xploitscan-shared-rules 1.8.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +9 -9
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +9 -9
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -3689,9 +3689,9 @@ var xxeVulnerability = {
|
|
|
3689
3689
|
));
|
|
3690
3690
|
}
|
|
3691
3691
|
}
|
|
3692
|
-
if (!/parseXml\s*\(/.test(content)) return matches;
|
|
3692
|
+
if (!/parseXml\s*\(/.test(content)) return filterSilenced(matches, content, "VC081");
|
|
3693
3693
|
const ctx = tryParse(content, filePath);
|
|
3694
|
-
if (!ctx) return matches;
|
|
3694
|
+
if (!ctx) return filterSilenced(matches, content, "VC081");
|
|
3695
3695
|
visitCalls(
|
|
3696
3696
|
ctx.parsed,
|
|
3697
3697
|
(callee) => isCalleeNamed(callee, "parseXml") || isCalleeNamed(callee, "parseXML"),
|
|
@@ -3715,7 +3715,7 @@ var xxeVulnerability = {
|
|
|
3715
3715
|
);
|
|
3716
3716
|
}
|
|
3717
3717
|
);
|
|
3718
|
-
return matches;
|
|
3718
|
+
return filterSilenced(matches, content, "VC081");
|
|
3719
3719
|
}
|
|
3720
3720
|
};
|
|
3721
3721
|
var ssti = {
|
|
@@ -3744,7 +3744,7 @@ var ssti = {
|
|
|
3744
3744
|
));
|
|
3745
3745
|
}
|
|
3746
3746
|
if (!/(?:\.compile|\.render|renderString|render_template_string)\s*\(/.test(content)) {
|
|
3747
|
-
return matches;
|
|
3747
|
+
return filterSilenced(matches, content, "VC082");
|
|
3748
3748
|
}
|
|
3749
3749
|
const ctx = tryParse(content, filePath);
|
|
3750
3750
|
if (!ctx) return matches;
|
|
@@ -3783,7 +3783,7 @@ var ssti = {
|
|
|
3783
3783
|
);
|
|
3784
3784
|
}
|
|
3785
3785
|
);
|
|
3786
|
-
return matches;
|
|
3786
|
+
return filterSilenced(matches, content, "VC082");
|
|
3787
3787
|
}
|
|
3788
3788
|
};
|
|
3789
3789
|
var javaDeserialization = {
|
|
@@ -4104,7 +4104,7 @@ var commandInjection = {
|
|
|
4104
4104
|
matches.push(m);
|
|
4105
4105
|
}
|
|
4106
4106
|
}
|
|
4107
|
-
return matches;
|
|
4107
|
+
return filterSilenced(matches, content, "VC094");
|
|
4108
4108
|
}
|
|
4109
4109
|
};
|
|
4110
4110
|
var corsLocalhost = {
|
|
@@ -6799,7 +6799,7 @@ var llmPromptInjection = {
|
|
|
6799
6799
|
});
|
|
6800
6800
|
}
|
|
6801
6801
|
}
|
|
6802
|
-
return findings;
|
|
6802
|
+
return filterSilenced(findings, content, "VC198");
|
|
6803
6803
|
}
|
|
6804
6804
|
};
|
|
6805
6805
|
var llmSystemPromptInjection = {
|
|
@@ -6836,7 +6836,7 @@ var llmSystemPromptInjection = {
|
|
|
6836
6836
|
});
|
|
6837
6837
|
}
|
|
6838
6838
|
}
|
|
6839
|
-
return findings;
|
|
6839
|
+
return filterSilenced(findings, content, "VC199");
|
|
6840
6840
|
}
|
|
6841
6841
|
};
|
|
6842
6842
|
var llmOutputAsHTML = {
|
|
@@ -6880,7 +6880,7 @@ var llmOutputAsHTML = {
|
|
|
6880
6880
|
});
|
|
6881
6881
|
}
|
|
6882
6882
|
}
|
|
6883
|
-
return findings;
|
|
6883
|
+
return filterSilenced(findings, content, "VC200");
|
|
6884
6884
|
}
|
|
6885
6885
|
};
|
|
6886
6886
|
var vectorStoreQueryNoUserFilter = {
|