cgi-bin/js_check/test_javascript.py.bk


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

#!/usr/bin/python2
import jsparser, re, sys, types, getopt
import cgi
import cgitb
print 'Content-type: text/html\n\n'
cgitb.enable()
RESERVED_WORDLIST = ['document',
 'window',
 'alert',
 'console',
 '$',
 'jQuery',
 'xmlhttp',
 'eval',
 'XMLHttpRequest',
 'String',
 'this']
form = cgi.FieldStorage()
opt_v = False
if 'script' not in form:
    print '<h1>script not found</h1>'
    sys.exit(1)
else:
    print 'loading %d bytes' % len(form['script'].value)
test = jsparser.parse(form['script'].value)
ITERATION_BLOCKS = ['expression',
 'body',
 'block',
 'initializer',
 'condition',
 'thenPart',
 'elsePart',
 'tryBlock',
 'catchClauses',
 'varDecls']

def test_script(tree, rec_level = 1):
    if opt_v:
        print 'test_script(tree,%d)' % rec_level
    for i, v in enumerate(tree):
        if v.type == 'IDENTIFIER' and v.value in RESERVED_WORDLIST:
            print '(MY) ERROR reserved word "%s" used in assignment at line number %s' % (v.value, v.lineno)
            sys.exit(1)
        if v.type == 'STRING':
            print '(MY) ERROR illegal type "%s" used at line number %s' % (v.type, v.lineno)
            sys.exit(1)
        if opt_v:
            print 'this is the type: %s at line number %s' % (v.type, v.lineno)
        if opt_v:
            print 'this is the value: %s at line number %s' % (v.value, v.lineno)
        test_script(v, rec_level + 1)

    for block in ITERATION_BLOCKS:
        if hasattr(tree, block):
            b = getattr(tree, block)
            try:
                if opt_v:
                    print ' this is the expression type: %s ' % getattr(b, 'type')
            except Exception as e:
                sys.stderr.write('this was the error %s ' % e)
                continue

            try:
                for i, v in enumerate(b):
                    if b.type == 'PLUS' and v.type == 'ARRAY_INIT':
                        print '(MY) ERROR illegal use of arrays to cast strings at %s' % v.lineno
                        sys.exit(1)
                    if opt_v:
                        print 'this is the (inner iteration) type: %s, at line number %s, rec_lev: %d' % (v.type, v.lineno, rec_level)
                    if v.type == 'STRING':
                        print '(MY) ERROR illegal type "%s" used at line number %s' % (v.type, v.lineno)
                        sys.exit(1)
                    if opt_v:
                        print 'this is the (inner iteration) value: %s' % v.value
                    test_script(v, rec_level + 1)

            except Exception as e:
                sys.stderr.write('this was the error %s ' % e)
                continue

    if opt_v:
        print 'test_script(tree,%d) end' % rec_level


test_script(test)