Skip to content

coder13/Carat

Repository files navigation

Carat


Scans Node.js programs for vulnerabilities. Uses Espect

Usage:


From terminal:

$ carat <file> [options]

Example:

$ carat vulns/fs.js
---------------- vulns/fs.js
vuln
 sink:
  line: vulns/fs.js:4
  code: fs.readFileSync(process.argv[2])
source:
  line: vulns/fs.js:4
  code: process
vuln
 sink:
  line: vulns/fs.js:8
  code: eval(data)
source:
  line: vulns/fs.js:8
  code: data

Notes to keep in mind:

Code is written in es6, only traverses es5 for now.

About

Scans NodeJS programs for vulnerabilities

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published