Add pdf.js detection

RetireJS · Jun 6, 2024 · 849d4ea · 849d4ea
1 parent a69486b
commit 849d4ea
Show file tree

Hide file tree

Showing 5 changed files with 297 additions and 19 deletions.
diff --git a/chrome/extension/js/generated/retire-chrome.js b/chrome/extension/js/generated/retire-chrome.js
diff --git a/repository/jsrepository-master.json b/repository/jsrepository-master.json
@@ -5856,6 +5856,45 @@
       "func": ["MathJax.version"]
     }
   },
+  "pdf.js": {
+    "bowername": ["pdfjs-dist"],
+    "npmname": "pdfjs-dist",
+    "vulnerabilities": [
+      {
+        "ranges": [
+          {
+            "atOrAbove": "0",
+            "below": "4.2.67"
+          }
+        ],
+        "summary": "PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF",
+        "cwe": [],
+        "severity": "high",
+        "identifiers": {
+          "CVE": ["CVE-2024-34342", "CVE-2024-4367"],
+          "githubID": "GHSA-wgrm-67xf-hhpq"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-wgrm-67xf-hhpq",
+          "https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq",
+          "https://github.com/mozilla/pdf.js/pull/18015",
+          "https://github.com/mozilla/pdf.js/commit/85e64b5c16c9aaef738f421733c12911a441cec6",
+          "https://bugzilla.mozilla.org/show_bug.cgi?id=1893645",
+          "https://github.com/mozilla/pdf.js"
+        ]
+      }
+    ],
+    "extractors": {
+      "uri": ["/pdf\\.js/(§§version§§)/", "/pdfjs-dist@(§§version§§)/"],
+      "filecontent": [
+        " pdfjs-dist@(§§version§§) ",
+        "(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
+        "PDFJS.version ?= ?['\"](§§version§§)['\"]",
+        "apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
+        "messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
+      ]
+    }
+  },
   "dont check": {
     "vulnerabilities": [],
     "extractors": {

diff --git a/repository/jsrepository-v2.json b/repository/jsrepository-v2.json
@@ -7455,6 +7455,26 @@
       ]
     }
   },
+  "pdf.js": {
+    "bowername": [
+      "pdfjs-dist"
+    ],
+    "npmname": "pdfjs-dist",
+    "vulnerabilities": [],
+    "extractors": {
+      "uri": [
+        "/pdf\\.js/(§§version§§)/",
+        "/pdfjs-dist@(§§version§§)/"
+      ],
+      "filecontent": [
+        " pdfjs-dist@(§§version§§) ",
+        "(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
+        "PDFJS.version ?= ?['\"](§§version§§)['\"]",
+        "apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
+        "messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
+      ]
+    }
+  },
   "dont check": {
     "vulnerabilities": [],
     "extractors": {

diff --git a/repository/jsrepository.json b/repository/jsrepository.json
@@ -7385,6 +7385,26 @@
       ]
     }
   },
+  "pdf.js": {
+    "bowername": [
+      "pdfjs-dist"
+    ],
+    "npmname": "pdfjs-dist",
+    "vulnerabilities": [],
+    "extractors": {
+      "uri": [
+        "/pdf\\.js/(§§version§§)/",
+        "/pdfjs-dist@(§§version§§)/"
+      ],
+      "filecontent": [
+        " pdfjs-dist@(§§version§§) ",
+        "(?:const|var) pdfjsVersion = ['\"](§§version§§)['\"];",
+        "PDFJS.version ?= ?['\"](§§version§§)['\"]",
+        "apiVersion: ?['\"](§§version§§)['\"][\\s\\S]*,data(:[a-zA-Z.]{1,6})?,[\\s\\S]*password(:[a-zA-Z.]{1,10})?,[\\s\\S]*disableAutoFetch(:[a-zA-Z.]{1,22})?,[\\s\\S]*rangeChunkSize",
+        "messageHandler\\.sendWithPromise\\(\"GetDocRequest\",\\{docId:[a-zA-Z],apiVersion:\"(§§version§§)\""
+      ]
+    }
+  },
   "dont check": {
     "vulnerabilities": [],
     "extractors": {

diff --git a/repository/testcases.json b/repository/testcases.json
@@ -634,5 +634,23 @@
       "allowAstMiss": ["0.17.1"],
       "subversions": ["", ".min"]
     }
+  },
+  "pdf.js": {
+    "https://cdnjs.cloudflare.com/ajax/libs/pdf.js/§§version§§/pdf§§subversion§§.mjs": {
+      "versions": ["4.3.136", "4.0.189"],
+      "subversions": ["", ".min"]
+    },
+    "https://cdnjs.cloudflare.com/ajax/libs/pdf.js/§§version§§/pdf§§subversion§§.js": {
+      "versions": [
+        "3.11.174",
+        "3.2.146",
+        "2.16.105",
+        "2.2.2",
+        "2.0.173",
+        "1.10.100",
+        "1.0.818"
+      ],
+      "subversions": ["", ".min"]
+    }
   }
 }