fluidasserts.lang.javascript module

This module allows to check JavaScript code vulnerabilities.

fluidasserts.lang.javascript.has_if_without_else(js_dest, conditions, use_regex=False, exclude=None)

Check if all ifs have an else clause.

See REQ.161.

Parameters
  • js_dest (str) – Path to a JavaScript source file or package.

  • conditions (list) – List of texts between parentheses of the if (condition) statement.

  • use_regex (bool) – Use regular expressions instead of literals to search.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.has_insecure_randoms(js_dest, exclude=None)

Check if code uses Math.Random().

See REQ.224.

Parameters
  • js_dest (str) – Path to a JavaScript source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.has_switch_without_default(js_dest, exclude=None)

Check if all switches have a default clause.

See REQ.161.

See CWE-478.

Parameters
  • js_dest (str) – Path to a JavaScript source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.swallows_exceptions(js_dest, exclude=None)

Search for catch blocks that are empty or only have comments.

See REQ.161.

See CWE-391.

Parameters
  • js_dest (str) – Path to a JavaScript source file or package.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.uses_console_log(js_dest, exclude=None)

Search for console.log() calls in a JavaScript file or directory.

Parameters
  • js_dest (str) – Path to a JavaScript source file or directory.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.uses_eval(js_dest, exclude=None)

Search for eval() calls in a JavaScript file or directory.

Parameters
  • js_dest (str) – Path to a JavaScript source file or directory.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result

fluidasserts.lang.javascript.uses_localstorage(js_dest, exclude=None)

Search for localStorage calls in a JavaScript source file or directory.

Parameters
  • js_dest (str) – Path to a JavaScript source file or directory.

  • exclude (typing.Optional[list]) – Paths that contains any string from this list are ignored.

Return type

fluidasserts.Result