parse.js 5.3 KB


  1. /**
  2. * Module dependencies.
  3. */
  4. const { DOMParser } = require('@xmldom/xmldom');
  5. /**
  6. * Module exports.
  7. */
  8. exports.parse = parse;
  9. var TEXT_NODE = 3;
  10. var CDATA_NODE = 4;
  11. var COMMENT_NODE = 8;
  12. /**
  13. * We ignore raw text (usually whitespace), <!-- xml comments -->,
  14. * and raw CDATA nodes.
  15. *
  16. * @param {Element} node
  17. * @returns {Boolean}
  18. * @api private
  19. */
  20. function shouldIgnoreNode (node) {
  21. return node.nodeType === TEXT_NODE
  22. || node.nodeType === COMMENT_NODE
  23. || node.nodeType === CDATA_NODE;
  24. }
  25. /**
  26. * Check if the node is empty. Some plist file has such node:
  27. * <key />
  28. * this node shoud be ignored.
  29. *
  30. * @see https://github.com/TooTallNate/plist.js/issues/66
  31. * @param {Element} node
  32. * @returns {Boolean}
  33. * @api private
  34. */
  35. function isEmptyNode(node){
  36. if(!node.childNodes || node.childNodes.length === 0) {
  37. return true;
  38. } else {
  39. return false;
  40. }
  41. }
  42. function invariant(test, message) {
  43. if (!test) {
  44. throw new Error(message);
  45. }
  46. }
  47. /**
  48. * Parses a Plist XML string. Returns an Object.
  49. *
  50. * @param {String} xml - the XML String to decode
  51. * @returns {Mixed} the decoded value from the Plist XML
  52. * @api public
  53. */
  54. function parse (xml) {
  55. var doc = new DOMParser().parseFromString(xml);
  56. invariant(
  57. doc.documentElement.nodeName === 'plist',
  58. 'malformed document. First element should be <plist>'
  59. );
  60. var plist = parsePlistXML(doc.documentElement);
  61. // the root <plist> node gets interpreted as an Array,
  62. // so pull out the inner data first
  63. if (plist.length == 1) plist = plist[0];
  64. return plist;
  65. }
  66. /**
  67. * Convert an XML based plist document into a JSON representation.
  68. *
  69. * @param {Object} xml_node - current XML node in the plist
  70. * @returns {Mixed} built up JSON object
  71. * @api private
  72. */
  73. function parsePlistXML (node) {
  74. var i, new_obj, key, val, new_arr, res, counter, type;
  75. if (!node)
  76. return null;
  77. if (node.nodeName === 'plist') {
  78. new_arr = [];
  79. if (isEmptyNode(node)) {
  80. return new_arr;
  81. }
  82. for (i=0; i < node.childNodes.length; i++) {
  83. if (!shouldIgnoreNode(node.childNodes[i])) {
  84. new_arr.push( parsePlistXML(node.childNodes[i]));
  85. }
  86. }
  87. return new_arr;
  88. } else if (node.nodeName === 'dict') {
  89. new_obj = {};
  90. key = null;
  91. counter = 0;
  92. if (isEmptyNode(node)) {
  93. return new_obj;
  94. }
  95. for (i=0; i < node.childNodes.length; i++) {
  96. if (shouldIgnoreNode(node.childNodes[i])) continue;
  97. if (counter % 2 === 0) {
  98. invariant(
  99. node.childNodes[i].nodeName === 'key',
  100. 'Missing key while parsing <dict/>.'
  101. );
  102. key = parsePlistXML(node.childNodes[i]);
  103. } else {
  104. invariant(
  105. node.childNodes[i].nodeName !== 'key',
  106. 'Unexpected key "'
  107. + parsePlistXML(node.childNodes[i])
  108. + '" while parsing <dict/>.'
  109. );
  110. new_obj[key] = parsePlistXML(node.childNodes[i]);
  111. }
  112. counter += 1;
  113. }
  114. if (counter % 2 === 1) {
  115. new_obj[key] = '';
  116. }
  117. return new_obj;
  118. } else if (node.nodeName === 'array') {
  119. new_arr = [];
  120. if (isEmptyNode(node)) {
  121. return new_arr;
  122. }
  123. for (i=0; i < node.childNodes.length; i++) {
  124. if (!shouldIgnoreNode(node.childNodes[i])) {
  125. res = parsePlistXML(node.childNodes[i]);
  126. if (null != res) new_arr.push(res);
  127. }
  128. }
  129. return new_arr;
  130. } else if (node.nodeName === '#text') {
  131. // TODO: what should we do with text types? (CDATA sections)
  132. } else if (node.nodeName === 'key') {
  133. if (isEmptyNode(node)) {
  134. return '';
  135. }
  136. invariant(
  137. node.childNodes[0].nodeValue !== '__proto__',
  138. '__proto__ keys can lead to prototype pollution. More details on CVE-2022-22912'
  139. );
  140. return node.childNodes[0].nodeValue;
  141. } else if (node.nodeName === 'string') {
  142. res = '';
  143. if (isEmptyNode(node)) {
  144. return res;
  145. }
  146. for (i=0; i < node.childNodes.length; i++) {
  147. var type = node.childNodes[i].nodeType;
  148. if (type === TEXT_NODE || type === CDATA_NODE) {
  149. res += node.childNodes[i].nodeValue;
  150. }
  151. }
  152. return res;
  153. } else if (node.nodeName === 'integer') {
  154. invariant(
  155. !isEmptyNode(node),
  156. 'Cannot parse "" as integer.'
  157. );
  158. return parseInt(node.childNodes[0].nodeValue, 10);
  159. } else if (node.nodeName === 'real') {
  160. invariant(
  161. !isEmptyNode(node),
  162. 'Cannot parse "" as real.'
  163. );
  164. res = '';
  165. for (i=0; i < node.childNodes.length; i++) {
  166. if (node.childNodes[i].nodeType === TEXT_NODE) {
  167. res += node.childNodes[i].nodeValue;
  168. }
  169. }
  170. return parseFloat(res);
  171. } else if (node.nodeName === 'data') {
  172. res = '';
  173. if (isEmptyNode(node)) {
  174. return Buffer.from(res, 'base64');
  175. }
  176. for (i=0; i < node.childNodes.length; i++) {
  177. if (node.childNodes[i].nodeType === TEXT_NODE) {
  178. res += node.childNodes[i].nodeValue.replace(/\s+/g, '');
  179. }
  180. }
  181. return Buffer.from(res, 'base64');
  182. } else if (node.nodeName === 'date') {
  183. invariant(
  184. !isEmptyNode(node),
  185. 'Cannot parse "" as Date.'
  186. )
  187. return new Date(node.childNodes[0].nodeValue);
  188. } else if (node.nodeName === 'null') {
  189. return null;
  190. } else if (node.nodeName === 'true') {
  191. return true;
  192. } else if (node.nodeName === 'false') {
  193. return false;
  194. } else {
  195. throw new Error('Invalid PLIST tag ' + node.nodeName);
  196. }
  197. }