DMleadgen
46d973904b
Next.js website for Rocky Mountain Vending company featuring: - Product catalog with Stripe integration - Service areas and parts pages - Admin dashboard with Clerk authentication - SEO optimized pages with JSON-LD structured data Co-authored-by: Cursor <cursoragent@cursor.com>
96 lines
No EOL
4.2 KiB
Text
96 lines
No EOL
4.2 KiB
Text
"use strict";
|
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
if (k2 === undefined) k2 = k;
|
|
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
|
}) : (function(o, m, k, k2) {
|
|
if (k2 === undefined) k2 = k;
|
|
o[k2] = m[k];
|
|
}));
|
|
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
}) : function(o, v) {
|
|
o["default"] = v;
|
|
});
|
|
var __importStar = (this && this.__importStar) || function (mod) {
|
|
if (mod && mod.__esModule) return mod;
|
|
var result = {};
|
|
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
__setModuleDefault(result, mod);
|
|
return result;
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.checkInvalidKeyword = exports.checkMissingSemicolon = exports.checkUnknownDirective = void 0;
|
|
const csp = __importStar(require("../csp"));
|
|
const csp_1 = require("../csp");
|
|
const finding_1 = require("../finding");
|
|
function checkUnknownDirective(parsedCsp) {
|
|
const findings = [];
|
|
for (const directive of Object.keys(parsedCsp.directives)) {
|
|
if (csp.isDirective(directive)) {
|
|
continue;
|
|
}
|
|
if (directive.endsWith(':')) {
|
|
findings.push(new finding_1.Finding(finding_1.Type.UNKNOWN_DIRECTIVE, 'CSP directives don\'t end with a colon.', finding_1.Severity.SYNTAX, directive));
|
|
}
|
|
else {
|
|
findings.push(new finding_1.Finding(finding_1.Type.UNKNOWN_DIRECTIVE, 'Directive "' + directive + '" is not a known CSP directive.', finding_1.Severity.SYNTAX, directive));
|
|
}
|
|
}
|
|
return findings;
|
|
}
|
|
exports.checkUnknownDirective = checkUnknownDirective;
|
|
function checkMissingSemicolon(parsedCsp) {
|
|
const findings = [];
|
|
for (const [directive, directiveValues] of Object.entries(parsedCsp.directives)) {
|
|
if (directiveValues === undefined) {
|
|
continue;
|
|
}
|
|
for (const value of directiveValues) {
|
|
if (csp.isDirective(value)) {
|
|
findings.push(new finding_1.Finding(finding_1.Type.MISSING_SEMICOLON, 'Did you forget the semicolon? ' +
|
|
'"' + value + '" seems to be a directive, not a value.', finding_1.Severity.SYNTAX, directive, value));
|
|
}
|
|
}
|
|
}
|
|
return findings;
|
|
}
|
|
exports.checkMissingSemicolon = checkMissingSemicolon;
|
|
function checkInvalidKeyword(parsedCsp) {
|
|
const findings = [];
|
|
const keywordsNoTicks = Object.values(csp_1.Keyword).map((k) => k.replace(/'/g, ''));
|
|
for (const [directive, directiveValues] of Object.entries(parsedCsp.directives)) {
|
|
if (directiveValues === undefined) {
|
|
continue;
|
|
}
|
|
for (const value of directiveValues) {
|
|
if (keywordsNoTicks.some((k) => k === value) ||
|
|
value.startsWith('nonce-') ||
|
|
value.match(/^(sha256|sha384|sha512)-/)) {
|
|
findings.push(new finding_1.Finding(finding_1.Type.INVALID_KEYWORD, 'Did you forget to surround "' + value + '" with single-ticks?', finding_1.Severity.SYNTAX, directive, value));
|
|
continue;
|
|
}
|
|
if (!value.startsWith('\'')) {
|
|
continue;
|
|
}
|
|
if (directive === csp.Directive.REQUIRE_TRUSTED_TYPES_FOR) {
|
|
if (value === csp.TrustedTypesSink.SCRIPT) {
|
|
continue;
|
|
}
|
|
}
|
|
else if (directive === csp.Directive.TRUSTED_TYPES) {
|
|
if (value === '\'allow-duplicates\'' || value === '\'none\'') {
|
|
continue;
|
|
}
|
|
}
|
|
else {
|
|
if (csp.isKeyword(value) || csp.isHash(value) || csp.isNonce(value)) {
|
|
continue;
|
|
}
|
|
}
|
|
findings.push(new finding_1.Finding(finding_1.Type.INVALID_KEYWORD, value + ' seems to be an invalid CSP keyword.', finding_1.Severity.SYNTAX, directive, value));
|
|
}
|
|
}
|
|
return findings;
|
|
}
|
|
exports.checkInvalidKeyword = checkInvalidKeyword;
|
|
//# sourceMappingURL=parser_checks.js.map |