diff --git a/package-lock.json b/package-lock.json index 282df390c..c19696f07 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14396,20 +14396,33 @@ } }, "node_modules/form-data": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz", - "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==", + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.6.tgz", + "integrity": "sha512-vKatAh4SlVfgbv+YtmhiRjhEMJsYpsG1Y2rMQtR+SVSbytsSD1YGzDIcrAJmdFec88u/+VoGmxnl+80gL1tRCQ==", + "license": "MIT", "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", - "hasown": "^2.0.2", - "mime-types": "^2.1.12" + "hasown": "^2.0.4", + "mime-types": "^2.1.35" }, "engines": { "node": ">= 6" } }, + "node_modules/form-data/node_modules/hasown": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz", + "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/format": { "version": "0.2.2", "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz", @@ -14495,7 +14508,6 @@ "version": "2.3.2", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, "hasInstallScript": true, "optional": true, "os": [ diff --git a/preview/package-lock.json b/preview/package-lock.json index 93cf042fd..c2e55e8dd 100644 --- a/preview/package-lock.json +++ b/preview/package-lock.json @@ -11,7 +11,7 @@ "body-parser": "^2.2.2", "express": "^5.2.1", "follow-redirects": "^1.16.0", - "http-proxy-middleware": "^3.0.5", + "http-proxy-middleware": "^3.0.7", "node": "^20.19.5", "node-fetch": "^2.6.1", "path-to-regexp": "^0.1.13" @@ -416,9 +416,10 @@ } }, "node_modules/http-proxy-middleware": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-3.0.5.tgz", - "integrity": "sha512-GLZZm1X38BPY4lkXA01jhwxvDoOkkXqjgVyUzVxiEK4iuRu03PZoYHhHRwxnfhQMDuaxi3vVri0YgSro/1oWqg==", + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-3.0.7.tgz", + "integrity": "sha512-iwbQltVlx8bCrqePUM8C+hllHvdawVhQJaLrj1X7qllkvFQdXFsr16pW/mo9+JDVjN+QO2XUx9jd8SmoFkE5qw==", + "license": "MIT", "dependencies": { "@types/http-proxy": "^1.17.15", "debug": "^4.3.6", @@ -428,7 +429,7 @@ "micromatch": "^4.0.8" }, "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + "node": "^14.18.0 || ^16.10.0 || >=18.0.0" } }, "node_modules/http-proxy-middleware/node_modules/braces": { diff --git a/preview/package.json b/preview/package.json index 5812e4659..2dc8e5c4e 100644 --- a/preview/package.json +++ b/preview/package.json @@ -14,7 +14,7 @@ "body-parser": "^2.2.2", "express": "^5.2.1", "follow-redirects": "^1.16.0", - "http-proxy-middleware": "^3.0.5", + "http-proxy-middleware": "^3.0.7", "node": "^20.19.5", "node-fetch": "^2.6.1", "path-to-regexp": "^0.1.13" diff --git a/src/HostedExplorer.test.tsx b/src/HostedExplorer.test.tsx index 083700e0e..22629c078 100644 --- a/src/HostedExplorer.test.tsx +++ b/src/HostedExplorer.test.tsx @@ -63,11 +63,15 @@ const dispatchPostMessage = (data: unknown, origin: string) => { window.dispatchEvent(event); }; +// Deliberately invalid account name +const FAKE_ACCOUNT_NAME: string = "-FakeAccount-"; +const FAKE_KEY: string = ""; + describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("accepts a valid SQL connection string from an allowed origin", async () => { render(); - const validConnStr = "AccountEndpoint=https://myaccount.documents.azure.com:443/;AccountKey=dGVzdGtleQ==;"; + const validConnStr = `AccountEndpoint=https://${FAKE_ACCOUNT_NAME}.documents.azure.com:443/;AccountKey=${FAKE_KEY};`; await act(async () => { dispatchPostMessage( @@ -83,7 +87,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("accepts a valid Mongo connection string from an allowed origin", async () => { render(); - const mongoConnStr = "mongodb://myaccount:dGVzdGtleQ==@myaccount.documents.azure.com:10255"; + const mongoConnStr = `mongodb://${FAKE_ACCOUNT_NAME}:${FAKE_KEY}@${FAKE_ACCOUNT_NAME}.documents.azure.com:10255`; await act(async () => { dispatchPostMessage( @@ -99,8 +103,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("accepts a valid Cassandra connection string from an allowed origin", async () => { render(); - const cassandraConnStr = - "AccountEndpoint=https://myaccount.cassandra.cosmosdb.azure.com:443/;AccountKey=dGVzdGtleQ==;"; + const cassandraConnStr = `AccountEndpoint=https://${FAKE_ACCOUNT_NAME}.cassandra.cosmosdb.azure.com:443/;AccountKey=${FAKE_KEY};`; await act(async () => { dispatchPostMessage( @@ -116,8 +119,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("accepts a valid Table connection string from an allowed origin", async () => { render(); - const tableConnStr = - "DefaultEndpointsProtocol=https;AccountName=myaccount;AccountKey=dGVzdGtleQ==;TableEndpoint=https://myaccount.table.cosmosdb.azure.com:443/;"; + const tableConnStr = `DefaultEndpointsProtocol=https;AccountName=${FAKE_ACCOUNT_NAME};AccountKey=${FAKE_KEY};TableEndpoint=https://${FAKE_ACCOUNT_NAME}.table.cosmosdb.azure.com:443/;`; await act(async () => { dispatchPostMessage( @@ -133,8 +135,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("accepts a valid Gremlin connection string from an allowed origin", async () => { render(); - const gremlinConnStr = - "AccountEndpoint=https://myaccount.documents.azure.com:443/;AccountKey=dGVzdGtleQ==;ApiKind=Gremlin;"; + const gremlinConnStr = `AccountEndpoint=https://${FAKE_ACCOUNT_NAME}.documents.azure.com:443/;AccountKey=${FAKE_KEY};ApiKind=Gremlin;`; await act(async () => { dispatchPostMessage( @@ -150,7 +151,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("rejects messages from a disallowed origin", async () => { render(); - const validConnStr = "AccountEndpoint=https://myaccount.documents.azure.com:443/;AccountKey=dGVzdGtleQ==;"; + const validConnStr = `AccountEndpoint=https://${FAKE_ACCOUNT_NAME}.documents.azure.com:443/;AccountKey=${FAKE_KEY};`; await act(async () => { dispatchPostMessage( @@ -198,7 +199,7 @@ describe("HostedExplorer tryCosmosDB postMessage handler", () => { it("ignores messages with an unrelated type", async () => { render(); - const validConnStr = "AccountEndpoint=https://myaccount.documents.azure.com:443/;AccountKey=dGVzdGtleQ==;"; + const validConnStr = `AccountEndpoint=https://${FAKE_ACCOUNT_NAME}.documents.azure.com:443/;AccountKey=${FAKE_KEY};`; await act(async () => { dispatchPostMessage({ type: "someOtherMessage", connectionString: validConnStr }, "https://cosmos.azure.com");