@nodesecure/js-x-ray 4.4.0 → 4.5.0

package/src/ASTDeps.js

@@ -1,55 +1,63 @@
-
-export default class ASTDeps {
-  #inTry = false;
-  dependencies = Object.create(null);
-
-  get isInTryStmt() {
-    return this.#inTry;
-  }
-
-  set isInTryStmt(value) {
-    if (typeof value !== "boolean") {
-      throw new TypeError("value must be a boolean!");
-    }
-
-    this.#inTry = value;
-  }
-
-  removeByName(name) {
-    if (Reflect.has(this.dependencies, name)) {
-      delete this.dependencies[name];
-    }
-  }
-
-  add(depName, location = null, unsafe = false) {
-    if (depName.trim() === "") {
-      return;
-    }
-
-    const cleanDepName = depName.charAt(depName.length - 1) === "/" ? depName.slice(0, -1) : depName;
-    const dep = {
-      unsafe,
-      inTry: this.isInTryStmt
-    };
-    if (location !== null) {
-      dep.location = location;
-    }
-    this.dependencies[cleanDepName] = dep;
-  }
-
-  get size() {
-    return Object.keys(this.dependencies).length;
-  }
-
-  * getDependenciesInTryStatement() {
-    for (const [depName, props] of Object.entries(this.dependencies)) {
-      if (props.inTry === true && props.unsafe === false) {
-        yield depName;
-      }
-    }
-  }
-
-  * [Symbol.iterator]() {
-    yield* Object.keys(this.dependencies);
-  }
-}
+
+export default class ASTDeps {
+  #inTry = false;
+  dependencies = Object.create(null);
+
+  get isInTryStmt() {
+    return this.#inTry;
+  }
+
+  set isInTryStmt(value) {
+    if (typeof value !== "boolean") {
+      throw new TypeError("value must be a boolean!");
+    }
+
+    this.#inTry = value;
+  }
+
+  removeByName(name) {
+    if (Reflect.has(this.dependencies, name)) {
+      delete this.dependencies[name];
+    }
+  }
+
+  add(depName, location = null, unsafe = false) {
+    if (depName.trim() === "") {
+      return;
+    }
+
+    const cleanDepName = depName.charAt(depName.length - 1) === "/" ? depName.slice(0, -1) : depName;
+    const dep = {
+      unsafe,
+      inTry: this.isInTryStmt
+    };
+    if (location !== null) {
+      dep.location = location;
+    }
+    this.dependencies[cleanDepName] = dep;
+  }
+
+  has(depName) {
+    if (depName.trim() === "") {
+      return false;
+    }
+
+    return Reflect.has(this.dependencies, depName);
+  }
+
+  get size() {
+    return Object.keys(this.dependencies).length;
+  }
+
+  * getDependenciesInTryStatement() {
+    for (const [depName, props] of Object.entries(this.dependencies)) {
+      if (props.inTry === true && props.unsafe === false) {
+        yield depName;
+      }
+    }
+  }
+
+  * [Symbol.iterator]() {
+    yield* Object.keys(this.dependencies);
+  }
+}

package/src/Analysis.js

@@ -1,152 +1,153 @@
-// Import Third-party Dependencies
-import { Utils, Literal } from "@nodesecure/sec-literal";
-
-// Import Internal Dependencies
-import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
-import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
-import ASTDeps from "./ASTDeps.js";
-import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
-import { runOnProbes } from "./probes/index.js";
-
-// CONSTANTS
-const kDictionaryStrParts = [
-  "abcdefghijklmnopqrstuvwxyz",
-  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-  "0123456789"
-];
-
-const kWarningsNameStr = Object.freeze({
-  [_warnings.parsingError]: "parsing-error",
-  [_warnings.unsafeImport]: "unsafe-import",
-  [_warnings.unsafeRegex]: "unsafe-regex",
-  [_warnings.unsafeStmt]: "unsafe-stmt",
-  [_warnings.unsafeAssign]: "unsafe-assign",
-  [_warnings.encodedLiteral]: "encoded-literal",
-  [_warnings.shortIdentifiers]: "short-identifiers",
-  [_warnings.suspiciousLiteral]: "suspicious-literal",
-  [_warnings.obfuscatedCode]: "obfuscated-code"
-});
-
-export default class Analysis {
-  hasDictionaryString = false;
-  hasPrefixedIdentifiers = false;
-  varkinds = { var: 0, let: 0, const: 0 };
-  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
-  counter = {
-    identifiers: 0,
-    doubleUnaryArray: 0,
-    computedMemberExpr: 0,
-    memberExpr: 0,
-    deepBinaryExpr: 0,
-    encodedArrayValue: 0,
-    morseLiteral: 0
-  };
-  identifiersName = [];
-
-  constructor() {
-    this.dependencies = new ASTDeps();
-
-    this.identifiers = new Map();
-    this.globalParts = new Map();
-    this.handledEncodedLiteralValues = new Map();
-
-    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
-    this.warnings = [];
-    this.literalScores = [];
-  }
-
-  addWarning(symbol, value, location = rootLocation()) {
-    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
-      const index = this.handledEncodedLiteralValues.get(value);
-      this.warnings[index].location.push(toArrayLocation(location));
-
-      return;
-    }
-    const warningName = kWarningsNameStr[symbol];
-    this.warnings.push(generateWarning(warningName, { value, location }));
-    if (symbol === _warnings.encodedLiteral) {
-      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
-    }
-  }
-
-  analyzeSourceString(sourceString) {
-    if (hasTrojanSource(sourceString)) {
-      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
-    }
-  }
-
-  analyzeString(str) {
-    const score = Utils.stringSuspicionScore(str);
-    if (score !== 0) {
-      this.literalScores.push(score);
-    }
-
-    if (!this.hasDictionaryString) {
-      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
-      if (isDictionaryStr) {
-        this.hasDictionaryString = true;
-      }
-    }
-
-    // Searching for morse string like "--.- --.--."
-    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
-      this.counter.morseLiteral++;
-    }
-  }
-
-  analyzeLiteral(node, inArrayExpr = false) {
-    if (typeof node.value !== "string" || Utils.isSvg(node)) {
-      return;
-    }
-    this.analyzeString(node.value);
-
-    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
-    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
-      if (inArrayExpr) {
-        this.counter.encodedArrayValue++;
-      }
-      else {
-        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
-      }
-    }
-  }
-
-  getResult(isMinified) {
-    this.counter.identifiers = this.identifiersName.length;
-    const [isObfuscated, kind] = isObfuscatedCode(this);
-    if (isObfuscated) {
-      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
-    }
-
-    const identifiersLengthArr = this.identifiersName
-      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
-
-    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
-    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
-      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
-    }
-    if (stringScore >= 3) {
-      this.addWarning(_warnings.suspiciousLiteral, stringScore);
-    }
-
-    return { idsLengthAvg, stringScore, warnings: this.warnings };
-  }
-
-  walk(node) {
-    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
-    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
-      this.dependencies.isInTryStmt = true;
-    }
-    else if (node.type === "CatchClause") {
-      this.dependencies.isInTryStmt = false;
-    }
-
-    return runOnProbes(node, this);
-  }
-}
-
-function sum(arr = []) {
-  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
-}
-
-Analysis.Warnings = _warnings;
+// Import Third-party Dependencies
+import { Utils, Literal } from "@nodesecure/sec-literal";
+
+// Import Internal Dependencies
+import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
+import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
+import ASTDeps from "./ASTDeps.js";
+import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
+import { runOnProbes } from "./probes/index.js";
+
+// CONSTANTS
+const kDictionaryStrParts = [
+  "abcdefghijklmnopqrstuvwxyz",
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+  "0123456789"
+];
+
+const kWarningsNameStr = Object.freeze({
+  [_warnings.parsingError]: "parsing-error",
+  [_warnings.unsafeImport]: "unsafe-import",
+  [_warnings.unsafeRegex]: "unsafe-regex",
+  [_warnings.unsafeStmt]: "unsafe-stmt",
+  [_warnings.unsafeAssign]: "unsafe-assign",
+  [_warnings.encodedLiteral]: "encoded-literal",
+  [_warnings.shortIdentifiers]: "short-identifiers",
+  [_warnings.suspiciousLiteral]: "suspicious-literal",
+  [_warnings.obfuscatedCode]: "obfuscated-code",
+  [_warnings.weakCrypto]: "weak-crypto"
+});
+
+export default class Analysis {
+  hasDictionaryString = false;
+  hasPrefixedIdentifiers = false;
+  varkinds = { var: 0, let: 0, const: 0 };
+  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
+  counter = {
+    identifiers: 0,
+    doubleUnaryArray: 0,
+    computedMemberExpr: 0,
+    memberExpr: 0,
+    deepBinaryExpr: 0,
+    encodedArrayValue: 0,
+    morseLiteral: 0
+  };
+  identifiersName = [];
+
+  constructor() {
+    this.dependencies = new ASTDeps();
+
+    this.identifiers = new Map();
+    this.globalParts = new Map();
+    this.handledEncodedLiteralValues = new Map();
+
+    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
+    this.warnings = [];
+    this.literalScores = [];
+  }
+
+  addWarning(symbol, value, location = rootLocation()) {
+    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
+      const index = this.handledEncodedLiteralValues.get(value);
+      this.warnings[index].location.push(toArrayLocation(location));
+
+      return;
+    }
+    const warningName = kWarningsNameStr[symbol];
+    this.warnings.push(generateWarning(warningName, { value, location }));
+    if (symbol === _warnings.encodedLiteral) {
+      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
+    }
+  }
+
+  analyzeSourceString(sourceString) {
+    if (hasTrojanSource(sourceString)) {
+      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
+    }
+  }
+
+  analyzeString(str) {
+    const score = Utils.stringSuspicionScore(str);
+    if (score !== 0) {
+      this.literalScores.push(score);
+    }
+
+    if (!this.hasDictionaryString) {
+      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
+      if (isDictionaryStr) {
+        this.hasDictionaryString = true;
+      }
+    }
+
+    // Searching for morse string like "--.- --.--."
+    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
+      this.counter.morseLiteral++;
+    }
+  }
+
+  analyzeLiteral(node, inArrayExpr = false) {
+    if (typeof node.value !== "string" || Utils.isSvg(node)) {
+      return;
+    }
+    this.analyzeString(node.value);
+
+    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
+    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
+      if (inArrayExpr) {
+        this.counter.encodedArrayValue++;
+      }
+      else {
+        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
+      }
+    }
+  }
+
+  getResult(isMinified) {
+    this.counter.identifiers = this.identifiersName.length;
+    const [isObfuscated, kind] = isObfuscatedCode(this);
+    if (isObfuscated) {
+      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
+    }
+
+    const identifiersLengthArr = this.identifiersName
+      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
+
+    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
+    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
+      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
+    }
+    if (stringScore >= 3) {
+      this.addWarning(_warnings.suspiciousLiteral, stringScore);
+    }
+
+    return { idsLengthAvg, stringScore, warnings: this.warnings };
+  }
+
+  walk(node) {
+    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
+    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
+      this.dependencies.isInTryStmt = true;
+    }
+    else if (node.type === "CatchClause") {
+      this.dependencies.isInTryStmt = false;
+    }
+
+    return runOnProbes(node, this);
+  }
+}
+
+function sum(arr = []) {
+  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
+}
+
+Analysis.Warnings = _warnings;

package/src/constants.js

@@ -43,5 +43,6 @@ export const warnings = Object.freeze({
   encodedLiteral: Symbol("EncodedLiteral"),
   shortIdentifiers: Symbol("ShortIdentifiers"),
   suspiciousLiteral: Symbol("SuspiciousLiteral"),
-  obfuscatedCode: Symbol("ObfuscatedCode")
+  obfuscatedCode: Symbol("ObfuscatedCode"),
+  weakCrypto: Symbol("WeakCrypto")
 });

package/src/probes/index.js

@@ -1,66 +1,68 @@
-// Import all the probes
-import isUnsafeCallee from "./isUnsafeCallee.js";
-import isLiteral from "./isLiteral.js";
-import isLiteralRegex from "./isLiteralRegex.js";
-import isRegexObject from "./isRegexObject.js";
-import isVariableDeclaration from "./isVariableDeclaration.js";
-import isAssignmentExprOrMemberExpr from "./isAssignmentExprOrMemberExpr.js";
-import isRequire from "./isRequire.js";
-import isImportDeclaration from "./isImportDeclaration.js";
-import isMemberExpression from "./isMemberExpression.js";
-import isArrayExpression from "./isArrayExpression.js";
-import isFunctionDeclaration from "./isFunctionDeclaration.js";
-import isAssignmentExpression from "./isAssignmentExpression.js";
-import isObjectExpression from "./isObjectExpression.js";
-import isUnaryExpression from "./isUnaryExpression.js";
-
-// CONSTANTS
-const kListOfProbes = [
-  isUnsafeCallee,
-  isLiteral,
-  isLiteralRegex,
-  isRegexObject,
-  isVariableDeclaration,
-  isAssignmentExprOrMemberExpr,
-  isRequire,
-  isImportDeclaration,
-  isMemberExpression,
-  isAssignmentExpression,
-  isObjectExpression,
-  isArrayExpression,
-  isFunctionDeclaration,
-  isUnaryExpression
-];
-
-const kSymBreak = Symbol.for("breakWalk");
-const kSymSkip = Symbol.for("skipWalk");
-
-export function runOnProbes(node, analysis) {
-  const breakedGroups = new Set();
-
-  for (const probe of kListOfProbes) {
-    if (breakedGroups.has(probe.breakGroup)) {
-      continue;
-    }
-
-    const [isMatching, data = null] = probe.validateNode(node, analysis);
-    if (isMatching) {
-      const result = probe.main(node, { analysis, data });
-
-      if (result === kSymSkip) {
-        return "skip";
-      }
-      if (result === kSymBreak || probe.breakOnMatch) {
-        const breakGroup = probe.breakGroup || null;
-        if (breakGroup === null) {
-          break;
-        }
-        else {
-          breakedGroups.add(breakGroup);
-        }
-      }
-    }
-  }
-
-  return null;
-}
+// Import all the probes
+import isUnsafeCallee from "./isUnsafeCallee.js";
+import isLiteral from "./isLiteral.js";
+import isLiteralRegex from "./isLiteralRegex.js";
+import isRegexObject from "./isRegexObject.js";
+import isVariableDeclaration from "./isVariableDeclaration.js";
+import isAssignmentExprOrMemberExpr from "./isAssignmentExprOrMemberExpr.js";
+import isRequire from "./isRequire.js";
+import isImportDeclaration from "./isImportDeclaration.js";
+import isMemberExpression from "./isMemberExpression.js";
+import isArrayExpression from "./isArrayExpression.js";
+import isFunctionDeclaration from "./isFunctionDeclaration.js";
+import isAssignmentExpression from "./isAssignmentExpression.js";
+import isObjectExpression from "./isObjectExpression.js";
+import isUnaryExpression from "./isUnaryExpression.js";
+import isWeakCrypto from "./isWeakCrypto.js";
+
+// CONSTANTS
+const kListOfProbes = [
+  isUnsafeCallee,
+  isLiteral,
+  isLiteralRegex,
+  isRegexObject,
+  isVariableDeclaration,
+  isAssignmentExprOrMemberExpr,
+  isRequire,
+  isImportDeclaration,
+  isMemberExpression,
+  isAssignmentExpression,
+  isObjectExpression,
+  isArrayExpression,
+  isFunctionDeclaration,
+  isUnaryExpression,
+  isWeakCrypto
+];
+
+const kSymBreak = Symbol.for("breakWalk");
+const kSymSkip = Symbol.for("skipWalk");
+
+export function runOnProbes(node, analysis) {
+  const breakedGroups = new Set();
+
+  for (const probe of kListOfProbes) {
+    if (breakedGroups.has(probe.breakGroup)) {
+      continue;
+    }
+
+    const [isMatching, data = null] = probe.validateNode(node, analysis);
+    if (isMatching) {
+      const result = probe.main(node, { analysis, data });
+
+      if (result === kSymSkip) {
+        return "skip";
+      }
+      if (result === kSymBreak || probe.breakOnMatch) {
+        const breakGroup = probe.breakGroup || null;
+        if (breakGroup === null) {
+          break;
+        }
+        else {
+          breakedGroups.add(breakGroup);
+        }
+      }
+    }
+  }
+
+  return null;
+}

package/src/probes/isArrayExpression.js

@@ -1,21 +1,27 @@
-// Search for Array
-function validateNode(node) {
-  return [
-    node.type === "ArrayExpression"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  for (const elem of node.elements) {
-    if (elem !== null && elem.type === "Literal") {
-      analysis.analyzeLiteral(elem, true);
-    }
-  }
-}
-
-export default {
-  name: "isArrayExpression",
-  validateNode, main, breakOnMatch: false
-};
+/**
+ * @description Search for ArrayExpression AST Node (Commonly known as JS Arrays)
+ *
+ * @see https://github.com/estree/estree/blob/master/es5.md#arrayexpression
+ * @example
+ * ["foo", "bar", 1]
+ */
+function validateNode(node) {
+  return [
+    node.type === "ArrayExpression"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  for (const elem of node.elements) {
+    if (elem !== null && elem.type === "Literal") {
+      analysis.analyzeLiteral(elem, true);
+    }
+  }
+}
+
+export default {
+  name: "isArrayExpression",
+  validateNode, main, breakOnMatch: false
+};