-
Notifications
You must be signed in to change notification settings - Fork 47
/
Copy pathscanner.js
92 lines (83 loc) · 3.02 KB
/
scanner.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*jshint node:true*/
// This script is for using scanjs server side
var fs = require('fs');
var path = require('path');
var beautify = require('js-beautify').js_beautify;
global.acorn = require(__dirname + '/client/js/lib/acorn.js');
acorn.walk = require('acorn/util/walk.js');
var ScanJS = require(__dirname + '/common/scan');
var signatures = JSON.parse(fs.readFileSync(__dirname + "/common/rules.json", "utf8"));
ScanJS.loadRules(signatures);
var argv = require('optimist').usage('Usage: $node scan.js -t [path/to/app] -o [resultFile.json]').demand(['t']).argv;
var dive = function(dir, action) {
if( typeof action !== 'function') {
action = function(error, file) {
console.log(">" + file)
};
}
list = fs.readdirSync(dir);
list.forEach(function(file) {
var fullpath = dir + '/' + file;
try {
var stat = fs.statSync(fullpath);
} catch(e) {
console.log("SKIPPING FILE: Could not stat " + fullpath);
}
if(stat && stat.isDirectory()) {
dive(fullpath, action);
} else {
action(file, fullpath);
}
});
};
var writeReport = function(results, name) {
if(fs.existsSync(name)) {
console.log("Error:output file already exists (" + name + "). Supply a different name using: -o [filename]")
}
fs.writeFile(name, JSON.stringify(results), function(err) {
if(err) {
console.log(err);
} else {
console.log("The scan results were saved to " + name);
}
});
};
if( typeof process != 'undefined' && process.argv[2]) {
results = {};
reportname = argv.o ? argv.o : 'scanresults';
reportdir = reportname + "_files";
if(fs.existsSync(reportname) || fs.existsSync(reportdir)) {
console.log("Error:output file or dir already exists (" + reportname + "). Supply a different name using: -o [filename]")
}
else {
fs.mkdirSync(reportdir);
dive(argv.t, function(file, fullpath) {
var ext = path.extname(file.toString());
if(ext == '.js') {
var content = fs.readFileSync(fullpath, 'utf8');
//beautify source so result snippet is meaningful
var content = beautify(content, { indent_size: 2 })
var scanresult = ScanJS.scan(content, fullpath);
if (scanresult.type == 'error') {
console.log("SKIPPING FILE: Error in "+ fullpath+", at Line "+ scanresult.error.loc.line +", Column "+scanresult.error.loc.column+ ": " + scanresult.error.message);
}
results[fullpath] = scanresult;
}
});
// Flatten report file to remove files with no findings and tests with no results (i.e. empty arr)
// TODO: Don't even store empty unless --overly-verbose or so..
for (var testedFile in results) {
for (var testCase in results[testedFile]) {
if (results[testedFile][testCase].length == 0) {
delete(results[testedFile][testCase]);
}
}
if (Object.keys(results[testedFile]).length == 0) {
delete(results[testedFile]);
}
}
writeReport(results, reportname + '.JSON');
}
} else {
console.log('usage: $ node scan.js path/to/app ')
}