@nodesecure/js-x-ray 4.4.0 → 5.0.1

package/src/Analysis.js

@@ -1,152 +1,140 @@
-// Import Third-party Dependencies
-import { Utils, Literal } from "@nodesecure/sec-literal";
-
-// Import Internal Dependencies
-import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
-import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
-import ASTDeps from "./ASTDeps.js";
-import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
-import { runOnProbes } from "./probes/index.js";
-
-// CONSTANTS
-const kDictionaryStrParts = [
-  "abcdefghijklmnopqrstuvwxyz",
-  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
-  "0123456789"
-];
-
-const kWarningsNameStr = Object.freeze({
-  [_warnings.parsingError]: "parsing-error",
-  [_warnings.unsafeImport]: "unsafe-import",
-  [_warnings.unsafeRegex]: "unsafe-regex",
-  [_warnings.unsafeStmt]: "unsafe-stmt",
-  [_warnings.unsafeAssign]: "unsafe-assign",
-  [_warnings.encodedLiteral]: "encoded-literal",
-  [_warnings.shortIdentifiers]: "short-identifiers",
-  [_warnings.suspiciousLiteral]: "suspicious-literal",
-  [_warnings.obfuscatedCode]: "obfuscated-code"
-});
-
-export default class Analysis {
-  hasDictionaryString = false;
-  hasPrefixedIdentifiers = false;
-  varkinds = { var: 0, let: 0, const: 0 };
-  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
-  counter = {
-    identifiers: 0,
-    doubleUnaryArray: 0,
-    computedMemberExpr: 0,
-    memberExpr: 0,
-    deepBinaryExpr: 0,
-    encodedArrayValue: 0,
-    morseLiteral: 0
-  };
-  identifiersName = [];
-
-  constructor() {
-    this.dependencies = new ASTDeps();
-
-    this.identifiers = new Map();
-    this.globalParts = new Map();
-    this.handledEncodedLiteralValues = new Map();
-
-    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
-    this.warnings = [];
-    this.literalScores = [];
-  }
-
-  addWarning(symbol, value, location = rootLocation()) {
-    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
-      const index = this.handledEncodedLiteralValues.get(value);
-      this.warnings[index].location.push(toArrayLocation(location));
-
-      return;
-    }
-    const warningName = kWarningsNameStr[symbol];
-    this.warnings.push(generateWarning(warningName, { value, location }));
-    if (symbol === _warnings.encodedLiteral) {
-      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
-    }
-  }
-
-  analyzeSourceString(sourceString) {
-    if (hasTrojanSource(sourceString)) {
-      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
-    }
-  }
-
-  analyzeString(str) {
-    const score = Utils.stringSuspicionScore(str);
-    if (score !== 0) {
-      this.literalScores.push(score);
-    }
-
-    if (!this.hasDictionaryString) {
-      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
-      if (isDictionaryStr) {
-        this.hasDictionaryString = true;
-      }
-    }
-
-    // Searching for morse string like "--.- --.--."
-    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
-      this.counter.morseLiteral++;
-    }
-  }
-
-  analyzeLiteral(node, inArrayExpr = false) {
-    if (typeof node.value !== "string" || Utils.isSvg(node)) {
-      return;
-    }
-    this.analyzeString(node.value);
-
-    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
-    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
-      if (inArrayExpr) {
-        this.counter.encodedArrayValue++;
-      }
-      else {
-        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
-      }
-    }
-  }
-
-  getResult(isMinified) {
-    this.counter.identifiers = this.identifiersName.length;
-    const [isObfuscated, kind] = isObfuscatedCode(this);
-    if (isObfuscated) {
-      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
-    }
-
-    const identifiersLengthArr = this.identifiersName
-      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
-
-    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
-    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
-      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
-    }
-    if (stringScore >= 3) {
-      this.addWarning(_warnings.suspiciousLiteral, stringScore);
-    }
-
-    return { idsLengthAvg, stringScore, warnings: this.warnings };
-  }
-
-  walk(node) {
-    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
-    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
-      this.dependencies.isInTryStmt = true;
-    }
-    else if (node.type === "CatchClause") {
-      this.dependencies.isInTryStmt = false;
-    }
-
-    return runOnProbes(node, this);
-  }
-}
-
-function sum(arr = []) {
-  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
-}
-
-Analysis.Warnings = _warnings;
+// Import Third-party Dependencies
+import { Utils, Literal } from "@nodesecure/sec-literal";
+
+// Import Internal Dependencies
+import { rootLocation, toArrayLocation } from "./utils.js";
+import { generateWarning } from "./warnings.js";
+import { processMainModuleRequire } from "./constants.js";
+import ASTDeps from "./ASTDeps.js";
+import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
+import { runOnProbes } from "./probes/index.js";
+
+// CONSTANTS
+const kDictionaryStrParts = [
+  "abcdefghijklmnopqrstuvwxyz",
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
+  "0123456789"
+];
+
+export default class Analysis {
+  hasDictionaryString = false;
+  hasPrefixedIdentifiers = false;
+  varkinds = { var: 0, let: 0, const: 0 };
+  idtypes = { assignExpr: 0, property: 0, variableDeclarator: 0, functionDeclaration: 0 };
+  counter = {
+    identifiers: 0,
+    doubleUnaryArray: 0,
+    computedMemberExpr: 0,
+    memberExpr: 0,
+    deepBinaryExpr: 0,
+    encodedArrayValue: 0,
+    morseLiteral: 0
+  };
+  identifiersName = [];
+
+  constructor() {
+    this.dependencies = new ASTDeps();
+
+    this.identifiers = new Map();
+    this.globalParts = new Map();
+    this.handledEncodedLiteralValues = new Map();
+
+    this.requireIdentifiers = new Set(["require", processMainModuleRequire]);
+    this.warnings = [];
+    this.literalScores = [];
+  }
+
+  addWarning(name, value, location = rootLocation()) {
+    const isEncodedLiteral = name === "encoded-literal";
+    if (isEncodedLiteral && this.handledEncodedLiteralValues.has(value)) {
+      const index = this.handledEncodedLiteralValues.get(value);
+      this.warnings[index].location.push(toArrayLocation(location));
+
+      return;
+    }
+
+    this.warnings.push(generateWarning(name, { value, location }));
+    if (isEncodedLiteral) {
+      this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
+    }
+  }
+
+  analyzeSourceString(sourceString) {
+    if (hasTrojanSource(sourceString)) {
+      this.addWarning("obfuscated-code", "trojan-source");
+    }
+  }
+
+  analyzeString(str) {
+    const score = Utils.stringSuspicionScore(str);
+    if (score !== 0) {
+      this.literalScores.push(score);
+    }
+
+    if (!this.hasDictionaryString) {
+      const isDictionaryStr = kDictionaryStrParts.every((word) => str.includes(word));
+      if (isDictionaryStr) {
+        this.hasDictionaryString = true;
+      }
+    }
+
+    // Searching for morse string like "--.- --.--."
+    if (Utils.stringCharDiversity(str, ["\n"]) >= 3 && Utils.isMorse(str)) {
+      this.counter.morseLiteral++;
+    }
+  }
+
+  analyzeLiteral(node, inArrayExpr = false) {
+    if (typeof node.value !== "string" || Utils.isSvg(node)) {
+      return;
+    }
+    this.analyzeString(node.value);
+
+    const { hasHexadecimalSequence, hasUnicodeSequence, isBase64 } = Literal.defaultAnalysis(node);
+    if ((hasHexadecimalSequence || hasUnicodeSequence) && isBase64) {
+      if (inArrayExpr) {
+        this.counter.encodedArrayValue++;
+      }
+      else {
+        this.addWarning("encoded-literal", node.value, node.loc);
+      }
+    }
+  }
+
+  getResult(isMinified) {
+    this.counter.identifiers = this.identifiersName.length;
+    const [isObfuscated, kind] = isObfuscatedCode(this);
+    if (isObfuscated) {
+      this.addWarning("obfuscated-code", kind || "unknown");
+    }
+
+    const identifiersLengthArr = this.identifiersName
+      .filter((value) => value.type !== "property" && typeof value.name === "string").map((value) => value.name.length);
+
+    const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
+    if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
+      this.addWarning("short-identifiers", idsLengthAvg);
+    }
+    if (stringScore >= 3) {
+      this.addWarning("suspicious-literal", stringScore);
+    }
+
+    return { idsLengthAvg, stringScore, warnings: this.warnings };
+  }
+
+  walk(node) {
+    // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
+    if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
+      this.dependencies.isInTryStmt = true;
+    }
+    else if (node.type === "CatchClause") {
+      this.dependencies.isInTryStmt = false;
+    }
+
+    return runOnProbes(node, this);
+  }
+}
+
+function sum(arr = []) {
+  return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
+}

package/src/constants.js

@@ -33,15 +33,3 @@ export const unsafeUnicodeControlCharacters = [
   "\u200F",
   "\u061C"
 ];
-
-export const warnings = Object.freeze({
-  parsingError: Symbol("ParsingError"),
-  unsafeImport: Symbol("UnsafeImport"),
-  unsafeRegex: Symbol("UnsafeRegex"),
-  unsafeStmt: Symbol("UnsafeStmt"),
-  unsafeAssign: Symbol("UnsafeAssign"),
-  encodedLiteral: Symbol("EncodedLiteral"),
-  shortIdentifiers: Symbol("ShortIdentifiers"),
-  suspiciousLiteral: Symbol("SuspiciousLiteral"),
-  obfuscatedCode: Symbol("ObfuscatedCode")
-});

package/src/probes/index.js

@@ -13,6 +13,7 @@ import isFunctionDeclaration from "./isFunctionDeclaration.js";
 import isAssignmentExpression from "./isAssignmentExpression.js";
 import isObjectExpression from "./isObjectExpression.js";
 import isUnaryExpression from "./isUnaryExpression.js";
+import isWeakCrypto from "./isWeakCrypto.js";
 
 // CONSTANTS
 const kListOfProbes = [
@@ -29,7 +30,8 @@ const kListOfProbes = [
   isObjectExpression,
   isArrayExpression,
   isFunctionDeclaration,
-  isUnaryExpression
+  isUnaryExpression,
+  isWeakCrypto
 ];
 
 const kSymBreak = Symbol.for("breakWalk");

package/src/probes/isArrayExpression.js

@@ -1,21 +1,27 @@
-// Search for Array
-function validateNode(node) {
-  return [
-    node.type === "ArrayExpression"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  for (const elem of node.elements) {
-    if (elem !== null && elem.type === "Literal") {
-      analysis.analyzeLiteral(elem, true);
-    }
-  }
-}
-
-export default {
-  name: "isArrayExpression",
-  validateNode, main, breakOnMatch: false
-};
+/**
+ * @description Search for ArrayExpression AST Node (Commonly known as JS Arrays)
+ *
+ * @see https://github.com/estree/estree/blob/master/es5.md#arrayexpression
+ * @example
+ * ["foo", "bar", 1]
+ */
+function validateNode(node) {
+  return [
+    node.type === "ArrayExpression"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  for (const elem of node.elements) {
+    if (elem !== null && elem.type === "Literal") {
+      analysis.analyzeLiteral(elem, true);
+    }
+  }
+}
+
+export default {
+  name: "isArrayExpression",
+  validateNode, main, breakOnMatch: false
+};

package/src/probes/isAssignmentExpression.js

@@ -1,22 +1,29 @@
-// Import Internal Dependencies
-import { getIdName } from "../utils.js";
-
-function validateNode(node) {
-  return [
-    node.type === "AssignmentExpression"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  analysis.idtypes.assignExpr++;
-  for (const name of getIdName(node.left)) {
-    analysis.identifiersName.push({ name, type: "assignExpr" });
-  }
-}
-
-export default {
-  name: "isAssignmentExpression",
-  validateNode, main, breakOnMatch: false
-};
+// Import Internal Dependencies
+import { getIdName } from "../utils.js";
+
+/**
+ * @description Search for AssignmentExpression (Not to be confused with AssignmentPattern).
+ *
+ * @see https://github.com/estree/estree/blob/master/es5.md#assignmentexpression
+ * @example
+ * (foo = 5)
+ */
+function validateNode(node) {
+  return [
+    node.type === "AssignmentExpression"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  analysis.idtypes.assignExpr++;
+  for (const name of getIdName(node.left)) {
+    analysis.identifiersName.push({ name, type: "assignExpr" });
+  }
+}
+
+export default {
+  name: "isAssignmentExpression",
+  validateNode, main, breakOnMatch: false
+};

package/src/probes/isBinaryExpression.js

@@ -1,39 +1,53 @@
-function validateNode(node) {
-  return [
-    node.type === "BinaryExpression"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  const [binaryExprDeepness, hasUnaryExpression] = walkBinaryExpression(node);
-  if (binaryExprDeepness >= 3 && hasUnaryExpression) {
-    analysis.counter.deepBinaryExpr++;
-  }
-}
-
-function walkBinaryExpression(expr, level = 1) {
-  const [lt, rt] = [expr.left.type, expr.right.type];
-  let hasUnaryExpression = lt === "UnaryExpression" || rt === "UnaryExpression";
-  let currentLevel = lt === "BinaryExpression" || rt === "BinaryExpression" ? level + 1 : level;
-
-  for (const currExpr of [expr.left, expr.right]) {
-    if (currExpr.type === "BinaryExpression") {
-      const [deepLevel, deepHasUnaryExpression] = walkBinaryExpression(currExpr, currentLevel);
-      if (deepLevel > currentLevel) {
-        currentLevel = deepLevel;
-      }
-      if (!hasUnaryExpression && deepHasUnaryExpression) {
-        hasUnaryExpression = true;
-      }
-    }
-  }
-
-  return [currentLevel, hasUnaryExpression];
-}
-
-export default {
-  name: "isBinaryExpression",
-  validateNode, main, breakOnMatch: false
-};
+/**
+ * @description Search for BinaryExpression AST Node.
+ *
+ * @see https://github.com/estree/estree/blob/master/es5.md#binaryexpression
+ * @example
+ * 5 + 5 + 10
+ */
+function validateNode(node) {
+  return [
+    node.type === "BinaryExpression"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  const [binaryExprDeepness, hasUnaryExpression] = walkBinaryExpression(node);
+  if (binaryExprDeepness >= 3 && hasUnaryExpression) {
+    analysis.counter.deepBinaryExpr++;
+  }
+}
+
+/**
+ * @description Look for suspicious BinaryExpression (read the Obfuscator.io section of the linked G.Doc)
+ * @see https://docs.google.com/document/d/11ZrfW0bDQ-kd7Gr_Ixqyk8p3TGvxckmhFH3Z8dFoPhY/edit?usp=sharing
+ * @see https://github.com/estree/estree/blob/master/es5.md#unaryexpression
+ * @example
+ * 0x1*-0x12df+-0x1fb9*-0x1+0x2*-0x66d
+ */
+function walkBinaryExpression(expr, level = 1) {
+  const [lt, rt] = [expr.left.type, expr.right.type];
+  let hasUnaryExpression = lt === "UnaryExpression" || rt === "UnaryExpression";
+  let currentLevel = lt === "BinaryExpression" || rt === "BinaryExpression" ? level + 1 : level;
+
+  for (const currExpr of [expr.left, expr.right]) {
+    if (currExpr.type === "BinaryExpression") {
+      const [deepLevel, deepHasUnaryExpression] = walkBinaryExpression(currExpr, currentLevel);
+      if (deepLevel > currentLevel) {
+        currentLevel = deepLevel;
+      }
+      if (!hasUnaryExpression && deepHasUnaryExpression) {
+        hasUnaryExpression = true;
+      }
+    }
+  }
+
+  return [currentLevel, hasUnaryExpression];
+}
+
+export default {
+  name: "isBinaryExpression",
+  validateNode, main, breakOnMatch: false
+};

package/src/probes/isFunctionDeclaration.js

@@ -1,20 +1,27 @@
-function validateNode(node) {
-  return [
-    node.type === "FunctionDeclaration"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  if (node.id === null || node.id.type !== "Identifier") {
-    return;
-  }
-  analysis.idtypes.functionDeclaration++;
-  analysis.identifiersName.push({ name: node.id.name, type: "functionDeclaration" });
-}
-
-export default {
-  name: "isFunctionDeclaration",
-  validateNode, main, breakOnMatch: false
-};
+/**
+ * @description Search for FunctionDeclaration AST Node.
+ *
+ * @see https://github.com/estree/estree/blob/master/es5.md#functiondeclaration
+ * @example
+ * function foo() {}
+ */
+function validateNode(node) {
+  return [
+    node.type === "FunctionDeclaration"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  if (node.id === null || node.id.type !== "Identifier") {
+    return;
+  }
+  analysis.idtypes.functionDeclaration++;
+  analysis.identifiersName.push({ name: node.id.name, type: "functionDeclaration" });
+}
+
+export default {
+  name: "isFunctionDeclaration",
+  validateNode, main, breakOnMatch: false
+};

package/src/probes/isImportDeclaration.js

@@ -1,26 +1,30 @@
-// Require Internal Dependencies
-import { warnings } from "../constants.js";
-
-// Looking for ESM ImportDeclaration
-// see: https://github.com/estree/estree/blob/master/es2015.md#importdeclaration
-function validateNode(node) {
-  return [
-    node.type === "ImportDeclaration" && node.source.type === "Literal"
-  ];
-}
-
-function main(node, options) {
-  const { analysis } = options;
-
-  // Searching for dangerous import "data:text/javascript;..." statement.
-  // see: https://2ality.com/2019/10/eval-via-import.html
-  if (node.source.value.startsWith("data:text/javascript")) {
-    analysis.addWarning(warnings.unsafeImport, node.source.value, node.loc);
-  }
-  analysis.dependencies.add(node.source.value, node.loc);
-}
-
-export default {
-  name: "isImportDeclaration",
-  validateNode, main, breakOnMatch: true, breakGroup: "import"
-};
+/**
+ * @description Search for ESM ImportDeclaration
+ * @see https://github.com/estree/estree/blob/master/es2015.md#importdeclaration
+ * @example
+ * import * as foo from "bar";
+ * import fs from "fs";
+ * import "make-promises-safe";
+ */
+function validateNode(node) {
+  return [
+    // Note: the source property is the right-side Literal part of the Import
+    node.type === "ImportDeclaration" && node.source.type === "Literal"
+  ];
+}
+
+function main(node, options) {
+  const { analysis } = options;
+
+  // Searching for dangerous import "data:text/javascript;..." statement.
+  // see: https://2ality.com/2019/10/eval-via-import.html
+  if (node.source.value.startsWith("data:text/javascript")) {
+    analysis.addWarning("unsafe-import", node.source.value, node.loc);
+  }
+  analysis.dependencies.add(node.source.value, node.loc);
+}
+
+export default {
+  name: "isImportDeclaration",
+  validateNode, main, breakOnMatch: true, breakGroup: "import"
+};