svrjs/modsecurity-integration
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: update "modsecurity" npm package and remove bug workaround, since it's fixed in the package

Browse source
This commit is contained in:
Dorian Niemiec 2025-01-14 17:27:38 +01:00
parent 91164c4bfb
commit ca4558b8d5
3 changed files with 22 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
package-lock.json generated
View file

@ -9,7 +9,7 @@
"version": "0.0.0", "version": "0.0.0",
"hasInstallScript": true, "hasInstallScript": true,
"dependencies": { "dependencies": {
"modsecurity": "^0.0.2" "modsecurity": "^0.0.3"
}, },
"devDependencies": { "devDependencies": {
"@commitlint/cli": "^19.6.1", "@commitlint/cli": "^19.6.1",
@ -6453,13 +6453,13 @@
} }
}, },
"node_modules/modsecurity": { "node_modules/modsecurity": {
"version": "0.0.2", "version": "0.0.3",
"resolved": "https://registry.npmjs.org/modsecurity/-/modsecurity-0.0.2.tgz", "resolved": "https://registry.npmjs.org/modsecurity/-/modsecurity-0.0.3.tgz",
"integrity": "sha512-TWfozIi3OrqN6qe6yH4FKD6pRt1d4ufV6whuSws3WY5McTOOZuvbrtCi9c8KQ2LoBl0WafZZ3UudyHmWP3BlIg==", "integrity": "sha512-OenaShFmD9GW5jsEHT4gBW0NwOZAIm/ha62R5TP5qwH0+xTyawADMJ30WnJQ7d9cm+DcICpjtWWkXbwOTpLRQw==",
"hasInstallScript": true, "hasInstallScript": true,
"dependencies": { "dependencies": {
"bindings": "^1.5.0", "bindings": "^1.5.0",
"node-addon-api": "^7.0.0" "node-addon-api": "^8.0.0"
}, },
"engines": { "engines": {
"node": "^10.20.0 || ^12.17.0 || >=14.0.0" "node": "^10.20.0 || ^12.17.0 || >=14.0.0"
@ -6488,9 +6488,12 @@
"dev": true "dev": true
}, },
"node_modules/node-addon-api": { "node_modules/node-addon-api": {
"version": "7.1.1", "version": "8.3.0",
"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz", "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.3.0.tgz",
"integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==" "integrity": "sha512-8VOpLHFrOQlAH+qA0ZzuGRlALRA6/LVh8QJldbrC4DY0hXoMP0l4Acq8TzFC018HztWiRqyCEj2aTWY2UvnJUg==",
"engines": {
"node": "^18 || ^20 || >= 21"
}
}, },
"node_modules/node-int64": { "node_modules/node-int64": {
"version": "0.4.0", "version": "0.4.0",

2
package.json
View file

@ -36,7 +36,7 @@
"zip": "^1.2.0" "zip": "^1.2.0"
}, },
"dependencies": { "dependencies": {
"modsecurity": "^0.0.2" "modsecurity": "^0.0.3"
}, },
"config": { "config": {
"commitizen": { "commitizen": {

33
src/index.js
View file

@ -79,11 +79,10 @@ module.exports = (req, res, logFacilities, config, next) => {
writtenStatusCode = statusCode; writtenStatusCode = statusCode;
let intervene = false; let intervene = false;
Object.keys(writtenHeaders).forEach((key) => { Object.keys(writtenHeaders).forEach((key) => {
// There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer.
if (typeof writtenHeaders[key] == "string") { if (typeof writtenHeaders[key] == "string") {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(
Buffer.from(key), key,
Buffer.from(writtenHeaders[key]) writtenHeaders[key]
); );
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
@ -91,10 +90,7 @@ module.exports = (req, res, logFacilities, config, next) => {
} }
} else if (Array.isArray(writtenHeaders[key])) { } else if (Array.isArray(writtenHeaders[key])) {
writtenHeaders[key].forEach((value) => { writtenHeaders[key].forEach((value) => {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(key, value);
Buffer.from(key),
Buffer.from(value)
);
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
return; return;
@ -148,11 +144,10 @@ module.exports = (req, res, logFacilities, config, next) => {
if (!headersSet) { if (!headersSet) {
let intervene = false; let intervene = false;
Object.keys(writtenHeaders).forEach((key) => { Object.keys(writtenHeaders).forEach((key) => {
// There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer.
if (typeof writtenHeaders[key] == "string") { if (typeof writtenHeaders[key] == "string") {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(
Buffer.from(key), key,
Buffer.from(writtenHeaders[key]) writtenHeaders[key]
); );
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
@ -160,10 +155,7 @@ module.exports = (req, res, logFacilities, config, next) => {
} }
} else if (Array.isArray(writtenHeaders[key])) { } else if (Array.isArray(writtenHeaders[key])) {
writtenHeaders[key].forEach((value) => { writtenHeaders[key].forEach((value) => {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(key, value);
Buffer.from(key),
Buffer.from(value)
);
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
return; return;
@ -276,11 +268,10 @@ module.exports = (req, res, logFacilities, config, next) => {
if (!headersSet) { if (!headersSet) {
let intervene = false; let intervene = false;
Object.keys(writtenHeaders).forEach((key) => { Object.keys(writtenHeaders).forEach((key) => {
// There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer.
if (typeof writtenHeaders[key] == "string") { if (typeof writtenHeaders[key] == "string") {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(
Buffer.from(key), key,
Buffer.from(writtenHeaders[key]) writtenHeaders[key]
); );
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
@ -288,10 +279,7 @@ module.exports = (req, res, logFacilities, config, next) => {
} }
} else if (Array.isArray(writtenHeaders[key])) { } else if (Array.isArray(writtenHeaders[key])) {
writtenHeaders[key].forEach((value) => { writtenHeaders[key].forEach((value) => {
securityResponse = transaction.addResponseHeader( securityResponse = transaction.addResponseHeader(key, value);
Buffer.from(key),
Buffer.from(value)
);
if (typeof securityResponse === "object") { if (typeof securityResponse === "object") {
intervene = true; intervene = true;
return; return;
@ -432,8 +420,7 @@ module.exports = (req, res, logFacilities, config, next) => {
if (key === null) { if (key === null) {
key = v; key = v;
} else { } else {
// There is a typo in "modsecurity" npm package C++ code that causes the value to be a header name when the value is not a buffer. transaction.addRequestHeader(key, v);
transaction.addRequestHeader(Buffer.from(key), Buffer.from(v));
key = null; key = null;
} }
}); });