@contrast/protect 1.12.1 → 1.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/policy.js +7 -0
- package/package.json +1 -1
package/lib/policy.js
CHANGED
|
@@ -98,6 +98,9 @@ module.exports = function(core) {
|
|
|
98
98
|
if (config.protect.disabled_rules.includes(ruleId)) {
|
|
99
99
|
return OFF;
|
|
100
100
|
}
|
|
101
|
+
if (ruleId === 'nosql-injection-mongo') {
|
|
102
|
+
return config.protect.rules?.[ruleId]?.mode || config.protect.rules?.['nosql-injection']?.mode;
|
|
103
|
+
}
|
|
101
104
|
return config.protect.rules?.[ruleId]?.mode;
|
|
102
105
|
}
|
|
103
106
|
|
|
@@ -132,12 +135,16 @@ module.exports = function(core) {
|
|
|
132
135
|
function updateFromProtectionRules(protectionRules) {
|
|
133
136
|
for (const remoteSetting of Object.values(protectionRules)) {
|
|
134
137
|
const { id: ruleId } = remoteSetting;
|
|
138
|
+
if (ruleId === 'nosql-injection' && !getModeFromConfig('nosql-injection-mongo')) {
|
|
139
|
+
policy['nosql-injection-mongo'] = readModeFromSetting(remoteSetting);
|
|
140
|
+
}
|
|
135
141
|
|
|
136
142
|
if (getModeFromConfig(ruleId)) {
|
|
137
143
|
continue;
|
|
138
144
|
}
|
|
139
145
|
|
|
140
146
|
policy[ruleId] = readModeFromSetting(remoteSetting);
|
|
147
|
+
|
|
141
148
|
}
|
|
142
149
|
}
|
|
143
150
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/protect",
|
|
3
|
-
"version": "1.12.
|
|
3
|
+
"version": "1.12.2",
|
|
4
4
|
"description": "Contrast service providing framework-agnostic Protect support",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|