@mablhq/mabl-cli 1.50.4 → 1.51.6

package/mablscript/MablStep.js

@@ -16,6 +16,9 @@ class MablStep extends MablAction_1.MablAction {
     canContinueOnFailure() {
         return false;
     }
+    canFailAtEnd() {
+        return false;
+    }
     getStepName() {
         return 'UnimplementedStep';
     }

package/mablscript/steps/AssertStep.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AssertStep = exports.fieldToAssertionStep = exports.assertionStepToField = void 0;
+exports.AssertStep = exports.fieldToAssertionStep = exports.assertionStepToField = exports.OnFailure = void 0;
 const ConditionAction_1 = require("../actions/ConditionAction");
 const FindAction_1 = require("../actions/FindAction");
 const MablStep_1 = require("../MablStep");
@@ -12,6 +12,12 @@ const GetCurrentLocationDescriptor_1 = require("../types/GetCurrentLocationDescr
 const GetVariableValue_1 = require("../actions/GetVariableValue");
 const GetVariableDescriptor_1 = require("../types/GetVariableDescriptor");
 const CountAction_1 = require("../actions/CountAction");
+var OnFailure;
+(function (OnFailure) {
+    OnFailure["ContinueWithWarning"] = "continue";
+    OnFailure["FailImmediately"] = "terminate";
+    OnFailure["FailTestAtEnd"] = "failAtEnd";
+})(OnFailure = exports.OnFailure || (exports.OnFailure = {}));
 exports.assertionStepToField = {
     AssertEquals: 'equals',
     AssertPresent: 'present',
@@ -67,9 +73,17 @@ class AssertStep extends MablStep_1.MablStep {
             args[0] && typeof args[0] === 'object'
                 ? args[0]
                 : undefined;
-        this.continueOnFailure = ((_a = this.assertArguments) === null || _a === void 0 ? void 0 : _a.onFailure) === 'continue';
+        this.onFailure =
+            ((_a = this.assertArguments) === null || _a === void 0 ? void 0 : _a.onFailure) ||
+                OnFailure.FailImmediately;
         this.observationScope = (_b = this.assertArguments) === null || _b === void 0 ? void 0 : _b.observationScope;
     }
+    canContinueOnFailure() {
+        return this.onFailure !== OnFailure.FailImmediately;
+    }
+    canFailAtEnd() {
+        return this.onFailure === OnFailure.FailTestAtEnd;
+    }
     validate() {
         if (!(this.actions.length === 2 || this.actions.length === 3) &&
             !(this.actions[0] instanceof FindAction_1.FindAction) &&
@@ -110,7 +124,7 @@ class AssertStep extends MablStep_1.MablStep {
             extractDescriptor: (_a = this.extractAction) === null || _a === void 0 ? void 0 : _a.extractDescriptor,
             conditionDescriptor: this.conditionAction.conditionDescriptor,
             countDescriptor: (_b = this.countAction) === null || _b === void 0 ? void 0 : _b.countDescriptor,
-            continueOnFailure: this.continueOnFailure,
+            onFailure: this.onFailure,
             observationScope: this.observationScope,
             descriptorToActionMap,
         };
@@ -199,16 +213,21 @@ class AssertStep extends MablStep_1.MablStep {
         }
         return new AssertStep('assert', [
             {
-                onFailure: stepArgs.continueOnFailure ? 'continue' : undefined,
+                onFailure: stepArgs.onFailure,
                 observationScope: stepArgs.observationScope,
             },
         ], actions);
     }
     toMablscript() {
-        var _a, _b;
+        var _a, _b, _c, _d;
         const assertAction = `.assert(${!!(((_a = this.assertArguments) === null || _a === void 0 ? void 0 : _a.onFailure) ||
             ((_b = this.assertArguments) === null || _b === void 0 ? void 0 : _b.observationScope))
-            ? (0, MablAction_1.convertObjectToMablscriptArgs)(this.assertArguments)
+            ? (0, MablAction_1.convertObjectToMablscriptArgs)({
+                ...this.assertArguments,
+                onFailure: ((_c = this.assertArguments) === null || _c === void 0 ? void 0 : _c.onFailure) === OnFailure.FailImmediately
+                    ? undefined
+                    : (_d = this.assertArguments) === null || _d === void 0 ? void 0 : _d.onFailure,
+            })
             : ''})`;
         if (this.countAction) {
             return `${this.primaryAction.toMablscript()}.${this.countAction.toMablscript()}.${this.conditionAction.toMablscript()}${assertAction}`;

package/mablscript/steps/AssertStepOld.js

@@ -36,11 +36,11 @@ class AssertStepOld extends MablStep_1.MablStep {
         this.primaryAction = actions[0];
         this.extractAction = actions[1];
         if (args.length === 1) {
-            this.continueOnFailure = args[0].onFailure === 'continue';
+            this.onFailure = args[0].onFailure;
             this.observationScope = args[0].observationScope;
         }
         else if (args.length === 2) {
-            this.continueOnFailure = args[1].onFailure === 'continue';
+            this.onFailure = args[1].onFailure;
             this.observationScope = args[1].observationScope;
         }
     }
@@ -97,7 +97,7 @@ class AssertStepOld extends MablStep_1.MablStep {
                     throw new Error(`Error generating step descriptor for ${this.getStepName()}: Unexpected find type ${find.findType}`);
             }
         }
-        formatted.continueOnFailure = this.continueOnFailure;
+        formatted.onFailure = this.onFailure;
         formatted.observationScope = this.observationScope;
         return formatted;
     }

package/mablscript/steps/IfConditionStep.js

@@ -42,7 +42,7 @@ class IfConditionStep extends MablStep_1.MablStep {
             find,
             extractDescriptor: (_b = this.extractAction) === null || _b === void 0 ? void 0 : _b.extractDescriptor,
             conditionDescriptor,
-            continueOnFailure: false,
+            onFailure: AssertStep_1.OnFailure.FailImmediately,
             descriptorToActionMap: new Map().set(find, this.primaryAction),
         };
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mablhq/mabl-cli",
-  "version": "1.50.4",
+  "version": "1.51.6",
   "license": "SEE LICENSE IN LICENSE.txt",
   "description": "The official mabl command line interface tool",
   "main": "index.js",

package/resources/pdf-viewer/embeddedPdfDetection.js

@@ -48,13 +48,69 @@ mablEmbeddedPdfDetector = () => {
     }
   }
 
+  /**
+   * Returns the URL string of the element which should in some way be embedding a PDF.
+   * @param {HTMLElement} originalPdfElement The element embedding the PDF, should have embed tag, object tag,
+   * @returns {(string|undefined)} The URL which should host the PDF, or undefined if none was found
+   */
+  function getPdfUrlFromElement(originalPdfElement) {
+    return (
+      originalPdfElement.src ||
+      originalPdfElement.data || // embed has @src, object has @data
+      undefined
+    );
+  }
+
+  /**
+   * Checks that the URL embedding the PDF leads to a valid location and/or
+   * has a valid protocol
+   * @param {HTMLElement} element The element on the page whose URL to check
+   * @returns {boolean} Whether or not the element is valid
+   */
+  function checkUrlProtocol(element) {
+    if (element.src === 'about:blank') {
+      // this is likely the chrome viewer for a POST
+      // don't do anything, we might get a manual update later
+      // if the trainer finds a PDF
+      return false;
+    }
+    // Validate that the URL is an allowed protocol to prevent XSS, see IST-561
+    const pdfUrlString = getPdfUrlFromElement(element);
+    try {
+      const pdfUrl = new URL(pdfUrlString);
+      // data: is allowed to support embedding the PDF inline using a data URI scheme
+      const allowedProtocols = ['http:', 'https:', 'data:'];
+      if (!allowedProtocols.includes(pdfUrl?.protocol)) {
+        console.warn(
+          `PDF Handler ignoring element with URL ${pdfUrlString} because protocol ${pdfUrl?.protocol} does not match one of the allowed protocols ${allowedProtocols}`,
+        );
+        return false;
+      } else if (
+        pdfUrl?.protocol === 'data:' &&
+        !/^data:application\/pdf[,;]/.test(pdfUrl?.href ?? '') // starts with data:application/pdf and either , or ; separator
+      ) {
+        console.warn(
+          `PDF Handler ignoring element with URL ${pdfUrlString} because it does not use application/pdf MIME type`,
+        );
+        return false;
+      }
+    } catch (e) {
+      console.warn(
+        `PDF Handler ignoring element with URL ${pdfUrlString}; error ${e} was thrown while converting to URL`,
+      );
+      return false;
+    }
+    return true;
+  }
+
   async function handle(event) {
     const element = event.target;
     if (
       checkAnimationEvent(event) &&
       checkElement(element) &&
       checkMimeType(element) &&
-      !isMablMarked(element)
+      !isMablMarked(element) &&
+      checkUrlProtocol(element)
     ) {
       const baseUri = document.baseURI;
       const pdfElement = element;
@@ -100,7 +156,7 @@ mablEmbeddedPdfDetector = () => {
 
   function checkMimeType(element) {
     const mimeType = element.type;
-    const path = element.src || element.data; // src for embed, data for object
+    const path = getPdfUrlFromElement(element);
     const isAPdf =
       (mimeType && mimeType.toLowerCase() === 'application/pdf') || // mime type is PDF
       (!mimeType && path && /\.pdf($|[?#])/i.test(path)) || // or if we don't have a mime type test the path up to query or hash
@@ -130,6 +186,7 @@ const MABL_DEFAULT_PDF_NAME = 'mablPdf';
 function documentHasDocType() {
   return document.doctype && document.doctype.name;
 }
+
 function runEmbeddedPdfDetector() {
   if (documentHasDocType()) {
     mablEmbeddedPdfDetector();