UNPKG

sicua

Version:

A tool for analyzing project structure and dependencies

github.com/sicua-labs/sicua

sicua-labs/sicua

72 lines (71 loc) 1.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/** * Detector for client-side storage of sensitive data */ import { BaseDetector } from "./BaseDetector"; import { Vulnerability } from "../types/vulnerability.types"; import { ScanResult } from "../../../types"; export declare class ClientStorageDetector extends BaseDetector { private static readonly STORAGE_PATTERNS; constructor(); detect(scanResult: ScanResult): Promise<Vulnerability[]>; /** * Detect storage libraries used in the file */ private detectStorageLibraries; /** * Validate if a storage pattern match is problematic */ private validateStorageMatch; /** * AST-based analysis for client storage usage */ private analyzeASTForClientStorage; /** * Find storage API calls (localStorage, sessionStorage, etc.) */ private findStorageApiCalls; /** * Find storage library calls */ private findStorageLibraryCalls; /** * Analyze storage API call */ private analyzeStorageApiCall; /** * Analyze storage library call */ private analyzeStorageLibraryCall; /** * Get storage type and method information */ private getStorageInfo; /** * Analyze storage call for sensitive data */ private analyzeStorageSensitivity; /** * Extract sensitive data indicators from function argument */ private extractSensitiveDataFromArgument; /** * Check if storage usage is for UI state rather than sensitive data */ private isUIStateStorage; /** * Determine sensitivity level based on found keywords */ private determineSensitivityLevel; /** * Determine confidence level based on context */ private determineConfidenceLevel; /** * Generate storage security recommendations */ private generateStorageRecommendations; /** * Extract function name from AST node context */ private extractFunctionFromAST; }