@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
56 lines (55 loc) • 2.04 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.XmlMinusJs = void 0;
const Context_1 = require("../agent/Context");
const wrapExport_1 = require("../agent/hooks/wrapExport");
const isPlainObject_1 = require("../helpers/isPlainObject");
const addXmlToContext_1 = require("./xml/addXmlToContext");
const isXmlInContext_1 = require("./xml/isXmlInContext");
/**
* Wrapper for xml-js package.
*/
class XmlMinusJs {
inspectParse(args, result, jsonStr) {
if (!args.length || typeof args[0] !== "string") {
return;
}
const context = (0, Context_1.getContext)();
if (!context) {
// We expect the context to be set by the wrapped http server
return;
}
const xmlString = args[0];
// Check if the XML string is in the request context
if (!(0, isXmlInContext_1.isXmlInContext)(xmlString, context)) {
return args;
}
const parsed = jsonStr ? JSON.parse(result) : result;
// Replace the body in the context with the parsed result
if (parsed && (0, isPlainObject_1.isPlainObject)(parsed)) {
(0, addXmlToContext_1.addXmlToContext)(parsed, context);
}
}
wrap(hooks) {
hooks
.addPackage("xml-js")
.withVersion("^1.0.0")
.onRequire((exports, pkgInfo) => {
(0, wrapExport_1.wrapExport)(exports, "xml2js", pkgInfo, {
kind: "deserialize_op",
modifyReturnValue: (args, result) => {
this.inspectParse(args, result, false);
return result;
},
});
(0, wrapExport_1.wrapExport)(exports, "xml2json", pkgInfo, {
kind: "deserialize_op",
modifyReturnValue: (args, result) => {
this.inspectParse(args, result, true);
return result;
},
});
});
}
}
exports.XmlMinusJs = XmlMinusJs;