Skip to content

Commit

Permalink
Merge pull request #353 from CybercentreCanada/id_js_2
Browse files Browse the repository at this point in the history 
Adding weak indicators for JavaScript
  • Loading branch information
@cccs-kevin
cccs-kevin authored Sep 8, 2021
2 parents 94d4f3c + 173289e commit 76d80e0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions assemblyline/common/identify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@
rb'Math\.(round|pow|sin|cos)\(',
rb'(isNaN|isFinite|parseInt|parseFloat)\(',
b'WSH',
rb'(document|window)\['
],
'code/jscript': [rb'new[ \t]+ActiveXObject\(', rb'Scripting\.Dictionary'],
'code/pdfjs': [rb'xfa\.((resolve|create)Node|datasets|form)', rb'\.oneOfChild'],
Expand Down
2 changes: 2 additions & 0 deletions test/test_identify.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,8 @@ def test_strong_indicators(code_snippet, code_types):
(b"parseInt(", ["code/javascript"]),
(b"parseFloat(", ["code/javascript"]),
(b"WSH", ["code/javascript", "code/vbs"]),
(b"document[", ["code/javascript"]),
(b"window[", ["code/javascript"]),
# JScript
(b"new ActiveXObject(", ["code/jscript"]),
(b"new\tActiveXObject(", ["code/jscript"]),
Expand Down

0 comments on commit 76d80e0

Please sign in to comment.