cyberchef 9.45.0 → 9.46.2

package/CHANGELOG.md

@@ -13,6 +13,12 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [9.46.0] - 2022-07-08
+- Added 'Cetacean Cipher Encode' and 'Cetacean Cipher Decode' operations [@valdelaseras] | [#1308]
+
+### [9.45.0] - 2022-07-08
+- Added 'ROT8000' operation [@thomasleplus] | [#1250]
+
 ### [9.44.0] - 2022-07-08
 - Added 'LZString Compress' and 'LZString Decompress' operations [@crespyl] | [#1266]
 
@@ -309,6 +315,8 @@ All major and minor version changes will be documented in this file. Details of
 
 
 
+[9.46.0]: https://github.com/gchq/CyberChef/releases/tag/v9.46.0
+[9.45.0]: https://github.com/gchq/CyberChef/releases/tag/v9.45.0
 [9.44.0]: https://github.com/gchq/CyberChef/releases/tag/v9.44.0
 [9.43.0]: https://github.com/gchq/CyberChef/releases/tag/v9.43.0
 [9.42.0]: https://github.com/gchq/CyberChef/releases/tag/v9.42.0
@@ -440,6 +448,8 @@ All major and minor version changes will be documented in this file. Details of
 [@swesven]: https://github.com/swesven
 [@mikecat]: https://github.com/mikecat
 [@crespyl]: https://github.com/crespyl
+[@thomasleplus]: https://github.com/thomasleplus
+[@valdelaseras]: https://github.com/valdelaseras
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
 [9a33498]: https://github.com/gchq/CyberChef/commit/9a33498fed26a8df9c9f35f39a78a174bf50a513
@@ -540,4 +550,6 @@ All major and minor version changes will be documented in this file. Details of
 [#1364]: https://github.com/gchq/CyberChef/pull/1364
 [#1264]: https://github.com/gchq/CyberChef/pull/1264
 [#1266]: https://github.com/gchq/CyberChef/pull/1266
+[#1250]: https://github.com/gchq/CyberChef/pull/1250
+[#1308]: https://github.com/gchq/CyberChef/pull/1308
 

package/README.md

@@ -54,7 +54,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
      - Whenever you modify the input or the recipe, CyberChef will automatically "bake" for you and produce the output immediately.
      - This can be turned off and operated manually if it is affecting performance (if the input is very large, for instance).
  - Automated encoding detection
-     - CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation which can make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data.
+     - CyberChef uses [a number of techniques](https://github.com/gchq/CyberChef/wiki/Automatic-detection-of-encoded-data-using-CyberChef-Magic) to attempt to automatically detect which encodings your data is under. If it finds a suitable operation that make sense of your data, it displays the 'magic' icon in the Output field which you can click to decode your data.
  - Breakpoints
      - You can set breakpoints on any operation in your recipe to pause execution before running it.
      - You can also step through the recipe one operation at a time to see what the data looks like at each stage.
@@ -66,7 +66,7 @@ You can use as many operations as you like in simple or complex ways. Some examp
  - Highlighting
      - When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively (example: [highlight the word 'question' in the input to see where it appears in the output][11]).
  - Save to file and load from file
-     - You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however some operations may take a very long time to run over this much data.
+     - You can save the output to a file at any time or load a file by dragging and dropping it into the input field. Files up to around 2GB are supported (depending on your browser), however, some operations may take a very long time to run over this much data.
  - CyberChef is entirely client-side
      - It should be noted that none of your recipe configuration or input (either text or files) is ever sent to the CyberChef web server - all processing is carried out within your browser, on your own computer.
      - Due to this feature, CyberChef can be downloaded and run locally. You can use the link in the top left corner of the app to download a full copy of CyberChef and drop it into a virtual machine, share it with other people, or host it in a closed network.
@@ -74,10 +74,10 @@ You can use as many operations as you like in simple or complex ways. Some examp
 
 ## Deep linking
 
-By manipulation of CyberChef's URL hash, you can change the initial settings with which the page opens.
+By manipulating CyberChef's URL hash, you can change the initial settings with which the page opens.
 The format is `https://gchq.github.io/CyberChef/#recipe=Operation()&input=...`
 
-Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`. 
+Supported arguments are `recipe`, `input` (encoded in Base64), and `theme`.
 
 
 ## Browser support
@@ -90,12 +90,12 @@ CyberChef is built to support
 
 ## Node.js support
 
-CyberChef is built to fully support Node.js `v10` and partially supports `v12`. Named imports using a deep import specifier does not work in `v12`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki)
+CyberChef is built to fully support Node.js `v16`. For more information, see the Node API page in the project [wiki pages](https://github.com/gchq/CyberChef/wiki)
 
 
 ## Contributing
 
-Contributing a new operation to CyberChef is super easy! There is a quickstart script which will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
+Contributing a new operation to CyberChef is super easy! The quickstart script will walk you through the process. If you can write basic JavaScript, you can write a CyberChef operation.
 
 An installation walkthrough, how-to guides for adding new operations and themes, descriptions of the repository structure, available data types and coding conventions can all be found in the project [wiki pages](https://github.com/gchq/CyberChef/wiki).
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "9.45.0",
+  "version": "9.46.2",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -123,7 +123,7 @@
     "js-sha3": "^0.8.0",
     "jsesc": "^3.0.2",
     "json5": "^2.2.1",
-    "jsonpath": "^1.1.1",
+    "jsonpath-plus": "^7.2.0",
     "jsonwebtoken": "^8.5.1",
     "jsqr": "^1.4.0",
     "jsrsasign": "^10.5.23",

package/src/core/config/Categories.json

@@ -112,6 +112,8 @@
             "Atbash Cipher",
             "CipherSaber2 Encrypt",
             "CipherSaber2 Decrypt",
+            "Cetacean Cipher Encode",
+            "Cetacean Cipher Decode",
             "Substitute",
             "Derive PBKDF2 key",
             "Derive EVP key",

package/src/core/config/OperationConfig.json

@@ -1506,6 +1506,33 @@
             }
         ]
     },
+    "Cetacean Cipher Decode": {
+        "module": "Ciphers",
+        "description": "Decode Cetacean Cipher input. <br/><br/>e.g. <code>EEEEEEEEEeeEeEEEEEEEEEEEEeeEeEEe</code> becomes <code>hi</code>",
+        "infoURL": "https://hitchhikers.fandom.com/wiki/Dolphins",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": [],
+        "checks": [
+            {
+                "pattern": "^(?:[eE]{16,})(?: [eE]{16,})*$",
+                "flags": "",
+                "args": []
+            }
+        ]
+    },
+    "Cetacean Cipher Encode": {
+        "module": "Ciphers",
+        "description": "Converts any input into Cetacean Cipher. <br/><br/>e.g. <code>hi</code> becomes <code>EEEEEEEEEeeEeEEEEEEEEEEEEeeEeEEe</code>",
+        "infoURL": "https://hitchhikers.fandom.com/wiki/Dolphins",
+        "inputType": "string",
+        "outputType": "string",
+        "flowControl": false,
+        "manualBake": false,
+        "args": []
+    },
     "Change IP format": {
         "module": "Default",
         "description": "Convert an IP address from one format to another, e.g. <code>172.20.23.54</code> to <code>ac141736</code>",
@@ -7693,6 +7720,11 @@
                 "name": "Result delimiter",
                 "type": "binaryShortString",
                 "value": "\\n"
+            },
+            {
+                "name": "Prevent eval",
+                "type": "boolean",
+                "value": true
             }
         ]
     },

package/src/core/config/modules/Ciphers.mjs

@@ -17,6 +17,8 @@ import BifidCipherEncode from "../../operations/BifidCipherEncode.mjs";
 import BlowfishDecrypt from "../../operations/BlowfishDecrypt.mjs";
 import BlowfishEncrypt from "../../operations/BlowfishEncrypt.mjs";
 import CaesarBoxCipher from "../../operations/CaesarBoxCipher.mjs";
+import CetaceanCipherDecode from "../../operations/CetaceanCipherDecode.mjs";
+import CetaceanCipherEncode from "../../operations/CetaceanCipherEncode.mjs";
 import DESDecrypt from "../../operations/DESDecrypt.mjs";
 import DESEncrypt from "../../operations/DESEncrypt.mjs";
 import DeriveEVPKey from "../../operations/DeriveEVPKey.mjs";
@@ -55,6 +57,8 @@ OpModules.Ciphers = {
     "Blowfish Decrypt": BlowfishDecrypt,
     "Blowfish Encrypt": BlowfishEncrypt,
     "Caesar Box Cipher": CaesarBoxCipher,
+    "Cetacean Cipher Decode": CetaceanCipherDecode,
+    "Cetacean Cipher Encode": CetaceanCipherEncode,
     "DES Decrypt": DESDecrypt,
     "DES Encrypt": DESEncrypt,
     "Derive EVP key": DeriveEVPKey,

package/src/core/operations/CetaceanCipherDecode.mjs

@@ -0,0 +1,63 @@
+/**
+ * @author dolphinOnKeys [robin@weird.io]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+
+/**
+ * Cetacean Cipher Decode operation
+ */
+class CetaceanCipherDecode extends Operation {
+
+    /**
+     * CetaceanCipherDecode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Cetacean Cipher Decode";
+        this.module = "Ciphers";
+        this.description = "Decode Cetacean Cipher input. <br/><br/>e.g. <code>EEEEEEEEEeeEeEEEEEEEEEEEEeeEeEEe</code> becomes <code>hi</code>";
+        this.infoURL = "https://hitchhikers.fandom.com/wiki/Dolphins";
+        this.inputType = "string";
+        this.outputType = "string";
+
+        this.checks = [
+            {
+                pattern: "^(?:[eE]{16,})(?: [eE]{16,})*$",
+                flags: "",
+                args: []
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const binaryArray = [];
+        for (const char of input) {
+            if (char === " ") {
+                binaryArray.push(...[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0]);
+            } else {
+                binaryArray.push(char === "e" ? 1 : 0);
+            }
+        }
+
+        const byteArray = [];
+
+        for (let i = 0;  i < binaryArray.length; i += 16) {
+            byteArray.push(binaryArray.slice(i, i + 16).join(""));
+        }
+
+        return byteArray.map(byte =>
+            String.fromCharCode(parseInt(byte, 2))
+        ).join("");
+    }
+}
+
+export default CetaceanCipherDecode;

package/src/core/operations/CetaceanCipherEncode.mjs

@@ -0,0 +1,51 @@
+/**
+ * @author dolphinOnKeys [robin@weird.io]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import {toBinary} from "../lib/Binary.mjs";
+
+/**
+ * Cetacean Cipher Encode operation
+ */
+class CetaceanCipherEncode extends Operation {
+
+    /**
+     * CetaceanCipherEncode constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Cetacean Cipher Encode";
+        this.module = "Ciphers";
+        this.description = "Converts any input into Cetacean Cipher. <br/><br/>e.g. <code>hi</code> becomes <code>EEEEEEEEEeeEeEEEEEEEEEEEEeeEeEEe</code>";
+        this.infoURL = "https://hitchhikers.fandom.com/wiki/Dolphins";
+        this.inputType = "string";
+        this.outputType = "string";
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const result = [];
+        const charArray = input.split("");
+
+        charArray.map(character => {
+            if (character === " ") {
+                result.push(character);
+            } else {
+                const binaryArray = toBinary(character.charCodeAt(0), "None", 16).split("");
+                result.push(binaryArray.map(str => str === "1" ? "e" : "E").join(""));
+            }
+        });
+
+        return result.join("");
+    }
+}
+
+export default CetaceanCipherEncode;

package/src/core/operations/JPathExpression.mjs

@@ -4,7 +4,7 @@
  * @license Apache-2.0
  */
 
-import jpath from "jsonpath";
+import {JSONPath} from "jsonpath-plus";
 import Operation from "../Operation.mjs";
 import OperationError from "../errors/OperationError.mjs";
 
@@ -27,14 +27,20 @@ class JPathExpression extends Operation {
         this.outputType = "string";
         this.args = [
             {
-                "name": "Query",
-                "type": "string",
-                "value": ""
+                name: "Query",
+                type: "string",
+                value: ""
             },
             {
-                "name": "Result delimiter",
-                "type": "binaryShortString",
-                "value": "\\n"
+                name: "Result delimiter",
+                type: "binaryShortString",
+                value: "\\n"
+            },
+            {
+                name: "Prevent eval",
+                type: "boolean",
+                value: true,
+                description: "Evaluated expressions are disabled by default for security reasons"
             }
         ];
     }
@@ -45,18 +51,21 @@ class JPathExpression extends Operation {
      * @returns {string}
      */
     run(input, args) {
-        const [query, delimiter] = args;
-        let results,
-            obj;
+        const [query, delimiter, preventEval] = args;
+        let results, jsonObj;
 
         try {
-            obj = JSON.parse(input);
+            jsonObj = JSON.parse(input);
         } catch (err) {
             throw new OperationError(`Invalid input JSON: ${err.message}`);
         }
 
         try {
-            results = jpath.query(obj, query);
+            results = JSONPath({
+                path: query,
+                json: jsonObj,
+                preventEval: preventEval
+            });
         } catch (err) {
             throw new OperationError(`Invalid JPath expression: ${err.message}`);
         }

package/src/core/operations/JSONToCSV.mjs

@@ -114,8 +114,11 @@ class JSONToCSV extends Operation {
      * @returns {string}
      */
     escapeCellContents(data, force=false) {
-        if (typeof data === "number") data = data.toString();
-        if (force && typeof data !== "string") data = JSON.stringify(data);
+        if (data !== "string") {
+            const isPrimitive = data == null || typeof data !== "object";
+            if (isPrimitive) data = `${data}`;
+            else if (force) data = JSON.stringify(data);
+        }
 
         // Double quotes should be doubled up
         data = data.replace(/"/g, '""');

package/src/core/operations/index.mjs

@@ -50,6 +50,8 @@ import CSVToJSON from "./CSVToJSON.mjs";
 import CTPH from "./CTPH.mjs";
 import CaesarBoxCipher from "./CaesarBoxCipher.mjs";
 import CartesianProduct from "./CartesianProduct.mjs";
+import CetaceanCipherDecode from "./CetaceanCipherDecode.mjs";
+import CetaceanCipherEncode from "./CetaceanCipherEncode.mjs";
 import ChangeIPFormat from "./ChangeIPFormat.mjs";
 import ChiSquare from "./ChiSquare.mjs";
 import CipherSaber2Decrypt from "./CipherSaber2Decrypt.mjs";
@@ -433,6 +435,8 @@ export {
     CTPH,
     CaesarBoxCipher,
     CartesianProduct,
+    CetaceanCipherDecode,
+    CetaceanCipherEncode,
     ChangeIPFormat,
     ChiSquare,
     CipherSaber2Decrypt,

package/src/node/index.mjs

@@ -60,6 +60,8 @@ import {
     CTPH as core_CTPH,
     CaesarBoxCipher as core_CaesarBoxCipher,
     CartesianProduct as core_CartesianProduct,
+    CetaceanCipherDecode as core_CetaceanCipherDecode,
+    CetaceanCipherEncode as core_CetaceanCipherEncode,
     ChangeIPFormat as core_ChangeIPFormat,
     ChiSquare as core_ChiSquare,
     CipherSaber2Decrypt as core_CipherSaber2Decrypt,
@@ -443,6 +445,8 @@ function generateChef() {
         "CTPH": _wrap(core_CTPH),
         "caesarBoxCipher": _wrap(core_CaesarBoxCipher),
         "cartesianProduct": _wrap(core_CartesianProduct),
+        "cetaceanCipherDecode": _wrap(core_CetaceanCipherDecode),
+        "cetaceanCipherEncode": _wrap(core_CetaceanCipherEncode),
         "changeIPFormat": _wrap(core_ChangeIPFormat),
         "chiSquare": _wrap(core_ChiSquare),
         "cipherSaber2Decrypt": _wrap(core_CipherSaber2Decrypt),
@@ -834,6 +838,8 @@ const CSVToJSON = chef.CSVToJSON;
 const CTPH = chef.CTPH;
 const caesarBoxCipher = chef.caesarBoxCipher;
 const cartesianProduct = chef.cartesianProduct;
+const cetaceanCipherDecode = chef.cetaceanCipherDecode;
+const cetaceanCipherEncode = chef.cetaceanCipherEncode;
 const changeIPFormat = chef.changeIPFormat;
 const chiSquare = chef.chiSquare;
 const cipherSaber2Decrypt = chef.cipherSaber2Decrypt;
@@ -1219,6 +1225,8 @@ const operations = [
     CTPH,
     caesarBoxCipher,
     cartesianProduct,
+    cetaceanCipherDecode,
+    cetaceanCipherEncode,
     changeIPFormat,
     chiSquare,
     cipherSaber2Decrypt,
@@ -1608,6 +1616,8 @@ export {
     CTPH,
     caesarBoxCipher,
     cartesianProduct,
+    cetaceanCipherDecode,
+    cetaceanCipherEncode,
     changeIPFormat,
     chiSquare,
     cipherSaber2Decrypt,

package/src/web/stylesheets/utils/_overrides.css

@@ -82,7 +82,17 @@ a:focus {
     border-color: var(--btn-success-hover-border-colour);
 }
 
-select.form-control:not([size]):not([multiple]), select.custom-file-control:not([size]):not([multiple]) {
+select.form-control,
+select.form-control:focus {
+    background-color: var(--primary-background-colour) !important;
+}
+
+select.form-control:focus {
+    transition: none !important;
+}
+
+select.form-control:not([size]):not([multiple]),
+select.custom-file-control:not([size]):not([multiple]) {
     height: unset !important;
 }
 
@@ -145,7 +155,8 @@ optgroup {
     color: var(--primary-font-colour);
 }
 
-.table-bordered th, .table-bordered td {
+.table-bordered th,
+.table-bordered td {
     border: 1px solid var(--table-border-colour);
 }
 
@@ -172,7 +183,9 @@ optgroup {
     color: var(--subtext-font-colour);
 }
 
-.nav-tabs>li>a.nav-link.active, .nav-tabs>li>a.nav-link.active:focus, .nav-tabs>li>a.nav-link.active:hover {
+.nav-tabs>li>a.nav-link.active,
+.nav-tabs>li>a.nav-link.active:focus,
+.nav-tabs>li>a.nav-link.active:hover {
     background-color: var(--secondary-background-colour);
     border-color: var(--secondary-border-colour);
     border-bottom-color: transparent;
@@ -183,7 +196,8 @@ optgroup {
     border-color: var(--primary-border-colour);
 }
 
-.nav a.nav-link:focus, .nav a.nav-link:hover {
+.nav a.nav-link:focus,
+.nav a.nav-link:hover {
     background-color: var(--secondary-border-colour);
 }
 
@@ -199,7 +213,8 @@ optgroup {
     color: var(--primary-font-colour);
 }
 
-.dropdown-menu a:focus, .dropdown-menu a:hover {
+.dropdown-menu a:focus,
+.dropdown-menu a:hover {
     background-color: var(--secondary-background-colour);
     color: var(--primary-font-colour);
 }

package/tests/operations/index.mjs

@@ -28,6 +28,8 @@ import "./tests/Base85.mjs";
 import "./tests/BitwiseOp.mjs";
 import "./tests/ByteRepr.mjs";
 import "./tests/CartesianProduct.mjs";
+import "./tests/CetaceanCipherEncode.mjs";
+import "./tests/CetaceanCipherDecode.mjs";
 import "./tests/CharEnc.mjs";
 import "./tests/ChangeIPFormat.mjs";
 import "./tests/Charts.mjs";

package/tests/operations/tests/CetaceanCipherDecode.mjs

@@ -0,0 +1,22 @@
+/**
+ * CetaceanCipher Encode tests
+ *
+ * @author dolphinOnKeys
+ * @copyright Crown Copyright 2022
+ * @licence Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "Cetacean Cipher Decode",
+        input: "EEEEEEEEEeeEEEEe EEEEEEEEEeeEEEeE EEEEEEEEEeeEEEee EEeeEEEEEeeEEeee",
+        expectedOutput: "a b c で",
+        recipeConfig: [
+            {
+                op: "Cetacean Cipher Decode",
+                args: []
+            },
+        ],
+    }
+]);

package/tests/operations/tests/CetaceanCipherEncode.mjs

@@ -0,0 +1,22 @@
+/**
+ * CetaceanCipher Encode tests
+ *
+ * @author dolphinOnKeys
+ * @copyright Crown Copyright 2022
+ * @licence Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "Cetacean Cipher Encode",
+        input: "a b c で",
+        expectedOutput: "EEEEEEEEEeeEEEEe EEEEEEEEEeeEEEeE EEEEEEEEEeeEEEee EEeeEEEEEeeEEeee",
+        recipeConfig: [
+            {
+                op: "Cetacean Cipher Encode",
+                args: []
+            },
+        ],
+    }
+]);

package/tests/operations/tests/Code.mjs

@@ -185,11 +185,11 @@ TestRegister.addTests([
     {
         name: "JPath Expression: Empty expression",
         input: JSON.stringify(JSON_TEST_DATA),
-        expectedOutput: "Invalid JPath expression: we need a path",
+        expectedOutput: "",
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["", "\n"]
+                "args": ["", "\n", true]
             }
         ],
     },
@@ -205,7 +205,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$.store.book[*].author", "\n"]
+                "args": ["$.store.book[*].author", "\n", true]
             }
         ],
     },
@@ -223,7 +223,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..title", "\n"]
+                "args": ["$..title", "\n", true]
             }
         ],
     },
@@ -238,7 +238,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$.store.*", "\n"]
+                "args": ["$.store.*", "\n", true]
             }
         ],
     },
@@ -249,7 +249,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..book[-1:]", "\n"]
+                "args": ["$..book[-1:]", "\n", true]
             }
         ],
     },
@@ -263,7 +263,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..book[:2]", "\n"]
+                "args": ["$..book[:2]", "\n", true]
             }
         ],
     },
@@ -277,7 +277,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..book[?(@.isbn)]", "\n"]
+                "args": ["$..book[?(@.isbn)]", "\n", false]
             }
         ],
     },
@@ -292,7 +292,7 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n"]
+                "args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n", false]
             }
         ],
     },
@@ -306,9 +306,24 @@ TestRegister.addTests([
         recipeConfig: [
             {
                 "op": "JPath expression",
-                "args": ["$..book[?(@.price<10)]", "\n"]
+                "args": ["$..book[?(@.price<10)]", "\n", false]
+            }
+        ],
+    },
+    {
+        name: "JPath Expression: Script-based expression",
+        input: "[{}]",
+        recipeConfig: [
+            {
+                "op": "JPath expression",
+                "args": [
+                    "$..[?(({__proto__:[].constructor}).constructor(\"self.postMessage({action:'bakeComplete',data:{bakeId:1,dish:{type:1,value:''},duration:1,error:false,id:undefined,inputNum:2,progress:1,result:'<iframe/onload=debugger>',type: 'html'}});\")();)]",
+                    "\n",
+                    true
+                ]
             }
         ],
+        expectedOutput: "Invalid JPath expression: Eval [?(expr)] prevented in JSONPath expression."
     },
     {
         name: "CSS selector",

package/tests/operations/tests/JSONtoCSV.mjs

@@ -46,6 +46,17 @@ TestRegister.addTests([
             },
         ],
     },
+    {
+        name: "JSON to CSV: boolean and null as values",
+        input: JSON.stringify({a: false, b: null, c: 3}),
+        expectedOutput: "a,b,c\r\nfalse,null,3\r\n",
+        recipeConfig: [
+            {
+                op: "JSON to CSV",
+                args: [",", "\\r\\n"]
+            },
+        ],
+    },
     {
         name: "JSON to CSV: JSON as an array",
         input: JSON.stringify([{a: 1, b: "2", c: 3}]),