joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: sensitive keyword detection may produce false positives (#7883)

Browse Source
This commit is contained in:
Manuel
2022-03-24 02:49:39 +01:00
committed by GitHub
parent 02f88f433e
commit d34761369e
3 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
spec/vulnerabilities.spec.js
View File

@@ -280,4 +280,18 @@ describe('Vulnerabilities', () => {
expect(text.error).toBe('Prohibited keyword in request data: {"value":"aValue[123]*"}.');
});
});
describe('Ignore non-matches', () => {
it('ignores write request that contains only fraction of denied keyword', async () => {
await reconfigureServer({
requestKeywordDenylist: [{ key: 'abc' }],
});
// Initially saving an object executes the keyword detection in RestWrite.js
const obj = new TestObject({ a: { b: { c: 0 } } });
await expectAsync(obj.save()).toBeResolved();
// Modifying a nested key executes the keyword detection in DatabaseController.js
obj.increment('a.b.c');
await expectAsync(obj.save()).toBeResolved();
});
});
});