@nodesecure/js-x-ray/dist/probes/isWeakCrypto.js

JavaScript AST XRay analysis

import { CALL_EXPRESSION_DATA } from "../contants.js";
import { isLiteral } from "../estree/types.js";
import { generateWarning } from "../warnings.js";
// CONSTANTS
const kWeakAlgorithms = new Set([
    "md5",
    "sha1",
    "ripemd160",
    "md4",
    "md2"
]);
function validateNode(_node, ctx) {
    const { tracer } = ctx.sourceFile;
    if (!tracer.importedModules.has("crypto")) {
        return [false];
    }
    return [
        ctx.context[CALL_EXPRESSION_DATA]?.identifierOrMemberExpr === "crypto.createHash"
    ];
}
function initialize(ctx) {
    const { tracer } = ctx.sourceFile;
    tracer.trace("crypto.createHash", {
        followConsecutiveAssignment: true,
        moduleName: "crypto"
    });
}
function main(node, ctx) {
    const { sourceFile } = ctx;
    const arg = node.arguments.at(0);
    if (isLiteral(arg) && kWeakAlgorithms.has(arg.value)) {
        const warning = generateWarning("weak-crypto", { value: arg.value, location: node.loc });
        sourceFile.warnings.push(warning);
    }
}
export default {
    name: "isWeakCrypto",
    validateNode,
    main,
    initialize,
    breakOnMatch: false,
    context: {}
};
//# sourceMappingURL=isWeakCrypto.js.map