fix(json-to-go):Security Hotspots

2025-05-08 15:15:02 -04:00 · 2023-04-07 19:44:25 +08:00 · 2023-04-07 19:44:25 +08:00 · e3ea35ba18
commit e3ea35ba18
parent 46df1bcf77
3 changed files with 16 additions and 12 deletions
--- a/src/tools/json-to-go/index.ts
+++ b/src/tools/json-to-go/index.ts
@ -2,10 +2,10 @@ import { ArrowsShuffle } from '@vicons/tabler';
 import { defineTool } from '../tool';

 export const tool = defineTool({
-    name: 'Json to go',
+    name: 'JSON to GO',
    path: '/json-to-go',
    description: '',
-    keywords: ['json', 'go'],
+    keywords: ['json', 'JSON', 'go'],
    component: () => import('./json-to-go.vue'),
    icon: ArrowsShuffle,
    createdAt: new Date('2023-04-07'),
--- a/src/tools/json-to-go/json-to-go.vue
+++ b/src/tools/json-to-go/json-to-go.vue
@ -10,11 +10,11 @@
    </n-space>
  </div>

-  <n-form-item label="Your Json">
+  <n-form-item label="Your JSON">
    <n-input
      ref="inputElement"
-      v-model:value="rawSQL"
-      placeholder="Put your Json..."
+      v-model:value="rawJSON"
+      placeholder="Put your JSON..."
      type="textarea"
      rows="20"
      autocomplete="off"
@ -41,13 +41,12 @@ const config = reactive<Partial<FormatFnOptions>>({
  inline: false,
  omitempty: false,
 });
-
-const rawSQL = ref('');
+const rawJSON = ref('');
 // function jsonToGo(json, typename, flatten = true, example = false, allOmitempty = false)
 const goCode = computed(() => {
-  let result = jsonToGo(rawSQL.value, '', config.inline, false, config.omitempty);
+  let result = jsonToGo(rawJSON.value, '', config.inline, false, config.omitempty);
  if (result.error) {
-    return rawSQL ? '' : result.error;
+    return !rawJSON.value ? '' : result.error;
  }
  return result.go;
 });
--- a/src/tools/json-to-go/json2go.js
+++ b/src/tools/json-to-go/json2go.js
@ -6,7 +6,12 @@

 	A simple utility to translate JSON into a Go type definition.
 */
-
+const cryptoRand = () => {
+  const crypto = window.crypto || window.msCrypto;
+  const randomBuffer = new Uint32Array(1);
+  crypto.getRandomValues(randomBuffer);
+  return randomBuffer[0] / (0xffffffff + 1); // 0xFFFFFFFF = uint32.MaxValue (+1 because Math.random is inclusive of 0, but not 1)
+};
 function jsonToGo(json, typename, flatten = true, example = false, allOmitempty = false) {
  let data;
  let scope;
@ -20,7 +25,7 @@ function jsonToGo(json, typename, flatten = true, example = false, allOmitempty
  let parent = '';

  try {
-    data = JSON.parse(json.replace(/(:\s*\[?\s*-?\d*)\.0/g, '$1.1')); // hack that forces floats to stay as floats
+    data = JSON.parse(json.replace(/(:\s{0,128}\[?\s{0,128}-?\d{0,128})\.0/g, '$1.1')); // hack that forces floats to stay as floats
    scope = data;
  } catch (e) {
    return {
@ -360,7 +365,7 @@ function jsonToGo(json, typename, flatten = true, example = false, allOmitempty

  function uuidv4() {
    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
-      var r = (Math.random() * 16) | 0,
+      let r = (cryptoRand() * 16) | 0,
        v = c == 'x' ? r : (r & 0x3) | 0x8;
      return v.toString(16);
    });