Preparing for an Engagement                                                 Chapter 3

            As a means of testing the command, I  recently read a blog decrying the fact that jQuery,
            responsible for a large chunk of the web's client-side code, was running an out-of-date
            WordPress version on IUUQ   KRVFSZ DPN , so I decided to see whether their JavaScript
            had any issues:
                grabjs https://jquery.com sourcejs; scanjs sourcejs output.json | formatjs




















            The fact that IUUQ   KRVFSZ DPN  has a few issues is nothing huge, but still surprising!
            Known component vulnerabilities in JavaScript are a widespread issue, affecting a sizable
            portion of sites (different methodologies put the number of affected sites at between one-
            third and three-quarters of the entire web).


            The Value Behind the Structure


            We've developed several scripts to achieve a single goal. The exercise begs this question:
            why didn't we write one program instead? We could've included all our steps (download
            the JSON, analyze it, print a report) in a Python or Shell script; wouldn't that have been
            easier?

            But the advantage of our current setup is the modularity of the different pieces in the face
            of different workflows. For example, we might want to do all the steps at once, or we might
            just want a subset. If I've already downloaded all the JSON for a page and put it into a
            folder, scanned it, and created a report at TPNF TJUF         KTPO, then, when I visit
            the info, all I need is the ability to format the report from the raw KTPO. I can achieve that
            with simple Unix:

                cat output.json | formatjs






                                                    [ 52 ]