Skip to content

Commit dc8bac8

Browse files
clemgbldclemgbld
authored
feat(probes): Flag some URL and domains as suspicious/shady (such as ipinfo.io or httpbin.org (#336)
1 parent a67b9aa commit dc8bac8

File tree

2 files changed

+37
-1
lines changed

2 files changed

+37
-1
lines changed

src/probes/isLiteral.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ const kNodeDeps = new Set(builtinModules);
1515
const kShadyLinkRegExps = [
1616
kMapRegexIps.regexIPv4,
1717
kMapRegexIps.regexIPv6,
18-
/(http[s]?:\/\/bit\.ly.*)$/,
18+
/(http[s]?:\/\/(bit\.ly|ipinfo\.io|httpbin\.org).*)$/,
1919
/(http[s]?:\/\/.*\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream))$/
2020
];
2121
/**

test/probes/isLiteral.spec.js

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,42 @@ test("should detect shady link when an URL is bit.ly", () => {
8888
assert.strictEqual(warning.value, "http://bit.ly/foo");
8989
});
9090

91+
test("should detect shady link when an URL is ipinfo.io when protocol is http", () => {
92+
const str = "const foo = 'http://ipinfo.io/json'";
93+
const ast = parseScript(str);
94+
const sastAnalysis = getSastAnalysis(str, isLiteral).execute(ast.body);
95+
assert.strictEqual(sastAnalysis.warnings().length, 1);
96+
const warning = sastAnalysis.getWarning("shady-link");
97+
assert.strictEqual(warning.value, "http://ipinfo.io/json");
98+
});
99+
100+
test("should detect shady link when an URL is ipinfo.io when protocol is https", () => {
101+
const str = "const foo = 'https://ipinfo.io/json'";
102+
const ast = parseScript(str);
103+
const sastAnalysis = getSastAnalysis(str, isLiteral).execute(ast.body);
104+
assert.strictEqual(sastAnalysis.warnings().length, 1);
105+
const warning = sastAnalysis.getWarning("shady-link");
106+
assert.strictEqual(warning.value, "https://ipinfo.io/json");
107+
});
108+
109+
test("should detect shady link when an URL is httpbin.org when protocol is http", () => {
110+
const str = "const foo = 'http://httpbin.org/ip'";
111+
const ast = parseScript(str);
112+
const sastAnalysis = getSastAnalysis(str, isLiteral).execute(ast.body);
113+
assert.strictEqual(sastAnalysis.warnings().length, 1);
114+
const warning = sastAnalysis.getWarning("shady-link");
115+
assert.strictEqual(warning.value, "http://httpbin.org/ip");
116+
});
117+
118+
test("should detect shady link when an URL is httpbin.org when protocol is https", () => {
119+
const str = "const foo = 'https://httpbin.org/ip'";
120+
const ast = parseScript(str);
121+
const sastAnalysis = getSastAnalysis(str, isLiteral).execute(ast.body);
122+
assert.strictEqual(sastAnalysis.warnings().length, 1);
123+
const warning = sastAnalysis.getWarning("shady-link");
124+
assert.strictEqual(warning.value, "https://httpbin.org/ip");
125+
});
126+
91127
test("should detect shady link when an URL has a suspicious domain", () => {
92128
const str = "const foo = 'http://foobar.link'";
93129
const ast = parseScript(str);

0 commit comments

Comments
 (0)