UNPKG

drek

Version:

A static-code-analysis tool that can be used to perform security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development anti-patterns and footguns.

github.com/chrisallenlane/drek

chrisallenlane/drek

96 lines (77 loc) 2.37 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
const load = require('../app/util-load-signatures'); const lodash = require('lodash'); const path = require('path'); const test = require('tape'); test('util-load-signatures: it should load signatures (no wildcards)', function (t) { t.plan(1); // stub configs const config = { signatures: [ __dirname + '/mock/signatures/js.yml', __dirname + '/mock/signatures/php.yml', ], }; // expected signatures const expected = [ { signature : '\\sconsole' , filetypes : [ 'js' ] } , { signature : '\\seval\\s*\\(' , filetypes : [ 'js' ] } , { signature : '\\s\\$_GET' , filetypes : [ 'php' ] } , { signature : '\\s\\$_POST' , filetypes : [ 'php' ] } , { signature : '\\seval\\s*\\(' , filetypes : [ 'php' ] } , ]; // assert that the returned signatures match the expected t.equals( lodash.isEqual(load({}, config), expected), true ); }); test('util-load-signatures: it should load signatures (wildcards)', function (t) { t.plan(1); // stub configs const config = { signatures: [ __dirname + '/mock/signatures/*.yml', ], }; // expected signatures const expected = [ { signature : '\\sconsole' , filetypes : [ 'js' ] } , { signature : '\\seval\\s*\\(' , filetypes : [ 'js' ] } , { signature : '\\s\\$_GET' , filetypes : [ 'php' ] } , { signature : '\\s\\$_POST' , filetypes : [ 'php' ] } , { signature : '\\seval\\s*\\(' , filetypes : [ 'php' ] } , ]; // assert that the returned signatures match the expected t.equals( lodash.isEqual(load({}, config), expected), true ); }); test('util-load-signatures: it should throw an error on badly formatted YAML', function (t) { t.plan(1); // stub configs const config = { signatures: [ __dirname + '/mock/signatures/php.badyml', ], }; // assert that an error is thrown t.throws( function () { load({}, config); }, /is not a valid YAML file/ ); }); test('util-load-signatures: it should throw an error if a signature file contains no patterns', function (t) { t.plan(1); // stub configs const config = { signatures: [ __dirname + '/mock/signatures/php.emptyyml', ], }; // assert that an error is thrown t.throws( function () { load({}, config); }, /contains no patterns./ ); });