sicua
Version:
A tool for analyzing project structure and dependencies
75 lines (74 loc) • 2.09 kB
TypeScript
/**
* Detector for React-specific security anti-patterns
*/
import { BaseDetector } from "./BaseDetector";
import { Vulnerability } from "../types/vulnerability.types";
import { ScanResult } from "../../../types";
export declare class ReactAntiPatternDetector extends BaseDetector {
private static readonly REACT_ANTIPATTERN_PATTERNS;
private static readonly DANGEROUS_HTML_ELEMENTS;
private static readonly DANGEROUS_PROPS;
private static readonly DANGEROUS_REF_OPERATIONS;
constructor();
detect(scanResult: ScanResult): Promise<Vulnerability[]>;
/**
* Filter files to only include React/JSX files
*/
private filterReactFiles;
/**
* Check if file contains React/JSX content
*/
private isReactFile;
/**
* Validate if a React anti-pattern match is actually problematic
*/
private validateReactAntiPatternMatch;
/**
* AST-based analysis for React anti-patterns
*/
private analyzeASTForReactAntiPatterns;
/**
* Find React.createElement calls
*/
private findReactCreateElementCalls;
/**
* Find dangerous ref usage
*/
private findDangerousRefUsage;
/**
* Analyze React.createElement call for dangerous patterns
*/
private analyzeCreateElementCall;
/**
* Analyze JSX element for dangerous patterns
*/
private analyzeJSXElement;
/**
* Analyze ref usage for dangerous operations
*/
private analyzeRefUsage;
/**
* Get JSX tag name
*/
private getJSXTagName;
/**
* Check if React.createElement has user-controlled content
*/
private hasUserControlledContent;
/**
* Check if JSX element has user-controlled content
*/
private jsxHasUserControlledContent;
/**
* Find dangerous JSX props
*/
private findDangerousJSXProps;
/**
* Check if expression contains user-controlled variables
*/
private containsUserVariables;
/**
* Extract function name from AST node context
*/
private extractFunctionFromAST;
}