mirror of
https://github.com/gchq/CyberChef
synced 2026-01-29 15:53:36 +00:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
dd26c09003 | ||
|
a30f5f1b50 | ||
|
b885e8423d |
16
package-lock.json
generated
16
package-lock.json
generated
@@ -57,7 +57,7 @@
|
||||
"jsesc": "^3.0.2",
|
||||
"json5": "^2.2.3",
|
||||
"jsonata": "^2.0.3",
|
||||
"jsonpath-plus": "^9.0.0",
|
||||
"jsonpath-plus": "^10.3.0",
|
||||
"jsonwebtoken": "8.5.1",
|
||||
"jsqr": "^1.4.0",
|
||||
"jsrsasign": "^11.1.0",
|
||||
@@ -12503,21 +12503,21 @@
|
||||
}
|
||||
},
|
||||
"node_modules/jsonpath-plus": {
|
||||
"version": "9.0.0",
|
||||
"resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-9.0.0.tgz",
|
||||
"integrity": "sha512-bqE77VIDStrOTV/czspZhTn+o27Xx9ZJRGVkdVShEtPoqsIx5yALv3lWVU6y+PqYvWPJNWE7ORCQheQkEe0DDA==",
|
||||
"version": "10.3.0",
|
||||
"resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz",
|
||||
"integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@jsep-plugin/assignment": "^1.2.1",
|
||||
"@jsep-plugin/regex": "^1.0.3",
|
||||
"jsep": "^1.3.8"
|
||||
"@jsep-plugin/assignment": "^1.3.0",
|
||||
"@jsep-plugin/regex": "^1.0.4",
|
||||
"jsep": "^1.4.0"
|
||||
},
|
||||
"bin": {
|
||||
"jsonpath": "bin/jsonpath-cli.js",
|
||||
"jsonpath-plus": "bin/jsonpath-cli.js"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.0.0"
|
||||
"node": ">=18.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/jsonwebtoken": {
|
||||
|
||||
@@ -143,7 +143,7 @@
|
||||
"jsesc": "^3.0.2",
|
||||
"json5": "^2.2.3",
|
||||
"jsonata": "^2.0.3",
|
||||
"jsonpath-plus": "^9.0.0",
|
||||
"jsonpath-plus": "^10.3.0",
|
||||
"jsonwebtoken": "8.5.1",
|
||||
"jsqr": "^1.4.0",
|
||||
"jsrsasign": "^11.1.0",
|
||||
|
||||
@@ -177,7 +177,7 @@ class Utils {
|
||||
*/
|
||||
static printable(str, preserveWs=false, onlyAscii=false) {
|
||||
if (onlyAscii) {
|
||||
return str.replace(/[^\x20-\x7f]/g, ".");
|
||||
return str.replace(/[^\x20-\x7e]/g, ".");
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-misleading-character-class
|
||||
|
||||
@@ -33,7 +33,7 @@ class ToBase85 extends Operation {
|
||||
value: ALPHABET_OPTIONS
|
||||
},
|
||||
{
|
||||
name: "Include delimeter",
|
||||
name: "Include delimiter",
|
||||
type: "boolean",
|
||||
value: false
|
||||
}
|
||||
|
||||
@@ -20,4 +20,10 @@ TestRegister.addApiTests([
|
||||
assert.equal(Utils.parseEscapedChars("\\\\\\'"), "\\'");
|
||||
}),
|
||||
|
||||
it("Utils: should replace delete character", () => {
|
||||
assert.equal(
|
||||
Utils.printable("\x7e\x7f\x80\xa7", false, true),
|
||||
"\x7e...",
|
||||
);
|
||||
}),
|
||||
]);
|
||||
|
||||
@@ -322,8 +322,21 @@ TestRegister.addTests([
|
||||
]
|
||||
}
|
||||
],
|
||||
expectedMatch: /^Invalid JPath expression: jsonPath: self is not defined:/
|
||||
expectedMatch: /^Invalid JPath expression: Unexpected "{" at character 1/
|
||||
},
|
||||
{
|
||||
name: "JPath Expression: Script-based RCE",
|
||||
input: "[{}]",
|
||||
recipeConfig: [
|
||||
{
|
||||
"op": "JPath expression",
|
||||
"args": [
|
||||
"$..[?(p=\"console.log(this.process.mainModule.require('child_process').execSync('id').toString())\";a=''[['constructor']][['constructor']](p);a())]",
|
||||
"\n"
|
||||
]
|
||||
}
|
||||
],
|
||||
expectedMatch: /^Invalid JPath expression: jsonPath: Cannot read properties of {2}\(reading 'constructor'\): / },
|
||||
{
|
||||
name: "CSS selector",
|
||||
input: '<div id="test">\n<p class="a">hello</p>\n<p>world</p>\n<p class="a">again</p>\n</div>',
|
||||
|
||||
Reference in New Issue
Block a user