cyberchef 9.38.6 → 9.38.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.38.6",
+  "version": "9.38.9",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -122,6 +122,7 @@
     "js-crc": "^0.2.0",
     "js-sha3": "^0.8.0",
     "jsesc": "^3.0.2",
+    "json5": "^2.2.1",
     "jsonpath": "^1.1.1",
     "jsonwebtoken": "^8.5.1",
     "jsqr": "^1.4.0",

package/src/core/config/OperationConfig.json

@@ -7637,10 +7637,10 @@
     },
     "JSON Beautify": {
         "module": "Code",
-        "description": "Indents and prettifies JavaScript Object Notation (JSON) code.",
+        "description": "Indents and pretty prints JavaScript Object Notation (JSON) code.<br><br>Tags: json viewer, prettify, syntax highlighting",
         "infoURL": null,
         "inputType": "string",
-        "outputType": "string",
+        "outputType": "html",
         "flowControl": false,
         "manualBake": false,
         "args": [
@@ -7653,6 +7653,11 @@
                 "name": "Sort Object Keys",
                 "type": "boolean",
                 "value": false
+            },
+            {
+                "name": "Formatted",
+                "type": "boolean",
+                "value": true
             }
         ]
     },
@@ -8580,7 +8585,7 @@
     "PEM to Hex": {
         "module": "Default",
         "description": "Converts PEM (Privacy Enhanced Mail) format to a hexadecimal DER (Distinguished Encoding Rules) string.",
-        "infoURL": "https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail#Format",
+        "infoURL": "https://wikipedia.org/wiki/Privacy-Enhanced_Mail#Format",
         "inputType": "string",
         "outputType": "string",
         "flowControl": false,

package/src/core/lib/Base64.mjs

@@ -130,10 +130,11 @@ export function fromBase64(data, alphabet="A-Za-z0-9+/=", returnType="string", r
         i = 0;
 
     while (i < data.length) {
-        enc1 = alphabet.indexOf(data.charAt(i++));
-        enc2 = alphabet.indexOf(data.charAt(i++));
-        enc3 = alphabet.indexOf(data.charAt(i++));
-        enc4 = alphabet.indexOf(data.charAt(i++));
+        // Including `|| null` forces empty strings to null so that indexOf returns -1 instead of 0
+        enc1 = alphabet.indexOf(data.charAt(i++) || null);
+        enc2 = alphabet.indexOf(data.charAt(i++) || null);
+        enc3 = alphabet.indexOf(data.charAt(i++) || null);
+        enc4 = alphabet.indexOf(data.charAt(i++) || null);
 
         if (strictMode && (enc1 < 0 || enc2 < 0 || enc3 < 0 || enc4 < 0)) {
             throw new OperationError("Error: Base64 input contains non-alphabet char(s)");
@@ -143,13 +144,13 @@ export function fromBase64(data, alphabet="A-Za-z0-9+/=", returnType="string", r
         chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
         chr3 = ((enc3 & 3) << 6) | enc4;
 
-        if (chr1 < 256) {
+        if (chr1 >= 0 && chr1 < 256) {
             output.push(chr1);
         }
-        if (chr2 < 256 && enc3 !== 64) {
+        if (chr2 >= 0 && chr2 < 256 && enc3 !== 64) {
             output.push(chr2);
         }
-        if (chr3 < 256 && enc4 !== 64) {
+        if (chr3 >= 0 && chr3 < 256 && enc4 !== 64) {
             output.push(chr3);
         }
     }

package/src/core/lib/PublicKey.mjs

@@ -9,35 +9,25 @@
 import { toHex, fromHex } from "./Hex.mjs";
 
 /**
- * Formats Distinguished Name (DN) strings.
+ * Formats Distinguished Name (DN) objects to strings.
  *
- * @param {string} dnStr
+ * @param {Object} dnObj
  * @param {number} indent
  * @returns {string}
  */
-export function formatDnStr(dnStr, indent) {
-    const fields = dnStr.substr(1).replace(/([^\\])\//g, "$1$1/").split(/[^\\]\//);
-    let output = "",
-        maxKeyLen = 0,
-        key,
-        value,
-        i,
-        str;
-
-    for (i = 0; i < fields.length; i++) {
-        if (!fields[i].length) continue;
-
-        key = fields[i].split("=")[0];
+export function formatDnObj(dnObj, indent) {
+    let output = "";
 
-        maxKeyLen = key.length > maxKeyLen ? key.length : maxKeyLen;
-    }
+    const maxKeyLen = dnObj.array.reduce((max, item) => {
+        return item[0].type.length > max ? item[0].type.length : max;
+    }, 0);
 
-    for (i = 0; i < fields.length; i++) {
-        if (!fields[i].length) continue;
+    for (let i = 0; i < dnObj.array.length; i++) {
+        if (!dnObj.array[i].length) continue;
 
-        key = fields[i].split("=")[0];
-        value = fields[i].split("=")[1];
-        str = key.padEnd(maxKeyLen, " ") + " = " + value + "\n";
+        const key = dnObj.array[i][0].type;
+        const value = dnObj.array[i][0].value;
+        const str = `${key.padEnd(maxKeyLen, " ")} = ${value}\n`;
 
         output += str.padStart(indent + str.length, " ");
     }

package/src/core/operations/JSONBeautify.mjs

@@ -5,8 +5,10 @@
  * @license Apache-2.0
  */
 
-import vkbeautify from "vkbeautify";
+import JSON5 from "json5";
+import OperationError from "../errors/OperationError.mjs";
 import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
 
 /**
  * JSON Beautify operation
@@ -21,19 +23,25 @@ class JSONBeautify extends Operation {
 
         this.name = "JSON Beautify";
         this.module = "Code";
-        this.description = "Indents and prettifies JavaScript Object Notation (JSON) code.";
+        this.description = "Indents and pretty prints JavaScript Object Notation (JSON) code.<br><br>Tags: json viewer, prettify, syntax highlighting";
         this.inputType = "string";
         this.outputType = "string";
+        this.presentType = "html";
         this.args = [
             {
-                "name": "Indent string",
-                "type": "binaryShortString",
-                "value": "    "
+                name: "Indent string",
+                type: "binaryShortString",
+                value: "    "
             },
             {
-                "name": "Sort Object Keys",
-                "type": "boolean",
-                "value": false
+                name: "Sort Object Keys",
+                type: "boolean",
+                value: false
+            },
+            {
+                name: "Formatted",
+                type: "boolean",
+                value: true
             }
         ];
     }
@@ -44,35 +52,193 @@ class JSONBeautify extends Operation {
      * @returns {string}
      */
     run(input, args) {
+        if (!input) return "";
+
         const [indentStr, sortBool] = args;
+        let json = null;
 
-        if (!input) return "";
-        if (sortBool) {
-            input = JSON.stringify(JSONBeautify._sort(JSON.parse(input)));
+        try {
+            json = JSON5.parse(input);
+        } catch (err) {
+            throw new OperationError("Unable to parse input as JSON.\n" + err);
         }
-        return vkbeautify.json(input, indentStr);
-    }
 
+        if (sortBool) json = sortKeys(json);
+
+        return JSON.stringify(json, null, indentStr);
+    }
 
     /**
-     * Sort JSON representation of an object
+     * Adds various dynamic features to the JSON blob
      *
-     * @author Phillip Nordwall [phillip.nordwall@gmail.com]
-     * @private
-     * @param {object} o
-     * @returns {object}
+     * @param {string} data
+     * @param {Object[]} args
+     * @returns {html}
      */
-    static _sort(o) {
-        if (Array.isArray(o)) {
-            return o.map(JSONBeautify._sort);
-        } else if ("[object Object]" === Object.prototype.toString.call(o)) {
-            return Object.keys(o).sort().reduce(function(a, k) {
-                a[k] = JSONBeautify._sort(o[k]);
-                return a;
-            }, {});
+    present(data, args) {
+        const formatted = args[2];
+        if (!formatted) return Utils.escapeHtml(data);
+
+        const json = JSON5.parse(data);
+        const options = {
+            withLinks: true,
+            bigNumbers: true
+        };
+        let html = '<div class="json-document">';
+
+        if (isCollapsable(json)) {
+            const isArr = json instanceof Array;
+            html += '<details open class="json-details">' +
+                `<summary class="json-summary ${isArr ? "json-arr" : "json-obj"}"></summary>` +
+                json2html(json, options) +
+                "</details>";
+        } else {
+            html += json2html(json, options);
+        }
+
+        html += "</div>";
+        return html;
+    }
+}
+
+/**
+ * Sort keys in a JSON object
+ *
+ * @author Phillip Nordwall [phillip.nordwall@gmail.com]
+ * @param {object} o
+ * @returns {object}
+ */
+function sortKeys(o) {
+    if (Array.isArray(o)) {
+        return o.map(sortKeys);
+    } else if ("[object Object]" === Object.prototype.toString.call(o)) {
+        return Object.keys(o).sort().reduce(function(a, k) {
+            a[k] = sortKeys(o[k]);
+            return a;
+        }, {});
+    }
+    return o;
+}
+
+
+/**
+ * Check if arg is either an array with at least 1 element, or a dict with at least 1 key
+ * @returns {boolean}
+ */
+function isCollapsable(arg) {
+    return arg instanceof Object && Object.keys(arg).length > 0;
+}
+
+/**
+ * Check if a string looks like a URL, based on protocol
+ * @returns {boolean}
+ */
+function isUrl(string) {
+    const protocols = ["http", "https", "ftp", "ftps"];
+    for (let i = 0; i < protocols.length; i++) {
+        if (string.startsWith(protocols[i] + "://")) {
+            return true;
+        }
+    }
+    return false;
+}
+
+/**
+ * Transform a json object into html representation
+ *
+ * Adapted for CyberChef by @n1474335 from jQuery json-viewer
+ * @author Alexandre Bodelot <alexandre.bodelot@gmail.com>
+ * @link https://github.com/abodelot/jquery.json-viewer
+ * @license MIT
+ *
+ * @returns {string}
+ */
+function json2html(json, options) {
+    let html = "";
+    if (typeof json === "string") {
+        // Escape tags and quotes
+        json = Utils.escapeHtml(json);
+
+        if (options.withLinks && isUrl(json)) {
+            html += `<a href="${json}" class="json-string" target="_blank">${json}</a>`;
+        } else {
+            // Escape double quotes in the rendered non-URL string.
+            json = json.replace(/&quot;/g, "\\&quot;");
+            html += `<span class="json-string">"${json}"</span>`;
+        }
+    } else if (typeof json === "number" || typeof json === "bigint") {
+        html += `<span class="json-literal">${json}</span>`;
+    } else if (typeof json === "boolean") {
+        html += `<span class="json-literal">${json}</span>`;
+    } else if (json === null) {
+        html += '<span class="json-literal">null</span>';
+    } else if (json instanceof Array) {
+        if (json.length > 0) {
+            html += '<span class="json-bracket">[</span><ol class="json-array">';
+            for (let i = 0; i < json.length; i++) {
+                html += "<li>";
+
+                // Add toggle button if item is collapsable
+                if (isCollapsable(json[i])) {
+                    const isArr = json[i] instanceof Array;
+                    html += '<details open class="json-details">' +
+                        `<summary class="json-summary ${isArr ? "json-arr" : "json-obj"}"></summary>` +
+                        json2html(json[i], options) +
+                        "</details>";
+                } else {
+                    html += json2html(json[i], options);
+                }
+
+                // Add comma if item is not last
+                if (i < json.length - 1) {
+                    html += '<span class="json-comma">,</span>';
+                }
+                html += "</li>";
+            }
+            html += '</ol><span class="json-bracket">]</span>';
+        } else {
+            html += '<span class="json-bracket">[]</span>';
+        }
+    } else if (typeof json === "object") {
+        // Optional support different libraries for big numbers
+        // json.isLosslessNumber: package lossless-json
+        // json.toExponential(): packages bignumber.js, big.js, decimal.js, decimal.js-light, others?
+        if (options.bigNumbers && (typeof json.toExponential === "function" || json.isLosslessNumber)) {
+            html += `<span class="json-literal">${json.toString()}</span>`;
+        } else {
+            let keyCount = Object.keys(json).length;
+            if (keyCount > 0) {
+                html += '<span class="json-brace">{</span><ul class="json-dict">';
+                for (const key in json) {
+                    if (Object.prototype.hasOwnProperty.call(json, key)) {
+                        const safeKey = Utils.escapeHtml(key);
+                        html += "<li>";
+
+                        // Add toggle button if item is collapsable
+                        if (isCollapsable(json[key])) {
+                            const isArr = json[key] instanceof Array;
+                            html += '<details open class="json-details">' +
+                                `<summary class="json-summary ${isArr ? "json-arr" : "json-obj"}">${safeKey}<span class="json-colon">:</span> </summary>` +
+                                json2html(json[key], options) +
+                                "</details>";
+                        } else {
+                            html += safeKey + '<span class="json-colon">:</span> ' + json2html(json[key], options);
+                        }
+
+                        // Add comma if item is not last
+                        if (--keyCount > 0) {
+                            html += '<span class="json-comma">,</span>';
+                        }
+                        html += "</li>";
+                    }
+                }
+                html += '</ul><span class="json-brace">}</span>';
+            } else {
+                html += '<span class="json-brace">{}</span>';
+            }
         }
-        return o;
     }
+    return html;
 }
 
 export default JSONBeautify;

package/src/core/operations/PEMToHex.mjs

@@ -24,7 +24,7 @@ class PEMToHex extends Operation {
         this.name = "PEM to Hex";
         this.module = "Default";
         this.description = "Converts PEM (Privacy Enhanced Mail) format to a hexadecimal DER (Distinguished Encoding Rules) string.";
-        this.infoURL = "https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail#Format";
+        this.infoURL = "https://wikipedia.org/wiki/Privacy-Enhanced_Mail#Format";
         this.inputType = "string";
         this.outputType = "string";
         this.args = [];

package/src/core/operations/ParseX509Certificate.mjs

@@ -7,7 +7,7 @@
 import r from "jsrsasign";
 import { fromBase64 } from "../lib/Base64.mjs";
 import { toHex } from "../lib/Hex.mjs";
-import { formatByteStr, formatDnStr } from "../lib/PublicKey.mjs";
+import { formatByteStr, formatDnObj } from "../lib/PublicKey.mjs";
 import Operation from "../Operation.mjs";
 import Utils from "../Utils.mjs";
 
@@ -76,8 +76,8 @@ class ParseX509Certificate extends Operation {
         }
 
         const sn = cert.getSerialNumberHex(),
-            issuer = cert.getIssuerString(),
-            subject = cert.getSubjectString(),
+            issuer = cert.getIssuer(),
+            subject = cert.getSubject(),
             pk = cert.getPublicKey(),
             pkFields = [],
             sig = cert.getSignatureValueHex();
@@ -170,10 +170,10 @@ class ParseX509Certificate extends Operation {
             extensions = cert.getInfo().split("X509v3 Extensions:\n")[1].split("signature")[0];
         } catch (err) {}
 
-        const issuerStr = formatDnStr(issuer, 2),
+        const issuerStr = formatDnObj(issuer, 2),
             nbDate = formatDate(cert.getNotBefore()),
             naDate = formatDate(cert.getNotAfter()),
-            subjectStr = formatDnStr(subject, 2);
+            subjectStr = formatDnObj(subject, 2);
 
         return `Version:          ${cert.version} (0x${Utils.hex(cert.version - 1)})
 Serial number:    ${new r.BigInteger(sn, 16).toString()} (0x${sn})

package/src/web/stylesheets/index.css

@@ -34,3 +34,6 @@
 @import "./layout/_operations.css";
 @import "./layout/_recipe.css";
 @import "./layout/_structure.css";
+
+/* Operations */
+@import "./operations/json.css";

package/src/web/stylesheets/operations/json.css

@@ -0,0 +1,78 @@
+/**
+ * JSON styles
+ *
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ *
+ * Adapted for CyberChef by @n1474335 from jQuery json-viewer
+ * @author Alexandre Bodelot <alexandre.bodelot@gmail.com>
+ * @link https://github.com/abodelot/jquery.json-viewer
+ * @license MIT
+ */
+
+/* Root element */
+.json-document {
+    padding: .5em 1.5em;
+}
+
+/* Syntax highlighting for JSON objects */
+ul.json-dict, ol.json-array {
+    list-style-type: none;
+    margin: 0 0 0 1px;
+    border-left: 1px dotted #ccc;
+    padding-left: 2em;
+}
+.json-string {
+    color: green;
+}
+.json-literal {
+    color: red;
+}
+.json-brace,
+.json-bracket,
+.json-colon,
+.json-comma {
+    color: gray;
+}
+
+/* Collapse */
+.json-details {
+    display: inline;
+}
+.json-details[open] {
+    display: contents;
+}
+.json-summary {
+    display: contents;
+}
+
+/* Display object and array brackets when closed */
+.json-summary.json-obj::after {
+    color: gray;
+    content: "{ ... }"
+}
+.json-summary.json-arr::after {
+    color: gray;
+    content: "[ ... ]"
+}
+.json-details[open] > .json-summary.json-obj::after,
+.json-details[open] > .json-summary.json-arr::after  {
+    content: "";
+}
+
+/* Show arrows, even in inline mode */
+.json-summary::before {
+    content: "\25BC";
+    color: #c0c0c0;
+    margin-left: -12px;
+    margin-right: 5px;
+    display: inline-block;
+    transform: rotate(-90deg);
+}
+.json-summary:hover::before {
+    color: #aaa;
+}
+.json-details[open] > .json-summary::before {
+    transform: rotate(0deg);
+}

package/tests/operations/tests/JSONBeautify.mjs

@@ -16,7 +16,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
         ],
     },
@@ -27,7 +27,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
         ],
     },
@@ -38,8 +38,12 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
+            {
+                op: "HTML To Text",
+                args: []
+            }
         ],
     },
     {
@@ -49,7 +53,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
         ],
     },
@@ -60,7 +64,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
         ],
     },
@@ -71,7 +75,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
         ],
     },
@@ -82,7 +86,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: ["\t", false],
+                args: ["\t", false, false],
             },
         ],
     },
@@ -93,8 +97,12 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: [" ", false],
+                args: [" ", false, false],
             },
+            {
+                op: "HTML To Text",
+                args: []
+            }
         ],
     },
     {
@@ -104,8 +112,12 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: ["\t", false],
+                args: ["\t", false, false],
             },
+            {
+                op: "HTML To Text",
+                args: []
+            }
         ],
     },
     {
@@ -115,8 +127,12 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 op: "JSON Beautify",
-                args: ["\t", true],
+                args: ["\t", true, false],
             },
+            {
+                op: "HTML To Text",
+                args: []
+            }
         ],
     },
 ]);