diff --git a/.eslintignore b/.eslintignore deleted file mode 100644 index 14c5142..0000000 --- a/.eslintignore +++ /dev/null @@ -1,4 +0,0 @@ -test/fixtures -cases/ -temp.js -test/probes/fixtures/**/*.js \ No newline at end of file diff --git a/.eslintrc b/.eslintrc deleted file mode 100644 index 01822d8..0000000 --- a/.eslintrc +++ /dev/null @@ -1,7 +0,0 @@ -{ - "extends": "@nodesecure/eslint-config", - "parserOptions": { - "sourceType": "module", - "requireConfigFile": false - } -} diff --git a/eslint.config.mjs b/eslint.config.mjs new file mode 100644 index 0000000..ee395b6 --- /dev/null +++ b/eslint.config.mjs @@ -0,0 +1,19 @@ +import { ESLintConfig } from "@openally/config.eslint"; + +export default [ + { + ignores: [ + "**/test/fixtures/**/*", + "**/test/probes/fixtures/**/*.js" + ] + }, + ...ESLintConfig, + { + languageOptions: { + sourceType: "module", + parserOptions: { + requireConfigFile: false + } + } + } +]; diff --git a/package.json b/package.json index 2fd759e..56ef214 100644 --- a/package.json +++ b/package.json @@ -8,8 +8,7 @@ "node": ">=18.0.0" }, "scripts": { - "lint": "eslint src test", - "prepublishOnly": "pkg-ok", + "lint": "eslint src workspaces test", "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"", "test": "c8 --all --src ./src -r html npm run test-only", "check": "npm run lint && npm run test-only" @@ -54,13 +53,10 @@ "ts-pattern": "^5.0.6" }, "devDependencies": { - "@nodesecure/eslint-config": "^1.6.0", + "@openally/config.eslint": "^1.0.0", "@types/node": "^22.0.0", "c8": "^10.1.2", - "cross-env": "^7.0.3", - "eslint": "^9.0.0", "glob": "^11.0.0", - "iterator-matcher": "^2.1.0", - "pkg-ok": "^3.0.0" + "iterator-matcher": "^2.1.0" } } diff --git a/src/probes/isLiteral.js b/src/probes/isLiteral.js index 5a64f02..6a5d0fc 100644 --- a/src/probes/isLiteral.js +++ b/src/probes/isLiteral.js @@ -5,6 +5,7 @@ import { builtinModules } from "repl"; import { Hex } from "@nodesecure/sec-literal"; const kMapRegexIps = Object.freeze({ + // eslint-disable-next-line @stylistic/max-len regexIPv4: /^(https?:\/\/)(?!127\.)(?!.*:(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9])\.)(?!.*:(?:25[6-9])\.(?:25[6-9])\.(?:25[6-9])\.(?:0{1,3}|25[6-9]))((?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])(?::\d{1,5})?(\/[^\s]*)?$/, regexIPv6: /^(https?:\/\/)(\[[0-9A-Fa-f:]+\])(?::\d{1,5})?(\/[^\s]*)?$/ }); diff --git a/test/AstAnalyser.spec.js b/test/AstAnalyser.spec.js index 46aba65..fcae71a 100644 --- a/test/AstAnalyser.spec.js +++ b/test/AstAnalyser.spec.js @@ -351,7 +351,6 @@ describe("AstAnalyser", (t) => { }); }); - it("intialize should be called before finalize", async() => { const calls = []; @@ -461,7 +460,6 @@ describe("AstAnalyser", (t) => { }); }); - it("intialize should be called before finalize", () => { const calls = []; diff --git a/test/issues/109-html-comment-parsing.spec.js b/test/issues/109-html-comment-parsing.spec.js index 35b3f74..ac5772a 100644 --- a/test/issues/109-html-comment-parsing.spec.js +++ b/test/issues/109-html-comment-parsing.spec.js @@ -4,7 +4,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; // CONSTANTS const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url); @@ -12,7 +12,7 @@ const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url); // Regression test for https://github.com/NodeSecure/js-x-ray/issues/109 test("it should not crash for a JavaScript file containing HTML comments (and removeHTMLComments option enabled)", () => { const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8"); - runASTAnalysis(htmlComment, { + new AstAnalyser().analyse(htmlComment, { removeHTMLComments: true }); }); @@ -20,5 +20,5 @@ test("it should not crash for a JavaScript file containing HTML comments (and re test("it should crash for a JavaScript file containing HTML comments", (t) => { const htmlComment = readFileSync(new URL("html-comments.js", FIXTURE_URL), "utf-8"); - assert.throws(() => runASTAnalysis(htmlComment)); + assert.throws(() => new AstAnalyser().analyse(htmlComment)); }); diff --git a/test/issues/163-illegalReturnStatement.spec.js b/test/issues/163-illegalReturnStatement.spec.js index 27e80ec..4f00f75 100644 --- a/test/issues/163-illegalReturnStatement.spec.js +++ b/test/issues/163-illegalReturnStatement.spec.js @@ -3,7 +3,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; /** * @see https://github.com/NodeSecure/js-x-ray/issues/163 @@ -23,9 +23,9 @@ if (!argv.length) { test("it should not throw error whatever module is true or false", () => { assert.doesNotThrow(() => { - runASTAnalysis(kIncriminedCodeSample, { module: false }); + new AstAnalyser().analyse(kIncriminedCodeSample, { module: false }); }); assert.doesNotThrow(() => { - runASTAnalysis(kIncriminedCodeSample, { module: true }); + new AstAnalyser().analyse(kIncriminedCodeSample, { module: true }); }); }); diff --git a/test/issues/170-isOneLineRequire-logicalExpression-CJS-export.spec.js b/test/issues/170-isOneLineRequire-logicalExpression-CJS-export.spec.js index 3934ca1..23ba170 100644 --- a/test/issues/170-isOneLineRequire-logicalExpression-CJS-export.spec.js +++ b/test/issues/170-isOneLineRequire-logicalExpression-CJS-export.spec.js @@ -3,7 +3,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; const validTestCases = [ ["module.exports = require('fs') || require('constants');", ["fs", "constants"]], @@ -37,7 +37,7 @@ const validTestCases = [ test("it should return isOneLineRequire true given a single line CJS export with a valid assignment", () => { validTestCases.forEach((test) => { const [source, modules] = test; - const { dependencies, isOneLineRequire } = runASTAnalysis(source); + const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source); assert.ok(isOneLineRequire); assert.deepEqual([...dependencies.keys()], modules); @@ -60,7 +60,7 @@ const invalidTestCases = [ test("it should return isOneLineRequire false given a single line CJS export with illegal callees", () => { invalidTestCases.forEach((test) => { const [source, modules] = test; - const { dependencies, isOneLineRequire } = runASTAnalysis(source); + const { dependencies, isOneLineRequire } = new AstAnalyser().analyse(source); assert.ok(isOneLineRequire === false); assert.deepEqual([...dependencies.keys()], modules); diff --git a/test/issues/177-wrongUnsafeRequire.spec.js b/test/issues/177-wrongUnsafeRequire.spec.js index 0e70160..5867d9e 100644 --- a/test/issues/177-wrongUnsafeRequire.spec.js +++ b/test/issues/177-wrongUnsafeRequire.spec.js @@ -3,13 +3,13 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; /** * @see https://github.com/NodeSecure/js-x-ray/issues/177 */ test("should detect unsafe-import and unsafe-statement", () => { - const { warnings, dependencies } = runASTAnalysis(`const help = require('help-me')({ + const { warnings, dependencies } = new AstAnalyser().analyse(`const help = require('help-me')({ dir: path.join(__dirname, 'help'), ext: '.txt' })`); diff --git a/test/issues/178-path-join-literal-args-is-not-unsafe.spec.js b/test/issues/178-path-join-literal-args-is-not-unsafe.spec.js index 09b2f6c..1c23eb5 100644 --- a/test/issues/178-path-join-literal-args-is-not-unsafe.spec.js +++ b/test/issues/178-path-join-literal-args-is-not-unsafe.spec.js @@ -3,7 +3,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; /** * @see https://github.com/NodeSecure/js-x-ray/issues/178 @@ -15,7 +15,7 @@ const validTestCases = [ test("should not detect unsafe-import for path.join if every argument is a string literal", () => { validTestCases.forEach((test) => { - const { warnings, dependencies } = runASTAnalysis(test); + const { warnings, dependencies } = new AstAnalyser().analyse(test); assert.strictEqual(warnings.length, 0); assert.ok(dependencies.has("../bin.js")); @@ -31,7 +31,7 @@ const invalidTestCases = [ test("should detect unsafe-import of path.join if not every argument is a string literal", () => { invalidTestCases.forEach((test) => { - const { warnings } = runASTAnalysis(test); + const { warnings } = new AstAnalyser().analyse(test); assert.strictEqual(warnings.length, 1); }); diff --git a/test/issues/179-UnsafeEvalRequire.spec.js b/test/issues/179-UnsafeEvalRequire.spec.js index 3c36e54..efdc058 100644 --- a/test/issues/179-UnsafeEvalRequire.spec.js +++ b/test/issues/179-UnsafeEvalRequire.spec.js @@ -3,7 +3,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; /** * @see https://github.com/NodeSecure/js-x-ray/issues/179 @@ -14,7 +14,7 @@ const kWarningUnsafeImport = "unsafe-import"; const kWarningUnsafeStatement = "unsafe-stmt"; test("should detect unsafe-import and unsafe-statement", () => { - const sastAnalysis = runASTAnalysis(kIncriminedCodeSample); + const sastAnalysis = new AstAnalyser().analyse(kIncriminedCodeSample); assert.equal(sastAnalysis.warnings.at(0).value, "stream"); assert.equal(sastAnalysis.warnings.at(0).kind, kWarningUnsafeImport); diff --git a/test/issues/180-logicalexpr-return-this.spec.js b/test/issues/180-logicalexpr-return-this.spec.js index 9780f6a..e5644cc 100644 --- a/test/issues/180-logicalexpr-return-this.spec.js +++ b/test/issues/180-logicalexpr-return-this.spec.js @@ -3,13 +3,13 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; /** * @see https://github.com/NodeSecure/js-x-ray/issues/180 */ test("should detect required core 'http' with a LogicalExpr containing Function('return this')()", () => { - const { warnings, dependencies } = runASTAnalysis(` + const { warnings, dependencies } = new AstAnalyser().analyse(` var root = freeGlobal || freeSelf || Function('return this')(); const foo = root.require; foo("http"); diff --git a/test/issues/283-oneline-require-minified.spec.js b/test/issues/283-oneline-require-minified.spec.js index 4843168..640a16c 100644 --- a/test/issues/283-oneline-require-minified.spec.js +++ b/test/issues/283-oneline-require-minified.spec.js @@ -3,17 +3,17 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; // Regression test for https://github.com/NodeSecure/js-x-ray/issues/283 test("Given a one line require (with no module.exports) then isOneLineRequire must equal true", () => { - const { isOneLineRequire } = runASTAnalysis(`require('foo.js');`); + const { isOneLineRequire } = new AstAnalyser().analyse(`require('foo.js');`); assert.ok(isOneLineRequire); }); test("Given an empty code then isOneLineRequire must equal false", () => { - const { isOneLineRequire } = runASTAnalysis(``); + const { isOneLineRequire } = new AstAnalyser().analyse(``); assert.strictEqual(isOneLineRequire, false); }); diff --git a/test/issues/59-undefined-depName.spec.js b/test/issues/59-undefined-depName.spec.js index 0afc1dd..91c0655 100644 --- a/test/issues/59-undefined-depName.spec.js +++ b/test/issues/59-undefined-depName.spec.js @@ -3,7 +3,7 @@ import { readFileSync } from "node:fs"; import { test } from "node:test"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; // CONSTANTS const FIXTURE_URL = new URL("../fixtures/issues/", import.meta.url); @@ -14,5 +14,5 @@ test("it should not crash for prop-types", () => { new URL("prop-types.min.js", FIXTURE_URL), "utf-8" ); - runASTAnalysis(propTypes); + new AstAnalyser().analyse(propTypes); }); diff --git a/test/obfuscated.spec.js b/test/obfuscated.spec.js index 5b7b186..bafd3ce 100644 --- a/test/obfuscated.spec.js +++ b/test/obfuscated.spec.js @@ -5,7 +5,9 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis, runASTAnalysisOnFile } from "../index.js"; +import { + AstAnalyser +} from "../index.js"; import { getWarningKind } from "./utils/index.js"; // CONSTANTS @@ -13,7 +15,7 @@ const FIXTURE_URL = new URL("fixtures/obfuscated/", import.meta.url); test("should detect 'jsfuck' obfuscation", () => { const trycatch = readFileSync(new URL("jsfuck.js", FIXTURE_URL), "utf-8"); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.strictEqual(warnings.length, 1); assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort()); @@ -22,7 +24,7 @@ test("should detect 'jsfuck' obfuscation", () => { test("should detect 'morse' obfuscation", () => { const trycatch = readFileSync(new URL("morse.js", FIXTURE_URL), "utf-8"); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.strictEqual(warnings.length, 1); assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort()); @@ -31,14 +33,14 @@ test("should detect 'morse' obfuscation", () => { test("should not detect 'morse' obfuscation", () => { const trycatch = readFileSync(new URL("notMorse.js", FIXTURE_URL), "utf-8"); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.strictEqual(warnings.length, 0); }); test("should not detect 'morse' obfuscation for high number of doubles morse symbols", () => { const morseSymbolDoublesString = `const a = ${"'.' + '..' +".repeat(37)} '.'`; - const { warnings } = runASTAnalysis(morseSymbolDoublesString); + const { warnings } = new AstAnalyser().analyse(morseSymbolDoublesString); assert.strictEqual(warnings.length, 0); }); @@ -48,7 +50,7 @@ test("should detect 'jjencode' obfuscation", () => { new URL("jjencode.js", FIXTURE_URL), "utf-8" ); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.strictEqual(warnings.length, 1); assert.deepEqual(getWarningKind(warnings), ["obfuscated-code"].sort()); @@ -60,7 +62,7 @@ test("should detect 'freejsobfuscator' obfuscation", () => { new URL("freejsobfuscator.js", FIXTURE_URL), "utf-8" ); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.deepEqual(getWarningKind(warnings), [ "encoded-literal", "encoded-literal", "obfuscated-code" @@ -73,7 +75,7 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", ( new URL("obfuscatorio-hexa.js", FIXTURE_URL), "utf-8" ); - const { warnings } = runASTAnalysis(trycatch); + const { warnings } = new AstAnalyser().analyse(trycatch); assert.strictEqual(warnings.length, 1); assert.deepEqual(getWarningKind(warnings), [ @@ -83,7 +85,7 @@ test("should detect 'obfuscator.io' obfuscation (with hexadecimal generator)", ( }); test("should not detect 'trojan-source' when providing safe control character", () => { - const { warnings } = runASTAnalysis(` + const { warnings } = new AstAnalyser().analyse(` const simpleStringWithControlCharacters = "Its only a \u0008backspace"; `); @@ -91,7 +93,7 @@ test("should not detect 'trojan-source' when providing safe control character", }); test("should detect 'trojan-source' when there is one unsafe unicode control char", () => { - const { warnings } = runASTAnalysis(` + const { warnings } = new AstAnalyser().analyse(` const role = "ROLE_ADMINā¦" // Dangerous control char; `); @@ -100,8 +102,8 @@ test("should detect 'trojan-source' when there is one unsafe unicode control cha assert.deepEqual(warnings[0].value, "trojan-source"); }); -test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", async() => { - const { warnings } = await runASTAnalysisOnFile( +test("should detect 'trojan-source' when there is atleast one unsafe unicode control char", () => { + const { warnings } = new AstAnalyser().analyseFileSync( fileURLToPath(new URL("unsafe-unicode-chars.js", FIXTURE_URL)) ); diff --git a/test/probes/isLiteral.spec.js b/test/probes/isLiteral.spec.js index b9dedf9..4863854 100644 --- a/test/probes/isLiteral.spec.js +++ b/test/probes/isLiteral.spec.js @@ -24,7 +24,6 @@ test("should throw an unsafe-import because the hexadecimal string is equal to t assert.ok(calls[0].arguments.includes("http")); }); - test("should throw an encoded-literal warning because the hexadecimal value is equal to 'require'", (t) => { const str = "const _t = globalThis['72657175697265']"; const ast = parseScript(str); @@ -89,7 +88,6 @@ test("should detect shady link when an URL is bit.ly", () => { assert.strictEqual(warning.value, "http://bit.ly/foo"); }); - test("should detect shady link when an URL has a suspicious domain", () => { const str = "const foo = 'http://foobar.link'"; const ast = parseScript(str); @@ -100,7 +98,6 @@ test("should detect shady link when an URL has a suspicious domain", () => { assert.strictEqual(warning.value, "http://foobar.link"); }); - test("should not mark suspicious links the IPv4 address range 127.0.0.0/8 (localhost 127.0.0.1)", () => { const str = "const IPv4URL = ['http://127.0.0.1/script', 'http://127.7.7.7/script']"; const ast = parseScript(str); @@ -109,7 +106,6 @@ test("should not mark suspicious links the IPv4 address range 127.0.0.0/8 (local assert.ok(!sastAnalysis.warnings().length); }); - test("should not be considered suspicious a link with a raw IPv4 address 127.0.0.1 and a port", () => { const str = "const IPv4URL = 'http://127.0.0.1:80/script'"; const ast = parseScript(str); @@ -128,7 +124,6 @@ test("should detect the link as suspicious when a URL contains a raw IPv4 addres assert.strictEqual(warning.value, "http://77.244.210.247/burpcollaborator.txt"); }); - test("should detect suspicious links when a URL contains a raw IPv4 address with port", () => { const str = "const IPv4URL = 'http://77.244.210.247:8080/script'"; const ast = parseScript(str); diff --git a/test/probes/isWeakCrypto.spec.js b/test/probes/isWeakCrypto.spec.js index 1d9c311..2f162d8 100644 --- a/test/probes/isWeakCrypto.spec.js +++ b/test/probes/isWeakCrypto.spec.js @@ -4,7 +4,7 @@ import { test } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysis } from "../../index.js"; +import { AstAnalyser } from "../../index.js"; // Constants const FIXTURE_URL = new URL("fixtures/weakCrypto/", import.meta.url); @@ -15,7 +15,7 @@ test("it should report a warning in case of `createHash()` usage", as for (const fixtureFile of fixtureFiles) { const fixture = readFileSync(new URL(fixtureFile, fixturesDir), "utf-8"); - const { warnings: outputWarnings } = runASTAnalysis(fixture); + const { warnings: outputWarnings } = new AstAnalyser().analyse(fixture); const [firstWarning] = outputWarnings; assert.strictEqual(outputWarnings.length, 1); @@ -31,7 +31,7 @@ test("it should report a warning in case of `[expression]createHash() for (const fixtureFile of fixtureFiles) { const fixture = readFileSync(new URL(fixtureFile, fixturesDir), "utf-8"); - const { warnings: outputWarnings } = runASTAnalysis(fixture); + const { warnings: outputWarnings } = new AstAnalyser().analyse(fixture); const [firstWarning] = outputWarnings; assert.strictEqual(outputWarnings.length, 1); @@ -46,7 +46,7 @@ test("it should NOT report a warning in case of `[expression]createHash('sha256' import crypto from 'crypto'; crypto.createHash('sha256'); `; - const { warnings: outputWarnings } = runASTAnalysis(code); + const { warnings: outputWarnings } = new AstAnalyser().analyse(code); assert.strictEqual(outputWarnings.length, 0); }); @@ -58,7 +58,7 @@ test("it should NOT report a warning if crypto.createHash is not imported", () = } crypto.createHash('md5'); `; - const { warnings: outputWarnings } = runASTAnalysis(code); + const { warnings: outputWarnings } = new AstAnalyser().analyse(code); assert.strictEqual(outputWarnings.length, 0); }); diff --git a/test/runASTAnalysis.spec.js b/test/runASTAnalysis.spec.js index c9b29fa..bea68ca 100644 --- a/test/runASTAnalysis.spec.js +++ b/test/runASTAnalysis.spec.js @@ -17,10 +17,10 @@ it("should call AstAnalyser.analyse with the expected arguments", (t) => { t.mock.method(AstAnalyser.prototype, "analyse"); const source = "const http = require(\"http\");"; - runASTAnalysis(source, { module: true, removeHTMLComments: true }); + new AstAnalyser().analyse(source, { module: true, removeHTMLComments: true }); const source2 = "const fs = require(\"fs\");"; - runASTAnalysis(source2, { module: false, removeHTMLComments: false }); + new AstAnalyser().analyse(source2, { module: false, removeHTMLComments: false }); const calls = AstAnalyser.prototype.analyse.mock.calls; assert.strictEqual(calls.length, 2); @@ -33,10 +33,12 @@ it("should instantiate AstAnalyser with the expected parser", (t) => { t.mock.method(JsSourceParser.prototype, "parse"); t.mock.method(FakeSourceParser.prototype, "parse"); - runASTAnalysis("const http = require(\"http\");", { module: true, removeHTMLComments: true }); + new AstAnalyser().analyse("const http = require(\"http\");", { module: true, removeHTMLComments: true }); - runASTAnalysis("const fs = require(\"fs\");", - { module: false, removeHTMLComments: false, customParser: new FakeSourceParser() } + new AstAnalyser({ + customParser: new FakeSourceParser() + }).analyse("const fs = require(\"fs\");", + { module: false, removeHTMLComments: false } ); assert.strictEqual(JsSourceParser.prototype.parse.mock.calls.length, 1); @@ -44,14 +46,13 @@ it("should instantiate AstAnalyser with the expected parser", (t) => { }); it("should append list of probes using runASTAnalysis", () => { - const result = runASTAnalysis( - kIncriminedCodeSampleCustomProbe, + const result = new AstAnalyser( { parser: new JsSourceParser(), customProbes, skipDefaultProbes: false } - ); + ).analyse(kIncriminedCodeSampleCustomProbe); assert.equal(result.warnings[0].kind, kWarningUnsafeDanger); assert.equal(result.warnings[1].kind, kWarningUnsafeImport); @@ -60,14 +61,13 @@ it("should append list of probes using runASTAnalysis", () => { }); it("should replace list of probes using runASTAnalysis", () => { - const result = runASTAnalysis( - kIncriminedCodeSampleCustomProbe, + const result = new AstAnalyser( { parser: new JsSourceParser(), customProbes, skipDefaultProbes: true } - ); + ).analyse(kIncriminedCodeSampleCustomProbe); assert.equal(result.warnings[0].kind, kWarningUnsafeDanger); assert.equal(result.warnings.length, 1); diff --git a/test/runASTAnalysisOnFile.spec.js b/test/runASTAnalysisOnFile.spec.js index 8648836..d44f0cc 100644 --- a/test/runASTAnalysisOnFile.spec.js +++ b/test/runASTAnalysisOnFile.spec.js @@ -3,9 +3,17 @@ import { it } from "node:test"; import assert from "node:assert"; // Import Internal Dependencies -import { runASTAnalysisOnFile, AstAnalyser, JsSourceParser } from "../index.js"; +import { + AstAnalyser, + JsSourceParser +} from "../index.js"; import { FakeSourceParser } from "./fixtures/FakeSourceParser.js"; -import { customProbes, kWarningUnsafeDanger, kWarningUnsafeImport, kWarningUnsafeStmt } from "./utils/index.js"; +import { + customProbes, + kWarningUnsafeDanger, + kWarningUnsafeImport, + kWarningUnsafeStmt +} from "./utils/index.js"; // CONSTANTS const FIXTURE_URL = new URL("fixtures/searchRuntimeDependencies/", import.meta.url); @@ -14,13 +22,13 @@ it("should call AstAnalyser.analyseFile with the expected arguments", async(t) = t.mock.method(AstAnalyser.prototype, "analyseFile"); const url = new URL("depName.js", FIXTURE_URL); - await runASTAnalysisOnFile( + await new AstAnalyser().analyseFile( url, { module: false, packageName: "foobar" } ); const url2 = new URL("parsingError.js", FIXTURE_URL); - await runASTAnalysisOnFile( + await new AstAnalyser().analyseFile( url, { module: true, packageName: "foobar2" } ); @@ -36,14 +44,16 @@ it("should instantiate AstAnalyser with the expected parser", async(t) => { t.mock.method(JsSourceParser.prototype, "parse"); t.mock.method(FakeSourceParser.prototype, "parse"); - await runASTAnalysisOnFile( + await new AstAnalyser().analyseFile( new URL("depName.js", FIXTURE_URL), { module: false, packageName: "foobar" } ); - await runASTAnalysisOnFile( + await new AstAnalyser( + { customParser: new FakeSourceParser() } + ).analyseFile( new URL("parsingError.js", FIXTURE_URL), - { module: true, packageName: "foobar2", customParser: new FakeSourceParser() } + { module: true, packageName: "foobar2" } ); assert.strictEqual(JsSourceParser.prototype.parse.mock.calls.length, 1); @@ -51,14 +61,13 @@ it("should instantiate AstAnalyser with the expected parser", async(t) => { }); it("should append list of probes using runASTAnalysisOnFile", async() => { - const result = await runASTAnalysisOnFile( - new URL("customProbe.js", FIXTURE_URL), + const result = await new AstAnalyser( { parser: new JsSourceParser(), customProbes, skipDefaultProbes: false } - ); + ).analyseFile(new URL("customProbe.js", FIXTURE_URL)); assert.equal(result.warnings[0].kind, kWarningUnsafeDanger); assert.equal(result.warnings[1].kind, kWarningUnsafeImport); @@ -67,14 +76,13 @@ it("should append list of probes using runASTAnalysisOnFile", async() => { }); it("should replace list of probes using runASTAnalysisOnFile", async() => { - const result = await runASTAnalysisOnFile( - new URL("customProbe.js", FIXTURE_URL), + const result = await new AstAnalyser( { parser: new JsSourceParser(), customProbes, skipDefaultProbes: true } - ); + ).analyseFile(new URL("customProbe.js", FIXTURE_URL)); assert.equal(result.warnings[0].kind, kWarningUnsafeDanger); assert.equal(result.warnings.length, 1); diff --git a/workspaces/estree-ast-utils/package.json b/workspaces/estree-ast-utils/package.json index ce3d1cd..216a4ce 100644 --- a/workspaces/estree-ast-utils/package.json +++ b/workspaces/estree-ast-utils/package.json @@ -7,9 +7,8 @@ "types": "./src/index.d.ts", "scripts": { "lint": "eslint src test", - "prepublishOnly": "pkg-ok", "test": "node --test", - "check": "cross-env npm run lint && npm run test", + "check": "npm run lint && npm run test", "coverage": "c8 -r html npm test" }, "repository": { diff --git a/workspaces/sec-literal/package.json b/workspaces/sec-literal/package.json index ce786fd..ff39d69 100644 --- a/workspaces/sec-literal/package.json +++ b/workspaces/sec-literal/package.json @@ -6,9 +6,9 @@ "private": false, "type": "module", "scripts": { - "lint": "eslint --ext .js", + "lint": "eslint src", "test-only": "node --test", - "test": "cross-env npm run lint && npm run test-only" + "test": "npm run lint && npm run test-only" }, "repository": { "type": "git", diff --git a/workspaces/sec-literal/test/patterns.spec.js b/workspaces/sec-literal/test/patterns.spec.js index 748dc4f..fc1271c 100644 --- a/workspaces/sec-literal/test/patterns.spec.js +++ b/workspaces/sec-literal/test/patterns.spec.js @@ -9,28 +9,39 @@ import { commonHexadecimalPrefix } from "../src/patterns.js"; - describe("commonStringPrefix()", () => { test("must return null for two strings that have no common prefix", () => { - assert.strictEqual(commonStringPrefix("boo", "foo"), null, - "there is no common prefix between 'boo' and 'foo' so the result must be null"); + assert.strictEqual( + commonStringPrefix("boo", "foo"), + null, + "there is no common prefix between 'boo' and 'foo' so the result must be null" + ); }); test("should return the common prefix for strings with a shared prefix", () => { - assert.strictEqual(commonStringPrefix("bromance", "brother"), "bro", - "the common prefix between bromance and brother must be 'bro'."); + assert.strictEqual( + commonStringPrefix("bromance", "brother"), + "bro", + "the common prefix between bromance and brother must be 'bro'." + ); }); }); describe("commonStringSuffix()", () => { test("must return the common suffix for the two strings with a shared suffix", () => { - assert.strictEqual(commonStringSuffix("boo", "foo"), "oo", - "the common suffix between boo and foo must be 'oo'"); + assert.strictEqual( + commonStringSuffix("boo", "foo"), + "oo", + "the common suffix between boo and foo must be 'oo'" + ); }); test("must return null for two strings with no common suffix", () => { - assert.strictEqual(commonStringSuffix("bromance", "brother"), null, - "there is no common suffix between 'bromance' and 'brother' so the result must be null"); + assert.strictEqual( + commonStringSuffix("bromance", "brother"), + null, + "there is no common suffix between 'bromance' and 'brother' so the result must be null" + ); }); }); diff --git a/workspaces/sec-literal/test/utils.spec.js b/workspaces/sec-literal/test/utils.spec.js index dc0d3b6..aa4c4ad 100644 --- a/workspaces/sec-literal/test/utils.spec.js +++ b/workspaces/sec-literal/test/utils.spec.js @@ -1,5 +1,3 @@ -/* eslint-disable max-len */ - // Import Node.js Dependencies import { randomBytes } from "node:crypto"; import { test } from "node:test"; @@ -9,8 +7,11 @@ import assert from "node:assert"; import { stringCharDiversity, isSvg, isSvgPath, stringSuspicionScore } from "../src/utils.js"; test("stringCharDiversity must return the number of unique chars in a given string", () => { - assert.strictEqual(stringCharDiversity("helloo!"), 5, - "the following string 'helloo!' contains five unique chars: h, e, l, o and !"); + assert.strictEqual( + stringCharDiversity("helloo!"), + 5, + "the following string 'helloo!' contains five unique chars: h, e, l, o and !" + ); }); test("stringCharDiversity must return the number of unique chars in a given string (but with exclusions of given chars)", () => { @@ -40,7 +41,11 @@ test("isSvgPath must return true when we give a valid svg path and false when th assert.strictEqual(isSvgPath("M150 0 L75 200 L225 200 Z"), true); assert.strictEqual(isSvgPath("M150"), false, "the length of an svg path must be always higher than four characters"); assert.strictEqual(isSvgPath("hello world!"), false); - assert.strictEqual(isSvgPath(10), false, "isSvgPath argument must always return false for anything that is not a string primitive"); + assert.strictEqual( + isSvgPath(10), + false, + "isSvgPath argument must always return false for anything that is not a string primitive" + ); }); test("stringSuspicionScore must always return 0 if the string length if below 45", () => { @@ -58,7 +63,8 @@ test("stringSuspicionScore must return one if the str is between 45 and 200 char assert.strictEqual(stringSuspicionScore(randomStrWithNoSpaces), 1); }); -test("stringSuspicionScore must return zero if the str is between 45 and 200 chars and has at least one space in the first 45 chars", () => { +test(`stringSuspicionScore must return zero if the str is between 45 and 200 char + and has at least one space in the first 45 chars`, () => { const randomStrWithSpaces = randomBytes(10).toString("hex") + " -_- " + randomBytes(30).toString("hex"); assert.strictEqual(stringSuspicionScore(randomStrWithSpaces), 0); diff --git a/workspaces/ts-source-parser/package.json b/workspaces/ts-source-parser/package.json index 2b706e9..2c21120 100644 --- a/workspaces/ts-source-parser/package.json +++ b/workspaces/ts-source-parser/package.json @@ -7,10 +7,9 @@ "types": "./index.d.ts", "scripts": { "lint": "eslint src test", - "prepublishOnly": "pkg-ok", "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"", "test": "c8 --all --src ./src -r html npm run test-only", - "check": "cross-env npm run lint && npm run test" + "check": "npm run lint && npm run test" }, "repository": { "type": "git",