javascript

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

scope resolution implementation for JS and TS files

Index

Constants

This section is empty.

Variables

View Source 
var DataFlowAnalyzer = &analysis.Analyzer{
	Name:        "data_flow_analyzer",
	Language:    analysis.LangJs,
	Description: "Create a Data Flow Graph for a javascript file",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityCritical,
	Run:         createDataFlowGraph,
	ResultType:  reflect.TypeOf(&DataFlowGraph{}),
	Requires:    []*analysis.Analyzer{ScopeAnalyzer},
}
View Source 
var NoDoubleEq *analysis.Analyzer = &analysis.Analyzer{
	Name:        "no-double-eq",
	Language:    analysis.LangJs,
	Description: "This checker checks for the usage of '==' in JavaScript code. It reports an issue if '==' is used for comparison. It suggests using '===' instead.",
	Category:    analysis.CategoryBugRisk,
	Severity:    analysis.SeverityWarning,
	Run:         noDoubleEq,
}
View Source 
var NoExec = &analysis.Analyzer{
	Name:        "no_exec",
	Language:    analysis.LangJs,
	Description: "No prompt",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityCritical,
	Requires:    []*analysis.Analyzer{DataFlowAnalyzer},
	Run:         detectExecOnUserInput,
}
View Source 
var SQLInjection = &analysis.Analyzer{
	Name:        "sql_injection",
	Language:    analysis.LangJs,
	Description: "Using raw SQL queries with unvalidated input can lead to SQL injection vulnerabilities",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityCritical,
	Run:         detectSQLInjection,
}
View Source 
var ScopeAnalyzer = &analysis.Analyzer{
	Name:       "js-scope",
	ResultType: reflect.TypeOf(&analysis.ScopeTree{}),
	Run:        buildScopeTree,
	Language:   analysis.LangJs,
}
View Source 
var Sha1 = &analysis.Analyzer{
	Name:        "sha1_detector",
	Language:    analysis.LangJs,
	Description: "Avoid using SHA1 for cryptographic purposes",
	Category:    analysis.CategorySecurity,
	Severity:    analysis.SeverityWarning,
	Requires:    []*analysis.Analyzer{DataFlowAnalyzer},
	Run:         detectSha1Usage,
}
View Source 
var UnusedImport = &analysis.Analyzer{
	Name:        "unused-import",
	Requires:    []*analysis.Analyzer{ScopeAnalyzer},
	Run:         checkUnusedImports,
	Language:    analysis.LangJs,
	Description: "This checker checks for unused imports in JavaScript code. Unused imports can be removed to reduce the size of the bundle. Unused imports are also a code smell and can indicate that the code is not well-organized.",
	Category:    analysis.CategoryAntipattern,
	Severity:    analysis.SeverityInfo,
}

Functions

This section is empty.

Types

type ClassDefinition added in v0.7.1 

type ClassDefinition struct {
	Node       *sitter.Node
	Properties []*analysis.Variable
	Methods    []*FunctionDefinition
	Scope      *analysis.Scope
}

type DataFlowGraph added in v0.7.1 

type DataFlowGraph struct {
	Graph     map[*analysis.Variable]*DataFlowNode
	ScopeTree *analysis.ScopeTree
	FuncDefs  map[string]*FunctionDefinition
	ClassDefs map[*analysis.Variable]*ClassDefinition
}

type DataFlowNode added in v0.7.1 

type DataFlowNode struct {
	Node     *sitter.Node
	Sources  []*DataFlowNode
	Scope    *analysis.Scope
	Variable *analysis.Variable // Tracking variable instead of the varName helps in handling scope
	FuncDef  *FunctionDefinition
}

DataFlowNode represents a node in our data flow graph

type FunctionDefinition added in v0.7.1 

type FunctionDefinition struct {
	Node       *sitter.Node
	Parameters []*analysis.Variable
	Body       *sitter.Node
	Scope      *analysis.Scope
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.