nstarke/nodejs-security-vulnerability-grep.sh

## nodejs-security-vulnerability-grep.sh
# this command will return instances where the child_process module is loaded.
# that module is generally a good signal that the application is shelling out
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "require(\s*)\((\s*)'child_process'(\s*))" .

# this command will return instances where code is dynamically executed.
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "eval(\s*)\(" .

# this command will check common dangerous functions and report when strings are arguments
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)\".*\"" .

# same as above but will catch variables passed as arguments
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(setInterval|setTimeout|new(\s*)Function)(\s*)\((\s*)" .

# this command can be used to gauge whether or not CSRF protections are in place in libraries such as express
# if no results are returned, that can mean no CSRF protections exist at the framework level.
# will vary based on application framework.
grep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "csrf" .

# NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed:
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(execQuery|query)(\s*)\((\s*)\".*\".*\+" .

# mongoose: database connect functions (look for hard-coded credentials)
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "\.(createConnection|connect)(\s*)\(" .

# hard coded port values in JSON documents:
egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"port\.*\"(\s*):(\s*)\d+" .

# look for username / password strings for json keys:
egrep -r --exclude-dir "node_modules" --include "*.js" --include "*.json" --exclude "*.min.*" -e "\"(username|user|password|pass)\"(\s*):(\s*)\".*\"" .

# look for places with possible dom-based XSS
egrep -r --exclude-dir "node_modules" --include "*.js" --exclude "*.min.*" -e "(window.)?location((\s*)|\.)(href)?\=" .
	# this command will return instances where the child_process module is loaded.
	# that module is generally a good signal that the application is shelling out
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "require(\s)\((\s)'child_process'(\s))" .

	# this command will return instances where code is dynamically executed.
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "eval(\s)\(" .

	# this command will check common dangerous functions and report when strings are arguments
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(setInterval\|setTimeout\|new(\s)Function)(\s)\((\s)\".*\"" .

	# same as above but will catch variables passed as arguments
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(setInterval\|setTimeout\|new(\s)Function)(\s)\((\s)" .

	# this command can be used to gauge whether or not CSRF protections are in place in libraries such as express
	# if no results are returned, that can mean no CSRF protections exist at the framework level.
	# will vary based on application framework.
	grep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "csrf" .

	# NODE-ORM, Sequelize: find places where potential unsafe SQL queries are executed:
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "\.(execQuery\|query)(\s)\((\s)\".\".*\+" .

	# mongoose: database connect functions (look for hard-coded credentials)
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "\.(createConnection\|connect)(\s)\(" .

	# hard coded port values in JSON documents:
	egrep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "\"port\.\"(\s):(\s*)\d+" .

	# look for username / password strings for json keys:
	egrep -r --exclude-dir "node_modules" --include ".js" --include ".json" --exclude ".min." -e "\"(username\|user\|password\|pass)\"(\s):(\s)\".*\"" .

	# look for places with possible dom-based XSS
	egrep -r --exclude-dir "node_modules" --include ".js" --exclude ".min." -e "(window.)?location((\s)\|\.)(href)?\=" .