From 173289e96d824a1d3b97b4d9c1809ff11fae4779 Mon Sep 17 00:00:00 2001
From: Kevin Hardy-Cooper <kevin.hardy-cooper@cyber.gc.ca>
Date: Wed, 8 Sep 2021 14:10:11 -0400
Subject: [PATCH] Adding weak indicators for JavaScript

---
 assemblyline/common/identify.py | 1 +
 test/test_identify.py           | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/assemblyline/common/identify.py b/assemblyline/common/identify.py
index 4e5aa9c00..3c36188cc 100644
--- a/assemblyline/common/identify.py
+++ b/assemblyline/common/identify.py
@@ -142,6 +142,7 @@
                         rb'Math\.(round|pow|sin|cos)\(',
                         rb'(isNaN|isFinite|parseInt|parseFloat)\(',
                         b'WSH',
+                        rb'(document|window)\['
                         ],
     'code/jscript': [rb'new[ \t]+ActiveXObject\(', rb'Scripting\.Dictionary'],
     'code/pdfjs': [rb'xfa\.((resolve|create)Node|datasets|form)', rb'\.oneOfChild'],
diff --git a/test/test_identify.py b/test/test_identify.py
index 17669f4f9..59f21eed8 100644
--- a/test/test_identify.py
+++ b/test/test_identify.py
@@ -355,6 +355,8 @@ def test_strong_indicators(code_snippet, code_types):
         (b"parseInt(", ["code/javascript"]),
         (b"parseFloat(", ["code/javascript"]),
         (b"WSH", ["code/javascript", "code/vbs"]),
+        (b"document[", ["code/javascript"]),
+        (b"window[", ["code/javascript"]),
         # JScript
         (b"new ActiveXObject(", ["code/jscript"]),
         (b"new\tActiveXObject(", ["code/jscript"]),