@nodesecure/js-x-ray 7.0.0 → 7.1.0

package/README.md

@@ -290,7 +290,7 @@ $ yarn add @nodesecure/estree-ast-util
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-16-orange.svg?style=flat-square)](#contributors-)
+[![All Contributors](https://img.shields.io/badge/all_contributors-17-orange.svg?style=flat-square)](#contributors-)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
@@ -321,6 +321,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/FredGuiou"><img src="https://avatars.githubusercontent.com/u/99122562?v=4?s=100" width="100px;" alt="FredGuiou"/><br /><sub><b>FredGuiou</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=FredGuiou" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=FredGuiou" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/madina0801"><img src="https://avatars.githubusercontent.com/u/101329759?v=4?s=100" width="100px;" alt="Madina"/><br /><sub><b>Madina</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=madina0801" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/sairuss7"><img src="https://avatars.githubusercontent.com/u/87803528?v=4?s=100" width="100px;" alt="SairussDev"/><br /><sub><b>SairussDev</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=sairuss7" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

package/index.d.ts

@@ -1,5 +1,10 @@
 import {
   AstAnalyser,
+  AstAnalyserOptions,
+
+  EntryFilesAnalyser,
+  EntryFilesAnalyserOptions,
+
   SourceParser,
   runASTAnalysis,
   runASTAnalysisOnFile,
@@ -23,6 +28,9 @@ declare const warnings: Record<WarningName, Pick<WarningDefault, "experimental"
 export {
   warnings,
   AstAnalyser,
+  AstAnalyserOptions,
+  EntryFilesAnalyser,
+  EntryFilesAnalyserOptions,
   SourceParser,
   runASTAnalysis,
   runASTAnalysisOnFile,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/js-x-ray",
-  "version": "7.0.0",
+  "version": "7.1.0",
   "description": "JavaScript AST XRay analysis",
   "type": "module",
   "exports": "./index.js",
@@ -58,7 +58,7 @@
     "@types/node": "^20.6.2",
     "c8": "^9.0.0",
     "cross-env": "^7.0.3",
-    "eslint": "^8.31.0",
+    "eslint": "^9.0.0",
     "glob": "^10.3.4",
     "iterator-matcher": "^2.1.0",
     "pkg-ok": "^3.0.0"

package/src/EntryFilesAnalyser.js

@@ -0,0 +1,99 @@
+// Import Node.js Dependencies
+import fs from "node:fs/promises";
+import path from "node:path";
+
+// Import Internal Dependencies
+import { AstAnalyser } from "./AstAnalyser.js";
+
+const kDefaultExtensions = ["js", "cjs", "mjs", "node"];
+
+export class EntryFilesAnalyser {
+  /**
+   * @constructor
+   * @param {object} [options={}]
+   * @param {AstAnalyser} [options.astAnalyzer=new AstAnalyser()]
+   * @param {function} [options.loadExtensions]
+  */
+  constructor(options = {}) {
+    this.astAnalyzer = options.astAnalyzer ?? new AstAnalyser();
+    this.allowedExtensions = options.loadExtensions
+      ? options.loadExtensions(kDefaultExtensions)
+      : kDefaultExtensions;
+  }
+
+  /**
+   * Asynchronously analyze a set of entry files yielding analysis reports.
+   *
+   * @param {(string | URL)[]} entryFiles
+   * @yields {Object} - Yields an object containing the analysis report for each file.
+  */
+  async* analyse(entryFiles) {
+    this.analyzedDeps = new Set();
+
+    for (const file of entryFiles) {
+      yield* this.#analyzeFile(file);
+    }
+  }
+
+  async* #analyzeFile(file) {
+    const filePath = file instanceof URL ? file.pathname : file;
+    const report = await this.astAnalyzer.analyseFile(file);
+
+    yield { url: filePath, ...report };
+
+    if (!report.ok) {
+      return;
+    }
+
+    yield* this.#analyzeDeps(report.dependencies, path.dirname(filePath));
+  }
+
+  async* #analyzeDeps(deps, basePath) {
+    for (const [name] of deps) {
+      const depPath = await this.#getInternalDepPath(name, basePath);
+      if (depPath && !this.analyzedDeps.has(depPath)) {
+        this.analyzedDeps.add(depPath);
+
+        yield* this.#analyzeFile(depPath);
+      }
+    }
+  }
+
+  async #getInternalDepPath(name, basePath) {
+    const depPath = path.join(basePath, name);
+    const existingExt = path.extname(name);
+    if (existingExt !== "") {
+      if (!this.allowedExtensions.includes(existingExt.slice(1))) {
+        return null;
+      }
+
+      if (await this.#fileExists(depPath)) {
+        return depPath;
+      }
+    }
+
+    for (const ext of this.allowedExtensions) {
+      const depPathWithExt = `${depPath}.${ext}`;
+      if (await this.#fileExists(depPathWithExt)) {
+        return depPathWithExt;
+      }
+    }
+
+    return null;
+  }
+
+  async #fileExists(path) {
+    try {
+      await fs.access(path, fs.constants.F_OK);
+
+      return true;
+    }
+    catch (error) {
+      if (error.code !== "ENOENT") {
+        throw error;
+      }
+
+      return false;
+    }
+  }
+}

package/src/probes/isImportDeclaration.js

@@ -9,7 +9,7 @@
 function validateNode(node) {
   return [
     // Note: the source property is the right-side Literal part of the Import
-    node.type === "ImportDeclaration" && node.source.type === "Literal"
+    ["ImportDeclaration", "ImportExpression"].includes(node.type) && node.source.type === "Literal"
   ];
 }
 

package/src/probes/isLiteral.js

@@ -4,13 +4,19 @@ import { builtinModules } from "repl";
 // Import Third-party Dependencies
 import { Hex } from "@nodesecure/sec-literal";
 
+const kMapRegexIps = Object.freeze({
+  regexIPv4: /^(https?:\/\/)(?!127\.)(?!.*:(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9]))((?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])(?::\d{1,5})?(\/[^\s]*)?$/,
+  regexIPv6: /^(https?:\/\/)(\[[0-9A-Fa-f:]+\])(?::\d{1,5})?(\/[^\s]*)?$/
+});
+
 // CONSTANTS
 const kNodeDeps = new Set(builtinModules);
 const kShadyLinkRegExps = [
+  kMapRegexIps.regexIPv4,
+  kMapRegexIps.regexIPv6,
   /(http[s]?:\/\/bit\.ly.*)$/,
   /(http[s]?:\/\/.*\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream))$/
 ];
-
 /**
  * @description Search for Literal AST Node
  * @see https://github.com/estree/estree/blob/master/es5.md#literal

package/types/api.d.ts

@@ -3,6 +3,9 @@ import { Statement } from "meriyah/dist/src/estree.js";
 
 export {
   AstAnalyser,
+  AstAnalyserOptions,
+  EntryFilesAnalyser,
+  EntryFilesAnalyserOptions,
   SourceParser,
   runASTAnalysis,
   runASTAnalysisOnFile,
@@ -101,5 +104,19 @@ declare class AstAnalyser {
   analyzeFile(pathToFile: string, options?: RuntimeFileOptions): Promise<ReportOnFile>;
 }
 
+interface EntryFilesAnalyserOptions {
+  astAnalyzer?: AstAnalyser;
+  loadExtensions?: (defaults: string[]) => string[];
+}
+
+declare class EntryFilesAnalyser {
+  constructor(options?: EntryFilesAnalyserOptions);
+
+  /**
+   * Asynchronously analyze a set of entry files yielding analysis reports.
+   */
+  analyse(entryFiles: (string | URL)[]): AsyncGenerator<ReportOnFile & { url: string }>;
+}
+
 declare function runASTAnalysis(str: string, options?: RuntimeOptions & AstAnalyserOptions): Report;
 declare function runASTAnalysisOnFile(pathToFile: string, options?: RuntimeFileOptions & AstAnalyserOptions): Promise<ReportOnFile>;