From ca4558b8d51545b9c3fe2b961cfe1be3392e30af Mon Sep 17 00:00:00 2001 From: Dorian Niemiec Date: Tue, 14 Jan 2025 17:27:38 +0100 Subject: [PATCH] chore: update "modsecurity" npm package and remove bug workaround, since it's fixed in the package --- package-lock.json | 19 +++++++++++-------- package.json | 2 +- src/index.js | 33 ++++++++++----------------------- 3 files changed, 22 insertions(+), 32 deletions(-) diff --git a/package-lock.json b/package-lock.json index 92421bd..f887a42 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.0", "hasInstallScript": true, "dependencies": { - "modsecurity": "^0.0.2" + "modsecurity": "^0.0.3" }, "devDependencies": { "@commitlint/cli": "^19.6.1", @@ -6453,13 +6453,13 @@ } }, "node_modules/modsecurity": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/modsecurity/-/modsecurity-0.0.2.tgz", - "integrity": "sha512-TWfozIi3OrqN6qe6yH4FKD6pRt1d4ufV6whuSws3WY5McTOOZuvbrtCi9c8KQ2LoBl0WafZZ3UudyHmWP3BlIg==", + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/modsecurity/-/modsecurity-0.0.3.tgz", + "integrity": "sha512-OenaShFmD9GW5jsEHT4gBW0NwOZAIm/ha62R5TP5qwH0+xTyawADMJ30WnJQ7d9cm+DcICpjtWWkXbwOTpLRQw==", "hasInstallScript": true, "dependencies": { "bindings": "^1.5.0", - "node-addon-api": "^7.0.0" + "node-addon-api": "^8.0.0" }, "engines": { "node": "^10.20.0 || ^12.17.0 || >=14.0.0" @@ -6488,9 +6488,12 @@ "dev": true }, "node_modules/node-addon-api": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz", - "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==" + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.3.0.tgz", + "integrity": "sha512-8VOpLHFrOQlAH+qA0ZzuGRlALRA6/LVh8QJldbrC4DY0hXoMP0l4Acq8TzFC018HztWiRqyCEj2aTWY2UvnJUg==", + "engines": { + "node": "^18 || ^20 || >= 21" + } }, "node_modules/node-int64": { "version": "0.4.0", diff --git a/package.json b/package.json index 51727db..ae4c473 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "zip": "^1.2.0" }, "dependencies": { - "modsecurity": "^0.0.2" + "modsecurity": "^0.0.3" }, "config": { "commitizen": { diff --git a/src/index.js b/src/index.js index a5afe73..37d3242 100644 --- a/src/index.js +++ b/src/index.js @@ -79,11 +79,10 @@ module.exports = (req, res, logFacilities, config, next) => { writtenStatusCode = statusCode; let intervene = false; Object.keys(writtenHeaders).forEach((key) => { - // There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer. if (typeof writtenHeaders[key] == "string") { securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(writtenHeaders[key]) + key, + writtenHeaders[key] ); if (typeof securityResponse === "object") { intervene = true; @@ -91,10 +90,7 @@ module.exports = (req, res, logFacilities, config, next) => { } } else if (Array.isArray(writtenHeaders[key])) { writtenHeaders[key].forEach((value) => { - securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(value) - ); + securityResponse = transaction.addResponseHeader(key, value); if (typeof securityResponse === "object") { intervene = true; return; @@ -148,11 +144,10 @@ module.exports = (req, res, logFacilities, config, next) => { if (!headersSet) { let intervene = false; Object.keys(writtenHeaders).forEach((key) => { - // There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer. if (typeof writtenHeaders[key] == "string") { securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(writtenHeaders[key]) + key, + writtenHeaders[key] ); if (typeof securityResponse === "object") { intervene = true; @@ -160,10 +155,7 @@ module.exports = (req, res, logFacilities, config, next) => { } } else if (Array.isArray(writtenHeaders[key])) { writtenHeaders[key].forEach((value) => { - securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(value) - ); + securityResponse = transaction.addResponseHeader(key, value); if (typeof securityResponse === "object") { intervene = true; return; @@ -276,11 +268,10 @@ module.exports = (req, res, logFacilities, config, next) => { if (!headersSet) { let intervene = false; Object.keys(writtenHeaders).forEach((key) => { - // There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer. if (typeof writtenHeaders[key] == "string") { securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(writtenHeaders[key]) + key, + writtenHeaders[key] ); if (typeof securityResponse === "object") { intervene = true; @@ -288,10 +279,7 @@ module.exports = (req, res, logFacilities, config, next) => { } } else if (Array.isArray(writtenHeaders[key])) { writtenHeaders[key].forEach((value) => { - securityResponse = transaction.addResponseHeader( - Buffer.from(key), - Buffer.from(value) - ); + securityResponse = transaction.addResponseHeader(key, value); if (typeof securityResponse === "object") { intervene = true; return; @@ -432,8 +420,7 @@ module.exports = (req, res, logFacilities, config, next) => { if (key === null) { key = v; } else { - // There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer. - transaction.addRequestHeader(Buffer.from(key), Buffer.from(v)); + transaction.addRequestHeader(key, v); key = null; } });