Fix vulnerability: replace module xcode by xcparse (#975)

* Fix vulnerability: replace module xcode by xcparse

* Remove module xcode
This commit is contained in:
Ezio Li 2024-08-09 15:22:05 +08:00 коммит произвёл GitHub
Родитель d2c7c6fca7
Коммит a970e52701
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
5 изменённых файлов: 64 добавлений и 129 удалений

129
package-lock.json сгенерированный
Просмотреть файл

@ -25,7 +25,6 @@
"vscode-js-debug-browsers": "^1.0.4",
"vscode-nls": "^4.1.2",
"winreg": "0.0.13",
"xcode": "^3.0.1",
"xml2js": "^0.6.2"
},
"devDependencies": {
@ -77,7 +76,8 @@
"typescript": "^3.8.3",
"vscode-nls-dev": "^4.0.4",
"webpack": "^5.76.0",
"webpack-bundle-analyzer": "^4.4.0"
"webpack-bundle-analyzer": "^4.4.0",
"xcparse": "^0.0.3"
},
"engines": {
"vscode": "^1.40.0"
@ -3041,14 +3041,6 @@
"node": "^4.5.0 || >= 5.9"
}
},
"node_modules/big-integer": {
"version": "1.6.51",
"resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.51.tgz",
"integrity": "sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg==",
"engines": {
"node": ">=0.6"
}
},
"node_modules/big.js": {
"version": "5.2.2",
"resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
@ -3167,25 +3159,6 @@
"integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
"dev": true
},
"node_modules/bplist-creator": {
"version": "0.0.8",
"resolved": "https://registry.npmjs.org/bplist-creator/-/bplist-creator-0.0.8.tgz",
"integrity": "sha512-Za9JKzD6fjLC16oX2wsXfc+qBEhJBJB1YPInoAQpMLhDuj5aVOv1baGeIQSq1Fr3OCqzvsoQcSBSwGId/Ja2PA==",
"dependencies": {
"stream-buffers": "~2.2.0"
}
},
"node_modules/bplist-parser": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/bplist-parser/-/bplist-parser-0.2.0.tgz",
"integrity": "sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==",
"dependencies": {
"big-integer": "^1.6.44"
},
"engines": {
"node": ">= 5.10.0"
}
},
"node_modules/brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@ -11937,16 +11910,6 @@
"simple-concat": "^1.0.0"
}
},
"node_modules/simple-plist": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/simple-plist/-/simple-plist-1.1.1.tgz",
"integrity": "sha512-pKMCVKvZbZTsqYR6RKgLfBHkh2cV89GXcA/0CVPje3sOiNOnXA8+rp/ciAMZ7JRaUdLzlEM6JFfUn+fS6Nt3hg==",
"dependencies": {
"bplist-creator": "0.0.8",
"bplist-parser": "0.2.0",
"plist": "^3.0.1"
}
},
"node_modules/sinon": {
"version": "9.2.0",
"resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.0.tgz",
@ -12300,14 +12263,6 @@
"readable-stream": "^2.0.2"
}
},
"node_modules/stream-buffers": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-2.2.0.tgz",
"integrity": "sha512-uyQK/mx5QjHun80FLJTfaWE7JtwfRMKBLkMne6udYOmvH0CawotVa7TfgYHzAnpphn4+TweIx1QKMnRIbipmUg==",
"engines": {
"node": ">= 0.10.0"
}
},
"node_modules/stream-combiner": {
"version": "0.0.4",
"resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz",
@ -14185,25 +14140,11 @@
}
}
},
"node_modules/xcode": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/xcode/-/xcode-3.0.1.tgz",
"integrity": "sha512-kCz5k7J7XbJtjABOvkc5lJmkiDh8VhjVCGNiqdKCscmVpdVUpEAyXv1xmCLkQJ5dsHqx3IPO4XW+NTDhU/fatA==",
"dependencies": {
"simple-plist": "^1.1.0",
"uuid": "^7.0.3"
},
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/xcode/node_modules/uuid": {
"version": "7.0.3",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz",
"integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg==",
"bin": {
"uuid": "dist/bin/uuid"
}
"node_modules/xcparse": {
"version": "0.0.3",
"resolved": "https://registry.npmjs.org/xcparse/-/xcparse-0.0.3.tgz",
"integrity": "sha512-/HgjZ1o81gudtNHt5a/EGEyMa991WZjZqu8ryPWJ1UtG4NRJyQ2AthR8MaqD6nN7UnCe7IcFShMm5oEA/S9nEQ==",
"dev": true
},
"node_modules/xml": {
"version": "1.0.1",
@ -16627,11 +16568,6 @@
"integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==",
"dev": true
},
"big-integer": {
"version": "1.6.51",
"resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.51.tgz",
"integrity": "sha512-GPEid2Y9QU1Exl1rpO9B2IPJGHPSupF5GnVIP0blYvNOMer2bTvSWs1jGOUg04hTmu67nmLsQ9TBo1puaotBHg=="
},
"big.js": {
"version": "5.2.2",
"resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz",
@ -16727,22 +16663,6 @@
"integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
"dev": true
},
"bplist-creator": {
"version": "0.0.8",
"resolved": "https://registry.npmjs.org/bplist-creator/-/bplist-creator-0.0.8.tgz",
"integrity": "sha512-Za9JKzD6fjLC16oX2wsXfc+qBEhJBJB1YPInoAQpMLhDuj5aVOv1baGeIQSq1Fr3OCqzvsoQcSBSwGId/Ja2PA==",
"requires": {
"stream-buffers": "~2.2.0"
}
},
"bplist-parser": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/bplist-parser/-/bplist-parser-0.2.0.tgz",
"integrity": "sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==",
"requires": {
"big-integer": "^1.6.44"
}
},
"brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@ -23548,16 +23468,6 @@
"simple-concat": "^1.0.0"
}
},
"simple-plist": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/simple-plist/-/simple-plist-1.1.1.tgz",
"integrity": "sha512-pKMCVKvZbZTsqYR6RKgLfBHkh2cV89GXcA/0CVPje3sOiNOnXA8+rp/ciAMZ7JRaUdLzlEM6JFfUn+fS6Nt3hg==",
"requires": {
"bplist-creator": "0.0.8",
"bplist-parser": "0.2.0",
"plist": "^3.0.1"
}
},
"sinon": {
"version": "9.2.0",
"resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.0.tgz",
@ -23858,11 +23768,6 @@
"readable-stream": "^2.0.2"
}
},
"stream-buffers": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-2.2.0.tgz",
"integrity": "sha512-uyQK/mx5QjHun80FLJTfaWE7JtwfRMKBLkMne6udYOmvH0CawotVa7TfgYHzAnpphn4+TweIx1QKMnRIbipmUg=="
},
"stream-combiner": {
"version": "0.0.4",
"resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz",
@ -25336,21 +25241,11 @@
"integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
"requires": {}
},
"xcode": {
"version": "3.0.1",
"resolved": "https://registry.npmjs.org/xcode/-/xcode-3.0.1.tgz",
"integrity": "sha512-kCz5k7J7XbJtjABOvkc5lJmkiDh8VhjVCGNiqdKCscmVpdVUpEAyXv1xmCLkQJ5dsHqx3IPO4XW+NTDhU/fatA==",
"requires": {
"simple-plist": "^1.1.0",
"uuid": "^7.0.3"
},
"dependencies": {
"uuid": {
"version": "7.0.3",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz",
"integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg=="
}
}
"xcparse": {
"version": "0.0.3",
"resolved": "https://registry.npmjs.org/xcparse/-/xcparse-0.0.3.tgz",
"integrity": "sha512-/HgjZ1o81gudtNHt5a/EGEyMa991WZjZqu8ryPWJ1UtG4NRJyQ2AthR8MaqD6nN7UnCe7IcFShMm5oEA/S9nEQ==",
"dev": true
},
"xml": {
"version": "1.0.1",

Просмотреть файл

@ -717,7 +717,6 @@
"vscode-js-debug-browsers": "^1.0.4",
"vscode-nls": "^4.1.2",
"winreg": "0.0.13",
"xcode": "^3.0.1",
"xml2js": "^0.6.2"
},
"devDependencies": {
@ -769,7 +768,8 @@
"typescript": "^3.8.3",
"vscode-nls-dev": "^4.0.4",
"webpack": "^5.76.0",
"webpack-bundle-analyzer": "^4.4.0"
"webpack-bundle-analyzer": "^4.4.0",
"xcparse": "^0.0.3"
},
"extensionDependencies": [
"ms-vscode.js-debug"

Просмотреть файл

@ -0,0 +1,42 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for details.
import * as fs from "fs";
import { parse } from "xcparse";
export interface PBXInfo {
isa: string;
buildConfigurations?: string[];
}
export class XCParseConfiguration {
public static getPbxprojFileContent(pbxprojFilePath: string): any {
try {
return parse(fs.readFileSync(pbxprojFilePath, "utf-8"));
} catch {}
}
public static getPBXNativeTarget(getPbxprojFileContent: any): any {
for (const [key, value] of Object.entries(getPbxprojFileContent.objects)) {
const configValue = value as PBXInfo;
if (configValue.isa == "PBXNativeTarget") {
console.log(key);
return value;
}
}
return "";
}
public static getPBXXCConfigurationList(getPbxprojFileContent: any, configListUUID: any): any {
for (const [key, value] of Object.entries(getPbxprojFileContent.objects)) {
const configValue = value as PBXInfo;
if (configValue.isa == "XCConfigurationList") {
if (configValue.buildConfigurations[0] == configListUUID) {
console.log(key);
return value;
}
}
}
return "";
}
}

Просмотреть файл

@ -7,7 +7,6 @@ import * as child_process from "child_process";
import * as fs from "fs";
import * as path from "path";
import * as pl from "plist";
import * as xcode from "xcode";
import * as nls from "vscode-nls";
import { delay } from "../utils/extensionHelper";
import { ChildProcess } from "../common/node/childProcess";
@ -16,6 +15,7 @@ import { isDirectory } from "../common/utils";
import { PlistBuddy } from "../utils/ios/PlistBuddy";
import { InternalErrorCode } from "../common/error/internalErrorCode";
import { ErrorHelper } from "../common/error/errorHelper";
import { XCParseConfiguration } from "../common/xcparseConfiguration";
nls.config({
messageFormat: nls.MessageFormat.bundle,
@ -231,14 +231,12 @@ export class CordovaIosDeviceLauncher {
private static getBundleIdentifierFromPbxproj(xcodeprojFilePath: string): Promise<string> {
const pbxprojFilePath = path.join(xcodeprojFilePath, "project.pbxproj");
const pbxproj = xcode.project(pbxprojFilePath).parseSync();
const target = pbxproj.getFirstTarget();
const configListUUID = target.firstTarget.buildConfigurationList;
const configListsMap = pbxproj.pbxXCConfigurationList();
const targetConfigs = configListsMap[configListUUID].buildConfigurations;
const targetConfigUUID = targetConfigs[0].value; // 0 is "Debug, 1 is Release" - usually they have the same associated bundleId, it's highly unlikely someone would change it
const allConfigs = pbxproj.pbxXCBuildConfigurationSection();
const bundleId = allConfigs[targetConfigUUID].buildSettings.PRODUCT_BUNDLE_IDENTIFIER;
const pbxproj = XCParseConfiguration.getPbxprojFileContent(pbxprojFilePath);
const firstTarget = XCParseConfiguration.getPBXNativeTarget(pbxproj);
const configListUUID = firstTarget.buildConfigurationList;
const targetConfigs = pbxproj.objects[configListUUID].buildConfigurations;
const targetConfigUUID = targetConfigs[0]; // 0 is "Debug, 1 is Release" - usually they have the same associated bundleId, it's highly unlikely someone would change it
const bundleId = pbxproj.objects[targetConfigUUID].buildSettings.PRODUCT_BUNDLE_IDENTIFIER;
return Promise.resolve(bundleId);
}

Просмотреть файл

@ -2,8 +2,8 @@
// Licensed under the MIT license. See LICENSE file in the project root for details.
import { CordovaCommandHelper } from "../../utils/cordovaCommandHelper";
import { commandWrapper } from "./commandUtil";
import { CordovaSessionManager } from "../cordovaSessionManager";
import { commandWrapper } from "./commandUtil";
export class Restart {
static codeName = "cordova.restart";