sbassett29 · May 11, 2021 19:41
diff --git a/js_sec_grep.sh b/js_sec_grep.sh
 #!/usr/bin/env bash
 ###############################################################################
 # Author: [email protected]
 # License: Apache 2 <https://opensource.org/licenses/Apache-2.0>
 # Description:
 #     Simple js security search
 #       - http://blog.blueclosure.com/2017/09/javascript-dangerous-functions-part-1.html
 #       - https://github.com/wisec/domxsswiki/wiki/Direct-Execution-Sinks
 #       - https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md
 ###############################################################################
 set -euo pipefail

 # validate arguments
 if ([ -z ${1+x} ] || ([ ! -d "$1" ] && [ ! -f "$1" ])); then
    printf "One argument required: {valid path}.  Exiting.\n"
    exit 1
 fi

 # set variables
 readonly path="$1"

 readonly search="$(command -v grep 2> /dev/null)"
 readonly searchflags='-nrE --color=always'

 readonly searchexcludes="--exclude-dir=.git \
 --exclude-dir=node_modules"

 # group 1: basic js functions
 readonly dangerous_group="(^|\s+)eval(\s+|\(|$)\
 |(^|\w+)\.write(\s+|\(|$)\
 |(^|\w+)\.writeln(\s+|\(|$)\
 |(^|\w+)\.innerHTML(\s+|$)\
 |(^|\w+)\.outerHTML(\s+|$)\
 |(^|\w+)\.insertAdjacentHTML(\s+|\(|$)\
 |(^|\w+)\.src(\s+|$)\
 |(^|\w+)\.text(\s+|$)\
 |(^|\w+)\.textContent(\s+|$)\
 |(^|\w+)\.innerText(\s+|$)\
 |(^|\w+)\.on(\s+|$)\
 |(^|\w+)\.setAttribute(\s+|$)\
 |(^|\w+)\.appendChild(\s+|$)\
 |(^|\w+)\.exec(\s+|$)\
 |(^|\w+)\.test(\s+|$)\
 |(^|\w+)\.match(\s+|$)\
 |(^|\w+)\.matchAll(\s+|$)\
 |(^|\w+)\.search(\s+|$)\
 |(^|\w+)\.replace(\s+|$)\
 |(^|\w+)\.replaceAll(\s+|$)\
 |(^|\w+)\.split(\s+|$)\
 |(^|\s+)alert(\s+|\(|$)\
 |(^|\s+)prompt(\s+|\(|$)\
 |(^|\s+)Function(\s+|\(|$)\
 |(^|\s+)setTimeout(\s+|\(|$)\
 |(^|\s+)setInterval(\s+|\(|$)\
 |(^|\s+)setImmediate(\s+|\(|$)\
 |(^|\s+)execScript(\s+|\(|$)\
 |(^|\s+)v\-html\
 |(^|\s+)v\-i18n\-html\
 |(^|\s+)crypto\.generateCRMFRequest(\s+|\(|$)"

 # search files in $path
 find $path -type d \( -path '*/.git*' -o \
    -path '*/vendor*' -o \
    -path '*/node_modules*' \) \
    -prune -o \
    -type f \( -name '*.js' -o -name '*.ts' -o -name '*.vue' \) -print0 \
    | while read -d $'\0' file
 do
    # remove double slashes which sometimes happen
    results=""

    out=""
    out=$(echo "$file" |xargs php -w |tr ";" "\n" \
        |${search} ${searchexcludes} ${searchflags} "${dangerous_group}" || :)
    if [ -n "${out}" ]; then results="${results}\n${file}\n${out}\n"; fi

    printf "%b" "$results"
 done
	#!/usr/bin/env bash
	###############################################################################
	# Author: [email protected]
	# License: Apache 2 <https://opensource.org/licenses/Apache-2.0>
	# Description:
	# Simple js security search
	# - http://blog.blueclosure.com/2017/09/javascript-dangerous-functions-part-1.html
	# - https://github.com/wisec/domxsswiki/wiki/Direct-Execution-Sinks
	# - https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.md
	###############################################################################
	set -euo pipefail

	# validate arguments
	if ([ -z ${1+x} ] \|\| ([ ! -d "$1" ] && [ ! -f "$1" ])); then
	printf "One argument required: {valid path}. Exiting.\n"
	exit 1
	fi

	# set variables
	readonly path="$1"

	readonly search="$(command -v grep 2> /dev/null)"
	readonly searchflags='-nrE --color=always'

	readonly searchexcludes="--exclude-dir=.git \
	--exclude-dir=node_modules"

	# group 1: basic js functions
	readonly dangerous_group="(^\|\s+)eval(\s+\|\(\|$)\
	\|(^\|\w+)\.write(\s+\|\(\|$)\
	\|(^\|\w+)\.writeln(\s+\|\(\|$)\
	\|(^\|\w+)\.innerHTML(\s+\|$)\
	\|(^\|\w+)\.outerHTML(\s+\|$)\
	\|(^\|\w+)\.insertAdjacentHTML(\s+\|\(\|$)\
	\|(^\|\w+)\.src(\s+\|$)\
	\|(^\|\w+)\.text(\s+\|$)\
	\|(^\|\w+)\.textContent(\s+\|$)\
	\|(^\|\w+)\.innerText(\s+\|$)\
	\|(^\|\w+)\.on(\s+\|$)\
	\|(^\|\w+)\.setAttribute(\s+\|$)\
	\|(^\|\w+)\.appendChild(\s+\|$)\
	\|(^\|\w+)\.exec(\s+\|$)\
	\|(^\|\w+)\.test(\s+\|$)\
	\|(^\|\w+)\.match(\s+\|$)\
	\|(^\|\w+)\.matchAll(\s+\|$)\
	\|(^\|\w+)\.search(\s+\|$)\
	\|(^\|\w+)\.replace(\s+\|$)\
	\|(^\|\w+)\.replaceAll(\s+\|$)\
	\|(^\|\w+)\.split(\s+\|$)\
	\|(^\|\s+)alert(\s+\|\(\|$)\
	\|(^\|\s+)prompt(\s+\|\(\|$)\
	\|(^\|\s+)Function(\s+\|\(\|$)\
	\|(^\|\s+)setTimeout(\s+\|\(\|$)\
	\|(^\|\s+)setInterval(\s+\|\(\|$)\
	\|(^\|\s+)setImmediate(\s+\|\(\|$)\
	\|(^\|\s+)execScript(\s+\|\(\|$)\
	\|(^\|\s+)v\-html\
	\|(^\|\s+)v\-i18n\-html\
	\|(^\|\s+)crypto\.generateCRMFRequest(\s+\|\(\|$)"

	# search files in $path
	find $path -type d \( -path '/.git' -o \
	-path '/vendor' -o \
	-path '/node_modules' \) \
	-prune -o \
	-type f \( -name '.js' -o -name '.ts' -o -name '*.vue' \) -print0 \
	\| while read -d $'\0' file
	do
	# remove double slashes which sometimes happen
	results=""

	out=""
	out=$(echo "$file" \|xargs php -w \|tr ";" "\n" \
	\|${search} ${searchexcludes} ${searchflags} "${dangerous_group}" \|\| :)
	if [ -n "${out}" ]; then results="${results}\n${file}\n${out}\n"; fi

	printf "%b" "$results"
	done