scanjs bug fix

backend/scanjs/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+/nbproject/
+.idea/

backend/scanjs/.travis.yml

@@ -0,0 +1,12 @@
+language: node_js
+node_js:
+  - 0.10
+env:
+  global:
+    - GH_REF: github.com/mozilla/scanjs.git
+    - secure: N/F/nDgbRmbquD4f9rADkyUlH5wOYxqSiZW92YItJTB7RE5jbj9jEXhgOXGrGJ+kr9yz5CEPbu1TtPO1KdCpVnAVvJ7MJeM0XsUEyhuB+vbd7j8IEQA1zGGKecvjn7wY0sBlwgnqclBc3dGTiIjV9jhNYzIXYfNXcaNnCSGZ9cca
+after_success: ./deploy-ghpages.sh
+branches:
+  only:
+    - master
+

backend/scanjs/README.md

@@ -1,6 +1,12 @@
-ScanJS
+ScanJS (DEPRECATED)
 ======
 
+**Development of ScanJS has stopped. We are currently investigating the use of [ESLint](http://eslint.org) with some additional rules. Please see [eslint-config-scanjs](https://github.com/mozfreddyb/eslint-config-scanjs).**
+
+*Testing and feedback appreciated! :)*
+
+--------------------------------
+
 ![travis-ci](https://travis-ci.org/mozilla/scanjs.svg)
 
 ScanJS is a Static analysis tool for javascript code. ScanJS was created as an aid for security review, to help identify security issues in client-side web applications.

backend/scanjs/common/rules.json

@@ -250,4 +250,18 @@
     "testmiss": "if(x==y){x=0;}",
     "desc": "Unintended use of AssignmentExpression in If Statement",
     "threat": "Typo"
+}, {
+    "name": "nodejs exec",
+    "source": "require('child_process').exec",
+    "testhit": "require('child_process').exec",
+    "testmiss": "exec()",
+    "desc": "Instantiation of command execution. Check for untrusted input to the API.",
+    "threat": "RCE"
+}, {
+    "name": "nodejs spawn",
+    "source": "require('child_process').spawn",
+    "testhit": "require('child_process').spawn",
+    "testmiss": "spawn()",
+    "desc": "Instantiation of command execution. Check for untrusted input to the API.",
+    "threat": "RCE"
 }]