1 files changed, 91 insertions, 0 deletions

diff --git a/cgi-bin/js_check/validate.py b/cgi-bin/js_check/validate.py
new file mode 100644
index 0000000..cd392b5
--- /dev/null
+++ b/cgi-bin/js_check/validate.py
@@ -0,0 +1,91 @@
+#!/usr/bin/python2
+import jsparser, re, sys, types, getopt
+import cgi
+import cgitb
+
+RESERVED_WORDLIST = ['document',
+ 'window',
+ 'document'
+ 'alert',
+ 'console',
+ '$',
+ 'jQuery',
+ 'xmlhttp',
+ 'eval',
+ 'XMLHttpRequest',
+ 'String',
+ 'this']
+opt_v = False
+ITERATION_BLOCKS = ['expression',
+ 'body',
+ 'block',
+ 'initializer',
+ 'condition',
+ 'thenPart',
+ 'elsePart',
+ 'tryBlock',
+ 'catchClauses',
+ 'varDecls']
+
+def test_script(tree, rec_level = 1):
+    if opt_v:
+        sys.stderr.write( 'test_script(tree,%d)' % rec_level);
+    for i, v in enumerate(tree):
+        if v.type == 'IDENTIFIER' and v.value in RESERVED_WORDLIST:
+            return 'BAD SCRIPT ERROR reserved word "%s" used in assignment at line number %s\n' % (v.value, v.lineno)
+        if v.type == 'STRING':
+            return 'BAD SCRIPT ERROR illegal type "%s" used at line number %s\n' % (v.type, v.lineno)
+        if opt_v:
+            sys.stderr.write( 'this is the type: %s at line number %s\n' % (v.type, v.lineno));
+        if opt_v:
+            sys.stderr.write( 'this is the value: %s at line number %s\n' % (v.value, v.lineno));
+        inner_test = test_script(v, rec_level + 1)
+        if inner_test:
+            return inner_test
+
+    for block in ITERATION_BLOCKS:
+        if hasattr(tree, block):
+            b = getattr(tree, block)
+            try:
+                if opt_v:
+                    sys.stderr.write( ' this is the expression type: %s \n' % getattr(b, 'type'));
+            except Exception as e:
+                sys.stderr.write('python execution error %s \n' % e)
+                continue
+
+            try:
+                for i, v in enumerate(b):
+                    if b.type == 'PLUS' and v.type == 'ARRAY_INIT':
+                        return 'BAD SCRIPT ERROR illegal use of arrays to cast strings at %s\n' % v.lineno
+                    if opt_v:
+                        sys.stderr.write( 'this is the (inner iteration) type: %s, at line number %s, rec_lev: %d' % (v.type, v.lineno, rec_level));
+                    if v.type == 'STRING':
+                        return 'BAD SCRIPT ERROR illegal type "%s" used at line number %s\n' % (v.type, v.lineno)
+                    if opt_v:
+                        sys.stderr.write( 'this is the (inner iteration) value: %s\n' % v.value);
+                    inner_test = test_script(v, rec_level + 1)
+                    if inner_test:
+                        return inner_test 
+
+            except Exception as e:
+                sys.stderr.write('this was the error %s\n' % e)
+                continue
+
+    if opt_v:
+        sys.stderr.write( 'test_script(tree,%d) end\n' % rec_level);
+    
+    return False
+
+if __name__ == "__main__":
+    f = open(sys.argv[1], 'r')
+    data = f.read()
+    f.close()
+    test = jsparser.parse(data)
+
+    test = test_script(test)
+    if test:
+       print( test)
+       sys.exit(1)
+    else:
+       sys.exit(0)
+