Package com.h3xstream.retirejs.repo

Class ScannerFacade

java.lang.Object

com.h3xstream.retirejs.repo.ScannerFacade

public class ScannerFacade
extends java.lang.Object

Constructor Summary

Constructors

Constructor	Description
ScannerFacade(VulnerabilitiesRepository repo)	For testing purpose only

Method Summary

Modifier and Type	Method	Description
static ScannerFacade	getInstance()	Obtain the singleton instance.
static ScannerFacade	loadInstance(VulnerabilitiesRepository repo)
java.util.List<JsLibraryResult>	scanHtml(byte[] respBytes, int offset)	Look for potential script in the HTML code <script src="//cdn.server.com/jquery/1.3.3.7.js"></script>
java.util.List<JsLibraryResult>	scanPath(java.lang.String path)	Analyze a script with only its path is available.
java.util.List<JsLibraryResult>	scanScript(java.lang.String path, byte[] respBytes, int offset)	Analyze script with the JavaScript file is loaded.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ScannerFacade

public ScannerFacade(VulnerabilitiesRepository repo)
              throws java.io.IOException

For testing purpose only

Parameters:

repo - Mock repository (For testing purpose)

Throws:

java.io.IOException - Unable to load the repository

Method Detail

getInstance

public static ScannerFacade getInstance()
                                 throws java.io.IOException

Obtain the singleton instance. It make sure the repo is loaded the first time.

Returns:

Will always return the same instance

Throws:

java.io.IOException - Unable to load the repository

loadInstance

public static ScannerFacade loadInstance(VulnerabilitiesRepository repo)
                                  throws java.io.IOException

Throws:

java.io.IOException

scanHtml

public java.util.List<JsLibraryResult> scanHtml(byte[] respBytes,
                                                int offset)

Look for potential script in the HTML code <script src="//cdn.server.com/jquery/1.3.3.7.js"></script>

Parameters:

respBytes - Content of the JavaScript file (exclude HTTP headers)

offset - The body of the response starts at this offset

Returns:

The list of vulnerable libraries

scanPath

public java.util.List<JsLibraryResult> scanPath(java.lang.String path)

Analyze a script with only its path is available. For example a path in a HTML pages.

Parameters:

path - File path (ie: /js/jquery/jquery-1.3.3.7.js)

Returns:

The list of vulnerable libraries

scanScript

public java.util.List<JsLibraryResult> scanScript(java.lang.String path,
                                                  byte[] respBytes,
                                                  int offset)

Analyze script with the JavaScript file is loaded. The path has been extracted from the request URI. And the response is the content of the file.

Parameters:

path - File path (ie: /js/jquery/jquery-1.3.3.7.js)

respBytes - Content of the JavaScript file (exclude HTTP headers)

offset - The body of the response starts at this offset

Returns:

The list of vulnerable libraries