Skip to content

refactor: remove trojan-source detection from SourceFile constructor #387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 9, 2025
Merged

refactor: remove trojan-source detection from SourceFile constructor #387

merged 1 commit into from
Jul 9, 2025

Conversation

@fraxken
Copy link
Member

@fraxken fraxken commented Jul 9, 2025

No description provided.

@changeset-bot
Copy link

changeset-bot bot commented Jul 9, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 309adc6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@nodesecure/js-x-ray Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copilot AI reviewed Jul 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the placement of trojan-source detection and updates the getSastAnalysis API and related test invocations.

  • Remove trojan-source verification from the SourceFile constructor and migrate it into AstAnalyser.
  • Change getSastAnalysis signature to accept only a probe, dropping the initial source string parameter.
  • Update all tests to call getSastAnalysis(probe) and adjust SourceFile instantiation without arguments.

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
workspaces/js-x-ray/test/utils/index.ts Updated getSastAnalysis signature; removed sourceCodeString arg
workspaces/js-x-ray/test/probes/isUnsafeCommand.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isUnsafeCallee.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isSerializeEnv.spec.ts Dropped string param; added stray console.log
workspaces/js-x-ray/test/probes/isRequire.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isRegexObject.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isLiteralRegex.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isLiteral.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isImportDeclaration.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isBinaryExpression.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/probes/isArrayExpression.spec.ts Dropped string parameter in getSastAnalysis calls
workspaces/js-x-ray/test/ProbeRunner.spec.ts Updated all new SourceFile("") to new SourceFile()
workspaces/js-x-ray/src/SourceFile.ts Removed trojan-source import and constructor logic
workspaces/js-x-ray/src/AstAnalyser.ts Added trojan-source detection before probe execution
Comments suppressed due to low confidence (2)

workspaces/js-x-ray/test/utils/index.ts:35

  • This change drops the sourceCodeString parameter from getSastAnalysis, which is a breaking API change—please update documentation or add a migration note.
export function getSastAnalysis(

workspaces/js-x-ray/src/AstAnalyser.ts:148

  • Add tests to cover the trojan-source detection logic moved into AstAnalyser so that obfuscated-code warnings are verified under the new flow.
    if (trojan.verify(str)) {

@fraxken
refactor: remove trojan-source detection from SourceFile constructor
309adc6 
Update workspaces/js-x-ray/test/probes/isSerializeEnv.spec.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

chore: add changeset
@fraxken fraxken force-pushed the move-trojan-source-detection branch from 757afc6 to 309adc6 Compare July 9, 2025 15:07
@fraxken fraxken merged commit 4d097cc into master Jul 9, 2025
6 checks passed
@fraxken fraxken deleted the move-trojan-source-detection branch July 9, 2025 15:12
@github-actions github-actions bot mentioned this pull request Jul 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@clemgbld clemgbld clemgbld approved these changes

@PierreDemailly PierreDemailly Awaiting requested review from PierreDemailly

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fraxken @clemgbld