Caution
This package has been migrated to JS-X-Ray workspaces
This package is a security utilities library created to analyze ESTree Literal and JavaScript string primitive. This project was originally created to simplify and better test the functionalities required for the SAST Scanner JS-X-Ray.
- Detect Hexadecimal, Base64, Hexa and Unicode sequences.
- Detect patterns (prefix, suffix) on groups of identifiers.
- Detect suspicious string and return advanced metrics on it (char diversity etc).
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/sec-literal
# or
$ yarn add @nodesecure/sec-literalDetect if the given string is an Hexadecimal value
Hex.isHex("4e20"); // true
Hex.isHex(20); // falseDetect if the given string is a safe Hexadecimal value. The goal of this method is to eliminate false-positive.
Hex.isSafe("393d8"); // true
Hex.isSafe("7f196a64a870440000"); // falseDetect if the given literal is a ESTree literal.
const literalSample = createLiteral("hello world");
Literal.isLiteral(literalSample); // true
Literal.isLiteral("hello world!"); // falseReturns the value of the literal if the input is an ESTree literal else it returns the original input
const literalSample = createLiteral("hello world");
Literal.toValue(literalSample); // returns "hello world"Returns the raw value of literal if the literal is an ESTree literal else it returns the original input
const literalSample = createLiteral("hello world", true);
Literal.toRaw(literalSample); // returns "hello world"Returns an object which indicates if the literal contains hexadecimal, unicode or base64 sequence if the input is an ESTree literal else it returns null
const literalSample = createLiteral("hello world");
Literal.toRaw(literalSample); // returns {hasHexadecimalSequence: null, hasUnicodeSequence: null, isBase64: null}Detect if a given string is an SVG.
const SVG_HTML = `<svg height="100" width="100">
<circle cx="50" cy="50" r="40" stroke="black" stroke-width="3" fill="red" />
</svg> `;
Utils.isSvg(SVG_HTML); // trueDetect if a given string is a svg path.
Utils.isSvgPath("M150 0 L75 200 L225 200 Z"); // true
Utils.isSvgPath("hi there!"); // falseGet the number of unique chars in a given string.
Utils.stringCharDiversity("hello"); // returns 4
Utils.stringCharDiversity("hello", ["l"]); // returns 3
Utils.stringCharDiversity("syntax"); // returns 6Analyze a given string and give it a suspicion score (higher than 1 or 2 mean that the string is highly suspect).
Utils.stringSuspicionScore("hello world"); // returns 0
Utils.stringSuspicionScore(
"XoMFrxuRvgb6a7lip6uYd6sz13E4KooQYqiIL0ZQReukg8BqZwsjCeay"
); // returns 1Get the common string prefix (at the start) pattern
Patterns.commonStringPrefix("boo", "foo"); // null
Patterns.commonStringPrefix("bromance", "brother"); // "bro"Get the common string suffixes (at the end) pattern.
Patterns.commonStringSuffix("boo", "foo"); // oo
Patterns.commonStringSuffix("bromance", "brother"); // nullReturn the number of one time occurences of hexadecimal prefixes and an object containing the list of prefixes and the number of occurences in a given array of hexadecimals.
Patterns.commonHexadecimalPrefix([
"_0x33bb79",
"foo",
"_0x3c0c55",
"_0x1185d5",
]); // returns { oneTimeOccurence: 1, prefix: { _0x: 3 } }
Thanks goes to these wonderful people (emoji key):
 Gentilhomme π» π π π‘οΈ π |
 Nicolas Hallaert π |
 Badrri Narayanan S π |
 Kouadio Fabrice Nguessan π§ |
MIT