stegdoc 1.0.1 → 4.0.0

package/src/lib/xlsx-handler.js

@@ -11,7 +11,127 @@ const VISIBLE_SHEET_NAME = 'Server Metrics';
 const CELL_CHUNK_SIZE = 32000; // Max characters per cell (~32KB)
 
 /**
- * Create an XLSX file with encrypted base64 content hidden in a veryHidden sheet
+ * Create an XLSX file using streaming WorkbookWriter (v4 format).
+ * Memory-efficient: rows are freed after commit.
+ * @param {object} options
+ * @param {string} options.base64Content - Base64 content to store in this part
+ * @param {string} options.encryptionMeta - Packed encryption metadata (iv:salt:authTag) or ''
+ * @param {string} options.metadataJson - Serialized metadata JSON string
+ * @param {string} options.outputPath - Output file path
+ * @returns {Promise<string>} Path to created file
+ */
+async function createXlsxPartStreaming(options) {
+  const { base64Content, encryptionMeta, metadataJson, outputPath } = options;
+
+  // Ensure output directory exists
+  const outputDir = path.dirname(outputPath);
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+  }
+
+  const workbook = new ExcelJS.stream.xlsx.WorkbookWriter({
+    filename: outputPath,
+    useSharedStrings: false, // Inline strings for easier post-processing
+  });
+
+  workbook.creator = 'Microsoft Excel';
+  workbook.lastModifiedBy = 'Microsoft Excel';
+  workbook.created = new Date();
+  workbook.modified = new Date();
+
+  // === Sheet 1: Visible decoy data (server metrics) ===
+  const visibleSheet = workbook.addWorksheet(VISIBLE_SHEET_NAME, {
+    properties: { tabColor: { argb: '4472C4' } },
+  });
+
+  // Set column widths before adding rows
+  visibleSheet.columns = [
+    { width: 20 }, // Timestamp
+    { width: 16 }, // Server ID
+    { width: 12 }, // Status
+    { width: 8 },  // CPU %
+    { width: 10 }, // Memory %
+    { width: 8 },  // Disk %
+    { width: 14 }, // Network (MB/s)
+    { width: 10 }, // Requests
+    { width: 14 }, // Resp Time (ms)
+    { width: 12 }, // Uptime (hrs)
+  ];
+
+  // Add headers
+  const headers = generateDecoyHeaders();
+  const headerRow = visibleSheet.addRow(headers);
+
+  const headerCount = headers.length;
+  for (let col = 1; col <= headerCount; col++) {
+    const cell = headerRow.getCell(col);
+    cell.font = { bold: true, size: 11, color: { argb: 'FFFFFF' } };
+    cell.fill = {
+      type: 'pattern',
+      pattern: 'solid',
+      fgColor: { argb: '2E7D32' },
+    };
+  }
+  headerRow.commit();
+
+  // Generate and write decoy data rows, committing each to free memory
+  const payloadSize = base64Content.length;
+  const rowCount = calculateDecoyRowCount(payloadSize);
+  const decoyData = generateDecoyData(rowCount);
+
+  for (const row of decoyData) {
+    const dataRow = visibleSheet.addRow(rowToArray(row));
+    dataRow.commit();
+  }
+
+  // Add filters
+  visibleSheet.autoFilter = {
+    from: 'A1',
+    to: `J${rowCount + 1}`,
+  };
+
+  await visibleSheet.commit();
+
+  // === Sheet 2: Hidden payload (veryHidden) ===
+  const hiddenSheet = workbook.addWorksheet(HIDDEN_SHEET_NAME, {
+    state: 'veryHidden',
+  });
+
+  // Split base64 content into cell-sized chunks
+  const chunks = splitIntoChunks(base64Content, CELL_CHUNK_SIZE);
+
+  // Row 1: metadata
+  const metaRow = hiddenSheet.getRow(1);
+  metaRow.getCell(1).value = encryptionMeta;
+  metaRow.getCell(2).value = metadataJson;
+  metaRow.getCell(3).value = chunks.length.toString();
+  metaRow.commit();
+
+  // Write cell chunks in rows starting from row 2, columns A-Z
+  const totalChunks = chunks.length;
+  const totalRows = Math.ceil(totalChunks / 26);
+
+  for (let rowIdx = 0; rowIdx < totalRows; rowIdx++) {
+    const sheetRow = hiddenSheet.getRow(rowIdx + 2);
+    const startChunk = rowIdx * 26;
+    const endChunk = Math.min(startChunk + 26, totalChunks);
+
+    for (let i = startChunk; i < endChunk; i++) {
+      const col = (i % 26) + 1;
+      sheetRow.getCell(col).value = chunks[i];
+    }
+    sheetRow.commit();
+  }
+
+  await hiddenSheet.commit();
+  await workbook.commit();
+
+  // WorkbookWriter natively supports veryHidden state — no post-processing needed.
+  return outputPath;
+}
+
+/**
+ * Create an XLSX file with encrypted base64 content hidden in a veryHidden sheet (legacy v3)
  * @param {object} options - Options for creating the XLSX
  * @param {string} options.base64Content - Encrypted base64 content to store
  * @param {string} options.encryptionMeta - Packed encryption metadata (iv:salt:authTag)
@@ -122,7 +242,8 @@ async function createXlsxWithBase64(options) {
 }
 
 /**
- * Read an XLSX file and extract encrypted base64 content and metadata
+ * Read an XLSX file and extract encrypted base64 content and metadata.
+ * Always uses direct XML extraction for reliability and memory efficiency.
  * @param {string} xlsxPath - Path to XLSX file
  * @returns {Promise<object>} Object containing base64Content, encryptionMeta, and metadata
  */
@@ -131,64 +252,7 @@ async function readXlsxBase64(xlsxPath) {
     throw new Error(`XLSX file not found: ${xlsxPath}`);
   }
 
-  // Try ExcelJS first, fall back to direct XML extraction if it fails
-  // (ExcelJS fails when namespace prefixes are changed, e.g., ns0:)
-  let hiddenSheet = null;
-  try {
-    const workbook = new ExcelJS.Workbook();
-    await workbook.xlsx.readFile(xlsxPath);
-
-    // Find the hidden sheet
-    workbook.eachSheet((sheet) => {
-      if (sheet.name === HIDDEN_SHEET_NAME || sheet.state === 'veryHidden') {
-        hiddenSheet = sheet;
-      }
-    });
-  } catch (excelError) {
-    // ExcelJS failed (likely namespace issue), use direct XML extraction
-    return await extractFromXml(xlsxPath);
-  }
-
-  // If not found via ExcelJS (veryHidden might be invisible), try direct XML extraction
-  if (!hiddenSheet) {
-    return await extractFromXml(xlsxPath);
-  }
-
-  // Extract encryption metadata from A1 (may be empty if unencrypted)
-  const encryptionMeta = hiddenSheet.getCell('A1').value || '';
-
-  // Extract serialized metadata from B1
-  const metadata = hiddenSheet.getCell('B1').value;
-  if (!metadata) {
-    throw new Error('No metadata found in XLSX file.');
-  }
-
-  // Get chunk count from C1
-  const chunkCountStr = hiddenSheet.getCell('C1').value;
-  const chunkCount = parseInt(chunkCountStr, 10);
-
-  if (isNaN(chunkCount) || chunkCount <= 0) {
-    throw new Error('Invalid chunk count in XLSX file.');
-  }
-
-  // Reconstruct base64 content from chunks
-  const chunks = [];
-  for (let i = 0; i < chunkCount; i++) {
-    const row = Math.floor(i / 26) + 2;
-    const col = (i % 26) + 1;
-    const chunk = hiddenSheet.getCell(row, col).value;
-    if (chunk) {
-      chunks.push(chunk);
-    }
-  }
-
-  const base64Content = chunks.join('');
-
-  return {
-    base64Content,
-    encryptionMeta,
-    metadata,
-  };
+  return await extractFromXml(xlsxPath);
 }
 
 /**
@@ -211,7 +275,7 @@ async function extractFromXml(xlsxPath) {
   const sheetParsed = parseXmlFromZip(xlsxPath, 'xl/worksheets/sheet2.xml');
 
   if (!sheetParsed) {
-    throw new Error('Hidden sheet not found in XLSX file. This may not be a whitener-encoded file.');
+    throw new Error('Hidden sheet not found in XLSX file. This may not be a stegdoc-encoded file.');
   }
 
   // Build cell map from worksheet > sheetData > row > c
@@ -227,7 +291,7 @@ async function extractFromXml(xlsxPath) {
 
       for (const cell of cells) {
         const cellRef = cell['@_r']; // e.g., "A1", "B1"
-        const cellType = cell['@_t']; // "s" for shared string
+        const cellType = cell['@_t']; // "s" for shared string, "inlineStr" for inline
         const cellValue = cell.v;
 
         if (cellRef === undefined) continue;
@@ -238,6 +302,12 @@ async function extractFromXml(xlsxPath) {
           if (ssIndex < sharedStrings.length) {
             cellValues.set(cellRef, sharedStrings[ssIndex]);
           }
+        } else if (cellType === 'inlineStr' && cell.is) {
+          // Inline string (from WorkbookWriter with useSharedStrings: false)
+          const text = extractTextContent(cell.is.t);
+          if (text !== undefined) {
+            cellValues.set(cellRef, text);
+          }
         } else if (cellValue !== undefined) {
           cellValues.set(cellRef, String(cellValue));
         }
@@ -339,21 +409,8 @@ function columnToLetter(col) {
   return letter;
 }
 
-/**
- * Decode XML entities
- * @param {string} str - String with XML entities
- * @returns {string} Decoded string
- */
-function decodeXmlEntities(str) {
-  return str
-    .replace(/&quot;/g, '"')
-    .replace(/&apos;/g, "'")
-    .replace(/&lt;/g, '<')
-    .replace(/&gt;/g, '>')
-    .replace(/&amp;/g, '&');
-}
-
 module.exports = {
+  createXlsxPartStreaming,
   createXlsxWithBase64,
   readXlsxBase64,
 };

package/bootstrap.js

@@ -1,33 +0,0 @@
-// bootstrap.js - Decode whitener DOCX
-const fs = require('fs');
-const JSZip = require('jszip');
-
-const docxPath = process.argv[2];
-if (!docxPath) {
-  console.log('Usage: node bootstrap.js <file.docx>');
-  process.exit(1);
-}
-
-JSZip.loadAsync(fs.readFileSync(docxPath)).then(zip => {
-  return zip.file('word/document.xml').async('string');
-}).then(xml => {
-  const matches = xml.match(/<w:t[^>]*>([^<]*)<\/w:t>/g) || [];
-  let text = '';
-  matches.forEach(m => {
-    let t = m.replace(/<w:t[^>]*>/, '').replace(/<\/w:t>/, '')
-      .replace(/&quot;/g, '"').replace(/&apos;/g, "'")
-      .replace(/&lt;/g, '<').replace(/&gt;/g, '>').replace(/&amp;/g, '&');
-    text += t;
-  });
-
-  const metaIdx = text.indexOf('WHITENER_METADATA:');
-  const sepIdx = text.indexOf('---', metaIdx);
-  const meta = JSON.parse(text.substring(metaIdx + 18, sepIdx).trim());
-  const base64 = text.substring(sepIdx + 3).trim();
-
-  fs.writeFileSync(meta.originalFilename, Buffer.from(base64, 'base64'));
-  console.log(`Decoded: ${meta.originalFilename}`);
-}).catch(err => {
-  console.error('Error:', err.message);
-  process.exit(1);
-});