js-x-ray icon indicating copy to clipboard operation
js-x-ray copied to clipboard

Published 20 hours ago • verified publisher icon NodeSecure

Detect usage of dynamic RegExps

Open fraxken opened this issue 3 years ago • 5 comments

There is currently a lot of situations where we are missing dynamic RegExps. Ref and examples here: https://github.com/nodejs/security-wg/issues/208

We should probably use the new Tracer to detect those cases (extension, proxy ...).

fraxken avatar Jul 18 '22 10:07 fraxken

One major issue if the fact that we analyze files one by one. It make the tracing of Proxies (and similar) impossible.

fraxken avatar Jan 03 '23 11:01 fraxken

One major issue if the fact that we analyze files one by one. It make the tracing of Proxies (and similar) impossible.

Can we create an Env class, do an initial traversal of the program's entire AST, storing all the things we should be aware of, and exploit it during analysis?

jean-michelet avatar Feb 07 '24 06:02 jean-michelet

Can we create an Env class, do an initial traversal of the program's entire AST, storing all the things we should be aware of, and exploit it during analysis?

No on multiple files it will cost an insane amount of memory. The only viable solution is to think "multiple iterations"

  • First iteration to walk, generate tree and report suspect nodes
  • Second iteration: look for suspect nodes

Kind of..

fraxken avatar Feb 07 '24 07:02 fraxken