@aikidosec/firewall/sources/xml/isXmlInContext.js

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isXmlInContext = isXmlInContext;
const Source_1 = require("../../agent/Source");
const extractStringsFromUserInputCached_1 = require("../../helpers/extractStringsFromUserInputCached");
/**
 * Checks if the XML string can be found in the context.
 */
function isXmlInContext(xml, context) {
    for (const source of Source_1.SOURCES) {
        if (source === "xml") {
            // Skip parsed XML
            continue;
        }
        const userInput = (0, extractStringsFromUserInputCached_1.extractStringsFromUserInputCached)(context, source);
        if (!userInput) {
            continue;
        }
        for (const str of userInput) {
            if (str === xml) {
                return true;
            }
        }
    }
    return false;
}