fixed recursive checking after splitting check.js into scope.js and custom.js

Author: Caleb Hoover

bin/check

@@ -8,9 +8,7 @@ var yargs = require('yargs')
     .describe('o', 'if -j, will output json into a file: <file>_log. If a file is given, outputs to that it. Default is false.')
     .showHelpOnFail(false);
 
-var check = require('../check.js'),
-	Scope = require('../scope.js'),
-	colors  = require('colors'),
+var colors  = require('colors'),
 	fs = require('fs'),
 	path = require('path'),
 	_ = require('underscore'),
@@ -38,10 +36,9 @@ if (argv.h) {
 	process.exit();
 }
 
-check.flags.verbose = argv.v;
-check.flags.recursive = argv.r;
-if (argv.j)
-	check.flags.json = argv.j;
+var check = require('../check.js');
+check.setFlags({verbose: argv.v, recursive: argv.r, json: argv.j});
+var Scope = check.Scope;
 
 if (!argv.j)
 	console.log(' ---- '.yellow, file.white);
@@ -50,12 +47,14 @@ var scope = new Scope({
 	file: file
 });
 
-var ast = check.astFromFile(scope.file);
-check.traverse(ast, scope);
+var ast = check.astFromFile(file);
+if (ast) {
+	check.traverse(ast, scope);
 
-if (check.flags.json) {
-	if (check.reports.length !== 0)
-		console.log(require('prettyjson').render(check.reports));
-	else
-		console.log(colors.green('No vulneralbities found'));
+	if (check.flags.json) {
+		if (check.reports.length !== 0)
+			console.log(require('prettyjson').render(check.reports));
+		else
+			console.log(colors.green('No vulneralbities found'));
+	}
 }

bin/modlist

@@ -0,0 +1,95 @@
+#!/usr/bin/env node
+
+var yargs = require('yargs'),
+	colors  = require('colors'),
+	fs = require('fs'),
+	path = require('path'),
+	_ = require('underscore'),
+	esprima = require('esprima'),
+	estraverse = require('estraverse'),
+	resolve = require('resolve'),
+	file = process.argv[2];
+
+var argv = yargs.argv;
+
+if (!file) {
+	yargs.showHelp();
+	process.exit();
+}
+
+file = path.resolve(file);
+
+if (!fs.existsSync(file)) {
+	console.error(file, 'doesn\'t exist.');
+	process.exit();
+} else if (!fs.lstatSync(file).isFile()) {
+	console.error(file, 'is not a file.');
+	process.exit();
+}
+
+var lookupTable = {};
+var baseFile = file;
+
+var resolvePath = function(file, parent) {
+	var pkg;
+	if (file.indexOf('./') === 0 || file.indexOf('../') === 0) {
+		if (path.extname(file) == '.json') {
+			return false;
+		}
+	}
+
+	try {
+		pkg = resolve.sync(file, {basedir: parent.split('/').slice(0,-1).join('/')});
+	} catch (e) {
+		console.error(String(e));
+		return false;
+	}
+
+	return file == pkg ? false : pkg;
+};
+
+var resolveFile = function(file, scope) {
+	if (!file)
+		return;
+	var j = {};
+
+	var input = String(fs.readFileSync(file));
+	input = _.filter(input.split('\n'), function(l) {return (l[0] + l[1])!="#!";}).join('\n');
+
+	var ast = esprima.parse(input, {loc: true});
+	estraverse.traverse(ast, {
+		enter: function (node, parent) {
+			// assertions
+			if (node.type != 'CallExpression')
+				return;
+			if (node.callee.type != 'Identifier')
+				return;
+			if (node.callee.name != 'require')
+				return;
+			if (!node.arguments[0].value)
+				return;
+
+			var arg = node.arguments[0].value;
+
+			var path = resolvePath(arg, file);
+			if (!argv.j) {
+				if (fs.existsSync(path) || path === false)
+					console.log(scope, colors.green(arg));
+				else
+					console.log(scope, colors.red(arg));
+			}
+			if (lookupTable[arg])
+				return;
+			lookupTable[arg] = true;
+			j[arg] = resolveFile(path, scope + '  --') || {};
+
+		}
+	});
+
+	return j;
+};
+
+var list = resolveFile(file, '-');
+// console.log(list);
+if (argv.j)
+	console.log(require('prettyjson').render(list));