Sec-literal

This package is a security utilities library created to analyze ESTree Literal and JavaScript string primitive. This project was originally created to simplify and better test the functionalities required for the SAST Scanner JS-X-Ray.

Features

• Detect Hexadecimal, Base64, Hexa and Unicode sequences.
• Detect patterns (prefix, suffix) on groups of identifiers.
• Detect suspicious string and return advanced metrics on it (char diversity etc).

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/sec-literal
# or
$ yarn add @nodesecure/sec-literal

API

Hex

isHex(anyValue): boolean

Detect if the given string is an Hexadecimal value

Hex.isHex("4e20"); // true
Hex.isHex(20); // false

isSafe(anyValue): boolean

Detect if the given string is a safe Hexadecimal value. The goal of this method is to eliminate false-positive.

Hex.isSafe("393d8"); // true
Hex.isSafe("7f196a64a870440000"); // false

Literal

isLiteral(anyValue): boolean

Detect if the given literal is a ESTree literal.

const literalSample = createLiteral("hello world");
Literal.isLiteral(literalSample); // true
Literal.isLiteral("hello world!"); // false

toValue(anyValue): string

Returns the value of the literal if the input is an ESTree literal else it returns the original input

const literalSample = createLiteral("hello world");
Literal.toValue(literalSample); // returns "hello world"

toRaw(anyValue): string

Returns the raw value of literal if the literal is an ESTree literal else it returns the original input

const literalSample = createLiteral("hello world", true);
Literal.toRaw(literalSample); // returns "hello world"

defaultAnalysis(literalValue)

Returns an object which indicates if the literal contains hexadecimal, unicode or base64 sequence if the input is an ESTree literal else it returns null

const literalSample = createLiteral("hello world");
Literal.toRaw(literalSample); // returns {hasHexadecimalSequence: null, hasUnicodeSequence: null, isBase64: null}

Utils

isSvg(strValue): boolean

Detect if a given string is an SVG.

const SVG_HTML = `<svg height="100" width="100">
    <circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
  </svg> `;
Utils.isSvg(SVG_HTML); // true

isSvgPath(strValue): boolean

Detect if a given string is a svg path.

Utils.isSvgPath("M150 0 L75 200 L225 200 Z"); // true
Utils.isSvgPath("hi there!"); // false

stringCharDiversity(str): number

Get the number of unique chars in a given string.

Utils.stringCharDiversity("hello"); // returns 4
Utils.stringCharDiversity("hello", ["l"]); // returns 3
Utils.stringCharDiversity("syntax"); // returns 6

stringSuspicionScore(str): number

Analyze a given string and give it a suspicion score (higher than 1 or 2 mean that the string is highly suspect).

Utils.stringSuspicionScore("hello world"); // returns 0
Utils.stringSuspicionScore(
  "XoMFrxuRvgb6a7lip6uYd6sz13E4KooQYqiIL0ZQReukg8BqZwsjCeay"
); // returns 1

Patterns

commonStringPrefix(leftStr, rightStr): string | null

Get the common string prefix (at the start) pattern

Patterns.commonStringPrefix("boo", "foo"); // null
Patterns.commonStringPrefix("bromance", "brother"); // "bro"

commonStringSuffix(leftStr, rightStr): string | null

Get the common string suffixes (at the end) pattern.

Patterns.commonStringSuffix("boo", "foo"); // oo
Patterns.commonStringSuffix("bromance", "brother"); // null

commonHexadecimalPrefix(identifiersArray: string[])

Return the number of one time occurences of hexadecimal prefixes and an object containing the list of prefixes and the number of occurences in a given array of hexadecimals.

Patterns.commonHexadecimalPrefix([
  "_0x33bb79",
  "foo",
  "_0x3c0c55",
  "_0x1185d5",
]); // returns { oneTimeOccurence: 1, prefix: { _0x: 3 } }

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Gentilhomme 💻 📖 👀 🛡️ 🐛

Nicolas Hallaert 📖

Badrri Narayanan S 📖

Kouadio Fabrice Nguessan 🚧

License

MIT