@govtechsg/oobee 0.10.85 → 0.10.87

package/dist/mergeAxeResults.js

@@ -5,7 +5,7 @@ import printMessage from 'print-message';
 import path from 'path';
 import ejs from 'ejs';
 import { fileURLToPath } from 'url';
-import constants, { BrowserTypes, ScannerTypes, WCAGclauses, a11yRuleShortDescriptionMap, disabilityBadgesMap, a11yRuleLongDescriptionMap, } from './constants/constants.js';
+import constants, { BrowserTypes, ScannerTypes, WCAGclauses, a11yRuleShortDescriptionMap, disabilityBadgesMap, a11yRuleLongDescriptionMap, a11yRuleStepByStepGuide, } from './constants/constants.js';
 import { getBrowserToRun, getPlaywrightLaunchOptions } from './constants/common.js';
 import { createScreenshotsFolder, getStoragePath, getVersion, getWcagPassPercentage, getProgressPercentage, retryFunction, zipResults, getIssuesPercentage, register, } from './utils.js';
 import { consoleLogger } from './logs.js';
@@ -119,10 +119,10 @@ const writeHTML = async (allIssues, storagePath, htmlFilename = 'report', scanDe
     const { topFilePath, bottomFilePath } = await splitHtmlAndCreateFiles(htmlFilePath, storagePath);
     const prefixData = fs.readFileSync(path.join(storagePath, 'report-partial-top.htm.txt'), 'utf-8');
     const suffixData = fs.readFileSync(path.join(storagePath, 'report-partial-bottom.htm.txt'), 'utf-8');
-    // Create lighter version with item references for embedding in HTML
-    const scanItemsWithHtmlGroupRefs = convertItemsToReferences(allIssues);
+    // Create the lighter scanItems payload for embedding in the HTML report.
+    const lightScanItemsPayload = convertItemsToReferences(allIssues);
     // Write the lighter items to a file and get the base64 path
-    const { jsonFilePath: scanItemsWithHtmlGroupRefsJsonFilePath, base64FilePath: scanItemsWithHtmlGroupRefsBase64FilePath, } = await writeJsonFileAndCompressedJsonFile(scanItemsWithHtmlGroupRefs.items, storagePath, 'scanItems-light');
+    const { jsonFilePath: lightScanItemsPayloadJsonFilePath, base64FilePath: lightScanItemsPayloadBase64FilePath, } = await writeJsonFileAndCompressedJsonFile(lightScanItemsPayload, storagePath, 'scanItems-light');
     return new Promise((resolve, reject) => {
         const scanDetailsReadStream = fs.createReadStream(scanDetailsFilePath, {
             encoding: 'utf8',
@@ -135,8 +135,8 @@ const writeHTML = async (allIssues, storagePath, htmlFilename = 'report', scanDe
                 await Promise.all([
                     fs.promises.unlink(topFilePath),
                     fs.promises.unlink(bottomFilePath),
-                    fs.promises.unlink(scanItemsWithHtmlGroupRefsBase64FilePath),
-                    fs.promises.unlink(scanItemsWithHtmlGroupRefsJsonFilePath),
+                    fs.promises.unlink(lightScanItemsPayloadBase64FilePath),
+                    fs.promises.unlink(lightScanItemsPayloadJsonFilePath),
                 ]);
             }
             catch (err) {
@@ -172,22 +172,28 @@ const writeHTML = async (allIssues, storagePath, htmlFilename = 'report', scanDe
   } else {
     console.warn('Skipping fetch GenAI feature as it is local report');
   }
+
+  var scanData = null;
+  var scanItems = null;
   \n`);
         outputStream.write('</script>\n<script type="text/plain" id="scanDataRaw">');
         scanDetailsReadStream.pipe(outputStream, { end: false });
         scanDetailsReadStream.on('end', async () => {
             outputStream.write('</script>\n<script>\n');
-            outputStream.write("var scanDataPromise = (async () => { console.log('Loading scanData...'); scanData = await decodeUnzipParse(document.getElementById('scanDataRaw').textContent); })();\n");
+            outputStream.write("var scanDataPromise = (async () => { console.log('Loading scanData...'); scanData = await decodeUnzipParse(document.getElementById('scanDataRaw').textContent); console.log('[report] scanData loaded'); })();\n");
             outputStream.write('</script>\n');
             // Write scanItems in 2MB chunks using a stream to avoid loading entire file into memory
             try {
                 let chunkIndex = 1;
-                const scanItemsStream = fs.createReadStream(scanItemsWithHtmlGroupRefsBase64FilePath, {
+                const scanItemsStream = fs.createReadStream(lightScanItemsPayloadBase64FilePath, {
                     encoding: 'utf8',
                     highWaterMark: CHUNK_SIZE,
                 });
                 for await (const chunk of scanItemsStream) {
-                    outputStream.write(`<script type="text/plain" id="scanItemsRaw${chunkIndex}">${chunk}</script>\n`);
+                    const ok = outputStream.write(`<script type="text/plain" id="scanItemsRaw${chunkIndex}">${chunk}</script>\n`);
+                    if (!ok) {
+                        await new Promise(resolve => outputStream.once('drain', resolve));
+                    }
                     chunkIndex++;
                 }
                 outputStream.write('<script>\n');
@@ -203,6 +209,7 @@ var scanItemsPromise = (async () => {
     i++;
   }
   scanItems = await decodeUnzipParse(chunks);
+  console.log('[report] scanItems loaded');
 })();\n`);
                 outputStream.write(suffixData);
                 outputStream.end();
@@ -302,9 +309,9 @@ const wcagOccurrencesMap = new Map();
 const pushResults = async (pageResults, allIssues, isCustomFlow) => {
     const { url, pageTitle, filePath } = pageResults;
     const totalIssuesInPage = new Set();
-    Object.keys(pageResults.mustFix.rules).forEach(k => totalIssuesInPage.add(k));
-    Object.keys(pageResults.goodToFix.rules).forEach(k => totalIssuesInPage.add(k));
-    Object.keys(pageResults.needsReview.rules).forEach(k => totalIssuesInPage.add(k));
+    Object.keys(pageResults.mustFix?.rules ?? {}).forEach(k => totalIssuesInPage.add(k));
+    Object.keys(pageResults.goodToFix?.rules ?? {}).forEach(k => totalIssuesInPage.add(k));
+    Object.keys(pageResults.needsReview?.rules ?? {}).forEach(k => totalIssuesInPage.add(k));
     allIssues.topFiveMostIssues.push({
         url,
         pageTitle,
@@ -592,6 +599,7 @@ generateJsonFiles = false) => {
         a11yRuleShortDescriptionMap,
         disabilityBadgesMap,
         a11yRuleLongDescriptionMap,
+        a11yRuleStepByStepGuide,
         wcagCriteriaLabels: constants.wcagCriteriaLabels,
         scanPagesDetail: {
             pagesAffected: [],
@@ -721,11 +729,13 @@ generateJsonFiles = false) => {
     const browserChannel = getBrowserToRun(randomToken, BrowserTypes.CHROME, false).browserToRun;
     // Should consider refactor constants.userDataDirectory to be a parameter in future
     await retryFunction(() => writeSummaryPdf(storagePath, pagesScanned.length, 'summary', browserChannel, constants.userDataDirectory), 1);
+    // Brief delay to allow lingering async crawlee storage operations to flush
+    await new Promise(resolve => setTimeout(resolve, 3000));
     try {
         await fs.promises.rm(path.join(storagePath, 'crawlee'), { recursive: true, force: true });
     }
     catch (error) {
-        consoleLogger.warn(`Unable to force remove crawlee folder: ${error.message}`);
+        // Silently ignore — folder may already be gone or still locked
     }
     try {
         await fs.promises.rm(path.join(storagePath, 'pdfs'), { recursive: true, force: true });

package/dist/npmIndex.js

@@ -4,7 +4,7 @@ import axe from 'axe-core';
 import { JSDOM } from 'jsdom';
 import { fileURLToPath } from 'url';
 import { EnqueueStrategy } from 'crawlee';
-import constants, { BrowserTypes, RuleFlags, ScannerTypes } from './constants/constants.js';
+import constants, { BrowserTypes, RuleFlags, ScannerTypes, a11yRuleShortDescriptionMap, a11yRuleLongDescriptionMap, a11yRuleStepByStepGuide } from './constants/constants.js';
 import { deleteClonedProfiles, getBrowserToRun, getPlaywrightLaunchOptions, submitForm, } from './constants/common.js';
 import { createCrawleeSubFolders, filterAxeResults } from './crawlers/commonCrawlerFunc.js';
 import { createAndUpdateResultsFolders, getVersion } from './utils.js';
@@ -489,6 +489,10 @@ const processAndSubmitResults = async (scanData, name, email, metadata) => {
                         if (constants.a11yRuleShortDescriptionMap[ruleId]) {
                             mergedResults[category].rules[ruleId].description = constants.a11yRuleShortDescriptionMap[ruleId];
                         }
+                        // Add short description, long description and step-by-step guide
+                        mergedResults[category].rules[ruleId].shortDescription = a11yRuleShortDescriptionMap[ruleId];
+                        mergedResults[category].rules[ruleId].longDescription = a11yRuleLongDescriptionMap[ruleId];
+                        mergedResults[category].rules[ruleId].stepByStepGuide = a11yRuleStepByStepGuide[ruleId];
                         // Add url to items
                         mergedResults[category].rules[ruleId].items.forEach((item) => {
                             item.url = result.url;
@@ -554,6 +558,10 @@ const processAndSubmitResults = async (scanData, name, email, metadata) => {
                     if (constants.a11yRuleShortDescriptionMap[rule.rule]) {
                         rule.description = constants.a11yRuleShortDescriptionMap[rule.rule];
                     }
+                    // Add short description, long description and step-by-step guide
+                    rule.shortDescription = a11yRuleShortDescriptionMap[rule.rule];
+                    rule.longDescription = a11yRuleLongDescriptionMap[rule.rule];
+                    rule.stepByStepGuide = a11yRuleStepByStepGuide[rule.rule];
                     if (rule.items) {
                         rule.items.forEach((item) => {
                             // Ensure item URL matches the result URL
@@ -637,4 +645,4 @@ export const scanPage = async (pages, config) => {
     }
     return processAndSubmitResults(scanData, name, email, metadata);
 };
-export { RuleFlags };
+export { RuleFlags, a11yRuleLongDescriptionMap, a11yRuleStepByStepGuide, getOobeeFunctionsScript };

package/dist/proxyService.js

@@ -57,7 +57,7 @@ function parseEnvProxyCommon() {
     if (https)
         info.https = stripScheme(https);
     if (socks)
-        info.socks = stripScheme(socks);
+        info.socks = socks; // keep original scheme so proxyInfoToResolution can use the right protocol
     if (noProxy)
         info.bypassList = semiJoin(noProxy.split(/[,;]/));
     const { username, password } = readCredsFromEnv();
@@ -384,6 +384,14 @@ function buildIncludeOnlyPac(proxyServer, includeList) {
     ].join('\n');
     return pac;
 }
+/**
+ * Convert an info.socks value to a full proxy server URL.
+ * When the value already carries a scheme (e.g. ALL_PROXY=http://..., socks4://...),
+ * it is used as-is. Bare host:port values (from scutil) default to socks5://.
+ */
+function toSocksServer(socks) {
+    return /^[a-zA-Z][a-zA-Z0-9+.-]*:\/\//.test(socks) ? socks : `socks5://${socks}`;
+}
 export function proxyInfoToResolution(info) {
     if (!info)
         return { kind: 'none' };
@@ -396,7 +404,7 @@ export function proxyInfoToResolution(info) {
         else if (info.https)
             proxyServer = `http://${info.https}`;
         else if (info.socks)
-            proxyServer = `socks5://${info.socks}`;
+            proxyServer = toSocksServer(info.socks);
         if (proxyServer) {
             // If credentials exist, embed them for the manual proxy auth
             // PAC scripts themselves don't carry auth, but Playwright's proxy option can
@@ -408,6 +416,13 @@ export function proxyInfoToResolution(info) {
             const pacDataUrl = `data:application/x-ns-proxy-autoconfig;base64,${Buffer.from(pac).toString('base64')}`;
             return { kind: 'pac', pacUrl: pacDataUrl, bypass: info.bypassList };
         }
+        // No direct proxy server was found — the configured proxy is PAC-based or auto-detect only.
+        // INCLUDE_PROXY needs a concrete server address to build a routing PAC script, so it cannot
+        // be applied here. Warn and fall through to use the existing PAC/autodetect as-is.
+        console.warn('INCLUDE_PROXY is set but no direct proxy server address was found. ' +
+            'INCLUDE_PROXY requires HTTP_PROXY, HTTPS_PROXY, or ALL_PROXY to be set with a direct ' +
+            'server address; it cannot be applied to a PAC URL or auto-detect proxy. ' +
+            'INCLUDE_PROXY will be ignored.');
     }
     // Prefer manual proxies first (these work with Playwright's proxy option)
     if (info.http) {
@@ -428,7 +443,7 @@ export function proxyInfoToResolution(info) {
     }
     if (info.socks) {
         return { kind: 'manual', settings: {
-                server: `socks5://${info.socks}`,
+                server: toSocksServer(info.socks),
                 username: info.username,
                 password: info.password,
                 bypass: info.bypassList,

package/dist/services/s3Uploader.js

@@ -5,6 +5,17 @@ import mime from 'mime-types';
 import { consoleLogger } from '../logs.js';
 const REGION = process.env.AWS_REGION || 'ap-southeast-1';
 const s3Client = new S3Client({ region: REGION });
+// S3 user metadata is sent over REST as x-amz-meta-* HTTP headers.
+// To avoid request-header validation failures in the Node/AWS SDK path,
+// normalize to printable ASCII before attaching metadata values.
+const sanitizeS3MetadataValue = (value) => {
+    return value
+        .normalize('NFKD') // e.g. "é" -> "e" + combining accent, "Ａ" -> "A"
+        .replace(/[\u0300-\u036f]/g, '') // e.g. remove the combining accent from the decomposed "é"
+        .replace(/[^\x20-\x7E]+/g, ' ') // e.g. "公益金" or emoji -> " "
+        .replace(/\s+/g, ' ') // e.g. "Community   Chest \n" -> "Community Chest "
+        .trim(); // e.g. " Homepage | Community Chest " -> "Homepage | Community Chest"
+};
 export const uploadFileToS3 = async (localFilePath, s3Key, metadata) => {
     const fileStream = fs.readFileSync(localFilePath);
     const contentType = mime.lookup(localFilePath) || 'application/octet-stream';
@@ -38,31 +49,31 @@ export const uploadFolderToS3 = async (localFolderPath, s3Prefix, scanMetadata)
     const files = getAllFiles(localFolderPath, localFolderPath);
     const allowedFileExtRegex = /\.(html|csv|pdf|zip)$/;
     const metadata = {
-        scanid: scanMetadata.scanId,
-        userid: scanMetadata.userId,
-        useremail: scanMetadata.email,
+        scanid: sanitizeS3MetadataValue(scanMetadata.scanId),
+        userid: sanitizeS3MetadataValue(scanMetadata.userId),
+        useremail: sanitizeS3MetadataValue(scanMetadata.email),
     };
     // Add optional metadata fields if present
     if (scanMetadata.messageId) {
-        metadata.messageid = scanMetadata.messageId;
+        metadata.messageid = sanitizeS3MetadataValue(scanMetadata.messageId);
     }
     if (scanMetadata.amplitudeUserId) {
-        metadata.amplitudeuserid = scanMetadata.amplitudeUserId;
+        metadata.amplitudeuserid = sanitizeS3MetadataValue(scanMetadata.amplitudeUserId);
     }
     if (scanMetadata.deviceId) {
-        metadata.deviceid = scanMetadata.deviceId;
+        metadata.deviceid = sanitizeS3MetadataValue(scanMetadata.deviceId);
     }
     if (scanMetadata.orgId) {
-        metadata.orgid = scanMetadata.orgId;
+        metadata.orgid = sanitizeS3MetadataValue(scanMetadata.orgId);
     }
     if (scanMetadata.userRole) {
-        metadata.userrole = scanMetadata.userRole;
+        metadata.userrole = sanitizeS3MetadataValue(scanMetadata.userRole);
     }
     if (scanMetadata.siteName) {
-        metadata.sitename = scanMetadata.siteName;
+        metadata.sitename = sanitizeS3MetadataValue(scanMetadata.siteName);
     }
     if (scanMetadata.durationExceeded !== undefined) {
-        metadata.durationexceeded = scanMetadata.durationExceeded;
+        metadata.durationexceeded = sanitizeS3MetadataValue(scanMetadata.durationExceeded);
     }
     consoleLogger.info(`Uploading ${files.length} files to S3...`);
     const uploadPromises = files.map(async (relativePath) => {

package/dist/static/ejs/partials/scripts/decodeUnzipParse.ejs

@@ -28,8 +28,11 @@ async function decodeUnzipParse(input) {
       offset += arr.length;
     }
 
-    // Step 2: Decompress with pako (GZIP)
-    const decompressed = pako.ungzip(merged, { to: 'string' });
+    // Step 2: Decompress with pako (GZIP) to bytes first to avoid large-string
+    // construction inside pako for very large payloads.
+    const decompressedBytes = pako.ungzip(merged);
+
+    const decompressed = new TextDecoder().decode(decompressedBytes);
 
     // Step 3: Parse JSON
     return JSON.parse(decompressed);
@@ -37,4 +40,4 @@ async function decodeUnzipParse(input) {
     throw new Error(`Failed to decode/unzip/parse: ${err.message}`);
   }
 }
-</script>
+</script>

package/dist/static/ejs/partials/scripts/header/aboutScanModal/ScanConfiguration.ejs

@@ -21,7 +21,7 @@
             >
           </div>
           <div class="display-url-container">
-            <a href="${page.url}" target="_blank">${page.pageTitle.length > 0 ? page.pageTitle : page.url}</a>
+            <a href="${page.url}" target="_blank">${page.pageTitle?.length > 0 ? page.pageTitle : page.url}</a>
             <p>${page.url}</p>
           </div>
         </div>
@@ -29,7 +29,7 @@
     } else {
       listItem.innerHTML = `
         <a href="${page.url}" target="_blank">
-          ${page.pageTitle.length > 0 ? page.pageTitle : page.url}
+          ${page.pageTitle?.length > 0 ? page.pageTitle : page.url}
           <svg class="link-external-icon" width="16" height="12" viewBox="0 0 8 8" aria-hidden="true" focusable="false">
             <path d="M7.11111 7.11111H0.888889V0.888889H4V0H0.888889C0.395556 0 0 0.4 0 0.888889V7.11111C0 7.6 0.395556 8 0.888889 8H7.11111C7.6 8 8 7.6 8 7.11111V4H7.11111V7.11111ZM4.88889 0V0.888889H6.48444L2.11556 5.25778L2.74222 5.88444L7.11111 1.51556V3.11111H8V0H4.88889Z" fill="#5735DF"/>
           </svg>