js

package

v0.1.16 Latest Latest Go to latest Published: Jun 1, 2026 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-appsec/toolbox

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AnalyzeHTMLEndpoint(src []byte, id string) (*protocol.JSEndpointResponse, bool)
func AnalyzeJSEndpoint(src []byte, id string) (*protocol.JSEndpointResponse, bool)
func ClassifyURL(rawURL string) (host, path string)
func EndpointID(method, url string) string
func IsAsset(u string) bool
func StripQuery(p string) string
type Extracted
type HTMLScripts
- func ParseHTMLScripts(src []byte) HTMLScripts
type Result
- func AnalyzeHTML(src []byte) Result
- func AnalyzeJS(src []byte) Result

Constants ¶

View Source

const (
	SourceJavaScript = "javascript"
	SourceHTMLInline = "html-inline"
	SourceHTML       = "html"
)

Source labels for the response.

Variables ¶

This section is empty.

Functions ¶

func AnalyzeHTMLEndpoint ¶

func AnalyzeHTMLEndpoint(src []byte, id string) (*protocol.JSEndpointResponse, bool)

AnalyzeHTMLEndpoint re-extracts the inline scripts of an HTML body and returns the detail for the endpoint matching id, or (nil, false) when no call site matches.

func AnalyzeJSEndpoint ¶

func AnalyzeJSEndpoint(src []byte, id string) (*protocol.JSEndpointResponse, bool)

AnalyzeJSEndpoint re-extracts a JavaScript body and returns the detail for the endpoint matching id, or (nil, false) when no call site matches.

func ClassifyURL ¶

func ClassifyURL(rawURL string) (host, path string)

ClassifyURL returns the host and path+query of an HTTP-shaped URL, or ("", "") for unsupported shapes. Fragments are dropped.

func EndpointID ¶

func EndpointID(method, url string) string

EndpointID returns the deterministic detail handle for an endpoint, derived from its method and URL (the dedup key). The same (method, url) always yields the same id.

func IsAsset ¶

func IsAsset(u string) bool

IsAsset reports whether u points at a static bundler asset rather than an API endpoint.

func StripQuery ¶

func StripQuery(p string) string

StripQuery returns p with the query string removed.

Types ¶

type Extracted ¶

type Extracted struct {
	Endpoints  []protocol.ExtractedEndpoint
	Routes     []protocol.ExtractedRoute
	SourceMaps []string
}

Extracted is the raw, pre-dedup output of a single source pass.

type HTMLScripts ¶

type HTMLScripts struct {
	Inline   [][]byte
	External []string
}

HTMLScripts holds the inline blocks and external src URLs extracted from HTML.

func ParseHTMLScripts ¶

func ParseHTMLScripts(src []byte) HTMLScripts

ParseHTMLScripts walks the HTML document and returns inline <script> bodies and external <script src=...> URLs. Inline blocks are returned in document order so the caller can parse them independently.

type Result ¶

type Result struct {
	Source       string
	ScriptBlocks int
	ParseErrors  int
	Endpoints    []protocol.ExtractedEndpoint
	Routes       []protocol.ExtractedRoute
	Secrets      []protocol.ExtractedSecret
	ScriptSrc    []string
	SourceMaps   []string
	Warnings     []string
}

Result is the deduplicated extraction plus parse-state metadata.

func AnalyzeHTML ¶

func AnalyzeHTML(src []byte) Result

AnalyzeHTML extracts inline <script> blocks and external <script src=...> URLs from src.

func AnalyzeJS ¶

func AnalyzeJS(src []byte) Result

AnalyzeJS analyzes a JavaScript bundle body.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL