UNPKG

sicua

Version:

A tool for analyzing project structure and dependencies

github.com/sicua-labs/sicua

sicua-labs/sicua

56 lines (55 loc) 1.62 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
/** * Detector for insecure random number generation in security contexts */ import { BaseDetector } from "./BaseDetector"; import { Vulnerability } from "../types/vulnerability.types"; import { ScanResult } from "../../../types"; export declare class InsecureRandomDetector extends BaseDetector { private static readonly RANDOM_PATTERNS; constructor(); detect(scanResult: ScanResult): Promise<Vulnerability[]>; /** * Detect usage of secure random alternatives in the file */ private detectSecureRandomUsage; /** * Validate if a random pattern match is in a security context */ private validateRandomMatch; /** * AST-based analysis for insecure random usage */ private analyzeASTForInsecureRandom; /** * Find Math.random() call expressions */ private findMathRandomCalls; /** * Find Date.now() usage in random contexts */ private findDateNowRandomUsage; /** * Analyze the security context of a Math.random() call */ private analyzeRandomSecurityContext; /** * Get the variable name that a random call is assigned to */ private getAssignmentVariableName; /** * Check if variable name suggests security context */ private isSecurityRelatedVariable; /** * Check if function name suggests security context */ private isSecurityRelatedFunction; /** * Check if context suggests security usage */ private isInSecurityContext; /** * Extract function name from AST node context */ private extractFunctionFromAST; }