@kaitranntt/ccs 7.79.1-dev.16 → 7.79.1-dev.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -83,6 +83,16 @@ const TOOL_HOVER = 'browser_hover';
|
|
|
83
83
|
const TOOL_QUERY = 'browser_query';
|
|
84
84
|
const TOOL_TAKE_ELEMENT_SCREENSHOT = 'browser_take_element_screenshot';
|
|
85
85
|
const TOOL_WAIT_FOR_EVENT = 'browser_wait_for_event';
|
|
86
|
+
const SENSITIVE_INTERCEPT_HEADER_NAMES = new Set([
|
|
87
|
+
'authorization',
|
|
88
|
+
'cookie',
|
|
89
|
+
'cookie2',
|
|
90
|
+
'proxy-authorization',
|
|
91
|
+
'x-api-key',
|
|
92
|
+
'x-api-token',
|
|
93
|
+
'x-auth-token',
|
|
94
|
+
]);
|
|
95
|
+
|
|
86
96
|
const TOOL_NAMES = [
|
|
87
97
|
TOOL_SESSION_INFO,
|
|
88
98
|
TOOL_URL_TITLE,
|
|
@@ -612,10 +622,15 @@ function getTools() {
|
|
|
612
622
|
urlRegex: { type: 'string' },
|
|
613
623
|
headerMatchers: {
|
|
614
624
|
type: 'array',
|
|
625
|
+
description:
|
|
626
|
+
'Match non-sensitive request headers. Cookie, Authorization, and token headers are not allowed.',
|
|
615
627
|
items: {
|
|
616
628
|
type: 'object',
|
|
617
629
|
properties: {
|
|
618
|
-
name: {
|
|
630
|
+
name: {
|
|
631
|
+
type: 'string',
|
|
632
|
+
description: 'Non-sensitive request header name to match.',
|
|
633
|
+
},
|
|
619
634
|
valueIncludes: { type: 'string' },
|
|
620
635
|
valueRegex: { type: 'string' },
|
|
621
636
|
},
|
|
@@ -1379,6 +1394,10 @@ function parseOptionalPriority(value) {
|
|
|
1379
1394
|
return value;
|
|
1380
1395
|
}
|
|
1381
1396
|
|
|
1397
|
+
function isSensitiveInterceptHeaderName(name) {
|
|
1398
|
+
return SENSITIVE_INTERCEPT_HEADER_NAMES.has(name.toLowerCase());
|
|
1399
|
+
}
|
|
1400
|
+
|
|
1382
1401
|
function parseOptionalHeaderMatchers(value) {
|
|
1383
1402
|
if (value === undefined) {
|
|
1384
1403
|
return [];
|
|
@@ -1391,6 +1410,9 @@ function parseOptionalHeaderMatchers(value) {
|
|
|
1391
1410
|
throw new Error('headerMatchers entries must be objects');
|
|
1392
1411
|
}
|
|
1393
1412
|
const name = requireNonEmptyString(entry.name, 'headerMatchers.name');
|
|
1413
|
+
if (isSensitiveInterceptHeaderName(name)) {
|
|
1414
|
+
throw new Error(`headerMatchers.name cannot target sensitive request header: ${name}`);
|
|
1415
|
+
}
|
|
1394
1416
|
const valueIncludes =
|
|
1395
1417
|
entry.valueIncludes === undefined
|
|
1396
1418
|
? ''
|