@aikidosec/firewall/helpers/extractPathStringsFromUserInputCached.js

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.extractPathStringsFromUserInputCached = extractPathStringsFromUserInputCached;
const Source_1 = require("../agent/Source");
const extractStringsFromUserInput_1 = require("./extractStringsFromUserInput");
const node_path_1 = require("node:path");
function extractPathStringsFromUserInputCached(context) {
    if (context.cachePathTraversal) {
        return context.cachePathTraversal;
    }
    const userStrings = new Set();
    for (const source of Source_1.SOURCES) {
        if (!context[source]) {
            continue;
        }
        for (const item of (0, extractStringsFromUserInput_1.extractStringsFromUserInput)(context[source])) {
            // Performance optimization: only keep strings that contain a path separator
            // as only those can be used for path traversal
            // keeps the set smaller and speeds up `fs` and `path` operations
            if (item.includes(node_path_1.sep)) {
                userStrings.add(item);
            }
        }
    }
    context.cachePathTraversal = userStrings;
    return userStrings;
}