npm - @auth0/auth0-checkmate - Versions diffs - 1.6.14 → 1.6.16 - Mend

@auth0/auth0-checkmate 1.6.14 → 1.6.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/analyzer/lib/clients/checkAllowedLogoutUrl.js +5 -0
package/package.json +1 -1
package/tests/clients/checkAllowedLogoutUrl.test.js +43 -0

package/analyzer/lib/clients/checkAllowedLogoutUrl.js CHANGED Viewed

@@ -77,6 +77,11 @@ function checkURLsForApp(app) {
     return report;
   }
   allowed_logout_urls.forEach((url) => {
+    if (!url) {
+      // Skip null/undefined/empty URLs and log warning
+      console.warn(`[WARNING] App "${app.name}" (${app.client_id}) has null/undefined URL in allowed_logout_urls`);
+      return;
+    }
     const subArr = insecurePatterns.filter((str) => url.includes(str));
     if (subArr.length > 0) {
       report.push({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@auth0/auth0-checkmate",
-  "version": "1.6.14",
+  "version": "1.6.16",
   "description": "A command line tool for checking configuration of your Auth0 tenant",
   "main": "analyzer/report.js",
   "scripts": {

package/tests/clients/checkAllowedLogoutUrl.test.js CHANGED Viewed

@@ -146,4 +146,47 @@ describe("checkAllowedLogoutUrl", function () {
       ]);
     });
   });
+  it("should handle null/undefined URLs in allowed_logout_urls array without crashing", function () {
+    const options = {
+      clients: [
+        {
+          name: "Test App with Null URLs",
+          client_id: "client_with_null",
+          allowed_logout_urls: ["https://contoso.com", null, "http://localhost:3000", undefined], // Contains null and undefined
+          app_type: "spa",
+          is_first_party: false,
+        },
+      ],
+    };
+    checkAllowedLogoutUrl(options, (reports) => {
+      // Should only process valid URLs and skip null/undefined
+      expect(reports).to.deep.equal([
+        {
+          name: "Test App with Null URLs (client_with_null)",
+          report: [
+            {
+              name: "Test App with Null URLs (client_with_null)",
+              client_id: "client_with_null",
+              field: "insecure_allowed_logout_urls",
+              value: "http://localhost:3000",
+              status: CONSTANTS.FAIL,
+              app_type: "spa",
+              is_first_party: false,
+            },
+            {
+              name: "Test App with Null URLs (client_with_null)",
+              client_id: "client_with_null",
+              field: "secure_allowed_logout_urls",
+              status: CONSTANTS.SUCCESS,
+              value: "https://contoso.com",
+              app_type: "spa",
+              is_first_party: false,
+            },
+          ],
+        },
+      ]);
+    });
+  });
 });