cyberchef 9.46.1 → 9.46.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "cyberchef",
|
|
3
|
-
"version": "9.46.
|
|
3
|
+
"version": "9.46.2",
|
|
4
4
|
"description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
|
|
5
5
|
"author": "n1474335 <n1474335@gmail.com>",
|
|
6
6
|
"homepage": "https://gchq.github.io/CyberChef",
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
"js-sha3": "^0.8.0",
|
|
124
124
|
"jsesc": "^3.0.2",
|
|
125
125
|
"json5": "^2.2.1",
|
|
126
|
-
"jsonpath": "^
|
|
126
|
+
"jsonpath-plus": "^7.2.0",
|
|
127
127
|
"jsonwebtoken": "^8.5.1",
|
|
128
128
|
"jsqr": "^1.4.0",
|
|
129
129
|
"jsrsasign": "^10.5.23",
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* @license Apache-2.0
|
|
5
5
|
*/
|
|
6
6
|
|
|
7
|
-
import
|
|
7
|
+
import {JSONPath} from "jsonpath-plus";
|
|
8
8
|
import Operation from "../Operation.mjs";
|
|
9
9
|
import OperationError from "../errors/OperationError.mjs";
|
|
10
10
|
|
|
@@ -27,14 +27,20 @@ class JPathExpression extends Operation {
|
|
|
27
27
|
this.outputType = "string";
|
|
28
28
|
this.args = [
|
|
29
29
|
{
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
30
|
+
name: "Query",
|
|
31
|
+
type: "string",
|
|
32
|
+
value: ""
|
|
33
33
|
},
|
|
34
34
|
{
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
35
|
+
name: "Result delimiter",
|
|
36
|
+
type: "binaryShortString",
|
|
37
|
+
value: "\\n"
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
name: "Prevent eval",
|
|
41
|
+
type: "boolean",
|
|
42
|
+
value: true,
|
|
43
|
+
description: "Evaluated expressions are disabled by default for security reasons"
|
|
38
44
|
}
|
|
39
45
|
];
|
|
40
46
|
}
|
|
@@ -45,18 +51,21 @@ class JPathExpression extends Operation {
|
|
|
45
51
|
* @returns {string}
|
|
46
52
|
*/
|
|
47
53
|
run(input, args) {
|
|
48
|
-
const [query, delimiter] = args;
|
|
49
|
-
let results,
|
|
50
|
-
obj;
|
|
54
|
+
const [query, delimiter, preventEval] = args;
|
|
55
|
+
let results, jsonObj;
|
|
51
56
|
|
|
52
57
|
try {
|
|
53
|
-
|
|
58
|
+
jsonObj = JSON.parse(input);
|
|
54
59
|
} catch (err) {
|
|
55
60
|
throw new OperationError(`Invalid input JSON: ${err.message}`);
|
|
56
61
|
}
|
|
57
62
|
|
|
58
63
|
try {
|
|
59
|
-
results =
|
|
64
|
+
results = JSONPath({
|
|
65
|
+
path: query,
|
|
66
|
+
json: jsonObj,
|
|
67
|
+
preventEval: preventEval
|
|
68
|
+
});
|
|
60
69
|
} catch (err) {
|
|
61
70
|
throw new OperationError(`Invalid JPath expression: ${err.message}`);
|
|
62
71
|
}
|
|
@@ -185,11 +185,11 @@ TestRegister.addTests([
|
|
|
185
185
|
{
|
|
186
186
|
name: "JPath Expression: Empty expression",
|
|
187
187
|
input: JSON.stringify(JSON_TEST_DATA),
|
|
188
|
-
expectedOutput: "
|
|
188
|
+
expectedOutput: "",
|
|
189
189
|
recipeConfig: [
|
|
190
190
|
{
|
|
191
191
|
"op": "JPath expression",
|
|
192
|
-
"args": ["", "\n"]
|
|
192
|
+
"args": ["", "\n", true]
|
|
193
193
|
}
|
|
194
194
|
],
|
|
195
195
|
},
|
|
@@ -205,7 +205,7 @@ TestRegister.addTests([
|
|
|
205
205
|
recipeConfig: [
|
|
206
206
|
{
|
|
207
207
|
"op": "JPath expression",
|
|
208
|
-
"args": ["$.store.book[*].author", "\n"]
|
|
208
|
+
"args": ["$.store.book[*].author", "\n", true]
|
|
209
209
|
}
|
|
210
210
|
],
|
|
211
211
|
},
|
|
@@ -223,7 +223,7 @@ TestRegister.addTests([
|
|
|
223
223
|
recipeConfig: [
|
|
224
224
|
{
|
|
225
225
|
"op": "JPath expression",
|
|
226
|
-
"args": ["$..title", "\n"]
|
|
226
|
+
"args": ["$..title", "\n", true]
|
|
227
227
|
}
|
|
228
228
|
],
|
|
229
229
|
},
|
|
@@ -238,7 +238,7 @@ TestRegister.addTests([
|
|
|
238
238
|
recipeConfig: [
|
|
239
239
|
{
|
|
240
240
|
"op": "JPath expression",
|
|
241
|
-
"args": ["$.store.*", "\n"]
|
|
241
|
+
"args": ["$.store.*", "\n", true]
|
|
242
242
|
}
|
|
243
243
|
],
|
|
244
244
|
},
|
|
@@ -249,7 +249,7 @@ TestRegister.addTests([
|
|
|
249
249
|
recipeConfig: [
|
|
250
250
|
{
|
|
251
251
|
"op": "JPath expression",
|
|
252
|
-
"args": ["$..book[-1:]", "\n"]
|
|
252
|
+
"args": ["$..book[-1:]", "\n", true]
|
|
253
253
|
}
|
|
254
254
|
],
|
|
255
255
|
},
|
|
@@ -263,7 +263,7 @@ TestRegister.addTests([
|
|
|
263
263
|
recipeConfig: [
|
|
264
264
|
{
|
|
265
265
|
"op": "JPath expression",
|
|
266
|
-
"args": ["$..book[:2]", "\n"]
|
|
266
|
+
"args": ["$..book[:2]", "\n", true]
|
|
267
267
|
}
|
|
268
268
|
],
|
|
269
269
|
},
|
|
@@ -277,7 +277,7 @@ TestRegister.addTests([
|
|
|
277
277
|
recipeConfig: [
|
|
278
278
|
{
|
|
279
279
|
"op": "JPath expression",
|
|
280
|
-
"args": ["$..book[?(@.isbn)]", "\n"]
|
|
280
|
+
"args": ["$..book[?(@.isbn)]", "\n", false]
|
|
281
281
|
}
|
|
282
282
|
],
|
|
283
283
|
},
|
|
@@ -292,7 +292,7 @@ TestRegister.addTests([
|
|
|
292
292
|
recipeConfig: [
|
|
293
293
|
{
|
|
294
294
|
"op": "JPath expression",
|
|
295
|
-
"args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n"]
|
|
295
|
+
"args": ["$..book[?(@.price<30 && @.category==\"fiction\")]", "\n", false]
|
|
296
296
|
}
|
|
297
297
|
],
|
|
298
298
|
},
|
|
@@ -306,9 +306,24 @@ TestRegister.addTests([
|
|
|
306
306
|
recipeConfig: [
|
|
307
307
|
{
|
|
308
308
|
"op": "JPath expression",
|
|
309
|
-
"args": ["$..book[?(@.price<10)]", "\n"]
|
|
309
|
+
"args": ["$..book[?(@.price<10)]", "\n", false]
|
|
310
|
+
}
|
|
311
|
+
],
|
|
312
|
+
},
|
|
313
|
+
{
|
|
314
|
+
name: "JPath Expression: Script-based expression",
|
|
315
|
+
input: "[{}]",
|
|
316
|
+
recipeConfig: [
|
|
317
|
+
{
|
|
318
|
+
"op": "JPath expression",
|
|
319
|
+
"args": [
|
|
320
|
+
"$..[?(({__proto__:[].constructor}).constructor(\"self.postMessage({action:'bakeComplete',data:{bakeId:1,dish:{type:1,value:''},duration:1,error:false,id:undefined,inputNum:2,progress:1,result:'<iframe/onload=debugger>',type: 'html'}});\")();)]",
|
|
321
|
+
"\n",
|
|
322
|
+
true
|
|
323
|
+
]
|
|
310
324
|
}
|
|
311
325
|
],
|
|
326
|
+
expectedOutput: "Invalid JPath expression: Eval [?(expr)] prevented in JSONPath expression."
|
|
312
327
|
},
|
|
313
328
|
{
|
|
314
329
|
name: "CSS selector",
|