@contrast/assess 1.65.0 → 1.66.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/lib/configuration-analysis/install/apollo-server.js +1 -1
  2. package/lib/configuration-analysis/install/graphql-yoga.js +1 -1
  3. package/lib/dataflow/sinks/install/fs.js +8 -15
  4. package/package.json +11 -11
package/lib/configuration-analysis/install/apollo-server.js CHANGED
@@ -39,7 +39,7 @@ module.exports = function (core) {
39
39
  const apolloServer = core.assess.configurationAnalysis.apolloServer = {};
40
40
 
41
41
  apolloServer.install = function () {
42
- return depHooks.resolve({ name: '@apollo/server', version: '>=4', file: 'dist/cjs' }, (xport) => {
42
+ return depHooks.resolve({ name: '@apollo/server', version: '>=4' }, (xport) => {
43
43
  if (!xport.ApolloServer) return;
44
44
  patcher.patch(xport, 'ApolloServer', {
45
45
  name: '@apollo/server.ApolloServer',
package/lib/configuration-analysis/install/graphql-yoga.js CHANGED
@@ -39,7 +39,7 @@ module.exports = function (core) {
39
39
  const graphqlYoga = core.assess.configurationAnalysis.graphqlYoga = {};
40
40
 
41
41
  graphqlYoga.install = function () {
42
- return depHooks.resolve({ name: '@graphql-yoga/plugin-disable-introspection', version: '*', file: 'cjs' }, (xport) => patcher.patch(xport, 'useDisableIntrospection', {
42
+ return depHooks.resolve({ name: '@graphql-yoga/plugin-disable-introspection', version: '*' }, (xport) => patcher.patch(xport, 'useDisableIntrospection', {
43
43
  name: '@graphql-yoga/plugin-disable-introspection.useDisableIntrospection',
44
44
  patchType,
45
45
  post(data) {
package/lib/dataflow/sinks/install/fs.js CHANGED
@@ -41,6 +41,7 @@ module.exports = function(core) {
41
41
  tracker,
42
42
  sinks: { isVulnerable, reportFindings },
43
43
  },
44
+ ruleScopes
44
45
  },
45
46
  } = core;
46
47
 
@@ -60,12 +61,12 @@ module.exports = function(core) {
60
61
  }, []);
61
62
  }
62
63
 
63
- const pre = (name, method, moduleName = 'fs', fullMethodName = '') => (data) => {
64
+ const around = (name, method, moduleName = 'fs', fullMethodName = '') => (next, data) => {
64
65
  const { name: methodName, indices } = method;
65
- if (!getSinkContext(ruleId)) return;
66
+ if (!getSinkContext(ruleId)) return next();
66
67
 
67
68
  const values = getValues(indices, data.args);
68
- if (!values.length) return;
69
+ if (!values.length) return next();
69
70
 
70
71
  const args = values.map((v) => {
71
72
  const strInfo = tracker.getData(v);
@@ -111,6 +112,7 @@ module.exports = function(core) {
111
112
  });
112
113
  }
113
114
  }
115
+ return ruleScopes.run(ruleId, next);
114
116
  };
115
117
 
116
118
  core.assess.dataflow.sinks.pathTraversal = {
@@ -123,7 +125,7 @@ module.exports = function(core) {
123
125
  patcher.patch(fs, method.name, {
124
126
  name,
125
127
  patchType,
126
- pre: pre(name, method),
128
+ around: around(name, method),
127
129
  });
128
130
  }
129
131
 
@@ -134,19 +136,10 @@ module.exports = function(core) {
134
136
  patcher.patch(fs, syncName, {
135
137
  name,
136
138
  patchType,
137
- pre: pre(name, method, 'fs', syncName),
139
+ around: around(name, method, 'fs', syncName),
138
140
  });
139
141
  }
140
142
  }
141
-
142
- if (method.promises && fs.promises && fs.promises[method.name]) {
143
- const name = `fs.promises.${method.name}`;
144
- patcher.patch(fs.promises, method.name, {
145
- name,
146
- patchType,
147
- pre: pre(name, method, 'fs.promises'),
148
- });
149
- }
150
143
  }
151
144
  });
152
145
 
@@ -157,7 +150,7 @@ module.exports = function(core) {
157
150
  patcher.patch(fsPromises, method.name, {
158
151
  name,
159
152
  patchType,
160
- pre: pre(name, method, 'fsPromises'),
153
+ around: around(name, method, 'fsPromises'),
161
154
  });
162
155
  }
163
156
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@contrast/assess",
3
- "version": "1.65.0",
3
+ "version": "1.66.0",
4
4
  "description": "Contrast service providing framework-agnostic Assess support",
5
5
  "license": "SEE LICENSE IN LICENSE",
6
6
  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,17 +21,17 @@
21
21
  },
22
22
  "dependencies": {
23
23
  "@contrast/common": "1.38.0",
24
- "@contrast/config": "1.54.0",
25
- "@contrast/core": "1.59.0",
26
- "@contrast/dep-hooks": "1.28.0",
24
+ "@contrast/config": "1.54.1",
25
+ "@contrast/core": "1.59.1",
26
+ "@contrast/dep-hooks": "1.28.1",
27
27
  "@contrast/distringuish": "^6.0.2",
28
- "@contrast/instrumentation": "1.38.0",
29
- "@contrast/logger": "1.32.0",
30
- "@contrast/patcher": "1.31.0",
31
- "@contrast/rewriter": "1.36.0",
32
- "@contrast/route-coverage": "1.51.0",
33
- "@contrast/scopes": "1.29.0",
34
- "@contrast/sources": "1.5.0",
28
+ "@contrast/instrumentation": "1.38.1",
29
+ "@contrast/logger": "1.32.1",
30
+ "@contrast/patcher": "1.31.1",
31
+ "@contrast/rewriter": "1.36.1",
32
+ "@contrast/route-coverage": "1.52.0",
33
+ "@contrast/scopes": "1.29.1",
34
+ "@contrast/sources": "1.5.1",
35
35
  "semver": "^7.6.0"
36
36
  }
37
37
  }