@nuskin/ns-product-lib - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

CHANGELOG.md

@@ -0,1 +1,26 @@
+## [1.1.1](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/compare/v1.1.0...v1.1.1) (2020-10-05)
+
+
+### Fix
+
+* updated set order types logic (#CX12-2487) ([1c9cd30](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/commit/1c9cd30a860efafaec8a1a963698bb366f2f6232)), closes [#CX12-2487](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/issues/CX12-2487)
+
+# [1.1.0-types-fix.2](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/compare/v1.1.0-types-fix.1...v1.1.0-types-fix.2) (2020-10-05)
+
+
+### Chore
+
+* Merge branch 'order-types-fix' of code.tls.nuskin.io:ns-am/product/js-libs/ns-product-lib into order-types-fix ([9e738eb](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/commit/9e738eb725e1ff12bad448d503ad0e14569b01d4))
+
+### Fix
+
+* updated product content mapping of order types, moved around some code (#CX12-2487) ([a413c4e](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/commit/a413c4e098768f5e74e7dcc2df88930d899ebf37)), closes [#CX12-2487](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/issues/CX12-2487)
+
+# [1.1.0-types-fix.1](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/compare/v1.0.0...v1.1.0-types-fix.1) (2020-10-05)
+
+
+### Fix
+
+* updated set order types logic (#CX12-2487) ([bbee624](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/commit/bbee624c845bdbb66055e6b1995ed495c1ce3c55)), closes [#CX12-2487](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/issues/CX12-2487)
+
 # [1.1.0](https://code.tls.nuskin.io/ns-am/product/js-libs/ns-product-lib/compare/v1.0.0...v1.1.0) (2020-10-02)
@@ -2,0 +27,0 @@

gl-sast-report.json

@@ -5,3 +5,3 @@ {
     {
-      "id": "d057a9239955b59d30b9050ece27ffd59d33dd1a11759568e417ac56766bb906",
+      "id": "e888263043312eb7f3045464d22e94eab6eab7b7fcaf6c6628fd584b5eaa292b",
       "category": "sast",
@@ -20,4 +20,4 @@ "name": "Function Call Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 743,
-        "end_line": 743
+        "start_line": 715,
+        "end_line": 715
       },
@@ -331,3 +331,3 @@ "identifiers": [
     {
-      "id": "495f3ed99dca9cb52ab75044d51223882ae7c6d87e364b0e4d2d3e2fcee30ce6",
+      "id": "e13fa33a3325fb8bdbca7435e9d5cebb2242af40c5dd46a57e3ddb3dd486b422",
       "category": "sast",
@@ -346,4 +346,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 668,
-        "end_line": 668
+        "start_line": 677,
+        "end_line": 677
       },
@@ -360,3 +360,3 @@ "identifiers": [
     {
-      "id": "495f3ed99dca9cb52ab75044d51223882ae7c6d87e364b0e4d2d3e2fcee30ce6",
+      "id": "e13fa33a3325fb8bdbca7435e9d5cebb2242af40c5dd46a57e3ddb3dd486b422",
       "category": "sast",
@@ -375,4 +375,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 668,
-        "end_line": 668
+        "start_line": 677,
+        "end_line": 677
       },
@@ -389,3 +389,3 @@ "identifiers": [
     {
-      "id": "9ab1d67c5351d38863fa13a62f680feff47419774e69b1b06431a8a9f6751f7a",
+      "id": "daa239ff410740a627995b81408bda1bb13677e43c678f35ca570b21d0dd45d6",
       "category": "sast",
@@ -404,4 +404,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 705,
-        "end_line": 705
+        "start_line": 688,
+        "end_line": 688
       },
@@ -418,3 +418,3 @@ "identifiers": [
     {
-      "id": "9ab1d67c5351d38863fa13a62f680feff47419774e69b1b06431a8a9f6751f7a",
+      "id": "daa239ff410740a627995b81408bda1bb13677e43c678f35ca570b21d0dd45d6",
       "category": "sast",
@@ -433,4 +433,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 705,
-        "end_line": 705
+        "start_line": 688,
+        "end_line": 688
       },
@@ -447,3 +447,3 @@ "identifiers": [
     {
-      "id": "f9df0f893fb1a5449752c4f223b730fa75f4a976891727adec6490de7e275606",
+      "id": "ba37b4f70aa52bc5697e2fe1f78b5847f6f370f3e06a26cf8506f582fc9c3468",
       "category": "sast",
@@ -462,4 +462,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 716,
-        "end_line": 716
+        "start_line": 700,
+        "end_line": 700
       },
@@ -476,3 +476,3 @@ "identifiers": [
     {
-      "id": "f9df0f893fb1a5449752c4f223b730fa75f4a976891727adec6490de7e275606",
+      "id": "6eb8ad52f2a8ee534625a8e9ae701d6591efec8a81ee9858fb84b21695a4fcc9",
       "category": "sast",
@@ -491,4 +491,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 716,
-        "end_line": 716
+        "start_line": 701,
+        "end_line": 701
       },
@@ -505,3 +505,3 @@ "identifiers": [
     {
-      "id": "4c9f41f5c26f52527dac994867fc1c51d02abad6f30a7594a0160908380dd45e",
+      "id": "6eb8ad52f2a8ee534625a8e9ae701d6591efec8a81ee9858fb84b21695a4fcc9",
       "category": "sast",
@@ -520,4 +520,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 728,
-        "end_line": 728
+        "start_line": 701,
+        "end_line": 701
       },
@@ -534,58 +534,4 @@ "identifiers": [
     {
-      "id": "3c7edd50f807fdfbc41fac566304d8df16197decc7b50ad674880b24a04a71ea",
+      "id": "2475679121072f7af3bb701355526dcd5092aeac6790d04add849b9c82cfba87",
       "category": "sast",
-      "name": "Generic Object Injection Sink",
-      "message": "Generic Object Injection Sink",
-      "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
-      "cve": "src/product.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection",
-      "severity": "Unknown",
-      "confidence": "Unknown",
-      "scanner": {
-        "id": "eslint",
-        "name": "ESLint"
-      },
-      "location": {
-        "file": "src/product.js",
-        "start_line": 729,
-        "end_line": 729
-      },
-      "identifiers": [
-        {
-          "type": "eslint_rule_id",
-          "name": "ESLint rule ID security/detect-object-injection",
-          "value": "security/detect-object-injection",
-          "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection"
-        }
-      ]
-    },
-    {
-      "id": "3c7edd50f807fdfbc41fac566304d8df16197decc7b50ad674880b24a04a71ea",
-      "category": "sast",
-      "name": "Generic Object Injection Sink",
-      "message": "Generic Object Injection Sink",
-      "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
-      "cve": "src/product.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection",
-      "severity": "Unknown",
-      "confidence": "Unknown",
-      "scanner": {
-        "id": "eslint",
-        "name": "ESLint"
-      },
-      "location": {
-        "file": "src/product.js",
-        "start_line": 729,
-        "end_line": 729
-      },
-      "identifiers": [
-        {
-          "type": "eslint_rule_id",
-          "name": "ESLint rule ID security/detect-object-injection",
-          "value": "security/detect-object-injection",
-          "url": "https://github.com/nodesecurity/eslint-plugin-security#detect-object-injection"
-        }
-      ]
-    },
-    {
-      "id": "ae7252086619199fcc05aaa6ebb14abfc824f4c6488d98a1340eadee50218120",
-      "category": "sast",
       "name": "Function Call Object Injection Sink",
@@ -603,4 +549,4 @@ "message": "Function Call Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 730,
-        "end_line": 730
+        "start_line": 702,
+        "end_line": 702
       },
@@ -617,3 +563,3 @@ "identifiers": [
     {
-      "id": "8fcd36218697d93e62d6c8f60974e04d0403c7370cd650bc9ce4a60168b04f40",
+      "id": "7849a09126dd92d10f159700625dd32377bd0d3ce451a415c56122e1e7a55f28",
       "category": "sast",
@@ -632,4 +578,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 732,
-        "end_line": 732
+        "start_line": 704,
+        "end_line": 704
       },
@@ -646,3 +592,3 @@ "identifiers": [
     {
-      "id": "3b7a132d592c0a9597130f743de52fc2a655973494eab68e3975ce40f38ccc57",
+      "id": "9ab1d67c5351d38863fa13a62f680feff47419774e69b1b06431a8a9f6751f7a",
       "category": "sast",
@@ -661,4 +607,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 733,
-        "end_line": 733
+        "start_line": 705,
+        "end_line": 705
       },
@@ -675,3 +621,3 @@ "identifiers": [
     {
-      "id": "4ebfec5fb7e759c59452bea038d3ca8c1bb83519ab99925889100770110abb9b",
+      "id": "1c5574924eb97d473e43e6f49c90d2597e3d348594083ec2ba47fc28204f7d9d",
       "category": "sast",
@@ -690,4 +636,4 @@ "name": "Function Call Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 734,
-        "end_line": 734
+        "start_line": 706,
+        "end_line": 706
       },
@@ -704,3 +650,3 @@ "identifiers": [
     {
-      "id": "eb48fa9d7490880046485b3d9b73b20c07d965bbca02354a4b72c8078e767197",
+      "id": "ff3306685b7d5e0b8422c70ad6d4bf81761629e2c2ce171cc2255bb0a3f995e6",
       "category": "sast",
@@ -719,4 +665,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 737,
-        "end_line": 737
+        "start_line": 709,
+        "end_line": 709
       },
@@ -733,3 +679,3 @@ "identifiers": [
     {
-      "id": "2a374ea6a273d395d088ff3b636626364df79a5df471c7f80fe831d620957fad",
+      "id": "17b243aa1d7ed957cc110d38d457ff18e49cc9f110f93a1d550e3c6cb4532902",
       "category": "sast",
@@ -748,4 +694,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 738,
-        "end_line": 738
+        "start_line": 710,
+        "end_line": 710
       },
@@ -762,3 +708,3 @@ "identifiers": [
     {
-      "id": "2a374ea6a273d395d088ff3b636626364df79a5df471c7f80fe831d620957fad",
+      "id": "17b243aa1d7ed957cc110d38d457ff18e49cc9f110f93a1d550e3c6cb4532902",
       "category": "sast",
@@ -777,4 +723,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 738,
-        "end_line": 738
+        "start_line": 710,
+        "end_line": 710
       },
@@ -791,3 +737,3 @@ "identifiers": [
     {
-      "id": "ed8e55a2a5295045cf22c7f4aa250995b07a660aca77821c71368de6988e24db",
+      "id": "573c20dc9d858ea6d83d483f448acdd1931d9213caea2156e735a52f861dec39",
       "category": "sast",
@@ -806,4 +752,4 @@ "name": "Function Call Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 739,
-        "end_line": 739
+        "start_line": 711,
+        "end_line": 711
       },
@@ -820,3 +766,3 @@ "identifiers": [
     {
-      "id": "28824f0bfb8f5148cd9d350b57c7b494513ea5694fb381200aec4e22fa708a62",
+      "id": "36f1bd00d5e5110df714a70485d77f18f8b4cd69c77a5e2013e79c838eb23653",
       "category": "sast",
@@ -835,4 +781,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 741,
-        "end_line": 741
+        "start_line": 713,
+        "end_line": 713
       },
@@ -849,3 +795,3 @@ "identifiers": [
     {
-      "id": "52966ce3cf3b82a731869c3eafa74f9601365d4d68fe7239188a9481c6234313",
+      "id": "6b699b2bd275496be63dbb5e9a5dfb0e35f802acad01688ddb052fa2813843a7",
       "category": "sast",
@@ -864,4 +810,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/product.js",
-        "start_line": 742,
-        "end_line": 742
+        "start_line": 714,
+        "end_line": 714
       },
@@ -905,3 +851,3 @@ "identifiers": [
     {
-      "id": "f7f18f21b40d158b3cc6b3d72786c81346f9071c2a98648b78ce813252149fbc",
+      "id": "488d6d0310a05d1edbb68cb5cb12262a4bea91c749e9d1e5c1dfb8679647e904",
       "category": "sast",
@@ -920,4 +866,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 172,
-        "end_line": 172
+        "start_line": 173,
+        "end_line": 173
       },
@@ -934,3 +880,3 @@ "identifiers": [
     {
-      "id": "68f10a0013672d207a0e71a8c7b6490ea9c3a0a33fb822832d30e9f28fdc2146",
+      "id": "f6560923d1f80299840edad0ae88b865513e3c0e685279da62bffef046943e8d",
       "category": "sast",
@@ -949,4 +895,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 174,
-        "end_line": 174
+        "start_line": 175,
+        "end_line": 175
       },
@@ -963,3 +909,3 @@ "identifiers": [
     {
-      "id": "5db9bd9f754e6489cff83df70d771ac45a29f07b30974bae1dd2c12122808384",
+      "id": "38234196d98a51fab0f20c9352f165a0890e3aa098731b609f635f7504967812",
       "category": "sast",
@@ -978,4 +924,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 177,
-        "end_line": 177
+        "start_line": 178,
+        "end_line": 178
       },
@@ -992,3 +938,3 @@ "identifiers": [
     {
-      "id": "54c6b3e8cb80b172124437d27546c03014e796c10c1346fcc4ddf63139748399",
+      "id": "1b243bda5079f06734518e4b0bc6feca10082e6bcd0ebcd18dc4a2fda89c3cac",
       "category": "sast",
@@ -1007,4 +953,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 193,
-        "end_line": 193
+        "start_line": 194,
+        "end_line": 194
       },
@@ -1021,3 +967,3 @@ "identifiers": [
     {
-      "id": "a992cf22bbf22a84eeb01776202ebbdf4ebca666a3e8dcddf1961b795d5ccb67",
+      "id": "14e1d5a0a8b3842f4720f628eb90aab4317e93c68478bed27c43960005a98c6f",
       "category": "sast",
@@ -1036,4 +982,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 195,
-        "end_line": 195
+        "start_line": 196,
+        "end_line": 196
       },
@@ -1050,3 +996,3 @@ "identifiers": [
     {
-      "id": "c7a461e21c00d80e5467eb25037366b755c17170bc5f6355b7bd0ebecdd89d31",
+      "id": "668548480c2e8e713d427a2d85b54f6ea97444310c0094543619ea3a4fcb0d34",
       "category": "sast",
@@ -1065,4 +1011,4 @@ "name": "Generic Object Injection Sink",
         "file": "src/productContentMapper.js",
-        "start_line": 198,
-        "end_line": 198
+        "start_line": 199,
+        "end_line": 199
       },
@@ -1187,6 +1133,6 @@ "identifiers": [
     {
-      "id": "79f4ff114d45ac7243c6501498ee77770264e0ed42a358da8c9cba41e5069e97",
+      "id": "adf6bfc2849dc7011dc468388e2c02923237d2a41290bf51c9c81113ab55a146",
       "category": "sast",
-      "name": "Generic Object Injection Sink",
-      "message": "Generic Object Injection Sink",
+      "name": "Variable Assigned to Object Injection Sink",
+      "message": "Variable Assigned to Object Injection Sink",
       "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
@@ -1202,4 +1148,4 @@ "cve": "src/productStatusMapper.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection",
         "file": "src/productStatusMapper.js",
-        "start_line": 182,
-        "end_line": 182
+        "start_line": 90,
+        "end_line": 90
       },
@@ -1351,6 +1297,6 @@ "identifiers": [
     {
-      "id": "adf6bfc2849dc7011dc468388e2c02923237d2a41290bf51c9c81113ab55a146",
+      "id": "79f4ff114d45ac7243c6501498ee77770264e0ed42a358da8c9cba41e5069e97",
       "category": "sast",
-      "name": "Variable Assigned to Object Injection Sink",
-      "message": "Variable Assigned to Object Injection Sink",
+      "name": "Generic Object Injection Sink",
+      "message": "Generic Object Injection Sink",
       "description": "Bracket object notation with user input is present, this might allow an attacker to access all properties of the object and even it's prototype, leading to possible code execution.",
@@ -1366,4 +1312,4 @@ "cve": "src/productStatusMapper.js:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855:security/detect-object-injection",
         "file": "src/productStatusMapper.js",
-        "start_line": 90,
-        "end_line": 90
+        "start_line": 182,
+        "end_line": 182
       },
@@ -1392,6 +1338,6 @@ "identifiers": [
     "type": "sast",
-    "start_time": "2020-10-02T18:43:01",
-    "end_time": "2020-10-02T18:43:03",
+    "start_time": "2020-10-05T22:41:59",
+    "end_time": "2020-10-05T22:42:00",
     "status": "success"
   }
 }

package.json

 {
   "name": "@nuskin/ns-product-lib",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "This project contains shared Product models and code between the backend and frontend.",
@@ -5,0 +5,0 @@ "main": "src/index.js",

src/product.js

@@ -307,3 +307,3 @@ "use strict";
       }
-      setOrderTypes(this.orderTypes, productStatus.orderType);
+      this.orderTypes = ProductUtils.mergeOrderTypes(this.orderTypes, productStatus.orderType);
       this.setPriceAndPvFromType(priceType);
@@ -616,3 +616,3 @@ modified = true;
           : this.pvMap;
-      setOrderTypes(this.orderTypes, data.orderTypes);
+      this.orderTypes = ProductUtils.mergeOrderTypes(this.orderTypes, data.orderTypes);
       this.custTypes = data.custTypes || [];
@@ -646,30 +646,2 @@
 
-  function setOrderTypes(currentOrderTypes, incomingOrderTypes) {
-    // incomingOrderTypes could be undefined, remain the same
-    if (!incomingOrderTypes) {
-      return;
-    }
-
-    // untrust current order types, but keep them
-    for (const orderType in currentOrderTypes) {
-      currentOrderTypes[orderType.toLowerCase()] = false;
-    }
-
-    // at this point, could be array or object, convert to object
-    if (Array.isArray(incomingOrderTypes)) {
-      incomingOrderTypes = incomingOrderTypes.reduce(
-        (result, orderType) => (
-          (result[orderType.toLowerCase()] = true), result
-        ),
-        {}
-      );
-    }
-
-    // override current order types with incoming
-    for (const incomingOrderType in incomingOrderTypes) {
-      const orderType = incomingOrderType.toLowerCase();
-      currentOrderTypes[orderType] = incomingOrderTypes[orderType];
-    }
-  }
-
   function isAdrType(priceType) {
@@ -676,0 +648,0 @@ return (

src/productContentMapper.js

 "use strict";
 
 const Product = require("./product.js");
+const ProductUtils = require("./productUtils.js");
 const { isNullOrEmpty } = require("./utils.js");
@@ -107,3 +108,3 @@
       if (marketOrderTypes) {
-        product.orderTypes = marketOrderTypes;
+        product.orderTypes = ProductUtils.getOrderTypesMapping(marketOrderTypes);
       }
@@ -110,0 +111,0 @@

src/productUtils.js

@@ -5,2 +5,4 @@ /* eslint-disable max-len */
 
+const { isNullOrEmpty } = require("./utils.js");
+
 const ProductUtils = {
@@ -49,2 +51,32 @@ /**
     return result.replace("http://", "https://");
+  },
+
+  mergeOrderTypes: function(previousOrderTypes, newOrderTypes) {
+    // untrust previous order types
+    const previousOrderTypesMapping = this.getOrderTypesMapping(previousOrderTypes, false);
+
+    // trust new order types
+    const newOrderTypesMapping = this.getOrderTypesMapping(newOrderTypes);
+
+    return {
+      ...previousOrderTypesMapping,
+      ...newOrderTypesMapping
+    };
+  },
+  
+  getOrderTypesMapping: function(orderTypes, active = true) {
+    if (isNullOrEmpty(orderTypes)) {
+      return {};
+    }
+    const orderTypesMapping = {};
+    if (Array.isArray(orderTypes)) {
+      for (const orderType of orderTypes) {
+        orderTypesMapping[orderType.toLowerCase()] = active;
+      }
+    } else {
+      for (const orderType in orderTypes) {
+        orderTypesMapping[orderType.toLowerCase()] = active;
+      }
+    }
+    return orderTypesMapping;
   }
@@ -51,0 +83,0 @@ };

src/utils.js

 "use strict";
 
 function isNullOrEmpty(obj) {
-  return !obj || Object.entries(obj).length === 0;
+  return !obj ||
+    (Array.isArray(obj) && !obj.length) ||
+    Object.entries(obj).length === 0;
 }
@@ -6,0 +8,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

130796

decreased by-0.34%

Lines of code

3342

decreased by-1.42%

No dependency changes