Feature #62: Parse CSS and JavaScript in Detection Engine - ThreatFactor NSIA - LukeMurphey.net

Feature #62

Parse CSS and JavaScript in Detection Engine

Added by Luke Murphey about 14 years ago. Updated over 13 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Scan Engine

Target version:

Start date:

04/08/2010

Due date:

% Done:

Description

NSIA should incorporate a parser for JavaScript and CSS in order to improve the capability of the scanner. Below are the value-added analysis that the extended parsing would add:

CSS Parser¶

Identify bad CSS declarations
Identify content that is included via CSS

JavaScript/VBScript Parser¶

Identify attempts to instantiate objects (such as Shockwave Flash instances)
Could perform heuristics
Could identify bad JavaScript syntax

Related issues

History

#1 Updated by Luke Murphey about 14 years ago

For this to be done, a compiler grammar should be used to parse the content. The following projects could be used:

JavaCC
ANTLR

For JavaCC:

JavaScript
VB Script (Note: this is for VB6 but should work for VB scripts.
CSS

For ANTLR:

#2 Updated by Luke Murphey over 13 years ago

Category set to Scan Engine

Also available in: Atom PDF

Project

General

Profile

ThreatFactor NSIA

Issues

Custom queries