@silenteer/natsu-port-server - npm Package Compare versions

Comparing version 0.0.44 to 0.0.45

dist/index.js

@@ -214,3 +214,4 @@ "use strict";
     let result;
-    if (!httpRequestSchema.isValidSync({ contentType, subject, traceId })) {
+    if (!httpRequestSchema.isValidSync({ contentType, subject, traceId }) ||
+        !validateNatsSubject(subject)) {
         result = { code: 400 };
@@ -224,3 +225,4 @@ return result;
     let result;
-    if (!wsRequestSchema.isValidSync(request)) {
+    if (!wsRequestSchema.isValidSync(request) ||
+        !validateNatsSubject(request.subject)) {
         result = { code: 400 };
@@ -232,2 +234,17 @@ return result;
 }
+function validateNatsSubject(subject) {
+    const items = subject.split('.');
+    for (const item of items) {
+        // When subject has multis dot side by side as 'a..b', or dot at first/last position as '.a.b.c'
+        // The dot will become '' after split()
+        if (!item) {
+            return false;
+        }
+        // Only accept a-z, A-Z, 0-9
+        if (!/^[\w]*$/.test(item)) {
+            return false;
+        }
+    }
+    return true;
+}
 function authenticate(headers) {
@@ -234,0 +251,0 @@ var _a, _b;

package.json

 {
   "name": "@silenteer/natsu-port-server",
-  "version": "0.0.44",
+  "version": "0.0.45",
   "license": "MIT",
@@ -5,0 +5,0 @@ "private": false,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

56001

increased by1.71%

Lines of code

864

increased by2.01%

No dependency changes