Many of us, sitting at home now, have ample time on our hands to test, lint and fuzz JavaScript code:
Explore online tools at:
https://webtoolkitonline.com/Very interesting for those into JavaScript security and all others that take an interest in the subject.
Just an example from a Vulners Webscanner extension loaded content.js script,
content.js via Ctrl+Shift+I (inside the browser console).
Let's go. Following the yellow alert triangle we see:
We can us eeither
Javascript Tester online:
https://webtoolkitonline.com/javascript-tester.html Tevens:
https://codebeautify.org/jsvalidate via de laatste tool ->
Validation of a simple vulners script against regexp->
1 1 1 'console' was used before it was defined.
console.log('[VULNERS] Init');
2 3 1 'v_browser' was used before it was defined.
v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
3 3 57 'rules' was used before it was defined.
v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
4 3 56 Unexpected '('.
v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
5 3 65 Missing space between '=' and '>'.
v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
6 3 65 Unexpected '>'.
v_browser.runtime.sendMessage({ action: 'get_regexp'}, (rules) => {
Quite some task but very instructing. Pay attention to certain patterns and learn to recognize those patterns.
You learn to hear the JavaScript grass grow with your ear stuck (stack?) firmly unto the ground. ( } >
.
Regards to everyone here. A good week and most of all stay in good health ye all,
Info credits go to luntrus
polonus (volunteer 3rd party cold recon (JavaScript)-security website analyst and website error-hunter)