def parse_javascript(text): """ Utility function to parse JavaScript and remove strings and comments. This allows for the detection of XSS vulnerabilities within a JavaScript context. :param text: text as string :return: stripped text as string """ parser = JavaScriptParser(text) return parser.strip()
def test_next_negative(self, scripts): parser = JavaScriptParser(scripts[0]) # end of text parser._index = parser._length - 1 with pytest.raises(StopIteration): parser.__next__() # past length parser._index = parser._length + 1 with pytest.raises(StopIteration): parser.__next__()
def test_peek_negative(self, scripts): parser = JavaScriptParser(scripts[0]) # end of text parser._index = parser._length - 1 test = parser._peek() assert test == '' # past length parser._index = parser._length + 1 test = parser._peek() assert test == ''
def test_peek_positive(self, scripts): parser = JavaScriptParser(scripts[0]) # first character test = parser._peek() assert test == 'v' assert parser._index == -1 # middle character parser._index = 8 test = parser._peek() assert test == 't' assert parser._index == 8 # last character parser._index = 13 test = parser._peek() assert test == ';' assert parser._index == 13
def test_next_positive(self, scripts): parser = JavaScriptParser(scripts[0]) # first character test = parser.__next__() assert test == 'v' assert parser._index == 0 # middle character parser._index = 8 test = parser.__next__() assert test == 't' assert parser._index == 9 # last character parser._index = 13 test = parser.__next__() assert test == ';' assert parser._index == 14
def test_strip_string_positive(self): # double quotes text = 'test"; function();' parser = JavaScriptParser(text) parser._strip_string('"') assert parser._index == 4 # single quotes text = "test'; function();" parser = JavaScriptParser(text) parser._strip_string("'") assert parser._index == 4 # mixed quotes text = 'test a "quote"\'; function();' parser = JavaScriptParser(text) parser._strip_string("'") assert parser._index == 14 # escaped quotes text = 'test an \\"escaped\\" quote"; function();' parser = JavaScriptParser(text) parser._strip_string('"') assert parser._index == 25
def test_strip_empty(self): # empty test = JavaScriptParser("").strip() assert test == ''
def test_strip_with_text(self, scripts): # double quotes test = JavaScriptParser(scripts[0]).strip() assert test == 'var x = ;' # single quotes test = JavaScriptParser(scripts[1]).strip() assert test == 'var x = ;' # mixed double quotes test = JavaScriptParser(scripts[2]).strip() assert test == 'var x = ;' # mixed single quotes test = JavaScriptParser(scripts[3]).strip() assert test == 'var x = ;' # escaped double quotes test = JavaScriptParser(scripts[4]).strip() assert test == 'var x = ;' # escaped single quotes test = JavaScriptParser(scripts[5]).strip() assert test == 'var x = ;' # double quotes concatenate test = JavaScriptParser(scripts[6]).strip() assert test == 'var x = + function() + ;' # single quotes concatenate test = JavaScriptParser(scripts[7]).strip() assert test == 'var x = + function() + ;' # double quotes statement test = JavaScriptParser(scripts[8]).strip() assert test == 'var x = ; function(); ' # single quotes statement test = JavaScriptParser(scripts[9]).strip() assert test == 'var x = ; function(); ' # double quotes single line comment test = JavaScriptParser(scripts[10]).strip() assert test == 'var x = ; ' # double quote multi-line comment '''var x = "test " + /* it's a // comment */ + "comments";''' test = JavaScriptParser(scripts[11]).strip() assert test == 'var x = + + ;'
def test_strip_comment_multi_line(self): # whole line text = "ignore this */\n" parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 13 # multi-line text = "this comment\nspans multiple\nlines*/\n" parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 34 # middle of line text = "ignore this */ function();" parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 13 # with apostrophe text = "it's a comment to ignore */\n" parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 26 # with string text = 'ignore this "string" */\n' parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 22 # with single line comment text = "it's a // mixed comment */\n" parser = JavaScriptParser(text) parser._strip_comment("/*") assert parser._index == 25
def test_strip_comment_single_line(self): # last line text = "ignore this\n" parser = JavaScriptParser(text) parser._strip_comment("//") assert parser._index == 10 # more lines text = "ignore this\n next line\n" parser = JavaScriptParser(text) parser._strip_comment("//") assert parser._index == 10 # with apostrophe text = "it's a comment to ignore\n next line\n" parser = JavaScriptParser(text) parser._strip_comment("//") assert parser._index == 23 # with string text = 'ignore this "string"\n next line\n' parser = JavaScriptParser(text) parser._strip_comment("//") assert parser._index == 19
def test_strip_string_negative(self): # unterminated text = 'unterminated string' parser = JavaScriptParser(text) parser._strip_string('"') assert parser._index == 19