In general, we miss a case I've been calling 'variable indirection'.
If we use the example in the title of this issue, var b = alert; b(1);. We may wish to catch calls to alert(), but right now ScanJS misses the above case.
Failures:
var a = crypto; a.generate = crypto.generateCRMFRequest; a.generate("CN=0", 0, 0, null, "console.log(1)", 384, null, "rsa-dual-use");
var a = window.document; a.b = document.writeln; a.b("<h1>bad</h1>");
var a = window.document; a.b = document.writeln; a.b("<h1>bad</h1>");
var a = eval; a("alert(0);");
var a = Function; new a("alert(0)")();
var a = window.setInterval; a("console.log(4)", 300);
var a = window.setTimeout; a("console.log(4)", 300);
var o = window.open; o("http://www.mozilla.org", "name", {});
In general, we miss a case I've been calling 'variable indirection'.
If we use the example in the title of this issue,
var b = alert; b(1);
. We may wish to catch calls toalert()
, but right now ScanJS misses the above case.Failures:
The following rules will need to be adjusted: