UNPKG

@nodesecure/js-x-ray

Version:

JavaScript AST XRay analysis

github.com/NodeSecure/js-x-ray

NodeSecure/js-x-ray

50 lines (42 loc) 1.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
// Import Third-party Dependencies import { isLiteralRegex } from "@nodesecure/estree-ast-utils"; import safeRegex from "safe-regex"; /** * @description Search for Regex Object constructor. * @see https://github.com/estree/estree/blob/master/es5.md#newexpression * @example * new RegExp("..."); */ function validateNode(node) { return [ isRegexConstructor(node) && node.arguments.length > 0 ]; } function main(node, options) { const { sourceFile } = options; const arg = node.arguments[0]; /** * Note: RegExp Object can contain a RegExpLiteral * @see https://github.com/estree/estree/blob/master/es5.md#regexpliteral * * @example * new RegExp(/^foo/) */ const pattern = isLiteralRegex(arg) ? arg.regex.pattern : arg.value; // We use the safe-regex package to detect whether or not regex is safe! if (!safeRegex(pattern)) { sourceFile.addWarning("unsafe-regex", pattern, node.loc); } } function isRegexConstructor(node) { if (node.type !== "NewExpression" || node.callee.type !== "Identifier") { return false; } return node.callee.name === "RegExp"; } export default { name: "isRegexObject", validateNode, main, breakOnMatch: false };