Skip to content

Commit f037105

Browse files
clemgbldfraxken
clemgbld
and
fraxken
authored
feat(probes): isLiteral detect api.ipify.org with shady link (#389)
* feat(probes): isLiteral detect api.ipify.org with shady link * Update workspaces/js-x-ray/test/probes/isLiteral.spec.ts Co-authored-by: Thomas.G <gentilhomme.thomas@gmail.com> --------- Co-authored-by: Thomas.G <gentilhomme.thomas@gmail.com>
1 parent 4d097cc commit f037105

File tree

3 files changed

+36
-46
lines changed

3 files changed

+36
-46
lines changed

.changeset/seven-tools-spend.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
"@nodesecure/js-x-ray": minor
3+
---
4+
5+
feat(probes): isLiteral detect api.ipify.org with shady link

workspaces/js-x-ray/src/probes/isLiteral.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ const kNodeDeps = new Set(builtinModules);
2121
const kShadyLinkRegExps = [
2222
kMapRegexIps.regexIPv4,
2323
kMapRegexIps.regexIPv6,
24-
/(http[s]?:\/\/(bit\.ly|ipinfo\.io|httpbin\.org).*)$/,
24+
/(http[s]?:\/\/(bit\.ly|ipinfo\.io|httpbin\.org|api\.ipify\.org).*)$/,
2525
/(http[s]?:\/\/.*\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream))$/
2626
];
2727

workspaces/js-x-ray/test/probes/isLiteral.spec.ts

Lines changed: 30 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
// Import Node.js Dependencies
2-
import { test } from "node:test";
2+
import { test, describe } from "node:test";
33
import assert from "node:assert";
44

55
// Import Internal Dependencies
@@ -78,50 +78,35 @@ test("should not throw any warnings without hexadecimal value (and should call a
7878
assert.strictEqual(astNode.value, "hello world!");
7979
});
8080

81-
test("should detect shady link when an URL is bit.ly", () => {
82-
const str = "const foo = 'http://bit.ly/foo'";
83-
const ast = parseScript(str);
84-
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
85-
86-
assert.strictEqual(sastAnalysis.warnings().length, 1);
87-
const warning = sastAnalysis.getWarning("shady-link");
88-
assert.strictEqual(warning.value, "http://bit.ly/foo");
89-
});
90-
91-
test("should detect shady link when an URL is ipinfo.io when protocol is http", () => {
92-
const str = "const foo = 'http://ipinfo.io/json'";
93-
const ast = parseScript(str);
94-
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
95-
assert.strictEqual(sastAnalysis.warnings().length, 1);
96-
const warning = sastAnalysis.getWarning("shady-link");
97-
assert.strictEqual(warning.value, "http://ipinfo.io/json");
98-
});
99-
100-
test("should detect shady link when an URL is ipinfo.io when protocol is https", () => {
101-
const str = "const foo = 'https://ipinfo.io/json'";
102-
const ast = parseScript(str);
103-
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
104-
assert.strictEqual(sastAnalysis.warnings().length, 1);
105-
const warning = sastAnalysis.getWarning("shady-link");
106-
assert.strictEqual(warning.value, "https://ipinfo.io/json");
107-
});
108-
109-
test("should detect shady link when an URL is httpbin.org when protocol is http", () => {
110-
const str = "const foo = 'http://httpbin.org/ip'";
111-
const ast = parseScript(str);
112-
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
113-
assert.strictEqual(sastAnalysis.warnings().length, 1);
114-
const warning = sastAnalysis.getWarning("shady-link");
115-
assert.strictEqual(warning.value, "http://httpbin.org/ip");
116-
});
117-
118-
test("should detect shady link when an URL is httpbin.org when protocol is https", () => {
119-
const str = "const foo = 'https://httpbin.org/ip'";
120-
const ast = parseScript(str);
121-
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
122-
assert.strictEqual(sastAnalysis.warnings().length, 1);
123-
const warning = sastAnalysis.getWarning("shady-link");
124-
assert.strictEqual(warning.value, "https://httpbin.org/ip");
81+
describe("known suspicious domain", () => {
82+
const suspiciousDomains = [
83+
"bit.ly/foo",
84+
"ipinfo.io/json",
85+
"httpbin.org/ip",
86+
"api.ipify.org/ip"
87+
];
88+
89+
test("should detect shady link when an URL is known to be suspicious when protocol is http", () => {
90+
for (const suspicousDomain of suspiciousDomains) {
91+
const str = `const foo = 'http://${suspicousDomain}'`;
92+
const ast = parseScript(str);
93+
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
94+
assert.strictEqual(sastAnalysis.warnings().length, 1);
95+
const warning = sastAnalysis.getWarning("shady-link");
96+
assert.strictEqual(warning.value, `http://${suspicousDomain}`);
97+
}
98+
});
99+
100+
test("should detect shady link when an URL is known to be suspicious when protocol is https", () => {
101+
for (const suspicousDomain of suspiciousDomains) {
102+
const str = `const foo = 'https://${suspicousDomain}'`;
103+
const ast = parseScript(str);
104+
const sastAnalysis = getSastAnalysis(isLiteral).execute(ast.body);
105+
assert.strictEqual(sastAnalysis.warnings().length, 1);
106+
const warning = sastAnalysis.getWarning("shady-link");
107+
assert.strictEqual(warning.value, `https://${suspicousDomain}`);
108+
}
109+
});
125110
});
126111

127112
test("should detect shady link when an URL has a suspicious domain", () => {

0 commit comments

Comments
 (0)