Skip to content

Commit

Permalink
refactor: fix deprecation in tests & update eslint
Browse files Browse the repository at this point in the history
  • Loading branch information
fraxken committed Aug 15, 2024
1 parent 86cb3d9 commit ba82a6f
Show file tree
Hide file tree
Showing 22 changed files with 129 additions and 104 deletions.
4 changes: 0 additions & 4 deletions .eslintignore

This file was deleted.

7 changes: 0 additions & 7 deletions .eslintrc

This file was deleted.

19 changes: 19 additions & 0 deletions eslint.config.mjs
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
import { ESLintConfig } from "@openally/config.eslint";

export default [
{
ignores: [
"**/test/fixtures/**/*",
"**/test/probes/fixtures/**/*.js"
]
},
...ESLintConfig,
{
languageOptions: {
sourceType: "module",
parserOptions: {
requireConfigFile: false
}
}
}
];
10 changes: 3 additions & 7 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@
"node": ">=18.0.0"
},
"scripts": {
"lint": "eslint src test",
"prepublishOnly": "pkg-ok",
"lint": "eslint src workspaces test",
"test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
"test": "c8 --all --src ./src -r html npm run test-only",
"check": "npm run lint && npm run test-only"
Expand Down Expand Up @@ -54,13 +53,10 @@
"ts-pattern": "^5.0.6"
},
"devDependencies": {
"@nodesecure/eslint-config": "^1.6.0",
"@openally/config.eslint": "^1.0.0",
"@types/node": "^22.0.0",
"c8": "^10.1.2",
"cross-env": "^7.0.3",
"eslint": "^9.0.0",
"glob": "^11.0.0",
"iterator-matcher": "^2.1.0",
"pkg-ok": "^3.0.0"
"iterator-matcher": "^2.1.0"
}
}
1 change: 1 addition & 0 deletions src/probes/isLiteral.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { builtinModules } from "repl";
import { Hex } from "@nodesecure/sec-literal";

const kMapRegexIps = Object.freeze({
// eslint-disable-next-line @stylistic/max-len
regexIPv4: /^(https?:\/\/)(?!127\.)(?!.*:(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9]))((?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])(?::\d{1,5})?(\/[^\s]*)?$/,
regexIPv6: /^(https?:\/\/)(\[[0-9A-Fa-f:]+\])(?::\d{1,5})?(\/[^\s]*)?$/
});
Expand Down
2 changes: 0 additions & 2 deletions test/AstAnalyser.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -351,7 +351,6 @@ describe("AstAnalyser", (t) => {
});
});


it("intialize should be called before finalize", async() => {
const calls = [];

Expand Down Expand Up @@ -461,7 +460,6 @@ describe("AstAnalyser", (t) => {
});
});


it("intialize should be called before finalize", () => {
const calls = [];

Expand Down
6 changes: 3 additions & 3 deletions test/issues/109-html-comment-parsing.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,21 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

// CONSTANTS
const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url);

// Regression test for https://github.com/NodeSecure/js-x-ray/issues/109
test("it should not crash for a JavaScript file containing HTML comments (and removeHTMLComments option enabled)", () => {
const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8");
runASTAnalysis(htmlComment, {
new AstAnalyser().analyse(htmlComment, {
removeHTMLComments: true
});
});

test("it should crash for a JavaScript file containing HTML comments", (t) => {
const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8");

assert.throws(() => runASTAnalysis(htmlComment));
assert.throws(() => new AstAnalyser().analyse(htmlComment));
});
6 changes: 3 additions & 3 deletions test/issues/163-illegalReturnStatement.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

/**
* @see https://github.com/NodeSecure/js-x-ray/issues/163
Expand All @@ -23,9 +23,9 @@ if (!argv.length) {

test("it should not throw error whatever module is true or false", () => {
assert.doesNotThrow(() => {
runASTAnalysis(kIncriminedCodeSample, { module: false });
new AstAnalyser().analyse(kIncriminedCodeSample, { module: false });
});
assert.doesNotThrow(() => {
runASTAnalysis(kIncriminedCodeSample, { module: true });
new AstAnalyser().analyse(kIncriminedCodeSample, { module: true });
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

const validTestCases = [
["module.exports = require('fs') || require('constants');", ["fs", "constants"]],
Expand Down Expand Up @@ -37,7 +37,7 @@ const validTestCases = [
test("it should return isOneLineRequire true given a single line CJS export with a valid assignment", () => {
validTestCases.forEach((test) => {
const [source, modules] = test;
const { dependencies, isOneLineRequire } = runASTAnalysis(source);
const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source);

assert.ok(isOneLineRequire);
assert.deepEqual([...dependencies.keys()], modules);
Expand All @@ -60,7 +60,7 @@ const invalidTestCases = [
test("it should return isOneLineRequire false given a single line CJS export with illegal callees", () => {
invalidTestCases.forEach((test) => {
const [source, modules] = test;
const { dependencies, isOneLineRequire } = runASTAnalysis(source);
const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source);

assert.ok(isOneLineRequire === false);
assert.deepEqual([...dependencies.keys()], modules);
Expand Down
4 changes: 2 additions & 2 deletions test/issues/177-wrongUnsafeRequire.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

/**
* @see https://github.com/NodeSecure/js-x-ray/issues/177
*/
test("should detect unsafe-import and unsafe-statement", () => {
const { warnings, dependencies } = runASTAnalysis(`const help = require('help-me')({
const { warnings, dependencies } = new AstAnalyser().analyse(`const help = require('help-me')({
dir: path.join(__dirname, 'help'),
ext: '.txt'
})`);
Expand Down
6 changes: 3 additions & 3 deletions test/issues/178-path-join-literal-args-is-not-unsafe.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

/**
* @see https://github.com/NodeSecure/js-x-ray/issues/178
Expand All @@ -15,7 +15,7 @@ const validTestCases = [

test("should not detect unsafe-import for path.join if every argument is a string literal", () => {
validTestCases.forEach((test) => {
const { warnings, dependencies } = runASTAnalysis(test);
const { warnings, dependencies } = new AstAnalyser().analyse(test);

assert.strictEqual(warnings.length, 0);
assert.ok(dependencies.has("../bin.js"));
Expand All @@ -31,7 +31,7 @@ const invalidTestCases = [

test("should detect unsafe-import of path.join if not every argument is a string literal", () => {
invalidTestCases.forEach((test) => {
const { warnings } = runASTAnalysis(test);
const { warnings } = new AstAnalyser().analyse(test);

assert.strictEqual(warnings.length, 1);
});
Expand Down
4 changes: 2 additions & 2 deletions test/issues/179-UnsafeEvalRequire.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

/**
* @see https://github.com/NodeSecure/js-x-ray/issues/179
Expand All @@ -14,7 +14,7 @@ const kWarningUnsafeImport = "unsafe-import";
const kWarningUnsafeStatement = "unsafe-stmt";

test("should detect unsafe-import and unsafe-statement", () => {
const sastAnalysis = runASTAnalysis(kIncriminedCodeSample);
const sastAnalysis = new AstAnalyser().analyse(kIncriminedCodeSample);

assert.equal(sastAnalysis.warnings.at(0).value, "stream");
assert.equal(sastAnalysis.warnings.at(0).kind, kWarningUnsafeImport);
Expand Down
4 changes: 2 additions & 2 deletions test/issues/180-logicalexpr-return-this.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

/**
* @see https://github.com/NodeSecure/js-x-ray/issues/180
*/
test("should detect required core 'http' with a LogicalExpr containing Function('return this')()", () => {
const { warnings, dependencies } = runASTAnalysis(`
const { warnings, dependencies } = new AstAnalyser().analyse(`
var root = freeGlobal || freeSelf || Function('return this')();
const foo = root.require;
foo("http");
Expand Down
6 changes: 3 additions & 3 deletions test/issues/283-oneline-require-minified.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,17 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

// Regression test for https://github.com/NodeSecure/js-x-ray/issues/283
test("Given a one line require (with no module.exports) then isOneLineRequire must equal true", () => {
const { isOneLineRequire } = runASTAnalysis(`require('foo.js');`);
const { isOneLineRequire } = new AstAnalyser().analyse(`require('foo.js');`);

assert.ok(isOneLineRequire);
});

test("Given an empty code then isOneLineRequire must equal false", () => {
const { isOneLineRequire } = runASTAnalysis(``);
const { isOneLineRequire } = new AstAnalyser().analyse(``);

assert.strictEqual(isOneLineRequire, false);
});
4 changes: 2 additions & 2 deletions test/issues/59-undefined-depName.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { readFileSync } from "node:fs";
import { test } from "node:test";

// Import Internal Dependencies
import { runASTAnalysis } from "../../index.js";
import { AstAnalyser } from "../../index.js";

// CONSTANTS
const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url);
Expand All @@ -14,5 +14,5 @@ test("it should not crash for prop-types", () => {
new URL("prop-types.min.js", FIXTURE_URL),
"utf-8"
);
runASTAnalysis(propTypes);
new AstAnalyser().analyse(propTypes);
});
26 changes: 14 additions & 12 deletions test/obfuscated.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,17 @@ import { test } from "node:test";
import assert from "node:assert";

// Import Internal Dependencies
import { runASTAnalysis, runASTAnalysisOnFile } from "../index.js";
import {
AstAnalyser
} from "../index.js";
import { getWarningKind } from "./utils/index.js";

// CONSTANTS
const FIXTURE_URL = new URL("fixtures/obfuscated/", import.meta.url);

test("should detect 'jsfuck' obfuscation", () => {
const trycatch = readFileSync(new URL("jsfuck.js", FIXTURE_URL), "utf-8");
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.strictEqual(warnings.length, 1);
assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
Expand All @@ -22,7 +24,7 @@ test("should detect 'jsfuck' obfuscation", () => {

test("should detect 'morse' obfuscation", () => {
const trycatch = readFileSync(new URL("morse.js", FIXTURE_URL), "utf-8");
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.strictEqual(warnings.length, 1);
assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
Expand All @@ -31,14 +33,14 @@ test("should detect 'morse' obfuscation", () => {

test("should not detect 'morse' obfuscation", () => {
const trycatch = readFileSync(new URL("notMorse.js", FIXTURE_URL), "utf-8");
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.strictEqual(warnings.length, 0);
});

test("should not detect 'morse' obfuscation for high number of doubles morse symbols", () => {
const morseSymbolDoublesString = `const a = ${"'.' + '..' +".repeat(37)} '.'`;
const { warnings } = runASTAnalysis(morseSymbolDoublesString);
const { warnings } = new AstAnalyser().analyse(morseSymbolDoublesString);

assert.strictEqual(warnings.length, 0);
});
Expand All @@ -48,7 +50,7 @@ test("should detect 'jjencode' obfuscation", () => {
new URL("jjencode.js", FIXTURE_URL),
"utf-8"
);
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.strictEqual(warnings.length, 1);
assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort());
Expand All @@ -60,7 +62,7 @@ test("should detect 'freejsobfuscator' obfuscation", () => {
new URL("freejsobfuscator.js", FIXTURE_URL),
"utf-8"
);
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.deepEqual(getWarningKind(warnings), [
"encoded-literal", "encoded-literal", "obfuscated-code"
Expand All @@ -73,7 +75,7 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", (
new URL("obfuscatorio-hexa.js", FIXTURE_URL),
"utf-8"
);
const { warnings } = runASTAnalysis(trycatch);
const { warnings } = new AstAnalyser().analyse(trycatch);

assert.strictEqual(warnings.length, 1);
assert.deepEqual(getWarningKind(warnings), [
Expand All @@ -83,15 +85,15 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", (
});

test("should not detect 'trojan-source' when providing safe control character", () => {
const { warnings } = runASTAnalysis(`
const { warnings } = new AstAnalyser().analyse(`
const simpleStringWithControlCharacters = "Its only a \u0008backspace";
`);

assert.deepEqual([...warnings], []);
});

test("should detect 'trojan-source' when there is one unsafe unicode control char", () => {
const { warnings } = runASTAnalysis(`
const { warnings } = new AstAnalyser().analyse(`
const role = "ROLE_ADMIN⁦" // Dangerous control char;
`);

Expand All @@ -100,8 +102,8 @@ test("should detect 'trojan-source' when there is one unsafe unicode control cha
assert.deepEqual(warnings[0].value, "trojan-source");
});

test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", async() => {
const { warnings } = await runASTAnalysisOnFile(
test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", () => {
const { warnings } = new AstAnalyser().analyseFileSync(
fileURLToPath(new URL("unsafe-unicode-chars.js", FIXTURE_URL))
);

Expand Down
Loading

0 comments on commit ba82a6f

Please sign in to comment.