Closed pwnetrationguru closed 2 years ago
pwnetrationguru
commented
10 years ago @pauljt and @mozfreddyb, what do you think?
Definitely not something I'm thinking we do soon, but would definitely be a nice feature for reviews. The main usecase I see, is I'm doing a review on X and the pug contains a bunch of patch files that I'd like to scan.
mozfreddyb
commented
10 years ago The first idea sounds not too bad, but what about Code that spans more than one line and isn't included in the + lines?
pwnetrationguru
commented
10 years ago My originally thinking is that I don't care about anything except new additions, and hence we would only look at lines that were added.
I'm not sure I understand what you mean by more than one line? Do diff/patch files limit column width or something?
As a user, I would like to be able to upload a diff/patch file for scanning purposes. I would expect ScanJS to go through the patch, find lines that are being added, and testing for dangerous patterns.
The first implementation that comes to mind, is just parse the patch file for all the + lines, create a "new" JS file containing only the additions we just found, and pass that to ScanJS.