@contrast/protect - npm Package Compare versions

Comparing version 1.6.0 to 1.6.1

lib/error-handlers/install/hapi.js

@@ -43,3 +43,2 @@ /*
           const [mode, ruleId] = sourceContext.findings.securityException;
-          sourceContext.block('block', 'cmd-injection');
 
@@ -46,0 +45,0 @@ err.output.statusCode = 403;

lib/input-analysis/install/hapi.js

@@ -74,5 +74,5 @@ /*
 
-          if (req.cookies && Object.keys(req.cookies).length) {
-            sourceContext.parsedCookies = req.cookies;
-            inputAnalysis.handleCookies(sourceContext, req.cookies);
+          if (req.state && Object.keys(req.state).length) {
+            sourceContext.parsedCookies = req.state;
+            inputAnalysis.handleCookies(sourceContext, req.state);
           }
@@ -79,0 +79,0 @@

lib/input-analysis/virtual-patches.js

@@ -46,5 +46,9 @@ /*
           const evalCheck = buildEvaluationCheck(evaluation);
-          const keyIndex = reqHeaders.indexOf(name.toLowerCase());
+          const headersArray = Array.isArray(reqHeaders) ? reqHeaders : Object.entries(reqHeaders).reduce((acc, entry) => {
+            acc.push(...entry);
+            return acc;
+          }, []);
+          const keyIndex = headersArray.indexOf(name.toLowerCase());
 
-          result = keyIndex !== -1 && evalCheck(reqHeaders[keyIndex + 1], value);
+          result = keyIndex !== -1 && evalCheck(headersArray[keyIndex + 1], value);
           if (!result) break;
@@ -51,0 +55,0 @@ }

package.json

 {
   "name": "@contrast/protect",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "description": "Contrast service providing framework-agnostic Protect support",
@@ -24,5 +24,5 @@ "license": "SEE LICENSE IN LICENSE",
     "@contrast/common": "1.1.2",
-    "@contrast/core": "1.5.0",
-    "@contrast/esm-hooks": "1.1.6",
-    "@contrast/scopes": "1.1.1",
+    "@contrast/core": "1.5.1",
+    "@contrast/esm-hooks": "1.1.7",
+    "@contrast/scopes": "1.1.2",
     "builtin-modules": "^3.2.0",
@@ -29,0 +29,0 @@ "ipaddr.js": "^2.0.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

165832

increased by0.08%

Lines of code

4216

increased by0.07%

Dependency changes

• + Added@contrast/core@1.5.1(transitive)

• + Added@contrast/esm-hooks@1.1.7(transitive)

• + Added@contrast/patcher@1.0.5(transitive)

• + Added@contrast/reporter@1.4.1(transitive)

• + Added@contrast/scopes@1.1.2(transitive)

• + Addedaxios@1.7.7(transitive)

• + Addedproxy-from-env@1.1.0(transitive)

• - Removed@contrast/core@1.5.0(transitive)

• - Removed@contrast/esm-hooks@1.1.6(transitive)

• - Removed@contrast/patcher@1.0.4(transitive)

• - Removed@contrast/reporter@1.4.0(transitive)

• - Removed@contrast/scopes@1.1.1(transitive)

• - Removedaxios@0.27.2(transitive)

• Updated@contrast/core@1.5.1

• Updated@contrast/esm-hooks@1.1.7

• Updated@contrast/scopes@1.1.2