@oracle/oraclejet-audit 15.0.0 → 15.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/jaf-amd.js +1 -1
- package/lib/MetaLib.js +1 -1
- package/lib/checkage.js +1 -1
- package/lib/defaults.js +1 -1
- package/meta/15.0.0/jetauditmeta.js +1 -1
- package/meta/metaverlist.json +1 -1
- package/package.json +2 -2
- package/rulepacks/csp/csp-json-unsafe-expr.js +1 -1
package/meta/metaverlist.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"metaList":{"8.3.0":{"version":"8.3.0","date":"Monday May 04, 2020","time":"4:34pm edt"},"9.0.0":{"version":"9.0.0","date":"Friday Jun 12, 2020","time":"1:57am utc"},"9.1.0":{"version":"9.1.0","date":"Thursday Aug 06, 2020","time":"2:13am utc"},"9.2.0":{"version":"9.2.0","date":"Wednesday Oct 07, 2020","time":"5:41pm utc"},"10.0.0":{"version":"10.0.0","date":"Thursday Jan 07, 2021","time":"9:20pm utc"},"10.1.0":{"version":"10.1.0","date":"Saturday Apr 17, 2021","time":"4:01pm utc"},"11.0.0":{"version":"11.0.0","date":"Friday Jul 02, 2021","time":"3:02am utc"},"11.1.0":{"version":"11.1.0","date":"Thursday Sep 30, 2021","time":"9:33pm utc"},"12.0.0":{"version":"12.0.0","date":"Friday Feb 04, 2022","time":"2:29am utc"},"12.1.0":{"version":"12.1.0","date":"Saturday Apr 09, 2022","time":"7:54am utc"},"13.0.0":{"version":"13.0.4","date":"Thursday Sep 22, 2022","time":"3:14am utc"},"13.1.0":{"version":"13.1.0","date":"Sunday Oct 02, 2022","time":"3:37am utc"},"14.0.0":{"version":"14.0.0","date":"Tuesday Jan 03, 2023","time":"8:54pm utc"},"14.1.0":{"version":"14.1.0","date":"Thursday Apr 06, 2023","time":"7:55pm utc"},"15.0.0":{"version":"15.0.
|
|
1
|
+
{"metaList":{"8.3.0":{"version":"8.3.0","date":"Monday May 04, 2020","time":"4:34pm edt"},"9.0.0":{"version":"9.0.0","date":"Friday Jun 12, 2020","time":"1:57am utc"},"9.1.0":{"version":"9.1.0","date":"Thursday Aug 06, 2020","time":"2:13am utc"},"9.2.0":{"version":"9.2.0","date":"Wednesday Oct 07, 2020","time":"5:41pm utc"},"10.0.0":{"version":"10.0.0","date":"Thursday Jan 07, 2021","time":"9:20pm utc"},"10.1.0":{"version":"10.1.0","date":"Saturday Apr 17, 2021","time":"4:01pm utc"},"11.0.0":{"version":"11.0.0","date":"Friday Jul 02, 2021","time":"3:02am utc"},"11.1.0":{"version":"11.1.0","date":"Thursday Sep 30, 2021","time":"9:33pm utc"},"12.0.0":{"version":"12.0.0","date":"Friday Feb 04, 2022","time":"2:29am utc"},"12.1.0":{"version":"12.1.0","date":"Saturday Apr 09, 2022","time":"7:54am utc"},"13.0.0":{"version":"13.0.4","date":"Thursday Sep 22, 2022","time":"3:14am utc"},"13.1.0":{"version":"13.1.0","date":"Sunday Oct 02, 2022","time":"3:37am utc"},"14.0.0":{"version":"14.0.0","date":"Tuesday Jan 03, 2023","time":"8:54pm utc"},"14.1.0":{"version":"14.1.0","date":"Thursday Apr 06, 2023","time":"7:55pm utc"},"15.0.0":{"version":"15.0.1","date":"Wednesday Jul 26, 2023","time":"4:20am utc"}}}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oracle/oraclejet-audit",
|
|
3
|
-
"version": "15.0.
|
|
3
|
+
"version": "15.0.1",
|
|
4
4
|
"description": "JET AUDIT FRAMEWORK",
|
|
5
5
|
"main": "jaf.js",
|
|
6
6
|
"files": [
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
"lint"
|
|
45
45
|
],
|
|
46
46
|
"Jaf": {
|
|
47
|
-
"version": "7.0.
|
|
47
|
+
"version": "7.0.3"
|
|
48
48
|
},
|
|
49
49
|
"license": "UPL-1.0",
|
|
50
50
|
"dependencies": {
|
|
@@ -3,4 +3,4 @@
|
|
|
3
3
|
* Licensed under The Universal Permissive License (UPL), Version 1.0
|
|
4
4
|
* as shown at https://oss.oracle.com/licenses/upl/
|
|
5
5
|
*/
|
|
6
|
-
const RULE_NAME="csp-json-unsafe-expr";const LONG_DESCRIPT="A JSON member value contains an expression that violates the Content Security Policy, and is not supported. Execution of the expression will be blocked.";const SHORT_DESCRIPT=LONG_DESCRIPT;const CHARACTER="character";const VB_ASSET_TOKEN_MATCHER=/\@{2}(?<tokenRef>[A-Z\d\-\$]*)@{2}/gmi;function Rule(){};Rule.prototype.getName=function(){return RULE_NAME};Rule.prototype.getShortDescription=function(){return SHORT_DESCRIPT};Rule.prototype.getDescription=function(){return LONG_DESCRIPT};Rule.prototype.register=function(regCtx){if(regCtx.runMode==="api"&®Ctx.VsCodeExtHint){if(this._exprEval){regCtx.decache(this._exprEval)}}this._exprEval=require("../../libext/expparser");this._exprEval=new this._exprEval;return{"json":this._onJson}};Rule.prototype._onJson=function(ruleCtx,ast){if(!ast){_onSyntaxError(ruleCtx);return false}this._walk(ruleCtx,ast)};Rule.prototype._walk=function(ruleCtx,ast,members){members=members||ast.members
|
|
6
|
+
const RULE_NAME="csp-json-unsafe-expr";const LONG_DESCRIPT="A JSON member value contains an expression that violates the Content Security Policy, and is not supported. Execution of the expression will be blocked.";const SHORT_DESCRIPT=LONG_DESCRIPT;const CHARACTER="character";const VB_ASSET_TOKEN_MATCHER=/\@{2}(?<tokenRef>[A-Z\d\-\$]*)@{2}/gmi;function Rule(){};Rule.prototype.getName=function(){return RULE_NAME};Rule.prototype.getShortDescription=function(){return SHORT_DESCRIPT};Rule.prototype.getDescription=function(){return LONG_DESCRIPT};Rule.prototype.register=function(regCtx){if(regCtx.runMode==="api"&®Ctx.VsCodeExtHint){if(this._exprEval){regCtx.decache(this._exprEval)}}this._exprEval=require("../../libext/expparser");this._exprEval=new this._exprEval;return{"json":this._onJson}};Rule.prototype._onJson=function(ruleCtx,ast){if(!ast){_onSyntaxError(ruleCtx);return false}this._walk(ruleCtx,ast)};Rule.prototype._walk=function(ruleCtx,ast,members){if(members=members||ast.members){members.forEach(member=>{let val,subMems;if(val=member.value){if(val?.type==="string"&&_isExpr(val?.value)){this._checkExpr(ruleCtx,member)}else if(val?.type==="array"){this._checkArrayExpr(ruleCtx,ast,member)}if(val?.members){if(subMems=val.members){this._walk(ruleCtx,ast,subMems)};}}})}};Rule.prototype._checkArrayExpr=function(ruleCtx,ast,member){var arrayMems,mem,i;if(arrayMems=member.value.members){for(i=0;i<arrayMems.length;i++){if(mem=arrayMems[i]){if(mem.type==="Object"&&mem.members){this._walk(ruleCtx,ast,mem.members)}}}}};Rule.prototype._checkExpr=function(ruleCtx,member){var value,issue,p;value=member.value.value.trim();value=value.substring(2,value.length-2).trim();value=value.replace(VB_ASSET_TOKEN_MATCHER,"$<tokenRef>");try{p=this._exprEval.parse(value)}catch(e){let o=_cleanUp(e.message,member);issue=new ruleCtx.Issue(`Member '${member.name}' contains an expression that may not be compatible with all Content Security policies: "${o.msg}"`);if(o.pos>=0){let pos=member.value.pos;issue.setPosition(pos.line,pos.col+o.pos+3,pos.start+o.pos+3,pos.end+o.pos+3)}else{issue.setPosition(member.value.pos)}ruleCtx.reporter.addIssue(issue,ruleCtx)}};function _cleanUp(msg,member){var pos=-1,x;if((x=msg.indexOf(CHARACTER))>=0){let posChars=msg.substring(x+CHARACTER.length+1);pos=parseInt(posChars);if(!isNaN(pos)){msg=msg.replace(CHARACTER,"column");msg=msg.replace(posChars,""+(pos+member.value.pos.col+3))}}return{msg:msg,pos:pos}};function _onSyntaxError(ruleCtx){if(ruleCtx.suppData){if(!ruleCtx.rulePack.isRuleEnabled("oj-json-syntax","JET")){let issue=new ruleCtx.Issue(ruleCtx.suppData.msg);issue.setPosition(ruleCtx.suppData.line,ruleCtx.suppData.col,ruleCtx.suppData.position,ruleCtx.suppData.position+3);issue.setMsgKey(RULE_NAME+"_1");issue.setSeverity("critical");ruleCtx.reporter.addIssue(issue,ruleCtx)}}};function _isExpr(s){s=s.trimStart();return s.startsWith("[[")||s.startsWith("{{")};module.exports=Rule;
|