No support for a missing background page / content script

Aurore54F / DoubleX

Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale

GNU Affero General Public License v3.0

63 stars 11 forks source link

No support for a missing background page / content script #2

Closed Luca-Pistor closed 2 years ago

Luca-Pistor commented 2 years ago

Currently, DoubleX will throw an error if its command-line invocation is missing either a -cs or -bp argument. We can work around this by creating a blank text file to process as an empty argument, but support for extensions without content scripts (resp. background pages) would be useful.

Aurore54F commented 2 years ago

Fixed, thanks. Parameters -cs and -bp are now optional. If nothing is specified an empty JS file from the folder empty will be analyzed.

Note: to extract content scripts and background scripts from an extension, the _src/unpackextension.py script can be called, though.