@aikidosec/runtime - npm Package Compare versions

Comparing version 1.5.14 to 1.5.15

package.json

 {
   "name": "@aikidosec/runtime",
-  "version": "1.5.14",
+  "version": "1.5.15",
   "description": "Aikido runtime protects your application against NoSQL injections and more",
@@ -5,0 +5,0 @@ "repository": "https://github.com/AikidoSec/runtime-node",

README.md

@@ -1,2 +0,2 @@
-# Aikido Runtime for Node.js
+# Aikido Runtime Protection for Node.js
 
@@ -14,3 +14,3 @@ ![NPM Version](https://img.shields.io/npm/v/%40aikidosec%2Fruntime?style=flat-square) ![Codecov](https://img.shields.io/codecov/c/github/AikidoSec/runtime-node?style=flat-square&token=AJK9LU35GY) ![NPM License](https://img.shields.io/npm/l/%40aikidosec%2Fruntime?style=flat-square)
 * 🛡️ [Prototype pollution](./docs/prototype-pollution.md)
-* 🛡 [Path traversal attacks](https://owasp.org/www-community/attacks/Path_Traversal)
+* 🛡️ [Path traversal attacks](https://owasp.org/www-community/attacks/Path_Traversal)
 * 🚀 More to come. See [public roadmap](https://github.com/orgs/AikidoSec/projects/2/views/1)
@@ -17,0 +17,0 @@

sinks/HTTPRequest.d.ts

@@ -5,4 +5,4 @@ import { Agent } from "../agent/Agent";
 export declare class HTTPRequest implements Wrapper {
-    inspectHttpRequest(args: unknown[], agent: Agent): void;
+    inspectHttpRequest(args: unknown[], agent: Agent, module: string): void;
     wrap(hooks: Hooks): void;
 }

sinks/HTTPRequest.js

@@ -7,3 +7,3 @@ "use strict";
 class HTTPRequest {
-    inspectHttpRequest(args, agent) {
+    inspectHttpRequest(args, agent, module) {
         if (args.length > 0) {
@@ -27,3 +27,11 @@ if (typeof args[0] === "string" && args[0].length > 0) {
                 args[0].hostname.length > 0) {
-                agent.onConnectHostname(args[0].hostname, typeof args[0].port === "number" ? args[0].port : undefined);
+                let port = module === "http" ? 80 : 443;
+                if (typeof args[0].port === "number") {
+                    port = args[0].port;
+                }
+                else if (typeof args[0].port === "string" &&
+                    Number.isInteger(parseInt(args[0].port, 10))) {
+                    port = parseInt(args[0].port, 10);
+                }
+                agent.onConnectHostname(args[0].hostname, port);
             }
@@ -36,9 +44,9 @@ }
             .addSubject((exports) => exports)
-            .inspect("request", (args, subject, agent) => this.inspectHttpRequest(args, agent));
+            .inspect("request", (args, subject, agent) => this.inspectHttpRequest(args, agent, "http"));
         hooks
             .addBuiltinModule("https")
             .addSubject((exports) => exports)
-            .inspect("request", (args, subject, agent) => this.inspectHttpRequest(args, agent));
+            .inspect("request", (args, subject, agent) => this.inspectHttpRequest(args, agent, "https"));
     }
 }
 exports.HTTPRequest = HTTPRequest;

sinks/Undici.js

@@ -26,3 +26,14 @@ "use strict";
                 args[0].hostname.length > 0) {
-                agent.onConnectHostname(args[0].hostname, typeof args[0].port === "number" ? args[0].port : undefined);
+                let port = 80;
+                if (typeof args[0].protocol === "string") {
+                    port = args[0].protocol === "https:" ? 443 : 80;
+                }
+                if (typeof args[0].port === "number") {
+                    port = args[0].port;
+                }
+                else if (typeof args[0].port === "string" &&
+                    Number.isInteger(parseInt(args[0].port, 10))) {
+                    port = parseInt(args[0].port, 10);
+                }
+                agent.onConnectHostname(args[0].hostname, port);
             }
@@ -29,0 +40,0 @@ }

No alert changes

Improved metrics

Total package byte prevSize

195517

increased by0.42%

Lines of code

4339

increased by0.44%

No dependency changes