@oculum/scanner 1.0.9 → 1.0.11

package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap

@@ -0,0 +1,503 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Refactor Safety - dangerous-functions.ts Deserialization detection should detect pickle.loads (Python) 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Unsafe deserialization can lead to remote code execution",
+    "filePath": "handler.py",
+    "id": "dangerous-func-handler.py-2-Unsafe deserialization",
+    "layer": 2,
+    "lineContent": "data = pickle.loads(user_data)",
+    "lineNumber": 2,
+    "severity": "critical",
+    "suggestedFix": "Use safe loaders (yaml.safe_load) or validate input before deserializing",
+    "title": "Unsafe deserialization",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Deserialization detection should detect yaml.load without safe loader 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts File path detection should detect dynamic file path in API handlers 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Dynamic file paths can lead to path traversal attacks",
+    "filePath": "src/api/files.ts",
+    "id": "dangerous-func-src/api/files.ts-2-Dynamic file path",
+    "layer": 2,
+    "lineContent": "const file = fs.readFileSync(req.params.filename);",
+    "lineNumber": 2,
+    "severity": "medium",
+    "suggestedFix": "Validate and sanitize file paths, use path.resolve with a base directory",
+    "title": "Dynamic file path",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts File path detection should detect path traversal risk 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "User input in file paths can lead to path traversal attacks",
+    "filePath": "src/api/upload.ts",
+    "id": "dangerous-func-src/api/upload.ts-2-Path traversal risk",
+    "layer": 2,
+    "lineContent": "const fullPath = path.join(uploadDir, req.query.path);",
+    "lineNumber": 2,
+    "severity": "high",
+    "suggestedFix": "Validate paths and ensure they stay within allowed directories",
+    "title": "Path traversal risk",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts File path detection should detect path traversal with sanitization as lower severity 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "Dynamic file path with path traversal protection detected. Verify the protection is complete and covers all attack vectors.",
+    "filePath": "src/api/files.ts",
+    "id": "dangerous-func-src/api/files.ts-5-Dynamic file path",
+    "layer": 2,
+    "lineContent": "fs.readFileSync(fullPath);",
+    "lineNumber": 5,
+    "severity": "info",
+    "suggestedFix": "Ensure path normalization and base directory checks are applied consistently.",
+    "title": "Dynamic file path (protected)",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts File path detection should skip dynamic paths in CLI tools 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "Dynamic file path in CLI tool. CLI tools typically have trusted operators, but consider adding path validation if user input is involved.",
+    "filePath": "src/cli/scan.ts",
+    "id": "dangerous-func-src/cli/scan.ts-2-Dynamic file path",
+    "layer": 2,
+    "lineContent": "const content = fs.readFileSync(filePath);",
+    "lineNumber": 2,
+    "severity": "info",
+    "suggestedFix": "Add path validation if accepting paths from untrusted sources.",
+    "title": "Dynamic file path (CLI tool)",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should detect JSON.parse on localStorage 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should detect JSON.parse on user input 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should detect JSON.parse with schema validation as handled 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should skip JSON.parse in test files 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should skip trusted SDK response parsing 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts JSON.parse detection should suppress JSON.parse with try-catch on internal data 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts LLM prompt context detection should detect LLM prompt injection risk instead of XSS 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should classify Math.random for UI IDs as info 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "Math.random() generating short UI identifier (7-char string). Acceptable for React keys, temp IDs.",
+    "filePath": "src/components/list.tsx",
+    "id": "dangerous-func-src/components/list.tsx-2-Math.random for security",
+    "layer": 2,
+    "lineContent": "const key = Math.random().toString(36).substring(2, 9);",
+    "lineNumber": 2,
+    "severity": "info",
+    "suggestedFix": "For security tokens, use crypto.randomBytes(). For unique IDs, crypto.randomUUID().",
+    "title": "Math.random() in UI identifier generation (7-char string)",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should classify business IDs as low severity 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "Math.random() generating business identifier (variable: orderId). Verify this is not used for security purposes.",
+    "filePath": "src/orders.ts",
+    "id": "dangerous-func-src/orders.ts-2-Math.random for security",
+    "layer": 2,
+    "lineContent": "const orderId = 'ORD-' + Math.random().toString(36).substring(2, 12);",
+    "lineNumber": 2,
+    "severity": "low",
+    "suggestedFix": "For business IDs, crypto.randomUUID() is preferred. For security tokens, use crypto.randomBytes().",
+    "title": "Math.random() in non-security usage (variable: orderId)",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should detect Math.random for security tokens as high 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Math.random() is being used in a security-sensitive context. This is NOT cryptographically secure and should be replaced.",
+    "filePath": "src/auth.ts",
+    "id": "dangerous-func-src/auth.ts-3-Math.random for security",
+    "layer": 2,
+    "lineContent": "return Math.random().toString(36);",
+    "lineNumber": 3,
+    "severity": "high",
+    "suggestedFix": "Use crypto.randomBytes() for Node.js or crypto.getRandomValues() for browsers.",
+    "title": "Math.random() in security-sensitive function",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should detect Math.random in security context as high 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Math.random() assigned to security-sensitive variable 'secret'. Math.random() is NOT cryptographically secure.",
+    "filePath": "src/crypto.ts",
+    "id": "dangerous-func-src/crypto.ts-2-Math.random for security",
+    "layer": 2,
+    "lineContent": "const secret = Math.random().toString(36).substring(2);",
+    "lineNumber": 2,
+    "severity": "high",
+    "suggestedFix": "Use crypto.randomBytes() or crypto.getRandomValues() for security-sensitive values.",
+    "title": "Math.random() in security-sensitive variable",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should skip Math.random in seed files 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts Math.random detection should skip cosmetic Math.random (CSS values) 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts Prototype pollution detection should detect Object.assign with user input 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Object.assign with user input can lead to prototype pollution",
+    "filePath": "src/api/merge.ts",
+    "id": "dangerous-func-src/api/merge.ts-2-Object.assign with user input",
+    "layer": 2,
+    "lineContent": "const merged = Object.assign({}, req.body);",
+    "lineNumber": 2,
+    "severity": "high",
+    "suggestedFix": "Validate and sanitize input, or use a safe merge function",
+    "title": "Object.assign with user input",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Prototype pollution detection should detect spread operator with user input 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Spreading user input can lead to mass assignment vulnerabilities",
+    "filePath": "src/api/create.ts",
+    "id": "dangerous-func-src/api/create.ts-2-Spread operator with user input",
+    "layer": 2,
+    "lineContent": "const user = { ...req.body, createdAt: new Date() };",
+    "lineNumber": 2,
+    "severity": "medium",
+    "suggestedFix": "Explicitly pick allowed properties instead of spreading all input",
+    "title": "Spread operator with user input",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Regex DoS detection should detect dynamic regex construction 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Dynamic regex construction can lead to ReDoS attacks",
+    "filePath": "src/search.ts",
+    "id": "dangerous-func-src/search.ts-2-Potentially unsafe regex",
+    "layer": 2,
+    "lineContent": "const pattern = new RegExp(userPattern);",
+    "lineNumber": 2,
+    "severity": "medium",
+    "suggestedFix": "Validate regex patterns and consider using safe-regex library",
+    "title": "Potentially unsafe regex",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts SQL injection detection should detect SQL string concatenation 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts SQL injection detection should detect SQL with whitelist validation as lower severity 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts SQL injection detection should detect raw SQL with template literal 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Template literals in SQL queries can lead to SQL injection",
+    "filePath": "src/db.ts",
+    "id": "dangerous-func-src/db.ts-2-SQL template literal",
+    "layer": 2,
+    "lineContent": "const query = \`SELECT * FROM users WHERE id = \${userId}\`;",
+    "lineNumber": 2,
+    "severity": "critical",
+    "suggestedFix": "Use parameterized queries with placeholders (?, $1, etc.)",
+    "title": "SQL template literal",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Static bootstrap script detection should detect static bootstrap as lower severity 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts Test file handling should downgrade severity in test files 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "Direct innerHTML assignment can lead to XSS vulnerabilities This appears to use dynamic content which increases XSS risk. (in test file)",
+    "filePath": "src/__tests__/handler.test.ts",
+    "id": "dangerous-func-src/__tests__/handler.test.ts-3-innerHTML assignment",
+    "layer": 2,
+    "lineContent": "element.innerHTML = testHtml;",
+    "lineNumber": 3,
+    "requiresAIValidation": true,
+    "severity": "low",
+    "suggestedFix": "Use textContent for text, or sanitize HTML with DOMPurify",
+    "title": "innerHTML assignment",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts Test file handling should skip eval entirely in test files 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts child_process detection should NOT flag RegExp.exec as child_process 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts child_process detection should detect exec with user input 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Shell command execution can lead to command injection",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-3-child_process exec",
+    "layer": 2,
+    "lineContent": "exec(\`ls \${userInput}\`, callback);",
+    "lineNumber": 3,
+    "severity": "high",
+    "suggestedFix": "Validate and sanitize all inputs, prefer execFile over exec",
+    "title": "child_process exec",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts child_process detection should detect execSync with static command 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts child_process detection should detect spawn with dynamic args 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Shell command execution can lead to command injection",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-3-child_process exec",
+    "layer": 2,
+    "lineContent": "spawn('node', [userInput]);",
+    "lineNumber": 3,
+    "severity": "high",
+    "suggestedFix": "Validate and sanitize all inputs, prefer execFile over exec",
+    "title": "child_process exec",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts eval/Function detection should detect Function constructor 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Function constructor can execute arbitrary code like eval()",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-2-Function constructor",
+    "layer": 2,
+    "lineContent": "const fn = new Function('a', 'b', 'return a + b');",
+    "lineNumber": 2,
+    "requiresAIValidation": true,
+    "severity": "critical",
+    "suggestedFix": "Refactor to use static functions or safe alternatives",
+    "title": "Function constructor",
+  },
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Function constructor can execute arbitrary code like eval()",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-3-Function constructor",
+    "layer": 2,
+    "lineContent": "const dynamic = new Function(userCode);",
+    "lineNumber": 3,
+    "requiresAIValidation": true,
+    "severity": "critical",
+    "suggestedFix": "Refactor to use static functions or safe alternatives",
+    "title": "Function constructor",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts eval/Function detection should detect eval() usage 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "eval() executes arbitrary code and is a major security risk",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-2-eval() usage",
+    "layer": 2,
+    "lineContent": "const result = eval(userInput);",
+    "lineNumber": 2,
+    "requiresAIValidation": true,
+    "severity": "critical",
+    "suggestedFix": "Use JSON.parse() for JSON data, or refactor to avoid dynamic code execution",
+    "title": "eval() usage",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts eval/Function detection should detect setTimeout/setInterval with string 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "setTimeout/setInterval with string argument acts like eval()",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-2-setTimeout/setInterval with string",
+    "layer": 2,
+    "lineContent": "setTimeout('alert(\\"hello\\")', 1000);",
+    "lineNumber": 2,
+    "severity": "high",
+    "suggestedFix": "Pass a function reference instead of a string",
+    "title": "setTimeout/setInterval with string",
+  },
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "setTimeout/setInterval with string argument acts like eval()",
+    "filePath": "src/handler.ts",
+    "id": "dangerous-func-src/handler.ts-3-setTimeout/setInterval with string",
+    "layer": 2,
+    "lineContent": "setInterval('console.log(\\"tick\\")', 500);",
+    "lineNumber": 3,
+    "severity": "high",
+    "suggestedFix": "Pass a function reference instead of a string",
+    "title": "setTimeout/setInterval with string",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should detect dangerouslySetInnerHTML 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "dangerouslySetInnerHTML can lead to XSS if content is not sanitized This appears to use dynamic content which increases XSS risk.",
+    "filePath": "src/component.tsx",
+    "id": "dangerous-func-src/component.tsx-2-dangerouslySetInnerHTML",
+    "layer": 2,
+    "lineContent": "<div dangerouslySetInnerHTML={{ __html: userHtml }} />",
+    "lineNumber": 2,
+    "requiresAIValidation": true,
+    "severity": "high",
+    "suggestedFix": "Sanitize HTML content with DOMPurify before rendering",
+    "title": "dangerouslySetInnerHTML",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should detect document.write 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "document.write can introduce XSS vulnerabilities",
+    "filePath": "src/legacy.ts",
+    "id": "dangerous-func-src/legacy.ts-2-document.write",
+    "layer": 2,
+    "lineContent": "document.write('<script>alert(1)</script>');",
+    "lineNumber": 2,
+    "severity": "high",
+    "suggestedFix": "Use DOM manipulation methods instead",
+    "title": "document.write",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should detect innerHTML with DOMPurify as lower severity 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should detect innerHTML with dynamic content 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Direct innerHTML assignment can lead to XSS vulnerabilities This appears to use dynamic content which increases XSS risk.",
+    "filePath": "src/component.ts",
+    "id": "dangerous-func-src/component.ts-2-innerHTML assignment",
+    "layer": 2,
+    "lineContent": "element.innerHTML = userContent;",
+    "lineNumber": 2,
+    "requiresAIValidation": true,
+    "severity": "high",
+    "suggestedFix": "Use textContent for text, or sanitize HTML with DOMPurify",
+    "title": "innerHTML assignment",
+  },
+  Object {
+    "category": "dangerous_function",
+    "confidence": "high",
+    "description": "Direct innerHTML assignment can lead to XSS vulnerabilities This appears to use dynamic content which increases XSS risk.",
+    "filePath": "src/component.ts",
+    "id": "dangerous-func-src/component.ts-3-innerHTML assignment",
+    "layer": 2,
+    "lineContent": "div.innerHTML = \`<div>\${data}</div>\`;",
+    "lineNumber": 3,
+    "requiresAIValidation": true,
+    "severity": "high",
+    "suggestedFix": "Use textContent for text, or sanitize HTML with DOMPurify",
+    "title": "innerHTML assignment",
+  },
+]
+`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should detect innerHTML with static content as lower severity 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts innerHTML/XSS detection should skip style element innerHTML 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts request.json() validation detection should skip when schema validation is present 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts request.json() validation detection should skip when throwing auth helper is present 1`] = `Array []`;
+
+exports[`Refactor Safety - dangerous-functions.ts request.json() validation detection should suggest schema validation for request.json() 1`] = `
+Array [
+  Object {
+    "category": "dangerous_function",
+    "confidence": "low",
+    "description": "API endpoint parses request body without visible schema validation. Consider validating the shape of incoming data.",
+    "filePath": "src/app/api/create/route.ts",
+    "id": "request-json-src/app/api/create/route.ts-3",
+    "layer": 2,
+    "lineContent": "const body = await request.json();",
+    "lineNumber": 3,
+    "severity": "info",
+    "suggestedFix": "Add schema validation (e.g., zod): const body = await request.json(); const data = schema.parse(body);",
+    "title": "Request body without schema validation",
+  },
+]
+`;