UNPKG

sicua

Version:

A tool for analyzing project structure and dependencies

github.com/sicua-labs/sicua

sicua-labs/sicua

76 lines (75 loc) 1.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/** * Detector for debug code and development flags in production code */ import { BaseDetector } from "./BaseDetector"; import { Vulnerability } from "../types/vulnerability.types"; import { ScanResult } from "../../../types"; export declare class DebugCodeDetector extends BaseDetector { private static readonly DEBUG_PATTERNS; constructor(); detect(scanResult: ScanResult): Promise<Vulnerability[]>; /** * Validate if a debug code match is problematic */ private validateDebugMatch; /** * AST-based analysis for debug code detection */ private analyzeASTForDebugCode; /** * Find debugger statements */ private findDebuggerStatements; /** * Find debug-related variables */ private findDebugVariables; /** * Find console debug method calls */ private findConsoleDebugCalls; /** * Find development-only code blocks */ private findDevelopmentCodeBlocks; /** * Analyze debugger statement */ private analyzeDebuggerStatement; /** * Analyze debug variable */ private analyzeDebugVariable; /** * Analyze console debug call */ private analyzeConsoleDebugCall; /** * Analyze development code block */ private analyzeDevelopmentCodeBlock; /** * Check if variable name is debug-related */ private isDebugRelatedVariable; /** * Check if variable is set to true */ private isVariableSetToTrue; /** * Check if condition is development-only */ private isDevelopmentOnlyCondition; /** * Get console method name */ private getConsoleMethodName; /** * Check if debug code is properly gated by environment checks */ private isProperlyGated; /** * Extract function name from AST node context */ private extractFunctionFromAST; }