Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
dfatool
Advanced tools
Readme
dfatool.js is a data flow analyze tool for javascript code runs on node.js.
The code analyze is based on Parser API AST, which you can generated with Esprima. And Escodegen is needed for the final output code regenerate.
npm install dfatool
Use Esprima to generate AST
var ast = esprima.parse(data, {
loc : true
});
Build scope for the program
var globalScope = dfatool.newGlobalScope();
dfatool.buildScope(ast, globalScope);
analyze the code
globalScope.initialize();
globalScope.derivation();
Get the variable defined in a specific scope
var variable = scope.getDefine("variableName");
Inference the variable's value in a specific position of program
var loc = {
line : 20,
column : 20
};
var value = variable.inference( scope.offsetLoc(loc) );
Inference the type(object
,function
,array
,literal
,expression
)
var type = value.type
Read property of the value( support prototype chain look up)
var property = value.access("propName.propName");
If the value is an array
var elem = value.access(10);
If the value is an function, you can simulate an function call
var returnedVariable = value.execute(callExprAST, scope);
Here is a simple example to get code outline with dfatool
// Parse AST with esprima, loc must be set true
var ast = esprima.parse(code, {
loc : true
});
var globalScope = dfatool.newGlobalScope();
dfatool.buildScope(ast, globalScope);
globalScope.initialize();
globalScope.derivation()
var outline = {};
// Iterate all the defined variables and inference its value
for(var name in globalScope._defines){
var variable = globalScope._defines[name];
var value = variable.inference();
if( value ){
outline[variable.name] = value.toJSON();
}
}
You can also run the test script under the tests folder
There are still many works todo like repeatment statement support
And sadly it seems doesn't work well on the minified code. Still can't find the problem.
FAQs
JavaScript Data Flow Analyze Tool
We found that dfatool demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).