@contrast/protect - npm Package Compare versions

Comparing version 1.36.0 to 1.36.1

lib/input-analysis/handlers.js

@@ -27,5 +27,5 @@ /*
   InputType,
-  toLowerCase,
-  split,
-  join
+  ArrayPrototypeJoin,
+  StringPrototypeToLowerCase,
+  StringPrototypeSplit,
 } = require('@contrast/common');
@@ -599,3 +599,3 @@
         });
-        const key = join([
+        const key = ArrayPrototypeJoin.call([
           probe.ruleId,
@@ -730,3 +730,3 @@ probe.inputType,
       if (reqHeaders[i] === 'x-forwarded-for') {
-        const ipsFromHeaders = split(reqHeaders[i + 1], /[,;]+/);
+        const ipsFromHeaders = StringPrototypeSplit.call(reqHeaders[i + 1], /[,;]+/);
         forwardedIps.push(...ipsFromHeaders);
@@ -803,3 +803,3 @@ }
     case 'HeaderValue': {
-      if (path[0] && toLowerCase(path[0]) === 'cookie') {
+      if (path[0] && StringPrototypeToLowerCase.call(path[0]) === 'cookie') {
         inputExclusions = exclusions.cookie;
@@ -806,0 +806,0 @@ checkCookiesInHeader = true;

lib/input-analysis/install/http.js

@@ -18,3 +18,3 @@ /*
 
-const { Event, toLowerCase } = require('@contrast/common');
+const { Event, StringPrototypeToLowerCase } = require('@contrast/common');
 const { patchType } = require('../constants');
@@ -98,3 +98,3 @@
         uriPath,
-        method: toLowerCase(method),
+        method:StringPrototypeToLowerCase.call(method),
       };
@@ -101,0 +101,0 @@

lib/input-analysis/ip-analysis.js

@@ -18,3 +18,3 @@ /*
 
-const { Event, substr } = require('@contrast/common');
+const { Event, StringPrototypeSubstr } = require('@contrast/common');
 const address = require('ipaddr.js');
@@ -61,3 +61,3 @@
   const ipInstance = isCIDR
-    ? address.process(substr(ip, 0, slashIdx))
+    ? address.process(StringPrototypeSubstr.call(ip, 0, slashIdx))
     : address.process(ip);
@@ -64,0 +64,0 @@

lib/input-analysis/virtual-patches.js

@@ -18,3 +18,3 @@ /*
 
-const { Event, toLowerCase } = require('@contrast/common');
+const { Event, StringPrototypeToLowerCase } = require('@contrast/common');
 
@@ -51,3 +51,3 @@ module.exports = (core) => {
           }, []);
-          const keyIndex = headersArray.indexOf(toLowerCase(name));
+          const keyIndex = headersArray.indexOf(StringPrototypeToLowerCase.call(name));
 
@@ -54,0 +54,0 @@ result = keyIndex !== -1 && evalCheck(headersArray[keyIndex + 1], value);

lib/input-tracing/handlers/index.js

@@ -23,3 +23,3 @@ /*
   isString,
-  stringify,
+  JSONStringify,
   traverseKeys,
@@ -355,3 +355,3 @@ traverseKeysAndValues,
       if (util.isDeepStrictEqual(obj, result.mongoContext.inputToCheck)) {
-        const start = stringify(object).indexOf(value);
+        const start = JSONStringify(object).indexOf(value);
         const end = start + value.length;
@@ -358,0 +358,0 @@ const inputBoundaryIndex = 0;

lib/make-response-blocker.js

@@ -18,3 +18,3 @@ /*
 
-const { toUpperCase } = require('@contrast/common');
+const { StringPrototypeToUpperCase } = require('@contrast/common');
 
@@ -33,3 +33,3 @@ module.exports = function(core) {
       blocked.add(res);
-      mode = toUpperCase(mode);
+      mode = StringPrototypeToUpperCase.call(mode);
       const end = patcher.unwrap(res.end);
@@ -36,0 +36,0 @@ const writeHead = patcher.unwrap(res.writeHead);

lib/make-source-context.js

@@ -18,3 +18,3 @@ /*
 
-const { toLowerCase, slice } = require('@contrast/common');
+const { StringPrototypeToLowerCase, StringPrototypeSlice } = require('@contrast/common');
 
@@ -40,4 +40,4 @@ module.exports = function(core) {
     if (ix >= 0) {
-      uriPath = slice(req.url, 0, ix);
-      queries = slice(req.url, ix + 1);
+      uriPath = StringPrototypeSlice.call(req.url, 0, ix);
+      queries = StringPrototypeSlice.call(req.url, ix + 1);
     } else {
@@ -60,6 +60,6 @@ uriPath = req.url;
     for (let i = 0; i < req.rawHeaders.length; i += 2) {
-      headers[i] = toLowerCase(req.rawHeaders[i]);
+      headers[i] = StringPrototypeToLowerCase.call(req.rawHeaders[i]);
       headers[i + 1] = req.rawHeaders[i + 1];
       if (headers[i] === 'content-type') {
-        contentType = toLowerCase(headers[i + 1]);
+        contentType = StringPrototypeToLowerCase.call(headers[i + 1]);
       }
@@ -66,0 +66,0 @@ }

lib/policy.js

@@ -22,5 +22,5 @@ /*
   Event,
-  toLowerCase,
-  split,
-  join
+  ArrayPrototypeJoin,
+  StringPrototypeToLowerCase,
+  StringPrototypeSplit,
 } = require('@contrast/common');
@@ -92,3 +92,3 @@ const { ConfigSource } = require('@contrast/config');
     if (regExpNeeded) {
-      const rx = new RegExp(`^${join(urls, '|')}$`);
+      const rx = new RegExp(`^${ArrayPrototypeJoin.call(urls, '|')}$`);
 
@@ -310,3 +310,3 @@ return (uriPath) => rx ? rx.test(uriPath) : false;
       const { name, protect_rules, urls, type } = exclusionDtm;
-      const key = toLowerCase(type);
+      const key = StringPrototypeToLowerCase.call(type);
 
@@ -346,4 +346,4 @@ if (!compiled[key]) continue;
           e.checkCookieInHeader = (cookieHeader) => {
-            for (const cookiePair of split(cookieHeader, ';')) {
-              const cookieKey = split(cookiePair, '=')[0];
+            for (const cookiePair of StringPrototypeSplit.call(cookieHeader, ';')) {
+              const cookieKey = StringPrototypeSplit.call(cookiePair, '=')[0];
               if (e.matchesInputName(cookieKey)) {
@@ -350,0 +350,0 @@ return true;

lib/semantic-analysis/handlers.js

@@ -24,3 +24,3 @@ /*
   traverseValues,
-  replace
+  StringPrototypeReplace,
 } = require('@contrast/common');
@@ -33,3 +33,3 @@
 const SINK_EXPLOIT_PATTERN_START = /(?:^|\\|\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)/;
-const stripWhiteSpace = (str) => replace(str, /\s/g, '');
+const stripWhiteSpace = (str) => StringPrototypeReplace.call(str, /\s/g, '');
 
@@ -36,0 +36,0 @@ const getRuleResults = function(obj, prop) {

lib/semantic-analysis/utils/xml-analysis.js

@@ -17,3 +17,3 @@ /*
 
-const { substr, toLowerCase } = require('@contrast/common');
+const { StringPrototypeSubstr, StringPrototypeToLowerCase } = require('@contrast/common');
 
@@ -27,5 +27,5 @@ const PROTOCOLS = {
 
-const FTP = `${toLowerCase(PROTOCOLS.FTP)}:`;
-const HTTP = `${toLowerCase(PROTOCOLS.HTTP)}:`;
-const HTTPS = `${toLowerCase(PROTOCOLS.HTTPS)}:`;
+const FTP = `${StringPrototypeToLowerCase.call(PROTOCOLS.FTP)}:`;
+const HTTP = `${StringPrototypeToLowerCase.call(PROTOCOLS.HTTP)}:`;
+const HTTPS = `${StringPrototypeToLowerCase.call(PROTOCOLS.HTTPS)}:`;
 const DTD_EXTENSION = '.dtd';
@@ -106,3 +106,3 @@ const FILE_START = 'file:';
     entities,
-    prolog: len && substr(xml, 0, entities[len - 1].finish) || null
+    prolog: len && StringPrototypeSubstr.call(xml, 0, entities[len - 1].finish) || null
   };
@@ -109,0 +109,0 @@ };

package.json

 {
   "name": "@contrast/protect",
-  "version": "1.36.0",
+  "version": "1.36.1",
   "description": "Contrast service providing framework-agnostic Protect support",
@@ -14,3 +14,3 @@ "license": "SEE LICENSE IN LICENSE",
     "npm": ">=6.13.7 <7 || >= 8.3.1",
-    "node": ">= 14.18.0"
+    "node": ">= 16.9.1"
   },
@@ -22,6 +22,6 @@ "scripts": {
     "@contrast/agent-lib": "^7.0.1",
-    "@contrast/common": "1.21.0",
-    "@contrast/config": "1.28.0",
-    "@contrast/core": "1.32.0",
-    "@contrast/esm-hooks": "2.6.0",
+    "@contrast/common": "1.21.1",
+    "@contrast/config": "1.28.1",
+    "@contrast/core": "1.32.1",
+    "@contrast/esm-hooks": "2.6.1",
     "@contrast/scopes": "1.4.1",
@@ -28,0 +28,0 @@ "ipaddr.js": "^2.0.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

195589

increased by0.32%

Dependency changes

• + Added@contrast/common@1.21.1(transitive)

• + Added@contrast/config@1.28.1(transitive)

• + Added@contrast/core@1.32.1(transitive)

• + Added@contrast/esm-hooks@2.6.1(transitive)

• - Removed@contrast/common@1.21.0(transitive)

• - Removed@contrast/config@1.28.0(transitive)

• - Removed@contrast/core@1.32.0(transitive)

• - Removed@contrast/esm-hooks@2.6.0(transitive)

• Updated@contrast/common@1.21.1

• Updated@contrast/config@1.28.1

• Updated@contrast/core@1.32.1

• Updated@contrast/esm-hooks@2.6.1