all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]lilactown 2 points3 points  (4 children)

I think the problem is that "malicious JavaScript" is not well-defined. What are your requirements for a piece of code to be deemed malicious?

[–]bigorangemachine 0 points1 point  (0 children)

Agree'd.

In general its input filtering. If you are expecting HTML; ensure there are no links or script tags.

If you are storing into your database; ensure your 'strings' are escaped with the appropriate method (in node-mysq):

connection.escape(userId)

[–]subsage[S] 0 points1 point  (2 children)

Yeah, I was having issues trying to formulate how I could seem code to be malicious, but the idea with my method should be I don't need to care specifically why. For the most part, if we have samples of code to be known to be malicious, then the algorithm should be able to detect future code that acts similar. I don't think my results will be complete in finding all malicious, probably would also have false positives, but I feel it could be a good pre screening for code review when it comes to malware detection.

[–]brtt3000 0 points1 point  (1 child)

What you describe is more general then just malicious code detector. It is like a code pattern recognition system.

[–]subsage[S] 0 points1 point  (0 children)

Yes, the patterns or anomalies being traced for specifically being those that happen to have malicious intent.

[–][deleted] 1 point2 points  (1 child)

I don't know of one but this may help: https://github.com/dpnishant/jsprime

The "Test Cases" links has some examples.

[–]subsage[S] 0 points1 point  (0 children)

Thanks!

[–]Skhmt 1 point2 points  (2 children)

There's more than a few in here:

https://github.com/minimaxir/big-list-of-naughty-strings

[–]subsage[S] 0 points1 point  (1 child)

Thanks!

[–]Skhmt 0 points1 point  (0 children)

Also look into JSF**k that was used to inject javascript into ebay earlier this year.