npm - @contrast/agent - Versions diffs - 4.10.4 → 4.11.0 - Mend

@contrast/agent 4.10.4 → 4.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/bin/VERSION +1 -1
package/bin/linux/contrast-service +0 -0
package/bin/mac/contrast-service +0 -0
package/bin/windows/contrast-service.exe +0 -0
package/esm.mjs +45 -3
package/lib/assess/propagators/joi/any.js +8 -9
package/lib/assess/propagators/joi/object.js +9 -10
package/lib/assess/propagators/joi/string-base.js +22 -19
package/lib/assess/sinks/rethinkdb-nosql-injection.js +1 -1
package/lib/core/arch-components/dynamodb.js +7 -3
package/lib/core/arch-components/dynamodbv3.js +7 -3
package/lib/core/arch-components/index.js +2 -0
package/lib/core/arch-components/mongodb.js +6 -6
package/lib/core/arch-components/mysql.js +9 -6
package/lib/core/arch-components/postgres.js +10 -11
package/lib/core/arch-components/rethinkdb.js +4 -4
package/lib/core/arch-components/sqlite3.js +6 -3
package/lib/core/arch-components/util.js +4 -2
package/lib/core/config/options.js +136 -238
package/lib/util/traverse.js +40 -9
package/package.json +1 -1

package/lib/util/traverse.js CHANGED Viewed

@@ -59,7 +59,7 @@ class Path extends Stack {
     super.push({
       key,
-      array
+      array,
     });
   }
 }
@@ -74,7 +74,16 @@ class Visitor {
     this.cache = new WeakSet();
   }
-  visit(key, value) {
+  visit(key, value, isMaxDepthReached) {
+    if (isMaxDepthReached) {
+      this.updateStacks(
+        { counter: this.counter, path: this.path },
+        null,
+        null,
+        isMaxDepthReached,
+      );
+      return;
+    }
     // skip circular objects
     if (typeof value === 'object' && value !== null) {
       if (this.cache.has(value)) {
@@ -96,7 +105,11 @@ class Visitor {
     return newVal || value;
   }
-  updateStacks(stacks, key, value) {
+  updateStacks(stacks, key, value, isMaxDepthReached) {
+    if (isMaxDepthReached) {
+      stacks.counter.pop();
+      stacks.path.pop();
+    }
     // We're decending into the object, so here we're
     // just building up the stacks.
@@ -123,7 +136,7 @@ class Visitor {
         return this.updateStacks(
           { counter: this.counter, path: this.path },
           key,
-          value
+          value,
         );
       }
       return;
@@ -136,16 +149,34 @@ function traverse(obj, fn, visitor, maxDepth) {
     maxDepth = visitor;
     visitor = undefined;
   }
   visitor =
     visitor ||
-    new Visitor(function(key, value, depth, paths) {
+    new Visitor(function (key, value, depth, paths) {
       fn(key, value, depth, paths);
     }, maxDepth);
-  JSON.stringify(obj, function(k, v) {
-    // if  is traversable and empty, call traverse on value and pass in existing visitor
-    return visitor.visit(k, v);
+  traverseObject(obj, visitor, maxDepth);
+}
+function traverseObject(obj, visitor, remainingDepth = Infinity) {
+  if (!obj) {
+    return;
+  }
+  if (visitor.path.length() < 1) {
+    visitor.visit('', obj);
+  }
+  // This is done just to reset the stack, without changing the current impletion
+  if (remainingDepth == 0) {
+    visitor.visit(null, null, true);
+    return;
+  }
+  Object.entries(obj).forEach(([key, value]) => {
+    visitor.visit(key, value);
+    if (value && typeof value === 'object') {
+      traverseObject(value, visitor, remainingDepth - 1);
+    }
   });
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.10.4",
+  "version": "4.11.0",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",