@applitools/eyes.cypress - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

package.json

 {
   "name": "@applitools/eyes.cypress",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "main": "index.js",
@@ -10,3 +10,4 @@ "license": "MIT",
     "test": "npm run test:mocha && npm run eslint",
-    "build": ""
+    "build": "",
+    "cypress": "cd tests/fixtures/testApp && cypress open --config integrationFolder=cypress/integration-timeout,pluginsFile=cypress/plugins/index-run.js,supportFile=cypress/support/index-run.js"
   },
@@ -24,5 +25,8 @@ "files": [
     "cors": "^2.8.4",
+    "cssom": "0.3.1",
     "dotenv": "^5.0.1",
     "express": "^4.16.3",
+    "he": "^1.1.1",
     "lodash": "^4.17.5",
+    "mime-types": "^2.1.18",
     "morgan": "^1.9.0",
@@ -29,0 +33,0 @@ "node-fetch": "^2.1.2"

src/cypress/plugin.js

@@ -59,3 +59,3 @@ require('dotenv').config();
 
-app.post('/eyes/:command', express.json(), async (req, res) => {
+app.post('/eyes/:command', express.json({limit: '100mb'}), async (req, res) => {
   log(`eyes api: ${req.params.command}, ${Object.keys(req.body)}`);
@@ -66,3 +66,3 @@ try {
   } catch (ex) {
-    console.error('error in eyes api:', ex.message);
+    console.error('error in eyes api:', ex);
     res.sendStatus(500);
@@ -69,0 +69,0 @@ }

src/render-grid/sdk/fetchResources.js

 const fetch = require('node-fetch');
 const {keyBy} = require('lodash');
+const {parse, CSSImportRule, CSSStyleRule, CSSFontFaceRule} = require('cssom');
+const {URL} = require('url');
 
-// TODO test with fetch mock? nock?
+function getUrlFromCssText(cssText) {
+  const match = cssText.match(/url\((?!['"]?(?:data|http):)['"]?([^'"\)]*)['"]?\)/);
+  return match ? match[1] : match;
+}
 
-module.exports = urls => {
-  const promises = urls.map(url =>
-    fetch(url).then(resp =>
-      resp.buffer().then(buff => ({
-        url,
-        type: resp.headers.get('Content-Type'),
-        value: buff,
-      })),
-    ),
-  );
+function absolutizeUrl(url, absoluteUrl) {
+  return new URL(url, absoluteUrl).href;
+}
 
-  return Promise.all(promises).then(resourceContents => keyBy(resourceContents, 'url'));
-};
+function extractResourcesFromStyleSheet(styleSheet, absoluteUrl) {
+  const resourceUrls = [...styleSheet.cssRules].reduce((acc, rule) => {
+    if (rule instanceof CSSImportRule) {
+      return acc.concat(absolutizeUrl(rule.href, absoluteUrl));
+    } else if (rule instanceof CSSFontFaceRule) {
+      return acc.concat(
+        absolutizeUrl(getUrlFromCssText(rule.style.getPropertyValue('src')), absoluteUrl),
+      );
+    } else if (rule instanceof CSSStyleRule) {
+      for (let i = 0, ii = rule.style.length; i < ii; i++) {
+        const url = getUrlFromCssText(rule.style.getPropertyValue(rule.style[i]));
+        url && acc.push(absolutizeUrl(url, absoluteUrl));
+      }
+    }
+    return acc;
+  }, []);
+  return [...new Set(resourceUrls)];
+}
+
+function extractCssResources(cssText, absoluteUrl) {
+  const styleSheet = parse(cssText);
+  return extractResourcesFromStyleSheet(styleSheet, absoluteUrl);
+}
+
+function fetchResources(urls) {
+  function doFetch(resourceUrls) {
+    console.log('fetching ', resourceUrls);
+    return Promise.all(
+      resourceUrls.map(url =>
+        fetch(url).then(resp =>
+          resp.buffer().then(buff => {
+            const contentType = resp.headers.get('Content-Type');
+            resources.push({
+              url,
+              type: contentType,
+              value: buff,
+            });
+            if (/text\/css/.test(contentType)) {
+              return doFetch(extractCssResources(buff.toString(), url));
+            } else {
+              return true;
+            }
+          }),
+        ),
+      ),
+    );
+  }
+
+  const resources = [];
+  return doFetch(urls).then(() => {
+    console.log('done fetching');
+    return keyBy(resources, 'url');
+  });
+}
+
+module.exports = fetchResources;

src/render-grid/sdk/openEyes.js

@@ -5,2 +5,3 @@ const EyesWrapper = require('./EyesWrapper');
 const {URL} = require('url');
+// const saveData = require('../troubleshoot/saveData');
 
@@ -32,2 +33,6 @@ async function openEyes({
     });
+
+    // TODO troubleshoot flag
+    // await saveData({renderId, cdt, resources, url});
+
     const screenshotUrl = await getRenderStatus(renderId, wrapper);
@@ -34,0 +39,0 @@ return await wrapper.checkWindow({screenshotUrl, tag});

New alerts

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29179

increased by32.93%

Number of package files

19

increased by11.76%

Lines of code

721

increased by35.27%

Number of medium supply chain risk alerts

3

decreased by-25%

Worsened metrics

Dependency count

10

increased by42.86%

Number of low supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedcssom@0.3.1

• + Addedhe@^1.1.1

• + Addedmime-types@^2.1.18

• + Addedcssom@0.3.1(transitive)

• + Addedhe@1.2.0(transitive)