nyx/src/patterns/javascript.rs

use crate::patterns::{Pattern, Severity};

pub const PATTERNS: &[Pattern] = &[
    Pattern {
        id: "eval_call",
        description: "Use of eval()",
        query: "(call_expression function: (identifier) @id (#eq? @id \"eval\")) @vuln",
        severity: Severity::High,
    },
    Pattern {
        id: "new_function",
        description: "new Function() constructor",
        query: "(new_expression constructor: (identifier) @id (#eq? @id \"Function\")) @vuln",
        severity: Severity::High,
    },
    Pattern {
        id: "document_write",
        description: "document.write() call",
        query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"document\") property: (property_identifier) @prop (#eq? @prop \"write\"))) @vuln",
        severity: Severity::Medium,
    },
    Pattern {
        id: "settimeout_string",
        description: "setTimeout / setInterval with a string argument",
        query: "(call_expression function: (identifier) @id (#match? @id \"setTimeout|setInterval\") arguments: (arguments (string) @code . _)) @vuln",
        severity: Severity::Medium,
    },
    Pattern {
        id: "json_parse",
        description: "JSON.parse on dynamic string",
        query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"JSON\") property: (property_identifier) @prop (#eq? @prop \"parse\"))) @vuln",
        severity: Severity::Low,
    },
    Pattern {
        id: "outer_html_assignment",
        description: "Assignment to element.outerHTML",
        query: "(assignment_expression
               left: (member_expression
                        property: (property_identifier) @prop
                        (#eq? @prop \"outerHTML\"))) @vuln",
        severity: Severity::Medium,
    },
    Pattern {
        id: "insert_adjacent_html",
        description: "insertAdjacentHTML() call",
        query: "(call_expression
               function: (member_expression
                           property: (property_identifier) @prop
                           (#eq? @prop \"insertAdjacentHTML\"))) @vuln",
        severity: Severity::Medium,
    },
    Pattern {
        id: "location_href_assignment",
        description: "Assignment to window.location / location.href",
        query: "(assignment_expression
               left: (member_expression
                        object: (identifier) @obj
                        (#match? @obj \"^(window|location|document|self|top|parent|frames)$\")
                        property: (property_identifier) @prop
                        (#match? @prop \"^(location|href)$\"))) @vuln",
        severity: Severity::High,
    },
    Pattern {
        id: "cookie_assignment",
        description: "Write to document.cookie",
        query: "(assignment_expression
               left: (member_expression
                        object: (identifier) @obj
                        (#eq? @obj \"document\")
                        property: (property_identifier) @prop
                        (#eq? @prop \"cookie\"))) @vuln",
        severity: Severity::Medium,
    },
    Pattern {
        id: "proto_pollution",
        description: "Assignment to __proto__ (prototype pollution)",
        query: "(assignment_expression
               left: (member_expression
                        property: (property_identifier) @prop
                        (#eq? @prop \"__proto__\"))) @vuln",
        severity: Severity::Low,
    },
    Pattern {
        id: "weak_hash_md5",
        description: "crypto.createHash(\"md5\")",
        query: "(call_expression
               function: (member_expression
                           object: (identifier) @obj
                           (#eq? @obj \"crypto\")
                           property: (property_identifier) @prop
                           (#eq? @prop \"createHash\"))
               arguments: (arguments
                            (string) @alg
                            (#eq? @alg \"md5\"))) @vuln",
        severity: Severity::Low,
    },
    Pattern {
        id: "regexp_constructor_string",
        description: "new RegExp() with a dynamic string",
        query: "(new_expression
               constructor: (identifier) @id
               (#eq? @id \"RegExp\")
               arguments: (arguments (string) @pattern)) @vuln",
        severity: Severity::Low,
    },
    Pattern {
        id: "dangerous_extend_builtin",
        description: "Extending Object.prototype (may lead to collisions/pollution)",
        query: "(assignment_expression
               left: (member_expression
                        object: (identifier) @obj
                        (#eq? @obj \"Object\")
                        property: (property_identifier) @prop
                        (#eq? @prop \"prototype\"))) @vuln",
        severity: Severity::Medium,
    },
];
Add multi-language AST-pattern scanning support - Introduced `patterns` module with language-specific vulnerability patterns. - Added `query_cache` utility for caching compiled queries. - Expanded `scan.rs` to support scanning multiple languages dynamically. - Updated `Cargo.toml` with additional tree-sitter dependencies. - Added severity filtering to `ScannerConfig` for better configuration. 2025-06-17 01:17:48 +02:00			`use crate::patterns::{Pattern, Severity};`

			`pub const PATTERNS: &[Pattern] = &[`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`Pattern {`
			`id: "eval_call",`
			`description: "Use of eval()",`
			`query: "(call_expression function: (identifier) @id (#eq? @id \"eval\")) @vuln",`
			`severity: Severity::High,`
			`},`
			`Pattern {`
			`id: "new_function",`
			`description: "new Function() constructor",`
			`query: "(new_expression constructor: (identifier) @id (#eq? @id \"Function\")) @vuln",`
			`severity: Severity::High,`
			`},`
			`Pattern {`
			`id: "document_write",`
			`description: "document.write() call",`
			`query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"document\") property: (property_identifier) @prop (#eq? @prop \"write\"))) @vuln",`
			`severity: Severity::Medium,`
			`},`
			`Pattern {`
			`id: "settimeout_string",`
			`description: "setTimeout / setInterval with a string argument",`
			`query: "(call_expression function: (identifier) @id (#match? @id \"setTimeout\|setInterval\") arguments: (arguments (string) @code . _)) @vuln",`
			`severity: Severity::Medium,`
			`},`
			`Pattern {`
			`id: "json_parse",`
			`description: "JSON.parse on dynamic string",`
			`query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"JSON\") property: (property_identifier) @prop (#eq? @prop \"parse\"))) @vuln",`
			`severity: Severity::Low,`
			`},`
			`Pattern {`
			`id: "outer_html_assignment",`
			`description: "Assignment to element.outerHTML",`
			`query: "(assignment_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`left: (member_expression`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"outerHTML\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Medium,`
			`},`
			`Pattern {`
			`id: "insert_adjacent_html",`
			`description: "insertAdjacentHTML() call",`
			`query: "(call_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`function: (member_expression`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"insertAdjacentHTML\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Medium,`
			`},`
			`Pattern {`
			`id: "location_href_assignment",`
			`description: "Assignment to window.location / location.href",`
			`query: "(assignment_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`left: (member_expression`
Feat/configurable sanitizers and js precision (#32) * chore: Exclude CLAUDE.md from Cargo.toml * feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators * feat: Enhance resource management and analysis efficiency - Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance. - Introduced `GlobalSummaries::merge()` for efficient merging of summaries. - Optimized file reading and hashing to eliminate redundant I/O operations. - Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing. - Enhanced taint analysis with in-place mutations to reduce memory allocations. - Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions. * feat: Implement severity downgrade for findings in non-production paths and add source kind inference * feat: Update versioning information in SECURITY.md for new stable line * feat: Update categories in Cargo.toml to include parser-implementations and text-processing * feat: Update dependencies in Cargo.lock for improved compatibility and performance * feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility 2026-02-25 04:02:11 -05:00			`object: (identifier) @obj`
			`(#match? @obj \"^(window\|location\|document\|self\|top\|parent\|frames)$\")`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`property: (property_identifier) @prop`
Feat/configurable sanitizers and js precision (#32) * chore: Exclude CLAUDE.md from Cargo.toml * feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators * feat: Enhance resource management and analysis efficiency - Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance. - Introduced `GlobalSummaries::merge()` for efficient merging of summaries. - Optimized file reading and hashing to eliminate redundant I/O operations. - Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing. - Enhanced taint analysis with in-place mutations to reduce memory allocations. - Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions. * feat: Implement severity downgrade for findings in non-production paths and add source kind inference * feat: Update versioning information in SECURITY.md for new stable line * feat: Update categories in Cargo.toml to include parser-implementations and text-processing * feat: Update dependencies in Cargo.lock for improved compatibility and performance * feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility 2026-02-25 04:02:11 -05:00			`(#match? @prop \"^(location\|href)$\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::High,`
			`},`
			`Pattern {`
			`id: "cookie_assignment",`
			`description: "Write to document.cookie",`
			`query: "(assignment_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`left: (member_expression`
			`object: (identifier) @obj`
			`(#eq? @obj \"document\")`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"cookie\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Medium,`
			`},`
			`Pattern {`
			`id: "proto_pollution",`
			`description: "Assignment to __proto__ (prototype pollution)",`
			`query: "(assignment_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`left: (member_expression`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"__proto__\"))) @vuln",`
Feat/configurable sanitizers and js precision (#32) * chore: Exclude CLAUDE.md from Cargo.toml * feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators * feat: Enhance resource management and analysis efficiency - Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance. - Introduced `GlobalSummaries::merge()` for efficient merging of summaries. - Optimized file reading and hashing to eliminate redundant I/O operations. - Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing. - Enhanced taint analysis with in-place mutations to reduce memory allocations. - Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions. * feat: Implement severity downgrade for findings in non-production paths and add source kind inference * feat: Update versioning information in SECURITY.md for new stable line * feat: Update categories in Cargo.toml to include parser-implementations and text-processing * feat: Update dependencies in Cargo.lock for improved compatibility and performance * feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility 2026-02-25 04:02:11 -05:00			`severity: Severity::Low,`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`},`
			`Pattern {`
			`id: "weak_hash_md5",`
			`description: "crypto.createHash(\"md5\")",`
			`query: "(call_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`function: (member_expression`
			`object: (identifier) @obj`
			`(#eq? @obj \"crypto\")`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"createHash\"))`
			`arguments: (arguments`
			`(string) @alg`
			`(#eq? @alg \"md5\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Low,`
			`},`
			`Pattern {`
			`id: "regexp_constructor_string",`
			`description: "new RegExp() with a dynamic string",`
			`query: "(new_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`constructor: (identifier) @id`
			`(#eq? @id \"RegExp\")`
			`arguments: (arguments (string) @pattern)) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Low,`
			`},`
			`Pattern {`
			`id: "dangerous_extend_builtin",`
			`description: "Extending Object.prototype (may lead to collisions/pollution)",`
			`query: "(assignment_expression`
Update dependencies and enhance pattern handling - Added `tracing-appender` and `log` dependencies to improve error logging. - Enhanced `walk.rs` to add error handling with warning logs for ignore patterns. - Expanded Rust and JavaScript patterns with additional security vulnerability checks. - Simplified and updated pattern queries for improved accuracy and consistency. - Removed unused print statement in `index.rs`. 2025-06-17 02:22:14 +02:00			`left: (member_expression`
			`object: (identifier) @obj`
			`(#eq? @obj \"Object\")`
			`property: (property_identifier) @prop`
			`(#eq? @prop \"prototype\"))) @vuln",`
Refactor codebase for consistent indentation and formatting - Standardized spacing and indentation across multiple modules for improved readability. - Reorganized `patterns` and `utils` imports for consistency. - Updated `NyxError` and `NyxResult` related implementations to maintain consistent formatting. - Enhanced readability in AST patterns for better clarity and maintainability. 2025-06-24 20:27:06 +02:00			`severity: Severity::Medium,`
			`},`
Add multi-language AST-pattern scanning support - Introduced `patterns` module with language-specific vulnerability patterns. - Added `query_cache` utility for caching compiled queries. - Expanded `scan.rs` to support scanning multiple languages dynamically. - Updated `Cargo.toml` with additional tree-sitter dependencies. - Added severity filtering to `ScannerConfig` for better configuration. 2025-06-17 01:17:48 +02:00			`];`