACX,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,EACrB,OAAO,EAAE;IACP,UAAU,EAAE,UAAU,CAAC;IACvB,sBAAsB,EAAE,sBAAsB,CAAC;CAChD,QAyEF;;;;;;;AAED,wBAKE"}
|
package/dist/probes/isLiteral.js
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
// Import Node.js Dependencies
|
|
2
2
|
import { builtinModules } from "node:module";
|
|
3
|
-
// Import Third-party Dependencies
|
|
4
|
-
import { Hex } from "@nodesecure/sec-literal";
|
|
5
3
|
// Import Internal Dependencies
|
|
6
4
|
import { ShadyLink } from "../ShadyLink.js";
|
|
7
5
|
import { SourceFile } from "../SourceFile.js";
|
|
8
|
-
import { toArrayLocation } from "../utils/
|
|
6
|
+
import { toArrayLocation, Hex } from "../utils/index.js";
|
|
9
7
|
import { generateWarning } from "../warnings.js";
|
|
10
8
|
// CONSTANTS
|
|
11
9
|
const kNodeDeps = new Set(builtinModules);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isLiteral.js","sourceRoot":"","sources":["../../src/probes/isLiteral.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"isLiteral.js","sourceRoot":"","sources":["../../src/probes/isLiteral.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAK7C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EACL,eAAe,EACf,GAAG,EACJ,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGjD,YAAY;AACZ,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;AAC1C,MAAM,WAAW,GAAG,yDAAyD,CAAC;AAC9E;;;;;GAKG;AACH,SAAS,YAAY,CACnB,IAAiB;IAEjB,OAAO;QACL,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;KAC1D,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CACX,IAAqB,EACrB,OAGC;IAED,MAAM,EAAE,UAAU,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC;IACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC;IAEpC,MAAM,gBAAgB,GAAG;QACvB,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;QAC9B,sBAAsB;QACtB,QAAQ;QACR,QAAQ,EAAE,UAAU,CAAC,QAAQ;KAC9B,CAAC;IAEF,yEAAyE;IACzE,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,UAAU,CAAC,YAAY,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE7C,sEAAsE;QACtE,iGAAiG;QACjG,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,UAAU,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,eAAe,CACb,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAC3C,CACF,CAAC;QACJ,CAAC;aACI,IAAI,KAAK,KAAK,SAAS,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACxD,UAAU,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;SACI,IAAI,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7E,sBAAsB,CAAC,GAAG,CAAC,OAAO,EAAE;YAClC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ;YAC9B,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YACnC,QAAQ,EAAE,UAAU,CAAC,QAAQ;SAC9B,CAAC,CAAC;QAEH,OAAO;IACT,CAAC;SACI,IAAI,SAAS,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,MAAM,GAAG,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,eAAe,CAAC,YAAY,EAAE;gBAC5B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ;gBACR,QAAQ,EAAE,aAAa;aACxB,CAAC,CACH,CAAC;YAEF,OAAO;QACT,CAAC;IACH,CAAC;IACD,gEAAgE;SAC3D,CAAC;QACJ,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAEjE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,eAAe,CAAC,YAAY,EAAE;gBAC5B,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ;gBACR,QAAQ,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;aAC5D,CAAC,CACH,CAAC;YAEF,OAAO;QACT,CAAC;QAED,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED,eAAe;IACb,IAAI,EAAE,WAAW;IACjB,YAAY;IACZ,IAAI;IACJ,YAAY,EAAE,KAAK;CACpB,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
|
|
1
|
+
// Import Internal Dependencies
|
|
2
|
+
import { getCallExpressionIdentifier, getMemberExpressionIdentifier } from "../estree/index.js";
|
|
2
3
|
import { generateWarning } from "../warnings.js";
|
|
3
4
|
// CONSTANTS
|
|
4
5
|
export const JS_TYPES = new Set([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isMonkeyPatch.js","sourceRoot":"","sources":["../../src/probes/isMonkeyPatch.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"isMonkeyPatch.js","sourceRoot":"","sources":["../../src/probes/isMonkeyPatch.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EACL,2BAA2B,EAC3B,6BAA6B,EAC9B,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,YAAY;AACZ,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC;IAC9B,gBAAgB;IAChB,OAAO;IACP,aAAa;IACb,QAAQ;IACR,eAAe;IACf,gBAAgB;IAChB,SAAS;IACT,UAAU;IACV,MAAM;IACN,OAAO;IACP,WAAW;IACX,sBAAsB;IACtB,cAAc;IACd,cAAc;IACd,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,OAAO;IACP,YAAY;IACZ,gBAAgB;IAChB,SAAS;IACT,QAAQ;IACR,KAAK;IACL,mBAAmB;IACnB,QAAQ;IACR,QAAQ;IACR,aAAa;IACb,WAAW;IACX,aAAa;IACb,aAAa;IACb,YAAY;IACZ,mBAAmB;IACnB,UAAU;IACV,SAAS;IACT,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,IAAiB,EACjB,GAAiB;IAEjB,IACE,IAAI,CAAC,IAAI,KAAK,sBAAsB;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EACrC,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,wBAAwB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,sBAAsB,CAC7B,IAAiB,EACjB,GAAiB;IAEjB,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IACD,MAAM,EAAE,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAE7C,IACE,CAAC,EAAE,KAAK,uBAAuB,IAAI,EAAE,KAAK,wBAAwB,CAAC,EACnE,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACtC,IAAI,QAAQ,EAAE,IAAI,KAAK,kBAAkB,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,wBAAwB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,wBAAwB,CAC/B,IAA6B,EAC7B,GAAiB;IAEjB,MAAM,IAAI,GAAG,6BAA6B,CAAC,IAAI,EAAE;QAC/C,wBAAwB,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,IAAI,IAAI;KAC9G,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;IACrC,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAChE,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,KAAK,WAAW;QACjC,GAAG,UAAU,YAAY;KAC1B,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CACX,IAAiB,EACjB,OAAyB;IAEzB,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAEpD,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,eAAe,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAC9E,CAAC;AACJ,CAAC;AAED,eAAe;IACb,IAAI,EAAE,eAAe;IACrB,YAAY,EAAE;QACZ,sBAAsB;QACtB,sBAAsB;KACvB;IACD,IAAI;CACL,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { ESTree } from "meriyah";
|
|
2
|
+
import { SourceFile } from "../SourceFile.ts";
|
|
3
|
+
declare function validateNode(node: ESTree.Node): [boolean, string?];
|
|
4
|
+
declare function main(node: ESTree.Literal | ESTree.MemberExpression, options: {
|
|
5
|
+
sourceFile: SourceFile;
|
|
6
|
+
data?: string;
|
|
7
|
+
signals: {
|
|
8
|
+
Skip: symbol;
|
|
9
|
+
};
|
|
10
|
+
}): symbol | undefined;
|
|
11
|
+
declare const _default: {
|
|
12
|
+
name: string;
|
|
13
|
+
validateNode: typeof validateNode;
|
|
14
|
+
main: typeof main;
|
|
15
|
+
breakOnMatch: boolean;
|
|
16
|
+
};
|
|
17
|
+
export default _default;
|
|
18
|
+
//# sourceMappingURL=isPrototypePollution.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isPrototypePollution.d.ts","sourceRoot":"","sources":["../../src/probes/isPrototypePollution.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAItC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAG9C,iBAAS,YAAY,CACnB,IAAI,EAAE,MAAM,CAAC,IAAI,GAChB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAcpB;AAED,iBAAS,IAAI,CACX,IAAI,EAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,gBAAgB,EAC9C,OAAO,EAAE;IACP,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE,CAAC;CAC5B,sBAYF;;;;;;;AAED,wBAKE"}
|