added upload stuff and view code

1 files changed, 82 insertions, 0 deletions

diff --git a/cgi-bin/js_check/test_javascript.py b/cgi-bin/js_check/test_javascript.py
new file mode 100644
index 0000000..6b00e03
--- /dev/null
+++ b/cgi-bin/js_check/test_javascript.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python2
+import jsparser, re, sys, types, getopt
+import cgi
+import cgitb
+print 'Content-type: text/html\n\n'
+cgitb.enable()
+RESERVED_WORDLIST = ['document',
+ 'window',
+ 'alert',
+ 'console',
+ '$',
+ 'jQuery',
+ 'xmlhttp',
+ 'eval',
+ 'XMLHttpRequest',
+ 'String',
+ 'this']
+form = cgi.FieldStorage()
+opt_v = False
+if 'script' not in form:
+    print '<h1>script not found</h1>'
+    sys.exit(1)
+else:
+    print 'loading %d bytes' % len(form['script'].value)
+test = jsparser.parse(form['script'].value)
+ITERATION_BLOCKS = ['expression',
+ 'body',
+ 'block',
+ 'initializer',
+ 'condition',
+ 'thenPart',
+ 'elsePart',
+ 'tryBlock',
+ 'catchClauses',
+ 'varDecls']
+
+
+def security_checks(v):
+        if opt_v:
+            print 'this is the type: %s at line number %s' % (v.type, v.lineno)
+        if opt_v:
+            print 'this is the value: %s at line number %s' % (v.value, v.lineno)
+        
+        if v.type == 'IDENTIFIER' and v.value in RESERVED_WORDLIST:
+            print '(MY) ERROR reserved word "%s" used in assignment at line number %s' % (v.value, v.lineno)
+            sys.exit(1)
+        if v.type == 'STRING':
+            print '(MY) ERROR illegal type "%s" used at line number %s' % (v.type, v.lineno)
+            sys.exit(1)
+        if v.type == 'PLUS': 
+              for a,b in enumerate(v):
+                  if b.type == 'ARRAY_INIT':
+                      print '(MY) ERROR illegal use of arrays to cast strings at %s' % v.lineno
+                      sys.exit(1)
+                      
+
+def traverse(tree, rec_level = 1):
+    if opt_v:
+        print 'test_script(tree,%d)' % rec_level
+    security_checks(tree)
+    for i, v in enumerate(tree):
+        test_script(v, rec_level + 1)
+    for block in ITERATION_BLOCKS:
+        if hasattr(tree, block):
+            b = getattr(tree, block)
+            try:
+                if opt_v:
+                    print ' this is the expression type: %s ' % getattr(b, 'type')
+            except Exception as e:
+                sys.stderr.write('this was the error %s ' % e)
+                continue
+            try:
+                for i, v in enumerate(b):
+                    test_script(v, rec_level + 1)
+            except Exception as e:
+                sys.stderr.write('this was the error %s ' % e)
+                continue
+    if opt_v:
+        print 'test_script(tree,%d) end' % rec_level
+
+
+traverse(test)