This package is a security utilities library created to analyze ESTree Literal and JavaScript string primitive. This project was originally created to simplify and better test the functionalities required for the SAST Scanner JS-X-Ray.
- Detect Hexadecimal, Base64, Hexa and Unicode sequences.
- Detect patterns (prefix, suffix) on groups of identifiers.
- Detect suspicious string and return advanced metrics on it (char diversity etc).
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/sec-literal
# or
$ yarn add @nodesecure/sec-literal
Detect if the given string is an Hexadecimal value
Hex.isHex("4e20"); // true
Hex.isHex(20); // false
Detect if the given string is a safe Hexadecimal value. The goal of this method is to eliminate false-positive.
Hex.isSafe("393d8"); // true
Hex.isSafe("7f196a64a870440000"); // false
Detect if the given literal is a ESTree literal.
const literalSample = createLiteral("hello world");
Literal.isLiteral(literalSample); // true
Literal.isLiteral("hello world!"); // false
Returns the value of the literal if the input is an ESTree literal else it returns the original input
const literalSample = createLiteral("hello world");
Literal.toValue(literalSample); // returns "hello world"
Returns the raw value of literal if the literal is an ESTree literal else it returns the original input
const literalSample = createLiteral("hello world", true);
Literal.toRaw(literalSample); // returns "hello world"
Returns an object which indicates if the literal contains hexadecimal, unicode or base64 sequence if the input is an ESTree literal else it returns null
const literalSample = createLiteral("hello world");
Literal.toRaw(literalSample); // returns {hasHexadecimalSequence: null, hasUnicodeSequence: null, isBase64: null}
Detect if a given string is an SVG.
const SVG_HTML = `<svg height="100" width="100">
<circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
</svg> `;
Utils.isSvg(SVG_HTML); // true
Detect if a given string is a svg path.
Utils.isSvgPath("M150 0 L75 200 L225 200 Z"); // true
Utils.isSvgPath("hi there!"); // false
Get the number of unique chars in a given string.
Utils.stringCharDiversity("hello"); // returns 4
Utils.stringCharDiversity("hello", ["l"]); // returns 3
Utils.stringCharDiversity("syntax"); // returns 6
Analyze a given string and give it a suspicion score (higher than 1 or 2 mean that the string is highly suspect).
Utils.stringSuspicionScore("hello world"); // returns 0
Utils.stringSuspicionScore(
"XoMFrxuRvgb6a7lip6uYd6sz13E4KooQYqiIL0ZQReukg8BqZwsjCeay"
); // returns 1
Get the common string prefix (at the start) pattern
Patterns.commonStringPrefix("boo", "foo"); // null
Patterns.commonStringPrefix("bromance", "brother"); // "bro"
Get the common string suffixes (at the end) pattern.
Patterns.commonStringSuffix("boo", "foo"); // oo
Patterns.commonStringSuffix("bromance", "brother"); // null
Return the number of one time occurences of hexadecimal prefixes and an object containing the list of prefixes and the number of occurences in a given array of hexadecimals.
Patterns.commonHexadecimalPrefix([
"_0x33bb79",
"foo",
"_0x3c0c55",
"_0x1185d5",
]); // returns { oneTimeOccurence: 1, prefix: { _0x: 3 } }
Thanks goes to these wonderful people (emoji key):
Gentilhomme π» π π π‘οΈ π |
Nicolas Hallaert π |
Badrri Narayanan S π |
Kouadio Fabrice Nguessan π§ |
MIT