Skip to content

Commit

Permalink
Fixes RetireJS#434 - Add pdf.js detection (RetireJS#435)
Browse files Browse the repository at this point in the history
* Add pdf.js detection

* Add updates of repos

* Add missing CWE
  • Loading branch information
eoftedal authored Jun 6, 2024
1 parent 6a2bfd3 commit a1a8056
Show file tree
Hide file tree
Showing 5 changed files with 347 additions and 19 deletions.
219 changes: 200 additions & 19 deletions chrome/extension/js/generated/retire-chrome.js

Large diffs are not rendered by default.

39 changes: 39 additions & 0 deletions repository/jsrepository-master.json
Original file line number Diff line number Diff line change
Expand Up @@ -5856,6 +5856,45 @@
"func": ["MathJax.version"]
}
},
"pdf.js": {
"bowername": ["pdfjs-dist"],
"npmname": "pdfjs-dist",
"vulnerabilities": [
{
"ranges": [
{
"atOrAbove": "0",
"below": "4.2.67"
}
],
"summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
"cwe": ["CWE-79"],
"severity": "high",
"identifiers": {
"CVE": ["CVE-2024-34342", "CVE-2024-4367"],
"githubID": "GHSA-wgrm-67xf-hhpq"
},
"info": [
"https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/pull/18015",
"https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
"https://github.com/mozilla/pdf.js"
]
}
],
"extractors": {
"uri": ["/pdf\\.js/(§§version§§)/", "/pdfjs-dist@(§§version§§)/"],
"filecontent": [
" pdfjs-dist@(§§version§§) ",
"(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
"PDFJS.version ?= ?['\"](§§version§§)['\"]",
"apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
"messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down
45 changes: 45 additions & 0 deletions repository/jsrepository-v2.json
Original file line number Diff line number Diff line change
Expand Up @@ -7455,6 +7455,51 @@
]
}
},
"pdf.js": {
"bowername": [
"pdfjs-dist"
],
"npmname": "pdfjs-dist",
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "4.2.67",
"cwe": [
"CWE-79"
],
"severity": "high",
"identifiers": {
"summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
"CVE": [
"CVE-2024-34342",
"CVE-2024-4367"
],
"githubID": "GHSA-wgrm-67xf-hhpq"
},
"info": [
"https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/pull/18015",
"https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
"https://github.com/mozilla/pdf.js"
]
}
],
"extractors": {
"uri": [
"/pdf\\.js/(§§version§§)/",
"/pdfjs-dist@(§§version§§)/"
],
"filecontent": [
" pdfjs-dist@(§§version§§) ",
"(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
"PDFJS.version ?= ?['\"](§§version§§)['\"]",
"apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
"messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down
45 changes: 45 additions & 0 deletions repository/jsrepository.json
Original file line number Diff line number Diff line change
Expand Up @@ -7385,6 +7385,51 @@
]
}
},
"pdf.js": {
"bowername": [
"pdfjs-dist"
],
"npmname": "pdfjs-dist",
"vulnerabilities": [
{
"atOrAbove": "0",
"below": "4.2.67",
"cwe": [
"CWE-79"
],
"severity": "high",
"identifiers": {
"summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
"CVE": [
"CVE-2024-34342",
"CVE-2024-4367"
],
"githubID": "GHSA-wgrm-67xf-hhpq"
},
"info": [
"https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
"https://github.com/mozilla/pdf.js/pull/18015",
"https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
"https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
"https://github.com/mozilla/pdf.js"
]
}
],
"extractors": {
"uri": [
"/pdf\\.js/(§§version§§)/",
"/pdfjs-dist@(§§version§§)/"
],
"filecontent": [
" pdfjs-dist@(§§version§§) ",
"(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
"PDFJS.version ?= ?['\"](§§version§§)['\"]",
"apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
"messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
]
}
},
"dont check": {
"vulnerabilities": [],
"extractors": {
Expand Down
18 changes: 18 additions & 0 deletions repository/testcases.json
Original file line number Diff line number Diff line change
Expand Up @@ -634,5 +634,23 @@
"allowAstMiss": ["0.17.1"],
"subversions": ["", ".min"]
}
},
"pdf.js": {
"https://cdnjs.cloudflare.com/ajax/libs/pdf.js/§§version§§/pdf§§subversion§§.mjs": {
"versions": ["4.3.136", "4.0.189"],
"subversions": ["", ".min"]
},
"https://cdnjs.cloudflare.com/ajax/libs/pdf.js/§§version§§/pdf§§subversion§§.js": {
"versions": [
"3.11.174",
"3.2.146",
"2.16.105",
"2.2.2",
"2.0.173",
"1.10.100",
"1.0.818"
],
"subversions": ["", ".min"]
}
}
}

0 comments on commit a1a8056

Please sign in to comment.