fix(package): security fix (#217)

Dexus · web-flow · commit bed1190e4a08 · 2018-10-26T21:48:41.000+02:00
* Update helper.js

* Update pem.js

* Update convert.js
diff --git a/lib/convert.js b/lib/convert.js
@@ -169,8 +169,8 @@ module.exports.PEM2PFX = function (pathBundleIN, pathOUT, password, callback) {
     })
   }
   var delTempPWFiles = []
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
   openssl.spawnWrapper(params, false, function (error, code) {
     function done (error) {
       if (error) {
@@ -202,8 +202,8 @@ module.exports.PFX2PEM = function (pathIN, pathOUT, password, callback) {
     '-nodes'
   ]
   var delTempPWFiles = []
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
   openssl.spawnWrapper(params, false, function (error, code) {
     function done (error) {
       if (error) {
@@ -259,8 +259,8 @@ module.exports.P7B2PFX = function (pathBundleIN, pathOUT, password, callback) {
         })
       }
       var delTempPWFiles = [tmpfile]
-      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
       openssl.spawnWrapper(params, false, function (error, code) {
         function done (error) {
           if (error) {
diff --git a/lib/helper.js b/lib/helper.js
@@ -66,14 +66,15 @@ var ciphers = module.exports.ciphers
  * @param {String} options.passType passType: can be in/out/word for passIN/passOUT/passWORD
  * @param {Boolean} options.mustPass mustPass is used when you need to set the pass like as "-password pass:" most needed when empty password
  * @param {Object} params params will be extended with the data that need for the openssl command. IS USED AS POINTER!
- * @param {String} PasswordFile PasswordFile is the filePath that later need to deleted, after the openssl command. IS USED AS POINTER!
+ * @param {String} PasswordFileArray PasswordFileArray is an array of filePaths that later need to deleted ,after the openssl command. IS USED AS POINTER!
  * @return {Boolean} result
  */
-module.exports.createPasswordFile = function (options, params, PasswordFile) {
-  if (!options || !options.hasOwnProperty('password') || !options.hasOwnProperty('passType') || !/^(word|in|out)$/.test(options.passType)) {
+module.exports.createPasswordFile = function (options, params, PasswordFileArray) {
+  if (!options || !options.hasOwnProperty('password') || !options.hasOwnProperty('passType') || !/^(word|in|out)$/.test(options.passType)) { 
     return false
-  }
-  PasswordFile = pathlib.join(tempDir, crypto.randomBytes(20).toString('hex'))
+  } 
+  var PasswordFile = pathlib.join(tempDir ,crypto.randomBytes(20).toString('hex')) 
+  PasswordFileArray.push(PasswordFile)
   options.password = options.password.trim()
   if (options.password === '') {
     options.mustPass = true
diff --git a/lib/pem.js b/lib/pem.js
@@ -69,7 +69,7 @@ function createPrivateKey (keyBitsize, options, callback) {
   var delTempPWFiles = []
 
   if (options && options.cipher && (Number(helper.ciphers.indexOf(options.cipher)) !== -1) && options.password) {
-    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles)
   }
 
   params.push(keyBitsize)
@@ -263,7 +263,7 @@ function createCSR (options, callback) {
 
   var delTempPWFiles = []
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.exec(params, 'CERTIFICATE REQUEST', tmpfiles, function (sslErr, data) {
@@ -384,15 +384,15 @@ function createCertificate (options, callback) {
       }
     }
     if (options.serviceKeyPassword) {
-      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
     }
     tmpfiles.push(options.serviceCertificate)
     tmpfiles.push(options.serviceKey)
   } else {
     params.push('-signkey')
     params.push('--TMPFILE--')
     if (options.serviceKeyPassword) {
-      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
     }
     tmpfiles.push(options.serviceKey)
   }
@@ -409,7 +409,7 @@ function createCertificate (options, callback) {
   }
 
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.exec(params, 'CERTIFICATE', tmpfiles, function (sslErr, data) {
@@ -558,7 +558,7 @@ function getModulus (certificate, password, hash, callback) {
   ]
   var delTempPWFiles = []
   if (password) {
-    helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
@@ -702,11 +702,11 @@ function createPkcs12 (key, certificate, password, options, callback) {
   if (options.cipher && options.clientKeyPassword) {
     // NOTICE: The password field is needed! self if it is empty.
     // create password file for the import "-passin"
-    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
   // NOTICE: The password field is needed! self if it is empty.
   // create password file for the password "-password"
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles)
 
   params.push('-in')
   params.push('--TMPFILE--')
@@ -756,15 +756,15 @@ function readPkcs12 (bufferOrPath, options, callback) {
   var delTempPWFiles = []
   var args = ['pkcs12', '-in', bufferOrPath]
 
-  helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles)
 
   if (Buffer.isBuffer(bufferOrPath)) {
     tmpfiles = [bufferOrPath]
     args[2] = '--TMPFILE--'
   }
 
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles)
   } else {
     args.push('-nodes')
   }
@@ -832,7 +832,7 @@ function checkCertificate (certificate, passphrase, callback) {
     params = ['x509', '-text', '-noout', '-in', '--TMPFILE--']
   }
   if (passphrase) {
-    helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
@@ -875,7 +875,7 @@ function checkPkcs12 (bufferOrPath, passphrase, callback) {
   var delTempPWFiles = []
   var args = ['pkcs12', '-info', '-in', bufferOrPath, '-noout', '-maciter', '-nodes']
 
-  helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles)
 
   if (Buffer.isBuffer(bufferOrPath)) {
     tmpfiles = [bufferOrPath]

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ function createPrivateKey (keyBitsize, options, callback) {`
`69`	`69`	`var delTempPWFiles = []`
`70`	`70`
`71`	`71`	`if (options && options.cipher && (Number(helper.ciphers.indexOf(options.cipher)) !== -1) && options.password) {`
`72`		`- helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])`
	`72`	`+ helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles)`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`params.push(keyBitsize)`
`@@ -263,7 +263,7 @@ function createCSR (options, callback) {`
`263`	`263`
`264`	`264`	`var delTempPWFiles = []`
`265`	`265`	`if (options.clientKeyPassword) {`
`266`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`266`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)`
`267`	`267`	`}`
`268`	`268`
`269`	`269`	`openssl.exec(params, 'CERTIFICATE REQUEST', tmpfiles, function (sslErr, data) {`
`@@ -384,15 +384,15 @@ function createCertificate (options, callback) {`
`384`	`384`	`}`
`385`	`385`	`}`
`386`	`386`	`if (options.serviceKeyPassword) {`
`387`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`387`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)`
`388`	`388`	`}`
`389`	`389`	`tmpfiles.push(options.serviceCertificate)`
`390`	`390`	`tmpfiles.push(options.serviceKey)`
`391`	`391`	`} else {`
`392`	`392`	`params.push('-signkey')`
`393`	`393`	`params.push('--TMPFILE--')`
`394`	`394`	`if (options.serviceKeyPassword) {`
`395`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`395`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)`
`396`	`396`	`}`
`397`	`397`	`tmpfiles.push(options.serviceKey)`
`398`	`398`	`}`
`@@ -409,7 +409,7 @@ function createCertificate (options, callback) {`
`409`	`409`	`}`
`410`	`410`
`411`	`411`	`if (options.clientKeyPassword) {`
`412`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`412`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)`
`413`	`413`	`}`
`414`	`414`
`415`	`415`	`openssl.exec(params, 'CERTIFICATE', tmpfiles, function (sslErr, data) {`
`@@ -558,7 +558,7 @@ function getModulus (certificate, password, hash, callback) {`
`558`	`558`	`]`
`559`	`559`	`var delTempPWFiles = []`
`560`	`560`	`if (password) {`
`561`		`- helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`561`	`+ helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)`
`562`	`562`	`}`
`563`	`563`
`564`	`564`	`openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {`
`@@ -702,11 +702,11 @@ function createPkcs12 (key, certificate, password, options, callback) {`
`702`	`702`	`if (options.cipher && options.clientKeyPassword) {`
`703`	`703`	`// NOTICE: The password field is needed! self if it is empty.`
`704`	`704`	`// create password file for the import "-passin"`
`705`		`- helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`705`	`+ helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)`
`706`	`706`	`}`
`707`	`707`	`// NOTICE: The password field is needed! self if it is empty.`
`708`	`708`	`// create password file for the password "-password"`
`709`		`- helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles[delTempPWFiles.length])`
	`709`	`+ helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles)`
`710`	`710`
`711`	`711`	`params.push('-in')`
`712`	`712`	`params.push('--TMPFILE--')`
`@@ -756,15 +756,15 @@ function readPkcs12 (bufferOrPath, options, callback) {`
`756`	`756`	`var delTempPWFiles = []`
`757`	`757`	`var args = ['pkcs12', '-in', bufferOrPath]`
`758`	`758`
`759`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])`
	`759`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles)`
`760`	`760`
`761`	`761`	`if (Buffer.isBuffer(bufferOrPath)) {`
`762`	`762`	`tmpfiles = [bufferOrPath]`
`763`	`763`	`args[2] = '--TMPFILE--'`
`764`	`764`	`}`
`765`	`765`
`766`	`766`	`if (options.clientKeyPassword) {`
`767`		`- helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles[delTempPWFiles.length])`
	`767`	`+ helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles)`
`768`	`768`	`} else {`
`769`	`769`	`args.push('-nodes')`
`770`	`770`	`}`
`@@ -832,7 +832,7 @@ function checkCertificate (certificate, passphrase, callback) {`
`832`	`832`	`params = ['x509', '-text', '-noout', '-in', '--TMPFILE--']`
`833`	`833`	`}`
`834`	`834`	`if (passphrase) {`
`835`		`- helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])`
	`835`	`+ helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles)`
`836`	`836`	`}`
`837`	`837`
`838`	`838`	`openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {`
`@@ -875,7 +875,7 @@ function checkPkcs12 (bufferOrPath, passphrase, callback) {`
`875`	`875`	`var delTempPWFiles = []`
`876`	`876`	`var args = ['pkcs12', '-info', '-in', bufferOrPath, '-noout', '-maciter', '-nodes']`
`877`	`877`
`878`		`- helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])`
	`878`	`+ helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles)`
`879`	`879`
`880`	`880`	`if (Buffer.isBuffer(bufferOrPath)) {`
`881`	`881`	`tmpfiles = [bufferOrPath]`