New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
fido2-lib - npm Package Compare versions
Comparing version 1.1.0 to 1.1.1
@@ -12,3 +12,2 @@ /* eslint-disable no-invalid-this */ | ||
| abToPem, | ||
| arrayBufferEquals | ||
| } = require("../utils"); | ||
@@ -22,3 +21,2 @@ | ||
| const crypto = require("crypto"); | ||
| const jwkToPem = require("jwk-to-pem"); | ||
| const rootCertList = require("./u2fRootCerts"); | ||
@@ -71,3 +69,3 @@ | ||
| // decode attestation cert | ||
| var attCert = new Certificate(coerceToBase64(parsedAttCert)); | ||
| var attCert = new Certificate(coerceToBase64(parsedAttCert, "parsedAttCert")); | ||
| try { | ||
@@ -74,0 +72,0 @@ await attCert.verify(); |
@@ -66,3 +66,3 @@ /* eslint-disable no-invalid-this */ | ||
| if (ecdaaKeyId !== undefined) { | ||
| ecdaaKeyId = coerceToArrayBuffer(ecdaaKeyId); | ||
| ecdaaKeyId = coerceToArrayBuffer(ecdaaKeyId, "ecdaaKeyId"); | ||
| ret.set("ecdaaKeyId", ecdaaKeyId); | ||
@@ -154,3 +154,3 @@ } | ||
| // decode attestation cert | ||
| var attCert = new Certificate(coerceToBase64(parsedAttCert)); | ||
| var attCert = new Certificate(coerceToBase64(parsedAttCert, "parsedAttCert")); | ||
| try { | ||
@@ -157,0 +157,0 @@ await attCert.verify(); |
@@ -53,3 +53,3 @@ "use strict"; | ||
| var options = { | ||
| challenge: coerceToArrayBuffer(challenge), | ||
| challenge: coerceToArrayBuffer(challenge, "challenge"), | ||
| timeout: this.config.timeout | ||
@@ -91,3 +91,3 @@ }; | ||
| }, | ||
| challenge: coerceToArrayBuffer(challenge), | ||
| challenge: coerceToArrayBuffer(challenge, "challenge"), | ||
| timeout: this.config.timeout | ||
@@ -253,4 +253,12 @@ }; | ||
| // add 'tpm' attestation format | ||
| const tpmAttestation = require("./attestations/tpm"); | ||
| Fido2Lib.addAttestationFormat( | ||
| tpmAttestation.name, | ||
| tpmAttestation.parseFn, | ||
| tpmAttestation.validateFn | ||
| ); | ||
| module.exports = { | ||
| Fido2Lib | ||
| }; |
@@ -88,3 +88,3 @@ "use strict"; | ||
| } | ||
| var rawId = coerceToArrayBuffer(msg.rawId); | ||
| var rawId = coerceToArrayBuffer(msg.rawId, "rawId"); | ||
@@ -136,3 +136,3 @@ if (typeof msg.response !== "object") { | ||
| // update docs to say ArrayBuffer-ish object | ||
| attestationObject = coerceToArrayBuffer(attestationObject); | ||
| attestationObject = coerceToArrayBuffer(attestationObject, "attestationObject"); | ||
@@ -245,3 +245,3 @@ // parse attestation | ||
| if (msg.response.userHandle !== undefined) { | ||
| userHandle = coerceToArrayBuffer(msg.response.userHandle); | ||
| userHandle = coerceToArrayBuffer(msg.response.userHandle, "response.userHandle"); | ||
| if (userHandle.byteLength === 0) { | ||
@@ -252,3 +252,3 @@ userHandle = undefined; | ||
| let sigAb = coerceToArrayBuffer(msg.response.signature); | ||
| let sigAb = coerceToArrayBuffer(msg.response.signature, "response.signature"); | ||
| let ret = new Map([ | ||
@@ -255,0 +255,0 @@ ["sig", sigAb], |
@@ -54,2 +54,6 @@ "use strict"; | ||
| function coerceToBase64(thing, name) { | ||
| if (!name) { | ||
| throw new TypeError("name not specified in coerceToBase64"); | ||
| } | ||
| // Array to Uint8Array | ||
@@ -83,2 +87,6 @@ if (Array.isArray(thing)) { | ||
| function coerceToBase64Url(thing, name) { | ||
| if (!name) { | ||
| throw new TypeError("name not specified in coerceToBase64Url"); | ||
| } | ||
| // Array to Uint8Array | ||
@@ -116,2 +124,6 @@ if (Array.isArray(thing)) { | ||
| function coerceToArrayBuffer(buf, name) { | ||
| if (!name) { | ||
| throw new TypeError("name not specified in coerceToArrayBuffer"); | ||
| } | ||
| if (typeof buf === "string") { | ||
@@ -222,3 +234,3 @@ // base64url to base64 | ||
| function abToPem(type, ab) { | ||
| var str = coerceToBase64(ab); | ||
| var str = coerceToBase64(ab, "abToPem"); | ||
| return [ | ||
@@ -225,0 +237,0 @@ `-----BEGIN ${type}-----\n`, |
@@ -267,4 +267,5 @@ /* eslint-disable no-invalid-this */ | ||
| if (typeof tokenBinding === "object") { | ||
| if (tokenBinding.status !== "not-supported") { | ||
| throw new Error("tokenBinding status should be 'not-supported', got: " + tokenBinding.status); | ||
| if (tokenBinding.status !== "not-supported" && | ||
| tokenBinding.status !== "supported") { | ||
| throw new Error("tokenBinding status should be 'not-supported' or 'supported', got: " + tokenBinding.status); | ||
| } | ||
@@ -279,2 +280,3 @@ | ||
| // TODO: add audit.info for token binding status so that it can be used for policies, risk, etc. | ||
| this.audit.journal.add("tokenBinding"); | ||
@@ -281,0 +283,0 @@ |
| { | ||
| "name": "fido2-lib", | ||
| "version": "1.1.0", | ||
| "version": "1.1.1", | ||
| "description": "A library for performing FIDO 2.0 / WebAuthn functionality", | ||
@@ -32,3 +32,3 @@ "main": "index.js", | ||
| "chai-as-promised": "^7.1.1", | ||
| "fido2-helpers": "^1.2.0", | ||
| "fido2-helpers": "^1.3.0", | ||
| "gh-pages": "^0.12.0", | ||
@@ -35,0 +35,0 @@ "ink-docstrap": "^1.3.0", |
@@ -14,3 +14,31 @@ "use strict"; | ||
| const packedAttestation = require("../lib/attestations/packed"); | ||
| const tpmAttestation = require("../lib/attestations/tpm"); | ||
| function restoreAttestationFormats() { | ||
| // add 'none' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| noneAttestation.name, | ||
| noneAttestation.parseFn, | ||
| noneAttestation.validateFn | ||
| ); | ||
| // add 'u2f' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| u2fAttestation.name, | ||
| u2fAttestation.parseFn, | ||
| u2fAttestation.validateFn | ||
| ); | ||
| // add 'packed' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| packedAttestation.name, | ||
| packedAttestation.parseFn, | ||
| packedAttestation.validateFn | ||
| ); | ||
| // add 'tpm' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| tpmAttestation.name, | ||
| tpmAttestation.parseFn, | ||
| tpmAttestation.validateFn | ||
| ); | ||
| } | ||
| describe("Fido2Lib", function() { | ||
@@ -119,20 +147,3 @@ it("can create FIDO server object", function() { | ||
| after(function() { | ||
| // add 'none' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| noneAttestation.name, | ||
| noneAttestation.parseFn, | ||
| noneAttestation.validateFn | ||
| ); | ||
| // add 'u2f' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| u2fAttestation.name, | ||
| u2fAttestation.parseFn, | ||
| u2fAttestation.validateFn | ||
| ); | ||
| // add 'packed' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| packedAttestation.name, | ||
| packedAttestation.parseFn, | ||
| packedAttestation.validateFn | ||
| ); | ||
| restoreAttestationFormats(); | ||
| }); | ||
@@ -195,20 +206,3 @@ | ||
| after(function() { | ||
| // add 'none' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| noneAttestation.name, | ||
| noneAttestation.parseFn, | ||
| noneAttestation.validateFn | ||
| ); | ||
| // add 'u2f' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| u2fAttestation.name, | ||
| u2fAttestation.parseFn, | ||
| u2fAttestation.validateFn | ||
| ); | ||
| // add 'packed' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| packedAttestation.name, | ||
| packedAttestation.parseFn, | ||
| packedAttestation.validateFn | ||
| ); | ||
| restoreAttestationFormats(); | ||
| }); | ||
@@ -281,20 +275,3 @@ | ||
| after(function() { | ||
| // add 'none' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| noneAttestation.name, | ||
| noneAttestation.parseFn, | ||
| noneAttestation.validateFn | ||
| ); | ||
| // add 'u2f' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| u2fAttestation.name, | ||
| u2fAttestation.parseFn, | ||
| u2fAttestation.validateFn | ||
| ); | ||
| // add 'packed' attestation format | ||
| Fido2Lib.addAttestationFormat( | ||
| packedAttestation.name, | ||
| packedAttestation.parseFn, | ||
| packedAttestation.validateFn | ||
| ); | ||
| restoreAttestationFormats(); | ||
| }); | ||
@@ -301,0 +278,0 @@ |
@@ -99,7 +99,7 @@ "use strict"; | ||
| var samAnon1 = { | ||
| "rawId": coerceToArrayBuffer("85YZwBmkHxXoNdCZvUlUuEAYWDfaMYR7AFeelRdVZEJL6IWJPYozsgutHDm3-go8hnM4tNmrGflVH27Ifixfnw"), | ||
| "id": coerceToArrayBuffer("85YZwBmkHxXoNdCZvUlUuEAYWDfaMYR7AFeelRdVZEJL6IWJPYozsgutHDm3-go8hnM4tNmrGflVH27Ifixfnw"), | ||
| "rawId": coerceToArrayBuffer("85YZwBmkHxXoNdCZvUlUuEAYWDfaMYR7AFeelRdVZEJL6IWJPYozsgutHDm3-go8hnM4tNmrGflVH27Ifixfnw", "rawId"), | ||
| "id": coerceToArrayBuffer("85YZwBmkHxXoNdCZvUlUuEAYWDfaMYR7AFeelRdVZEJL6IWJPYozsgutHDm3-go8hnM4tNmrGflVH27Ifixfnw", "id"), | ||
| "response": { | ||
| "clientDataJSON": coerceToArrayBuffer("eyJjaGFsbGVuZ2UiOiJrTldvVXRyUTBPMnB4S2Q4NElhWk9KLUNMSjY5ZWV2bVYtbzhiSGNUaHhnb0otbHNyRVpVUGhXTFd6dzRaSkt6WmVvQkRkTlp1Y0lFeVVtXzRjdXIyUSIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4ub3JnIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9"), | ||
| "attestationObject": coerceToArrayBuffer("o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjElWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4_Xy7IpvdRBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPOWGcAZpB8V6DXQmb1JVLhAGFg32jGEewBXnpUXVWRCS-iFiT2KM7ILrRw5t_oKPIZzOLTZqxn5VR9uyH4sX5-lAQIDJiABIVgg-wdw0fdf-XYOiCWkXpkGsWQ4rFdD1adtm3T1E9EGBLEiWCBxf3Fc35Z1dDWk9py_IrqcjDofanUESVsZlE5rRfQt3g") | ||
| "clientDataJSON": coerceToArrayBuffer("eyJjaGFsbGVuZ2UiOiJrTldvVXRyUTBPMnB4S2Q4NElhWk9KLUNMSjY5ZWV2bVYtbzhiSGNUaHhnb0otbHNyRVpVUGhXTFd6dzRaSkt6WmVvQkRkTlp1Y0lFeVVtXzRjdXIyUSIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4ub3JnIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9", "clientDataJSON"), | ||
| "attestationObject": coerceToArrayBuffer("o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjElWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4_Xy7IpvdRBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPOWGcAZpB8V6DXQmb1JVLhAGFg32jGEewBXnpUXVWRCS-iFiT2KM7ILrRw5t_oKPIZzOLTZqxn5VR9uyH4sX5-lAQIDJiABIVgg-wdw0fdf-XYOiCWkXpkGsWQ4rFdD1adtm3T1E9EGBLEiWCBxf3Fc35Z1dDWk9py_IrqcjDofanUESVsZlE5rRfQt3g", "attestationObject") | ||
| } | ||
@@ -117,7 +117,7 @@ }; | ||
| var ffNonAnon = { | ||
| "rawId": coerceToArrayBuffer("3Rt6TThR4PkGcx8UmGoRXji-xvbgoLDlpYgtVdR8uZ2zU3r6lVf8_R9mXvs2d1dDi3p8x1ApIsg5tl6v5beHUA"), | ||
| "id": coerceToArrayBuffer("3Rt6TThR4PkGcx8UmGoRXji-xvbgoLDlpYgtVdR8uZ2zU3r6lVf8_R9mXvs2d1dDi3p8x1ApIsg5tl6v5beHUA"), | ||
| "rawId": coerceToArrayBuffer("3Rt6TThR4PkGcx8UmGoRXji-xvbgoLDlpYgtVdR8uZ2zU3r6lVf8_R9mXvs2d1dDi3p8x1ApIsg5tl6v5beHUA", "rawId"), | ||
| "id": coerceToArrayBuffer("3Rt6TThR4PkGcx8UmGoRXji-xvbgoLDlpYgtVdR8uZ2zU3r6lVf8_R9mXvs2d1dDi3p8x1ApIsg5tl6v5beHUA", "id"), | ||
| "response": { | ||
| "clientDataJSON": coerceToArrayBuffer("eyJjaGFsbGVuZ2UiOiJRUVRjMjQ2ZmpMSG5ud05ybWluQ0t5SkUtTmczc2tXMzB1cTRMMnZxeF94TmRqOVpJYTRCM0FHaHc2Zl9fUmlqT3M2U2JiUDZtNmxrTGNNSkc0Z1JZZyIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4ub3JnIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9"), | ||
| "attestationObject": coerceToArrayBuffer("o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEcwRQIgMKeGa23je6E2jKxsxwoEKF2u0d08ZGLPT-DG-4Iq8gsCIQDuj9LQtQTYReQ8Drt9iXg7OwxolLOIQojh9BlSrqtoPmN4NWOBWQLCMIICvjCCAaagAwIBAgIEdIb9wjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTk1NTAwMzg0MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJVd8633JH0xde_9nMTzGk6HjrrhgQlWYVD7OIsuX2Unv1dAmqWBpQ0KxS8YRFwKE1SKE1PIpOWacE5SO8BN6-2jbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4xMBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEPigEfOMCk0VgAYXER-e3H0wDAYDVR0TAQH_BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMVxIgOaaUn44Zom9af0KqG9J655OhUVBVW-q0As6AIod3AH5bHb2aDYakeIyyBCnnGMHTJtuekbrHbXYXERIn4aKdkPSKlyGLsA_A-WEi-OAfXrNVfjhrh7iE6xzq0sg4_vVJoywe4eAJx0fS-Dl3axzTTpYl71Nc7p_NX6iCMmdik0pAuYJegBcTckE3AoYEg4K99AM_JaaKIblsbFh8-3LxnemeNf7UwOczaGGvjS6UzGVI0Odf9lKcPIwYhuTxM5CaNMXTZQ7xq4_yTfC3kPWtE4hFT34UJJflZBiLrxG4OsYxkHw_n5vKgmpspB3GfYuYTWhkDKiE8CYtyg87mhhdXRoRGF0YVjElWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4_Xy7IpvdRBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN0bek04UeD5BnMfFJhqEV44vsb24KCw5aWILVXUfLmds1N6-pVX_P0fZl77NndXQ4t6fMdQKSLIObZer-W3h1ClAQIDJiABIVggNffg6YQ33oZU8wQEBJzQmIRQW-TmDawtPQzMDoV2P0UiWCCGtepcwfyadjsJEAIRxnBtdMCerQ332aWOC_hGgE74-w") | ||
| "clientDataJSON": coerceToArrayBuffer("eyJjaGFsbGVuZ2UiOiJRUVRjMjQ2ZmpMSG5ud05ybWluQ0t5SkUtTmczc2tXMzB1cTRMMnZxeF94TmRqOVpJYTRCM0FHaHc2Zl9fUmlqT3M2U2JiUDZtNmxrTGNNSkc0Z1JZZyIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4ub3JnIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9", "clientDataJSON"), | ||
| "attestationObject": coerceToArrayBuffer("o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEcwRQIgMKeGa23je6E2jKxsxwoEKF2u0d08ZGLPT-DG-4Iq8gsCIQDuj9LQtQTYReQ8Drt9iXg7OwxolLOIQojh9BlSrqtoPmN4NWOBWQLCMIICvjCCAaagAwIBAgIEdIb9wjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTk1NTAwMzg0MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJVd8633JH0xde_9nMTzGk6HjrrhgQlWYVD7OIsuX2Unv1dAmqWBpQ0KxS8YRFwKE1SKE1PIpOWacE5SO8BN6-2jbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4xMBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEPigEfOMCk0VgAYXER-e3H0wDAYDVR0TAQH_BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMVxIgOaaUn44Zom9af0KqG9J655OhUVBVW-q0As6AIod3AH5bHb2aDYakeIyyBCnnGMHTJtuekbrHbXYXERIn4aKdkPSKlyGLsA_A-WEi-OAfXrNVfjhrh7iE6xzq0sg4_vVJoywe4eAJx0fS-Dl3axzTTpYl71Nc7p_NX6iCMmdik0pAuYJegBcTckE3AoYEg4K99AM_JaaKIblsbFh8-3LxnemeNf7UwOczaGGvjS6UzGVI0Odf9lKcPIwYhuTxM5CaNMXTZQ7xq4_yTfC3kPWtE4hFT34UJJflZBiLrxG4OsYxkHw_n5vKgmpspB3GfYuYTWhkDKiE8CYtyg87mhhdXRoRGF0YVjElWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4_Xy7IpvdRBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN0bek04UeD5BnMfFJhqEV44vsb24KCw5aWILVXUfLmds1N6-pVX_P0fZl77NndXQ4t6fMdQKSLIObZer-W3h1ClAQIDJiABIVggNffg6YQ33oZU8wQEBJzQmIRQW-TmDawtPQzMDoV2P0UiWCCGtepcwfyadjsJEAIRxnBtdMCerQ332aWOC_hGgE74-w", "attestionObject") | ||
| } | ||
@@ -124,0 +124,0 @@ }; |
New alerts
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by10.06%
228520
- Number of package files
- increased by7.14%
30
- Lines of code
- increased by11.14%
4920
Worsened metrics
- Number of low supply chain risk alerts
- increased by200%
3
No dependency changes