Skip to content

skepticfx/seclint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
lib
lib
 
 
rules
rules
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
linter.js
linter.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
renovate.json
renovate.json
 
 
seclint.js
seclint.js
 
 

Repository files navigation

seclint

A simple linter to warn about javascript dom issues et al.

What is this?

Lets say you are security reviewing a single JavaScript file or a folder full of *.js files. Most often you would want to just know the unsafe API usages and then dig your own way into finding security issues(if at all it exists)

Seclint tries to do that for Javascript with the vanilla DOM, React and Angular. The table below lists the unsafe APIs which most often leads you to discovering vulnerabilities.

Installation

npm install -g seclint

Usage

seclint <js-folder>

TODO

  • Configure options through a file
  • Add React, Angular unsafe usages

Current tests

API Name Tips Example Usage
jQuery Append Most often this is used for legitimate purposes. However, there are instances when a developer might accidentally assign unsafe inputs here. This tool tries to reduce the false positives by doing simple heuristics, but no taint analysis.The Return on Investment is not that great. $(some_div).append(some_$_div)
jQuery HTML This is similar to jQuery Append $(some_div).html(some_$_div)

About

A javascript dom security linter

Resources

Readme
Activity

Stars

6 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages