npm - @contrast/agent - Versions diffs - 4.36.0 → 4.36.2 - Mend

@contrast/agent 4.36.0 → 4.36.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/assess/propagators/string-prototype-split.js CHANGED Viewed

@@ -46,11 +46,7 @@ function shouldSkip(data) {
   // split just returns the original string
   // if not passed an argument
-  if (data.args.length === 0) {
-    return true;
-  }
-  return false;
+  return data.args.length === 0;
 }
 /**
@@ -111,6 +107,10 @@ module.exports.handle = {
     } else {
       for (let i = 0; i < result.length; i++) {
         const stringPart = result[i];
+        if (!stringPart) {
+          continue;
+        }
         const stringPartLength = stringPart.length - 1;
         let stringStart = origString.indexOf(stringPart);
@@ -130,10 +130,6 @@ module.exports.handle = {
         indexOfFounds.add(stringStart + stringPartLength);
-        if (stringPart.length === 0) {
-          continue;
-        }
         const newTagRanges = [];
         oldTagRanges.forEach((tag) => {
           const relation = new TagRange(

package/lib/assess/response-scanning/headers/xxssprotection-header-disabled.js CHANGED Viewed

@@ -12,6 +12,8 @@ Copyright: 2023 Contrast Security, Inc
   engineered, modified, repackaged, sold, redistributed or otherwise used in a
   way not consistent with the End User License Agreement.
 */
+'use strict';
 const agentEmitter = require('../../../agent-emitter');
 const RULE_ID = 'xxssprotection-header-disabled';
@@ -23,14 +25,11 @@ module.exports = ({ common }) => {
   rule.check = function check(responseHeaders) {
     const header = responseHeaders[HEADER_NAME];
-    // This header is set by default, so `header` should always be present.
-    if (header && header.startsWith('1')) {
-      return;
+    if (header && !header.startsWith('1')) {
+      return {
+        data: header
+      };
     }
-    return {
-      data: header
-    };
   };
   rule.handle = function handle() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.36.0",
+  "version": "4.36.2",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",