From e9dd7eceb8e04983085980f913e8ea94b1a11f8d Mon Sep 17 00:00:00 2001 From: john19696 Date: Thu, 14 Jul 2022 14:27:59 +0100 Subject: [PATCH 001/124] upgrade to nodejs v18 --- .nvmrc | 2 +- package-lock.json | 63 ++++++++++++++++++++++++++++++++++------------- package.json | 2 +- 3 files changed, 48 insertions(+), 19 deletions(-) diff --git a/.nvmrc b/.nvmrc index 8e2afd34..3c032078 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -17 \ No newline at end of file +18 diff --git a/package-lock.json b/package-lock.json index e1712692..f174ec5d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -100,7 +100,7 @@ "babel-loader": "^8.2.5", "babel-plugin-dynamic-import-node": "^2.3.3", "babel-plugin-transform-builtin-extend": "1.1.2", - "chromedriver": "^101.0.0", + "chromedriver": "^103.0.0", "cli-progress": "^3.11.1", "colors": "^1.4.0", "copy-webpack-plugin": "^11.0.0", @@ -3337,12 +3337,27 @@ "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==" }, "node_modules/axios": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.24.0.tgz", - "integrity": "sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", + "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", "dev": true, "dependencies": { - "follow-redirects": "^1.14.4" + "follow-redirects": "^1.14.9", + "form-data": "^4.0.0" + } + }, + "node_modules/axios/node_modules/form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "dev": true, + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" } }, "node_modules/babel-code-frame": { @@ -4496,14 +4511,14 @@ } }, "node_modules/chromedriver": { - "version": "101.0.0", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-101.0.0.tgz", - "integrity": "sha512-LkkWxy6KM/0YdJS8qBeg5vfkTZTRamhBfOttb4oic4echDgWvCU1E8QcBbUBOHqZpSrYMyi7WMKmKMhXFUaZ+w==", + "version": "103.0.0", + "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-103.0.0.tgz", + "integrity": "sha512-7BHf6HWt0PeOHCzWO8qlnD13sARzr5AKTtG8Csn+czsuAsajwPxdLNtry5GPh8HYFyl+i0M+yg3bT43AGfgU9w==", "dev": true, "hasInstallScript": true, "dependencies": { "@testim/chrome-version": "^1.1.2", - "axios": "^0.24.0", + "axios": "^0.27.2", "del": "^6.0.0", "extract-zip": "^2.0.1", "https-proxy-agent": "^5.0.0", @@ -18301,12 +18316,26 @@ "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==" }, "axios": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-0.24.0.tgz", - "integrity": "sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==", + "version": "0.27.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz", + "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==", "dev": true, "requires": { - "follow-redirects": "^1.14.4" + "follow-redirects": "^1.14.9", + "form-data": "^4.0.0" + }, + "dependencies": { + "form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "dev": true, + "requires": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + } + } } }, "babel-code-frame": { @@ -19208,13 +19237,13 @@ "dev": true }, "chromedriver": { - "version": "101.0.0", - "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-101.0.0.tgz", - "integrity": "sha512-LkkWxy6KM/0YdJS8qBeg5vfkTZTRamhBfOttb4oic4echDgWvCU1E8QcBbUBOHqZpSrYMyi7WMKmKMhXFUaZ+w==", + "version": "103.0.0", + "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-103.0.0.tgz", + "integrity": "sha512-7BHf6HWt0PeOHCzWO8qlnD13sARzr5AKTtG8Csn+czsuAsajwPxdLNtry5GPh8HYFyl+i0M+yg3bT43AGfgU9w==", "dev": true, "requires": { "@testim/chrome-version": "^1.1.2", - "axios": "^0.24.0", + "axios": "^0.27.2", "del": "^6.0.0", "extract-zip": "^2.0.1", "https-proxy-agent": "^5.0.0", diff --git a/package.json b/package.json index 48d6f693..46aca7d9 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "babel-loader": "^8.2.5", "babel-plugin-dynamic-import-node": "^2.3.3", "babel-plugin-transform-builtin-extend": "1.1.2", - "chromedriver": "^101.0.0", + "chromedriver": "^103.0.0", "cli-progress": "^3.11.1", "colors": "^1.4.0", "copy-webpack-plugin": "^11.0.0", From 475282984bda96535fb7d41c9d61d561a1c5b720 Mon Sep 17 00:00:00 2001 From: Philippe Arteau Date: Fri, 29 Jul 2022 14:32:46 -0400 Subject: [PATCH 002/124] Minor typos --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 07257ede..021e3515 100755 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ You can use as many operations as you like in simple or complex ways. Some examp - Whenever you modify the input or the recipe, CyberChef will automatically "bake" for you and produce the output immediately. - This can be turned off and operated manually if it is affecting performance (if the input is very large, for instance). - Automated encoding detection - - CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation which can make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data. + - CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation that make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data. - Breakpoints - You can set breakpoints on any operation in your recipe to pause execution before running it. - You can also step through the recipe one operation at a time to see what the data looks like at each stage. @@ -66,7 +66,7 @@ You can use as many operations as you like in simple or complex ways. Some examp - Highlighting - When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: [highlight the word 'question' in the input to see where it appears in the output][11]). - Save to file and load from file - - You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however some operations may take a very long time to run over this much data. + - You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however, some operations may take a very long time to run over this much data. - CyberChef is entirely client-side - It should be noted that none of your recipe configuration or input (either text or files) is ever sent to the CyberChef web server - all processing is carried out within your browser, on your own computer. - Due to this feature, CyberChef can be downloaded and run locally. You can use the link in the top left corner of the app to download a full copy of CyberChef and drop it into a virtual machine, share it with other people, or host it in a closed network. @@ -74,7 +74,7 @@ You can use as many operations as you like in simple or complex ways. Some examp ## Deep linking -By manipulation of CyberChef's URL hash, you can change the initial settings with which the page opens. +By manipulating CyberChef's URL hash, you can change the initial settings with which the page opens. The format is `https://gchq.github.io/CyberChef/#recipe=Operation()&input=...` Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`. @@ -90,12 +90,12 @@ CyberChef is built to support ## Node.js support -CyberChef is built to fully support Node.js `v10` and partially supports `v12`. Named imports using a deep import specifier does not work in `v12`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki) +CyberChef is built to fully support Node.js `v10` and partially supports `v12`. Named imports using a deep import specifier do not work in `v12`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki) ## Contributing -Contributing a new operation to CyberChef is super easy! There is a quickstart script which will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation. +Contributing a new operation to CyberChef is super easy! The quickstart script will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation. An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the project [wiki pages](https://github.com/gchq/CyberChef/wiki). From 69e59916e25be3fe8511ca8134df2e0b444de166 Mon Sep 17 00:00:00 2001 From: jeiea Date: Wed, 17 Aug 2022 02:12:39 +0900 Subject: [PATCH 003/124] feat: support boolean and null in JSON to CSV --- src/core/operations/JSONToCSV.mjs | 7 +++++-- tests/operations/tests/JSONtoCSV.mjs | 11 +++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/core/operations/JSONToCSV.mjs b/src/core/operations/JSONToCSV.mjs index 7eb3e3b4..875ff6e8 100644 --- a/src/core/operations/JSONToCSV.mjs +++ b/src/core/operations/JSONToCSV.mjs @@ -114,8 +114,11 @@ class JSONToCSV extends Operation { * @returns {string} */ escapeCellContents(data, force=false) { - if (typeof data === "number") data = data.toString(); - if (force && typeof data !== "string") data = JSON.stringify(data); + if (data !== "string") { + const isPrimitive = data == null || typeof data !== "object"; + if (isPrimitive) data = `${data}`; + else if (force) data = JSON.stringify(data); + } // Double quotes should be doubled up data = data.replace(/"/g, '""'); diff --git a/tests/operations/tests/JSONtoCSV.mjs b/tests/operations/tests/JSONtoCSV.mjs index a9a0867e..faf373d1 100644 --- a/tests/operations/tests/JSONtoCSV.mjs +++ b/tests/operations/tests/JSONtoCSV.mjs @@ -46,6 +46,17 @@ TestRegister.addTests([ }, ], }, + { + name: "JSON to CSV: boolean and null as values", + input: JSON.stringify({a: false, b: null, c: 3}), + expectedOutput: "a,b,c\r\nfalse,null,3\r\n", + recipeConfig: [ + { + op: "JSON to CSV", + args: [",", "\\r\\n"] + }, + ], + }, { name: "JSON to CSV: JSON as an array", input: JSON.stringify([{a: 1, b: "2", c: 3}]), From 65d883496bc3fc8c214e27542e3378ff554e1fd5 Mon Sep 17 00:00:00 2001 From: IsSafrullah Date: Tue, 6 Sep 2022 03:52:42 +0700 Subject: [PATCH 004/124] fix select when change theme --- src/web/stylesheets/utils/_overrides.css | 27 ++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/src/web/stylesheets/utils/_overrides.css b/src/web/stylesheets/utils/_overrides.css index c06d3b8c..e1c36c12 100755 --- a/src/web/stylesheets/utils/_overrides.css +++ b/src/web/stylesheets/utils/_overrides.css @@ -82,7 +82,17 @@ a:focus { border-color: var(--btn-success-hover-border-colour); } -select.form-control:not([size]):not([multiple]), select.custom-file-control:not([size]):not([multiple]) { +select.form-control, +select.form-control:focus { + background-color: var(--primary-background-colour) !important; +} + +select.form-control:focus { + transition: none !important; +} + +select.form-control:not([size]):not([multiple]), +select.custom-file-control:not([size]):not([multiple]) { height: unset !important; } @@ -145,7 +155,8 @@ optgroup { color: var(--primary-font-colour); } -.table-bordered th, .table-bordered td { +.table-bordered th, +.table-bordered td { border: 1px solid var(--table-border-colour); } @@ -172,7 +183,9 @@ optgroup { color: var(--subtext-font-colour); } -.nav-tabs>li>a.nav-link.active, .nav-tabs>li>a.nav-link.active:focus, .nav-tabs>li>a.nav-link.active:hover { +.nav-tabs>li>a.nav-link.active, +.nav-tabs>li>a.nav-link.active:focus, +.nav-tabs>li>a.nav-link.active:hover { background-color: var(--secondary-background-colour); border-color: var(--secondary-border-colour); border-bottom-color: transparent; @@ -183,7 +196,8 @@ optgroup { border-color: var(--primary-border-colour); } -.nav a.nav-link:focus, .nav a.nav-link:hover { +.nav a.nav-link:focus, +.nav a.nav-link:hover { background-color: var(--secondary-border-colour); } @@ -199,7 +213,8 @@ optgroup { color: var(--primary-font-colour); } -.dropdown-menu a:focus, .dropdown-menu a:hover { +.dropdown-menu a:focus, +.dropdown-menu a:hover { background-color: var(--secondary-background-colour); color: var(--primary-font-colour); } @@ -231,4 +246,4 @@ optgroup { .colorpicker-color, .colorpicker-color div { height: 100px; -} +} \ No newline at end of file From 86b43b4ffae14d9b85935fa9dc7e6ee0d30a1c2f Mon Sep 17 00:00:00 2001 From: n1474335 Date: Fri, 9 Sep 2022 16:39:10 +0100 Subject: [PATCH 005/124] Updated README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 021e3515..48811566 100755 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ You can use as many operations as you like in simple or complex ways. Some examp By manipulating CyberChef's URL hash, you can change the initial settings with which the page opens. The format is `https://gchq.github.io/CyberChef/#recipe=Operation()&input=...` -Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`. +Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`. ## Browser support @@ -90,7 +90,7 @@ CyberChef is built to support ## Node.js support -CyberChef is built to fully support Node.js `v10` and partially supports `v12`. Named imports using a deep import specifier do not work in `v12`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki) +CyberChef is built to fully support Node.js `v16`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki) ## Contributing From cef7a7b27d6e8fca45f314eef15516ea183a9e2c Mon Sep 17 00:00:00 2001 From: n1474335 Date: Fri, 9 Sep 2022 16:44:41 +0100 Subject: [PATCH 006/124] Lint --- src/web/stylesheets/utils/_overrides.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/web/stylesheets/utils/_overrides.css b/src/web/stylesheets/utils/_overrides.css index e1c36c12..7deabe7d 100755 --- a/src/web/stylesheets/utils/_overrides.css +++ b/src/web/stylesheets/utils/_overrides.css @@ -246,4 +246,4 @@ optgroup { .colorpicker-color, .colorpicker-color div { height: 100px; -} \ No newline at end of file +} From d90d845f27273c28a4f590401a3c0ed15437d827 Mon Sep 17 00:00:00 2001 From: n1474335 Date: Fri, 9 Sep 2022 16:51:38 +0100 Subject: [PATCH 007/124] 9.46.1 --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index e1712692..3cdc4234 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cyberchef", - "version": "9.46.0", + "version": "9.46.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "cyberchef", - "version": "9.46.0", + "version": "9.46.1", "hasInstallScript": true, "license": "Apache-2.0", "dependencies": { diff --git a/package.json b/package.json index 48d6f693..b45d9b25 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cyberchef", - "version": "9.46.0", + "version": "9.46.1", "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.", "author": "n1474335 ", "homepage": "https://gchq.github.io/CyberChef", From 1dd1b839b8fc6b446d589afa2bbdc3b6bf1b2af0 Mon Sep 17 00:00:00 2001 From: n1474335 Date: Fri, 9 Sep 2022 20:39:28 +0100 Subject: [PATCH 008/124] Switched jsonpath library to jsonpath-plus. Fixes #1318 --- package-lock.json | 135 ++---------------------- package.json | 2 +- src/core/operations/JPathExpression.mjs | 33 +++--- tests/operations/tests/Code.mjs | 35 ++++-- 4 files changed, 57 insertions(+), 148 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3cdc4234..c9d63374 100644 --- a/package-lock.json +++ b/package-lock.json @@ -46,7 +46,7 @@ "js-sha3": "^0.8.0", "jsesc": "^3.0.2", "json5": "^2.2.1", - "jsonpath": "^1.1.1", + "jsonpath-plus": "^7.2.0", "jsonwebtoken": "^8.5.1", "jsqr": "^1.4.0", "jsrsasign": "^10.5.23", @@ -9498,26 +9498,12 @@ "node": ">=6" } }, - "node_modules/jsonpath": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", - "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", - "dependencies": { - "esprima": "1.2.2", - "static-eval": "2.0.2", - "underscore": "1.12.1" - } - }, - "node_modules/jsonpath/node_modules/esprima": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", - "integrity": "sha1-dqD9Zvz+FU/SkmZ9wmQBl1CxZXs=", - "bin": { - "esparse": "bin/esparse.js", - "esvalidate": "bin/esvalidate.js" - }, + "node_modules/jsonpath-plus": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-7.2.0.tgz", + "integrity": "sha512-zBfiUPM5nD0YZSBT/o/fbCUlCcepMIdP0CJZxM1+KgA4f2T206f6VAg9e7mX35+KlMaIc5qXW34f3BnwJ3w+RA==", "engines": { - "node": ">=0.4.0" + "node": ">=12.0.0" } }, "node_modules/jsonwebtoken": { @@ -14055,52 +14041,6 @@ "node": ">=8" } }, - "node_modules/static-eval": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz", - "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==", - "dependencies": { - "escodegen": "^1.8.1" - } - }, - "node_modules/static-eval/node_modules/escodegen": { - "version": "1.14.3", - "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", - "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", - "dependencies": { - "esprima": "^4.0.1", - "estraverse": "^4.2.0", - "esutils": "^2.0.2", - "optionator": "^0.8.1" - }, - "bin": { - "escodegen": "bin/escodegen.js", - "esgenerate": "bin/esgenerate.js" - }, - "engines": { - "node": ">=4.0" - }, - "optionalDependencies": { - "source-map": "~0.6.1" - } - }, - "node_modules/static-eval/node_modules/estraverse": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", - "engines": { - "node": ">=4.0" - } - }, - "node_modules/static-eval/node_modules/source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "optional": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/statuses": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", @@ -14767,11 +14707,6 @@ "node": ">=0.10.0" } }, - "node_modules/underscore": { - "version": "1.12.1", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", - "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" - }, "node_modules/underscore.string": { "version": "3.3.6", "resolved": "https://registry.npmjs.org/underscore.string/-/underscore.string-3.3.6.tgz", @@ -23025,22 +22960,10 @@ "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.1.tgz", "integrity": "sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==" }, - "jsonpath": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", - "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", - "requires": { - "esprima": "1.2.2", - "static-eval": "2.0.2", - "underscore": "1.12.1" - }, - "dependencies": { - "esprima": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", - "integrity": "sha1-dqD9Zvz+FU/SkmZ9wmQBl1CxZXs=" - } - } + "jsonpath-plus": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-7.2.0.tgz", + "integrity": "sha512-zBfiUPM5nD0YZSBT/o/fbCUlCcepMIdP0CJZxM1+KgA4f2T206f6VAg9e7mX35+KlMaIc5qXW34f3BnwJ3w+RA==" }, "jsonwebtoken": { "version": "8.5.1", @@ -26583,39 +26506,6 @@ } } }, - "static-eval": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz", - "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==", - "requires": { - "escodegen": "^1.8.1" - }, - "dependencies": { - "escodegen": { - "version": "1.14.3", - "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", - "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", - "requires": { - "esprima": "^4.0.1", - "estraverse": "^4.2.0", - "esutils": "^2.0.2", - "optionator": "^0.8.1", - "source-map": "~0.6.1" - } - }, - "estraverse": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==" - }, - "source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "optional": true - } - } - }, "statuses": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", @@ -27126,11 +27016,6 @@ "integrity": "sha1-5z3T17DXxe2G+6xrCufYxqadUPo=", "dev": true }, - "underscore": { - "version": "1.12.1", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", - "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" - }, "underscore.string": { "version": "3.3.6", "resolved": "https://registry.npmjs.org/underscore.string/-/underscore.string-3.3.6.tgz", diff --git a/package.json b/package.json index b45d9b25..c1b60b18 100644 --- a/package.json +++ b/package.json @@ -123,7 +123,7 @@ "js-sha3": "^0.8.0", "jsesc": "^3.0.2", "json5": "^2.2.1", - "jsonpath": "^1.1.1", + "jsonpath-plus": "^7.2.0", "jsonwebtoken": "^8.5.1", "jsqr": "^1.4.0", "jsrsasign": "^10.5.23", diff --git a/src/core/operations/JPathExpression.mjs b/src/core/operations/JPathExpression.mjs index 328fc83f..73a27433 100644 --- a/src/core/operations/JPathExpression.mjs +++ b/src/core/operations/JPathExpression.mjs @@ -4,7 +4,7 @@ * @license Apache-2.0 */ -import jpath from "jsonpath"; +import {JSONPath} from "jsonpath-plus"; import Operation from "../Operation.mjs"; import OperationError from "../errors/OperationError.mjs"; @@ -27,14 +27,20 @@ class JPathExpression extends Operation { this.outputType = "string"; this.args = [ { - "name": "Query", - "type": "string", - "value": "" + name: "Query", + type: "string", + value: "" }, { - "name": "Result delimiter", - "type": "binaryShortString", - "value": "\\n" + name: "Result delimiter", + type: "binaryShortString", + value: "\\n" + }, + { + name: "Prevent eval", + type: "boolean", + value: true, + description: "Evaluated expressions are disabled by default for security reasons" } ]; } @@ -45,18 +51,21 @@ class JPathExpression extends Operation { * @returns {string} */ run(input, args) { - const [query, delimiter] = args; - let results, - obj; + const [query, delimiter, preventEval] = args; + let results, jsonObj; try { - obj = JSON.parse(input); + jsonObj = JSON.parse(input); } catch (err) { throw new OperationError(`Invalid input JSON: ${err.message}`); } try { - results = jpath.query(obj, query); + results = JSONPath({ + path: query, + json: jsonObj, + preventEval: preventEval + }); } catch (err) { throw new OperationError(`Invalid JPath expression: ${err.message}`); } diff --git a/tests/operations/tests/Code.mjs b/tests/operations/tests/Code.mjs index 94179553..6ff1d97c 100644 --- a/tests/operations/tests/Code.mjs +++ b/tests/operations/tests/Code.mjs @@ -185,11 +185,11 @@ TestRegister.addTests([ { name: "JPath Expression: Empty expression", input: JSON.stringify(JSON_TEST_DATA), - expectedOutput: "Invalid JPath expression: we need a path", + expectedOutput: "", recipeConfig: [ { "op": "JPath expression", - "args": ["", "\n"] + "args": ["", "\n", true] } ], }, @@ -205,7 +205,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$.store.book[*].author", "\n"] + "args": ["$.store.book[*].author", "\n", true] } ], }, @@ -223,7 +223,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..title", "\n"] + "args": ["$..title", "\n", true] } ], }, @@ -238,7 +238,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$.store.*", "\n"] + "args": ["$.store.*", "\n", true] } ], }, @@ -249,7 +249,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..book[-1:]", "\n"] + "args": ["$..book[-1:]", "\n", true] } ], }, @@ -263,7 +263,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..book[:2]", "\n"] + "args": ["$..book[:2]", "\n", true] } ], }, @@ -277,7 +277,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..book[?(@.isbn)]", "\n"] + "args": ["$..book[?(@.isbn)]", "\n", false] } ], }, @@ -292,7 +292,7 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n"] + "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n", false] } ], }, @@ -306,10 +306,25 @@ TestRegister.addTests([ recipeConfig: [ { "op": "JPath expression", - "args": ["$..book[?(@.price<10)]", "\n"] + "args": ["$..book[?(@.price<10)]", "\n", false] } ], }, + { + name: "JPath Expression: Script-based expression", + input: "[{}]", + recipeConfig: [ + { + "op": "JPath expression", + "args": [ + "$..[?(({__proto__:[].constructor}).constructor(\"self.postMessage({action:'bakeComplete',data:{bakeId:1,dish:{type:1,value:''},duration:1,error:false,id:undefined,inputNum:2,progress:1,result:'