puppeteer-extra-plugin-stealth - npm Package Compare versions

Comparing version 2.8.1 to 2.8.2

evasions/_utils/index.js

@@ -26,3 +26,12 @@ /**
 utils.stripProxyFromErrors = (handler = {}) => {
-  const newHandler = {}
+  const newHandler = {
+    setPrototypeOf: function (target, proto) {
+      if (proto === null)
+        throw new TypeError('Cannot convert object to primitive value')
+      if (Object.getPrototypeOf(target) === Object.getPrototypeOf(proto)) {
+        throw new TypeError('Cyclic __proto__ value')
+      }
+      return Reflect.setPrototypeOf(target, proto)
+    }
+  }
   // We wrap each trap in the handler in a try/catch and modify the error stack if they throw
@@ -270,2 +279,6 @@ const traps = Object.getOwnPropertyNames(handler)
 
+      if (typeof ctx === 'undefined' || ctx === null) {
+        return target.call(ctx)
+      }
+
       // Check if the toString protype of the context is the same as the global prototype,
@@ -272,0 +285,0 @@ // if not indicates that we are doing a check across different windows., e.g. the iframeWithdirect` test case

evasions/_utils/index.test.js

@@ -116,3 +116,4 @@ const test = require('ava')
         raw2: HTMLMediaElement.prototype.canPlayType.toString(),
-        rawiframe2: iframe.contentWindow.HTMLMediaElement.prototype.canPlayType.toString(),
+        rawiframe2:
+          iframe.contentWindow.HTMLMediaElement.prototype.canPlayType.toString(),
         direct: Function.prototype.toString.call(
@@ -175,2 +176,45 @@ HTMLMediaElement.prototype.canPlayType
 
+test('redirectToString: has proper errors', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+
+  // Patch all documents including iframes
+  await withUtils(page).evaluateOnNewDocument(utils => {
+    // We redirect toString calls targeted at `canPlayType` to `getParameter`,
+    // so if everything works correctly we expect `getParameter` as response.
+    const proxyObj = HTMLMediaElement.prototype.canPlayType
+    const originalObj = WebGLRenderingContext.prototype.getParameter
+
+    utils.redirectToString(proxyObj, originalObj)
+  })
+  await page.goto('about:blank')
+
+  const result = await withUtils(page).evaluate(utils => {
+    const evalErr = (str = '') => {
+      try {
+        // eslint-disable-next-line no-eval
+        return eval(str)
+      } catch (err) {
+        return err.toString()
+      }
+    }
+
+    return {
+      blank: evalErr(`Function.prototype.toString.apply()`),
+      null: evalErr(`Function.prototype.toString.apply(null)`),
+      undef: evalErr(`Function.prototype.toString.apply(undefined)`),
+      emptyObject: evalErr(`Function.prototype.toString.apply({})`)
+    }
+  })
+  t.deepEqual(result, {
+    blank:
+      "TypeError: Function.prototype.toString requires that 'this' be a Function",
+    null: "TypeError: Function.prototype.toString requires that 'this' be a Function",
+    undef:
+      "TypeError: Function.prototype.toString requires that 'this' be a Function",
+    emptyObject:
+      "TypeError: Function.prototype.toString requires that 'this' be a Function"
+  })
+})
+
 test('patchToString: will work correctly', async t => {
@@ -490,1 +534,44 @@ const browser = await vanillaPuppeteer.launch({ headless: true })
 })
+
+test('replaceWithProxy: will throw prototype errors', async t => {
+  const browser = await vanillaPuppeteer.launch({ headless: true })
+  const page = await browser.newPage()
+  await page.goto('about:blank')
+
+  const result = await withUtils(page).evaluate(utils => {
+    utils.replaceWithProxy(HTMLMediaElement.prototype, 'canPlayType', {})
+
+    const evalErr = (str = '') => {
+      try {
+        // eslint-disable-next-line no-eval
+        return eval(str)
+      } catch (err) {
+        return err.toString()
+      }
+    }
+
+    return {
+      same: evalErr(
+        `Object.setPrototypeOf(HTMLMediaElement.prototype.canPlayType, HTMLMediaElement.prototype.canPlayType) + ""`
+      ),
+      sameString: evalErr(
+        `Object.setPrototypeOf(Function.prototype.toString, Function.prototype.toString) + ""`
+      ),
+      null: evalErr(
+        `Object.setPrototypeOf(Function.prototype.toString, null) + ""`
+      ),
+      undef: evalErr(
+        `Object.setPrototypeOf(Function.prototype.toString, undefined) + ""`
+      ),
+      none: evalErr(`Object.setPrototypeOf(Function.prototype.toString) + ""`)
+    }
+  })
+  t.deepEqual(result, {
+    same: 'TypeError: Cyclic __proto__ value',
+    sameString: 'TypeError: Cyclic __proto__ value',
+    null: 'TypeError: Cannot convert object to primitive value',
+    undef:
+      'TypeError: Object prototype may only be an Object or null: undefined',
+    none: 'TypeError: Object prototype may only be an Object or null: undefined'
+  })
+})

package.json

 {
   "name": "puppeteer-extra-plugin-stealth",
-  "version": "2.8.1",
+  "version": "2.8.2",
   "description": "Stealth mode: Applies various techniques to make detection of headless puppeteer harder.",
@@ -58,3 +58,3 @@ "main": "index.js",
   },
-  "gitHead": "b4a21d20d0065423dd6cf5139a105815716917ae"
+  "gitHead": "358246d5cc56bbb8800624128503482b8d7b426a"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

734623

increased by0.48%

Lines of code

5615

increased by1.63%

Worsened metrics

Number of medium supply chain risk alerts

9

increased by28.57%

No dependency changes