NodeSecure
feat(customProbes): inject custom probes as param for AstAnalyser
fix https://github.com/NodeSecure/js-x-ray/issues/221
(WIP) Inject custom probes as param for AstAnalyser
const { AstAnalyser, JsSourceParser } = require("@nodesecure/js-x-ray");
new AstAnalyser({
parser: new JsSourceParser(),
probes: [
// Any valid probe object here
}
});
Allow developers to inject new custom probe using the AstAnalyser
Purpose of this PR is to propose a fix/feat for the issue https://github.com/NodeSecure/js-x-ray/issues/221 by modifying the constructor of some of the relevant class such as (ProbeRunner, ASTAnalyzer, SourceFile) :
- [ ] code
- [ ] tests
- [ ] docs
I tried to keep it as simple as possible without modifying that much what was already done (i haven't change the ProbeRunner instanciation from SourceFile), but I'm open to suggestion.
Note that this is still a WIP and I need to add more relevant tests and improve my code
Don't hesitate to give any feedback/suggestion/proposition to improve this PR
Result after (yes this probe below is perfectible ahah) :
const kIncriminedCodeSample = "const danger = 'danger';";
const customProbes = [
{
name: "customProbeUnsafeDanger",
validateNode: (node, sourceFile) => [true]
,
main: (node, options) => {
const { sourceFile, data: calleeName } = options;
if (node.declarations[0].init.value === "danger") {
sourceFile.addWarning("unsafe-danger", calleeName, node.loc);
return ProbeSignals.Skip;
}
return null;
}
}
];
const analyser = new AstAnalyser(new JsSourceParser(), customProbes);
const result = analyser.analyse(kIncriminedCodeSample);
console.log(result);
➜ js-x-ray git:(fix/221) ✗ node example.js
{
idsLengthAvg: 0,
stringScore: 0,
warnings: [ { kind: 'unsafe-danger', location: [Array], source: 'JS-X-Ray' } ],
dependencies: Map(0) {},
isOneLineRequire: false
}
