diff --git a/analyzer/lib/actions/checkActionsHardCodedValues.js b/analyzer/lib/actions/checkActionsHardCodedValues.js index 18c7519..b04a782 100644 --- a/analyzer/lib/actions/checkActionsHardCodedValues.js +++ b/analyzer/lib/actions/checkActionsHardCodedValues.js @@ -76,10 +76,20 @@ function detectHardcodedValues(code, scriptName) { let processedCode = String(code || '').replace(/(?!\w+#)\b#(\w+)/g, "_$1"); - const ast = acorn.parse(processedCode, { - ecmaVersion: "latest", - locations: true, - }); + let ast; + try { + ast = acorn.parse(processedCode, { + ecmaVersion: "latest", + locations: true, + }); + } catch (e) { + if (e instanceof SyntaxError) { + console.error(`[ACORN PARSE ERROR] Skipping script "${scriptName}" due to malformed code`); + // Return an empty array so the main loop can continue + return []; + } + throw e; // Re-throw other unexpected errors + } // Walk through the AST walk(ast, { @@ -147,6 +157,9 @@ function checkActionsHardCodedValues(options) { ); try { var report = detectHardcodedValues(action.code, actionName); + if (report.length === 0) { + continue; + } if (report.length > 0) { reports.push({ name: actionName, report: report }); } diff --git a/analyzer/lib/databases/checkDASHardCodedValues.js b/analyzer/lib/databases/checkDASHardCodedValues.js index 9833327..85b6022 100644 --- a/analyzer/lib/databases/checkDASHardCodedValues.js +++ b/analyzer/lib/databases/checkDASHardCodedValues.js @@ -67,59 +67,70 @@ const acorn = require("acorn"); const walk = require("estree-walker").walk; function detectHardcodedValues(code, scriptName) { - let processedCode = code.replace(/(?!\w+#)\b#(\w+)/g, "_$1"); - const ast = acorn.parse(processedCode, { + let processedCode = String(code || '').replace(/(?!\w+#)\b#(\w+)/g, "_$1"); + + let ast; + try { + ast = acorn.parse(processedCode, { ecmaVersion: "latest", locations: true, - }); + }); + } catch (e) { + if (e instanceof SyntaxError) { + console.error(`[ACORN PARSE ERROR] Skipping script "${scriptName}" due to malformed code`); + // Return an empty array so the main loop can continue + return []; + } + throw e; // Re-throw other unexpected errors + } - const hardcodedValues = []; + const hardcodedValues = []; - walk(ast, { - enter(node) { - // Variable assignments - if (node.type === "VariableDeclaration") { - node.declarations.forEach((declaration) => { - if ( - declaration.init && - declaration.init.type === "Literal" && - typeof declaration.init.value === "string" && - !isCommonException(declaration.init.value) - ) { - hardcodedValues.push({ - scriptName: scriptName, - variableName: declaration.id.name, - field: "hard_coded_value_detected", - status: CONSTANTS.FAIL, - type: typeof declaration.init.value, - line: declaration.loc.start.line, - column: declaration.loc.start.column, - }); - } - }); - } + walk(ast, { + enter(node) { + // Variable assignments + if (node.type === "VariableDeclaration") { + node.declarations.forEach((declaration) => { + if ( + declaration.init && + declaration.init.type === "Literal" && + typeof declaration.init.value === "string" && + !isCommonException(declaration.init.value) + ) { + hardcodedValues.push({ + scriptName: scriptName, + variableName: declaration.id.name, + field: "hard_coded_value_detected", + status: CONSTANTS.FAIL, + type: typeof declaration.init.value, + line: declaration.loc.start.line, + column: declaration.loc.start.column, + }); + } + }); + } - // Object literals - if ( - node.type === "Property" && - node.value.type === "Literal" && - typeof node.value.value === "string" && - !isCommonException(node.value.value) - ) { - hardcodedValues.push({ - scriptName: scriptName, - variableName: node.key.name || node.key.value, - field: "hard_coded_value_detected", - status: CONSTANTS.FAIL, - type: typeof node.value.value, - line: node.loc.start.line, - column: node.loc.start.column, - }); - } - }, - }); + // Object literals + if ( + node.type === "Property" && + node.value.type === "Literal" && + typeof node.value.value === "string" && + !isCommonException(node.value.value) + ) { + hardcodedValues.push({ + scriptName: scriptName, + variableName: node.key.name || node.key.value, + field: "hard_coded_value_detected", + status: CONSTANTS.FAIL, + type: typeof node.value.value, + line: node.loc.start.line, + column: node.loc.start.column, + }); + } + }, + }); - return hardcodedValues; + return hardcodedValues; } // Helper functions diff --git a/package-lock.json b/package-lock.json index 3d43cbb..02a644a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@auth0/auth0-checkmate", - "version": "1.6.4", + "version": "1.6.5", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@auth0/auth0-checkmate", - "version": "1.6.4", + "version": "1.6.5", "license": "Apache-2.0", "dependencies": { "acorn": "^8.14.0", diff --git a/package.json b/package.json index 3c940bf..1173f23 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@auth0/auth0-checkmate", - "version": "1.6.4", + "version": "1.6.5", "description": "A command line tool for checking configuration of your Auth0 tenant", "main": "analyzer/report.js", "scripts": {