@contrast/assess 1.28.1 → 1.29.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/crypto-analysis/install/crypto.js +2 -2
- package/lib/dataflow/propagation/install/JSON/parse-fn.js +5 -5
- package/lib/dataflow/propagation/install/JSON/parse.js +1 -1
- package/lib/dataflow/propagation/install/JSON/stringify.js +17 -9
- package/lib/dataflow/propagation/install/array-prototype-join.js +7 -6
- package/lib/dataflow/propagation/install/buffer.js +60 -2
- package/lib/dataflow/propagation/install/ejs/template.js +3 -3
- package/lib/dataflow/propagation/install/joi/boolean.js +3 -1
- package/lib/dataflow/propagation/install/joi/expression.js +3 -1
- package/lib/dataflow/propagation/install/joi/keys.js +5 -4
- package/lib/dataflow/propagation/install/joi/number.js +3 -1
- package/lib/dataflow/propagation/install/joi/string-schema.js +1 -5
- package/lib/dataflow/propagation/install/joi/utils.js +9 -5
- package/lib/dataflow/propagation/install/joi/values.js +3 -6
- package/lib/dataflow/propagation/install/mongoose/schema-map.js +2 -2
- package/lib/dataflow/propagation/install/mongoose/schema-mixed.js +2 -2
- package/lib/dataflow/propagation/install/mongoose/schema-string.js +2 -2
- package/lib/dataflow/propagation/install/path/basename.js +2 -2
- package/lib/dataflow/propagation/install/path/common.js +5 -5
- package/lib/dataflow/propagation/install/path/format.js +2 -2
- package/lib/dataflow/propagation/install/path/join-and-resolve.js +2 -2
- package/lib/dataflow/propagation/install/querystring/parse.js +4 -3
- package/lib/dataflow/propagation/install/send.js +2 -2
- package/lib/dataflow/propagation/install/string/concat.js +3 -3
- package/lib/dataflow/propagation/install/string/index.js +3 -2
- package/lib/dataflow/propagation/install/string/match-all.js +0 -1
- package/lib/dataflow/propagation/install/string/match.js +2 -2
- package/lib/dataflow/propagation/install/string/replace.js +6 -6
- package/lib/dataflow/propagation/install/string/slice.js +2 -2
- package/lib/dataflow/propagation/install/string/split.js +2 -2
- package/lib/dataflow/propagation/install/string/substring.js +2 -2
- package/lib/dataflow/sinks/index.js +1 -0
- package/lib/dataflow/sinks/install/child-process.js +3 -3
- package/lib/dataflow/sinks/install/fs.js +2 -2
- package/lib/dataflow/sinks/install/function.js +2 -2
- package/lib/dataflow/sinks/install/restify.js +208 -0
- package/lib/dataflow/sinks/install/vm.js +4 -4
- package/lib/dataflow/sources/handler.js +2 -2
- package/lib/dataflow/sources/index.js +1 -0
- package/lib/dataflow/sources/install/http.js +4 -4
- package/lib/dataflow/sources/install/restify/fieldedTextBodyParser.js +85 -0
- package/lib/dataflow/sources/install/restify/index.js +32 -0
- package/lib/dataflow/sources/install/restify/jsonBodyParser.js +109 -0
- package/lib/dataflow/sources/install/restify/router.js +77 -0
- package/lib/dataflow/tag-utils.js +4 -4
- package/lib/dataflow/tracker.js +1 -0
- package/lib/event-factory.js +3 -3
- package/lib/get-policy.js +2 -2
- package/lib/index.d.ts +18 -0
- package/lib/make-source-context.js +2 -2
- package/lib/response-scanning/handlers/index.js +10 -10
- package/lib/response-scanning/handlers/utils.js +19 -12
- package/lib/response-scanning/install/http.js +9 -59
- package/lib/session-configuration/install/express-session.js +2 -2
- package/lib/session-configuration/install/fastify-cookie.js +2 -2
- package/package.json +4 -4
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
const {
|
|
19
19
|
Rule,
|
|
20
20
|
isString,
|
|
21
|
-
|
|
21
|
+
StringPrototypeToLowerCase,
|
|
22
22
|
} = require('@contrast/common');
|
|
23
23
|
const { InstrumentationType: { RULE } } = require('../../constants');
|
|
24
24
|
const { PATCH_TYPE: patchType } = require('../common');
|
|
@@ -123,7 +123,7 @@ module.exports = function (core) {
|
|
|
123
123
|
const [alg] = data.args;
|
|
124
124
|
if (!isString(alg) || !getSourceContext(RULE, Rule.CRYPTO_BAD_CIPHERS)) return;
|
|
125
125
|
|
|
126
|
-
const algLower =
|
|
126
|
+
const algLower = StringPrototypeToLowerCase.call(alg);
|
|
127
127
|
for (const prefix of SAFE_CIPHER_ALGORITHM_PREFIXES) {
|
|
128
128
|
if (algLower.indexOf(prefix) === 0) return;
|
|
129
129
|
}
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
'use strict';
|
|
16
16
|
|
|
17
|
-
const {
|
|
17
|
+
const { StringPrototypeTrim } = require('@contrast/common');
|
|
18
18
|
|
|
19
19
|
function isNumber(value) {
|
|
20
20
|
return !isNaN(value);
|
|
@@ -31,7 +31,7 @@ function array(input, index, accumulator) {
|
|
|
31
31
|
break;
|
|
32
32
|
}
|
|
33
33
|
|
|
34
|
-
if (
|
|
34
|
+
if (StringPrototypeTrim.call(cv) === '' || (valueIndexes.length > 0 && cv === ',')) {
|
|
35
35
|
index += 1;
|
|
36
36
|
continue;
|
|
37
37
|
}
|
|
@@ -136,7 +136,7 @@ function object(value, index, accumulator) {
|
|
|
136
136
|
}
|
|
137
137
|
|
|
138
138
|
if (
|
|
139
|
-
|
|
139
|
+
StringPrototypeTrim.call(cv) === '' ||
|
|
140
140
|
(cv === ':' && keyIndexesLength > 0) ||
|
|
141
141
|
(cv === ',' && areKeysEqualToValues)
|
|
142
142
|
) {
|
|
@@ -214,10 +214,10 @@ function getStartEndIndices(input) {
|
|
|
214
214
|
let startCharIdx = 0;
|
|
215
215
|
let endCharIdx = input.length - 1;
|
|
216
216
|
|
|
217
|
-
while (!
|
|
217
|
+
while (!StringPrototypeTrim.call(input[startCharIdx])) {
|
|
218
218
|
startCharIdx++;
|
|
219
219
|
}
|
|
220
|
-
while (!
|
|
220
|
+
while (!StringPrototypeTrim.call(input[endCharIdx])) {
|
|
221
221
|
endCharIdx--;
|
|
222
222
|
}
|
|
223
223
|
return [startCharIdx, endCharIdx];
|
|
@@ -97,7 +97,7 @@ module.exports = function (core) {
|
|
|
97
97
|
return core.assess.dataflow.propagation.jsonInstrumentation.parse = {
|
|
98
98
|
install() {
|
|
99
99
|
patcher.patch(JSON, 'parse', {
|
|
100
|
-
name: 'JSON.
|
|
100
|
+
name: 'JSON.parse',
|
|
101
101
|
patchType,
|
|
102
102
|
pre(data) {
|
|
103
103
|
if (!data.args[0] || !sources.getStore()?.assess || instrumentation.isLocked()) return;
|
|
@@ -15,13 +15,20 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
+
const {
|
|
19
|
+
isString,
|
|
20
|
+
ArrayPrototypeSlice,
|
|
21
|
+
StringPrototypeReplace,
|
|
22
|
+
StringPrototypeMatch,
|
|
23
|
+
StringPrototypeMatchAll,
|
|
24
|
+
StringPrototypeSlice,
|
|
25
|
+
} = require('@contrast/common');
|
|
18
26
|
const crypto = require('crypto');
|
|
19
|
-
const { isString, replace, match, matchAll, slice } = require('@contrast/common');
|
|
20
27
|
const { createMergedTags, getAdjustedUntrackedValue } = require('../../../tag-utils');
|
|
21
28
|
const { patchType } = require('../../common');
|
|
22
29
|
|
|
23
30
|
function makeCanary() {
|
|
24
|
-
return
|
|
31
|
+
return StringPrototypeReplace.call(
|
|
25
32
|
crypto
|
|
26
33
|
.randomBytes(12)
|
|
27
34
|
.toString('base64'),
|
|
@@ -82,11 +89,12 @@ module.exports = function(core) {
|
|
|
82
89
|
function getUntrustedSpaceProps(space) {
|
|
83
90
|
// it can't be a problem if it's not a string, if the string is all spaces, or
|
|
84
91
|
// if the string is zero length.
|
|
85
|
-
if (!isString(space) ||
|
|
92
|
+
if (!isString(space) || StringPrototypeMatch.call(space, /^\s+$/) || !space) {
|
|
86
93
|
return null;
|
|
87
94
|
}
|
|
88
95
|
|
|
89
|
-
|
|
96
|
+
|
|
97
|
+
const props = tracker.getData(StringPrototypeSlice.call(space, 0, 10));
|
|
90
98
|
if (!props || !Object.keys(props.tags).length) {
|
|
91
99
|
return null;
|
|
92
100
|
}
|
|
@@ -97,10 +105,10 @@ module.exports = function(core) {
|
|
|
97
105
|
|
|
98
106
|
function createSpaceTagRanges(result, metadata) {
|
|
99
107
|
const tags = {};
|
|
100
|
-
const spaceValue =
|
|
108
|
+
const spaceValue = StringPrototypeSlice.call(metadata.origArgs[2], 0, 10);
|
|
101
109
|
const { spaceProps: { tags: spacePropsTags } } = metadata;
|
|
102
110
|
|
|
103
|
-
const spaces = Array.from(
|
|
111
|
+
const spaces = Array.from(StringPrototypeMatchAll.call(result, new RegExp(`(?<=\\n)(${spaceValue})+?(?=\\d|"|null|]|})`, 'g')));
|
|
104
112
|
|
|
105
113
|
for (const space of spaces) {
|
|
106
114
|
const match = space[0];
|
|
@@ -129,7 +137,7 @@ module.exports = function(core) {
|
|
|
129
137
|
let canaryReplacementDiff = 0;
|
|
130
138
|
// for each marker in the stringify's result, remove the marker and
|
|
131
139
|
// create a TagRange for the value.
|
|
132
|
-
return
|
|
140
|
+
return StringPrototypeReplace.call(result, metadata.regex, (m, id, offset) => {
|
|
133
141
|
// adjust offset by total characters removed so far
|
|
134
142
|
offset = offset - canaryReplacementDiff + 1;
|
|
135
143
|
// we don't replace the opening " in the regex - that just makes sure
|
|
@@ -154,7 +162,7 @@ module.exports = function(core) {
|
|
|
154
162
|
return core.assess.dataflow.propagation.jsonInstrumentation.stringify = {
|
|
155
163
|
install() {
|
|
156
164
|
patcher.patch(JSON, 'stringify', {
|
|
157
|
-
name: 'JSON.
|
|
165
|
+
name: 'JSON.stringify',
|
|
158
166
|
patchType,
|
|
159
167
|
pre(data) {
|
|
160
168
|
if (!sources.getStore()?.assess || instrumentation.isLocked()) return;
|
|
@@ -166,7 +174,7 @@ module.exports = function(core) {
|
|
|
166
174
|
// context used by the post hook.
|
|
167
175
|
data.metadata = {
|
|
168
176
|
history: new Set(),
|
|
169
|
-
origArgs: data.args
|
|
177
|
+
origArgs: ArrayPrototypeSlice.call(data.args),
|
|
170
178
|
strInfos: {},
|
|
171
179
|
propagate: false,
|
|
172
180
|
regex,
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const { isString } = require('@contrast/common');
|
|
18
|
+
const { isString, ArrayPrototypeJoin, UtilInspect } = require('@contrast/common');
|
|
19
19
|
const { InstrumentationType: { PROPAGATOR } } = require('../../../constants');
|
|
20
20
|
const { createAppendTags } = require('../../tag-utils');
|
|
21
21
|
const { patchType } = require('../common');
|
|
@@ -78,6 +78,10 @@ module.exports = function(core) {
|
|
|
78
78
|
const delimiterInfo = tracker.getData(delimiter);
|
|
79
79
|
const initHistory = delimiterInfo ? new Set([delimiterInfo]) : new Set();
|
|
80
80
|
const { newTags, newHistory: history } = accumulateTags(obj, {}, 0, initHistory, delimiterLength, delimiterInfo?.tags);
|
|
81
|
+
const object = {
|
|
82
|
+
value: obj && ArrayPrototypeJoin.call(obj),
|
|
83
|
+
tracked: false
|
|
84
|
+
};
|
|
81
85
|
|
|
82
86
|
const args = [{
|
|
83
87
|
value: delimiterInfo ? delimiterInfo.value : delimiter,
|
|
@@ -89,11 +93,8 @@ module.exports = function(core) {
|
|
|
89
93
|
name,
|
|
90
94
|
moduleName: 'Array',
|
|
91
95
|
methodName: 'prototype.join',
|
|
92
|
-
context:
|
|
93
|
-
object
|
|
94
|
-
value: 'Array',
|
|
95
|
-
tracked: false
|
|
96
|
-
},
|
|
96
|
+
context: `${object.value}.join('${UtilInspect(args[0].value) || ''})`,
|
|
97
|
+
object,
|
|
97
98
|
result: {
|
|
98
99
|
value: resultInfo ? resultInfo.value : result,
|
|
99
100
|
tracked: true
|
|
@@ -14,14 +14,16 @@
|
|
|
14
14
|
*/
|
|
15
15
|
'use strict';
|
|
16
16
|
|
|
17
|
+
const { isString, ArrayPrototypeJoin, StringPrototypeSubstring } = require('@contrast/common');
|
|
17
18
|
const { InstrumentationType: { PROPAGATOR } } = require('../../../constants');
|
|
19
|
+
const { getAdjustedUntrackedValue } = require('../../tag-utils');
|
|
18
20
|
const { patchType } = require('../common');
|
|
19
21
|
|
|
20
22
|
module.exports = function(core) {
|
|
21
23
|
const {
|
|
22
24
|
assess: {
|
|
23
25
|
getSourceContext,
|
|
24
|
-
eventFactory,
|
|
26
|
+
eventFactory: { createPropagationEvent },
|
|
25
27
|
dataflow: { tracker }
|
|
26
28
|
},
|
|
27
29
|
patcher,
|
|
@@ -30,6 +32,7 @@ module.exports = function(core) {
|
|
|
30
32
|
return core.assess.dataflow.propagation.bufferInstrumentation = {
|
|
31
33
|
install() {
|
|
32
34
|
const name = 'global.Buffer.prototype.toString';
|
|
35
|
+
const bufferToString = patcher.unwrap(Buffer.prototype.toString);
|
|
33
36
|
|
|
34
37
|
patcher.patch(global.Buffer.prototype, 'toString', {
|
|
35
38
|
patchType,
|
|
@@ -44,7 +47,7 @@ module.exports = function(core) {
|
|
|
44
47
|
return;
|
|
45
48
|
}
|
|
46
49
|
|
|
47
|
-
const event =
|
|
50
|
+
const event = createPropagationEvent({
|
|
48
51
|
args: data.args.map((a) => ({ tracked: false, value: a })),
|
|
49
52
|
moduleName: 'Buffer',
|
|
50
53
|
methodName: 'prototype.toString',
|
|
@@ -74,8 +77,63 @@ module.exports = function(core) {
|
|
|
74
77
|
}
|
|
75
78
|
}
|
|
76
79
|
});
|
|
80
|
+
|
|
81
|
+
patcher.patch(global.Buffer, 'from', {
|
|
82
|
+
patchType,
|
|
83
|
+
name,
|
|
84
|
+
post(data) {
|
|
85
|
+
const firstArg = data.args[0];
|
|
86
|
+
const argType = isString(firstArg) ? 'string' : Buffer.isBuffer(firstArg) ? 'buffer' : null;
|
|
87
|
+
// this method supports a number of type overloads. we handle when first arg matches these
|
|
88
|
+
const typeSupported = argType == 'string' || argType == 'buffer';
|
|
89
|
+
|
|
90
|
+
if (
|
|
91
|
+
!data.args[0] ||
|
|
92
|
+
!typeSupported ||
|
|
93
|
+
!getSourceContext(PROPAGATOR)
|
|
94
|
+
) return;
|
|
95
|
+
|
|
96
|
+
const trkInfo = tracker.getData(data.args[0]);
|
|
97
|
+
if (trkInfo) {
|
|
98
|
+
const args = data.args.map((arg, i) => {
|
|
99
|
+
if (i == 0) {
|
|
100
|
+
const value = argType == 'string' ? arg : bufferToString.call(arg);
|
|
101
|
+
// todo (NODE-3455): make sure tag ranges are included in substring
|
|
102
|
+
return { tracked: true, value: StringPrototypeSubstring.call(value, 0, 50) };
|
|
103
|
+
} else {
|
|
104
|
+
return { tracked: false, value: getAdjustedUntrackedValue(arg) };
|
|
105
|
+
}
|
|
106
|
+
});
|
|
107
|
+
|
|
108
|
+
const event = createPropagationEvent({
|
|
109
|
+
args,
|
|
110
|
+
moduleName: 'Buffer',
|
|
111
|
+
methodName: 'from',
|
|
112
|
+
context: `Buffer.from(${ArrayPrototypeJoin.call(args.map((a) => a.value))})`,
|
|
113
|
+
object: { tracked: true, value: 'Buffer' },
|
|
114
|
+
history: [trkInfo],
|
|
115
|
+
name,
|
|
116
|
+
result: {
|
|
117
|
+
tracked: true,
|
|
118
|
+
value: args[0].value,
|
|
119
|
+
},
|
|
120
|
+
source: 'P0',
|
|
121
|
+
tags: trkInfo.tags,
|
|
122
|
+
stacktraceOpts: {
|
|
123
|
+
constructorOpt: data.hooked,
|
|
124
|
+
prependFrames: [data.orig]
|
|
125
|
+
},
|
|
126
|
+
target: 'R',
|
|
127
|
+
});
|
|
128
|
+
if (event) {
|
|
129
|
+
tracker.track(data.result, event);
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
},
|
|
133
|
+
});
|
|
77
134
|
},
|
|
78
135
|
uninstall() {
|
|
136
|
+
global.Buffer.from = patcher.unwrap(global.Buffer.from);
|
|
79
137
|
global.Buffer.prototype.toString = patcher.unwrap(global.Buffer.prototype.toString);
|
|
80
138
|
}
|
|
81
139
|
};
|
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
18
|
const { EOL } = require('os');
|
|
19
|
-
const {
|
|
19
|
+
const { ArrayPrototypeJoin } = require('@contrast/common');
|
|
20
20
|
const { patchType } = require('../../common');
|
|
21
21
|
const { InstrumentationType: { PROPAGATOR } } = require('../../../../constants');
|
|
22
22
|
|
|
@@ -39,11 +39,11 @@ module.exports = function (core) {
|
|
|
39
39
|
|
|
40
40
|
/** @type {import('@contrast/rewriter').RewriteOpts} */
|
|
41
41
|
const REWRITE_OPTS = { isModule: false, inject: false, wrap: false, trim: true };
|
|
42
|
-
const WRAPPER_PREFIX =
|
|
42
|
+
const WRAPPER_PREFIX = ArrayPrototypeJoin.call([
|
|
43
43
|
'function tempWrapper() {',
|
|
44
44
|
'function __append(s) { if (s !== undefined && s !== null) __output += s }'
|
|
45
45
|
], EOL);
|
|
46
|
-
const WRAPPER_SUFFIX =
|
|
46
|
+
const WRAPPER_SUFFIX = ArrayPrototypeJoin.call([
|
|
47
47
|
EOL,
|
|
48
48
|
'return __output;',
|
|
49
49
|
'}',
|
|
@@ -15,7 +15,9 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const {
|
|
19
|
+
DataflowTag: { ALPHANUM_SPACE_HYPHEN },
|
|
20
|
+
} = require('@contrast/common');
|
|
19
21
|
const { patchType } = require('../../common');
|
|
20
22
|
|
|
21
23
|
module.exports = function(core) {
|
|
@@ -15,7 +15,9 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const {
|
|
19
|
+
DataflowTag: { HTML_ENCODED },
|
|
20
|
+
} = require('@contrast/common');
|
|
19
21
|
const { patchType } = require('../../common');
|
|
20
22
|
|
|
21
23
|
module.exports = function(core) {
|
|
@@ -16,7 +16,8 @@
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
18
|
const {
|
|
19
|
-
isNonEmptyObject,
|
|
19
|
+
isNonEmptyObject,
|
|
20
|
+
ArrayPrototypeJoin,
|
|
20
21
|
} = require('@contrast/common');
|
|
21
22
|
const { patchType } = require('../../common');
|
|
22
23
|
|
|
@@ -39,16 +40,16 @@ module.exports = function(core) {
|
|
|
39
40
|
});
|
|
40
41
|
}
|
|
41
42
|
|
|
42
|
-
let path =
|
|
43
|
+
let path = ArrayPrototypeJoin.call(refTargetPath, '.');
|
|
43
44
|
|
|
44
45
|
if (isInReference) {
|
|
45
|
-
path =
|
|
46
|
+
path = ArrayPrototypeJoin.call(refTargetPath.slice(0, -1), '.');
|
|
46
47
|
schema.__CONTRAST__.inReferenceTargets.add(path);
|
|
47
48
|
refPath = refPath.slice(0, -1);
|
|
48
49
|
}
|
|
49
50
|
|
|
50
51
|
const refs = schema.__CONTRAST__.refTargets[path] || [];
|
|
51
|
-
refs.push(
|
|
52
|
+
refs.push(ArrayPrototypeJoin.call(refPath, '.'));
|
|
52
53
|
schema.__CONTRAST__.refTargets[path] = refs;
|
|
53
54
|
}
|
|
54
55
|
|
|
@@ -15,7 +15,9 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const {
|
|
19
|
+
DataflowTag: { LIMITED_CHARS },
|
|
20
|
+
} = require('@contrast/common');
|
|
19
21
|
const { patchType } = require('../../common');
|
|
20
22
|
|
|
21
23
|
module.exports = function(core) {
|
|
@@ -16,11 +16,7 @@
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
18
|
const {
|
|
19
|
-
DataflowTag: {
|
|
20
|
-
ALPHANUM_SPACE_HYPHEN,
|
|
21
|
-
LIMITED_CHARS,
|
|
22
|
-
STRING_TYPE_CHECKED
|
|
23
|
-
},
|
|
19
|
+
DataflowTag: { ALPHANUM_SPACE_HYPHEN, LIMITED_CHARS, STRING_TYPE_CHECKED },
|
|
24
20
|
} = require('@contrast/common');
|
|
25
21
|
const { createFullLengthCopyTags } = require('../../../tag-utils');
|
|
26
22
|
const { patchType } = require('../../common');
|
|
@@ -15,12 +15,16 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const {
|
|
19
|
+
StringPrototypeSplit,
|
|
20
|
+
ArrayPrototypeJoin,
|
|
21
|
+
DataflowTag: { CUSTOM_VALIDATED }
|
|
22
|
+
} = require('@contrast/common');
|
|
19
23
|
|
|
20
24
|
function getRefInstancesTrackingData(tracker, obj, refInstancesPaths) {
|
|
21
25
|
return refInstancesPaths
|
|
22
26
|
.map((referenceInstance) => {
|
|
23
|
-
const value =
|
|
27
|
+
const value = StringPrototypeSplit.call(referenceInstance, '.').reduce(
|
|
24
28
|
(acc, v) => acc[v] || acc,
|
|
25
29
|
obj
|
|
26
30
|
);
|
|
@@ -70,10 +74,10 @@ function tagCustomValidatedString(createPropagationEvent, strInfo, metadata) {
|
|
|
70
74
|
|
|
71
75
|
function handleReferences(tracker, schema, validationFn) {
|
|
72
76
|
const contrastData = schema?.schema?.__CONTRAST__;
|
|
73
|
-
let refTargetPath = contrastData &&
|
|
74
|
-
const inReferenceTargetPath = contrastData &&
|
|
77
|
+
let refTargetPath = contrastData && ArrayPrototypeJoin.call(schema.state.path, '.');
|
|
78
|
+
const inReferenceTargetPath = contrastData && ArrayPrototypeJoin.call(schema.state.path.slice(0, -1), '.');
|
|
75
79
|
if (contrastData?.inReferenceTargets.has(inReferenceTargetPath)) {
|
|
76
|
-
refTargetPath =
|
|
80
|
+
refTargetPath = ArrayPrototypeJoin.call(
|
|
77
81
|
schema.state.path.slice(0, -1),
|
|
78
82
|
'.'
|
|
79
83
|
);
|
|
@@ -16,10 +16,7 @@
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
18
|
const {
|
|
19
|
-
isNonEmptyObject,
|
|
20
|
-
isString,
|
|
21
|
-
join,
|
|
22
|
-
traverseValues,
|
|
19
|
+
isNonEmptyObject, isString, traverseValues, ArrayPrototypeJoin
|
|
23
20
|
} = require('@contrast/common');
|
|
24
21
|
const { createMergedTags } = require('../../../tag-utils');
|
|
25
22
|
const { patchType } = require('../../common');
|
|
@@ -61,13 +58,13 @@ module.exports = function(core) {
|
|
|
61
58
|
|
|
62
59
|
|
|
63
60
|
if (result.ref) {
|
|
64
|
-
const targetAbsolutePath =
|
|
61
|
+
const targetAbsolutePath = ArrayPrototypeJoin.call(result.ref.absolute(state), '.');
|
|
65
62
|
|
|
66
63
|
if (isString(value)) {
|
|
67
64
|
validateStringReferenceValue(value, result.value, result.ref, targetAbsolutePath, metadata);
|
|
68
65
|
} else if (isNonEmptyObject(value)) {
|
|
69
66
|
traverseValues(value, (path, _type, v) => {
|
|
70
|
-
validateStringReferenceValue(v, result.value, result.ref,
|
|
67
|
+
validateStringReferenceValue(v, result.value, result.ref, ArrayPrototypeJoin.call([...targetAbsolutePath, ...path], '.'), metadata, path);
|
|
71
68
|
});
|
|
72
69
|
}
|
|
73
70
|
} else if (data.obj?._values.has(data.result?.value)) {
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
'use strict';
|
|
16
16
|
const { patchType } = require('../../common');
|
|
17
17
|
const { userDefinedType } = require('./common');
|
|
18
|
-
const { traverseValues, DataflowTag,
|
|
18
|
+
const { traverseValues, DataflowTag, StringPrototypeSubstring } = require('@contrast/common');
|
|
19
19
|
|
|
20
20
|
module.exports = function (core) {
|
|
21
21
|
const {
|
|
@@ -36,7 +36,7 @@ module.exports = function (core) {
|
|
|
36
36
|
mongooseInstrumentation.schemaMap = schemaMap;
|
|
37
37
|
|
|
38
38
|
const handleString = (strInfo, orig, value, name) => {
|
|
39
|
-
const methodName =
|
|
39
|
+
const methodName = StringPrototypeSubstring.call(name, name.indexOf('.') + 1);
|
|
40
40
|
|
|
41
41
|
// copy because we mutate the metadata value inline
|
|
42
42
|
const history = [{ ...strInfo }];
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
'use strict';
|
|
16
16
|
const { patchType } = require('../../common');
|
|
17
17
|
const { userDefinedType } = require('./common');
|
|
18
|
-
const { traverseValues, DataflowTag,
|
|
18
|
+
const { traverseValues, DataflowTag, StringPrototypeSubstring } = require('@contrast/common');
|
|
19
19
|
|
|
20
20
|
module.exports = function (core) {
|
|
21
21
|
const {
|
|
@@ -36,7 +36,7 @@ module.exports = function (core) {
|
|
|
36
36
|
mongooseInstrumentation.schemaMixed = schemaMixed;
|
|
37
37
|
|
|
38
38
|
const handleString = (strInfo, orig, value, name) => {
|
|
39
|
-
const methodName =
|
|
39
|
+
const methodName = StringPrototypeSubstring.call(name, name.indexOf('.') + 1);
|
|
40
40
|
|
|
41
41
|
// copy because we mutate the metadata value inline
|
|
42
42
|
const history = [{ ...strInfo }];
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const { DataflowTag,
|
|
18
|
+
const { DataflowTag, StringPrototypeSubstring } = require('@contrast/common');
|
|
19
19
|
const { patchType } = require('../../common');
|
|
20
20
|
const { userDefinedType } = require('./common');
|
|
21
21
|
|
|
@@ -141,7 +141,7 @@ module.exports = function (core) {
|
|
|
141
141
|
const strInfo = tracker.getData(value);
|
|
142
142
|
if (!strInfo) return;
|
|
143
143
|
|
|
144
|
-
const methodName =
|
|
144
|
+
const methodName = StringPrototypeSubstring.call(name, name.indexOf('.') + 1);
|
|
145
145
|
// copy because we mutate the metadata value inline
|
|
146
146
|
const history = [{ ...strInfo }];
|
|
147
147
|
const event = createPropagationEvent({
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
|
-
const { isString,
|
|
17
|
+
const { isString, ArrayPrototypeJoin } = require('@contrast/common');
|
|
18
18
|
const { patchType } = require('../../common');
|
|
19
19
|
const {
|
|
20
20
|
excludeExtensionDotFromTags,
|
|
@@ -82,7 +82,7 @@ module.exports = function(core) {
|
|
|
82
82
|
name,
|
|
83
83
|
moduleName: 'path',
|
|
84
84
|
methodName: 'basename',
|
|
85
|
-
context: `path.basename(${
|
|
85
|
+
context: `path.basename(${ArrayPrototypeJoin.call(args.map(a => `'${a.value}'`))})`,
|
|
86
86
|
history: [strInfo],
|
|
87
87
|
object: {
|
|
88
88
|
value: 'path',
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const { StringPrototypeMatchAll, StringPrototypeSubstring, StringPrototypeReplace } = require('@contrast/common');
|
|
19
19
|
const {
|
|
20
20
|
createSubsetTags,
|
|
21
21
|
createAppendTags,
|
|
@@ -35,7 +35,7 @@ function createBasenameTagsInResult({
|
|
|
35
35
|
isWin32,
|
|
36
36
|
}) {
|
|
37
37
|
const segments = Array.from(
|
|
38
|
-
|
|
38
|
+
StringPrototypeMatchAll.call(argStr, isWin32 ? win32RegExp : posixRegExp)
|
|
39
39
|
);
|
|
40
40
|
const basename = segments[segments.length - 1][1];
|
|
41
41
|
const isExtensionRemoved = suffixStr && basename.includes(suffixStr);
|
|
@@ -77,7 +77,7 @@ function createArgTagsInResult({
|
|
|
77
77
|
// the separators eventually including
|
|
78
78
|
// only 1 path separator at the start
|
|
79
79
|
const matchedSegments = Array.from(
|
|
80
|
-
|
|
80
|
+
StringPrototypeMatchAll.call(argStr, isWin32 ? win32RegExp : posixRegExp)
|
|
81
81
|
).reverse();
|
|
82
82
|
|
|
83
83
|
for (let i = 0; i < matchedSegments.length; i++) {
|
|
@@ -107,13 +107,13 @@ function createArgTagsInResult({
|
|
|
107
107
|
i === matchedSegments.length - 1 ? 0 : matchedSegments[i + 1][0].length;
|
|
108
108
|
const segmentStartIdx = startIdx + match.length - segment.length;
|
|
109
109
|
const separators =
|
|
110
|
-
|
|
110
|
+
StringPrototypeSubstring.call(
|
|
111
111
|
argStr,
|
|
112
112
|
previousSegmentIdx + previousSegmentLength,
|
|
113
113
|
segmentStartIdx
|
|
114
114
|
) || '';
|
|
115
115
|
const separatorsInResult = isWin32
|
|
116
|
-
?
|
|
116
|
+
? StringPrototypeReplace.call(separators, /\//g, (_match, idx) => {
|
|
117
117
|
replacedSeparatorsIdxs.push(startIdx - idx);
|
|
118
118
|
|
|
119
119
|
return '\\';
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
|
-
const {
|
|
17
|
+
const { ArrayPrototypeJoin, isString } = require('@contrast/common');
|
|
18
18
|
const { patchType } = require('../../common');
|
|
19
19
|
const { createMergedTags, getAdjustedUntrackedValue } = require('../../../tag-utils');
|
|
20
20
|
const {
|
|
@@ -98,7 +98,7 @@ module.exports = function(core) {
|
|
|
98
98
|
name: patchName,
|
|
99
99
|
moduleName: 'path',
|
|
100
100
|
methodName: 'format',
|
|
101
|
-
context: `path.format(${
|
|
101
|
+
context: `path.format(${ArrayPrototypeJoin.call(eventArgs.map((a) => a.value))})`,
|
|
102
102
|
history,
|
|
103
103
|
object: {
|
|
104
104
|
value: 'path',
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
|
-
const { isString,
|
|
17
|
+
const { isString, ArrayPrototypeJoin } = require('@contrast/common');
|
|
18
18
|
const { createMergedTags } = require('../../../tag-utils');
|
|
19
19
|
const { patchType } = require('../../common');
|
|
20
20
|
const {
|
|
@@ -97,7 +97,7 @@ module.exports = function(core) {
|
|
|
97
97
|
name,
|
|
98
98
|
moduleName: 'path',
|
|
99
99
|
methodName: method,
|
|
100
|
-
context: `path.${method}(${
|
|
100
|
+
context: `path.${method}(${ArrayPrototypeJoin.call(args
|
|
101
101
|
.map((a) => `'${a.value}'`), ',')})`,
|
|
102
102
|
history,
|
|
103
103
|
object: {
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
const querystring = require('querystring');
|
|
19
19
|
const {
|
|
20
20
|
DataflowTag: { URL_ENCODED },
|
|
21
|
-
|
|
21
|
+
ArrayPrototypeJoin,
|
|
22
22
|
} = require('@contrast/common');
|
|
23
23
|
const { createSubsetTags, createAppendTags, getAdjustedUntrackedValue } = require('../../../tag-utils');
|
|
24
24
|
const { patchType } = require('../../common');
|
|
@@ -47,10 +47,11 @@ module.exports = function(core) {
|
|
|
47
47
|
|
|
48
48
|
const resultInfo = tracker.getData(result);
|
|
49
49
|
const [, ...restArgs] = data.origArgs.map(getAdjustedUntrackedValue);
|
|
50
|
-
const
|
|
50
|
+
const args = [trackingData.value, ...restArgs];
|
|
51
|
+
|
|
51
52
|
const event = createPropagationEvent({
|
|
52
53
|
name: data.name,
|
|
53
|
-
context: `querystring.parse('${
|
|
54
|
+
context: `querystring.parse('${ArrayPrototypeJoin.call(args)})`,
|
|
54
55
|
moduleName: 'querystring',
|
|
55
56
|
methodName: 'parse',
|
|
56
57
|
history: [trackingData],
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
'use strict';
|
|
16
16
|
|
|
17
17
|
const { patchType } = require('../common');
|
|
18
|
-
const {
|
|
18
|
+
const { StringPrototypeSlice } = require('@contrast/common');
|
|
19
19
|
|
|
20
20
|
module.exports = function (core) {
|
|
21
21
|
const {
|
|
@@ -42,7 +42,7 @@ module.exports = function (core) {
|
|
|
42
42
|
return;
|
|
43
43
|
}
|
|
44
44
|
|
|
45
|
-
const untrackedPath =
|
|
45
|
+
const untrackedPath = StringPrototypeSlice.call(` ${args[0]}`, 1);
|
|
46
46
|
args[0] = untrackedPath;
|
|
47
47
|
},
|
|
48
48
|
});
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const {
|
|
18
|
+
const { ArrayPrototypeJoin } = require('@contrast/common');
|
|
19
19
|
const { InstrumentationType: { PROPAGATOR } } = require('../../../../constants');
|
|
20
20
|
const { createAppendTags, getAdjustedUntrackedValue } = require('../../../tag-utils');
|
|
21
21
|
const { patchType } = require('../../common');
|
|
@@ -67,10 +67,10 @@ module.exports = function(core) {
|
|
|
67
67
|
globalOffset += `${arg}`.length;
|
|
68
68
|
}
|
|
69
69
|
|
|
70
|
-
const objVal = objInfo ? `'${objInfo.value}'` : getAdjustedUntrackedValue(obj);
|
|
71
|
-
const context = `${objVal}.concat(${join(args.map((a) => a.value))})`;
|
|
72
70
|
|
|
73
71
|
if (history.size) {
|
|
72
|
+
const objVal = objInfo ? `'${objInfo.value}'` : getAdjustedUntrackedValue(obj);
|
|
73
|
+
const context = `${objVal}.concat(${ArrayPrototypeJoin.call(args.map((a) => a.value))})`;
|
|
74
74
|
const event = createPropagationEvent({
|
|
75
75
|
name,
|
|
76
76
|
moduleName: 'String',
|