Home

Awesome

Development of ScanJS has stopped.

We are using ESLint instead. Your options:

Thank you.


ScanJS was was a Static analysis tool for javascript code. ScanJS was created as an aid for security review, to help identify security issues in client-side web applications.

ScanJS used Acorn to convert sources to AST, then walks AST looking for source patterns. You could use the rules file supplied, or load your own rules.

ScanJS Rules

Rules are specified in JSON format - for an example see /common/template_rules.json

At a minimum, each must have rule is made up of 2 attributes:

Optionally a rule may have the following attirbutes:

Rule Syntax

For the source attribute, the following basic statements are supported:

You can also matches function calls based on the same syntax:

You can also search for functions with matching literal arguments:

You can also search for assignment to a specifically named identifier:

If you specify $_unsafe on the right hand side (e.g. foo.innerHTML=$_unsafe), it will only match if the RHS contains at least one identifier.

Tips:

Examples: See /common/template_rules.json and /common/rules.json

Running ScanJS

Run ScanJS in the browser

Run ScanJS from the command line

Testing instructions

Tests use the mocha testing framework.

Tests are included in the rules declaration (see common/rules.json) by specifying the following two attributes, which are specified in the form of a series of javascript statements: