From 693b7d86dd9d9e6e1163a8a105e5d05f96a06d1e Mon Sep 17 00:00:00 2001 From: GCHQ Developer 85297 <95289555+C85297@users.noreply.github.com> Date: Wed, 4 Feb 2026 14:20:22 +0000 Subject: [PATCH 1/4] Use NPM trusted publishing (#2174) Co-authored-by: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> (minor tweaks only) --- .editorconfig | 4 + .github/workflows/codeql.yml | 28 +++--- .github/workflows/master.yml | 77 ++++++++-------- .github/workflows/pull_requests.yml | 71 ++++++++------- .github/workflows/releases.yml | 131 ++++++++++++++-------------- 5 files changed, 159 insertions(+), 152 deletions(-) diff --git a/.editorconfig b/.editorconfig index b50059bbd..cef4cab07 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,3 +12,7 @@ indent_size = 4 [{package.json,.travis.yml,nightwatch.json}] indent_style = space indent_size = 2 + +[.github/**.yml] +indent_style = space +indent_size = 2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1350e9769..59fb73e70 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,13 +3,13 @@ name: "CodeQL Analysis" on: workflow_dispatch: push: - branches: [ master ] + branches: [master] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [master] types: [synchronize, opened, reopened] schedule: - - cron: '22 17 * * 5' + - cron: "22 17 * * 5" jobs: analyze: @@ -23,18 +23,18 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'javascript' ] + language: ["javascript"] steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v6 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index fc878863a..d092a74c6 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -4,55 +4,56 @@ on: workflow_dispatch: push: branches: - - master + - master jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - - name: Set node version - uses: actions/setup-node@v3 - with: - node-version: '18.x' + - name: Set node version + uses: actions/setup-node@v6 + with: + node-version: 18 + registry-url: "https://registry.npmjs.org" - - name: Install - run: | - export DETECT_CHROMEDRIVER_VERSION=true - npm install - npm run setheapsize + - name: Install + run: | + export DETECT_CHROMEDRIVER_VERSION=true + npm install + npm run setheapsize - - name: Lint - run: npx grunt lint + - name: Lint + run: npx grunt lint - - name: Unit Tests - run: | - npm test - npm run testnodeconsumer + - name: Unit Tests + run: | + npm test + npm run testnodeconsumer - - name: Production Build - if: success() - run: npx grunt prod --msg="" + - name: Production Build + if: success() + run: npx grunt prod --msg="" - - name: Generate sitemap - run: npx grunt exec:sitemap + - name: Generate sitemap + run: npx grunt exec:sitemap - - name: UI Tests - if: success() - run: | - sudo apt-get install xvfb - xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui + - name: UI Tests + if: success() + run: | + sudo apt-get install xvfb + xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui - - name: Prepare for GitHub Pages - if: success() - run: npx grunt copy:ghPages + - name: Prepare for GitHub Pages + if: success() + run: npx grunt copy:ghPages - - name: Deploy to GitHub Pages - if: success() && github.ref == 'refs/heads/master' - uses: crazy-max/ghaction-github-pages@v3 - with: - target_branch: gh-pages - build_dir: ./build/prod - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Deploy to GitHub Pages + if: success() && github.ref == 'refs/heads/master' + uses: crazy-max/ghaction-github-pages@v3 + with: + target_branch: gh-pages + build_dir: ./build/prod + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 7731970af..7f65b6171 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -9,47 +9,46 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - - name: Set node version - uses: actions/setup-node@v3 - with: - node-version: '18.x' + - name: Set node version + uses: actions/setup-node@v6 + with: + node-version: 18 + registry-url: "https://registry.npmjs.org" - - name: Install - run: | - export DETECT_CHROMEDRIVER_VERSION=true - npm install - npm run setheapsize + - name: Install + run: | + export DETECT_CHROMEDRIVER_VERSION=true + npm install + npm run setheapsize - - name: Lint - run: npx grunt lint + - name: Lint + run: npx grunt lint - - name: Unit Tests - run: | - npm test - npm run testnodeconsumer + - name: Unit Tests + run: | + npm test + npm run testnodeconsumer - - name: Production Build - if: success() - run: npx grunt prod + - name: Production Build + if: success() + run: npx grunt prod - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Production Image Build - if: success() - id: build-image - uses: docker/build-push-action@v6 - with: - # Not being uploaded to any registry, use a simple name to allow Buildah to build correctly. - image: cyberchef - platforms: linux/amd64,linux/arm64 - - name: UI Tests - if: success() - run: | - sudo apt-get install xvfb - xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui + - name: Production Image Build + if: success() + id: build-image + uses: docker/build-push-action@v6 + with: + platforms: linux/amd64,linux/arm64 + - name: UI Tests + if: success() + run: | + sudo apt-get install xvfb + xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index 52e81f2c4..b40af8761 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -4,7 +4,11 @@ on: workflow_dispatch: push: tags: - - 'v*' + - "v*" + +permissions: + id-token: write + contents: read env: REGISTRY: ghcr.io @@ -16,79 +20,78 @@ jobs: main: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - - name: Set node version - uses: actions/setup-node@v3 - with: - node-version: '18.x' + - name: Set node version + uses: actions/setup-node@v6 + with: + node-version: 18 + registry-url: "https://registry.npmjs.org" - - name: Install - run: | - export DETECT_CHROMEDRIVER_VERSION=true - npm ci - npm run setheapsize + - name: Install + run: | + export DETECT_CHROMEDRIVER_VERSION=true + npm ci + npm run setheapsize - - name: Lint - run: npx grunt lint + - name: Lint + run: npx grunt lint - - name: Unit Tests - run: | - npm test - npm run testnodeconsumer + - name: Unit Tests + run: | + npm test + npm run testnodeconsumer - - name: Production Build - run: npx grunt prod + - name: Production Build + run: npx grunt prod - - name: UI Tests - run: | - sudo apt-get install xvfb - xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui + - name: UI Tests + run: | + sudo apt-get install xvfb + xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - - name: Image Metadata - id: image-metadata - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{version}} + - name: Image Metadata + id: image-metadata + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} - - name: Log in to GHCR - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} + - name: Log in to GHCR + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} - - name: Publish to GHCR - uses: docker/build-push-action@v6 - with: - context: . - push: true - tags: ${{ steps.image-metadata.outputs.tags }} - labels: ${{ steps.image-metadata.outputs.labels }} - platforms: linux/amd64,linux/arm64 + - name: Publish to GHCR + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.image-metadata.outputs.tags }} + labels: ${{ steps.image-metadata.outputs.labels }} + platforms: linux/amd64,linux/arm64 - - name: Upload Release Assets - id: upload-release-assets - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - file: build/prod/*.zip - tag: ${{ github.ref }} - overwrite: true - file_glob: true - body: "See the [CHANGELOG](https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef/commits/master) for details." + - name: Upload Release Assets + id: upload-release-assets + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: build/prod/*.zip + tag: ${{ github.ref }} + overwrite: true + file_glob: true + body: "See the [CHANGELOG](https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef/commits/master) for details." - - name: Publish to NPM - uses: JS-DevTools/npm-publish@v1 - with: - token: ${{ secrets.NPM_TOKEN }} + - name: Publish to NPM + run: npm publish From de3a5ff6347c1443ccfed629ec48f23c51093f46 Mon Sep 17 00:00:00 2001 From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com> Date: Wed, 4 Feb 2026 15:12:25 +0000 Subject: [PATCH 2/4] Fix code scanning warnings in workflows (#2177) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/master.yml | 5 +++++ .github/workflows/pull_requests.yml | 3 +++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index d092a74c6..74710dff1 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -1,5 +1,8 @@ name: "Master Build, Test & Deploy" +permissions: + contents: read + on: workflow_dispatch: push: @@ -8,6 +11,8 @@ on: jobs: main: + permissions: + contents: write runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index 7f65b6171..8f04df72c 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -1,5 +1,8 @@ name: "Pull Requests" +permissions: + contents: read + on: workflow_dispatch: pull_request: From 4e8f0c34f3be214b7fd8a5b20d21c5ead209472a Mon Sep 17 00:00:00 2001 From: GCHQ Developer 85297 <95289555+C85297@users.noreply.github.com> Date: Wed, 4 Feb 2026 15:26:23 +0000 Subject: [PATCH 3/4] Remove custom CodeQL workflow (#2176) --- .github/workflows/codeql.yml | 40 ------------------------------------ 1 file changed, 40 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 59fb73e70..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: "CodeQL Analysis" - -on: - workflow_dispatch: - push: - branches: [master] - pull_request: - # The branches below must be a subset of the branches above - branches: [master] - types: [synchronize, opened, reopened] - schedule: - - cron: "22 17 * * 5" - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["javascript"] - - steps: - - name: Checkout repository - uses: actions/checkout@v6 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 - with: - category: "/language:${{matrix.language}}" From 0cf7bcaddc55952c24202edd7f3349cc0a2667b9 Mon Sep 17 00:00:00 2001 From: d98762625 <37445287+d98762625@users.noreply.github.com> Date: Wed, 4 Feb 2026 16:46:30 +0000 Subject: [PATCH 4/4] Fix import operations with special chars in them (#1040) Co-authored-by: jg42526 <210032080+jg42526@users.noreply.github.com> (fixed test broken by a dependency updated elsewhere) --- src/node/apiUtils.mjs | 2 +- tests/node/tests/nodeApi.mjs | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/src/node/apiUtils.mjs b/src/node/apiUtils.mjs index 64688073a..9d1c43cc8 100644 --- a/src/node/apiUtils.mjs +++ b/src/node/apiUtils.mjs @@ -66,7 +66,7 @@ export function removeSubheadingsFromArray(array) { * @param str */ export function sanitise(str) { - return str.replace(/ /g, "").toLowerCase(); + return str.replace(/[/\s.-]/g, "").toLowerCase(); } diff --git a/tests/node/tests/nodeApi.mjs b/tests/node/tests/nodeApi.mjs index 29a47ffc8..92d4d9911 100644 --- a/tests/node/tests/nodeApi.mjs +++ b/tests/node/tests/nodeApi.mjs @@ -345,6 +345,42 @@ TestRegister.addApiTests([ assert.strictEqual(result.toString(), "begin_something_aaaaaaaaaaaaaa_end_something"); }), + it("chef.bake: should accept operation names from Chef Website which contain forward slash", () => { + const result = chef.bake("I'll have the test salmon", [ + { "op": "Find / Replace", + "args": [{ "option": "Regex", "string": "test" }, "good", true, false, true, false]} + ]); + assert.strictEqual(result.toString(), "I'll have the good salmon"); + }), + + it("chef.bake: should accept operation names from Chef Website which contain a hyphen", () => { + const result = chef.bake("I'll have the test salmon", [ + { "op": "Adler-32 Checksum", + "args": [] } + ]); + assert.strictEqual(result.toString(), "6e4208f8"); + }), + + it("chef.bake: should accept operation names from Chef Website which contain a period", () => { + const result = chef.bake("30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f", [ + { "op": "Parse ASN.1 hex string", + "args": [0, 32] } + ]); + assert.strictEqual(result.toString(), `SEQUENCE + INTEGER 05 + IA5String 'Anybody there?' +`); + }), + + it("Excluded operations: throw a sensible error when you try and call one", () => { + try { + chef.fork(); + } catch (e) { + assert.strictEqual(e.type, "ExcludedOperationError"); + assert.strictEqual(e.message, "Sorry, the Fork operation is not available in the Node.js version of CyberChef."); + } + }), + it("chef.bake: cannot accept flowControl operations in recipe", () => { assert.throws(() => chef.bake("some input", "magic"), { name: "TypeError",