feat(customProbes): inject custom probes as param for AstAnalyser

[tchapacan]

fix #221

Inject custom probes as param for AstAnalyser

const { AstAnalyser, JsSourceParser } = require("@nodesecure/js-x-ray");

const analyser = new AstAnalyser({
  parser: new JsSourceParser(),
  customProbes,
  skipDefaultProbes: true
});

Allow developers to inject new custom probe using the AstAnalyser

Purpose of this PR is to propose a fix/feat for the issue #221 by modifying the constructor of some of the relevant class such as (ProbeRunner, ASTAnalyzer, SourceFile) :

• code
• tests
• docs

I tried to keep it as simple as possible without modifying that much what was already done (i haven't change the ProbeRunner instanciation from SourceFile), but I'm open to suggestion.

Don't hesitate to give any feedback/suggestion/proposition to improve this PR

Result after (yes this probe below is perfectible ahah) :

const kIncriminedCodeSample = "const danger = 'danger';";

const customProbes = [
  {
    name: "customProbeUnsafeDanger",
    validateNode: (node, sourceFile) => [true]
    ,
    main: (node, options) => {
      const { sourceFile, data: calleeName } = options;
      if (node.declarations[0].init.value === "danger") {
        sourceFile.addWarning("unsafe-danger", calleeName, node.loc);
  
        return ProbeSignals.Skip;
      }
  
      return null;
    }
  }
];

const analyser = new AstAnalyser({
  parser: new JsSourceParser(),
  customProbes,
  skipDefaultProbes: true
});

const result = analyser.analyse(kIncriminedCodeSample);
console.log(result);

➜  js-x-ray git:(fix/221) ✗ node example.js
{
  idsLengthAvg: 0,
  stringScore: 0,
  warnings: [ { kind: 'unsafe-danger', location: [Array], source: 'JS-X-Ray' } ],
  dependencies: Map(0) {},
  isOneLineRequire: false
}

[jean-michelet]

Just a few questions, congratulations on the work accomplished.

[jean-michelet]

Some toughs, maybe @PierreDemailly can review my suggestions before you continue.

[jean-michelet]

After that, should be ok 👍

[jean-michelet]

Lgtm, with a nit

[tchapacan]

I have proposed a quick update of the readme, if you think it needs more details i can try create a dedicated .md file for the customProbe part ? and refer it in the readme briefly ?

[PierreDemailly]

I have proposed a quick update of the readme, if you think it needs more details i can try create a dedicated .md file for the customProbe part ? and refer it in the readme briefly ?

The update is fine 👍 I don't think we need a dedicated doc for the moment

[tchapacan]

I have proposed a quick update of the readme, if you think it needs more details i can try create a dedicated .md file for the customProbe part ? and refer it in the readme briefly ?

The update is fine 👍 I don't think we need a dedicated doc for the moment

Thanks for the review, I have fix the little typo in the readme in latest commit, lmk if it seems good enough

[PierreDemailly]

LGTM