UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

23 lines (22 loc) 1.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.detectJsInjection = detectJsInjection; const shouldReturnEarly_1 = require("./shouldReturnEarly"); const zen_internals_1 = require("../../internals/zen_internals"); /** * Detects if the user input is a JS injection * The sourceType is used to determine the source of the user input * https://github.com/AikidoSec/zen-internals/blob/4b7bf2c7796155731dc2736a04e3f4d99cdc712b/src/js_injection/helpers/select_sourcetype_based_on_enum.rs#L4 */ function detectJsInjection(code, userInput, // Assume CommonJS by default, as eval() and new Function() can not execute ESM directly // The oxc parser has a bug that causes HTML-like comments to not be parsed in the unambiguous mode // See https://github.com/oxc-project/oxc/issues/18392 sourceType = 2) { const codeLowercase = code.toLowerCase(); const userInputLowercase = userInput.toLowerCase(); if ((0, shouldReturnEarly_1.shouldReturnEarly)(codeLowercase, userInputLowercase)) { return false; } return (0, zen_internals_1.wasm_detect_js_injection)(codeLowercase, userInputLowercase, sourceType); }