xploitscan-shared-rules 1.8.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +9 -9
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +9 -9
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -3954,9 +3954,9 @@ var xxeVulnerability = {
|
|
|
3954
3954
|
));
|
|
3955
3955
|
}
|
|
3956
3956
|
}
|
|
3957
|
-
if (!/parseXml\s*\(/.test(content)) return matches;
|
|
3957
|
+
if (!/parseXml\s*\(/.test(content)) return filterSilenced(matches, content, "VC081");
|
|
3958
3958
|
const ctx = tryParse(content, filePath);
|
|
3959
|
-
if (!ctx) return matches;
|
|
3959
|
+
if (!ctx) return filterSilenced(matches, content, "VC081");
|
|
3960
3960
|
visitCalls(
|
|
3961
3961
|
ctx.parsed,
|
|
3962
3962
|
(callee) => isCalleeNamed(callee, "parseXml") || isCalleeNamed(callee, "parseXML"),
|
|
@@ -3980,7 +3980,7 @@ var xxeVulnerability = {
|
|
|
3980
3980
|
);
|
|
3981
3981
|
}
|
|
3982
3982
|
);
|
|
3983
|
-
return matches;
|
|
3983
|
+
return filterSilenced(matches, content, "VC081");
|
|
3984
3984
|
}
|
|
3985
3985
|
};
|
|
3986
3986
|
var ssti = {
|
|
@@ -4009,7 +4009,7 @@ var ssti = {
|
|
|
4009
4009
|
));
|
|
4010
4010
|
}
|
|
4011
4011
|
if (!/(?:\.compile|\.render|renderString|render_template_string)\s*\(/.test(content)) {
|
|
4012
|
-
return matches;
|
|
4012
|
+
return filterSilenced(matches, content, "VC082");
|
|
4013
4013
|
}
|
|
4014
4014
|
const ctx = tryParse(content, filePath);
|
|
4015
4015
|
if (!ctx) return matches;
|
|
@@ -4048,7 +4048,7 @@ var ssti = {
|
|
|
4048
4048
|
);
|
|
4049
4049
|
}
|
|
4050
4050
|
);
|
|
4051
|
-
return matches;
|
|
4051
|
+
return filterSilenced(matches, content, "VC082");
|
|
4052
4052
|
}
|
|
4053
4053
|
};
|
|
4054
4054
|
var javaDeserialization = {
|
|
@@ -4369,7 +4369,7 @@ var commandInjection = {
|
|
|
4369
4369
|
matches.push(m);
|
|
4370
4370
|
}
|
|
4371
4371
|
}
|
|
4372
|
-
return matches;
|
|
4372
|
+
return filterSilenced(matches, content, "VC094");
|
|
4373
4373
|
}
|
|
4374
4374
|
};
|
|
4375
4375
|
var corsLocalhost = {
|
|
@@ -7064,7 +7064,7 @@ var llmPromptInjection = {
|
|
|
7064
7064
|
});
|
|
7065
7065
|
}
|
|
7066
7066
|
}
|
|
7067
|
-
return findings;
|
|
7067
|
+
return filterSilenced(findings, content, "VC198");
|
|
7068
7068
|
}
|
|
7069
7069
|
};
|
|
7070
7070
|
var llmSystemPromptInjection = {
|
|
@@ -7101,7 +7101,7 @@ var llmSystemPromptInjection = {
|
|
|
7101
7101
|
});
|
|
7102
7102
|
}
|
|
7103
7103
|
}
|
|
7104
|
-
return findings;
|
|
7104
|
+
return filterSilenced(findings, content, "VC199");
|
|
7105
7105
|
}
|
|
7106
7106
|
};
|
|
7107
7107
|
var llmOutputAsHTML = {
|
|
@@ -7145,7 +7145,7 @@ var llmOutputAsHTML = {
|
|
|
7145
7145
|
});
|
|
7146
7146
|
}
|
|
7147
7147
|
}
|
|
7148
|
-
return findings;
|
|
7148
|
+
return filterSilenced(findings, content, "VC200");
|
|
7149
7149
|
}
|
|
7150
7150
|
};
|
|
7151
7151
|
var vectorStoreQueryNoUserFilter = {
|