This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
wappalyzer/bin/wappalyzer-validate-regex

56 lines
1.6 KiB

#!/usr/bin/env node
var
app,
modulesPath = process.env.WAPPALYZER_NODE_PATH !== undefined ? process.env.WAPPALYZER_NODE_PATH + '/node_modules/' : '',
json = require(process.env.WAPPALYZER_ROOT + '/src/apps.json');
for ( app in json.apps ) {
['headers', 'html', 'env', 'meta', 'script'].forEach(function(type) {
var
key,
patterns = json.apps[app][type];
if ( patterns !== undefined ) {
patterns = typeof patterns === 'string' ? [patterns] : patterns;
if ( !( patterns instanceof Array ) ) {
patterns = [];
for ( key in json.apps[app][type] ) {
patterns.push(json.apps[app][type][key]);
}
}
patterns.forEach(function(pattern) {
var
attrs = pattern.split('\\;'),
regex = '/' + attrs.shift().replace('/', '\/') + '/';
//Check if the pattern is a valid RegExp
//Note: unlike when used in Wappalyzer, the modifier i isn't added here
new RegExp(regex);
if ( /^\/(?:\^\$|\.\+|\.\*)\/$/.test(regex) ) {
throw new Error('Pattern should be replaced with empty string.\n' + app + ': ' + type + ': ' + pattern);
}
if ( type === 'html' ) {
if ( /\.(?:\+|\*)/.test(regex) ) {
throw new Error('Avoid ".+" and ".*" in HTML patterns. Consider using "[^>]+" or "[^<]+" instead.\n' + app + ': ' + type + ': ' + pattern);
}
if ( !/[<>]/.test(regex) ) {
throw new Error('HTML patterns must contain "<" or ">".\n' + app + ': ' + type + ': ' + pattern);
}
}
});
}
});
if ( /[a-z]+:\/\//i.test(json.apps[app].website) ) {
throw new Error('Do not include the protocol in the website URL\n' + app + ': ' + json.apps[app].website);
}
}