@contrast/agent-lib
Advanced tools
Comparing version 8.1.1 to 8.2.0
@@ -91,3 +91,3 @@ /// <reference types="node" /> | ||
type XssState = { | ||
export public type XssState = { | ||
inputs: ArrayBuffer; | ||
@@ -216,7 +216,9 @@ state: ArrayBuffer; | ||
* | ||
* @param - body a string or a buffer encoded as utf8 containing the full response | ||
* @param {JsString} body a string or a buffer encoded as utf8 containing the full response | ||
* body. | ||
* @param - inputs both the source and propagation history | ||
* @returns - true if any input is an XSS attack in the context of the body, else false. | ||
* @param {string[]} inputs both the source and propagation history | ||
* @returns {boolean} true if any input is an XSS attack in the context of the body, else false. | ||
*/ | ||
isXssWholeBodyAttack(body: JsString, inputs: string[]): boolean; | ||
// legacy name | ||
isXssAttack(body: JsString, inputs: JsString[]): boolean; | ||
@@ -228,11 +230,11 @@ | ||
* | ||
* Create the state object for isXssAttackStateful(). The object holds the state between calls to | ||
* isXssAttackStateful(). Each call to isXssAttackStateful() checks a chunk of the response body. | ||
* Create the state object for isXssChunkedBodyAttack(). The object holds the state between calls to | ||
* isXssChunkedBodyAttack(). Each call to isXssChunkedBodyAttack() checks a chunk of the response body. | ||
* This function filters out inputs that do not contain at least one character that is required | ||
* for an XSS attack. This is checked in isXssAttackStateful() but if the caller wishes to check | ||
* and skip calling isXssAttackStateful(), then if XssState.inputs.byteLength <= 1, then all calls | ||
* to isXssAttackStateful() will return false. | ||
* for an XSS attack. This is checked in isXssChunkedBodyAttack() but if the caller wishes to check | ||
* and skip calling isXssChunkedBodyAttack(), then if XssState.inputs.byteLength <= 1, then all calls | ||
* to isXssChunkedBodyAttack() will return false. | ||
* | ||
* @param - inputs both the source and propagation history | ||
* @returns - the initial state to pass to isXssAttackStateful(body_chunk, state). | ||
* @param {string[]} inputs both the source and propagation history | ||
* @returns {XssState} the initial state to pass to isXssChunkedBodyAttack(body_chunk, state). | ||
*/ | ||
@@ -247,9 +249,11 @@ makeXssState(inputs: string[]): XssState; | ||
* have a separate state object, created by makeXssState(). The state will be updated each time | ||
* isXssAttackStateful() is called with the next chunk of the response body. | ||
* isXssChunkedBodyAttack() is called with the next chunk of the response body. | ||
* | ||
* @param - body a string or a buffer encoded as utf8 containing a chunk of the | ||
* @param {JsString} body a string or a buffer encoded as utf8 containing a chunk of the | ||
* response body. | ||
* @param - state the state object created by makeXssState(). It will be updated each call. | ||
* @returns - true if any input is an XSS attack in the context of the body, else false. | ||
* @param {XssState} state the state object created by makeXssState(). It will be updated each call. | ||
* @returns {boolean} true if any input is an XSS attack in the context of the body, else false. | ||
*/ | ||
isXssChunkedBodyAttack(chunk: JsString, state: XssState): boolean; | ||
// legacy name | ||
isXssAttackStateful(body: JsString, state: XssState): boolean; | ||
@@ -264,7 +268,9 @@ | ||
* This should ONLY be called with the SOURCE inputs, NOT with any values from the | ||
* propagation history. Call this BEFORE isXssAttack() or isXssAttackStateful(). | ||
* propagation history. Call this BEFORE isXssWholeBodyAttack() or isXssChunkedBodyAttack(). | ||
* | ||
* @param - inputs An array of the saved source inputs, NOT propagation history. | ||
* @returns - true if an egregious XSS attack found, else false. | ||
* @param {string[]} inputs An array of the saved source inputs, NOT propagation history. | ||
* @returns {boolean} true if an egregious XSS attack found, else false. | ||
*/ | ||
isXssScriptOrIframeAttack(inputs: string[]): boolean; | ||
// legacy name | ||
isXssObviousAttack(inputs: string[]): boolean; | ||
@@ -271,0 +277,0 @@ |
{ | ||
"name": "@contrast/agent-lib", | ||
"version": "8.1.1", | ||
"version": "8.2.0", | ||
"description": "", | ||
@@ -5,0 +5,0 @@ "keywords": [], |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 5 instances in 1 package
30284158
319
2