feat(isRequire): Unsafe-import for prebuilt-install binary file (#429)

Author: clemgbld

.changeset/metal-poets-type.md

@@ -0,0 +1,5 @@
+---
+"@nodesecure/js-x-ray": minor
+---
+
+feat(isRequire): Unsafe-import for prebuilt-install binary file

workspaces/js-x-ray/src/probes/isRequire/RequireCallExpressionWalker.ts

@@ -77,6 +77,7 @@ export class RequireCallExpressionWalker {
           self.#handleRequireResolve(rootArgument);
           break;
         case "path.join":
+        case "path.resolve":
           self.#handlePathJoin(castedNode);
           break;
       }

workspaces/js-x-ray/test/probes/isRequire.spec.ts

@@ -396,3 +396,19 @@ test("(require CallExpression): it should detect obfuscated atob value", () => {
   assert.strictEqual(dependencies.size, 1);
   assert.ok(dependencies.has("os"));
 });
+
+test("(require CallExpression): it should not have an unsafe-import for a correct path.resolve", () => {
+  const str = `
+    const pkg = require(path.resolve('package.json'));
+  `;
+
+  const ast = parseScript(str);
+  const sastAnalysis = getSastAnalysis(isRequire)
+    .execute(ast.body);
+
+  assert.strictEqual(sastAnalysis.warnings().length, 0);
+
+  const dependencies = sastAnalysis.dependencies();
+  assert.strictEqual(dependencies.size, 1);
+  assert.ok(dependencies.has("package.json"));
+});