body-fingerprint - npm Package Compare versions

body-fingerprint

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.3.3 to 1.3.4

index.js

		@@ -12,3 +12,5 @@ const multipartFingerprint = (req, _, next) => {

		if (!req.headers["content-type"]?.includes("multipart")) {
		if (
		!/multipart\/form-data;\s.*boundary\=.+/.test(req.headers["content-type"])
		) {
		return next();
		@@ -68,3 +70,3 @@ }

		if (!req.headers["content-type"]?.includes("json")) {
		if (!/application\/json(.+)?/.test(req.headers["content-type"])) {
		return next();
		@@ -71,0 +73,0 @@ }

package.json

		{
		"name": "body-fingerprint",
		"version": "1.3.3",
		"version": "1.3.4",
		"description": "Tracks consumers by POST body",
		@@ -5,0 +5,0 @@ "main": "index.js",

145

test.js

		@@ -367,2 +367,95 @@ const assert = require("node:assert");
		});

		it("should ignore malformed content-type", () => {
		const expected = {
		raw: { body: "" },
		parts: [],
		headers: {
		order: [],
		},
		};
		const req = new (class extends EventEmitter {
		get headers() {
		return {
		"content-type": "==multipart/form-data; boundary",
		};
		}

		setEncoding() {}
		})();

		multipartFingerprint(req, res, next);
		req.emit(
		"data",
		`------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="a"

		b
		------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="c"

		d
		------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="e"; filename=""
		Content-Type: application/octet-stream
		Header-One: value
		Header-Two: value
		Header-three: value
		header-four: value
		HEADER-FIVE: value


		------WebKitFormBoundary1234567890123456--
		`.replaceAll("\n", "\r\n")
		);
		req.emit("end");
		const { multipart: actual } = req;

		assert.deepStrictEqual(actual, expected);
		});

		it("should not ignore content-type with spacing", () => {
		const expected = "name;name;name,filename";
		const req = new (class extends EventEmitter {
		get headers() {
		return {
		"content-type":
		"multipart/form-data; boundary=----WebKitFormBoundary1234567890123456",
		};
		}

		setEncoding() {}
		})();

		multipartFingerprint(req, res, next);
		req.emit(
		"data",
		`------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="a"

		b
		------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="c"

		d
		------WebKitFormBoundary1234567890123456
		Content-Disposition: form-data; name="e"; filename=""
		Content-Type: application/octet-stream
		Header-One: value
		Header-Two: value
		Header-three: value
		header-four: value
		HEADER-FIVE: value


		------WebKitFormBoundary1234567890123456--
		`.replaceAll("\n", "\r\n")
		);
		req.emit("end");
		const {
		multipart: { fingerprint: actual },
		} = req;

		assert.strictEqual(actual, expected);
		});
		});
		@@ -691,2 +784,54 @@
		});

		it("should ignore malformed content-type", () => {
		// no double quotes between property key "a"
		const exampleJsonString = '{"a": 1}';
		const expected = {
		raw: { body: "" },
		fingerprint: "",
		spaces: [],
		};
		const req = new (class extends EventEmitter {
		get headers() {
		return {
		"content-type": "_app_licati_on/json",
		};
		}

		setEncoding() {}
		})();

		jsonFingerprint(req, res, next);
		req.emit("data", exampleJsonString);
		req.emit("end");

		const actual = req.json;

		assert.deepStrictEqual(actual, expected);
		});

		it("should not ignore encoding-concise content-type", () => {
		// no double quotes between property key "a"
		const exampleJsonString = '{"a": 1}';
		const expected = "a";
		const req = new (class extends EventEmitter {
		get headers() {
		return {
		"content-type": "application/json; encoding=UTF-8",
		};
		}

		setEncoding() {}
		})();

		jsonFingerprint(req, res, next);
		req.emit("data", exampleJsonString);
		req.emit("end");

		const {
		json: { fingerprint: actual },
		} = req;

		assert.deepStrictEqual(actual, expected);
		});
		});

Improved metrics