Home > Software engineering >  Evaluate if code is simplified subset of JS functionality
Evaluate if code is simplified subset of JS functionality

Time:10-25

I want to define a “Simple JS” language that’s a subset of JS functionality. Then I’d like to analyze a small JS file and evaluate if it adheres to only using Simple JS functionality. This subset would be quite limited and be an “allowlist” of functionality rather than a “blocklist”.

More specifically, I want to check that the JS file only uses “vanilla” / “basic” functionality like:

  • Setting/modifying variables
  • Functions

Examples of “advanced” JS functionality that would not be in the Simple JS subset include:

  • Async/await
  • Eval
  • Networking

How would I implement such a Simple JS analyzer?

CodePudding user response:

This is one of those things that has a lot of caveats, and is EXTREMELY hard to do securely. If Simple JS is just a fun project, then you can learn a little of how compilers work by using a library like estree mentioned above to generate an AST. Then you would simply traverse the AST and verify that each node is on the "allow" list, or at least not on a "deny" list.

If this will take untrusted user scripts and run them in a full JS interpreter, realize that you will absolutely not do it securely. Generating an AST is static analysis, but if the code can find any covert way to modify itself while running (eval as an example, but there is a lot of ways) then it will have total access to the full JS language.

Page link:https//www.codepudding.com/Softwareengineering/587002.html

Prev:How to list data from another sheet depending on the date
Next:How to access the content of a single column from a flask-sqlalchemy model?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding