From dd656edc1a13a35e7e2870c98958aedeb06262b2 Mon Sep 17 00:00:00 2001 From: Elias Croze Date: Thu, 26 Nov 2020 15:19:26 +0100 Subject: [PATCH 1/5] unit tests for SymMessageParser --- tests/SymMessageParser/index.test.js | 44 ++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 tests/SymMessageParser/index.test.js diff --git a/tests/SymMessageParser/index.test.js b/tests/SymMessageParser/index.test.js new file mode 100644 index 0000000..dcadfc0 --- /dev/null +++ b/tests/SymMessageParser/index.test.js @@ -0,0 +1,44 @@ +const SymMessageParser = require('../../lib/SymMessageParser'); + +describe('Message parsing', () => { + beforeAll(() => { + const SymBotAuth = require('../../lib/SymBotAuth') + SymBotAuth.botUser = { id: -1}; + }); + + test('simple message parsing', () => { + assertMessageParsed('
Hello, World
', + 'Hello, World'); + }); + + test('complex message parsing', () => { + assertMessageParsed('
Hello, World
', + 'Hello, World'); + }); + + test('complex message parsing', () => { + assertMessageParsed('
Hello wonderful world
', + 'Hello wonderful world'); + }); + + test('complex message parsing', () => { + assertMessageParsed( + '
Hello wonderful and beautiful world
', + 'Hello wonderful and beautiful world'); + }); +}); + +function assertMessageParsed(incomingMessage, expectedParsedMessage) { + const event = { + type: 'MESSAGESENT', + initiator: {user: {id: 1234}}, + payload: {messageSent: {message: {message: incomingMessage}}} + }; + + let parsedMessages = SymMessageParser.parse([event]); + + expect(Array.isArray(parsedMessages)).toBeTruthy(); + expect(parsedMessages.length).toBe(1); + + expect(parsedMessages[0].messageText).toBe(expectedParsedMessage); +} From d6085eca2e7a2a6a4fb331c888bf12455d49e15b Mon Sep 17 00:00:00 2001 From: Elias Croze Date: Thu, 26 Nov 2020 15:53:22 +0100 Subject: [PATCH 2/5] APP-3330: Removed vulnerable regex in SymMessageParser --- lib/SymMessageParser/index.js | 34 ++++++++++++++------- tests/SymMessageParser/index.test.js | 44 +++++++++++++++++++++++++--- 2 files changed, 63 insertions(+), 15 deletions(-) diff --git a/lib/SymMessageParser/index.js b/lib/SymMessageParser/index.js index 76078b0..74ed244 100644 --- a/lib/SymMessageParser/index.js +++ b/lib/SymMessageParser/index.js @@ -2,14 +2,13 @@ var SymBotAuth = require('../SymBotAuth') var SymMessageParser = {} -const regex = /()(.*)(<\/div>)/g +const regex = /^\s*()(.*)(<\/div>)\s*$/g const regexTagStart = /<\w+>/g const regexTagEnd = /<\/\w+>/g const HASHTAG_TYPE = 'org.symphonyoss.taxonomy.hashtag' const CASHTAG_TYPE = 'org.symphonyoss.fin.security.id.ticker' const MENTION_TYPE = 'com.symphony.user.userId' -const EntityRegex = 'id=\"\\d+\">(.*?)<' SymMessageParser.parse = events => { const arrParsedMessages = [] @@ -17,16 +16,10 @@ SymMessageParser.parse = events => { try { events.forEach(event => { if (event.type === 'MESSAGESENT' && event.initiator.user.userId !== SymBotAuth.botUser.id) { - let match const message = event.payload.messageSent.message - while ((match = regex.exec(message.message)) !== null) { - if (match.index === regex.lastIndex) { - regex.lastIndex++ - } - let textMessage = match[2].replace(regexTagStart, '') - textMessage = textMessage.replace(regexTagEnd, '') - message.messageText = textMessage - } + + message.messageText = extractTextFromPresentationML(message.message) + arrParsedMessages.push(message) } }) @@ -43,6 +36,25 @@ SymMessageParser.parse = events => { return arrParsedMessages } +function extractTextFromPresentationML(presentationMl) { + const trimmedPresentationMl = presentationMl.trim() + + let indexOfFirstDivTag = trimmedPresentationMl.indexOf('', indexOfFirstDivTag) // index of first
tag + + let lastIndex = trimmedPresentationMl.lastIndexOf('
') // index of last tag + if(lastIndex == -1) { + return undefined + } + + let insideDiv = trimmedPresentationMl.substring(firstIndex + 1, lastIndex) // extract what is inside
+ return insideDiv.replace(regexTagStart, '').replace(regexTagEnd, '') //remove inside tags and extract text +} + function getTags (message, type) { const arrTags = [] diff --git a/tests/SymMessageParser/index.test.js b/tests/SymMessageParser/index.test.js index dcadfc0..d370787 100644 --- a/tests/SymMessageParser/index.test.js +++ b/tests/SymMessageParser/index.test.js @@ -6,26 +6,62 @@ describe('Message parsing', () => { SymBotAuth.botUser = { id: -1}; }); - test('simple message parsing', () => { + test('invalid opening tag', () => { + assertMessageParsed('Hello, World', + 'Hello, World'); + }); + + test('no opening tag', () => { + assertMessageParsed(' data-format="PresentationML" data-version="2.0">Hello, World', + undefined); + }); + + test('no closing tag', () => { + assertMessageParsed('
Hello, World', + undefined); + }); + + test('simple message', () => { assertMessageParsed('
Hello, World
', 'Hello, World'); }); - test('complex message parsing', () => { + test('simple message with spaces around div', () => { + assertMessageParsed('
Hello, World
', + 'Hello, World'); + }); + + test('message enclosed in markups', () => { assertMessageParsed('
Hello, World
', 'Hello, World'); }); - test('complex message parsing', () => { + test('message enclosed in markups with spaces around div', () => { + assertMessageParsed('
Hello, World
', + 'Hello, World'); + }); + + test('message partially enclosed in markups', () => { assertMessageParsed('
Hello wonderful world
', 'Hello wonderful world'); }); - test('complex message parsing', () => { + test('message partially enclosed in markups with spaces around div', () => { + assertMessageParsed('
Hello wonderful world
', + 'Hello wonderful world'); + }); + + test('message with several levels of markups', () => { assertMessageParsed( '
Hello wonderful and beautiful world
', 'Hello wonderful and beautiful world'); }); + + test('message with several levels of markups with spaces around div', () => { + assertMessageParsed( + '
Hello wonderful and beautiful world
', + 'Hello wonderful and beautiful world'); + }); }); function assertMessageParsed(incomingMessage, expectedParsedMessage) { From 3fe0465cff3c9726cca04f21e187e802c6f3e652 Mon Sep 17 00:00:00 2001 From: Elias Croze Date: Fri, 27 Nov 2020 15:45:10 +0100 Subject: [PATCH 3/5] Removed unused regex --- lib/SymMessageParser/index.js | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/SymMessageParser/index.js b/lib/SymMessageParser/index.js index 74ed244..1519a75 100644 --- a/lib/SymMessageParser/index.js +++ b/lib/SymMessageParser/index.js @@ -2,7 +2,6 @@ var SymBotAuth = require('../SymBotAuth') var SymMessageParser = {} -const regex = /^\s*()(.*)(<\/div>)\s*$/g const regexTagStart = /<\w+>/g const regexTagEnd = /<\/\w+>/g From 82f54f181d680aa8623dc8a4123b62683debff02 Mon Sep 17 00:00:00 2001 From: Elias Croze Date: Mon, 30 Nov 2020 10:11:14 +0100 Subject: [PATCH 4/5] Added unit tests --- tests/SymMessageParser/index.test.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/SymMessageParser/index.test.js b/tests/SymMessageParser/index.test.js index d370787..d181add 100644 --- a/tests/SymMessageParser/index.test.js +++ b/tests/SymMessageParser/index.test.js @@ -36,6 +36,11 @@ describe('Message parsing', () => { 'Hello, World'); }); + test('message enclosed in div markups', () => { + assertMessageParsed('
Hello, World
', + 'Hello, World'); + }); + test('message enclosed in markups with spaces around div', () => { assertMessageParsed('
Hello, World
', 'Hello, World'); @@ -46,6 +51,11 @@ describe('Message parsing', () => { 'Hello wonderful world'); }); + test('message partially enclosed in div markups', () => { + assertMessageParsed('
Hello
wonderful
world
', + 'Hello wonderful world'); + }); + test('message partially enclosed in markups with spaces around div', () => { assertMessageParsed('
Hello wonderful world
', 'Hello wonderful world'); From dd2742cbc3b9fec863204823b3910183cb24a482 Mon Sep 17 00:00:00 2001 From: Elias Croze Date: Mon, 30 Nov 2020 10:12:42 +0100 Subject: [PATCH 5/5] More unit tests --- tests/SymMessageParser/index.test.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/SymMessageParser/index.test.js b/tests/SymMessageParser/index.test.js index d181add..af7fa98 100644 --- a/tests/SymMessageParser/index.test.js +++ b/tests/SymMessageParser/index.test.js @@ -67,6 +67,12 @@ describe('Message parsing', () => { 'Hello wonderful and beautiful world'); }); + test('message with several levels of markups, innermost div', () => { + assertMessageParsed( + '
Hello wonderful
and
beautiful world
', + 'Hello wonderful and beautiful world'); + }); + test('message with several levels of markups with spaces around div', () => { assertMessageParsed( '
Hello wonderful and beautiful world
',