@contrast/assess 1.60.0 → 1.61.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/lib/dataflow/sinks/install/http/server-response.js +1 -12
  2. package/lib/dataflow/sinks/install/restify.js +1 -1
  3. package/lib/dataflow/sources/install/http.js +1 -1
  4. package/lib/response-scanning/install/http.js +0 -12
  5. package/package.json +14 -14
package/lib/dataflow/sinks/install/http/server-response.js CHANGED
@@ -77,7 +77,7 @@ module.exports = function(core) {
77
77
  ];
78
78
 
79
79
  const preHook = (moduleName, responseName, method) => ({ args, obj: response, result, hooked, orig }) => {
80
- const methodName = `${responseName + (moduleName !== 'spdy' ? '.prototype' : '')}.${method}`;
80
+ const methodName = `${`${responseName}.prototype`}.${method}`;
81
81
  const name = `${moduleName}.${methodName}`;
82
82
  const sourceContext = getSinkContext(ruleId);
83
83
  if (!sourceContext) return;
@@ -91,7 +91,6 @@ module.exports = function(core) {
91
91
  const { contentType } = sourceContext.responseData;
92
92
  if (contentType && isSafeContentType(contentType)) return;
93
93
 
94
- if (moduleName === 'spdy') response.spdyStream.once('finish', () => response.emit('finish'));
95
94
  if (isVulnerable(UNTRUSTED, safeTags, strInfo.tags)) {
96
95
  const event = createSinkEvent({
97
96
  args: [{
@@ -175,16 +174,6 @@ module.exports = function(core) {
175
174
  });
176
175
  }
177
176
  });
178
- depHooks.resolve({ name: 'spdy', version: '<5', file: 'lib/spdy/response.js' }, (response) => {
179
- {
180
- const method = 'end';
181
- patcher.patch(response, method, {
182
- name: 'spdy.response.end',
183
- patchType,
184
- pre: preHook('spdy', 'response', method),
185
- });
186
- }
187
- });
188
177
  };
189
178
 
190
179
  return http;
package/lib/dataflow/sinks/install/restify.js CHANGED
@@ -113,7 +113,7 @@ module.exports = function(core) {
113
113
  install() {
114
114
  // restify adds functionality to the built-in response via this patch function.
115
115
  // once it returns the request, it'll have been decorated with redirect() method.
116
- depHooks.resolve({ name: 'restify', version: '<12', file: 'lib/response.js' }, (responsePatch) => patcher.patch(responsePatch, {
116
+ depHooks.resolve({ name: 'restify', version: '>=10 <12', file: 'lib/response.js' }, (responsePatch) => patcher.patch(responsePatch, {
117
117
  name: 'restify.response.patch',
118
118
  patchType,
119
119
  post(data) {
package/lib/dataflow/sources/install/http.js CHANGED
@@ -196,7 +196,7 @@ module.exports = function (core) {
196
196
  }
197
197
 
198
198
  function install() {
199
- ['http', 'https', 'spdy', 'http2'].forEach((moduleName) => {
199
+ ['http', 'https', 'http2'].forEach((moduleName) => {
200
200
  instrument({
201
201
  moduleName,
202
202
  patchObjects: [{
package/lib/response-scanning/install/http.js CHANGED
@@ -146,18 +146,6 @@ module.exports = function(core) {
146
146
  });
147
147
  }
148
148
  });
149
-
150
- depHooks.resolve({ name: 'spdy', version: '<5', file: 'lib/spdy/response.js' }, (response) => {
151
- patcher.patch(response, 'end', {
152
- name: 'spdy.response.end',
153
- patchType: 'test',
154
- post(data) {
155
- const sourceContext = getSourceContext();
156
- if (!sourceContext) return;
157
- endHookChecks(sourceContext, data.obj.getHeaders?.(), StringPrototypeToLowerCase.call(data.args[0] || ''));
158
- }
159
- });
160
- });
161
149
  };
162
150
 
163
151
  return http;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@contrast/assess",
3
- "version": "1.60.0",
3
+ "version": "1.61.0",
4
4
  "description": "Contrast service providing framework-agnostic Assess support",
5
5
  "license": "SEE LICENSE IN LICENSE",
6
6
  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -14,24 +14,24 @@
14
14
  "types": "lib/index.d.ts",
15
15
  "engines": {
16
16
  "npm": ">=6.13.7 <7 || >= 8.3.1",
17
- "node": ">= 16.9.1"
17
+ "node": ">= 18.7.0"
18
18
  },
19
19
  "scripts": {
20
20
  "test": "bash ../scripts/test.sh"
21
21
  },
22
22
  "dependencies": {
23
- "@contrast/common": "1.35.0",
24
- "@contrast/config": "1.50.0",
25
- "@contrast/core": "1.55.0",
26
- "@contrast/dep-hooks": "1.24.0",
27
- "@contrast/distringuish": "^5.1.0",
28
- "@contrast/instrumentation": "1.34.0",
29
- "@contrast/logger": "1.28.0",
30
- "@contrast/patcher": "1.27.0",
31
- "@contrast/rewriter": "1.31.0",
32
- "@contrast/route-coverage": "1.47.0",
33
- "@contrast/scopes": "1.25.0",
34
- "@contrast/sources": "1.1.0",
23
+ "@contrast/common": "1.36.0",
24
+ "@contrast/config": "1.51.0",
25
+ "@contrast/core": "1.56.0",
26
+ "@contrast/dep-hooks": "1.25.0",
27
+ "@contrast/distringuish": "^6.0.2",
28
+ "@contrast/instrumentation": "1.35.0",
29
+ "@contrast/logger": "1.29.0",
30
+ "@contrast/patcher": "1.28.0",
31
+ "@contrast/rewriter": "1.32.0",
32
+ "@contrast/route-coverage": "1.48.0",
33
+ "@contrast/scopes": "1.26.0",
34
+ "@contrast/sources": "1.2.0",
35
35
  "semver": "^7.6.0"
36
36
  }
37
37
  }