njsscan
0.4.3
O NJSScan é uma ferramenta de teste de aplicativo estático (SAST) que pode encontrar padrões de código inseguro em seus aplicativos Node.js usando o Matcocer de padrões simples da ferramenta de pesquisa de padrões semânticos semânticos LibSast e Syntaxe.
Feito com
OPSECX Node.js Segurança: Pentesting e Exploração - NJS
pip install njsscan
Requer Python 3.7+ e suporta apenas Mac e Linux
$ njsscan
usage: njsscan [-h] [--json] [--sarif] [--sonarqube] [--html] [-o OUTPUT] [-c CONFIG] [--missing-controls] [-w] [-v] [path ...]
positional arguments:
path Path can be file(s) or directories with source code
optional arguments:
-h, --help show this help message and exit
--json set output format as JSON
--sarif set output format as SARIF 2.1.0
--sonarqube set output format compatible with SonarQube
--html set output format as HTML
-o OUTPUT, --output OUTPUT
output filename to save the result
-c CONFIG, --config CONFIG
Location to .njsscan config file
--missing-controls enable missing security controls check
-w, --exit-warning non zero exit code on warning
-v, --version show njsscan version$ njsscan test.js
- Pattern Match ████████████████████████████████████████████████████████████ 1
- Semantic Grep ███████████████████████████ 160
njsscan: v0.1.9 | Ajin Abraham | opensecurity.in
╒═════════════╤═══════════════════════════════════════════════════════════════════════════════════════════════╕
│ RULE ID │ express_xss │
├─────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ OWASP │ A1: Injection │
├─────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ CWE │ CWE-79: Improper Neutralization of Input During Web Page Generation ( ' Cross-site Scripting ' ) │
├─────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ DESCRIPTION │ Untrusted User Input in Response will result in Reflected Cross Site Scripting Vulnerability. │
├─────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ SEVERITY │ ERROR │
├─────────────┼───────────────────────────────────────────────────────────────────────────────────────────────┤
│ FILES │ ╒════════════════╤═══════════════════════════════════════════════╕ │
│ │ │ File │ test.js │ │
│ │ ├────────────────┼───────────────────────────────────────────────┤ │
│ │ │ Match Position │ 5 - 46 │ │
│ │ ├────────────────┼───────────────────────────────────────────────┤ │
│ │ │ Line Number(s) │ 7: 8 │ │
│ │ ├────────────────┼───────────────────────────────────────────────┤ │
│ │ │ Match String │ const { name } = req.query ; │ │
│ │ │ │ res.send( ' <h1> Hello : ' + name + " </h1> " ) │ │
│ │ ╘════════════════╧═══════════════════════════════════════════════╛ │
╘═════════════╧═══════════════════════════════════════════════════════════════════════════════════════════════╛O NodeJSScan , construído no topo do NJSScan, fornece uma interface de usuário de gerenciamento de vulnerabilidade completa, juntamente com outras integrações bacanas.
Veja NodeJSScan
> >> from njsscan . njsscan import NJSScan
> >> node_source = '/node_source/true_positives/sqli_node.js'
> >> scanner = NJSScan ([ node_source ], json = True , check_controls = False )
> >> scanner . scan ()
{
'templates' : {},
'nodejs' : {
'node_sqli_injection' : {
'files' : [{
'file_path' : '/node_source/true_positives/sqli_node.js' ,
'match_position' : ( 1 , 24 ),
'match_lines' : ( 4 , 11 ),
'match_string' : 'var employeeId = req.foo; n n var sql = "SELECT * FROM trn_employee WHERE employee_id = " + employeeId; n n n n connection.query(sql, function (error, results, fields) { n n if (error) { n n throw error; n n } n n console.log(results);'
}],
'metadata' : {
'owasp' : 'A1: Injection' ,
'cwe' : "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" ,
'description' : 'Untrusted input concatinated with raw SQL query can result in SQL Injection.' ,
'severity' : 'ERROR'
}
}
},
'errors' : []
} Um arquivo .njsscan na raiz do diretório de código -fonte permite configurar o njsscan. Você também pode usar um arquivo .njsscan personalizado usando --config .
---
- nodejs-extensions :
- .js
template-extensions :
- .new
- .hbs
- ' '
ignore-filenames :
- skip.js
ignore-paths :
- __MACOSX
- skip_dir
- node_modules
ignore-extensions :
- .jsx
ignore-rules :
- regex_injection_dos
- pug_jade_template
severity-filter :
- WARNING
- ERROR Você pode suprimir as descobertas dos arquivos de origem JavaScript, adicionando o comentário // njsscan-ignore: rule_id1, rule_id2 à linha que aciona as descobertas.
Exemplo:
app . get ( '/some/redirect' , function ( req , res ) {
var target = req . param ( "target" ) ;
res . redirect ( target ) ; // njsscan-ignore: express_open_redirect
} ) ; Você pode ativar o NJSScan nos seus pipelines CI/CD ou DevSeCops.
Adicione o seguinte ao arquivo .github/workflows/njsscan.yml .
name : njsscan
on :
push :
branches : [ master, main ]
pull_request :
branches : [ master, main ]
jobs :
njsscan :
runs-on : ubuntu-latest
name : njsscan check
steps :
- name : Checkout the code
uses : actions/[email protected]
- uses : actions/[email protected]
with :
python-version : ' 3.12 '
- name : nodejsscan scan
id : njsscan
uses : ajinabraham/njsscan-action@master
with :
args : ' . 'Exemplo: DVNA com ação NJSScan Github
Adicione o seguinte ao arquivo .github/workflows/njsscan_sarif.yml .
name : njsscan sarif
on :
push :
branches : [ master, main ]
pull_request :
branches : [ master, main ]
jobs :
njsscan :
runs-on : ubuntu-latest
name : njsscan code scanning
steps :
- name : Checkout the code
uses : actions/[email protected]
- uses : actions/[email protected]
with :
python-version : ' 3.12 '
- name : nodejsscan scan
id : njsscan
uses : ajinabraham/njsscan-action@master
with :
args : ' . --sarif --output results.sarif || true '
- name : Upload njsscan report
uses : github/codeql-action/upload-sarif@v3
with :
sarif_file : results.sarif 
Adicione o seguinte ao arquivo .gitlab-ci.yml .
stages :
- test
njsscan :
image : python
before_script :
- pip3 install --upgrade njsscan
script :
- njsscan .Exemplo: DVNA com NJSScan Gitlab
Adicione o seguinte ao arquivo .travis.yml .
language : python
install :
- pip3 install --upgrade njsscan
script :
- njsscan . Adicione o seguinte ao arquivo .circleci/config.yaml
version : 2.1
jobs :
njsscan :
docker :
- image : cimg/python:3.9.6
steps :
- checkout
- run :
name : Install njsscan
command : pip install --upgrade njsscan
- run :
name : njsscan check
command : njsscan . docker pull opensecurity/njsscan
docker run -v /path-to-source-dir:/src opensecurity/njsscan /src docker build -t njsscan .
docker run -v /path-to-source-dir:/src njsscan /src
