ibm-cloud-sdk-core 4.1.1 → 4.1.3

package/CHANGELOG.md

@@ -1,3 +1,17 @@
+## [4.1.3](https://github.com/IBM/node-sdk-core/compare/v4.1.2...v4.1.3) (2023-10-19)
+
+
+### Bug Fixes
+
+* bump @babel/traverse to avoid CVE-2023-45133 ([#253](https://github.com/IBM/node-sdk-core/issues/253)) ([c95f5b2](https://github.com/IBM/node-sdk-core/commit/c95f5b23f3a74e00d53142520f6c9d408e298b6b))
+
+## [4.1.2](https://github.com/IBM/node-sdk-core/compare/v4.1.1...v4.1.2) (2023-09-27)
+
+
+### Bug Fixes
+
+* harden checks for cookies in error responses ([#252](https://github.com/IBM/node-sdk-core/issues/252)) ([36f7bfe](https://github.com/IBM/node-sdk-core/commit/36f7bfeb80cde1ea8b159659a8a0a8c5b4cf6ea1))
+
 ## [4.1.1](https://github.com/IBM/node-sdk-core/compare/v4.1.0...v4.1.1) (2023-09-20)
 
 

package/es/lib/cookie-support.js

@@ -29,7 +29,7 @@ import logger from './logger';
 const internalCreateCookieInterceptor = (cookieJar) => {
     /**
      * This is called by Axios when a request is about to be sent in order to
-     * copy the cookie string from the URL to a request header.
+     * set the "cookie" header in the request.
      *
      * @param config the Axios request config
      * @returns the request config
@@ -65,29 +65,34 @@ const internalCreateCookieInterceptor = (cookieJar) => {
     function responseInterceptor(response) {
         return __awaiter(this, void 0, void 0, function* () {
             logger.debug('CookieInterceptor: intercepting response to check for set-cookie headers.');
-            const cookies = response.headers['set-cookie'];
-            if (cookies) {
-                logger.debug(`CookieInterceptor: setting cookies in jar for URL ${response.config.url}.`);
-                // Write cookies sequentially by chaining the promises in a reduce
-                yield cookies.reduce((cookiePromise, cookie) => cookiePromise.then(() => cookieJar.setCookie(cookie, response.config.url)), Promise.resolve(null));
+            if (response && response.headers) {
+                const cookies = response.headers['set-cookie'];
+                if (cookies) {
+                    logger.debug(`CookieInterceptor: setting cookies in jar for URL ${response.config.url}.`);
+                    // Write cookies sequentially by chaining the promises in a reduce
+                    yield cookies.reduce((cookiePromise, cookie) => cookiePromise.then(() => cookieJar.setCookie(cookie, response.config.url)), Promise.resolve(null));
+                }
+                else {
+                    logger.debug('CookieInterceptor: no set-cookie headers.');
+                }
             }
             else {
-                logger.debug('CookieInterceptor: no set-cookie headers.');
+                logger.debug('CookieInterceptor: no response headers.');
             }
             return response;
         });
     }
     /**
      * This is called by Axios when a non-2xx response has been received.
-     * We'll simply invoke the "responseFulfilled" method since we want to
-     * do the same cookie handler as for a success response.
+     * We'll simply delegate to the "responseInterceptor" method since we want to
+     * do the same cookie handling as for a success response.
      * @param error the Axios error object that describes the non-2xx response
      * @returns the error object
      */
     function responseRejected(error) {
         return __awaiter(this, void 0, void 0, function* () {
             logger.debug('CookieIntercepter: intercepting error response');
-            if (isAxiosError(error)) {
+            if (isAxiosError(error) && error.response) {
                 logger.debug('CookieIntercepter: delegating to responseInterceptor()');
                 yield responseInterceptor(error.response);
             }

package/lib/cookie-support.js

@@ -62,7 +62,7 @@ var logger_1 = __importDefault(require("./logger"));
 var internalCreateCookieInterceptor = function (cookieJar) {
     /**
      * This is called by Axios when a request is about to be sent in order to
-     * copy the cookie string from the URL to a request header.
+     * set the "cookie" header in the request.
      *
      * @param config the Axios request config
      * @returns the request config
@@ -110,6 +110,7 @@ var internalCreateCookieInterceptor = function (cookieJar) {
                 switch (_a.label) {
                     case 0:
                         logger_1.default.debug('CookieInterceptor: intercepting response to check for set-cookie headers.');
+                        if (!(response && response.headers)) return [3 /*break*/, 4];
                         cookies = response.headers['set-cookie'];
                         if (!cookies) return [3 /*break*/, 2];
                         logger_1.default.debug("CookieInterceptor: setting cookies in jar for URL ".concat(response.config.url, "."));
@@ -124,15 +125,19 @@ var internalCreateCookieInterceptor = function (cookieJar) {
                     case 2:
                         logger_1.default.debug('CookieInterceptor: no set-cookie headers.');
                         _a.label = 3;
-                    case 3: return [2 /*return*/, response];
+                    case 3: return [3 /*break*/, 5];
+                    case 4:
+                        logger_1.default.debug('CookieInterceptor: no response headers.');
+                        _a.label = 5;
+                    case 5: return [2 /*return*/, response];
                 }
             });
         });
     }
     /**
      * This is called by Axios when a non-2xx response has been received.
-     * We'll simply invoke the "responseFulfilled" method since we want to
-     * do the same cookie handler as for a success response.
+     * We'll simply delegate to the "responseInterceptor" method since we want to
+     * do the same cookie handling as for a success response.
      * @param error the Axios error object that describes the non-2xx response
      * @returns the error object
      */
@@ -142,7 +147,7 @@ var internalCreateCookieInterceptor = function (cookieJar) {
                 switch (_a.label) {
                     case 0:
                         logger_1.default.debug('CookieIntercepter: intercepting error response');
-                        if (!(0, axios_1.isAxiosError)(error)) return [3 /*break*/, 2];
+                        if (!((0, axios_1.isAxiosError)(error) && error.response)) return [3 /*break*/, 2];
                         logger_1.default.debug('CookieIntercepter: delegating to responseInterceptor()');
                         return [4 /*yield*/, responseInterceptor(error.response)];
                     case 1:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ibm-cloud-sdk-core",
-  "version": "4.1.1",
+  "version": "4.1.3",
   "description": "Core functionality to support SDKs generated with IBM's OpenAPI SDK Generator.",
   "main": "index.js",
   "typings": "./es/index.d.ts",