From d89f0246eacb483988cb4e57f41232508e8d6421 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sat, 8 Jan 2022 21:29:28 +0100 Subject: [PATCH] fix: replace ajv to avoid unsafe-eval (#269) --- package-lock.json | 36 +++++++++++++++++++++++++++++------- package.json | 2 +- src/js/search.js | 15 +++++---------- 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index d587cdf..a34ea8b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "MIT", "dependencies": { - "ajv": "8.8.2", + "@cfworker/json-schema": "1.12.0", "clipboard": "2.0.8", "flexsearch": "0.7.21", "katex": "0.15.1", @@ -388,6 +388,11 @@ "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-3.1.0.tgz", "integrity": "sha512-GcIY79elgB+azP74j8vqkiXz8xLFfIzbQJdlwOPisgbKT00tviJQuEghOXSMVxJ00HoYJbGswr4kcllUc4xCcg==" }, + "node_modules/@cfworker/json-schema": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/@cfworker/json-schema/-/json-schema-1.12.0.tgz", + "integrity": "sha512-PyWe5QyAZrSJw5zoRe99IW/IiL5kDp47uENDG1cvNJuKBlgOHf5CXHcnhyvbwOeYC4+kQOpdmFp9Dzcj2CmoOg==" + }, "node_modules/@dabh/diagnostics": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.2.tgz", @@ -1476,6 +1481,7 @@ "version": "8.8.2", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.8.2.tgz", "integrity": "sha512-x9VuX+R/jcFj1DHo/fCp99esgGDWiHENrKxaCENuCxpoMCmAt/COCGVDwA7kleEpEzJjDnvh3yGoOuLu0Dtllw==", + "dev": true, "dependencies": { "fast-deep-equal": "^3.1.1", "json-schema-traverse": "^1.0.0", @@ -5019,7 +5025,8 @@ "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true }, "node_modules/fast-diff": { "version": "1.2.0", @@ -6679,7 +6686,8 @@ "node_modules/json-schema-traverse": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true }, "node_modules/json-stable-stringify-without-jsonify": { "version": "1.0.1", @@ -8725,6 +8733,7 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "dev": true, "engines": { "node": ">=6" } @@ -9031,6 +9040,7 @@ "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true, "engines": { "node": ">=0.10.0" } @@ -11437,6 +11447,7 @@ "version": "4.4.1", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, "dependencies": { "punycode": "^2.1.0" } @@ -12498,6 +12509,11 @@ "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-3.1.0.tgz", "integrity": "sha512-GcIY79elgB+azP74j8vqkiXz8xLFfIzbQJdlwOPisgbKT00tviJQuEghOXSMVxJ00HoYJbGswr4kcllUc4xCcg==" }, + "@cfworker/json-schema": { + "version": "1.12.0", + "resolved": "https://registry.npmjs.org/@cfworker/json-schema/-/json-schema-1.12.0.tgz", + "integrity": "sha512-PyWe5QyAZrSJw5zoRe99IW/IiL5kDp47uENDG1cvNJuKBlgOHf5CXHcnhyvbwOeYC4+kQOpdmFp9Dzcj2CmoOg==" + }, "@dabh/diagnostics": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.2.tgz", @@ -13405,6 +13421,7 @@ "version": "8.8.2", "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.8.2.tgz", "integrity": "sha512-x9VuX+R/jcFj1DHo/fCp99esgGDWiHENrKxaCENuCxpoMCmAt/COCGVDwA7kleEpEzJjDnvh3yGoOuLu0Dtllw==", + "dev": true, "requires": { "fast-deep-equal": "^3.1.1", "json-schema-traverse": "^1.0.0", @@ -16186,7 +16203,8 @@ "fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true }, "fast-diff": { "version": "1.2.0", @@ -17464,7 +17482,8 @@ "json-schema-traverse": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", - "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "dev": true }, "json-stable-stringify-without-jsonify": { "version": "1.0.1", @@ -19070,7 +19089,8 @@ "punycode": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "dev": true }, "q": { "version": "1.5.1", @@ -19307,7 +19327,8 @@ "require-from-string": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", - "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==" + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "dev": true }, "require-main-filename": { "version": "2.0.0", @@ -21200,6 +21221,7 @@ "version": "4.4.1", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, "requires": { "punycode": "^2.1.0" } diff --git a/package.json b/package.json index ee2b98c..356c891 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "author": "Robert Kaussow", "license": "MIT", "dependencies": { - "ajv": "8.8.2", + "@cfworker/json-schema": "1.12.0", "clipboard": "2.0.8", "flexsearch": "0.7.21", "katex": "0.15.1", diff --git a/src/js/search.js b/src/js/search.js index 3c9f584..6e93058 100644 --- a/src/js/search.js +++ b/src/js/search.js @@ -1,10 +1,8 @@ const { groupBy } = require("./groupBy") const { FlexSearch } = require("flexsearch/dist/flexsearch.compact") -const Ajv = require("ajv") +const { Validator } = require("@cfworker/json-schema") document.addEventListener("DOMContentLoaded", function (event) { - const ajv = new Ajv() - const input = document.querySelector("#gdoc-search-input") const results = document.querySelector("#gdoc-search-results") @@ -23,17 +21,14 @@ document.addEventListener("DOMContentLoaded", function (event) { }, additionalProperties: false } + const validator = new Validator(configSchema) getJson("/search/config.min.json", function (searchConfig) { - const configValidate = ajv.compile(configSchema) - const valid = configValidate(searchConfig) + const validationResult = validator.validate(searchConfig) - if (!valid) + if (!validationResult.valid) throw AggregateError( - configValidate.errors.map( - (err) => - new Error(["Validation error:", err.instancePath, err.keyword, err.message].join(" ")) - ), + validationResult.errors.map((err) => new Error("Validation error: " + err.error)), "Schema validation failed" )