@contrast/assess
Advanced tools
Comparing version 1.11.0 to 1.12.0
@@ -23,3 +23,2 @@ /* | ||
require('./event-factory')(core); | ||
require('./tracker')(core); | ||
@@ -26,0 +25,0 @@ require('./sources')(core); |
@@ -29,3 +29,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -32,0 +33,0 @@ } = core; |
@@ -22,6 +22,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
eventFactory, | ||
tracker | ||
} | ||
eventFactory, | ||
dataflow: { tracker } | ||
}, | ||
@@ -28,0 +26,0 @@ patcher, |
@@ -29,3 +29,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -32,0 +33,0 @@ } = core; |
@@ -35,6 +35,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
} | ||
@@ -41,0 +39,0 @@ } = core; |
@@ -23,6 +23,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -29,0 +27,0 @@ patcher, |
@@ -31,3 +31,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -34,0 +35,0 @@ } = core; |
@@ -32,3 +32,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -35,0 +36,0 @@ } = core; |
@@ -31,3 +31,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -34,0 +35,0 @@ } = core; |
@@ -32,3 +32,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -35,0 +36,0 @@ } = core; |
@@ -31,3 +31,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -34,0 +35,0 @@ } = core; |
@@ -32,3 +32,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -35,0 +36,0 @@ } = core; |
@@ -55,6 +55,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -61,0 +59,0 @@ } = core; |
@@ -79,3 +79,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -82,0 +83,0 @@ } = core; |
@@ -27,5 +27,5 @@ /* | ||
assess: { | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
propagation: { mongooseInstrumentation }, | ||
@@ -32,0 +32,0 @@ }, |
@@ -27,5 +27,5 @@ /* | ||
assess: { | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
propagation: { mongooseInstrumentation }, | ||
@@ -32,0 +32,0 @@ }, |
@@ -31,6 +31,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -37,0 +35,0 @@ } = core; |
@@ -32,3 +32,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -35,0 +36,0 @@ } = core; |
@@ -30,6 +30,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -36,0 +34,0 @@ } = core; |
@@ -31,6 +31,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -37,0 +35,0 @@ } = core; |
@@ -30,6 +30,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -36,0 +34,0 @@ } = core; |
@@ -32,3 +32,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -35,0 +36,0 @@ } = core; |
@@ -34,3 +34,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -37,0 +38,0 @@ } = core; |
@@ -26,6 +26,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -32,0 +30,0 @@ } = core; |
@@ -30,6 +30,4 @@ /* | ||
assess: { | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
}, | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker }, | ||
}, | ||
@@ -36,0 +34,0 @@ } = core; |
@@ -29,3 +29,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -32,0 +33,0 @@ } = core; |
@@ -29,3 +29,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -32,0 +33,0 @@ } = core; |
@@ -25,3 +25,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -28,0 +29,0 @@ } = core; |
@@ -39,3 +39,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -42,0 +43,0 @@ } = core; |
@@ -26,3 +26,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -29,0 +30,0 @@ } = core; |
@@ -26,5 +26,5 @@ /* | ||
assess: { | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
propagation: { stringInstrumentation }, | ||
@@ -31,0 +31,0 @@ }, |
@@ -26,5 +26,5 @@ /* | ||
assess: { | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { | ||
tracker, | ||
eventFactory: { createPropagationEvent }, | ||
propagation: { stringInstrumentation }, | ||
@@ -31,0 +31,0 @@ }, |
@@ -31,3 +31,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
}, | ||
@@ -34,0 +35,0 @@ scopes: { sources, instrumentation } |
@@ -25,3 +25,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -28,0 +29,0 @@ } = core; |
@@ -28,3 +28,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -31,0 +32,0 @@ } = core; |
@@ -27,3 +27,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -30,0 +31,0 @@ } = core; |
@@ -28,3 +28,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -31,0 +32,0 @@ } = core; |
@@ -31,3 +31,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -34,0 +35,0 @@ } = core; |
@@ -29,3 +29,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -32,0 +33,0 @@ } = core; |
/* | ||
* Copyright: 2022 Contrast Security, Inc | ||
* Copyright: 2023 Contrast Security, Inc | ||
* Contact: support@contrastsecurity.com | ||
@@ -27,3 +27,4 @@ * License: Commercial | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -30,0 +31,0 @@ } = core; |
/* | ||
* Copyright: 2022 Contrast Security, Inc | ||
* Copyright: 2023 Contrast Security, Inc | ||
* Contact: support@contrastsecurity.com | ||
@@ -27,3 +27,4 @@ * License: Commercial | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -79,14 +80,20 @@ } = core; | ||
const param = query.substring(endIdx + 1, query.length); | ||
const keyInfo = tracker.getData(key); | ||
const paramInfo = tracker.getData(param); | ||
if (!paramInfo) return; | ||
const event = getPropagationEvent(params, paramInfo, data); | ||
if (!event); | ||
if (keyInfo) { | ||
const event = getPropagationEvent(params, keyInfo, data); | ||
if (event) Object.assign(keyInfo, event); | ||
} | ||
Object.assign(paramInfo, event); | ||
const { extern } = paramInfo || tracker.track(param, event); | ||
if (paramInfo) { | ||
const event = getPropagationEvent(params, paramInfo, data); | ||
if (event) Object.assign(paramInfo, event); | ||
} | ||
if (extern) { | ||
result.set(key, extern); | ||
} | ||
const trackedKey = keyInfo?.extern; | ||
const trackedParam = paramInfo?.extern; | ||
if (trackedKey) result.delete(key); | ||
result.set(trackedKey || key, trackedParam || param); | ||
}); | ||
@@ -93,0 +100,0 @@ } |
@@ -27,3 +27,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -30,0 +31,0 @@ } = core; |
@@ -26,3 +26,4 @@ /* | ||
assess: { | ||
dataflow: { tracker, eventFactory: { createPropagationEvent } } | ||
eventFactory: { createPropagationEvent }, | ||
dataflow: { tracker } | ||
} | ||
@@ -29,0 +30,0 @@ } = core; |
@@ -33,6 +33,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -39,0 +39,0 @@ }, |
@@ -47,6 +47,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -53,0 +53,0 @@ }, |
@@ -42,6 +42,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive } | ||
}, | ||
@@ -48,0 +48,0 @@ }, |
@@ -61,6 +61,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -67,0 +67,0 @@ }, |
@@ -39,6 +39,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -45,0 +45,0 @@ }, |
@@ -49,6 +49,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -55,0 +55,0 @@ }, |
@@ -41,2 +41,3 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
@@ -48,3 +49,2 @@ tracker, | ||
}, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -51,0 +51,0 @@ }, |
@@ -43,2 +43,3 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
@@ -52,3 +53,2 @@ tracker, | ||
}, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -55,0 +55,0 @@ }, |
@@ -42,6 +42,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -48,0 +48,0 @@ }, |
@@ -46,6 +46,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, reportFindings }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -52,0 +52,0 @@ }, |
@@ -77,6 +77,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, runInActiveSink, isLocked, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent } | ||
sinks: { isVulnerable, runInActiveSink, isLocked, reportFindings, reportSafePositive } | ||
} | ||
@@ -83,0 +83,0 @@ } |
@@ -42,6 +42,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, isLocked, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -48,0 +48,0 @@ }, |
@@ -49,6 +49,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, isLocked, reportFindings }, | ||
eventFactory: { createSinkEvent }, | ||
sinks: { isVulnerable, isLocked, reportFindings } | ||
}, | ||
@@ -55,0 +55,0 @@ }, |
@@ -33,6 +33,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, isLocked, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -39,0 +39,0 @@ }, |
@@ -38,6 +38,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, runInActiveSink, reportFindings, reportSafePositive }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -44,0 +44,0 @@ }, |
@@ -38,6 +38,6 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
tracker, | ||
sinks: { isVulnerable, isLocked, reportFindings }, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -44,0 +44,0 @@ }, |
@@ -51,2 +51,3 @@ /* | ||
assess: { | ||
eventFactory: { createSinkEvent }, | ||
dataflow: { | ||
@@ -61,3 +62,2 @@ tracker, | ||
}, | ||
eventFactory: { createSinkEvent }, | ||
}, | ||
@@ -64,0 +64,0 @@ }, |
@@ -28,6 +28,6 @@ /* | ||
assess: { | ||
eventFactory, | ||
dataflow: { | ||
sources, | ||
tracker, | ||
eventFactory | ||
tracker | ||
} | ||
@@ -34,0 +34,0 @@ }, |
@@ -83,3 +83,3 @@ /* | ||
if (toLowerCase(name) === 'content-type' && value) { | ||
scopes.sources.getStore().assess.responseData.contentType = value; | ||
store.assess.responseData.contentType = value; | ||
} | ||
@@ -86,0 +86,0 @@ } |
@@ -24,7 +24,3 @@ /* | ||
assess: { | ||
dataflow: { | ||
eventFactory: { | ||
createdEvents | ||
} | ||
} | ||
eventFactory: { createdEvents }, | ||
}, | ||
@@ -31,0 +27,0 @@ logger |
@@ -22,2 +22,3 @@ /* | ||
const responseScanning = require('./response-scanning'); | ||
const eventFactory = require('./event-factory'); | ||
@@ -31,5 +32,6 @@ module.exports = function assess(core) { | ||
// 1. dataflow | ||
sessionConfiguration(core); | ||
eventFactory(core); | ||
dataflow(core); | ||
responseScanning(core); | ||
sessionConfiguration(core); | ||
@@ -36,0 +38,0 @@ // crypto |
@@ -18,13 +18,10 @@ /* | ||
const { callChildComponentMethodsSync, Event } = require('@contrast/common'); | ||
const { callChildComponentMethodsSync } = require('@contrast/common'); | ||
module.exports = function(core) { | ||
const { messages } = core; | ||
const sessionConfiguration = core.assess.sessionConfiguration = { | ||
reportFindings(_sourceContext, vulnerabilityMetadata) { | ||
messages.emit(Event.ASSESS_SESSION_CONFIGURATION_FINDING, vulnerabilityMetadata); | ||
}, | ||
}; | ||
require('./install/http')(core); | ||
const sessionConfiguration = core.assess.sessionConfiguration = {}; | ||
require('./handlers')(core); | ||
require('./install/express-session')(core); | ||
sessionConfiguration.install = function() { | ||
@@ -31,0 +28,0 @@ callChildComponentMethodsSync(sessionConfiguration, 'install'); |
{ | ||
"name": "@contrast/assess", | ||
"version": "1.11.0", | ||
"version": "1.12.0", | ||
"description": "", | ||
@@ -16,3 +16,3 @@ "main": "lib/index.js", | ||
"dependencies": { | ||
"@contrast/distringuish": "^4.1.0", | ||
"@contrast/distringuish": "^4.4.0", | ||
"@contrast/scopes": "1.4.0", | ||
@@ -19,0 +19,0 @@ "@contrast/common": "1.14.0", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
426751
118
12237