@crowdstrike/foundry-js 0.19.0 → 0.20.0

package/dist/apis/remote-response/index.d.ts

@@ -56,8 +56,7 @@ export interface PostEntitiesAppCommandV1QueryParams extends BaseUrlParams {
     appScriptVersion?: QueryParam;
 }
 export type PostEntitiesAppCommandV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesAppCommandV1PostData {
-}
+export type PostEntitiesAppCommandV1PostData = Record<string, never>;
 export type PostEntitiesAppCommandV1ResponseMessage = BaseApiResponseMessage<PostEntitiesAppCommandV1ApiResponse>;
 export interface PostEntitiesAppCommandV1RequestMessage extends BaseApiRequestMessage<PostEntitiesAppCommandV1QueryParams, PostEntitiesAppCommandV1PostData> {
     api: RemoteResponseRequestApi;
@@ -68,8 +67,7 @@ export interface PostEntitiesAppSessionsV1QueryParams extends BaseUrlParams {
     timeoutDuration?: QueryParam;
 }
 export type PostEntitiesAppSessionsV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesAppSessionsV1PostData {
-}
+export type PostEntitiesAppSessionsV1PostData = Record<string, never>;
 export type PostEntitiesAppSessionsV1ResponseMessage = BaseApiResponseMessage<PostEntitiesAppSessionsV1ApiResponse>;
 export interface PostEntitiesAppSessionsV1RequestMessage extends BaseApiRequestMessage<PostEntitiesAppSessionsV1QueryParams, PostEntitiesAppSessionsV1PostData> {
     api: RemoteResponseRequestApi;
@@ -77,8 +75,7 @@ export interface PostEntitiesAppSessionsV1RequestMessage extends BaseApiRequestM
 }
 export type PostEntitiesPutFilesV1QueryParams = BaseUrlParams;
 export type PostEntitiesPutFilesV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesPutFilesV1PostData {
-}
+export type PostEntitiesPutFilesV1PostData = Record<string, never>;
 export type PostEntitiesPutFilesV1ResponseMessage = BaseApiResponseMessage<PostEntitiesPutFilesV1ApiResponse>;
 export interface PostEntitiesPutFilesV1RequestMessage extends BaseApiRequestMessage<PostEntitiesPutFilesV1QueryParams, PostEntitiesPutFilesV1PostData> {
     api: RemoteResponseRequestApi;

package/dist/apis/user-management/index.d.ts

@@ -26,8 +26,7 @@ export interface GetQueriesUsersV1RequestMessage extends BaseApiRequestMessage<G
 }
 export type PostEntitiesUsersGetV1QueryParams = BaseUrlParams;
 export type PostEntitiesUsersGetV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesUsersGetV1PostData {
-}
+export type PostEntitiesUsersGetV1PostData = Record<string, never>;
 export type PostEntitiesUsersGetV1ResponseMessage = BaseApiResponseMessage<PostEntitiesUsersGetV1ApiResponse>;
 export interface PostEntitiesUsersGetV1RequestMessage extends BaseApiRequestMessage<PostEntitiesUsersGetV1QueryParams, PostEntitiesUsersGetV1PostData> {
     api: UserManagementRequestApi;

package/dist/apis/workflows/index.d.ts

@@ -28,8 +28,7 @@ export interface PostEntitiesExecuteV1QueryParams extends BaseUrlParams {
     depth?: QueryParam;
 }
 export type PostEntitiesExecuteV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesExecuteV1PostData {
-}
+export type PostEntitiesExecuteV1PostData = Record<string, never>;
 export type PostEntitiesExecuteV1ResponseMessage = BaseApiResponseMessage<PostEntitiesExecuteV1ApiResponse>;
 export interface PostEntitiesExecuteV1RequestMessage extends BaseApiRequestMessage<PostEntitiesExecuteV1QueryParams, PostEntitiesExecuteV1PostData> {
     api: WorkflowsRequestApi;
@@ -39,8 +38,7 @@ export interface PostEntitiesExecutionActionsV1QueryParams extends BaseUrlParams
     actionName: QueryParam;
 }
 export type PostEntitiesExecutionActionsV1ApiResponse = ApiResponsePayload;
-export interface PostEntitiesExecutionActionsV1PostData {
-}
+export type PostEntitiesExecutionActionsV1PostData = Record<string, never>;
 export type PostEntitiesExecutionActionsV1ResponseMessage = BaseApiResponseMessage<PostEntitiesExecutionActionsV1ApiResponse>;
 export interface PostEntitiesExecutionActionsV1RequestMessage extends BaseApiRequestMessage<PostEntitiesExecutionActionsV1QueryParams, PostEntitiesExecutionActionsV1PostData> {
     api: WorkflowsRequestApi;

package/dist/index.js

@@ -1,3 +1,9 @@
+var REGEX = /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-8][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$/i;
+
+function validate(uuid) {
+    return typeof uuid === 'string' && REGEX.test(uuid);
+}
+
 const byteToHex = [];
 for (let i = 0; i < 256; ++i) {
     byteToHex.push((i + 0x100).toString(16).slice(1));
@@ -40,10 +46,7 @@ function rng() {
 const randomUUID = typeof crypto !== 'undefined' && crypto.randomUUID && crypto.randomUUID.bind(crypto);
 var native = { randomUUID };
 
-function v4(options, buf, offset) {
-    if (native.randomUUID && true && !options) {
-        return native.randomUUID();
-    }
+function _v4(options, buf, offset) {
     options = options || {};
     const rnds = options.random ?? options.rng?.() ?? rng();
     if (rnds.length < 16) {
@@ -53,6 +56,12 @@ function v4(options, buf, offset) {
     rnds[8] = (rnds[8] & 0x3f) | 0x80;
     return unsafeStringify(rnds);
 }
+function v4(options, buf, offset) {
+    if (native.randomUUID && true && !options) {
+        return native.randomUUID();
+    }
+    return _v4(options);
+}
 
 const VERSION = 'current';
 
@@ -70,6 +79,13 @@ event) {
 const CONNECTION_TIMEOUT = 5_000;
 const API_TIMEOUT = 30_000;
 const NAVIGATION_TIMEOUT = 5_000;
+function sanitizeMessageId(messageId) {
+    // Only allow valid UUID strings
+    if (typeof messageId !== 'string' || !validate(messageId)) {
+        return null;
+    }
+    return messageId;
+}
 function timeoutForMessage(message) {
     const timeout = message.type === 'connect'
         ? CONNECTION_TIMEOUT
@@ -161,12 +177,18 @@ class Bridge {
             return;
         }
         const { messageId } = event.data.meta;
-        const callback = this.pendingMessages.get(messageId);
-        if (!callback) {
+        // Sanitize messageId to prevent unvalidated dynamic method calls
+        const sanitizedMessageId = sanitizeMessageId(messageId);
+        if (!sanitizedMessageId) {
+            this.throwError(`Received message with invalid messageId format`);
+            return;
+        }
+        const callback = this.pendingMessages.get(sanitizedMessageId);
+        if (!callback || typeof callback !== 'function') {
             this.throwError(`Received unexpected message`);
             return;
         }
-        this.pendingMessages.delete(messageId);
+        this.pendingMessages.delete(sanitizedMessageId);
         callback(message.payload);
     };
     throwError(message) {
@@ -3543,4 +3565,3 @@ __decorate([
 ], FalconApi.prototype, "logscale", null);
 
 export { Bridge, FalconApi as default };
-//# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crowdstrike/foundry-js",
-  "version": "0.19.0",
+  "version": "0.20.0",
   "description": "foundry-js is the JavaScript SDK for authoring UI Extensions for CrowdStrike's Foundry platform.",
   "repository": {
     "type": "git",
@@ -45,36 +45,36 @@
     "test": "vitest"
   },
   "dependencies": {
-    "emittery": "^1.0.3",
-    "typescript-memoize": "^1.1.1",
-    "uuid": "^11.1.0"
+    "emittery": "1.2.0",
+    "typescript-memoize": "1.1.1",
+    "uuid": "13.0.0"
   },
   "devDependencies": {
-    "@changesets/changelog-github": "^0.5.0",
-    "@changesets/cli": "^2.27.3",
+    "@changesets/changelog-github": "0.5.1",
+    "@changesets/cli": "2.29.7",
+    "@eslint/js": "9.36.0",
     "@rollup/plugin-node-resolve": "16.0.1",
-    "@rollup/plugin-replace": "^6.0.2",
+    "@rollup/plugin-replace": "6.0.2",
     "@rollup/plugin-typescript": "12.1.4",
-    "@types/uuid": "10.0.0",
-    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^8.34.0",
-    "concurrently": "^9.1.2",
-    "eslint": "^8.40.0",
-    "eslint-config-prettier": "^10.1.5",
-    "eslint-plugin-import": "^2.28.1",
-    "eslint-plugin-prettier": "^5.0.0",
-    "eslint-plugin-sort-imports-es6-autofix": "^0.6.0",
-    "happy-dom": "^18.0.1",
-    "jsdom": "^26.1.0",
-    "p-event": "^6.0.1",
-    "prettier": "^3.2.5",
-    "rollup": "4.45.1",
+    "@typescript-eslint/eslint-plugin": "8.45.0",
+    "@typescript-eslint/parser": "8.45.0",
+    "concurrently": "9.2.1",
+    "eslint": "9.36.0",
+    "eslint-config-prettier": "10.1.8",
+    "eslint-plugin-import": "2.32.0",
+    "eslint-plugin-prettier": "5.5.4",
+    "eslint-plugin-sort-imports-es6-autofix": "0.6.0",
+    "happy-dom": "20.0.0",
+    "jsdom": "27.0.0",
+    "p-event": "7.0.0",
+    "prettier": "3.6.2",
+    "rollup": "4.52.3",
     "tslib": "2.8.1",
-    "typedoc": "^0.28.5",
-    "typedoc-plugin-missing-exports": "^4.0.0",
-    "typedoc-plugin-rename-defaults": "^0.7.0",
-    "typescript": "5.8.3",
-    "vitest": "^3.1.4"
+    "typedoc": "0.28.13",
+    "typedoc-plugin-missing-exports": "4.1.0",
+    "typedoc-plugin-rename-defaults": "0.7.3",
+    "typescript": "5.9.2",
+    "vitest": "3.2.4"
   },
   "engines": {
     "node": ">=22"