Fix vulnerability: replace module xcode by xcparse (#975)

* Fix vulnerability: replace module xcode by xcparse

* Remove module xcode

package-lock.json

@@ -25,7 +25,6 @@
 				"vscode-js-debug-browsers": "^1.0.4",
 				"vscode-nls": "^4.1.2",
 				"winreg": "0.0.13",
-				"xcode": "^3.0.1",
 				"xml2js": "^0.6.2"
 			},
 			"devDependencies": {
@@ -77,7 +76,8 @@
 				"typescript": "^3.8.3",
 				"vscode-nls-dev": "^4.0.4",
 				"webpack": "^5.76.0",
-				"webpack-bundle-analyzer": "^4.4.0"
+				"webpack-bundle-analyzer": "^4.4.0",
+				"xcparse": "^0.0.3"
 			},
 			"engines": {
 				"vscode": "^1.40.0"
@@ -3041,14 +3041,6 @@
 				"node": "^4.5.0 || >= 5.9"
 			}
 		},
-		"node_modules/big-integer": {
-			"version": "1.6.51",
-			"resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.51.tgz",
-			"integrity": "sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg==",
-			"engines": {
-				"node": ">=0.6"
-			}
-		},
 		"node_modules/big.js": {
 			"version": "5.2.2",
 			"resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
@@ -3167,25 +3159,6 @@
 			"integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
 			"dev": true
 		},
-		"node_modules/bplist-creator": {
-			"version": "0.0.8",
-			"resolved": "https://registry.npmjs.org/bplist-creator/-/bplist-creator-0.0.8.tgz",
-			"integrity": "sha512-Za9JKzD6fjLC16oX2wsXfc+qBEhJBJB1YPInoAQpMLhDuj5aVOv1baGeIQSq1Fr3OCqzvsoQcSBSwGId/Ja2PA==",
-			"dependencies": {
-				"stream-buffers": "~2.2.0"
-			}
-		},
-		"node_modules/bplist-parser": {
-			"version": "0.2.0",
-			"resolved": "https://registry.npmjs.org/bplist-parser/-/bplist-parser-0.2.0.tgz",
-			"integrity": "sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==",
-			"dependencies": {
-				"big-integer": "^1.6.44"
-			},
-			"engines": {
-				"node": ">= 5.10.0"
-			}
-		},
 		"node_modules/brace-expansion": {
 			"version": "1.1.11",
 			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -11937,16 +11910,6 @@
 				"simple-concat": "^1.0.0"
 			}
 		},
-		"node_modules/simple-plist": {
-			"version": "1.1.1",
-			"resolved": "https://registry.npmjs.org/simple-plist/-/simple-plist-1.1.1.tgz",
-			"integrity": "sha512-pKMCVKvZbZTsqYR6RKgLfBHkh2cV89GXcA/0CVPje3sOiNOnXA8+rp/ciAMZ7JRaUdLzlEM6JFfUn+fS6Nt3hg==",
-			"dependencies": {
-				"bplist-creator": "0.0.8",
-				"bplist-parser": "0.2.0",
-				"plist": "^3.0.1"
-			}
-		},
 		"node_modules/sinon": {
 			"version": "9.2.0",
 			"resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.0.tgz",
@@ -12300,14 +12263,6 @@
 				"readable-stream": "^2.0.2"
 			}
 		},
-		"node_modules/stream-buffers": {
-			"version": "2.2.0",
-			"resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-2.2.0.tgz",
-			"integrity": "sha512-uyQK/mx5QjHun80FLJTfaWE7JtwfRMKBLkMne6udYOmvH0CawotVa7TfgYHzAnpphn4+TweIx1QKMnRIbipmUg==",
-			"engines": {
-				"node": ">= 0.10.0"
-			}
-		},
 		"node_modules/stream-combiner": {
 			"version": "0.0.4",
 			"resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz",
@@ -14185,25 +14140,11 @@
 				}
 			}
 		},
-		"node_modules/xcode": {
-			"version": "3.0.1",
-			"resolved": "https://registry.npmjs.org/xcode/-/xcode-3.0.1.tgz",
-			"integrity": "sha512-kCz5k7J7XbJtjABOvkc5lJmkiDh8VhjVCGNiqdKCscmVpdVUpEAyXv1xmCLkQJ5dsHqx3IPO4XW+NTDhU/fatA==",
-			"dependencies": {
-				"simple-plist": "^1.1.0",
-				"uuid": "^7.0.3"
-			},
-			"engines": {
-				"node": ">=10.0.0"
-			}
-		},
-		"node_modules/xcode/node_modules/uuid": {
-			"version": "7.0.3",
-			"resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz",
-			"integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg==",
-			"bin": {
-				"uuid": "dist/bin/uuid"
-			}
+		"node_modules/xcparse": {
+			"version": "0.0.3",
+			"resolved": "https://registry.npmjs.org/xcparse/-/xcparse-0.0.3.tgz",
+			"integrity": "sha512-/HgjZ1o81gudtNHt5a/EGEyMa991WZjZqu8ryPWJ1UtG4NRJyQ2AthR8MaqD6nN7UnCe7IcFShMm5oEA/S9nEQ==",
+			"dev": true
 		},
 		"node_modules/xml": {
 			"version": "1.0.1",
@@ -16627,11 +16568,6 @@
 			"integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==",
 			"dev": true
 		},
-		"big-integer": {
-			"version": "1.6.51",
-			"resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.51.tgz",
-			"integrity": "sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg=="
-		},
 		"big.js": {
 			"version": "5.2.2",
 			"resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
@@ -16727,22 +16663,6 @@
 			"integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
 			"dev": true
 		},
-		"bplist-creator": {
-			"version": "0.0.8",
-			"resolved": "https://registry.npmjs.org/bplist-creator/-/bplist-creator-0.0.8.tgz",
-			"integrity": "sha512-Za9JKzD6fjLC16oX2wsXfc+qBEhJBJB1YPInoAQpMLhDuj5aVOv1baGeIQSq1Fr3OCqzvsoQcSBSwGId/Ja2PA==",
-			"requires": {
-				"stream-buffers": "~2.2.0"
-			}
-		},
-		"bplist-parser": {
-			"version": "0.2.0",
-			"resolved": "https://registry.npmjs.org/bplist-parser/-/bplist-parser-0.2.0.tgz",
-			"integrity": "sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==",
-			"requires": {
-				"big-integer": "^1.6.44"
-			}
-		},
 		"brace-expansion": {
 			"version": "1.1.11",
 			"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -23548,16 +23468,6 @@
 				"simple-concat": "^1.0.0"
 			}
 		},
-		"simple-plist": {
-			"version": "1.1.1",
-			"resolved": "https://registry.npmjs.org/simple-plist/-/simple-plist-1.1.1.tgz",
-			"integrity": "sha512-pKMCVKvZbZTsqYR6RKgLfBHkh2cV89GXcA/0CVPje3sOiNOnXA8+rp/ciAMZ7JRaUdLzlEM6JFfUn+fS6Nt3hg==",
-			"requires": {
-				"bplist-creator": "0.0.8",
-				"bplist-parser": "0.2.0",
-				"plist": "^3.0.1"
-			}
-		},
 		"sinon": {
 			"version": "9.2.0",
 			"resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.0.tgz",
@@ -23858,11 +23768,6 @@
 				"readable-stream": "^2.0.2"
 			}
 		},
-		"stream-buffers": {
-			"version": "2.2.0",
-			"resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-2.2.0.tgz",
-			"integrity": "sha512-uyQK/mx5QjHun80FLJTfaWE7JtwfRMKBLkMne6udYOmvH0CawotVa7TfgYHzAnpphn4+TweIx1QKMnRIbipmUg=="
-		},
 		"stream-combiner": {
 			"version": "0.0.4",
 			"resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz",
@@ -25336,21 +25241,11 @@
 			"integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
 			"requires": {}
 		},
-		"xcode": {
-			"version": "3.0.1",
-			"resolved": "https://registry.npmjs.org/xcode/-/xcode-3.0.1.tgz",
-			"integrity": "sha512-kCz5k7J7XbJtjABOvkc5lJmkiDh8VhjVCGNiqdKCscmVpdVUpEAyXv1xmCLkQJ5dsHqx3IPO4XW+NTDhU/fatA==",
-			"requires": {
-				"simple-plist": "^1.1.0",
-				"uuid": "^7.0.3"
-			},
-			"dependencies": {
-				"uuid": {
-					"version": "7.0.3",
-					"resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz",
-					"integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg=="
-				}
-			}
+		"xcparse": {
+			"version": "0.0.3",
+			"resolved": "https://registry.npmjs.org/xcparse/-/xcparse-0.0.3.tgz",
+			"integrity": "sha512-/HgjZ1o81gudtNHt5a/EGEyMa991WZjZqu8ryPWJ1UtG4NRJyQ2AthR8MaqD6nN7UnCe7IcFShMm5oEA/S9nEQ==",
+			"dev": true
 		},
 		"xml": {
 			"version": "1.0.1",

package.json

@@ -717,7 +717,6 @@
 		"vscode-js-debug-browsers": "^1.0.4",
 		"vscode-nls": "^4.1.2",
 		"winreg": "0.0.13",
-		"xcode": "^3.0.1",
 		"xml2js": "^0.6.2"
 	},
 	"devDependencies": {
@@ -769,7 +768,8 @@
 		"typescript": "^3.8.3",
 		"vscode-nls-dev": "^4.0.4",
 		"webpack": "^5.76.0",
-		"webpack-bundle-analyzer": "^4.4.0"
+		"webpack-bundle-analyzer": "^4.4.0",
+		"xcparse": "^0.0.3"
 	},
 	"extensionDependencies": [
 		"ms-vscode.js-debug"

src/common/xcparseConfiguration.ts

@@ -0,0 +1,42 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for details.
+
+import * as fs from "fs";
+import { parse } from "xcparse";
+
+export interface PBXInfo {
+    isa: string;
+    buildConfigurations?: string[];
+}
+
+export class XCParseConfiguration {
+    public static getPbxprojFileContent(pbxprojFilePath: string): any {
+        try {
+            return parse(fs.readFileSync(pbxprojFilePath, "utf-8"));
+        } catch {}
+    }
+
+    public static getPBXNativeTarget(getPbxprojFileContent: any): any {
+        for (const [key, value] of Object.entries(getPbxprojFileContent.objects)) {
+            const configValue = value as PBXInfo;
+            if (configValue.isa == "PBXNativeTarget") {
+                console.log(key);
+                return value;
+            }
+        }
+        return "";
+    }
+
+    public static getPBXXCConfigurationList(getPbxprojFileContent: any, configListUUID: any): any {
+        for (const [key, value] of Object.entries(getPbxprojFileContent.objects)) {
+            const configValue = value as PBXInfo;
+            if (configValue.isa == "XCConfigurationList") {
+                if (configValue.buildConfigurations[0] == configListUUID) {
+                    console.log(key);
+                    return value;
+                }
+            }
+        }
+        return "";
+    }
+}

src/debugger/cordovaIosDeviceLauncher.ts

@@ -7,7 +7,6 @@ import * as child_process from "child_process";
 import * as fs from "fs";
 import * as path from "path";
 import * as pl from "plist";
-import * as xcode from "xcode";
 import * as nls from "vscode-nls";
 import { delay } from "../utils/extensionHelper";
 import { ChildProcess } from "../common/node/childProcess";
@@ -16,6 +15,7 @@ import { isDirectory } from "../common/utils";
 import { PlistBuddy } from "../utils/ios/PlistBuddy";
 import { InternalErrorCode } from "../common/error/internalErrorCode";
 import { ErrorHelper } from "../common/error/errorHelper";
+import { XCParseConfiguration } from "../common/xcparseConfiguration";
 
 nls.config({
     messageFormat: nls.MessageFormat.bundle,
@@ -231,14 +231,12 @@ export class CordovaIosDeviceLauncher {
 
     private static getBundleIdentifierFromPbxproj(xcodeprojFilePath: string): Promise<string> {
         const pbxprojFilePath = path.join(xcodeprojFilePath, "project.pbxproj");
-        const pbxproj = xcode.project(pbxprojFilePath).parseSync();
-        const target = pbxproj.getFirstTarget();
-        const configListUUID = target.firstTarget.buildConfigurationList;
-        const configListsMap = pbxproj.pbxXCConfigurationList();
-        const targetConfigs = configListsMap[configListUUID].buildConfigurations;
-        const targetConfigUUID = targetConfigs[0].value; // 0 is "Debug, 1 is Release" - usually they have the same associated bundleId, it's highly unlikely someone would change it
-        const allConfigs = pbxproj.pbxXCBuildConfigurationSection();
-        const bundleId = allConfigs[targetConfigUUID].buildSettings.PRODUCT_BUNDLE_IDENTIFIER;
+        const pbxproj = XCParseConfiguration.getPbxprojFileContent(pbxprojFilePath);
+        const firstTarget = XCParseConfiguration.getPBXNativeTarget(pbxproj);
+        const configListUUID = firstTarget.buildConfigurationList;
+        const targetConfigs = pbxproj.objects[configListUUID].buildConfigurations;
+        const targetConfigUUID = targetConfigs[0]; // 0 is "Debug, 1 is Release" - usually they have the same associated bundleId, it's highly unlikely someone would change it
+        const bundleId = pbxproj.objects[targetConfigUUID].buildSettings.PRODUCT_BUNDLE_IDENTIFIER;
         return Promise.resolve(bundleId);
     }
 

src/extension/commands/restart.ts

@@ -2,8 +2,8 @@
 // Licensed under the MIT license. See LICENSE file in the project root for details.
 
 import { CordovaCommandHelper } from "../../utils/cordovaCommandHelper";
-import { commandWrapper } from "./commandUtil";
 import { CordovaSessionManager } from "../cordovaSessionManager";
+import { commandWrapper } from "./commandUtil";
 
 export class Restart {
     static codeName = "cordova.restart";