Beanz/pdf.js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pdf.js/test/unit
History
Rob Wu 17da8ee8fa Fix path traversal issue in createTemporaryNodeServer 
The test-only createTemporaryNodeServer helper featured a path traversal
vulnerability. This enables attackers with network access to the device
to read arbitrary files while unit tests are running that activate this
test server.

This patch fixes the issue by validation of paths.

To test this vulnerability before the patch:

1. Run the test-only server:

```
node -e 'console.log(require("./test/unit/test_utils.js").createTemporaryNodeServer().port)
```

2. From another terminal, send the following request (modify the port to
   the port reported in the previous step):

```
curl --path-as-is http://localhost:45755/../../package.json
```

Before the patch, the second step would traverse the directory, and
return results from the root of the PDF.js repository, instead of files
within test/pdfs/.

With the patch, the server refuses the request with HTTP status 400.
2024-11-23 21:32:24 +01:00
..
annotation_spec.js
When saving some annotations with the same name, set the value in the parent
2024-11-17 15:55:20 +01:00
annotation_storage_spec.js
Annotations - Avoid empty value in text field when storage contains something for it (bug 1719148)
2021-09-18 15:08:22 +02:00
api_spec.js
Merge pull request #19003 from Snuffleupagus/api-unittest-image-helpers
2024-11-06 09:11:28 +01:00
app_options_spec.js
Add better validation for the "PREFERENCE" kind AppOptions
2024-02-20 18:38:15 +01:00
bidi_spec.js
Tweak the Bidi-detection heuristics for very short RTL strings (issue 11656)
2021-11-03 20:31:57 +01:00
canvas_factory_spec.js
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
cff_parser_spec.js
Use shorter arrow functions where possible
2024-01-21 10:13:12 +01:00
clitests_helper.js
[api-minor] Load Node.js packages/polyfills with process.getBuiltinModule
2024-11-03 16:13:58 +01:00
clitests.json
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
cmap_spec.js
Shorten the errors mentioning API parameters in BaseCMapReaderFactory and BaseStandardFontDataFactory
2024-07-27 16:54:54 +02:00
colorspace_spec.js
Remove obsolete done callbacks from the unit tests
2021-04-10 20:29:39 +02:00
core_utils_spec.js
When updating, write the xref table in the same format as the previous one (bug 1878916)
2024-02-13 14:14:37 +01:00
crypto_spec.js
Enable the unicorn/prefer-optional-catch-binding ESLint plugin rule
2023-06-12 11:46:11 +02:00
custom_spec.js
[api-minor] Pass CanvasFactory/FilterFactory, rather than instances, to getDocument
2024-09-23 11:26:30 +02:00
default_appearance_spec.js
Improve parseAppearanceStream to handle more "complex" ColorSpaces
2023-07-06 15:58:09 +02:00
display_utils_spec.js
Use the toBase64Util helper function in the unit-tests
2024-11-03 11:25:19 +01:00
document_spec.js
Fix missing annotation parent in using the one from the Fields entry
2024-10-04 20:00:19 +02:00
editor_spec.js
[Editor] Improve curve smoothing for Ink tool (bug 1789443)
2023-05-23 17:15:21 +02:00
encodings_spec.js
Update Prettier to version 2.0
2020-04-14 12:28:14 +02:00
evaluator_spec.js
Enable the unicorn/prefer-optional-catch-binding ESLint plugin rule
2023-06-12 11:46:11 +02:00
event_utils_spec.js
Add signal-support in the EventBus, and utilize it in the viewer (PR 17964 follow-up)
2024-04-20 12:00:58 +02:00
fetch_stream_spec.js
[api-minor] Use the Fetch API, when supported, to load PDF documents in Node.js environments
2024-02-21 22:38:42 +01:00
font_substitutions_spec.js
Remove the tag for missing font subset when trying to find a substitution
2024-04-11 20:34:28 +02:00
function_spec.js
Correct PostScript trigonometric operators
2023-03-03 17:25:11 -05:00
jasmine-boot.js
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
message_handler_spec.js
[api-minor] Replace the PromiseCapability with Promise.withResolvers()
2024-04-01 11:42:37 +02:00
metadata_spec.js
Remove the isEmptyObj unit-test helper function
2023-02-04 12:43:53 +01:00
murmurhash3_spec.js
Replace the AnnotationStorage.lastModified-getter with a proper hash-method
2022-05-04 15:21:30 +02:00
network_spec.js
Convert done callbacks to async/await in test/unit/network_spec.js
2021-04-13 21:51:26 +02:00
network_utils_spec.js
Use response-Headers in the different IPDFStream implementations
2024-09-07 12:34:53 +02:00
node_stream_spec.js
[api-minor] Only support the Fetch API for "remote" PDF documents in Node.js environments
2024-11-03 16:18:10 +01:00
parser_spec.js
Support an odd number of digits in hexadecimal strings (issue 18645)
2024-08-23 16:31:43 +02:00
pdf_find_controller_spec.js
Consider foo-\nBar as a compound word
2024-09-11 15:01:54 +02:00
pdf_find_utils_spec.js
Run gulp lint --fix, to account for changes in Prettier version 2.1.x
2020-09-06 12:23:59 +02:00
pdf_history_spec.js
Update Prettier to version 2.0
2020-04-14 12:28:14 +02:00
pdf_spec.js
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
pdf_viewer_spec.js
Remove the abstract BaseViewer-class
2022-09-08 12:38:17 +02:00
pdf_viewer.component_spec.js
Ensure that GenericL10n works if the locale files cannot be loaded
2024-01-31 14:07:11 +01:00
pdf.image_decoders_spec.js
[api-minor] Remove the image-related error message prefixes
2024-04-20 12:51:45 +02:00
pdf.worker_spec.js
Add unit-tests to check that more PDF.js APIs expose the expected functionality
2023-07-07 12:36:21 +02:00
primitives_spec.js
Replace the forEach method in Dict with "proper" iteration support
2024-11-17 12:45:32 +01:00
scripting_spec.js
Make util.scand a bit more flexible with dates which don't match the given format (bug 1910431)
2024-10-27 19:19:06 +01:00
stream_spec.js
[api-minor] Remove the forceClamped-functionality in the Streams (issue 14849)
2022-04-29 14:46:30 +02:00
struct_tree_spec.js
Make tagged images visible for screen readers (bug 1708040)
2024-09-05 17:59:42 +02:00
svg_factory_spec.js
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
test_utils.js
Fix path traversal issue in createTemporaryNodeServer
2024-11-23 21:32:24 +01:00
testreporter.js
Don't ignore errors in the Jasmine suite start/end stages
2024-06-23 20:59:48 +02:00
text_layer_spec.js
Ensure that textLayers can be rendered in parallel, without interfering with each other
2024-09-11 15:28:51 +02:00
type1_parser_spec.js
Move some constants and helper functions from src/core/fonts.js and into their own file
2021-05-02 21:00:29 +02:00
ui_utils_spec.js
Avoid to have a white line around the canvas
2024-09-07 20:12:29 +02:00
unicode_spec.js
[api-minor] Don't normalize the text used in the text layer.
2023-04-17 14:31:23 +02:00
unit_test.html
Move the various DOM-factories into their own files
2024-11-01 13:31:28 +01:00
util_spec.js
Implement a unit test for the BaseException class
2024-05-14 20:21:42 +02:00
writer_spec.js
Simplify saving added/modified annotations.
2024-11-12 10:59:38 +01:00
xfa_formcalc_spec.js
Fix property chain orders of Operators in isDotExpression and isSomPredicate
2022-09-21 17:20:23 +02:00
xfa_parser_spec.js
Prevent duplicate names in unit/integration tests
2024-02-11 11:45:09 +01:00
xfa_serialize_data_spec.js
Enable the import/no-cycle ESLint plugin rule
2023-06-04 13:44:15 +02:00
xfa_tohtml_spec.js
Enable the "should have an alt attribute from toolTip" unit-test in Node.js
2024-11-03 00:15:44 +01:00
xml_spec.js
Enable the unicorn/prefer-string-replace-all ESLint plugin rule
2023-03-23 12:57:10 +01:00