Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am trying to build some sort of a javascript “antivirus” that would try to catch particular function calls.
So lets say I’ve got some random javascript file, can I check if it doesn’t use function jQuery.trim() (just for example sake) anywhere?
It seems like pretty complicated task, plus there are eval and base encodings which could transform any code to a pile of characters.
Would it be possible to write something like this in PHP? Are there any libraries and tools that could help?
JavaScript is a dynamic language and even without functions like eval, it becomes very difficult to figure out if a script is calling a particular function. The best solution I can think of is similar to @pixl coer’s to override the function itself, and selectively call it instead of always blocking it.
Consider this example that calls the
popmethod on an Array indirectly by referring to it as a broken string.By wrapping the actual method, you can selectively decide whether to let the method pass through or block it at runtime.
However, note that even this is not fool-proof. Each iframe gets it own copy of the methods such as
eval. Somebody could just create a disposableiframe, get theevalmethod from there and then execute it.Is short, this determination can not be made statically at all. Even dynamically, you would have to patch up a lot of things to ensure that a particular function never gets called.