ScanJS is a Static analysis tool for javascript code. ScanJS was created as an aid for security review, to help identify security issues in client-side web applications. The
Scanjs uses Acorn to convert sources to AST, then walks AST looking for source patterns
Rules are specified in JSON format - for an example see /common/template_rules.json
At a minimum, each must have rule is made up of 2 attributes:
- name: the name of the rule
- source: javascript source which matches one of the patterns below
The following statements are supported:
identifier: matches any identifier , e.g. "foo" property: matches any property
Optionally a rule may have the following attirbutes:
- testhit: one more JavaScript statements (seperate by semi-colons) that the rule will match
- testmiss: the rule should not match any of these statements
- desc: description of the rule
- threat: for catgorizing rules by threat
- Install node.js
npm install -g mozilla/scanjs
scanjs-server
- Navigate to http://127.0.0.1:4000/client/ or see our example page
- Install node.js
npm install -g mozilla/scanjs
scanjs -t DIRECTORY_PATH
Tests use the mocha testing framework.
scanjs-server
http://127.0.0.1:4000/tests/
Tests are included in the rules declaration (see common/rules.json) by specifying the following two attributes, which are specified in the form of a series of javascript statements:
- testhit: The rule should match each of these statements individualy.
- testmiss: The rule should not match all of these statements.