fix: resolve conflicts

.all-contributorsrc

@@ -150,7 +150,8 @@
       "avatar_url": "https://avatars.githubusercontent.com/u/99122562?v=4",
       "profile": "https://github.com/FredGuiou",
       "contributions": [
-        "doc"
+        "doc",
+        "code"
       ]
     }
   ],

.github/workflows/codeql.yml

@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -50,7 +50,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        uses: github/codeql-action/autobuild@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -76,6 +76,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/estree-ast-utils.yml

@@ -28,7 +28,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

.github/workflows/node.js.yml

@@ -17,7 +17,7 @@ jobs:
       fail-fast: false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -40,7 +40,7 @@ jobs:
       fail-fast: false
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

.github/workflows/scorecard.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
         with:
           sarif_file: results.sarif

.github/workflows/ts-source-parser.yml

@@ -28,7 +28,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 

README.md

@@ -236,7 +236,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="http://miikkak.dev"><img src="https://avatars.githubusercontent.com/u/65869801?v=4?s=100" width="100px;" alt="mkarkkainen"/><br /><sub><b>mkarkkainen</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=mkarkkainen" title="Code">💻</a></td>
     </tr>
     <tr>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/FredGuiou"><img src="https://avatars.githubusercontent.com/u/99122562?v=4?s=100" width="100px;" alt="FredGuiou"/><br /><sub><b>FredGuiou</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=FredGuiou" title="Documentation">📖</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/FredGuiou"><img src="https://avatars.githubusercontent.com/u/99122562?v=4?s=100" width="100px;" alt="FredGuiou"/><br /><sub><b>FredGuiou</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=FredGuiou" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=FredGuiou" title="Code">💻</a></td>
     </tr>
   </tbody>
 </table>

src/ProbeRunner.js

@@ -104,7 +104,7 @@ export class ProbeRunner {
 
       if (isMatching) {
         return probe.main(node, {
-          analysis: this.sourceFile,
+          sourceFile: this.sourceFile,
           data
         });
       }
@@ -144,7 +144,7 @@ export class ProbeRunner {
       }
       finally {
         if (probe.teardown) {
-          probe.teardown({ analysis: this.sourceFile });
+          probe.teardown({ sourceFile: this.sourceFile });
         }
       }
     }

src/obfuscators/freejsobfuscator.js

@@ -1,9 +1,9 @@
 // Import Third-party Dependencies
 import { Utils } from "@nodesecure/sec-literal";
 
-export function verify(analysis, prefix) {
+export function verify(sourceFile, prefix) {
   const pValue = Object.keys(prefix).pop();
   const regexStr = `^${Utils.escapeRegExp(pValue)}[a-zA-Z]{1,2}[0-9]{0,2}$`;
 
-  return analysis.identifiersName.every(({ name }) => new RegExp(regexStr).test(name));
+  return sourceFile.identifiersName.every(({ name }) => new RegExp(regexStr).test(name));
 }

src/obfuscators/index.js

@@ -11,21 +11,21 @@ import * as trojan from "./trojan-source.js";
 // CONSTANTS
 const kMinimumIdsCount = 5;
 
-export function isObfuscatedCode(analysis) {
+export function isObfuscatedCode(sourceFile) {
   let encoderName = null;
 
-  if (jsfuck.verify(analysis)) {
+  if (jsfuck.verify(sourceFile)) {
     encoderName = "jsfuck";
   }
-  else if (jjencode.verify(analysis)) {
+  else if (jjencode.verify(sourceFile)) {
     encoderName = "jjencode";
   }
-  else if (analysis.morseLiterals.size >= 36) {
+  else if (sourceFile.morseLiterals.size >= 36) {
     encoderName = "morse";
   }
   else {
     // TODO: also implement Dictionnary checkup
-    const identifiers = analysis.identifiersName
+    const identifiers = sourceFile.identifiersName
       .map((value) => value?.name ?? null)
       .filter((name) => typeof name === "string");
 
@@ -34,18 +34,18 @@ export function isObfuscatedCode(analysis) {
     );
     const uPrefixNames = new Set(Object.keys(prefix));
 
-    if (analysis.counter.identifiers > kMinimumIdsCount && uPrefixNames.size > 0) {
-      analysis.hasPrefixedIdentifiers = calcAvgPrefixedIdentifiers(analysis, prefix) > 80;
+    if (sourceFile.counter.identifiers > kMinimumIdsCount && uPrefixNames.size > 0) {
+      sourceFile.hasPrefixedIdentifiers = calcAvgPrefixedIdentifiers(sourceFile, prefix) > 80;
     }
 
-    if (uPrefixNames.size === 1 && freejsobfuscator.verify(analysis, prefix)) {
+    if (uPrefixNames.size === 1 && freejsobfuscator.verify(sourceFile, prefix)) {
       encoderName = "freejsobfuscator";
     }
-    else if (obfuscatorio.verify(analysis)) {
+    else if (obfuscatorio.verify(sourceFile)) {
       encoderName = "obfuscator.io";
     }
-    // else if ((analysis.counter.identifiers > (kMinimumIdsCount * 3) && analysis.hasPrefixedIdentifiers)
-    //     && (oneTimeOccurence <= 3 || analysis.counter.encodedArrayValue > 0)) {
+    // else if ((sourceFile.counter.identifiers > (kMinimumIdsCount * 3) && sourceFile.hasPrefixedIdentifiers)
+    //     && (oneTimeOccurence <= 3 || sourceFile.counter.encodedArrayValue > 0)) {
     //     encoderName = "unknown";
     // }
   }
@@ -57,13 +57,13 @@ export function hasTrojanSource(sourceString) {
   return trojan.verify(sourceString);
 }
 
-function calcAvgPrefixedIdentifiers(analysis, prefix) {
+function calcAvgPrefixedIdentifiers(sourceFile, prefix) {
   const valuesArr = Object.values(prefix).slice().sort((left, right) => left - right);
   if (valuesArr.length === 0) {
     return 0;
   }
   const nbOfPrefixedIds = valuesArr.length === 1 ? valuesArr.pop() : (valuesArr.pop() + valuesArr.pop());
-  const maxIds = analysis.counter.identifiers - analysis.idtypes.property;
+  const maxIds = sourceFile.counter.identifiers - sourceFile.idtypes.property;
 
   return ((nbOfPrefixedIds / maxIds) * 100);
 }

src/obfuscators/jjencode.js

@@ -4,23 +4,23 @@ import { notNullOrUndefined } from "../utils/index.js";
 // CONSTANTS
 const kJJRegularSymbols = new Set(["$", "_"]);
 
-export function verify(analysis) {
-  if (analysis.counter.variableDeclarator > 0 || analysis.counter.functionDeclaration > 0) {
+export function verify(sourceFile) {
+  if (sourceFile.counter.variableDeclarator > 0 || sourceFile.counter.functionDeclaration > 0) {
     return false;
   }
-  if (analysis.idtypes.assignExpr > analysis.idtypes.property) {
+  if (sourceFile.idtypes.assignExpr > sourceFile.idtypes.property) {
     return false;
   }
 
-  const matchCount = analysis.identifiersName.filter(({ name }) => {
+  const matchCount = sourceFile.identifiersName.filter(({ name }) => {
     if (!notNullOrUndefined(name)) {
       return false;
     }
     const charsCode = [...new Set([...name])];
 
     return charsCode.every((char) => kJJRegularSymbols.has(char));
   }).length;
-  const pourcent = ((matchCount / analysis.identifiersName.length) * 100);
+  const pourcent = ((matchCount / sourceFile.identifiersName.length) * 100);
 
   return pourcent > 80;
 }

src/obfuscators/jsfuck.js

@@ -1,11 +1,11 @@
 // CONSTANTS
 const kJSFuckMinimumDoubleUnaryExpr = 5;
 
-export function verify(analysis) {
-  const hasZeroAssign = analysis.idtypes.assignExpr === 0
-    && analysis.idtypes.functionDeclaration === 0
-    && analysis.idtypes.property === 0
-    && analysis.idtypes.variableDeclarator === 0;
+export function verify(sourceFile) {
+  const hasZeroAssign = sourceFile.idtypes.assignExpr === 0
+    && sourceFile.idtypes.functionDeclaration === 0
+    && sourceFile.idtypes.property === 0
+    && sourceFile.idtypes.variableDeclarator === 0;
 
-  return hasZeroAssign && analysis.counter.doubleUnaryArray >= kJSFuckMinimumDoubleUnaryExpr;
+  return hasZeroAssign && sourceFile.counter.doubleUnaryArray >= kJSFuckMinimumDoubleUnaryExpr;
 }

src/obfuscators/obfuscator-io.js

@@ -1,13 +1,13 @@
-export function verify(analysis) {
-  if (analysis.counter.memberExpr > 0) {
+export function verify(sourceFile) {
+  if (sourceFile.counter.memberExpr > 0) {
     return false;
   }
 
-  const hasSomePatterns = analysis.counter.doubleUnaryArray > 0
-    || analysis.counter.deepBinaryExpr > 0
-    || analysis.counter.encodedArrayValue > 0
-    || analysis.hasDictionaryString;
+  const hasSomePatterns = sourceFile.counter.doubleUnaryArray > 0
+    || sourceFile.counter.deepBinaryExpr > 0
+    || sourceFile.counter.encodedArrayValue > 0
+    || sourceFile.hasDictionaryString;
 
   // TODO: hasPrefixedIdentifiers only work for hexadecimal id names generator
-  return analysis.hasPrefixedIdentifiers && hasSomePatterns;
+  return sourceFile.hasPrefixedIdentifiers && hasSomePatterns;
 }

src/probes/isArrayExpression.js

@@ -17,9 +17,9 @@ function validateNode(node) {
   ];
 }
 
-function main(node, { analysis }) {
+function main(node, { sourceFile }) {
   kLiteralExtractor(
-    (literalNode) => analysis.analyzeLiteral(literalNode, true),
+    (literalNode) => sourceFile.analyzeLiteral(literalNode, true),
     node.elements
   );
 }

src/probes/isAssignmentExpression.js

@@ -15,11 +15,11 @@ function validateNode(node) {
 }
 
 function main(node, options) {
-  const { analysis } = options;
+  const { sourceFile } = options;
 
-  analysis.idtypes.assignExpr++;
+  sourceFile.idtypes.assignExpr++;
   for (const { name } of getVariableDeclarationIdentifiers(node.left)) {
-    analysis.identifiersName.push({ name, type: "assignExpr" });
+    sourceFile.identifiersName.push({ name, type: "assignExpr" });
   }
 }
 

src/probes/isBinaryExpression.js

@@ -12,11 +12,11 @@ function validateNode(node) {
 }
 
 function main(node, options) {
-  const { analysis } = options;
+  const { sourceFile } = options;
 
   const [binaryExprDeepness, hasUnaryExpression] = walkBinaryExpression(node);
   if (binaryExprDeepness >= 3 && hasUnaryExpression) {
-    analysis.counter.deepBinaryExpr++;
+    sourceFile.counter.deepBinaryExpr++;
   }
 }
 

src/probes/isClassDeclaration.js

@@ -11,10 +11,10 @@ function validateNode(node) {
 }
 
 function main(node, options) {
-  const { analysis } = options;
+  const { sourceFile } = options;
 
   kIdExtractor(
-    ({ name }) => analysis.identifiersName.push({ name, type: "class" }),
+    ({ name }) => sourceFile.identifiersName.push({ name, type: "class" }),
     [node.id, node.superClass]
   );
 }

src/probes/isFunction.js

@@ -18,18 +18,18 @@ function validateNode(node) {
 }
 
 function main(node, options) {
-  const { analysis } = options;
+  const { sourceFile } = options;
 
   kIdExtractor(
-    ({ name }) => analysis.identifiersName.push({ name, type: "params" }),
+    ({ name }) => sourceFile.identifiersName.push({ name, type: "params" }),
     node.params
   );
 
   if (node.id === null || node.id.type !== "Identifier") {
     return;
   }
-  analysis.idtypes.functionDeclaration++;
-  analysis.identifiersName.push({ name: node.id.name, type: "functionDeclaration" });
+  sourceFile.idtypes.functionDeclaration++;
+  sourceFile.identifiersName.push({ name: node.id.name, type: "functionDeclaration" });
 }
 
 export default {

src/probes/isImportDeclaration.js

@@ -14,14 +14,14 @@ function validateNode(node) {
 }
 
 function main(node, options) {
-  const { analysis } = options;
+  const { sourceFile } = options;
 
   // Searching for dangerous import "data:text/javascript;..." statement.
   // see: https://2ality.com/2019/10/eval-via-import.html
   if (node.source.value.startsWith("data:text/javascript")) {
-    analysis.addWarning("unsafe-import", node.source.value, node.loc);
+    sourceFile.addWarning("unsafe-import", node.source.value, node.loc);
   }
-  analysis.addDependency(node.source.value, node.loc);
+  sourceFile.addDependency(node.source.value, node.loc);
 }
 
 export default {