Assessing the Application
1
The existence of bin/www, package.json, and routes/ indicate that this is a NodeJS web application. In particular, package.json identifies a NodeJS project and manages its dependencies.
1
The existence of the docker-compose.yml and Dockerfile files indicate that this application is started using Docker containers.
HTTP Routing
Some programming languages and frameworks include routing information directly in the source code. For example, ExpressJS uses this method of routing:
1
2
3
4
5
6
7
var express = require('express');
var router = express.Router();
...
router.get('/login', function(req, res, next) {
res.render('login', { title: 'Login' });
});
Methods
It is important to know that in a typical NodeJS server side plugin this are the low-hanging-fruit that we need to check first:
- eval
Internal
internal is a reserved word for an “internal” function which then it can be called with “call” reserved word: Example:
** Internal ** Creating the function called “batch”
1
2
3
4
5
internals.batch = function (batchRequest, resultsData, pos, parts, callback) {
var path = '';
var error = null;
<SNIP>