dc/dc
6
1
Fork 0
Code Issues 20 Pull Requests Actions Packages Projects Releases 76 Wiki Activity

fix: bump xlsx, add crypto-shim
All checks were successful
Build / Build-and-ng-test (pull_request) Successful in 3m29s
Details
Lighthouse Checks / lighthouse (24.5.0) (pull_request) Successful in 18m24s
Details
Build / Build-and-test-development (pull_request) Successful in 9m33s
Details

Browse Source 
crypto-shim fixes vulnerable crypto-browserify package used by sheetjs/crypto, shim is based on crypto-js
This commit is contained in:
s
2026-01-13 15:04:17 +01:00
parent aecd597687
commit 8dc18b155a
9 changed files with 74 additions and 1336 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/angular.json
View File

@@ -41,6 +41,8 @@
"zone.js",
"text-encoding",
"crypto-js/md5",
"crypto-js/sha1",
"crypto-js/sha512",
"buffer",
"numbro",
"@clr/icons",

BIN
client/libraries/xlsx-0.20.3.tgz Normal file
View File

Binary file not shown.

1333
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

3
client/package.json
View File

@@ -58,7 +58,6 @@
"@types/text-encoding": "0.0.35",
"base64-arraybuffer": "^0.2.0",
"buffer": "^5.4.3",
"crypto-browserify": "^3.12.1",
"crypto-js": "^4.2.0",
"d3-graphviz": "^5.0.2",
"fs-extra": "^7.0.1",
@@ -82,7 +81,7 @@
"tslib": "^2.3.0",
"vm": "^0.1.0",
"webpack": "^5.91.0",
"xlsx": "^0.18.5",
"xlsx": "file:libraries/xlsx-0.20.3.tgz",
"zone.js": "~0.15.1"
},
"devDependencies": {

3
client/src/app/spreadsheet.worker.ts
View File

@@ -4,6 +4,9 @@
* We use normal version of the XLSX (SheetJS)
* Because at the moment "@sheet/crypto" can't work in the Web Worker environment
* Because of the missing "global" variable.
*
* Version bumped to v0.20.3 (`libraries/xlsx-0.20.3.tgz`)
* @see https://cdn.sheetjs.com/
*/
import * as XLSX from 'xlsx'

51
client/src/crypto-shim.ts Normal file
View File

@@ -0,0 +1,51 @@
import CryptoJS from 'crypto-js'
import { Buffer } from 'buffer'
class CryptoJSHash {
private hasher: any
constructor(algorithm: string) {
const algo = algorithm.toLowerCase()
switch (algo) {
case 'md5':
this.hasher = CryptoJS.algo.MD5.create()
break
case 'sha1':
this.hasher = CryptoJS.algo.SHA1.create()
break
case 'sha256':
this.hasher = CryptoJS.algo.SHA256.create()
break
case 'sha384':
this.hasher = CryptoJS.algo.SHA384.create()
break
case 'sha512':
this.hasher = CryptoJS.algo.SHA512.create()
break
case 'md2':
throw new Error('MD2 not supported - file uses very old encryption')
default:
throw new Error(`Hash algorithm ${algorithm} not supported`)
}
}
update(data: string | Buffer | Uint8Array) {
const wordArray =
typeof data === 'string'
? CryptoJS.enc.Utf8.parse(data)
: CryptoJS.lib.WordArray.create(data as any)
this.hasher.update(wordArray)
return this
}
digest(encoding?: 'hex' | 'base64' | 'buffer') {
const hash = this.hasher.finalize()
if (encoding === 'hex') return hash.toString(CryptoJS.enc.Hex)
if (encoding === 'base64') return hash.toString(CryptoJS.enc.Base64)
return Buffer.from(hash.toString(CryptoJS.enc.Hex), 'hex')
}
}
export const createHash = (algorithm: string) => new CryptoJSHash(algorithm)
export default { createHash }

3
client/tsconfig.app.json
View File

@@ -13,7 +13,8 @@
"files": [
"src/polyfills.ts",
"src/main.ts",
"src/app/app.d.ts"
"src/app/app.d.ts",
"src/crypto-shim.ts"
],
"include": [
"src/**/*.d.ts"

2
client/tsconfig.json
View File

@@ -22,7 +22,7 @@
"target": "ES2022",
"paths": {
"crypto": [
"./node_modules/crypto-browserify"
"./src/crypto-shim"
],
"stream": [
"./node_modules/stream-browserify"

13
client/tsconfig.spec.json
View File

@@ -3,15 +3,8 @@
"extends": "./tsconfig.json",
"compilerOptions": {
"outDir": "./out-tsc/spec",
"types": [
"jasmine"
]
"types": ["jasmine"]
},
"files": [
"src/polyfills.ts"
],
"include": [
"src/**/*.spec.ts",
"src/**/*.d.ts"
]
"files": ["src/polyfills.ts", "src/crypto-shim.ts"],
"include": ["src/**/*.spec.ts", "src/**/*.d.ts"]
}