@contrast/assess 1.37.0 → 1.39.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/crypto-analysis/install/crypto.js +1 -1
- package/lib/dataflow/propagation/install/JSON/parse.js +1 -0
- package/lib/dataflow/propagation/install/JSON/stringify.js +1 -0
- package/lib/dataflow/propagation/install/array-prototype-join.js +1 -0
- package/lib/dataflow/propagation/install/buffer.js +1 -0
- package/lib/dataflow/propagation/install/contrast-methods/number.js +1 -0
- package/lib/dataflow/propagation/install/contrast-methods/string.js +1 -0
- package/lib/dataflow/propagation/install/contrast-methods/tag.js +1 -0
- package/lib/dataflow/propagation/install/decode-uri-component.js +1 -0
- package/lib/dataflow/propagation/install/ejs/escape-xml.js +1 -0
- package/lib/dataflow/propagation/install/ejs/template.js +1 -0
- package/lib/dataflow/propagation/install/encode-uri.js +1 -0
- package/lib/dataflow/propagation/install/escape-html.js +1 -0
- package/lib/dataflow/propagation/install/escape.js +1 -0
- package/lib/dataflow/propagation/install/fastify-send.js +1 -0
- package/lib/dataflow/propagation/install/handlebars-utils-escape-expression.js +1 -0
- package/lib/dataflow/propagation/install/isnumeric-0.js +1 -0
- package/lib/dataflow/propagation/install/joi/boolean.js +2 -1
- package/lib/dataflow/propagation/install/joi/expression.js +2 -1
- package/lib/dataflow/propagation/install/joi/index.js +3 -1
- package/lib/dataflow/propagation/install/joi/keys.js +1 -0
- package/lib/dataflow/propagation/install/joi/number.js +2 -1
- package/lib/dataflow/propagation/install/joi/string-schema.js +3 -1
- package/lib/dataflow/propagation/install/joi/values.js +2 -1
- package/lib/dataflow/propagation/install/mongoose/schema-map.js +2 -0
- package/lib/dataflow/propagation/install/mongoose/schema-mixed.js +2 -0
- package/lib/dataflow/propagation/install/mongoose/schema-string.js +5 -0
- package/lib/dataflow/propagation/install/mustache-escape.js +1 -0
- package/lib/dataflow/propagation/install/mysql-connection-escape.js +3 -0
- package/lib/dataflow/propagation/install/parse-int.js +1 -0
- package/lib/dataflow/propagation/install/path/basename.js +1 -0
- package/lib/dataflow/propagation/install/path/dirname.js +1 -0
- package/lib/dataflow/propagation/install/path/extname.js +1 -0
- package/lib/dataflow/propagation/install/path/format.js +1 -0
- package/lib/dataflow/propagation/install/path/join-and-resolve.js +1 -0
- package/lib/dataflow/propagation/install/path/normalize.js +1 -0
- package/lib/dataflow/propagation/install/path/parse.js +2 -1
- package/lib/dataflow/propagation/install/path/relative.js +1 -0
- package/lib/dataflow/propagation/install/path/toNamespacedPath.js +1 -0
- package/lib/dataflow/propagation/install/pug/index.js +1 -0
- package/lib/dataflow/propagation/install/pug-runtime-escape.js +1 -0
- package/lib/dataflow/propagation/install/querystring/escape.js +2 -1
- package/lib/dataflow/propagation/install/querystring/parse.js +1 -0
- package/lib/dataflow/propagation/install/querystring/stringify.js +2 -1
- package/lib/dataflow/propagation/install/reg-exp-prototype-exec.js +1 -0
- package/lib/dataflow/propagation/install/send.js +1 -0
- package/lib/dataflow/propagation/install/sequelize/query-generator.js +1 -0
- package/lib/dataflow/propagation/install/sequelize/sql-string.js +1 -0
- package/lib/dataflow/propagation/install/sql-template-strings.js +1 -0
- package/lib/dataflow/propagation/install/string/concat.js +1 -1
- package/lib/dataflow/propagation/install/string/format-methods.js +1 -1
- package/lib/dataflow/propagation/install/string/html-methods.js +1 -1
- package/lib/dataflow/propagation/install/string/index.js +1 -1
- package/lib/dataflow/propagation/install/string/match-all.js +1 -1
- package/lib/dataflow/propagation/install/string/match.js +1 -1
- package/lib/dataflow/propagation/install/string/replace.js +1 -1
- package/lib/dataflow/propagation/install/string/slice.js +1 -1
- package/lib/dataflow/propagation/install/string/split.js +1 -1
- package/lib/dataflow/propagation/install/string/substring.js +1 -1
- package/lib/dataflow/propagation/install/string/trim.js +3 -3
- package/lib/dataflow/propagation/install/unescape.js +1 -0
- package/lib/dataflow/propagation/install/url/domain-parsers.js +1 -0
- package/lib/dataflow/propagation/install/url/parse.js +2 -1
- package/lib/dataflow/propagation/install/url/searchParams.js +3 -1
- package/lib/dataflow/propagation/install/url/url.js +2 -1
- package/lib/dataflow/propagation/install/util-format.js +1 -0
- package/lib/dataflow/propagation/install/validator/hooks.js +2 -0
- package/lib/dataflow/sinks/install/child-process.js +1 -1
- package/lib/dataflow/sinks/install/express/reflected-xss.js +1 -1
- package/lib/dataflow/sinks/install/express/unvalidated-redirect.js +2 -2
- package/lib/dataflow/sinks/install/fastify/unvalidated-redirect.js +1 -1
- package/lib/dataflow/sinks/install/fs-original.js +170 -0
- package/lib/dataflow/sinks/install/fs.js +1 -1
- package/lib/dataflow/sinks/install/function.js +1 -1
- package/lib/dataflow/sinks/install/hapi/unvalidated-redirect.js +1 -1
- package/lib/dataflow/sinks/install/http/request.js +1 -1
- package/lib/dataflow/sinks/install/koa/unvalidated-redirect.js +1 -1
- package/lib/dataflow/sinks/install/libxmljs.js +1 -1
- package/lib/dataflow/sinks/install/marsdb.js +1 -1
- package/lib/dataflow/sinks/install/mongodb.js +1 -1
- package/lib/dataflow/sinks/install/mysql.js +1 -1
- package/lib/dataflow/sinks/install/postgres.js +1 -1
- package/lib/dataflow/sinks/install/sequelize.js +1 -1
- package/lib/dataflow/sinks/install/vm.js +1 -1
- package/lib/dataflow/sources/install/express/params.js +2 -2
- package/lib/dataflow/sources/install/express/parsedUrl.js +1 -1
- package/lib/dataflow/sources/install/express/parsedUrl.test.js +1 -1
- package/lib/sampler.js +1 -1
- package/lib/sampler.test.js +10 -5
- package/lib/session-configuration/install/express-session.js +1 -1
- package/lib/session-configuration/install/fastify-cookie.js +1 -1
- package/lib/session-configuration/install/hapi.js +1 -1
- package/lib/session-configuration/install/koa.js +1 -1
- package/package.json +9 -9
|
@@ -25,7 +25,7 @@ const { patchType } = require('../common');
|
|
|
25
25
|
module.exports = function (core) {
|
|
26
26
|
const {
|
|
27
27
|
assess: {
|
|
28
|
-
inspect, //
|
|
28
|
+
inspect, // TODO NODE-3455: remove
|
|
29
29
|
getSourceContext,
|
|
30
30
|
eventFactory: { createSessionEvent },
|
|
31
31
|
sessionConfiguration: {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/assess",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.39.0",
|
|
4
4
|
"description": "Contrast service providing framework-agnostic Assess support",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -18,15 +18,15 @@
|
|
|
18
18
|
},
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"@contrast/common": "1.26.0",
|
|
21
|
-
"@contrast/config": "1.
|
|
22
|
-
"@contrast/core": "1.
|
|
23
|
-
"@contrast/dep-hooks": "1.
|
|
21
|
+
"@contrast/config": "1.35.0",
|
|
22
|
+
"@contrast/core": "1.40.0",
|
|
23
|
+
"@contrast/dep-hooks": "1.8.0",
|
|
24
24
|
"@contrast/distringuish": "^5.1.0",
|
|
25
|
-
"@contrast/instrumentation": "1.
|
|
26
|
-
"@contrast/logger": "1.
|
|
27
|
-
"@contrast/patcher": "1.
|
|
28
|
-
"@contrast/rewriter": "1.
|
|
29
|
-
"@contrast/scopes": "1.
|
|
25
|
+
"@contrast/instrumentation": "1.18.0",
|
|
26
|
+
"@contrast/logger": "1.13.0",
|
|
27
|
+
"@contrast/patcher": "1.12.0",
|
|
28
|
+
"@contrast/rewriter": "1.16.0",
|
|
29
|
+
"@contrast/scopes": "1.9.0",
|
|
30
30
|
"semver": "^7.6.0"
|
|
31
31
|
}
|
|
32
32
|
}
|