How to use xpath - 10 common examples
To help you get started, we’ve selected a few xpath examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
socialtables / saml-protocol / test / sp-security-checklist.js View on Github 
const chai = require("chai");
const chaiAsPromised = require("chai-as-promised");
chai.use(chaiAsPromised);
const should = chai.should(); // eslint-disable-line no-unused-vars
const xmldom = require("xmldom");
const xpath = require("xpath");
const entityFixtures = require("./fixtures/entities");
const ModelStub = require("./fixtures/model-stub");
//const samlFixtures = require("./fixtures/saml");
const credentials = require("../lib/util/credentials");
const randomID = require("../lib/util/random-id");
const signing = require("../lib/util/signing");
const errors = require("../lib/errors");
const namespaces = require("../lib/namespaces");
const select = xpath.useNamespaces(namespaces);
const moment = require("moment");
/**
* Tests for SP request construction and response handling for the
* security-conscious. The protocol binding layer is tested seperately, as
* its functionality is shared by both IDPs and SPs.
*/
describe("Service Provider security checklist", function() {
const requestConstruction = require("../lib/request-construction");
const responseConstruction = require("../lib/response-construction");
const responseHandling = require("../lib/response-handling");
let sp = entityFixtures.simpleSPWithCredentials;
let idp = entityFixtures.simpleIDPWithCredentials;
const idpWithLatency = entityFixtures.simpleIDPWithLatency;cb(err);
}
// Attempt to grab the website URL.
try {
websiteUrl = xpath.select1("/*[local-name() = 'widget']/*[local-name() = 'author']/@href", configXmlDoc).value;
}
catch (err) {
console.error("Unable to parse href from the author node from the config.xml file.");
cb(err);
}
// Attempt to query and parse the version information from config.xml.
// Default to 0.0.0 if there are any problems.
try {
var versionString = xpath.select1("/*[local-name() = 'widget']/@version", configXmlDoc).value;
var versionParts = versionString.split(".");
majorVersion = parseInt(versionParts[0], 10);
minorVersion = parseInt(versionParts[1], 10);
buildVersion = parseInt(versionParts[2], 10);
}
catch (err) {
console.log("Error parsing version from config.xml; using 0.0.0 instead.", err);
}
// Create the structure of the buildVars variable.
var buildVars = {
applicationName: applicationName,
email: email,
websiteUrl: websiteUrl,
majorVersion: majorVersion,
minorVersion: minorVersion,const buildGsubTables = (_dom, ligature) => {
dom = _dom;
if (/_/.test(ligature.glyph) === false) {
// not a ligature, so see if glyph exists in font (as substitute)
const glyphNode = xpath.select(
`ttFont/GlyphOrder/GlyphID[@name="${ligature.name}"]`,
dom,
true
);
if (!glyphNode) {
return;
}
}
const glyphs = ligature.name.replace(/\.liga$/, '').split('_');
const isSingleGlyph = glyphs.length == 1;
gsubDom = xpath.select('ttFont/GSUB', dom, true);
// look for 'calt' feature
featureListDom = xpath.select('FeatureList', gsubDom, true);fs.readFile(CONFING_XML, 'utf8', function (err, xml) {
// get splash nodes
var doc = new DOMParser().parseFromString(xml);
var select = xpath.useNamespaces({'widget': 'http://www.w3.org/ns/widgets'});
var nodes = select('//widget:platform[@name="android"]/widget:splash', doc);
// for each splash nodes
var EXT_PNG = '.png';
var EXT_9PNG = '.9.png';
for (var i = 0; i < nodes.length; i++) {
var node = nodes[i];
var fname = node.getAttribute('src');
if (fname.indexOf(EXT_9PNG) === -1) {
fname = fname.substring(0, fname.length - EXT_PNG.length);
fname += EXT_9PNG;
console.log('adding .9 :' + fname);
node.setAttribute('src', fname);
} else {
console.log('.9 already added : ' + fname);
}function configureSigningCredentials(xml, cb) {
if (options.signingCert || options.thumprints) { return cb(null, true) };
if (!options.getCredentials) {
return cb(null, false);
}
var issuer, sessionIndex, nameId;
var issuerNode = xpath.select(constants.ELEMENTS[type].ISSUER_PATH, xml);
if (issuerNode && issuerNode.length > 0) {
issuer = issuerNode[0].textContent;
}
// If LogoutRequest, we should check sessionIndex too
if (constants.ELEMENTS[type].SESSION_INDEX_PATH){
var sessionIndexNode = xpath.select(constants.ELEMENTS[type].SESSION_INDEX_PATH, xml);
if (sessionIndexNode && sessionIndexNode.length > 0) {
sessionIndex = sessionIndexNode[0].textContent;
}
}
// If LogoutRequest, we should check sessionIndex too
if (constants.ELEMENTS[type].NAME_ID){
var nameIdNode = xpath.select(constants.ELEMENTS[type].NAME_ID, xml);EnvelopedSignature.prototype.process = function (node, options) {
if (null == options.signatureNode) {
// leave this for the moment...
var signature = xpath.select("./*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", node)[0];
if (signature) signature.parentNode.removeChild(signature);
return node;
}
var signatureNode = options.signatureNode;
var expectedSignatureValue = utils.findFirst(signatureNode, ".//*[local-name(.)='SignatureValue']/text()").data;
var signatures = xpath.select(".//*[local-name(.)='Signature' and namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#']", node);
for (var h in signatures) {
if (!signatures.hasOwnProperty(h)) continue;
var signature = signatures[h];
var signatureValue = utils.findFirst(signature, ".//*[local-name(.)='SignatureValue']/text()").data;
if (expectedSignatureValue === signatureValue) {
signature.parentNode.removeChild(signature);
}
}
return node;
};);
// patch CFFFont
const cffFont = xpath.select('/ttFont/CFF/CFFFont', dom, true);
cffFont.setAttribute('name', ligFontName);
setAttribute(cffFont, 'FullName', 'value', fullName);
setAttribute(cffFont, 'FamilyName', 'value', familyName);
const charStrings = xpath.select('/CharStrings/CharString', configDom);
const targetCharStrings = xpath.select('CharStrings', cffFont, true);
const subrs = {
map: [],
source: await loadConfigAsync('subrs'),
target: xpath.select('/ttFont/CFF/CFFFont/Private/Subrs', dom, true)
};
const gsubrs = {
map: [],
source: await loadConfigAsync('gsubrs'),
target: xpath.select('/ttFont/CFF/GlobalSubrs', dom, true)
};
charStrings.forEach(node => {
patchCharStringSubrs(node, subrs, gsubrs);
targetCharStrings.appendChild(node);
});
}var fieldName = groupFields[l].attributes[0].value;
componentGroupFields[componentName][componentGroupName].push(fieldName);
}
var groupComponents = componentGroups[k].getElementsByTagName('component');
for (l = 0; l < groupComponents.length; l++) {
var compName = groupComponents[l].attributes[0].value;
componentGroupFields[componentName][componentGroupName] = componentGroupFields[componentName][componentGroupName].concat(flattenComponent(compName, dom));
}
}
}
var names = messageNames(dom);
var messages = xpath.select('//fix/messages/message', dom);
for (var m = 0; m < messages.length; m++) {
var messageName = messages[m].attributes[0].value;
GROUPS[messageName] = {};
var messageComponents = messages[m].getElementsByTagName('component');
for (var n = 0; n < messageComponents.length; n++) {
var componentName = messageComponents[n].attributes[0].value;
var groupNames = Object.keys(componentGroupFields[componentName]);
for (o = 0; o < groupNames.length; o++) { // collapse fields into GROUPS index
GROUPS[messageName][groupNames[o]] = componentGroupFields[componentName][groupNames[o]];
}
}
}
}this.readAndroidManifest((err, manifest) => {
if (err) return done.rejectWith(this, [new Error('Manifest read error. ' + err.message)]);
done.result.manifest = manifest;
try {
const doc = new dom().parseFromString(manifest);
// extract the package name from the manifest
const pkg_xpath = '/manifest/@package';
done.result.package = xpath.select1(pkg_xpath, doc).value;
const android_select = xpath.useNamespaces({"android": "http://schemas.android.com/apk/res/android"});
// extract a list of all the (named) activities declared in the manifest
const activity_xpath='/manifest/application/activity/@android:name';
var nodes = android_select(activity_xpath, doc);
nodes && (done.result.activities = nodes.map(n => n.value));
// extract the default launcher activity
const launcher_xpath='/manifest/application/activity[intent-filter/action[@android:name="android.intent.action.MAIN"] and intent-filter/category[@android:name="android.intent.category.LAUNCHER"]]/@android:name';
var nodes = android_select(launcher_xpath, doc);
// should we warn if there's more than one?
if (nodes && nodes.length >= 1)
done.result.launcher = nodes[0].value
} catch(err) {
return done.rejectWith(this, [new Error('Manifest parse failed. ' + err.message)]);
}
done.resolveWith(this, [done.result]);"use strict";
const xpath = require("xpath");
const xmldom = require("xmldom");
const xmlenc = require("xml-encryption");
const credentials = require("./credentials");
const pemFormatting = require("./pem-formatting");
const namespaces = require("../namespaces");
const DOMParser = xmldom.DOMParser;
const XMLSerializer = xmldom.XMLSerializer;
const select = xpath.useNamespaces(namespaces);
// these are the encryption algorithms supported by xml-encryption
const supportedAlgorithms = {
encryption: [
"http://www.w3.org/2001/04/xmlenc#aes128-cbc",
"http://www.w3.org/2001/04/xmlenc#aes256-cbc",
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc"
],
keyEncryption: [
"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p",
"http://www.w3.org/2001/04/xmlenc#rsa-1_5"
]
};
const defaultAlgorithms = {
encryption: "http://www.w3.org/2001/04/xmlenc#aes256-cbc",xpath
DOM 3 XPath implemention and helper for node.js and the web
