9.46.4

Updated to Node v18 and removed node-sass dependency
Merge branch 'nodejs18' of https://github.com/john19696/CyberChef
2025-12-05 23:53:27 +00:00 · 2022-09-09 21:23:09 +01:00 · 2022-09-09 21:22:55 +01:00 · 2022-09-09 20:55:18 +01:00 · 2022-09-09 20:53:37 +01:00 · 2022-09-09 20:52:36 +01:00
13 changed files with 350 additions and 2953 deletions
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -15,7 +15,7 @@ jobs:
    - name: Set node version
      uses: actions/setup-node@v1
      with:
-        node-version: '17.x'
+        node-version: '18.x'

    - name: Install
      run: |
--- a/.github/workflows/pull_requests.yml
+++ b/.github/workflows/pull_requests.yml
@@ -14,7 +14,7 @@ jobs:
    - name: Set node version
      uses: actions/setup-node@v1
      with:
-        node-version: '17.x'
+        node-version: '18.x'

    - name: Install
      run: |
--- a/.github/workflows/releases.yml
+++ b/.github/workflows/releases.yml
@@ -15,7 +15,7 @@ jobs:
    - name: Set node version
      uses: actions/setup-node@v1
      with:
-        node-version: '17.x'
+        node-version: '18.x'

    - name: Install
      run: |
--- a/.nvmrc
+++ b/.nvmrc
@@ -1 +1 @@
-17
+18
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "cyberchef",
-  "version": "9.46.1",
+  "version": "9.46.4",
  "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
  "author": "n1474335 <n1474335@gmail.com>",
  "homepage": "https://gchq.github.io/CyberChef",
@@ -49,7 +49,7 @@
    "babel-loader": "^8.2.5",
    "babel-plugin-dynamic-import-node": "^2.3.3",
    "babel-plugin-transform-builtin-extend": "1.1.2",
-    "chromedriver": "^101.0.0",
+    "chromedriver": "^103.0.0",
    "cli-progress": "^3.11.1",
    "colors": "^1.4.0",
    "copy-webpack-plugin": "^11.0.0",
@@ -77,7 +77,6 @@
    "postcss-import": "^14.1.0",
    "postcss-loader": "^7.0.0",
    "prompt": "^1.3.0",
-    "sass-loader": "^13.0.0",
    "sitemap": "^7.1.1",
    "terser": "^5.14.0",
    "webpack": "^5.73.0",
@@ -123,7 +122,7 @@
    "js-sha3": "^0.8.0",
    "jsesc": "^3.0.2",
    "json5": "^2.2.1",
-    "jsonpath": "^1.1.1",
+    "jsonpath-plus": "^7.2.0",
    "jsonwebtoken": "^8.5.1",
    "jsqr": "^1.4.0",
    "jsrsasign": "^10.5.23",
@@ -140,7 +139,6 @@
    "ngeohash": "^0.6.3",
    "node-forge": "^1.3.1",
    "node-md6": "^0.1.0",
-    "node-sass": "^7.0.1",
    "nodom": "^2.4.0",
    "notepack.io": "^3.0.1",
    "nwmatcher": "^1.4.4",
--- a/src/core/lib/Protobuf.mjs
+++ b/src/core/lib/Protobuf.mjs
@@ -184,7 +184,7 @@ class Protobuf {
                bytes: String,
                longs: Number,
                enums: String,
-                defualts: true
+                defaults: true
            });
            const output = {};

--- a/src/core/operations/JPathExpression.mjs
+++ b/src/core/operations/JPathExpression.mjs
@@ -4,7 +4,7 @@
 * @license Apache-2.0
 */

-import jpath from "jsonpath";
+import {JSONPath} from "jsonpath-plus";
 import Operation from "../Operation.mjs";
 import OperationError from "../errors/OperationError.mjs";

@@ -27,14 +27,20 @@ class JPathExpression extends Operation {
        this.outputType = "string";
        this.args = [
            {
-                "name": "Query",
-                "type": "string",
-                "value": ""
+                name: "Query",
+                type: "string",
+                value: ""
            },
            {
-                "name": "Result delimiter",
-                "type": "binaryShortString",
-                "value": "\\n"
+                name: "Result delimiter",
+                type: "binaryShortString",
+                value: "\\n"
+            },
+            {
+                name: "Prevent eval",
+                type: "boolean",
+                value: true,
+                description: "Evaluated expressions are disabled by default for security reasons"
            }
        ];
    }
@@ -45,18 +51,21 @@ class JPathExpression extends Operation {
     * @returns {string}
     */
    run(input, args) {
-        const [query, delimiter] = args;
-        let results,
-            obj;
+        const [query, delimiter, preventEval] = args;
+        let results, jsonObj;

        try {
-            obj = JSON.parse(input);
+            jsonObj = JSON.parse(input);
        } catch (err) {
            throw new OperationError(`Invalid input JSON: ${err.message}`);
        }

        try {
-            results = jpath.query(obj, query);
+            results = JSONPath({
+                path: query,
+                json: jsonObj,
+                preventEval: preventEval
+            });
        } catch (err) {
            throw new OperationError(`Invalid JPath expression: ${err.message}`);
        }
--- a/src/web/stylesheets/index.js
+++ b/src/web/stylesheets/index.js
@@ -10,7 +10,7 @@
 import "highlight.js/styles/vs.css";

 /* Frameworks */
-import "./vendors/bootstrap.scss";
+import "bootstrap-material-design/dist/css/bootstrap-material-design.css";
 import "bootstrap-colorpicker/dist/css/bootstrap-colorpicker.css";

 /* CyberChef styles */
--- a/src/web/stylesheets/vendors/bootstrap.scss
+++ b/src/web/stylesheets/vendors/bootstrap.scss
@@ -1,23 +0,0 @@
-/**
- * Bootstrap Material Design with overrides
- *
- * @author n1474335 [n1474335@gmail.com]
- * @copyright Crown Copyright 2018
- * @license Apache-2.0
- */
-
-@import "~bootstrap-material-design/scss/variables/colors";
-
-$theme-colors: (
-    primary: $blue-700,
-    success: $green,
-    info: $light-blue,
-    warning: $deep-orange,
-    danger: $red,
-    light: $grey-100,
-    dark: $grey-800
-);
-
-$bmd-form-line-height: 1.25;
-
-@import "~bootstrap-material-design/scss/core";
--- a/tests/operations/tests/Code.mjs
+++ b/tests/operations/tests/Code.mjs
@@ -185,11 +185,11 @@ TestRegister.addTests([
    {
        name: "JPath Expression: Empty expression",
        input: JSON.stringify(JSON_TEST_DATA),
-        expectedOutput: "Invalid JPath expression: we need a path",
+        expectedOutput: "",
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["", "\n"]
+                "args": ["", "\n", true]
            }
        ],
    },
@@ -205,7 +205,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$.store.book[*].author", "\n"]
+                "args": ["$.store.book[*].author", "\n", true]
            }
        ],
    },
@@ -223,7 +223,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..title", "\n"]
+                "args": ["$..title", "\n", true]
            }
        ],
    },
@@ -238,7 +238,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$.store.*", "\n"]
+                "args": ["$.store.*", "\n", true]
            }
        ],
    },
@@ -249,7 +249,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..book[-1:]", "\n"]
+                "args": ["$..book[-1:]", "\n", true]
            }
        ],
    },
@@ -263,7 +263,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..book[:2]", "\n"]
+                "args": ["$..book[:2]", "\n", true]
            }
        ],
    },
@@ -277,7 +277,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..book[?(@.isbn)]", "\n"]
+                "args": ["$..book[?(@.isbn)]", "\n", false]
            }
        ],
    },
@@ -292,7 +292,7 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n"]
+                "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n", false]
            }
        ],
    },
@@ -306,10 +306,25 @@ TestRegister.addTests([
        recipeConfig: [
            {
                "op": "JPath expression",
-                "args": ["$..book[?(@.price<10)]", "\n"]
+                "args": ["$..book[?(@.price<10)]", "\n", false]
            }
        ],
    },
+    {
+        name: "JPath Expression: Script-based expression",
+        input: "[{}]",
+        recipeConfig: [
+            {
+                "op": "JPath expression",
+                "args": [
+                    "$..[?(({__proto__:[].constructor}).constructor(\"self.postMessage({action:'bakeComplete',data:{bakeId:1,dish:{type:1,value:''},duration:1,error:false,id:undefined,inputNum:2,progress:1,result:'<iframe/onload=debugger>',type: 'html'}});\")();)]",
+                    "\n",
+                    true
+                ]
+            }
+        ],
+        expectedOutput: "Invalid JPath expression: Eval [?(expr)] prevented in JSONPath expression."
+    },
    {
        name: "CSS selector",
        input: '<div id="test">\n<p class="a">hello</p>\n<p>world</p>\n<p class="a">again</p>\n</div>',
--- a/tests/operations/tests/Protobuf.mjs
+++ b/tests/operations/tests/Protobuf.mjs
@@ -40,10 +40,10 @@ TestRegister.addTests([
            "Apple": [
                28
            ],
-            "Banana": "You",
            "Carrot": [
                "Me"
-            ]
+            ],
+            "Banana": "You"
        }, null, 4),
        recipeConfig: [
            {
@@ -72,10 +72,10 @@ TestRegister.addTests([
                "Apple": [
                    28
                ],
-                "Banana": "You",
                "Carrot": [
                    "Me"
-                ]
+                ],
+                "Banana": "You"
            },
            "Unknown Fields": {
                "4": 43,
@@ -111,10 +111,10 @@ TestRegister.addTests([
            "Apple": [
                28
            ],
-            "Banana": "You",
            "Carrot": [
                "Me"
            ],
+            "Banana": "You",
            "Date": 43,
            "Elderberry": {
                "Fig": "abc123",
@@ -154,10 +154,10 @@ TestRegister.addTests([
        input: "0d1c0000001203596f751a024d65202b2a0a0a06616263313233120031ba32a96cc10200003801",
        expectedOutput: JSON.stringify({
            "Test": {
-                "Banana (string)": "You",
                "Carrot (string)": [
                    "Me"
                ],
+                "Banana (string)": "You",
                "Date (int32)": 43,
                "Imbe (Options)": "Option1"
            },
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -164,19 +164,6 @@ module.exports = {
                    "postcss-loader",
                ]
            },
-            {
-                test: /\.scss$/,
-                use: [
-                    {
-                        loader: MiniCssExtractPlugin.loader,
-                        options: {
-                            publicPath: "../"
-                        }
-                    },
-                    "css-loader",
-                    "sass-loader",
-                ]
-            },
            {
                test: /\.(ico|eot|ttf|woff|woff2)$/,
                type: "asset/resource",
Author	SHA1	Message	Date
n1474335	1b0ced9f9b	9.46.4	2022-09-09 21:23:09 +01:00
n1474335	7b245b084a	Updated to Node v18 and removed node-sass dependency	2022-09-09 21:22:55 +01:00
n1474335	b00f64518f	Merge branch 'nodejs18' of https://github.com/john19696/CyberChef	2022-09-09 20:55:18 +01:00
n1474335	c3434e894d	9.46.3	2022-09-09 20:53:37 +01:00
n1474335	dd66f728b3	Merge branch 'fix-protobuf-order' of https://github.com/oliverrahner/CyberChef	2022-09-09 20:52:36 +01:00
n1474335	e40142b8c5	9.46.2	2022-09-09 20:39:35 +01:00
n1474335	1dd1b839b8	Switched jsonpath library to jsonpath-plus. Fixes #1318	2022-09-09 20:39:28 +01:00
Oliver Rahner	2f89130f41	fix protobuf field order	2022-07-21 16:36:15 +02:00
john19696	e9dd7eceb8	upgrade to nodejs v18	2022-07-14 14:27:59 +01:00