Documentation
¶
Overview ¶
Package javascript - express.go provides Express.js framework input patterns
Package javascript - fastify.go provides Fastify framework input patterns ¶
Package javascript - frameworks.go provides JavaScript framework pattern registry and universal patterns All JavaScript framework patterns should be registered here
Package javascript - koa.go provides Koa.js framework input patterns ¶
Package javascript - nestjs.go provides NestJS framework input patterns ¶
Package javascript provides centralized JavaScript patterns for semantic analysis
Index ¶
- Variables
- func BuildThisPropertyAssignPattern(paramName string) *regexp.Regexp
- func ExtractBracketKey(expr string) string
- func ExtractDotProperty(expr string) string
- func ExtractMapKey(expr string) string
- func GetAllPatterns() []*common.FrameworkPattern
- func GetPatternByID(id string) *common.FrameworkPattern
- func GetPatternsByFramework(framework string) []*common.FrameworkPattern
- func IsDOMSource(expr string) bool
- func IsInputMethod(methodName string) bool
- func IsInputMethodCall(expr string) bool
- func IsInputObject(objectName string) bool
- func IsInputProperty(propertyName string) bool
- func IsInputPropertyAccess(expr string) bool
- func IsNetworkResponse(expr string) bool
- type Matcher
- type TypeScriptMatcher
Constants ¶
This section is empty.
Variables ¶
var ( // InputMethodPattern matches method names that ALWAYS indicate user input // e.g., get, json, text, param, params, query, body, headers, cookies InputMethodPattern = regexp.MustCompile(`(?i)^(get|json|text|param|params|query|body|headers?|cookies?|all)$`) // InputPropertyPattern matches property names that typically hold user input // e.g., body, query, params, headers, cookies, value, search, hash InputPropertyPattern = regexp.MustCompile(`(?i)^(body|query|params?|headers?|cookies?|value|search|hash|href|response(Text|XML)?)$`) // InputObjectPattern matches object/variable names that suggest an input carrier // e.g., req, request, ctx, context, event InputObjectPattern = regexp.MustCompile(`(?i)^(req|request|ctx|context|event|xhr|params|searchParams)$`) // DOMSourcePattern matches DOM properties that are user-controllable DOMSourcePattern = regexp.MustCompile(`(?i)(location\.(search|hash|href)|document\.(cookie|URL|referrer)|\.value\b)`) // NetworkResponsePattern matches network response properties NetworkResponsePattern = regexp.MustCompile(`(?i)(response(Text|XML)?|\.json\(\)|\.text\(\))`) )
Universal patterns for detecting input across ANY JavaScript framework
var ( // MapGetPattern matches .get('key') or .get("key") // Used to extract keys from Map/object .get() calls MapGetPattern = regexp.MustCompile(`\.get\(['"](\w+)['"]\)`) // BracketPropertyPattern matches ['key'] or ["key"] at start of string // Used to extract property names from bracket notation BracketPropertyPattern = regexp.MustCompile(`^\[['"](\w+)['"]\]`) // DotPropertyPattern matches .property at start of string // Used to extract property names from dot notation DotPropertyPattern = regexp.MustCompile(`^\.(\w+)`) // ThisPropertyAssignPattern matches this.property = ... // Used to detect constructor parameter flow to properties ThisPropertyAssignPattern = regexp.MustCompile(`this\.(\w+)\s*=`) )
var Definitions = getDefinitions("javascript")
Definitions contains the source definitions for JavaScript.
var InputMethodPatterns = []string{
".get(",
".getAll(",
".json(",
".text(",
".formData(",
".blob(",
".arrayBuffer(",
".get(",
".getAll(",
".readFile(",
".readFileSync(",
".read(",
".readSync(",
".question(",
}
InputMethodPatterns contains universal method call patterns These match .method() calls that return user input
var InputPropertyPatterns = []string{
".body",
".query",
".params",
".headers",
".cookies",
".value",
".search",
".hash",
".href",
".cookie",
".referrer",
".response",
".responseText",
".responseXML",
}
InputPropertyPatterns contains universal property access patterns These match .property access on input objects
var Registry = common.NewFrameworkPatternRegistry("javascript")
Registry is the global JavaScript framework pattern registry
var TypeScriptDefinitions = getDefinitions("typescript")
TypeScriptDefinitions contains the source definitions for TypeScript.
Functions ¶
func BuildThisPropertyAssignPattern ¶
BuildThisPropertyAssignPattern creates a pattern for this.property = ... paramName
func ExtractBracketKey ¶
ExtractBracketKey extracts the key from bracket notation ['key']
func ExtractDotProperty ¶
ExtractDotProperty extracts property name from .property notation
func ExtractMapKey ¶
ExtractMapKey extracts the key from a .get('key') expression
func GetAllPatterns ¶
func GetAllPatterns() []*common.FrameworkPattern
GetAllPatterns returns all registered framework patterns
func GetPatternByID ¶
func GetPatternByID(id string) *common.FrameworkPattern
GetPatternByID returns a pattern by its ID
func GetPatternsByFramework ¶
func GetPatternsByFramework(framework string) []*common.FrameworkPattern
GetPatternsByFramework returns patterns for a specific framework
func IsDOMSource ¶
IsDOMSource checks if an expression accesses a DOM source
func IsInputMethod ¶
IsInputMethod checks if a method name always indicates user input
func IsInputMethodCall ¶
IsInputMethodCall checks if an expression matches an input method pattern
func IsInputObject ¶
IsInputObject checks if a variable/object name suggests an input carrier
func IsInputProperty ¶
IsInputProperty checks if a property name typically holds user input
func IsInputPropertyAccess ¶
IsInputPropertyAccess checks if an expression matches an input property pattern
func IsNetworkResponse ¶
IsNetworkResponse checks if an expression accesses a network response
Types ¶
type Matcher ¶
type Matcher struct {
*common.BaseMatcher
}
Matcher matches JavaScript user input sources
type TypeScriptMatcher ¶
type TypeScriptMatcher struct {
*common.BaseMatcher
}
TypeScriptMatcher matches TypeScript user input sources (same as JavaScript)
func NewTypeScriptMatcher ¶
func NewTypeScriptMatcher() *TypeScriptMatcher
NewTypeScriptMatcher creates a new TypeScript source matcher
Source Files