@arcis/node 1.6.1 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/index.js +2 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +2 -1
  4. package/dist/index.mjs.map +1 -1
  5. package/dist/middleware/index.js +2 -1
  6. package/dist/middleware/index.js.map +1 -1
  7. package/dist/middleware/index.mjs +2 -1
  8. package/dist/middleware/index.mjs.map +1 -1
  9. package/dist/nestjs/index.js +2 -1
  10. package/dist/nestjs/index.js.map +1 -1
  11. package/dist/nestjs/index.mjs +2 -1
  12. package/dist/nestjs/index.mjs.map +1 -1
  13. package/dist/sanitizers/index.js +2 -1
  14. package/dist/sanitizers/index.js.map +1 -1
  15. package/dist/sanitizers/index.mjs +2 -1
  16. package/dist/sanitizers/index.mjs.map +1 -1
  17. package/dist/sanitizers/ldap.d.ts.map +1 -1
  18. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -1101,9 +1101,10 @@ function detectXxe(input) {
1101
1101
  // src/sanitizers/ldap.ts
1102
1102
  var LDAP_DETECT_PATTERN = /[*()\\\x00]/;
1103
1103
  var LDAP_INJECTION_PATTERN = /\)\s*\(|\*\s*\)\s*\(/;
1104
+ var LDAP_NOT_BYPASS_PATTERN = /\)\s*\(\s*!|&\s*\(\s*!|\|\s*\(\s*!/;
1104
1105
  function detectLdapInjection(input) {
1105
1106
  if (typeof input !== "string") return false;
1106
- return LDAP_DETECT_PATTERN.test(input) || LDAP_INJECTION_PATTERN.test(input);
1107
+ return LDAP_DETECT_PATTERN.test(input) || LDAP_INJECTION_PATTERN.test(input) || LDAP_NOT_BYPASS_PATTERN.test(input);
1107
1108
  }
1108
1109
 
1109
1110
  // src/sanitizers/xpath.ts