@nodesecure/js-x-ray 4.2.1 → 4.3.0

package/index.js

@@ -1,93 +1,98 @@
-// Import Node.js Dependencies
-import fs from "fs/promises";
-import path from "path";
-
-// Import Third-party Dependencies
-import { walk } from "estree-walker";
-import * as meriyah from "meriyah";
-import isMinified from "is-minified-code";
-
-// Import Internal Dependencies
-import Analysis from "./src/Analysis.js";
-
-export function runASTAnalysis(str, options = Object.create(null)) {
-  const { module = true, isMinified = false } = options;
-
-  // Note: if the file start with a shebang then we remove it because 'parseScript' may fail to parse it.
-  // Example: #!/usr/bin/env node
-  const strToAnalyze = str.charAt(0) === "#" ? str.slice(str.indexOf("\n")) : str;
-  const { body } = meriyah.parseScript(strToAnalyze, {
-    next: true, loc: true, raw: true, module: Boolean(module)
-  });
-
-  const sastAnalysis = new Analysis();
-  sastAnalysis.analyzeSourceString(str);
-
-  // we walk each AST Nodes, this is a purely synchronous I/O
-  walk(body, {
-    enter(node) {
-      // Skip the root of the AST.
-      if (Array.isArray(node)) {
-        return;
-      }
-
-      const action = sastAnalysis.walk(node);
-      if (action === "skip") {
-        this.skip();
-      }
-    }
-  });
-
-  const dependencies = sastAnalysis.dependencies;
-  const { idsLengthAvg, stringScore, warnings } = sastAnalysis.getResult(isMinified);
-  const isOneLineRequire = body.length <= 1 && dependencies.size <= 1;
-
-  return {
-    dependencies, warnings, idsLengthAvg, stringScore, isOneLineRequire
-  };
-}
-
-export async function runASTAnalysisOnFile(pathToFile, options = {}) {
-  try {
-    const { packageName = null, module = true } = options;
-    const str = await fs.readFile(pathToFile, "utf-8");
-
-    const isMin = pathToFile.includes(".min") || isMinified(str);
-    const data = runASTAnalysis(str, {
-      isMinified: isMin,
-      module: path.extname(pathToFile) === ".mjs" ? true : module
-    });
-    if (packageName !== null) {
-      data.dependencies.removeByName(packageName);
-    }
-
-    return {
-      ok: true,
-      dependencies: data.dependencies,
-      warnings: data.warnings,
-      isMinified: !data.isOneLineRequire && isMin
-    };
-  }
-  catch (error) {
-    return {
-      ok: false,
-      warnings: [
-        { kind: "parsing-error", value: error.message, location: [[0, 0], [0, 0]] }
-      ]
-    };
-  }
-}
-
-export const CONSTANTS = {
-  Warnings: Object.freeze({
-    parsingError: "ast-error",
-    unsafeImport: "unsafe-import",
-    unsafeRegex: "unsafe-regex",
-    unsafeStmt: "unsafe-stmt",
-    unsafeAssign: "unsafe-assign",
-    encodedLiteral: "encoded-literal",
-    shortIdentifiers: "short-identifiers",
-    suspiciousLiteral: "suspicious-literal",
-    obfuscatedCode: "obfuscated-code"
-  })
-};
+// Import Node.js Dependencies
+import fs from "fs/promises";
+import path from "path";
+
+// Import Third-party Dependencies
+import { walk } from "estree-walker";
+import * as meriyah from "meriyah";
+import isMinified from "is-minified-code";
+
+// Import Internal Dependencies
+import Analysis from "./src/Analysis.js";
+
+export function runASTAnalysis(str, options = Object.create(null)) {
+  const { module = true, isMinified = false } = options;
+
+  // Note: if the file start with a shebang then we remove it because 'parseScript' may fail to parse it.
+  // Example: #!/usr/bin/env node
+  const strToAnalyze = str.charAt(0) === "#" ? str.slice(str.indexOf("\n")) : str;
+  const isEcmaScriptModule = Boolean(module);
+  const { body } = meriyah.parseScript(strToAnalyze, {
+    next: true,
+    loc: true,
+    raw: true,
+    module: isEcmaScriptModule,
+    globalReturn: !isEcmaScriptModule
+  });
+
+  const sastAnalysis = new Analysis();
+  sastAnalysis.analyzeSourceString(str);
+
+  // we walk each AST Nodes, this is a purely synchronous I/O
+  walk(body, {
+    enter(node) {
+      // Skip the root of the AST.
+      if (Array.isArray(node)) {
+        return;
+      }
+
+      const action = sastAnalysis.walk(node);
+      if (action === "skip") {
+        this.skip();
+      }
+    }
+  });
+
+  const dependencies = sastAnalysis.dependencies;
+  const { idsLengthAvg, stringScore, warnings } = sastAnalysis.getResult(isMinified);
+  const isOneLineRequire = body.length <= 1 && dependencies.size <= 1;
+
+  return {
+    dependencies, warnings, idsLengthAvg, stringScore, isOneLineRequire
+  };
+}
+
+export async function runASTAnalysisOnFile(pathToFile, options = {}) {
+  try {
+    const { packageName = null, module = true } = options;
+    const str = await fs.readFile(pathToFile, "utf-8");
+
+    const isMin = pathToFile.includes(".min") || isMinified(str);
+    const data = runASTAnalysis(str, {
+      isMinified: isMin,
+      module: path.extname(pathToFile) === ".mjs" ? true : module
+    });
+    if (packageName !== null) {
+      data.dependencies.removeByName(packageName);
+    }
+
+    return {
+      ok: true,
+      dependencies: data.dependencies,
+      warnings: data.warnings,
+      isMinified: !data.isOneLineRequire && isMin
+    };
+  }
+  catch (error) {
+    return {
+      ok: false,
+      warnings: [
+        { kind: "parsing-error", value: error.message, location: [[0, 0], [0, 0]] }
+      ]
+    };
+  }
+}
+
+export const CONSTANTS = {
+  Warnings: Object.freeze({
+    parsingError: "ast-error",
+    unsafeImport: "unsafe-import",
+    unsafeRegex: "unsafe-regex",
+    unsafeStmt: "unsafe-stmt",
+    unsafeAssign: "unsafe-assign",
+    encodedLiteral: "encoded-literal",
+    shortIdentifiers: "short-identifiers",
+    suspiciousLiteral: "suspicious-literal",
+    obfuscatedCode: "obfuscated-code"
+  })
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/js-x-ray",
-  "version": "4.2.1",
+  "version": "4.3.0",
   "description": "JavaScript AST XRay analysis",
   "type": "module",
   "exports": "./index.js",
@@ -37,21 +37,21 @@
   },
   "homepage": "https://github.com/NodeSecure/js-x-ray#readme",
   "dependencies": {
-    "@nodesecure/sec-literal": "^1.0.1",
+    "@nodesecure/sec-literal": "^1.1.0",
     "estree-walker": "^3.0.1",
     "is-minified-code": "^2.0.0",
-    "meriyah": "^4.2.0",
+    "meriyah": "^4.2.1",
     "safe-regex": "^2.1.1"
   },
   "devDependencies": {
     "@nodesecure/eslint-config": "^1.3.1",
     "@slimio/is": "^1.5.1",
-    "@small-tech/esm-tape-runner": "^1.0.3",
+    "@small-tech/esm-tape-runner": "^2.0.0",
     "@small-tech/tap-monkey": "^1.3.0",
-    "@types/node": "^17.0.15",
+    "@types/node": "^17.0.23",
     "cross-env": "^7.0.3",
-    "eslint": "^8.8.0",
-    "pkg-ok": "^2.3.1",
-    "tape": "^5.5.0"
+    "eslint": "^8.12.0",
+    "pkg-ok": "^3.0.0",
+    "tape": "^5.5.2"
   }
 }

package/src/Analysis.js

@@ -1,152 +1,152 @@
-// Import Third-party Dependencies
-import { Utils, Literal } from "@nodesecure/sec-literal";
-
-// Import Internal Dependencies
-import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
-import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
-import ASTDeps from "./ASTDeps.js";
-import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
-import { runOnProbes } from "./probes/index.js";
-
-// CONSTANTS
-const kDictionaryStrParts = [
-  "abcdefghijklmnopqrstuvwxyz",
-  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-  "0123456789"
-];
-
-const kWarningsNameStr = Object.freeze({
-  [_warnings.parsingError]: "parsing-error",
-  [_warnings.unsafeImport]: "unsafe-import",
-  [_warnings.unsafeRegex]: "unsafe-regex",
-  [_warnings.unsafeStmt]: "unsafe-stmt",
-  [_warnings.unsafeAssign]: "unsafe-assign",
-  [_warnings.encodedLiteral]: "encoded-literal",
-  [_warnings.shortIdentifiers]: "short-identifiers",
-  [_warnings.suspiciousLiteral]: "suspicious-literal",
-  [_warnings.obfuscatedCode]: "obfuscated-code"
-});
-
-export default class Analysis {
-  hasDictionaryString = false;
-  hasPrefixedIdentifiers = false;
-  varkinds = { var: 0, let: 0, const: 0 };
-  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
-  counter = {
-    identifiers: 0,
-    doubleUnaryArray: 0,
-    computedMemberExpr: 0,
-    memberExpr: 0,
-    deepBinaryExpr: 0,
-    encodedArrayValue: 0,
-    morseLiteral: 0
-  };
-  identifiersName = [];
-
-  constructor() {
-    this.dependencies = new ASTDeps();
-
-    this.identifiers = new Map();
-    this.globalParts = new Map();
-    this.handledEncodedLiteralValues = new Map();
-
-    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
-    this.warnings = [];
-    this.literalScores = [];
-  }
-
-  addWarning(symbol, value, location = rootLocation()) {
-    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
-      const index = this.handledEncodedLiteralValues.get(value);
-      this.warnings[index].location.push(toArrayLocation(location));
-
-      return;
-    }
-    const warningName = kWarningsNameStr[symbol];
-    this.warnings.push(generateWarning(warningName, { value, location }));
-    if (symbol === _warnings.encodedLiteral) {
-      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
-    }
-  }
-
-  analyzeSourceString(sourceString) {
-    if (hasTrojanSource(sourceString)) {
-      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
-    }
-  }
-
-  analyzeString(str) {
-    const score = Utils.stringSuspicionScore(str);
-    if (score !== 0) {
-      this.literalScores.push(score);
-    }
-
-    if (!this.hasDictionaryString) {
-      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
-      if (isDictionaryStr) {
-        this.hasDictionaryString = true;
-      }
-    }
-
-    // Searching for morse string like "--.- --.--."
-    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
-      this.counter.morseLiteral++;
-    }
-  }
-
-  analyzeLiteral(node, inArrayExpr = false) {
-    if (typeof node.value !== "string" || Utils.isSvg(node)) {
-      return;
-    }
-    this.analyzeString(node.value);
-
-    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
-    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
-      if (inArrayExpr) {
-        this.counter.encodedArrayValue++;
-      }
-      else {
-        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
-      }
-    }
-  }
-
-  getResult(isMinified) {
-    this.counter.identifiers = this.identifiersName.length;
-    const [isObfuscated, kind] = isObfuscatedCode(this);
-    if (isObfuscated) {
-      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
-    }
-
-    const identifiersLengthArr = this.identifiersName
-      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
-
-    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
-    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
-      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
-    }
-    if (stringScore >= 3) {
-      this.addWarning(_warnings.suspiciousLiteral, stringScore);
-    }
-
-    return { idsLengthAvg, stringScore, warnings: this.warnings };
-  }
-
-  walk(node) {
-    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
-    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
-      this.dependencies.isInTryStmt = true;
-    }
-    else if (node.type === "CatchClause") {
-      this.dependencies.isInTryStmt = false;
-    }
-
-    return runOnProbes(node, this);
-  }
-}
-
-function sum(arr = []) {
-  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
-}
-
-Analysis.Warnings = _warnings;
+// Import Third-party Dependencies
+import { Utils, Literal } from "@nodesecure/sec-literal";
+
+// Import Internal Dependencies
+import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
+import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
+import ASTDeps from "./ASTDeps.js";
+import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
+import { runOnProbes } from "./probes/index.js";
+
+// CONSTANTS
+const kDictionaryStrParts = [
+  "abcdefghijklmnopqrstuvwxyz",
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+  "0123456789"
+];
+
+const kWarningsNameStr = Object.freeze({
+  [_warnings.parsingError]: "parsing-error",
+  [_warnings.unsafeImport]: "unsafe-import",
+  [_warnings.unsafeRegex]: "unsafe-regex",
+  [_warnings.unsafeStmt]: "unsafe-stmt",
+  [_warnings.unsafeAssign]: "unsafe-assign",
+  [_warnings.encodedLiteral]: "encoded-literal",
+  [_warnings.shortIdentifiers]: "short-identifiers",
+  [_warnings.suspiciousLiteral]: "suspicious-literal",
+  [_warnings.obfuscatedCode]: "obfuscated-code"
+});
+
+export default class Analysis {
+  hasDictionaryString = false;
+  hasPrefixedIdentifiers = false;
+  varkinds = { var: 0, let: 0, const: 0 };
+  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
+  counter = {
+    identifiers: 0,
+    doubleUnaryArray: 0,
+    computedMemberExpr: 0,
+    memberExpr: 0,
+    deepBinaryExpr: 0,
+    encodedArrayValue: 0,
+    morseLiteral: 0
+  };
+  identifiersName = [];
+
+  constructor() {
+    this.dependencies = new ASTDeps();
+
+    this.identifiers = new Map();
+    this.globalParts = new Map();
+    this.handledEncodedLiteralValues = new Map();
+
+    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
+    this.warnings = [];
+    this.literalScores = [];
+  }
+
+  addWarning(symbol, value, location = rootLocation()) {
+    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
+      const index = this.handledEncodedLiteralValues.get(value);
+      this.warnings[index].location.push(toArrayLocation(location));
+
+      return;
+    }
+    const warningName = kWarningsNameStr[symbol];
+    this.warnings.push(generateWarning(warningName, { value, location }));
+    if (symbol === _warnings.encodedLiteral) {
+      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
+    }
+  }
+
+  analyzeSourceString(sourceString) {
+    if (hasTrojanSource(sourceString)) {
+      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
+    }
+  }
+
+  analyzeString(str) {
+    const score = Utils.stringSuspicionScore(str);
+    if (score !== 0) {
+      this.literalScores.push(score);
+    }
+
+    if (!this.hasDictionaryString) {
+      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
+      if (isDictionaryStr) {
+        this.hasDictionaryString = true;
+      }
+    }
+
+    // Searching for morse string like "--.- --.--."
+    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
+      this.counter.morseLiteral++;
+    }
+  }
+
+  analyzeLiteral(node, inArrayExpr = false) {
+    if (typeof node.value !== "string" || Utils.isSvg(node)) {
+      return;
+    }
+    this.analyzeString(node.value);
+
+    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
+    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
+      if (inArrayExpr) {
+        this.counter.encodedArrayValue++;
+      }
+      else {
+        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
+      }
+    }
+  }
+
+  getResult(isMinified) {
+    this.counter.identifiers = this.identifiersName.length;
+    const [isObfuscated, kind] = isObfuscatedCode(this);
+    if (isObfuscated) {
+      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
+    }
+
+    const identifiersLengthArr = this.identifiersName
+      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
+
+    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
+    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
+      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
+    }
+    if (stringScore >= 3) {
+      this.addWarning(_warnings.suspiciousLiteral, stringScore);
+    }
+
+    return { idsLengthAvg, stringScore, warnings: this.warnings };
+  }
+
+  walk(node) {
+    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
+    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
+      this.dependencies.isInTryStmt = true;
+    }
+    else if (node.type === "CatchClause") {
+      this.dependencies.isInTryStmt = false;
+    }
+
+    return runOnProbes(node, this);
+  }
+}
+
+function sum(arr = []) {
+  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
+}
+
+Analysis.Warnings = _warnings;