@shriyanss/js-recon 1.3.1-alpha.1 → 1.3.1-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/build/analyze/engine/astEngine.js +34 -6
- package/build/analyze/engine/astEngine.js.map +1 -1
- package/build/analyze/helpers/engineHelpers/taintFlow.js +218 -0
- package/build/analyze/helpers/engineHelpers/taintFlow.js.map +1 -0
- package/build/analyze/helpers/schemas.js +1 -0
- package/build/analyze/helpers/schemas.js.map +1 -1
- package/build/globalConfig.js +1 -1
- package/build/lazyLoad/downloadQueue.js +186 -0
- package/build/lazyLoad/downloadQueue.js.map +1 -0
- package/build/lazyLoad/index.js +57 -55
- package/build/lazyLoad/index.js.map +1 -1
- package/build/lazyLoad/next_js/NextJsCrawler.js +34 -11
- package/build/lazyLoad/next_js/NextJsCrawler.js.map +1 -1
- package/build/lazyLoad/next_js/next_GetJSScript.js +20 -3
- package/build/lazyLoad/next_js/next_GetJSScript.js.map +1 -1
- package/build/lazyLoad/next_js/next_SubsequentRequests.js +20 -2
- package/build/lazyLoad/next_js/next_SubsequentRequests.js.map +1 -1
- package/build/lazyLoad/next_js/next_scriptTagsSubsequentRequests.js +10 -1
- package/build/lazyLoad/next_js/next_scriptTagsSubsequentRequests.js.map +1 -1
- package/build/lazyLoad/techDetect/checkReact.js +13 -2
- package/build/lazyLoad/techDetect/checkReact.js.map +1 -1
- package/build/lazyLoad/techDetect/index.js +15 -4
- package/build/lazyLoad/techDetect/index.js.map +1 -1
- package/build/lazyLoad/vue/vue_discoverJsFiles.js +25 -11
- package/build/lazyLoad/vue/vue_discoverJsFiles.js.map +1 -1
- package/build/lazyLoad/vue/vue_getClientSidePaths.js +31 -4
- package/build/lazyLoad/vue/vue_getClientSidePaths.js.map +1 -1
- package/build/lazyLoad/vue/vue_recursiveClientSidePathDownload.js +3 -3
- package/build/lazyLoad/vue/vue_recursiveClientSidePathDownload.js.map +1 -1
- package/build/lazyLoad/vue/vue_stringJsFiles.js +142 -0
- package/build/lazyLoad/vue/vue_stringJsFiles.js.map +1 -0
- package/build/map/index.js +31 -0
- package/build/map/index.js.map +1 -1
- package/build/map/next_js/getExports.js +11 -5
- package/build/map/next_js/getExports.js.map +1 -1
- package/build/map/next_js/getFetchInstances.js +11 -5
- package/build/map/next_js/getFetchInstances.js.map +1 -1
- package/build/map/next_js/resolveAxios.js +24 -5
- package/build/map/next_js/resolveAxios.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/astNodeToJsonString.js +2 -2
- package/build/map/next_js/resolveAxiosHelpers/astNodeToJsonString.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/findCrossChunkParams.js +11 -5
- package/build/map/next_js/resolveAxiosHelpers/findCrossChunkParams.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/interceptorHeaders.js +206 -0
- package/build/map/next_js/resolveAxiosHelpers/interceptorHeaders.js.map +1 -0
- package/build/map/next_js/resolveAxiosHelpers/processAxiosCall.js +25 -8
- package/build/map/next_js/resolveAxiosHelpers/processAxiosCall.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/processDirectAxiosCall.js +14 -6
- package/build/map/next_js/resolveAxiosHelpers/processDirectAxiosCall.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/traceAxiosInstanceExports.js +22 -10
- package/build/map/next_js/resolveAxiosHelpers/traceAxiosInstanceExports.js.map +1 -1
- package/build/map/next_js/resolveAxiosHelpers/traceBody.js +913 -0
- package/build/map/next_js/resolveAxiosHelpers/traceBody.js.map +1 -0
- package/build/map/next_js/resolveFetch.js +115 -3
- package/build/map/next_js/resolveFetch.js.map +1 -1
- package/build/map/next_js/resolveNewRequest.js +749 -0
- package/build/map/next_js/resolveNewRequest.js.map +1 -0
- package/build/map/next_js/utils.js +311 -49
- package/build/map/next_js/utils.js.map +1 -1
- package/build/map/vue_js/vue_resolveFetch.js +155 -0
- package/build/map/vue_js/vue_resolveFetch.js.map +1 -0
- package/build/run/index.js +7 -2
- package/build/run/index.js.map +1 -1
- package/build/strings/index.js +5 -1
- package/build/strings/index.js.map +1 -1
- package/build/utility/makeReq.js +65 -8
- package/build/utility/makeReq.js.map +1 -1
- package/build/utility/openapiGenerator.js +46 -2
- package/build/utility/openapiGenerator.js.map +1 -1
- package/build/utility/postmanGenerator.js +163 -0
- package/build/utility/postmanGenerator.js.map +1 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,32 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## 1.3.1-alpha.2 - 2026-05-18
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
|
|
7
|
+
- Added taint analysis in the `analyze` engine for Next.js
|
|
8
|
+
- Download JS files as soon as they are discovered (`lazyload`)
|
|
9
|
+
- Recursively resolve HTTP requests in Next.js (`map`)
|
|
10
|
+
- Stream JS file downloads during Vue.js discovery — downloads start as soon as each discovery step finds files instead of waiting for the full pipeline (`lazyload`)
|
|
11
|
+
- Resolve `UnaryExpression` nodes (`!x`, `void 0`, `-x`, `typeof x`) so request bodies surface real boolean/null values instead of `[unsupported node type: UnaryExpression]` (`map`)
|
|
12
|
+
- Resolve `ArrayExpression` nodes recursively so array body fields render their element shape instead of `[unsupported node type: ArrayExpression]` (`map`)
|
|
13
|
+
- Resolve `JSON.stringify(variable)` calls by tracing the argument, replacing the opaque `[call:JSON.stringify()]` placeholder (`map`)
|
|
14
|
+
- Resolve `new URLSearchParams({...})` to a real query string, using `{key}` placeholders for values that can't be statically resolved (`map`)
|
|
15
|
+
- Partial-concatenation fallback for binary `+` expressions so resolvable fragments are preserved when one side is unresolved (`map`)
|
|
16
|
+
|
|
17
|
+
### Changed
|
|
18
|
+
|
|
19
|
+
- Nested `JSON.stringify(expr)` inside a body object now resolves `expr` instead of emitting `[call to object...]` (`map`)
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
|
|
23
|
+
- Invalidate request cache if the memory is full
|
|
24
|
+
- Progress bars no longer hide the terminal cursor permanently when they exit without a clean `stop()` — all bars now use `hideCursor: false` (`lazyload`)
|
|
25
|
+
- Removed the concurrent download progress bar in the Vue.js section that was causing display corruption — discovery `console.log` calls no longer collide with the bar's render line (`lazyload`)
|
|
26
|
+
- API spec / Postman collection URLs no longer get `{{baseUrl}}` prepended to already-absolute URLs — full URLs are now reduced to their pathname (`map`)
|
|
27
|
+
- Spread elements that can't be resolved are now skipped instead of being emitted as fake `"...spread": "[spread:e]"` body fields (`map`)
|
|
28
|
+
- Request bodies that reduce to an empty `{}` after resolution are now omitted from the Postman collection (`map`)
|
|
29
|
+
|
|
3
30
|
## 1.3.1-alpha.1 - 2026.05.13
|
|
4
31
|
|
|
5
32
|
### Added
|
|
@@ -16,6 +16,7 @@ import { highlight } from "cli-highlight";
|
|
|
16
16
|
import { resolveFunctionIdentifier } from "../helpers/engineHelpers/resolveFunctionIdentifier.js";
|
|
17
17
|
import { findMemberExpressionAssignment } from "../helpers/engineHelpers/findMemberExpressionAssignment.js";
|
|
18
18
|
import { findDirectAssignment } from "../helpers/engineHelpers/findDirectAssignment.js";
|
|
19
|
+
import { computeTaint, sinkConsumesTaint } from "../helpers/engineHelpers/taintFlow.js";
|
|
19
20
|
/**
|
|
20
21
|
* ESQuery-based AST analysis engine for detecting code patterns using custom rules.
|
|
21
22
|
*
|
|
@@ -32,13 +33,22 @@ const esqueryEngine = (rule, mappedJsonData) => __awaiter(void 0, void 0, void 0
|
|
|
32
33
|
let findings = [];
|
|
33
34
|
for (const chunk of Object.values(mappedJsonData)) {
|
|
34
35
|
// first of all, load the code in ast
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
36
|
+
let ast;
|
|
37
|
+
try {
|
|
38
|
+
ast = parser.parse(chunk.code, {
|
|
39
|
+
sourceType: "unambiguous",
|
|
40
|
+
plugins: ["jsx", "typescript"],
|
|
41
|
+
errorRecovery: true,
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
catch (_c) {
|
|
45
|
+
continue;
|
|
46
|
+
}
|
|
40
47
|
let matchList = {};
|
|
41
48
|
const completedSteps = new Set();
|
|
49
|
+
// Cache taint info per "source step name" so we don't recompute when several
|
|
50
|
+
// sink steps share the same source step.
|
|
51
|
+
const taintCache = {};
|
|
42
52
|
// iterate through the steps in the rule
|
|
43
53
|
for (const step of rule.steps) {
|
|
44
54
|
// honor `requires`: skip the step if any of its required steps did not complete
|
|
@@ -64,7 +74,25 @@ const esqueryEngine = (rule, mappedJsonData) => __awaiter(void 0, void 0, void 0
|
|
|
64
74
|
searchRoot = scopeMatch.node;
|
|
65
75
|
}
|
|
66
76
|
// match the query against what is there in the user defined config file
|
|
67
|
-
|
|
77
|
+
let matches = esquery(searchRoot, selector);
|
|
78
|
+
// Optional data-flow filter: only keep matches whose value-side actually
|
|
79
|
+
// consumes a value tainted by the named source step's matches. This is
|
|
80
|
+
// what distinguishes a real source→sink finding from accidental
|
|
81
|
+
// source-and-sink-in-the-same-bundle co-occurrence.
|
|
82
|
+
if (matches.length > 0 && step.esquery.taintFrom) {
|
|
83
|
+
const sourceStepName = step.esquery.taintFrom;
|
|
84
|
+
const sourceMatch = matchList[sourceStepName];
|
|
85
|
+
if (!sourceMatch) {
|
|
86
|
+
// No source matched — nothing can be tainted from it.
|
|
87
|
+
continue;
|
|
88
|
+
}
|
|
89
|
+
if (!taintCache[sourceStepName]) {
|
|
90
|
+
const sourceNodes = sourceMatch.allNodes || [sourceMatch.node];
|
|
91
|
+
taintCache[sourceStepName] = computeTaint(ast, sourceNodes);
|
|
92
|
+
}
|
|
93
|
+
const taint = taintCache[sourceStepName];
|
|
94
|
+
matches = matches.filter((m) => sinkConsumesTaint(ast, m, taint));
|
|
95
|
+
}
|
|
68
96
|
if (matches.length > 0) {
|
|
69
97
|
// store the first match as the "primary" node so later steps can reference it,
|
|
70
98
|
// and keep the full match list available for tooling that wants it.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"astEngine.js","sourceRoot":"","sources":["../../../src/analyze/engine/astEngine.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,OAAO,MAAM,MAAM,eAAe,CAAC;AAEnC,OAAO,UAAU,MAAM,kBAAkB,CAAC;AAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC;AACrC,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,yBAAyB,EAAE,MAAM,uDAAuD,CAAC;AAClG,OAAO,EAAE,8BAA8B,EAAE,MAAM,4DAA4D,CAAC;AAC5G,OAAO,EAAE,oBAAoB,EAAE,MAAM,kDAAkD,CAAC;
|
|
1
|
+
{"version":3,"file":"astEngine.js","sourceRoot":"","sources":["../../../src/analyze/engine/astEngine.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B,OAAO,MAAM,MAAM,eAAe,CAAC;AAEnC,OAAO,UAAU,MAAM,kBAAkB,CAAC;AAC1C,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC;AACrC,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,yBAAyB,EAAE,MAAM,uDAAuD,CAAC;AAClG,OAAO,EAAE,8BAA8B,EAAE,MAAM,4DAA4D,CAAC;AAC5G,OAAO,EAAE,oBAAoB,EAAE,MAAM,kDAAkD,CAAC;AACxF,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAa,MAAM,uCAAuC,CAAC;AAGnG;;;;;;;;;;GAUG;AACH,MAAM,aAAa,GAAG,CAAO,IAAU,EAAE,cAAsB,EAA2B,EAAE;;IACxF,IAAI,QAAQ,GAAmB,EAAE,CAAC;IAElC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QAChD,qCAAqC;QACrC,IAAI,GAAG,CAAC;QACR,IAAI,CAAC;YACD,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;gBAC3B,UAAU,EAAE,aAAa;gBACzB,OAAO,EAAE,CAAC,KAAK,EAAE,YAAY,CAAC;gBAC9B,aAAa,EAAE,IAAI;aACtB,CAAC,CAAC;QACP,CAAC;QAAC,WAAM,CAAC;YACL,SAAS;QACb,CAAC;QAED,IAAI,SAAS,GAAsE,EAAE,CAAC;QACtF,MAAM,cAAc,GAAgB,IAAI,GAAG,EAAE,CAAC;QAC9C,6EAA6E;QAC7E,yCAAyC;QACzC,MAAM,UAAU,GAAwC,EAAE,CAAC;QAE3D,wCAAwC;QACxC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,gFAAgF;YAChF,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5C,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzE,IAAI,CAAC,cAAc,EAAE,CAAC;oBAClB,SAAS;gBACb,CAAC;YACL,CAAC;YAED,8CAA8C;YAC9C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;gBAEpC,iFAAiF;gBACjF,4EAA4E;gBAC5E,yFAAyF;gBACzF,IAAI,UAAU,GAAS,GAAG,CAAC;gBAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;oBACzB,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBACrD,IAAI,CAAC,UAAU,EAAE,CAAC;wBACd,mDAAmD;wBACnD,SAAS;oBACb,CAAC;oBACD,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC;gBACjC,CAAC;gBAED,wEAAwE;gBACxE,IAAI,OAAO,GAAW,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBAEpD,yEAAyE;gBACzE,uEAAuE;gBACvE,gEAAgE;gBAChE,oDAAoD;gBACpD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;oBAC/C,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;oBAC9C,MAAM,WAAW,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;oBAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;wBACf,sDAAsD;wBACtD,SAAS;oBACb,CAAC;oBACD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;wBAC9B,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;wBAC/D,UAAU,CAAC,cAAc,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;oBAChE,CAAC;oBACD,MAAM,KAAK,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC;oBACzC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,+EAA+E;oBAC/E,oEAAoE;oBACpE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;oBAC3E,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAClC,CAAC;YACL,CAAC;iBAAM,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACrC,6FAA6F;gBAE7F,MAAM,YAAY,GAAS,MAAA,SAAS,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,0CAAE,IAAI,CAAC;gBAE7E,IAAI,YAAY,EAAE,CAAC;oBACf,0DAA0D;oBAC1D,IAAI,YAAY,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;wBACzC,IACI,YAAY,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB;4BAC/C,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;4BAClD,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,kBAAkB;4BACxD,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe;4BAClD,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,SAAS,EAC/C,CAAC;4BACC,IAAI,YAAY,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gCACtC,+CAA+C;gCAC/C,4BAA4B;gCAC5B,IAAI,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oCAClD,qCAAqC;oCACrC,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oCACrD,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;oCAE5E,IAAI,gBAAgB,EAAE,CAAC;wCACnB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;wCAC9D,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oCAClC,CAAC;gCACL,CAAC;qCAAM,IACH,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB;oCACvD,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,yBAAyB,EAC9D,CAAC;oCACC,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;oCACrD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;oCAChE,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gCAClC,CAAC;4BACL,CAAC;wBACL,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;iBAAM,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBACnC,MAAM,YAAY,GAAS,MAAA,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,0CAAE,IAAI,CAAC;gBAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC;gBAC/C,MAAM,gBAAgB,GAAG,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,CAAC;gBAEpE,IAAI,YAAY,IAAI,gBAAgB,EAAE,CAAC;oBACnC,MAAM,cAAc,GAAG,8BAA8B,CACjD,YAAY,EACZ,OAAO,EACP,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,KAAK,CAClD,CAAC;oBAEF,IAAI,cAAc,EAAE,CAAC;wBACjB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;wBAC5D,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClC,CAAC;gBACL,CAAC;qBAAM,IAAI,YAAY,EAAE,CAAC;oBACtB,MAAM,cAAc,GAAG,oBAAoB,CACvC,YAAY,EACZ,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,KAAK,CAClD,CAAC;oBAEF,IAAI,cAAc,EAAE,CAAC;wBACjB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;wBAC5D,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAClC,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QAED,qEAAqE;QACrE,IAAI,cAAc,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,IAAI,CAAC,IAAI,oBAAoB,KAAK,CAAC,EAAE,EAAE,CAAC;YAChE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC9E,MAAM,IAAI,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC;YAE5C,sDAAsD;YACtD,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YACrC,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YACvC,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;YACpC,CAAC;YAED,OAAO,CAAC,GAAG,CACP,SAAS,CAAC,IAAI,EAAE;gBACZ,QAAQ,EAAE,YAAY;gBACtB,cAAc,EAAE,IAAI;gBACpB,KAAK,EAAE,SAAS;aACnB,CAAC,CACL,CAAC;YAEF,QAAQ,CAAC,IAAI,CAAC;gBACV,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,eAAe,EAAE,IAAI,CAAC,WAAW;gBACjC,UAAU,EAAE,IAAI,CAAC,MAAM;gBACvB,QAAQ,EAAE,IAAI,CAAC,IAAI;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,OAAO,EAAE,OAAO;gBAChB,eAAe,EAAE,MAAM,KAAK,CAAC,EAAE,OAAO,IAAI,EAAE;aAC/C,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AACpB,CAAC,CAAA,CAAC;AAEF,eAAe,aAAa,CAAC"}
|
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
import _traverse from "@babel/traverse";
|
|
2
|
+
const traverse = _traverse.default;
|
|
3
|
+
const memberChainString = (node) => {
|
|
4
|
+
if (node.type === "Identifier")
|
|
5
|
+
return node.name;
|
|
6
|
+
if (node.type === "ThisExpression")
|
|
7
|
+
return "this";
|
|
8
|
+
if (node.type === "MemberExpression") {
|
|
9
|
+
if (node.computed)
|
|
10
|
+
return null;
|
|
11
|
+
if (node.property.type !== "Identifier")
|
|
12
|
+
return null;
|
|
13
|
+
const obj = memberChainString(node.object);
|
|
14
|
+
if (!obj)
|
|
15
|
+
return null;
|
|
16
|
+
return `${obj}.${node.property.name}`;
|
|
17
|
+
}
|
|
18
|
+
return null;
|
|
19
|
+
};
|
|
20
|
+
const collectIdsFromPattern = (node) => {
|
|
21
|
+
if (!node)
|
|
22
|
+
return [];
|
|
23
|
+
if (node.type === "Identifier")
|
|
24
|
+
return [node.name];
|
|
25
|
+
if (node.type === "ObjectPattern") {
|
|
26
|
+
return node.properties.flatMap((p) => {
|
|
27
|
+
if (p.type === "ObjectProperty")
|
|
28
|
+
return collectIdsFromPattern(p.value);
|
|
29
|
+
if (p.type === "RestElement")
|
|
30
|
+
return collectIdsFromPattern(p.argument);
|
|
31
|
+
return [];
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
if (node.type === "ArrayPattern") {
|
|
35
|
+
return node.elements.flatMap((e) => (e ? collectIdsFromPattern(e) : []));
|
|
36
|
+
}
|
|
37
|
+
if (node.type === "AssignmentPattern")
|
|
38
|
+
return collectIdsFromPattern(node.left);
|
|
39
|
+
if (node.type === "RestElement")
|
|
40
|
+
return collectIdsFromPattern(node.argument);
|
|
41
|
+
return [];
|
|
42
|
+
};
|
|
43
|
+
const expressionIsTainted = (path, taint) => {
|
|
44
|
+
if (taint.sourceNodes.has(path.node))
|
|
45
|
+
return true;
|
|
46
|
+
let tainted = false;
|
|
47
|
+
const visit = (p) => {
|
|
48
|
+
if (tainted)
|
|
49
|
+
return;
|
|
50
|
+
if (taint.sourceNodes.has(p.node)) {
|
|
51
|
+
tainted = true;
|
|
52
|
+
p.stop();
|
|
53
|
+
return;
|
|
54
|
+
}
|
|
55
|
+
if (p.node.type === "Identifier") {
|
|
56
|
+
// skip identifiers that are property keys / declarations themselves
|
|
57
|
+
const parent = p.parent;
|
|
58
|
+
if (parent &&
|
|
59
|
+
((parent.type === "MemberExpression" && parent.property === p.node && !parent.computed) ||
|
|
60
|
+
(parent.type === "ObjectProperty" && parent.key === p.node && !parent.computed) ||
|
|
61
|
+
(parent.type === "VariableDeclarator" && parent.id === p.node) ||
|
|
62
|
+
(parent.type === "FunctionDeclaration" && parent.id === p.node) ||
|
|
63
|
+
(parent.type === "ClassDeclaration" && parent.id === p.node))) {
|
|
64
|
+
return;
|
|
65
|
+
}
|
|
66
|
+
const binding = p.scope.getBinding(p.node.name);
|
|
67
|
+
if (binding && taint.bindings.has(binding.path)) {
|
|
68
|
+
tainted = true;
|
|
69
|
+
p.stop();
|
|
70
|
+
return;
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
if (p.node.type === "MemberExpression") {
|
|
74
|
+
const chain = memberChainString(p.node);
|
|
75
|
+
if (chain && taint.memberChains.has(chain)) {
|
|
76
|
+
tainted = true;
|
|
77
|
+
p.stop();
|
|
78
|
+
return;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
};
|
|
82
|
+
visit(path);
|
|
83
|
+
if (!tainted) {
|
|
84
|
+
path.traverse({
|
|
85
|
+
enter(p) {
|
|
86
|
+
visit(p);
|
|
87
|
+
},
|
|
88
|
+
});
|
|
89
|
+
}
|
|
90
|
+
return tainted;
|
|
91
|
+
};
|
|
92
|
+
/**
|
|
93
|
+
* Compute the taint info for a chunk AST given the source nodes (URL-derived reads).
|
|
94
|
+
*
|
|
95
|
+
* Performs scope-aware iterative propagation:
|
|
96
|
+
* - Variable declarators / assignment expressions whose right-hand side
|
|
97
|
+
* contains a tainted source node or references a tainted binding/member
|
|
98
|
+
* chain are themselves tainted.
|
|
99
|
+
* - Tainted bindings are tracked by their declaration NodePath; tainted
|
|
100
|
+
* member chains (e.g. `R.current`) are tracked as strings.
|
|
101
|
+
*/
|
|
102
|
+
export const computeTaint = (ast, sourceNodes) => {
|
|
103
|
+
const taint = {
|
|
104
|
+
bindings: new Set(),
|
|
105
|
+
memberChains: new Set(),
|
|
106
|
+
sourceNodes: new Set(sourceNodes),
|
|
107
|
+
};
|
|
108
|
+
// Bound iteration count to avoid pathological cases
|
|
109
|
+
const maxRounds = 8;
|
|
110
|
+
for (let round = 0; round < maxRounds; round++) {
|
|
111
|
+
let changed = false;
|
|
112
|
+
traverse(ast, {
|
|
113
|
+
VariableDeclarator(path) {
|
|
114
|
+
if (!path.node.init)
|
|
115
|
+
return;
|
|
116
|
+
const initPath = path.get("init");
|
|
117
|
+
if (!expressionIsTainted(initPath, taint))
|
|
118
|
+
return;
|
|
119
|
+
const names = collectIdsFromPattern(path.node.id);
|
|
120
|
+
for (const name of names) {
|
|
121
|
+
const binding = path.scope.getBinding(name);
|
|
122
|
+
if (binding && !taint.bindings.has(binding.path)) {
|
|
123
|
+
taint.bindings.add(binding.path);
|
|
124
|
+
changed = true;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
},
|
|
128
|
+
AssignmentExpression(path) {
|
|
129
|
+
const rightPath = path.get("right");
|
|
130
|
+
if (!expressionIsTainted(rightPath, taint))
|
|
131
|
+
return;
|
|
132
|
+
const left = path.node.left;
|
|
133
|
+
if (left.type === "Identifier") {
|
|
134
|
+
const binding = path.scope.getBinding(left.name);
|
|
135
|
+
if (binding && !taint.bindings.has(binding.path)) {
|
|
136
|
+
taint.bindings.add(binding.path);
|
|
137
|
+
changed = true;
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
else if (left.type === "MemberExpression") {
|
|
141
|
+
const chain = memberChainString(left);
|
|
142
|
+
if (chain && !taint.memberChains.has(chain)) {
|
|
143
|
+
taint.memberChains.add(chain);
|
|
144
|
+
changed = true;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
else if (left.type === "ObjectPattern" || left.type === "ArrayPattern") {
|
|
148
|
+
const names = collectIdsFromPattern(left);
|
|
149
|
+
for (const name of names) {
|
|
150
|
+
const binding = path.scope.getBinding(name);
|
|
151
|
+
if (binding && !taint.bindings.has(binding.path)) {
|
|
152
|
+
taint.bindings.add(binding.path);
|
|
153
|
+
changed = true;
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
},
|
|
158
|
+
});
|
|
159
|
+
if (!changed)
|
|
160
|
+
break;
|
|
161
|
+
}
|
|
162
|
+
return taint;
|
|
163
|
+
};
|
|
164
|
+
const getSinkValueNodes = (sink) => {
|
|
165
|
+
switch (sink.type) {
|
|
166
|
+
case "AssignmentExpression":
|
|
167
|
+
return [sink.right];
|
|
168
|
+
case "CallExpression":
|
|
169
|
+
case "NewExpression": {
|
|
170
|
+
const args = sink.arguments;
|
|
171
|
+
return args.filter((a) => a && a.type !== "SpreadElement");
|
|
172
|
+
}
|
|
173
|
+
case "ObjectProperty": {
|
|
174
|
+
const v = sink.value;
|
|
175
|
+
return v ? [v] : [];
|
|
176
|
+
}
|
|
177
|
+
case "JSXAttribute": {
|
|
178
|
+
// Boolean JSX attributes (e.g. `<div hidden />`) have no value node.
|
|
179
|
+
const v = sink.value;
|
|
180
|
+
return v ? [v] : [];
|
|
181
|
+
}
|
|
182
|
+
default:
|
|
183
|
+
return [sink];
|
|
184
|
+
}
|
|
185
|
+
};
|
|
186
|
+
/**
|
|
187
|
+
* Returns true when `sinkNode` consumes a value tainted by the URL source(s) used
|
|
188
|
+
* to compute `taint`. Walks the sink's value-side subtree (RHS for assignments,
|
|
189
|
+
* arguments for calls/new, value for object/JSX properties) and looks for:
|
|
190
|
+
* - direct references to a tainted source subtree,
|
|
191
|
+
* - identifiers whose binding is in `taint.bindings`,
|
|
192
|
+
* - member-expression chains in `taint.memberChains`.
|
|
193
|
+
*
|
|
194
|
+
* To resolve scope-aware bindings, we re-traverse the AST and pick up paths
|
|
195
|
+
* whose nodes match one of the value-side subtrees.
|
|
196
|
+
*/
|
|
197
|
+
export const sinkConsumesTaint = (ast, sinkNode, taint) => {
|
|
198
|
+
const valueRoots = new Set(getSinkValueNodes(sinkNode));
|
|
199
|
+
if (valueRoots.size === 0)
|
|
200
|
+
return false;
|
|
201
|
+
let consumed = false;
|
|
202
|
+
traverse(ast, {
|
|
203
|
+
enter(path) {
|
|
204
|
+
if (consumed) {
|
|
205
|
+
path.stop();
|
|
206
|
+
return;
|
|
207
|
+
}
|
|
208
|
+
if (!valueRoots.has(path.node))
|
|
209
|
+
return;
|
|
210
|
+
if (expressionIsTainted(path, taint)) {
|
|
211
|
+
consumed = true;
|
|
212
|
+
path.stop();
|
|
213
|
+
}
|
|
214
|
+
},
|
|
215
|
+
});
|
|
216
|
+
return consumed;
|
|
217
|
+
};
|
|
218
|
+
//# sourceMappingURL=taintFlow.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"taintFlow.js","sourceRoot":"","sources":["../../../../src/analyze/helpers/engineHelpers/taintFlow.ts"],"names":[],"mappings":"AACA,OAAO,SAAgC,MAAM,iBAAiB,CAAC;AAC/D,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC;AAQnC,MAAM,iBAAiB,GAAG,CAAC,IAAU,EAAiB,EAAE;IACpD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IACjD,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAAE,OAAO,MAAM,CAAC;IAClD,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC/B,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,IAAI,CAAC;QACrD,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,IAAU,EAAY,EAAE;IACnD,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACjC,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB;gBAAE,OAAO,qBAAqB,CAAC,CAAC,CAAC,KAAa,CAAC,CAAC;YAC/E,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa;gBAAE,OAAO,qBAAqB,CAAC,CAAC,CAAC,QAAgB,CAAC,CAAC;YAC/E,OAAO,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;QAAE,OAAO,qBAAqB,CAAC,IAAI,CAAC,IAAY,CAAC,CAAC;IACvF,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa;QAAE,OAAO,qBAAqB,CAAC,IAAI,CAAC,QAAgB,CAAC,CAAC;IACrF,OAAO,EAAE,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,CAAC,IAAc,EAAE,KAAgB,EAAW,EAAE;IACtE,IAAI,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAClD,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,KAAK,GAAG,CAAC,CAAW,EAAE,EAAE;QAC1B,IAAI,OAAO;YAAE,OAAO;QACpB,IAAI,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,OAAO,GAAG,IAAI,CAAC;YACf,CAAC,CAAC,IAAI,EAAE,CAAC;YACT,OAAO;QACX,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/B,oEAAoE;YACpE,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;YACxB,IACI,MAAM;gBACN,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;oBACnF,CAAC,MAAM,CAAC,IAAI,KAAK,gBAAgB,IAAI,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;oBAC/E,CAAC,MAAM,CAAC,IAAI,KAAK,oBAAoB,IAAK,MAAc,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC;oBACvE,CAAC,MAAM,CAAC,IAAI,KAAK,qBAAqB,IAAK,MAAc,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC;oBACxE,CAAC,MAAM,CAAC,IAAI,KAAK,kBAAkB,IAAK,MAAc,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,EAC5E,CAAC;gBACC,OAAO;YACX,CAAC;YACD,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9C,OAAO,GAAG,IAAI,CAAC;gBACf,CAAC,CAAC,IAAI,EAAE,CAAC;gBACT,OAAO;YACX,CAAC;QACL,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACxC,IAAI,KAAK,IAAI,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,GAAG,IAAI,CAAC;gBACf,CAAC,CAAC,IAAI,EAAE,CAAC;gBACT,OAAO;YACX,CAAC;QACL,CAAC;IACL,CAAC,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,CAAC;IACZ,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,IAAI,CAAC,QAAQ,CAAC;YACV,KAAK,CAAC,CAAC;gBACH,KAAK,CAAC,CAAC,CAAC,CAAC;YACb,CAAC;SACJ,CAAC,CAAC;IACP,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAS,EAAE,WAAmB,EAAa,EAAE;IACtE,MAAM,KAAK,GAAc;QACrB,QAAQ,EAAE,IAAI,GAAG,EAAY;QAC7B,YAAY,EAAE,IAAI,GAAG,EAAU;QAC/B,WAAW,EAAE,IAAI,GAAG,CAAO,WAAW,CAAC;KAC1C,CAAC;IAEF,oDAAoD;IACpD,MAAM,SAAS,GAAG,CAAC,CAAC;IACpB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,SAAS,EAAE,KAAK,EAAE,EAAE,CAAC;QAC7C,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,QAAQ,CAAC,GAAG,EAAE;YACV,kBAAkB,CAAC,IAAI;gBACnB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAa,CAAC;gBAC9C,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,KAAK,CAAC;oBAAE,OAAO;gBAClD,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAU,CAAC,CAAC;gBAC1D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;oBAC5C,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC/C,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACjC,OAAO,GAAG,IAAI,CAAC;oBACnB,CAAC;gBACL,CAAC;YACL,CAAC;YACD,oBAAoB,CAAC,IAAI;gBACrB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAa,CAAC;gBAChD,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,KAAK,CAAC;oBAAE,OAAO;gBACnD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAY,CAAC;gBACpC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACjD,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC/C,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;wBACjC,OAAO,GAAG,IAAI,CAAC;oBACnB,CAAC;gBACL,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;oBAC1C,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;oBACtC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC1C,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;wBAC9B,OAAO,GAAG,IAAI,CAAC;oBACnB,CAAC;gBACL,CAAC;qBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBACvE,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;oBAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;wBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;wBAC5C,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;4BAC/C,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;4BACjC,OAAO,GAAG,IAAI,CAAC;wBACnB,CAAC;oBACL,CAAC;gBACL,CAAC;YACL,CAAC;SACJ,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO;YAAE,MAAM;IACxB,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,IAAU,EAAU,EAAE;IAC7C,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAChB,KAAK,sBAAsB;YACvB,OAAO,CAAC,IAAI,CAAC,KAAa,CAAC,CAAC;QAChC,KAAK,gBAAgB,CAAC;QACtB,KAAK,eAAe,CAAC,CAAC,CAAC;YACnB,MAAM,IAAI,GAAI,IAAY,CAAC,SAAmB,CAAC;YAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;QAC/D,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACpB,MAAM,CAAC,GAAI,IAAY,CAAC,KAAgC,CAAC;YACzD,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACxB,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YAClB,qEAAqE;YACrE,MAAM,CAAC,GAAI,IAAY,CAAC,KAAgC,CAAC;YACzD,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACxB,CAAC;QACD;YACI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;AACL,CAAC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,GAAS,EAAE,QAAc,EAAE,KAAgB,EAAW,EAAE;IACtF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9D,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAExC,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE;QACV,KAAK,CAAC,IAAI;YACN,IAAI,QAAQ,EAAE,CAAC;gBACX,IAAI,CAAC,IAAI,EAAE,CAAC;gBACZ,OAAO;YACX,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YACvC,IAAI,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;gBACnC,QAAQ,GAAG,IAAI,CAAC;gBAChB,IAAI,CAAC,IAAI,EAAE,CAAC;YAChB,CAAC;QACL,CAAC;KACJ,CAAC,CAAC;IACH,OAAO,QAAQ,CAAC;AACpB,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/analyze/helpers/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IAC9B,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;QAC1B,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;QACzB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;CACL,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACrC,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACrC,sBAAsB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IACpE,oBAAoB,EAAE,8BAA8B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAChC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;CAC7B,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/analyze/helpers/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IAC9B,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;QAC1B,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACL,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;QACzB,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;CACL,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACrC,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE;IACrC,sBAAsB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IACpE,oBAAoB,EAAE,8BAA8B,CAAC,QAAQ,EAAE;CAClE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAChC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC;CAC7B,CAAC,CAAC"}
|
package/build/globalConfig.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
const githubURL = "https://github.com/shriyanss/js-recon";
|
|
2
2
|
const modulesDocs = "https://js-recon.io/docs/category/modules";
|
|
3
|
-
const version = "1.3.1-alpha.
|
|
3
|
+
const version = "1.3.1-alpha.2";
|
|
4
4
|
const toolDesc = "JS Recon Tool";
|
|
5
5
|
const axiosNonHttpMethods = ["isAxiosError"]; // methods available in axios, which are not for making HTTP requests
|
|
6
6
|
let CONFIG = {
|
|
@@ -0,0 +1,186 @@
|
|
|
1
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
2
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
4
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
5
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
6
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
7
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
8
|
+
});
|
|
9
|
+
};
|
|
10
|
+
import chalk from "chalk";
|
|
11
|
+
import path from "path";
|
|
12
|
+
import fs from "fs";
|
|
13
|
+
import prettier from "prettier";
|
|
14
|
+
import makeRequest from "../utility/makeReq.js";
|
|
15
|
+
import { getURLDirectory } from "../utility/urlUtils.js";
|
|
16
|
+
import { getScope } from "./globals.js";
|
|
17
|
+
const PRETTIER_SIZE_LIMIT = 500 * 1024;
|
|
18
|
+
/**
|
|
19
|
+
* A concurrent download queue that starts downloading JS files as soon as URLs
|
|
20
|
+
* are pushed, without waiting for discovery to finish.
|
|
21
|
+
*
|
|
22
|
+
* Usage:
|
|
23
|
+
* const q = new DownloadQueue(output, concurrency);
|
|
24
|
+
* q.push(someUrls); // starts downloading immediately
|
|
25
|
+
* q.push(moreUrls); // safe to call any time
|
|
26
|
+
* await q.drain(); // wait for all downloads to complete
|
|
27
|
+
*/
|
|
28
|
+
export class DownloadQueue {
|
|
29
|
+
constructor(output, concurrency, options = {}) {
|
|
30
|
+
/** Tracks every URL ever enqueued to avoid duplicate downloads. */
|
|
31
|
+
this.seen = new Set();
|
|
32
|
+
/** Pending URLs waiting for a free worker slot. */
|
|
33
|
+
this.pending = [];
|
|
34
|
+
/** Number of worker coroutines currently executing a download. */
|
|
35
|
+
this.activeWorkers = 0;
|
|
36
|
+
/** Callbacks waiting for the queue to empty. */
|
|
37
|
+
this.drainCallbacks = [];
|
|
38
|
+
/** Stats */
|
|
39
|
+
this.downloadCount = 0;
|
|
40
|
+
this.processedCount = 0;
|
|
41
|
+
this.ignoredFiles = [];
|
|
42
|
+
this.ignoredDomains = [];
|
|
43
|
+
this.output = output;
|
|
44
|
+
this.concurrency = Math.max(1, concurrency);
|
|
45
|
+
this.onProgress = options.onProgress;
|
|
46
|
+
fs.mkdirSync(output, { recursive: true });
|
|
47
|
+
}
|
|
48
|
+
get totalEnqueued() {
|
|
49
|
+
return this.seen.size;
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Enqueue URLs for download. Already-seen URLs are silently skipped.
|
|
53
|
+
* New workers are spawned immediately up to the configured concurrency.
|
|
54
|
+
*/
|
|
55
|
+
push(urls) {
|
|
56
|
+
const fresh = [];
|
|
57
|
+
for (const u of urls) {
|
|
58
|
+
if (!this.seen.has(u)) {
|
|
59
|
+
this.seen.add(u);
|
|
60
|
+
fresh.push(u);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
if (fresh.length === 0)
|
|
64
|
+
return;
|
|
65
|
+
this.pending.push(...fresh);
|
|
66
|
+
this.spawnWorkers();
|
|
67
|
+
}
|
|
68
|
+
/** Returns a Promise that resolves once all pending downloads are complete. */
|
|
69
|
+
drain() {
|
|
70
|
+
if (this.activeWorkers === 0 && this.pending.length === 0) {
|
|
71
|
+
return Promise.resolve();
|
|
72
|
+
}
|
|
73
|
+
return new Promise((resolve) => {
|
|
74
|
+
this.drainCallbacks.push(resolve);
|
|
75
|
+
});
|
|
76
|
+
}
|
|
77
|
+
/** Print a summary of ignored files. */
|
|
78
|
+
printSummary() {
|
|
79
|
+
if (this.ignoredFiles.length > 0) {
|
|
80
|
+
console.log(chalk.yellow(`[i] Ignored ${this.ignoredFiles.length} JS files across ${this.ignoredDomains.length} domain(s) - ${this.ignoredDomains.join(", ")}`));
|
|
81
|
+
}
|
|
82
|
+
if (this.downloadCount > 0) {
|
|
83
|
+
console.log(chalk.green(`[✓] Downloaded ${this.downloadCount} JS chunks to ${this.output} directory`));
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// ── internals ────────────────────────────────────────────────────────
|
|
87
|
+
spawnWorkers() {
|
|
88
|
+
while (this.activeWorkers < this.concurrency && this.pending.length > 0) {
|
|
89
|
+
this.activeWorkers++;
|
|
90
|
+
this.runWorker();
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
runWorker() {
|
|
94
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
95
|
+
while (this.pending.length > 0) {
|
|
96
|
+
const url = this.pending.shift();
|
|
97
|
+
yield this.processOne(url);
|
|
98
|
+
}
|
|
99
|
+
this.activeWorkers--;
|
|
100
|
+
if (this.activeWorkers === 0 && this.pending.length === 0) {
|
|
101
|
+
const callbacks = this.drainCallbacks.splice(0);
|
|
102
|
+
for (const cb of callbacks)
|
|
103
|
+
cb();
|
|
104
|
+
}
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
processOne(url) {
|
|
108
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
109
|
+
var _a, _b, _c;
|
|
110
|
+
try {
|
|
111
|
+
if (!url.match(/(\.js|\.json|\.js\.map)/)) {
|
|
112
|
+
console.log(chalk.yellow(`[i] Ignored ${url}`));
|
|
113
|
+
return;
|
|
114
|
+
}
|
|
115
|
+
const { host, directory } = getURLDirectory(url);
|
|
116
|
+
if (!getScope().includes("*") && !getScope().includes(host)) {
|
|
117
|
+
this.ignoredFiles.push(url);
|
|
118
|
+
if (!this.ignoredDomains.includes(host)) {
|
|
119
|
+
this.ignoredDomains.push(host);
|
|
120
|
+
}
|
|
121
|
+
return;
|
|
122
|
+
}
|
|
123
|
+
const childDir = path.join(this.output, host, directory);
|
|
124
|
+
fs.mkdirSync(childDir, { recursive: true });
|
|
125
|
+
let res;
|
|
126
|
+
try {
|
|
127
|
+
res = yield makeRequest(url, {});
|
|
128
|
+
}
|
|
129
|
+
catch (_d) {
|
|
130
|
+
console.error(chalk.red(`[!] Failed to download: ${url}`));
|
|
131
|
+
return;
|
|
132
|
+
}
|
|
133
|
+
if (!res) {
|
|
134
|
+
console.error(chalk.red(`[!] Failed to download: ${url}`));
|
|
135
|
+
return;
|
|
136
|
+
}
|
|
137
|
+
const rawText = yield res.text();
|
|
138
|
+
// .js.map payloads are JSON — adding a `//` banner would break strict
|
|
139
|
+
// JSON parsing later in the same function (parser: "json").
|
|
140
|
+
const file = url.match(/\.json/) || url.match(/\.js\.map/) ? rawText : `// File Source: ${url}\n${rawText}`;
|
|
141
|
+
let filename;
|
|
142
|
+
try {
|
|
143
|
+
filename = (_b = (_a = url
|
|
144
|
+
.split("/")
|
|
145
|
+
.pop()) === null || _a === void 0 ? void 0 : _a.match(/[a-zA-Z0-9\.\-_]+\.js(on)?(\.map)?/)) === null || _b === void 0 ? void 0 : _b[0];
|
|
146
|
+
}
|
|
147
|
+
catch (_e) {
|
|
148
|
+
for (const chunk of url.split("/")) {
|
|
149
|
+
if (chunk.match(/\.js(on)?$/)) {
|
|
150
|
+
filename = chunk;
|
|
151
|
+
break;
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
if (!filename) {
|
|
156
|
+
console.warn(chalk.yellow(`[!] Could not determine filename for URL: ${url}. Skipping.`));
|
|
157
|
+
return;
|
|
158
|
+
}
|
|
159
|
+
const filePath = path.join(childDir, filename);
|
|
160
|
+
try {
|
|
161
|
+
if (url.match(/\.json/) || url.match(/\.js\.map/)) {
|
|
162
|
+
const formatted = file.length <= PRETTIER_SIZE_LIMIT ? yield prettier.format(file, { parser: "json" }) : file;
|
|
163
|
+
fs.writeFileSync(filePath, formatted);
|
|
164
|
+
}
|
|
165
|
+
else {
|
|
166
|
+
const formatted = file.length <= PRETTIER_SIZE_LIMIT ? yield prettier.format(file, { parser: "babel" }) : file;
|
|
167
|
+
fs.writeFileSync(filePath, formatted);
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
catch (_f) {
|
|
171
|
+
console.error(chalk.red(`[!] Failed to write file: ${filePath}`));
|
|
172
|
+
return;
|
|
173
|
+
}
|
|
174
|
+
this.downloadCount++;
|
|
175
|
+
}
|
|
176
|
+
catch (err) {
|
|
177
|
+
console.error(chalk.red(`[!] Failed to download: ${url} : ${err}`));
|
|
178
|
+
}
|
|
179
|
+
finally {
|
|
180
|
+
this.processedCount++;
|
|
181
|
+
(_c = this.onProgress) === null || _c === void 0 ? void 0 : _c.call(this, this.processedCount, this.seen.size, this.downloadCount);
|
|
182
|
+
}
|
|
183
|
+
});
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
//# sourceMappingURL=downloadQueue.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"downloadQueue.js","sourceRoot":"","sources":["../../src/lazyLoad/downloadQueue.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,WAAW,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAOxC,MAAM,mBAAmB,GAAG,GAAG,GAAG,IAAI,CAAC;AAEvC;;;;;;;;;GASG;AACH,MAAM,OAAO,aAAa;IAwBtB,YAAY,MAAc,EAAE,WAAmB,EAAE,UAAgC,EAAE;QApBnF,mEAAmE;QAClD,SAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,mDAAmD;QAClC,YAAO,GAAa,EAAE,CAAC;QAExC,kEAAkE;QAC1D,kBAAa,GAAG,CAAC,CAAC;QAE1B,gDAAgD;QACxC,mBAAc,GAAmB,EAAE,CAAC;QAE5C,YAAY;QACJ,kBAAa,GAAG,CAAC,CAAC;QAClB,mBAAc,GAAG,CAAC,CAAC;QACnB,iBAAY,GAAa,EAAE,CAAC;QAC5B,mBAAc,GAAa,EAAE,CAAC;QAKlC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,aAAa;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,IAAc;QACf,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACL,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAE/B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QAC5B,IAAI,CAAC,YAAY,EAAE,CAAC;IACxB,CAAC;IAED,+EAA+E;IAC/E,KAAK;QACD,IAAI,IAAI,CAAC,aAAa,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC7B,CAAC;QACD,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YACjC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACP,CAAC;IAED,wCAAwC;IACxC,YAAY;QACR,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CACP,KAAK,CAAC,MAAM,CACR,eAAe,IAAI,CAAC,YAAY,CAAC,MAAM,oBAAoB,IAAI,CAAC,cAAc,CAAC,MAAM,gBAAgB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxI,CACJ,CAAC;QACN,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,aAAa,iBAAiB,IAAI,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC;QAC3G,CAAC;IACL,CAAC;IAED,wEAAwE;IAEhE,YAAY;QAChB,OAAO,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,IAAI,CAAC,SAAS,EAAE,CAAC;QACrB,CAAC;IACL,CAAC;IAEa,SAAS;;YACnB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAG,CAAC;gBAClC,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC/B,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,aAAa,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAChD,KAAK,MAAM,EAAE,IAAI,SAAS;oBAAE,EAAE,EAAE,CAAC;YACrC,CAAC;QACL,CAAC;KAAA;IAEa,UAAU,CAAC,GAAW;;;YAChC,IAAI,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC;oBACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,eAAe,GAAG,EAAE,CAAC,CAAC,CAAC;oBAChD,OAAO;gBACX,CAAC;gBAED,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;gBAEjD,IAAI,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC5B,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;wBACtC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACnC,CAAC;oBACD,OAAO;gBACX,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;gBACzD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAE5C,IAAI,GAAG,CAAC;gBACR,IAAI,CAAC;oBACD,GAAG,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACrC,CAAC;gBAAC,WAAM,CAAC;oBACL,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC,CAAC;oBAC3D,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,GAAG,EAAE,CAAC;oBACP,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,GAAG,EAAE,CAAC,CAAC,CAAC;oBAC3D,OAAO;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjC,sEAAsE;gBACtE,4DAA4D;gBAC5D,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,OAAO,EAAE,CAAC;gBAE5G,IAAI,QAA4B,CAAC;gBACjC,IAAI,CAAC;oBACD,QAAQ,GAAG,MAAA,MAAA,GAAG;yBACT,KAAK,CAAC,GAAG,CAAC;yBACV,GAAG,EAAE,0CACJ,KAAK,CAAC,oCAAoC,CAAC,0CAAG,CAAC,CAAC,CAAC;gBAC3D,CAAC;gBAAC,WAAM,CAAC;oBACL,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;wBACjC,IAAI,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;4BAC5B,QAAQ,GAAG,KAAK,CAAC;4BACjB,MAAM;wBACV,CAAC;oBACL,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACZ,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,6CAA6C,GAAG,aAAa,CAAC,CAAC,CAAC;oBAC1F,OAAO;gBACX,CAAC;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC/C,IAAI,CAAC;oBACD,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;wBAChD,MAAM,SAAS,GACX,IAAI,CAAC,MAAM,IAAI,mBAAmB,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;wBAChG,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;oBAC1C,CAAC;yBAAM,CAAC;wBACJ,MAAM,SAAS,GACX,IAAI,CAAC,MAAM,IAAI,mBAAmB,CAAC,CAAC,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;wBACjG,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;oBAC1C,CAAC;gBACL,CAAC;gBAAC,WAAM,CAAC;oBACL,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACX,CAAC;gBACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,GAAG,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC;YACxE,CAAC;oBAAS,CAAC;gBACP,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,MAAA,IAAI,CAAC,UAAU,qDAAG,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YAC/E,CAAC;QACL,CAAC;KAAA;CACJ"}
|