Skip to content

Commit

Permalink
fix: estree-ast-utils
Browse files Browse the repository at this point in the history
  • Loading branch information
@jean-michelet
jean-michelet committed May 16, 2024
1 parent 19e891a commit 347036e
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 14 deletions.
3 changes: 1 addition & 2 deletions workspaces/estree-ast-utils/src/utils/VariableTracer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ export class VariableTracer extends EventEmitter {
moduleName
});


if (identifierOrMemberExpr.includes(".")) {
const exprs = [...getSubMemberExpressionSegments(identifierOrMemberExpr)]
.filter((expr) => !this.#traced.has(expr));
Expand Down Expand Up @@ -428,7 +427,7 @@ export class VariableTracer extends EventEmitter {

let superClassMemory = [superClass.name];
const data = this.getDataFromIdentifier(superClass.name);
if (!superClassMemory.includes("RegExp")) {
if (!superClassMemory.includes("RegExp") && data?.superClassMemory) {
superClassMemory = [...superClassMemory, ...data.superClassMemory];
}

Expand Down
9 changes: 6 additions & 3 deletions workspaces/estree-ast-utils/test/VariableTracer/VariableTracer.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ test("it should be able to Trace a malicious code with Global, BinaryExpr, Assig
assert.deepEqual(evil, {
name: "require",
identifierOrMemberExpr: "process.mainModule.require",
assignmentMemory: ["p", "evil"]
assignmentMemory: ["p", "evil"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down Expand Up @@ -58,7 +59,8 @@ test("it should be able to Trace a malicious CallExpression by recombining segme
assert.deepEqual(evil, {
name: "require",
identifierOrMemberExpr: "process.mainModule.require",
assignmentMemory: ["g", "r", "c"]
assignmentMemory: ["g", "r", "c"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 3);

Expand Down Expand Up @@ -117,7 +119,8 @@ test("it should be able to Trace an unsafe crypto.createHash using Function.prot
assert.deepEqual(createHashBis, {
name: "crypto.createHash",
identifierOrMemberExpr: "crypto.createHash",
assignmentMemory: ["crr", "createHashBis"]
assignmentMemory: ["crr", "createHashBis"],
superClassMemory: []
});

assert.strictEqual(helpers.tracer.importedModules.has("crypto"), true);
Expand Down
15 changes: 10 additions & 5 deletions workspaces/estree-ast-utils/test/VariableTracer/assignments.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ test("it should be able to Trace a require Assignment (using a global variable)"
assert.deepEqual(foo, {
name: "require",
identifierOrMemberExpr: "require",
assignmentMemory: ["foo"]
assignmentMemory: ["foo"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 1);

Expand All @@ -41,7 +42,8 @@ test("it should be able to Trace a require Assignment (using a MemberExpression)
assert.deepEqual(foo, {
name: "require",
identifierOrMemberExpr: "require.resolve",
assignmentMemory: ["foo"]
assignmentMemory: ["foo"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 1);

Expand All @@ -65,7 +67,8 @@ test("it should be able to Trace a global Assignment using an ESTree ObjectPatte
assert.deepEqual(boo, {
name: "require",
identifierOrMemberExpr: "process.mainModule.require",
assignmentMemory: ["yoo", "boo"]
assignmentMemory: ["yoo", "boo"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand All @@ -92,7 +95,8 @@ test("it should be able to Trace an Unsafe Function() Assignment using an ESTree
assert.deepEqual(boo, {
name: "require",
identifierOrMemberExpr: "process.mainModule.require",
assignmentMemory: ["yoo", "boo"]
assignmentMemory: ["yoo", "boo"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down Expand Up @@ -136,7 +140,8 @@ test("it should be able to Trace a global assignment using a LogicalExpression",
assert.deepEqual(foo, {
name: "require",
identifierOrMemberExpr: "require",
assignmentMemory: ["foo"]
assignmentMemory: ["foo"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 1);

Expand Down
12 changes: 8 additions & 4 deletions workspaces/estree-ast-utils/test/VariableTracer/cryptoCreateHash.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ test("it should be able to Trace crypto.createHash when imported with an ESTree
assert.deepEqual(createHashBis, {
name: "crypto.createHash",
identifierOrMemberExpr: "crypto.createHash",
assignmentMemory: ["cryptoBis", "createHashBis"]
assignmentMemory: ["cryptoBis", "createHashBis"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down Expand Up @@ -62,7 +63,8 @@ test("it should be able to Trace createHash when required (CommonJS) and destruc
assert.deepEqual(createHashBis, {
name: "crypto.createHash",
identifierOrMemberExpr: "crypto.createHash",
assignmentMemory: ["createHash", "createHashBis"]
assignmentMemory: ["createHash", "createHashBis"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down Expand Up @@ -94,7 +96,8 @@ test("it should be able to Trace crypto.createHash when imported with an ESTree
assert.deepEqual(createHashBis, {
name: "crypto.createHash",
identifierOrMemberExpr: "crypto.createHash",
assignmentMemory: ["createHash", "createHashBis"]
assignmentMemory: ["createHash", "createHashBis"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down Expand Up @@ -130,7 +133,8 @@ test("it should be able to Trace crypto.createHash with CommonJS require and wit
assert.deepEqual(createHashBis, {
name: "crypto.createHash",
identifierOrMemberExpr: "crypto.createHash",
assignmentMemory: ["createHashBis"]
assignmentMemory: ["createHashBis"],
superClassMemory: []
});
assert.strictEqual(assignments.length, 2);

Expand Down

0 comments on commit 347036e

Please sign in to comment.