sicua
Version:
A tool for analyzing project structure and dependencies
56 lines (55 loc) • 1.6 kB
TypeScript
/**
* Detector for unsafe HTML usage including dangerouslySetInnerHTML without sanitization
*/
import { BaseDetector } from "./BaseDetector";
import { Vulnerability } from "../types/vulnerability.types";
import { ScanResult } from "../../../types";
export declare class UnsafeHTMLDetector extends BaseDetector {
private static readonly HTML_PATTERNS;
constructor();
detect(scanResult: ScanResult): Promise<Vulnerability[]>;
/**
* Detect sanitization libraries in the file
*/
private detectSanitizationLibraries;
/**
* Validate if a pattern match represents unsafe HTML usage
*/
private validateHTMLMatch;
/**
* AST-based analysis for unsafe HTML usage
*/
private analyzeASTForUnsafeHTML;
/**
* Analyze dangerouslySetInnerHTML usage in JSX
*/
private analyzeDangerouslySetInnerHTML;
/**
* Analyze innerHTML/outerHTML property access
*/
private analyzeHTMLPropertyAccess;
/**
* Find document.write/document.writeln calls
*/
private findDocumentWriteCalls;
/**
* Analyze document.write calls
*/
private analyzeDocumentWrite;
/**
* Check if sanitization is used in the given context
*/
private isSanitizedInContext;
/**
* Check if dangerouslySetInnerHTML is used for safe CSS generation
*/
private isSafeCSSGeneration;
/**
* Check if innerHTML is being cleared (safe operation)
*/
private isInnerHTMLClearing;
/**
* Extract function name from AST node context
*/
private extractFunctionFromAST;
}