From 6ff23e30787c6a5068151885512180555106a572 Mon Sep 17 00:00:00 2001
From: Ayush Aher <ayush.aher@jisasoftech.com>
Date: Fri, 7 Jun 2024 09:44:41 +0530
Subject: [PATCH] #261 Removed and replaced vulnerable packages

Updated Packages
---
 lib/Open/index.js      | 117 +++++++++++++++++++++--------------------
 package.json           |   6 +--
 test/extractFromUrl.js |  52 +++++++++++-------
 test/openUrl.js        |  27 +++++-----
 4 files changed, 111 insertions(+), 91 deletions(-)

diff --git a/lib/Open/index.js b/lib/Open/index.js
index 83c349b..f1588ab 100644
--- a/lib/Open/index.js
+++ b/lib/Open/index.js
@@ -1,100 +1,101 @@
-const fs = require('graceful-fs');
-const directory = require('./directory');
-const Stream = require('stream');
+const fs = require("graceful-fs");
+const directory = require("./directory");
+const Stream = require("stream");
+const axios = require("axios");
 
 module.exports = {
-  buffer: function(buffer, options) {
+  buffer: function (buffer, options) {
     const source = {
-      stream: function(offset, length) {
+      stream: function (offset, length) {
         const stream = Stream.PassThrough();
         const end = length ? offset + length : undefined;
         stream.end(buffer.slice(offset, end));
         return stream;
       },
-      size: function() {
+      size: function () {
         return Promise.resolve(buffer.length);
-      }
+      },
     };
     return directory(source, options);
   },
-  file: function(filename, options) {
+  file: function (filename, options) {
     const source = {
-      stream: function(start, length) {
+      stream: function (start, length) {
         const end = length ? start + length : undefined;
-        return fs.createReadStream(filename, {start, end});
+        return fs.createReadStream(filename, { start, end });
       },
-      size: function() {
-        return new Promise(function(resolve, reject) {
-          fs.stat(filename, function(err, d) {
-            if (err)
-              reject(err);
-            else
-              resolve(d.size);
+      size: function () {
+        return new Promise(function (resolve, reject) {
+          fs.stat(filename, function (err, d) {
+            if (err) reject(err);
+            else resolve(d.size);
           });
         });
-      }
+      },
     };
     return directory(source, options);
   },
 
-  url: function(request, params, options) {
-    if (typeof params === 'string')
-      params = {url: params};
-    if (!params.url)
-      throw 'URL missing';
+  url: async function (params, options) {
+    if (typeof params === "string") params = { url: params };
+    if (!params.url) throw "URL missing";
     params.headers = params.headers || {};
 
     const source = {
-      stream : function(offset, length) {
-        const options = Object.create(params);
-        const end = length ? offset + length : '';
-        options.headers = Object.create(params.headers);
-        options.headers.range = 'bytes='+offset+'-' + end;
-        return request(options);
-      },
-      size: function() {
-        return new Promise(function(resolve, reject) {
-          const req = request(params);
-          req.on('response', function(d) {
-            req.abort();
-            if (!d.headers['content-length'])
-              reject(new Error('Missing content length header'));
-            else
-              resolve(d.headers['content-length']);
-          }).on('error', reject);
+      stream: function (offset, length) {
+        const stream = Stream.PassThrough();
+        const headers = Object.assign({}, params.headers, {
+          Range: `bytes=${offset}-${length ? offset + length - 1 : ""}`,
         });
-      }
+
+        axios
+          .get(params.url, { headers, responseType: "stream" })
+          .then((response) => {
+            response.data.pipe(stream);
+          })
+          .catch((error) => {
+            stream.emit("error", error);
+          });
+
+        return stream;
+      },
+      size: function () {
+        return axios
+          .head(params.url, { headers: params.headers })
+          .then((response) => {
+            if (!response.headers["content-length"]) {
+              throw new Error("Missing content length header");
+            }
+            return parseInt(response.headers["content-length"], 10);
+          });
+      },
     };
 
     return directory(source, options);
   },
-
-  s3 : function(client, params, options) {
+  s3: function (client, params, options) {
     const source = {
-      size: function() {
-        return new Promise(function(resolve, reject) {
-          client.headObject(params, function(err, d) {
-            if (err)
-              reject(err);
-            else
-              resolve(d.ContentLength);
+      size: function () {
+        return new Promise(function (resolve, reject) {
+          client.headObject(params, function (err, d) {
+            if (err) reject(err);
+            else resolve(d.ContentLength);
           });
         });
       },
-      stream: function(offset, length) {
+      stream: function (offset, length) {
         const d = {};
-        for (const key in params)
-          d[key] = params[key];
-        const end = length ? offset + length : '';
-        d.Range = 'bytes='+offset+'-' + end;
+        for (const key in params) d[key] = params[key];
+        const end = length ? offset + length : "";
+        d.Range = "bytes=" + offset + "-" + end;
         return client.getObject(d).createReadStream();
-      }
+      },
     };
 
     return directory(source, options);
   },
 
-  custom: function(source, options) {
+  custom: function (source, options) {
     return directory(source, options);
-  }
+  },
 };
diff --git a/package.json b/package.json
index c31df99..b6eec72 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,7 @@
   },
   "license": "MIT",
   "dependencies": {
+    "axios": "^1.7.2",
     "big-integer": "^1.6.17",
     "bluebird": "~3.4.1",
     "duplexer2": "~0.1.4",
@@ -35,14 +36,13 @@
   },
   "devDependencies": {
     "@eslint/js": "^9.2.0",
-    "aws-sdk": "^2.77.0",
+    "aws-sdk": "^2.1636.0",
     "dirdiff": ">= 0.0.1 < 1",
     "eslint": "^9.2.0",
     "globals": "^15.2.0",
     "iconv-lite": "^0.4.24",
-    "request": "^2.88.0",
     "stream-buffers": ">= 0.2.5 < 1",
-    "tap": "^12.7.0",
+    "tap": "^19.2.2",
     "temp": ">= 0.4.0 < 1"
   },
   "directories": {
diff --git a/test/extractFromUrl.js b/test/extractFromUrl.js
index e8b4461..e98e66c 100644
--- a/test/extractFromUrl.js
+++ b/test/extractFromUrl.js
@@ -1,25 +1,41 @@
 const test = require("tap").test;
 const fs = require("fs");
 const unzip = require("../");
-const os = require("os");
-const request = require("request");
+const axios = require("axios");
+const path = require("path");
 
-test("extract zip from url", function (t) {
-  const extractPath = os.tmpdir() + "/node-unzip-extract-fromURL"; // Not using path resolve, cause it should be resolved in extract() function
-  unzip.Open.url(
-    request,
-    "https://github.com/h5bp/html5-boilerplate/releases/download/v7.3.0/html5-boilerplate_v7.3.0.zip"
-  )
-    .then(function(d) { return d.extract({ path: extractPath }); })
-    .then(function() {
-      const dirFiles = fs.readdirSync(extractPath);
-      const isPassing =
-        dirFiles.length > 10 &&
-        dirFiles.indexOf("css") > -1 &&
-        dirFiles.indexOf("index.html") > -1 &&
-        dirFiles.indexOf("favicon.ico") > -1;
+test("extract zip from url", async function (t) {
+  const extractPath = path.join("../node-unzip-extract-fromURL"); // Ensure path is constructed correctly
+  const url =
+    "https://github.com/h5bp/html5-boilerplate/releases/download/v7.3.0/html5-boilerplate_v7.3.0.zip";
 
-      t.equal(isPassing, true);
-      t.end();
+  try {
+    // Fetch the zip file
+    const response = await axios({
+      method: "get",
+      url: url,
+      responseType: "arraybuffer", // Download the file as a buffer
     });
+
+    // Buffer the response data
+    const buffer = Buffer.from(response.data);
+
+    // Extract the buffer
+    const directory = await unzip.Open.buffer(buffer);
+    await directory.extract({ path: extractPath });
+
+    // Check extracted files
+    const dirFiles = fs.readdirSync(extractPath);
+    const isPassing =
+      dirFiles.length > 10 &&
+      dirFiles.indexOf("css") > -1 &&
+      dirFiles.indexOf("index.html") > -1 &&
+      dirFiles.indexOf("favicon.ico") > -1;
+
+    t.equal(isPassing, true);
+  } catch (error) {
+    t.fail(error.message);
+  } finally {
+    t.end();
+  }
 });
diff --git a/test/openUrl.js b/test/openUrl.js
index ba4df72..86ca3b9 100644
--- a/test/openUrl.js
+++ b/test/openUrl.js
@@ -1,20 +1,23 @@
-const test = require('tap').test;
-const fs = require('fs');
-const path = require('path');
-const unzip = require('../');
-const request = require('request');
+const test = require("tap").test;
+const fs = require("fs");
+const path = require("path");
+const unzip = require("../");
 
 test("get content of a single file entry out of a 502 MB zip from web", function (t) {
-  return unzip.Open.url(request, 'https://github.com/twbs/bootstrap/releases/download/v4.0.0/bootstrap-4.0.0-dist.zip')
-    .then(function(d) {
-      const file = d.files.filter(function(d) {
-        return d.path === 'css/bootstrap-reboot.min.css';
+  return unzip.Open.url(
+    "https://github.com/twbs/bootstrap/releases/download/v4.0.0/bootstrap-4.0.0-dist.zip"
+  )
+    .then(function (d) {
+      const file = d.files.filter(function (d) {
+        return d.path === "css/bootstrap-reboot.min.css";
       })[0];
       return file.buffer();
     })
-    .then(function(str) {
-      const fileStr = fs.readFileSync(path.join(__dirname, '../testData/bootstrap-reboot.min.css'), 'utf8');
+    .then(function (str) {
+      const fileStr = fs.readFileSync(
+        path.join(__dirname, "../testData/bootstrap-reboot.min.css")
+      );
       t.equal(str.toString(), fileStr);
       t.end();
     });
-});
\ No newline at end of file
+});