Code Monkey home page Code Monkey logo

sec-literal's Introduction

Sec-literal

version Maintenance Security Responsible Disclosure mit

This package is a security utilities library created to analyze ESTree Literal and JavaScript string primitive. This project was originally created to simplify and better test the functionalities required for the SAST Scanner JS-X-Ray.

Features

  • Detect Hexadecimal, Base64, Hexa and Unicode sequences.
  • Detect patterns (prefix, suffix) on groups of identifiers.
  • Detect suspicious string and return advanced metrics on it (char diversity etc).

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/sec-literal
# or
$ yarn add @nodesecure/sec-literal

API

Hex

isHex(anyValue): boolean

Detect if the given string is an Hexadecimal value

isSafe(anyValue): boolean

Detect if the given string is a safe Hexadecimal value. The goal of this method is to eliminate false-positive.

Hex.isSafe("1234"); // true
Hex.isSafe("abcdef"); // true

Literal

isLiteral(anyValue): boolean

toValue(anyValue): string

toRaw(anyValue): string

defaultAnalysis(literalValue)

Utils

isSvg(strValue): boolean

isSvgPath(strValue): boolean

Detect if a given string is a svg path or not.

stringCharDiversity(str): number

Get the number of unique chars in a given string

stringSuspicionScore(str): number

Analyze a given string an give it a suspicion score (higher than 1 or 2 mean that the string is highly suspect).

Patterns

commonStringPrefix(leftStr, rightStr): string | null

commonStringSuffix(leftStr, rightStr): string | null

commonHexadecimalPrefix(identifiersArray: string[])

License

MIT

sec-literal's People

Contributors

fraxken avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.