Extended image checkings

CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.4.0
+* ADD: isFileImage function was added for checking of files content-type
+* UPD: checkIsImageUrlAllowable function was renamed to isImageUrlAllowed and checks was extended
+
 ## 1.3.0
 * ADD: new module validationHelper and function checkIsImageUrlAllowable for checking of images URLs
 

karma.conf.js

@@ -63,6 +63,42 @@ module.exports = (config) => {
                 pattern: srcOriginalRecursivePath,
                 included: false,
                 served: true
+            },
+            {
+                pattern: 'test/images/*.png',
+                watched: false,
+                included: false,
+                served: true
+            },
+            {
+                pattern: 'test/images/*.jpg',
+                watched: false,
+                included: false,
+                served: true
+            },
+            {
+                pattern: 'test/images/*.gif',
+                watched: false,
+                included: false,
+                served: true
+            },
+            {
+                pattern: 'test/images/*.svg',
+                watched: false,
+                included: false,
+                served: true
+            },
+            {
+                pattern: 'test/images/*.bmp',
+                watched: false,
+                included: false,
+                served: true
+            },
+            {
+                pattern: 'test/data/*.txt',
+                watched: false,
+                included: false,
+                served: true
             }
         ],
         preprocessors: {

lib/index.d.ts

@@ -62,7 +62,8 @@ declare module powerbi.extensibility.utils.dataview {
 }
 declare module powerbi.extensibility.utils.dataview {
     module validationHelper {
-        function checkIsImageUrlAllowable(url: string): boolean;
+        function isImageUrlAllowed(url: string): boolean;
+        function isFileImage(url: string, imageCheckResultCallBack: (isImage: boolean, contentType: string) => void): void;
     }
 }
 declare module powerbi.extensibility.utils.dataview {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "powerbi-visuals-utils-dataviewutils",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "dataviewutils",
   "main": "lib/index.js",
   "repository": {

src/validationHelper.ts

@@ -26,10 +26,30 @@
 
 module powerbi.extensibility.utils.dataview {
     export module validationHelper {
-        export function checkIsImageUrlAllowable(url: string): boolean {
-            // Excludes all URLs that don't contain .gif .jpg .png or .svg extensions.
-            // Also excludes directives "javascript:" and "data:".
-            return (/\.(gif|jpg|png|svg)$/i).test(url) && !(/(javascript:|data:)/i).test(url);
+        export function isImageUrlAllowed(url: string): boolean {
+            // Excludes all URLs that don't contain .gif .jpg .png or .svg extensions and don't start from "http(s)://".
+            // As a result -- also excludes all directives such as "javascript:", "data:" and "blob:".
+            return (/^https?:\/\/.+\.(gif|jpg|png|svg)$/i).test(url);
+        }
+
+        export function isFileImage(url: string, imageCheckResultCallBack: (isImage: boolean, contentType: string) => void) {
+            let request = new XMLHttpRequest();
+            request.onreadystatechange = function () {
+                if (request.readyState !== this.HEADERS_RECEIVED) {
+                    return;
+                }
+
+                let contentType = request.getResponseHeader("Content-Type"),
+                supportedTypes = ["image/png", "image/jpeg", "image/gif", "image/svg+xml"];
+
+                if (supportedTypes.indexOf(contentType) > -1) {
+                    return imageCheckResultCallBack(true, contentType);
+                }
+
+                return imageCheckResultCallBack(false, contentType);
+            };
+            request.open("HEAD", url, true);
+            request.send();
         }
     }
 }

test/data/someplaintext.txt

@@ -0,0 +1 @@
+Plain text with some data taht is used in unit tests

test/validationHelperTest.ts

@@ -28,31 +28,97 @@ module powerbi.extensibility.utils.dataview.test {
     import validationHelper = powerbi.extensibility.utils.dataview.validationHelper;
 
     describe("validationHelper", () => {
-        it("valid URLs supported extensions", () => {
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHost/someTestImage.PnG")).toBe(true);
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHost/someTestImage.jPG")).toBe(true);
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHost/someTestImage.GIf")).toBe(true);
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHost/someTestImage.SVG")).toBe(true);
+        it("valid URLs supported protocols and extensions", () => {
+            expect(validationHelper.isImageUrlAllowed("https://someHost/someTestImage.PnG")).toBe(true);
+            expect(validationHelper.isImageUrlAllowed("https://someHost/someTestImage.jPG")).toBe(true);
+            expect(validationHelper.isImageUrlAllowed("https://someHost/someTestImage.GIf")).toBe(true);
+            expect(validationHelper.isImageUrlAllowed("https://someHost/someTestImage.SVG")).toBe(true);
+        });
+
+        it("valid URLs ports are supported", () => {
+            expect(validationHelper.isImageUrlAllowed("https://someHost:7777/someTestImage.SVG")).toBe(true);
         });
 
         it("invalid URL wrong extension", () => {
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHostsomeTestImage.exe")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("https://someHostsomeTestImage.exe")).toBe(false);
         });
 
         it("invalid URL no extension", () => {
-            expect(validationHelper.checkIsImageUrlAllowable("https://someHostsomeGeneratedImage")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("https://someHostsomeGeneratedImage")).toBe(false);
+        });
+
+        it("invalid URL unsupported protocols", () => {
+            expect(validationHelper.isImageUrlAllowed("ftp://someHostsomeGeneratedImage.jpg")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("jAvAscrIpt:alert('XSS');")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("jAvAscrIpt:alert('XSS');.png")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("jaascript:alert('XSS');.png")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD.png")).toBe(false);
+            expect(validationHelper.isImageUrlAllowed("blob:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD.png")).toBe(false);
+        });
+
+        it("invalid URL no protocol", () => {
+            expect(validationHelper.isImageUrlAllowed("someHostsomeGeneratedImage.jpg")).toBe(false);
+        });
+
+        it("invalid URL using of parameters", () => {
+            expect(validationHelper.isImageUrlAllowed("https://someHostsomeGeneratedImage.jpg?param1=val1&param2=val2")).toBe(false);
+        });
+
+        it("check file is PNG image", (done) => {
+            validationHelper.isFileImage("/base/test/images/access.png", (isImage, contentType) => {
+                expect(isImage).toBe(true);
+                expect(contentType).toBe("image/png");
+                done();
+            });
+        });
+
+        it("check file is JPG image", (done) => {
+            validationHelper.isFileImage("/base/test/images/access.jpg", (isImage, contentType) => {
+                expect(isImage).toBe(true);
+                expect(contentType).toBe("image/jpeg");
+                done();
+            });
+        });
+
+        it("check file is GIF image", (done) => {
+            validationHelper.isFileImage("/base/test/images/access.gif", (isImage, contentType) => {
+                expect(isImage).toBe(true);
+                expect(contentType).toBe("image/gif");
+                done();
+            });
+        });
+
+        it("check file is SVG image", (done) => {
+            validationHelper.isFileImage("/base/test/images/sun.svg", (isImage, contentType) => {
+                expect(isImage).toBe(true);
+                expect(contentType).toBe("image/svg+xml");
+                done();
+            });
+        });
+
+        it("check file is unsupported BMP image", (done) => {
+            validationHelper.isFileImage("/base/test/images/access.bmp", (isImage, contentType) => {
+                expect(isImage).toBe(false);
+                expect(contentType).toBe("image/x-ms-bmp");
+                done();
+            });
         });
 
-        it("URL javascript: directive checking", () => {
-            expect(validationHelper.checkIsImageUrlAllowable("jAvAscrIpt:alert('XSS');")).toBe(false);
-            expect(validationHelper.checkIsImageUrlAllowable("jAvAscrIpt:alert('XSS');.png")).toBe(false);
-            expect(validationHelper.checkIsImageUrlAllowable("jaascript:alert('XSS');.png")).toBe(true);
+        it("check file is not image", (done) => {
+            validationHelper.isFileImage("/base/test/data/someplaintext.txt", (isImage, contentType) => {
+                expect(isImage).toBe(false);
+                expect(contentType).toBe("text/plain");
+                done();
+            });
         });
 
-        it("URL data: directive checking", () => {
-            expect(validationHelper.checkIsImageUrlAllowable("data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD")).toBe(false);
-            expect(validationHelper.checkIsImageUrlAllowable("data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD.png")).toBe(false);
-            expect(validationHelper.checkIsImageUrlAllowable("dat:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD.png")).toBe(true);
+        it("file doesn't exist", (done) => {
+            validationHelper.isFileImage("/base/test/images/notexisitingimage.png", (isImage, contentType) => {
+                expect(isImage).toBe(false);
+                expect(contentType).toBeNull();
+                done();
+            });
         });
     });
 }