@contrast/assess 1.19.0 → 1.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (160) hide show
  1. package/LICENSE +1 -1
  2. package/lib/constants.js +1 -1
  3. package/lib/crypto-analysis/common.js +1 -1
  4. package/lib/crypto-analysis/index.js +1 -1
  5. package/lib/crypto-analysis/install/crypto.js +8 -3
  6. package/lib/crypto-analysis/install/math.js +8 -3
  7. package/lib/dataflow/index.js +1 -1
  8. package/lib/dataflow/propagation/common.js +1 -1
  9. package/lib/dataflow/propagation/index.js +1 -1
  10. package/lib/dataflow/propagation/install/JSON/index.js +1 -1
  11. package/lib/dataflow/propagation/install/JSON/parse-fn.js +1 -1
  12. package/lib/dataflow/propagation/install/JSON/parse.js +3 -3
  13. package/lib/dataflow/propagation/install/JSON/stringify.js +1 -1
  14. package/lib/dataflow/propagation/install/array-prototype-join.js +1 -1
  15. package/lib/dataflow/propagation/install/buffer.js +1 -1
  16. package/lib/dataflow/propagation/install/contrast-methods/add.js +1 -1
  17. package/lib/dataflow/propagation/install/contrast-methods/index.js +1 -1
  18. package/lib/dataflow/propagation/install/contrast-methods/number.js +4 -3
  19. package/lib/dataflow/propagation/install/contrast-methods/string.js +1 -1
  20. package/lib/dataflow/propagation/install/contrast-methods/tag.js +1 -1
  21. package/lib/dataflow/propagation/install/decode-uri-component.js +1 -1
  22. package/lib/dataflow/propagation/install/ejs/escape-xml.js +1 -1
  23. package/lib/dataflow/propagation/install/ejs/index.js +1 -1
  24. package/lib/dataflow/propagation/install/ejs/template.js +7 -5
  25. package/lib/dataflow/propagation/install/encode-uri.js +1 -1
  26. package/lib/dataflow/propagation/install/escape-html.js +1 -1
  27. package/lib/dataflow/propagation/install/escape.js +1 -1
  28. package/lib/dataflow/propagation/install/handlebars-utils-escape-expression.js +1 -1
  29. package/lib/dataflow/propagation/install/isnumeric-0.js +3 -3
  30. package/lib/dataflow/propagation/install/joi/any.js +1 -1
  31. package/lib/dataflow/propagation/install/joi/boolean.js +1 -1
  32. package/lib/dataflow/propagation/install/joi/expression.js +1 -1
  33. package/lib/dataflow/propagation/install/joi/index.js +1 -1
  34. package/lib/dataflow/propagation/install/joi/keys.js +1 -1
  35. package/lib/dataflow/propagation/install/joi/number.js +1 -1
  36. package/lib/dataflow/propagation/install/joi/object.js +1 -1
  37. package/lib/dataflow/propagation/install/joi/string-schema.js +1 -1
  38. package/lib/dataflow/propagation/install/joi/utils.js +1 -1
  39. package/lib/dataflow/propagation/install/joi/values.js +1 -1
  40. package/lib/dataflow/propagation/install/mongoose/common.js +1 -1
  41. package/lib/dataflow/propagation/install/mongoose/index.js +1 -1
  42. package/lib/dataflow/propagation/install/mongoose/schema-map.js +1 -1
  43. package/lib/dataflow/propagation/install/mongoose/schema-mixed.js +1 -1
  44. package/lib/dataflow/propagation/install/mongoose/schema-string.js +1 -1
  45. package/lib/dataflow/propagation/install/mustache-escape.js +1 -1
  46. package/lib/dataflow/propagation/install/mysql-connection-escape.js +1 -1
  47. package/lib/dataflow/propagation/install/parse-int.js +3 -3
  48. package/lib/dataflow/propagation/install/path/basename.js +1 -1
  49. package/lib/dataflow/propagation/install/path/common.js +1 -1
  50. package/lib/dataflow/propagation/install/path/dirname.js +1 -1
  51. package/lib/dataflow/propagation/install/path/extname.js +1 -1
  52. package/lib/dataflow/propagation/install/path/format.js +1 -1
  53. package/lib/dataflow/propagation/install/path/index.js +1 -1
  54. package/lib/dataflow/propagation/install/path/join-and-resolve.js +1 -1
  55. package/lib/dataflow/propagation/install/path/normalize.js +1 -1
  56. package/lib/dataflow/propagation/install/path/parse.js +1 -1
  57. package/lib/dataflow/propagation/install/path/relative.js +1 -1
  58. package/lib/dataflow/propagation/install/path/toNamespacedPath.js +1 -1
  59. package/lib/dataflow/propagation/install/pug/index.js +3 -3
  60. package/lib/dataflow/propagation/install/pug-runtime-escape.js +1 -1
  61. package/lib/dataflow/propagation/install/querystring/escape.js +1 -1
  62. package/lib/dataflow/propagation/install/querystring/index.js +1 -1
  63. package/lib/dataflow/propagation/install/querystring/parse.js +1 -1
  64. package/lib/dataflow/propagation/install/querystring/stringify.js +1 -1
  65. package/lib/dataflow/propagation/install/reg-exp-prototype-exec.js +1 -1
  66. package/lib/dataflow/propagation/install/send.js +1 -1
  67. package/lib/dataflow/propagation/install/sequelize/index.js +1 -1
  68. package/lib/dataflow/propagation/install/sequelize/query-generator.js +1 -1
  69. package/lib/dataflow/propagation/install/sequelize/sql-string.js +1 -1
  70. package/lib/dataflow/propagation/install/sql-template-strings.js +1 -1
  71. package/lib/dataflow/propagation/install/string/concat.js +1 -1
  72. package/lib/dataflow/propagation/install/string/format-methods.js +1 -1
  73. package/lib/dataflow/propagation/install/string/html-methods.js +1 -1
  74. package/lib/dataflow/propagation/install/string/index.js +1 -1
  75. package/lib/dataflow/propagation/install/string/match-all.js +1 -1
  76. package/lib/dataflow/propagation/install/string/match.js +1 -1
  77. package/lib/dataflow/propagation/install/string/replace.js +1 -1
  78. package/lib/dataflow/propagation/install/string/slice.js +1 -1
  79. package/lib/dataflow/propagation/install/string/split.js +2 -2
  80. package/lib/dataflow/propagation/install/string/substring.js +1 -1
  81. package/lib/dataflow/propagation/install/string/trim.js +1 -1
  82. package/lib/dataflow/propagation/install/unescape.js +1 -1
  83. package/lib/dataflow/propagation/install/url/domain-parsers.js +1 -1
  84. package/lib/dataflow/propagation/install/url/index.js +1 -1
  85. package/lib/dataflow/propagation/install/url/parse.js +1 -1
  86. package/lib/dataflow/propagation/install/url/searchParams.js +1 -1
  87. package/lib/dataflow/propagation/install/url/url.js +1 -1
  88. package/lib/dataflow/propagation/install/util-format.js +1 -1
  89. package/lib/dataflow/propagation/install/validator/hooks.js +1 -1
  90. package/lib/dataflow/propagation/install/validator/index.js +1 -1
  91. package/lib/dataflow/propagation/install/validator/methods.js +1 -1
  92. package/lib/dataflow/sinks/common.js +1 -1
  93. package/lib/dataflow/sinks/index.js +1 -1
  94. package/lib/dataflow/sinks/install/child-process.js +1 -1
  95. package/lib/dataflow/sinks/install/eval.js +1 -1
  96. package/lib/dataflow/sinks/install/express/index.js +1 -1
  97. package/lib/dataflow/sinks/install/express/unvalidated-redirect.js +1 -1
  98. package/lib/dataflow/sinks/install/fastify/index.js +1 -1
  99. package/lib/dataflow/sinks/install/fastify/unvalidated-redirect.js +1 -1
  100. package/lib/dataflow/sinks/install/fs.js +1 -1
  101. package/lib/dataflow/sinks/install/function.js +1 -1
  102. package/lib/dataflow/sinks/install/http/index.js +1 -1
  103. package/lib/dataflow/sinks/install/http/request.js +1 -1
  104. package/lib/dataflow/sinks/install/http/server-response.js +1 -1
  105. package/lib/dataflow/sinks/install/koa/index.js +1 -1
  106. package/lib/dataflow/sinks/install/koa/unvalidated-redirect.js +1 -1
  107. package/lib/dataflow/sinks/install/libxmljs.js +1 -1
  108. package/lib/dataflow/sinks/install/marsdb.js +4 -4
  109. package/lib/dataflow/sinks/install/mongodb.js +7 -7
  110. package/lib/dataflow/sinks/install/mssql.js +1 -1
  111. package/lib/dataflow/sinks/install/mysql.js +1 -1
  112. package/lib/dataflow/sinks/install/node-serialize.js +1 -1
  113. package/lib/dataflow/sinks/install/postgres.js +1 -1
  114. package/lib/dataflow/sinks/install/sequelize.js +7 -8
  115. package/lib/dataflow/sinks/install/sqlite3.js +1 -1
  116. package/lib/dataflow/sinks/install/vm.js +1 -1
  117. package/lib/dataflow/sources/common.js +1 -1
  118. package/lib/dataflow/sources/handler.js +11 -10
  119. package/lib/dataflow/sources/index.js +2 -2
  120. package/lib/dataflow/sources/install/body-parser1.js +11 -13
  121. package/lib/dataflow/sources/install/{busboy1.js → busboy.js} +15 -15
  122. package/lib/dataflow/sources/install/cookie-parser1.js +7 -6
  123. package/lib/dataflow/sources/install/express/index.js +1 -1
  124. package/lib/dataflow/sources/install/express/params.js +9 -10
  125. package/lib/dataflow/sources/install/express/parsedUrl.js +1 -1
  126. package/lib/dataflow/sources/install/fastify/fastify.js +6 -7
  127. package/lib/dataflow/sources/install/fastify/index.js +1 -1
  128. package/lib/dataflow/sources/install/formidable1.js +8 -6
  129. package/lib/dataflow/sources/install/http.js +4 -4
  130. package/lib/dataflow/sources/install/koa/index.js +1 -1
  131. package/lib/dataflow/sources/install/koa/koa-bodyparsers.js +10 -9
  132. package/lib/dataflow/sources/install/koa/koa-multer.js +1 -1
  133. package/lib/dataflow/sources/install/koa/koa-routers.js +6 -8
  134. package/lib/dataflow/sources/install/koa/koa2.js +42 -38
  135. package/lib/dataflow/sources/install/multer1.js +1 -1
  136. package/lib/dataflow/sources/install/qs6.js +7 -6
  137. package/lib/dataflow/sources/install/querystring.js +4 -4
  138. package/lib/dataflow/tag-utils.js +1 -1
  139. package/lib/dataflow/tracker.js +1 -1
  140. package/lib/dataflow/utils/is-safe-content-type.js +1 -1
  141. package/lib/dataflow/utils/is-vulnerable.js +1 -1
  142. package/lib/event-factory.js +35 -33
  143. package/lib/get-policy.js +1 -1
  144. package/lib/get-source-context.js +1 -1
  145. package/lib/index.d.ts +16 -2
  146. package/lib/index.js +1 -1
  147. package/lib/make-source-context.js +6 -2
  148. package/lib/response-scanning/handlers/index.js +1 -1
  149. package/lib/response-scanning/handlers/utils.js +1 -1
  150. package/lib/response-scanning/index.js +1 -1
  151. package/lib/response-scanning/install/http.js +1 -1
  152. package/lib/rule-scopes.js +1 -1
  153. package/lib/session-configuration/common.js +1 -1
  154. package/lib/session-configuration/handlers.js +67 -49
  155. package/lib/session-configuration/index.js +3 -1
  156. package/lib/session-configuration/install/express-session.js +15 -24
  157. package/lib/session-configuration/install/fastify-cookie.js +110 -0
  158. package/lib/session-configuration/install/hapi.js +8 -11
  159. package/lib/session-configuration/install/koa.js +101 -0
  160. package/package.json +1 -1
package/lib/dataflow/propagation/install/querystring/escape.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/querystring/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/querystring/parse.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/querystring/stringify.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/reg-exp-prototype-exec.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/send.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/sequelize/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/sequelize/query-generator.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/sequelize/sql-string.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/sql-template-strings.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/concat.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/format-methods.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/html-methods.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/match-all.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/match.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/replace.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/slice.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/split.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
@@ -74,7 +74,7 @@ module.exports = function(core) {
74
74
  const event = createPropagationEvent({
75
75
  name,
76
76
  moduleName: 'String',
77
- methodName: 'prototype.slice',
77
+ methodName: 'prototype.split',
78
78
  context: `'${objInfo.value}'.split(${join(args.map(a => a.value), ', ')})`,
79
79
  history: [objInfo],
80
80
  object: {
package/lib/dataflow/propagation/install/string/substring.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/string/trim.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/unescape.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/url/domain-parsers.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/url/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/url/parse.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/url/searchParams.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/url/url.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/util-format.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/validator/hooks.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/validator/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/propagation/install/validator/methods.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/common.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/child-process.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/eval.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/express/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/express/unvalidated-redirect.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/fastify/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/fastify/unvalidated-redirect.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/fs.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/function.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/http/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/http/request.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/http/server-response.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/koa/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/koa/unvalidated-redirect.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/libxmljs.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/marsdb.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
@@ -44,7 +44,7 @@ const querySafeTags = [
44
44
  * }} core
45
45
  * @returns {import('@contrast/common').Installable}
46
46
  */
47
- module.exports = function(core) {
47
+ module.exports = function (core) {
48
48
  const {
49
49
  depHooks,
50
50
  logger,
@@ -82,7 +82,7 @@ module.exports = function(core) {
82
82
  const name = `marsdb.Collection.prototype.${method}`;
83
83
 
84
84
  if (!proto[method]) {
85
- logger.trace({ name }, `marsdb method ${method} not found!`);
85
+ logger.trace('method %s not found - skipping instrumentation', name);
86
86
  return;
87
87
  }
88
88
 
@@ -133,7 +133,7 @@ module.exports = function(core) {
133
133
  });
134
134
  }
135
135
 
136
- instr.install = function() {
136
+ instr.install = function () {
137
137
  depHooks.resolve({ name: 'marsdb' }, (marsdb) => {
138
138
  collectionMethods.forEach((method) => patchCollection(marsdb, method));
139
139
  });
package/lib/dataflow/sinks/install/mongodb.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
@@ -75,7 +75,7 @@ const querySafeTags = [
75
75
  * }} core
76
76
  * @returns {import('@contrast/common').Installable}
77
77
  */
78
- module.exports = function(core) {
78
+ module.exports = function (core) {
79
79
  const {
80
80
  config,
81
81
  depHooks,
@@ -237,7 +237,7 @@ module.exports = function(core) {
237
237
 
238
238
  function createAroundHook(entity, name, method, getInfoMethod, vulnerableArgIdxs) {
239
239
  const argsIdxsToCheck = vulnerableArgIdxs || [0];
240
- return function(next, data) {
240
+ return function (next, data) {
241
241
  if (!getSourceContext(RULE, ruleId)) return next();
242
242
 
243
243
  const { obj, args: origArgs } = data;
@@ -324,7 +324,7 @@ module.exports = function(core) {
324
324
  reportFindings({ ruleId, sinkEvent });
325
325
  }
326
326
  } catch (err) {
327
- core.logger.error({ name, err }, 'assess sink analysis failed');
327
+ core.logger.error({ err, funcKey: data.funcKey }, 'assess sink analysis failed');
328
328
  }
329
329
 
330
330
  return methodsWithNestedCalls.includes(method)
@@ -333,7 +333,7 @@ module.exports = function(core) {
333
333
  };
334
334
  }
335
335
 
336
- instr.install = function() {
336
+ instr.install = function () {
337
337
  depHooks.resolve({ name: 'mongodb' }, (mongodb, version) => {
338
338
  patchCollection(mongodb, version);
339
339
  patchDatabase(mongodb, version);
@@ -346,7 +346,7 @@ module.exports = function(core) {
346
346
  const name = `mongodb.Collection.prototype.${method}`;
347
347
 
348
348
  if (!proto[method]) {
349
- logger.trace({ name, version }, 'method not found - skipping instrumentation');
349
+ logger.trace({ version }, 'method %s not found - skipping instrumentation', name);
350
350
  continue;
351
351
  }
352
352
 
@@ -384,7 +384,7 @@ module.exports = function(core) {
384
384
  const name = `mongodb.Db.prototype.${method}`;
385
385
 
386
386
  if (!proto[method]) {
387
- logger.trace({ name, version }, 'method not found - skipping instrumentation');
387
+ logger.trace({ version }, 'method %s not found - skipping instrumentation', name);
388
388
  continue;
389
389
  }
390
390
 
package/lib/dataflow/sinks/install/mssql.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/mysql.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/node-serialize.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/postgres.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/sequelize.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
@@ -36,7 +36,7 @@ const { patchType, filterSafeTags } = require('../common');
36
36
  * }} core
37
37
  * @returns {import('@contrast/common').Installable}
38
38
  */
39
- module.exports = function(core) {
39
+ module.exports = function (core) {
40
40
  const {
41
41
  depHooks,
42
42
  patcher,
@@ -62,11 +62,10 @@ module.exports = function(core) {
62
62
 
63
63
  const sequelize = (core.assess.dataflow.sinks.sequelize = {});
64
64
 
65
- sequelize.install = function() {
66
- const sequelizeQueryPatchName = 'sequelize.prototype.query';
65
+ sequelize.install = function () {
67
66
  depHooks.resolve({ name: 'sequelize' }, (sequelize) => {
68
67
  patcher.patch(sequelize.prototype, 'query', {
69
- name: sequelizeQueryPatchName,
68
+ name: 'sequelize.prototype.query',
70
69
  patchType,
71
70
  around(next, data) {
72
71
  if (!getSourceContext(RULE, ruleId) || !data.args[0]) return next();
@@ -80,7 +79,7 @@ module.exports = function(core) {
80
79
 
81
80
  if (queryInfo && !isVulnerableQuery && config.assess.safe_positives.enable) {
82
81
  reportSafePositive({
83
- name: sequelizeQueryPatchName,
82
+ name: data.name,
84
83
  ruleId,
85
84
  safeTags: filterSafeTags(safeTags, queryInfo),
86
85
  strInfo: {
@@ -110,7 +109,7 @@ module.exports = function(core) {
110
109
 
111
110
  const event = createSinkEvent({
112
111
  context: `sequelize.prototype.query(${contextArgs})`,
113
- name: sequelizeQueryPatchName,
112
+ name: data.name,
114
113
  moduleName: 'sequelize',
115
114
  methodName: 'prototype.query',
116
115
  history: [queryInfo],
@@ -136,7 +135,7 @@ module.exports = function(core) {
136
135
  /* c8 ignore next 3 */
137
136
  } catch (err) {
138
137
  core.logger.error(
139
- { name: sequelizeQueryPatchName, err },
138
+ { err, funcKey: data.funcKey },
140
139
  'assess sink analysis failed'
141
140
  );
142
141
  }
package/lib/dataflow/sinks/install/sqlite3.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sinks/install/vm.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5
 
package/lib/dataflow/sources/common.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /*
2
- * Copyright: 2023 Contrast Security, Inc
2
+ * Copyright: 2024 Contrast Security, Inc
3
3
  * Contact: support@contrastsecurity.com
4
4
  * License: Commercial
5
5