npm - @virusis/api-client - Versions diffs - 0.1.17 → 0.1.19 - Mend

@virusis/api-client 0.1.17 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/dist/base.d.ts CHANGED Viewed

@@ -3,7 +3,16 @@ export declare class ApiClientConfig {
     getToken?: (() => string | null | Promise<string | null>) | undefined;
     getAppKey?: (() => string | null | Promise<string | null>) | undefined;
     appKeyHeaderName: string;
-    constructor(baseUrl: string, getToken?: (() => string | null | Promise<string | null>) | undefined, getAppKey?: (() => string | null | Promise<string | null>) | undefined, appKeyHeaderName?: string);
+    sanitizeRequests: boolean;
+    onInputSecurityEvent?: ((event: {
+        field: string;
+        threats: string[];
+    }) => void) | undefined;
+    trustedAbsoluteHosts: string[];
+    constructor(baseUrl: string, getToken?: (() => string | null | Promise<string | null>) | undefined, getAppKey?: (() => string | null | Promise<string | null>) | undefined, appKeyHeaderName?: string, sanitizeRequests?: boolean, onInputSecurityEvent?: ((event: {
+        field: string;
+        threats: string[];
+    }) => void) | undefined, trustedAbsoluteHosts?: string[]);
 }
 export declare class BaseApiClient {
     protected readonly configuration: ApiClientConfig;

package/dist/base.js CHANGED Viewed

@@ -5,13 +5,19 @@ export class ApiClientConfig {
     // Deger AppKey (ornek: "0101000" trial UI, "0201000" private API backend).
     getAppKey,
     // Header adi configurable — default "X-App-Key".
-    appKeyHeaderName = "X-App-Key") {
+    appKeyHeaderName = "X-App-Key",
+    // INPUT-SECURITY-2026-05-03: Defensive sanitization for requests
+    sanitizeRequests = true, onInputSecurityEvent, trustedAbsoluteHosts = []) {
         this.baseUrl = baseUrl;
         this.getToken = getToken;
         this.getAppKey = getAppKey;
         this.appKeyHeaderName = appKeyHeaderName;
+        this.sanitizeRequests = sanitizeRequests;
+        this.onInputSecurityEvent = onInputSecurityEvent;
+        this.trustedAbsoluteHosts = trustedAbsoluteHosts;
     }
 }
+import { validatePath, sanitizeBody, validateAbsoluteUrl } from "./security/request-sanitizer.js";
 export class BaseApiClient {
     constructor(configuration) {
         this.configuration = configuration;
@@ -26,6 +32,24 @@ export async function doFetch(cfg, path, init) {
     if (!cfg.baseUrl) {
         throw new Error("ApiClientConfig.baseUrl is required and must be absolute.");
     }
+    // INPUT-SECURITY-2026-05-03: Full request sanitization when enabled
+    if (cfg.sanitizeRequests) {
+        // Validate path
+        const pathCheck = validatePath(path);
+        if (!pathCheck.safe) {
+            throw new Error("Blocked: dangerous characters in request path");
+        }
+        // Sanitize JSON body
+        if (init?.body && typeof init.body === "string") {
+            const contentType = getContentType(init);
+            if (contentType.includes("application/json")) {
+                const sanitized = applySanitizeBody(cfg, init.body);
+                if (sanitized) {
+                    init = { ...init, body: sanitized };
+                }
+            }
+        }
+    }
     const headers = new Headers(init?.headers || {});
     headers.set("Accept", "application/json");
     if (!headers.has("Content-Type"))
@@ -49,6 +73,23 @@ export async function doFetchAbsolute(cfg, url, init) {
     if (!cfg.baseUrl) {
         throw new Error("ApiClientConfig.baseUrl is required and must be absolute.");
     }
+    // INPUT-SECURITY-2026-05-03: Use shared SSRF/scheme/host validator
+    if (cfg.sanitizeRequests) {
+        const urlCheck = validateAbsoluteUrl(url, cfg.trustedAbsoluteHosts);
+        if (!urlCheck.safe) {
+            throw new Error(`Blocked: ${urlCheck.reason}`);
+        }
+        // Sanitize JSON body
+        if (init?.body && typeof init.body === "string") {
+            const contentType = getContentType(init);
+            if (contentType.includes("application/json")) {
+                const sanitized = applySanitizeBody(cfg, init.body);
+                if (sanitized) {
+                    init = { ...init, body: sanitized };
+                }
+            }
+        }
+    }
     const headers = new Headers(init?.headers || {});
     headers.set("Accept", "application/json");
     if (!headers.has("Content-Type"))
@@ -70,6 +111,10 @@ export async function doFetchAbsolute(cfg, url, init) {
 function buildUrl(base, path) {
     const trimmedBase = base.replace(/\/+$/, "");
     let trimmedPath = path.replace(/^\/+/, "");
+    // INPUT-SECURITY-2026-05-03: Path traversal / injection preflight
+    if (/\.\.[/\\]|%2e%2e|%2f|%5c|[\r\n\x00-\x1F]/i.test(trimmedPath)) {
+        throw new Error("Blocked: dangerous characters in request path");
+    }
     if (trimmedPath && !trimmedPath.startsWith("/")) {
         trimmedPath = "/" + trimmedPath;
     }
@@ -82,6 +127,19 @@ function buildUrl(base, path) {
 // Returns a fetch function that injects auth + default headers, keeps Response intact
 export function buildAuthFetch(cfg) {
     return async (url, init) => {
+        if (cfg.sanitizeRequests) {
+            validateRequestTarget(cfg, url);
+        }
+        // INPUT-SECURITY-2026-05-03: Sanitize body for auth fetch path
+        if (cfg.sanitizeRequests && init?.body && typeof init.body === "string") {
+            const contentType = getContentType(init);
+            if (contentType.includes("application/json")) {
+                const sanitized = applySanitizeBody(cfg, init.body);
+                if (sanitized) {
+                    init = { ...init, body: sanitized };
+                }
+            }
+        }
         const headers = new Headers(init?.headers || {});
         headers.set("Accept", "application/json");
         if (!headers.has("Content-Type"))
@@ -131,3 +189,91 @@ export function buildHttpWithDefaults(cfg, defaults) {
         },
     };
 }
+// ─── Input security helpers for fetch paths ─────────────────────
+function getContentType(init) {
+    if (!init?.headers)
+        return "application/json";
+    const h = new Headers(init.headers);
+    return h.get("Content-Type") ?? "application/json";
+}
+function validateRequestTarget(cfg, input) {
+    const value = requestInfoToString(input);
+    if (!value)
+        return;
+    if (isAbsoluteUrl(value)) {
+        const urlCheck = validateAbsoluteUrl(value, cfg.trustedAbsoluteHosts);
+        if (!urlCheck.safe) {
+            throw new Error(`Blocked: ${urlCheck.reason}`);
+        }
+        return;
+    }
+    const pathCheck = validatePath(value);
+    if (!pathCheck.safe) {
+        throw new Error("Blocked: dangerous characters in request path");
+    }
+}
+function requestInfoToString(input) {
+    if (typeof input === "string")
+        return input;
+    if (input instanceof URL)
+        return input.toString();
+    if (typeof Request !== "undefined" && input instanceof Request)
+        return input.url;
+    return "";
+}
+function isAbsoluteUrl(value) {
+    try {
+        new URL(value);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Parse, sanitize, and re-serialize a JSON body string.
+ * Returns the sanitized JSON string, or throws on blocked content.
+ */
+function applySanitizeBody(cfg, bodyStr) {
+    let parsed;
+    try {
+        parsed = JSON.parse(bodyStr);
+    }
+    catch {
+        return null; // not valid JSON — pass through
+    }
+    if (typeof parsed !== "object" || parsed === null) {
+        return null;
+    }
+    const isRootArray = Array.isArray(parsed);
+    const bodyForSanitizer = isRootArray
+        ? { items: parsed }
+        : parsed;
+    const result = sanitizeBody(bodyForSanitizer);
+    if (result.blocked) {
+        // Emit event if handler registered
+        for (const t of result.threats) {
+            if (cfg.onInputSecurityEvent && t.detectedThreats?.length) {
+                cfg.onInputSecurityEvent({
+                    field: "body",
+                    threats: t.detectedThreats.map((d) => d.type),
+                });
+            }
+        }
+        throw new Error("Blocked: request body contains dangerous content — " +
+            result.threats.map((t) => t.detectedThreats?.map((d) => d.type).join(",")).join("; "));
+    }
+    if (result.modified) {
+        // Emit event for sanitized (non-blocked) modifications
+        for (const t of result.threats) {
+            if (cfg.onInputSecurityEvent && t.detectedThreats?.length) {
+                cfg.onInputSecurityEvent({
+                    field: "body",
+                    threats: t.detectedThreats.map((d) => d.type),
+                });
+            }
+        }
+        return JSON.stringify(isRootArray ? result.body.items : result.body);
+    }
+    return null; // no modifications needed
+}

package/dist/container.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@ export declare function getServices(): {
     baseUserDevicesService: import("./index.js").BaseUserDevicesClient;
     curlTasksService: import("./index.js").CurlTasksClient;
     devicesService: import("./index.js").DevicesClient;
+    diagnosticsService: import("./index.js").DiagnosticsClient;
     feedbacksService: import("./index.js").FeedbacksClient;
     apiService: import("./index.js").ApiClient;
     interactionTrackersService: import("./index.js").InteractionTrackersClient;
@@ -26,9 +27,11 @@ export declare function getServices(): {
     menusService: import("./index.js").MenusClient;
     notificationsService: import("./index.js").NotificationsClient;
     operationClaimsService: import("./index.js").OperationClaimsClient;
+    portalService: import("./index.js").PortalClient;
     queueMonitorService: import("./index.js").QueueMonitorClient;
     metricsService: import("./index.js").MetricsClient;
     healthService: import("./index.js").HealthClient;
+    riskService: import("./index.js").RiskClient;
     scanApiBusSourcesService: import("./index.js").ScanApiBusSourcesClient;
     scanApiCredentialsService: import("./index.js").ScanApiCredentialsClient;
     scanApiCredentialUsagesService: import("./index.js").ScanApiCredentialUsagesClient;
@@ -96,6 +99,7 @@ export declare function getServicesRx(): {
     baseUserDevicesService: import("./index.js").BaseUserDevicesClient;
     curlTasksService: import("./index.js").CurlTasksClient;
     devicesService: import("./index.js").DevicesClient;
+    diagnosticsService: import("./index.js").DiagnosticsClient;
     feedbacksService: import("./index.js").FeedbacksClient;
     apiService: import("./index.js").ApiClient;
     interactionTrackersService: import("./index.js").InteractionTrackersClient;
@@ -104,9 +108,11 @@ export declare function getServicesRx(): {
     menusService: import("./index.js").MenusClient;
     notificationsService: import("./index.js").NotificationsClient;
     operationClaimsService: import("./index.js").OperationClaimsClient;
+    portalService: import("./index.js").PortalClient;
     queueMonitorService: import("./index.js").QueueMonitorClient;
     metricsService: import("./index.js").MetricsClient;
     healthService: import("./index.js").HealthClient;
+    riskService: import("./index.js").RiskClient;
     scanApiBusSourcesService: import("./index.js").ScanApiBusSourcesClient;
     scanApiCredentialsService: import("./index.js").ScanApiCredentialsClient;
     scanApiCredentialUsagesService: import("./index.js").ScanApiCredentialUsagesClient;
@@ -175,6 +181,7 @@ export declare function getServicesByMode(mode?: ClientMode): {
     baseUserDevicesService: import("./index.js").BaseUserDevicesClient;
     curlTasksService: import("./index.js").CurlTasksClient;
     devicesService: import("./index.js").DevicesClient;
+    diagnosticsService: import("./index.js").DiagnosticsClient;
     feedbacksService: import("./index.js").FeedbacksClient;
     apiService: import("./index.js").ApiClient;
     interactionTrackersService: import("./index.js").InteractionTrackersClient;
@@ -183,9 +190,11 @@ export declare function getServicesByMode(mode?: ClientMode): {
     menusService: import("./index.js").MenusClient;
     notificationsService: import("./index.js").NotificationsClient;
     operationClaimsService: import("./index.js").OperationClaimsClient;
+    portalService: import("./index.js").PortalClient;
     queueMonitorService: import("./index.js").QueueMonitorClient;
     metricsService: import("./index.js").MetricsClient;
     healthService: import("./index.js").HealthClient;
+    riskService: import("./index.js").RiskClient;
     scanApiBusSourcesService: import("./index.js").ScanApiBusSourcesClient;
     scanApiCredentialsService: import("./index.js").ScanApiCredentialsClient;
     scanApiCredentialUsagesService: import("./index.js").ScanApiCredentialUsagesClient;

package/dist/generated/clients/diagnostics-service.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { DiagnosticsClient, DiagnosticsClient as DiagnosticsService, IDiagnosticsClient } from "../index.js";
2	+ export { DiagnosticsClient as diagnosticsService, IDiagnosticsClient as iDiagnosticsClient } from "../index.js";

package/dist/generated/clients/diagnostics-service.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { DiagnosticsClient, DiagnosticsClient as DiagnosticsService } from "../index.js";
2	+ export { DiagnosticsClient as diagnosticsService } from "../index.js";

package/dist/generated/clients/index.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export * from "./auth-service.js";
 export * from "./base-user-devices-service.js";
 export * from "./curl-tasks-service.js";
 export * from "./devices-service.js";
+export * from "./diagnostics-service.js";
 export * from "./feedbacks-service.js";
 export * from "./api-service.js";
 export * from "./interaction-trackers-service.js";
@@ -13,9 +14,11 @@ export * from "./menu-operation-claims-service.js";
 export * from "./menus-service.js";
 export * from "./notifications-service.js";
 export * from "./operation-claims-service.js";
+export * from "./portal-service.js";
 export * from "./queue-monitor-service.js";
 export * from "./metrics-service.js";
 export * from "./health-service.js";
+export * from "./risk-service.js";
 export * from "./scan-api-bus-sources-service.js";
 export * from "./scan-api-credentials-service.js";
 export * from "./scan-api-credential-usages-service.js";

package/dist/generated/clients/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ export * from "./auth-service.js";
 export * from "./base-user-devices-service.js";
 export * from "./curl-tasks-service.js";
 export * from "./devices-service.js";
+export * from "./diagnostics-service.js";
 export * from "./feedbacks-service.js";
 export * from "./api-service.js";
 export * from "./interaction-trackers-service.js";
@@ -13,9 +14,11 @@ export * from "./menu-operation-claims-service.js";
 export * from "./menus-service.js";
 export * from "./notifications-service.js";
 export * from "./operation-claims-service.js";
+export * from "./portal-service.js";
 export * from "./queue-monitor-service.js";
 export * from "./metrics-service.js";
 export * from "./health-service.js";
+export * from "./risk-service.js";
 export * from "./scan-api-bus-sources-service.js";
 export * from "./scan-api-credentials-service.js";
 export * from "./scan-api-credential-usages-service.js";

package/dist/generated/clients/portal-service.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { PortalClient, PortalClient as PortalService, IPortalClient } from "../index.js";
2	+ export { PortalClient as portalService, IPortalClient as iPortalClient } from "../index.js";

package/dist/generated/clients/portal-service.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { PortalClient, PortalClient as PortalService } from "../index.js";
2	+ export { PortalClient as portalService } from "../index.js";

package/dist/generated/clients/risk-service.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { RiskClient, RiskClient as RiskService, IRiskClient } from "../index.js";
2	+ export { RiskClient as riskService, IRiskClient as iRiskClient } from "../index.js";

package/dist/generated/clients/risk-service.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { RiskClient, RiskClient as RiskService } from "../index.js";
2	+ export { RiskClient as riskService } from "../index.js";

package/dist/generated/clients-rx/diagnostics-service-rx.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { DiagnosticsClient } from "../index.js";
+import type { ApiClientConfig } from "../../base.js";
+export declare function createDiagnosticsServiceRx(config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}): import("../../rx.js").Rxified<DiagnosticsClient>;
+export type DiagnosticsServiceRx = ReturnType<typeof createDiagnosticsServiceRx>;
+export declare const diagnosticsServiceRx: (config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}) => import("../../rx.js").Rxified<DiagnosticsClient>;
+export declare class DiagnosticsServiceRxClass {
+    constructor(config: ApiClientConfig, baseUrl?: string, http?: {
+        fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+    });
+}
+export interface DiagnosticsServiceRxClass extends DiagnosticsServiceRx {
+}

package/dist/generated/clients-rx/diagnostics-service-rx.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { DiagnosticsClient } from "../index.js";
+import { rxifyClient } from "../../rx.js";
+export function createDiagnosticsServiceRx(config, baseUrl, http) {
+    return rxifyClient(new DiagnosticsClient(config, baseUrl, http));
+}
+export const diagnosticsServiceRx = (config, baseUrl, http) => createDiagnosticsServiceRx(config, baseUrl, http);
+// Angular DI icin: class token kullandiginda Observable donen wrapper
+export class DiagnosticsServiceRxClass {
+    constructor(config, baseUrl, http) {
+        return createDiagnosticsServiceRx(config, baseUrl, http);
+    }
+}

package/dist/generated/clients-rx/index.d.ts CHANGED Viewed

@@ -5,6 +5,7 @@ export * from "./auth-service-rx.js";
 export * from "./base-user-devices-service-rx.js";
 export * from "./curl-tasks-service-rx.js";
 export * from "./devices-service-rx.js";
+export * from "./diagnostics-service-rx.js";
 export * from "./feedbacks-service-rx.js";
 export * from "./api-service-rx.js";
 export * from "./interaction-trackers-service-rx.js";
@@ -13,9 +14,11 @@ export * from "./menu-operation-claims-service-rx.js";
 export * from "./menus-service-rx.js";
 export * from "./notifications-service-rx.js";
 export * from "./operation-claims-service-rx.js";
+export * from "./portal-service-rx.js";
 export * from "./queue-monitor-service-rx.js";
 export * from "./metrics-service-rx.js";
 export * from "./health-service-rx.js";
+export * from "./risk-service-rx.js";
 export * from "./scan-api-bus-sources-service-rx.js";
 export * from "./scan-api-credentials-service-rx.js";
 export * from "./scan-api-credential-usages-service-rx.js";

package/dist/generated/clients-rx/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ export * from "./auth-service-rx.js";
 export * from "./base-user-devices-service-rx.js";
 export * from "./curl-tasks-service-rx.js";
 export * from "./devices-service-rx.js";
+export * from "./diagnostics-service-rx.js";
 export * from "./feedbacks-service-rx.js";
 export * from "./api-service-rx.js";
 export * from "./interaction-trackers-service-rx.js";
@@ -13,9 +14,11 @@ export * from "./menu-operation-claims-service-rx.js";
 export * from "./menus-service-rx.js";
 export * from "./notifications-service-rx.js";
 export * from "./operation-claims-service-rx.js";
+export * from "./portal-service-rx.js";
 export * from "./queue-monitor-service-rx.js";
 export * from "./metrics-service-rx.js";
 export * from "./health-service-rx.js";
+export * from "./risk-service-rx.js";
 export * from "./scan-api-bus-sources-service-rx.js";
 export * from "./scan-api-credentials-service-rx.js";
 export * from "./scan-api-credential-usages-service-rx.js";

package/dist/generated/clients-rx/portal-service-rx.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { PortalClient } from "../index.js";
+import type { ApiClientConfig } from "../../base.js";
+export declare function createPortalServiceRx(config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}): import("../../rx.js").Rxified<PortalClient>;
+export type PortalServiceRx = ReturnType<typeof createPortalServiceRx>;
+export declare const portalServiceRx: (config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}) => import("../../rx.js").Rxified<PortalClient>;
+export declare class PortalServiceRxClass {
+    constructor(config: ApiClientConfig, baseUrl?: string, http?: {
+        fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+    });
+}
+export interface PortalServiceRxClass extends PortalServiceRx {
+}

package/dist/generated/clients-rx/portal-service-rx.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { PortalClient } from "../index.js";
+import { rxifyClient } from "../../rx.js";
+export function createPortalServiceRx(config, baseUrl, http) {
+    return rxifyClient(new PortalClient(config, baseUrl, http));
+}
+export const portalServiceRx = (config, baseUrl, http) => createPortalServiceRx(config, baseUrl, http);
+// Angular DI icin: class token kullandiginda Observable donen wrapper
+export class PortalServiceRxClass {
+    constructor(config, baseUrl, http) {
+        return createPortalServiceRx(config, baseUrl, http);
+    }
+}

package/dist/generated/clients-rx/risk-service-rx.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { RiskClient } from "../index.js";
+import type { ApiClientConfig } from "../../base.js";
+export declare function createRiskServiceRx(config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}): import("../../rx.js").Rxified<RiskClient>;
+export type RiskServiceRx = ReturnType<typeof createRiskServiceRx>;
+export declare const riskServiceRx: (config: ApiClientConfig, baseUrl?: string, http?: {
+    fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+}) => import("../../rx.js").Rxified<RiskClient>;
+export declare class RiskServiceRxClass {
+    constructor(config: ApiClientConfig, baseUrl?: string, http?: {
+        fetch(url: RequestInfo, init?: RequestInit): Promise<Response>;
+    });
+}
+export interface RiskServiceRxClass extends RiskServiceRx {
+}

package/dist/generated/clients-rx/risk-service-rx.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { RiskClient } from "../index.js";
+import { rxifyClient } from "../../rx.js";
+export function createRiskServiceRx(config, baseUrl, http) {
+    return rxifyClient(new RiskClient(config, baseUrl, http));
+}
+export const riskServiceRx = (config, baseUrl, http) => createRiskServiceRx(config, baseUrl, http);
+// Angular DI icin: class token kullandiginda Observable donen wrapper
+export class RiskServiceRxClass {
+    constructor(config, baseUrl, http) {
+        return createRiskServiceRx(config, baseUrl, http);
+    }
+}