idmission-web-sdk 2.3.183 → 2.3.184
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/camera/getUserMediaIntegrity.d.ts.map +1 -1
- package/dist/sdk2.cjs.development.js +38 -7
- package/dist/sdk2.cjs.development.js.map +1 -1
- package/dist/sdk2.cjs.production.js +1 -1
- package/dist/sdk2.cjs.production.js.map +1 -1
- package/dist/sdk2.esm.js +38 -7
- package/dist/sdk2.esm.js.map +1 -1
- package/dist/sdk2.umd.development.js +38 -7
- package/dist/sdk2.umd.development.js.map +1 -1
- package/dist/sdk2.umd.production.js +1 -1
- package/dist/sdk2.umd.production.js.map +1 -1
- package/dist/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUserMediaIntegrity.d.ts","sourceRoot":"","sources":["../../../src/lib/camera/getUserMediaIntegrity.ts"],"names":[],"mappings":"AAcA,OAAO,CAAC,MAAM,wBAAwB,EAAE,OAAO,MAAM,CAAA;AAErD,iFAAiF;AACjF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,CAAC,wBAAwB,CAAC,EAAE,IAAI,CAAA;CAC1C,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB,CAAA;AAYD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,IAAI,mBAAmB,CAS3D;
|
|
1
|
+
{"version":3,"file":"getUserMediaIntegrity.d.ts","sourceRoot":"","sources":["../../../src/lib/camera/getUserMediaIntegrity.ts"],"names":[],"mappings":"AAcA,OAAO,CAAC,MAAM,wBAAwB,EAAE,OAAO,MAAM,CAAA;AAErD,iFAAiF;AACjF,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,CAAC,CAAC,wBAAwB,CAAC,EAAE,IAAI,CAAA;CAC1C,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB,CAAA;AAYD;;;;;;GAMG;AACH,wBAAgB,qBAAqB,IAAI,mBAAmB,CAS3D;AAgKD;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,CAAC,EAAE,mBAAmB,GAC1B,eAAe,CAqBjB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,CAAC,EAAE,mBAAmB,GAAG,OAAO,CActE"}
|
|
@@ -235,7 +235,7 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
|
|
|
235
235
|
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
236
236
|
};
|
|
237
237
|
|
|
238
|
-
var webSdkVersion = '2.3.
|
|
238
|
+
var webSdkVersion = '2.3.184';
|
|
239
239
|
|
|
240
240
|
function getPlatform() {
|
|
241
241
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
@@ -3675,15 +3675,46 @@ function checkLayer2() {
|
|
|
3675
3675
|
details: details
|
|
3676
3676
|
};
|
|
3677
3677
|
}
|
|
3678
|
+
// Use same-realm toString calls to avoid cross-realm issues
|
|
3679
|
+
// (Chrome produces unexpected results when calling toString from
|
|
3680
|
+
// one realm on a native host function from another realm).
|
|
3681
|
+
var pageToString = Function.prototype.toString;
|
|
3678
3682
|
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
3679
3683
|
var iframeToString = iframeWindow.Function.prototype.toString;
|
|
3680
|
-
|
|
3681
|
-
|
|
3682
|
-
|
|
3683
|
-
|
|
3684
|
-
|
|
3684
|
+
// Validate that the page's toString itself hasn't been tampered
|
|
3685
|
+
// by comparing toString-on-toString across realms (safe: both are
|
|
3686
|
+
// plain Function objects, not host functions).
|
|
3687
|
+
var pageToStringStr = pageToString.call(pageToString);
|
|
3688
|
+
var iframeToStringStr = iframeToString.call(iframeToString);
|
|
3689
|
+
if (pageToStringStr !== iframeToStringStr) {
|
|
3690
|
+
details.push('Layer 2: Function.prototype.toString appears tampered');
|
|
3685
3691
|
}
|
|
3686
|
-
|
|
3692
|
+
// Compare page vs iframe getUserMedia via same-realm toString.
|
|
3693
|
+
// Legitimate shims (e.g. webrtc-adapter) replace getUserMedia
|
|
3694
|
+
// before the SDK loads, so the page's version may not contain
|
|
3695
|
+
// [native code]. We use the iframe's clean getUserMedia as a
|
|
3696
|
+
// reference: if the iframe's IS native, a non-native page version
|
|
3697
|
+
// is expected when a shim is present and is not flagged. We only
|
|
3698
|
+
// flag when the page's getUserMedia doesn't match the boot-time
|
|
3699
|
+
// snapshot (Layer 1) AND the iframe confirms no shim is in play.
|
|
3700
|
+
var pageResult = pageToString.call(navigator.mediaDevices.getUserMedia);
|
|
3701
|
+
var iframeGUM = (_b = (_a = iframeWindow.navigator) === null || _a === void 0 ? void 0 : _a.mediaDevices) === null || _b === void 0 ? void 0 : _b.getUserMedia;
|
|
3702
|
+
if (iframeGUM) {
|
|
3703
|
+
var iframeResult = iframeToString.call(iframeGUM);
|
|
3704
|
+
var pageIsNative = pageResult.includes('[native code]');
|
|
3705
|
+
var iframeIsNative = iframeResult.includes('[native code]');
|
|
3706
|
+
if (!pageIsNative && !iframeIsNative) {
|
|
3707
|
+
// Neither is native — something has tampered at a deep level
|
|
3708
|
+
details.push('Layer 2: neither page nor iframe getUserMedia appear native');
|
|
3709
|
+
} else if (pageIsNative && !iframeIsNative) {
|
|
3710
|
+
// Page claims native but iframe disagrees — suspicious
|
|
3711
|
+
details.push('Layer 2: page getUserMedia claims native but iframe does not');
|
|
3712
|
+
}
|
|
3713
|
+
// pageIsNative=false, iframeIsNative=true → legitimate shim (e.g. adapter.js), not flagged
|
|
3714
|
+
// both native → clean, not flagged
|
|
3715
|
+
} else if (!pageResult.includes('[native code]')) {
|
|
3716
|
+
// No iframe getUserMedia available to compare against;
|
|
3717
|
+
// fall back to checking the page's result alone
|
|
3687
3718
|
details.push('Layer 2: page getUserMedia toString does not contain [native code]');
|
|
3688
3719
|
}
|
|
3689
3720
|
} finally {
|