@nodesecure/js-x-ray 13.0.0 → 14.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/parsers/JsSourceParser.d.ts +2 -4
- package/dist/parsers/JsSourceParser.d.ts.map +1 -1
- package/dist/parsers/JsSourceParser.js +3 -5
- package/dist/parsers/JsSourceParser.js.map +1 -1
- package/dist/probes/isWeakCrypto.d.ts.map +1 -1
- package/dist/probes/isWeakCrypto.js +11 -5
- package/dist/probes/isWeakCrypto.js.map +1 -1
- package/package.json +3 -3
|
@@ -9,11 +9,9 @@ export type SourceParserSyntaxError = SyntaxError & {
|
|
|
9
9
|
export interface SourceParser {
|
|
10
10
|
parse(source: string, options: unknown): ESTree.Statement[];
|
|
11
11
|
}
|
|
12
|
+
export type StripTypeScriptTypes = (source: string) => string;
|
|
12
13
|
export interface JsSourceParserOptions {
|
|
13
|
-
|
|
14
|
-
* @default false
|
|
15
|
-
*/
|
|
16
|
-
stripTypeScriptTypes?: boolean;
|
|
14
|
+
stripTypeScriptTypes?: StripTypeScriptTypes;
|
|
17
15
|
}
|
|
18
16
|
export declare class JsSourceParser implements SourceParser {
|
|
19
17
|
#private;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JsSourceParser.d.ts","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"JsSourceParser.d.ts","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,KAAK,MAAM,EAEZ,MAAM,SAAS,CAAC;AAUjB,MAAM,MAAM,uBAAuB,GAAG,WAAW,GAAG;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC;CAC5B,CAAC;AAEF,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;CAC7D;AAED,MAAM,MAAM,oBAAoB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,MAAM,CAAC;AAE9D,MAAM,WAAW,qBAAqB;IACpC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED,qBAAa,cAAe,YAAW,YAAY;;IACjD,MAAM,CAAC,cAAc,cAKlB;gBAKD,OAAO,GAAE,qBAA0B;IAKrC,KAAK,CACH,MAAM,EAAE,MAAM,GACb,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;CA8B1B"}
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
// Import Node.js Dependencies
|
|
2
|
-
import { stripTypeScriptTypes } from "node:module";
|
|
3
1
|
// Import Third-party Dependencies
|
|
4
2
|
import { parseModule, parse } from "meriyah";
|
|
5
3
|
// CONSTANTS
|
|
@@ -16,12 +14,12 @@ export class JsSourceParser {
|
|
|
16
14
|
".mjs",
|
|
17
15
|
".jsx"
|
|
18
16
|
]);
|
|
19
|
-
#stripTypeScriptTypes
|
|
17
|
+
#stripTypeScriptTypes;
|
|
20
18
|
constructor(options = {}) {
|
|
21
|
-
this.#stripTypeScriptTypes = options.stripTypeScriptTypes
|
|
19
|
+
this.#stripTypeScriptTypes = options.stripTypeScriptTypes;
|
|
22
20
|
}
|
|
23
21
|
parse(source) {
|
|
24
|
-
const cleanedSource = this.#stripTypeScriptTypes ? stripTypeScriptTypes(source) : source;
|
|
22
|
+
const cleanedSource = this.#stripTypeScriptTypes ? this.#stripTypeScriptTypes(source) : source;
|
|
25
23
|
try {
|
|
26
24
|
const { body } = parseModule(cleanedSource, structuredClone(kParsingOptions));
|
|
27
25
|
return body;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"JsSourceParser.js","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"JsSourceParser.js","sourceRoot":"","sources":["../../src/parsers/JsSourceParser.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EACL,WAAW,EACX,KAAK,EAGN,MAAM,SAAS,CAAC;AAEjB,YAAY;AACZ,MAAM,eAAe,GAAqB;IACxC,IAAI,EAAE,IAAI;IACV,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;CACV,CAAC;AAoBF,MAAM,OAAO,cAAc;IACzB,MAAM,CAAC,cAAc,GAAG,IAAI,GAAG,CAAC;QAC9B,KAAK;QACL,MAAM;QACN,MAAM;QACN,MAAM;KACP,CAAC,CAAC;IAEH,qBAAqB,CAAmC;IAExD,YACE,UAAiC,EAAE;QAEnC,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAC5D,CAAC;IAED,KAAK,CACH,MAAc;QAEd,MAAM,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAE/F,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,WAAW,CAC1B,aAAa,EACb,eAAe,CAAC,eAAe,CAAC,CACjC,CAAC;YAEF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAc,EAAE,CAAC;YACtB,MAAM,WAAW,GAAG,KAAgC,CAAC;YACrD,MAAM,eAAe,GAAG,WAAW,CAAC,WAAW,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC;YAErF,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CACpB,aAAa,EACb;oBACE,GAAG,eAAe,CAAC,eAAe,CAAC;oBACnC,UAAU,EAAE,UAAU;iBACvB,CACF,CAAC;gBAEF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isWeakCrypto.d.ts","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGtC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"isWeakCrypto.d.ts","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGtC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAqBtD,iBAAS,YAAY,CACnB,KAAK,EAAE,MAAM,CAAC,IAAI,EAClB,GAAG,EAAE,YAAY,GAChB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAUjB;AAED,iBAAS,UAAU,CACjB,GAAG,EAAE,YAAY,QAUlB;AAED,iBAAS,IAAI,CACX,IAAI,EAAE,MAAM,CAAC,cAAc,EAC3B,GAAG,EAAE,YAAY,QAYlB;;;;;;;;;AAED,wBAOE"}
|
|
@@ -9,21 +9,27 @@ const kWeakAlgorithms = new Set([
|
|
|
9
9
|
"md4",
|
|
10
10
|
"md2"
|
|
11
11
|
]);
|
|
12
|
+
const kTracedFunctions = new Set([
|
|
13
|
+
"crypto.createHash",
|
|
14
|
+
"crypto.createHmac"
|
|
15
|
+
]);
|
|
12
16
|
function validateNode(_node, ctx) {
|
|
13
17
|
const { tracer } = ctx.sourceFile;
|
|
14
18
|
if (!tracer.importedModules.has("crypto")) {
|
|
15
19
|
return [false];
|
|
16
20
|
}
|
|
17
21
|
return [
|
|
18
|
-
ctx.context[CALL_EXPRESSION_DATA]?.identifierOrMemberExpr
|
|
22
|
+
kTracedFunctions.has(ctx.context[CALL_EXPRESSION_DATA]?.identifierOrMemberExpr)
|
|
19
23
|
];
|
|
20
24
|
}
|
|
21
25
|
function initialize(ctx) {
|
|
22
26
|
const { tracer } = ctx.sourceFile;
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
+
for (const identifierOrMemberExpr of kTracedFunctions) {
|
|
28
|
+
tracer.trace(identifierOrMemberExpr, {
|
|
29
|
+
followConsecutiveAssignment: true,
|
|
30
|
+
moduleName: "crypto"
|
|
31
|
+
});
|
|
32
|
+
}
|
|
27
33
|
}
|
|
28
34
|
function main(node, ctx) {
|
|
29
35
|
const { sourceFile } = ctx;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"isWeakCrypto.js","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EACL,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,YAAY;AACZ,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,KAAK;IACL,MAAM;IACN,WAAW;IACX,KAAK;IACL,KAAK;CACN,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,KAAkB,EAClB,GAAiB;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;IAElC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO;QACL,GAAG,CAAC,OAAQ,CAAC,oBAAoB,CAAC,EAAE,sBAAsB,
|
|
1
|
+
{"version":3,"file":"isWeakCrypto.js","sourceRoot":"","sources":["../../src/probes/isWeakCrypto.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EACL,SAAS,EACV,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,YAAY;AACZ,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,KAAK;IACL,MAAM;IACN,WAAW;IACX,KAAK;IACL,KAAK;CACN,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,mBAAmB;IACnB,mBAAmB;CACpB,CAAC,CAAC;AAEH,SAAS,YAAY,CACnB,KAAkB,EAClB,GAAiB;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;IAElC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CAAC,CAAC;IACjB,CAAC;IAED,OAAO;QACL,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,OAAQ,CAAC,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;KACjF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CACjB,GAAiB;IAEjB,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;IAElC,KAAK,MAAM,sBAAsB,IAAI,gBAAgB,EAAE,CAAC;QACtD,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;YACnC,2BAA2B,EAAE,IAAI;YACjC,UAAU,EAAE,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CACX,IAA2B,EAC3B,GAAiB;IAEjB,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACrD,MAAM,OAAO,GAAG,eAAe,CAC7B,aAAa,EACb,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,CACzC,CAAC;QACF,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,eAAe;IACb,IAAI,EAAE,cAAc;IACpB,YAAY;IACZ,IAAI;IACJ,UAAU;IACV,YAAY,EAAE,KAAK;IACnB,OAAO,EAAE,EAAE;CACZ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/js-x-ray",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "14.0.0",
|
|
4
4
|
"description": "JavaScript AST XRay analysis",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
},
|
|
53
53
|
"homepage": "https://github.com/NodeSecure/js-x-ray#readme",
|
|
54
54
|
"dependencies": {
|
|
55
|
-
"@typescript-eslint/typescript-estree": "8.
|
|
55
|
+
"@typescript-eslint/typescript-estree": "8.56.1",
|
|
56
56
|
"digraph-js": "2.2.4",
|
|
57
57
|
"frequency-set": "^2.1.0",
|
|
58
58
|
"ipaddr.js": "2.3.0",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"ts-pattern": "^5.0.6"
|
|
63
63
|
},
|
|
64
64
|
"devDependencies": {
|
|
65
|
-
"@nodesecure/i18n": "4.0
|
|
65
|
+
"@nodesecure/i18n": "4.1.0",
|
|
66
66
|
"astring": "1.9.0",
|
|
67
67
|
"mitata": "1.0.34"
|
|
68
68
|
}
|