Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark JS values as unsafe #463

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Mark JS values as unsafe #463

wants to merge 16 commits into from

Conversation

hansott
Copy link
Member

@hansott hansott commented Nov 25, 2024

e.g. output from LLM that is parsed to JSON

@codecov Codecov
Copy link

codecov bot commented Nov 25, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 92.68293% with 6 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
library/agent/context/markUnsafe.ts 92.40% 6 Missing ⚠️

📢 Thoughts on this report? Let us know!

Base automatically changed from beta to main December 3, 2024 15:57
An error occurred while trying to automatically change base from beta to main December 3, 2024 15:57
@hansott
Merge branch 'main' of github.com:AikidoSec/node-RASP into mark-unsafe
4a7fce8 
* 'main' of github.com:AikidoSec/node-RASP: (98 commits)
  Fix tests
  Fix again
  fix: Wrong payload path after merge
  Fix tests
  Delete jwt.iss
  Add test
  Use new Zen internals JS parser
  Update Zen Internals
  Fix missing sink in getWrappers
  Protect new Function(...)
  Add JS injection tests
  Detect JS injections using eval(...)
  Add test for isRequestToItself
  Fix edge case
  Improve readability of isRequestToItself
  Prevent undefined path error
  fix: Array length check
  Add max depth and array size
  Flexible match count, fix tests
  Upload only one path, simplify
  ...
@hansott
Merge branch 'main' of github.com:AikidoSec/node-RASP into mark-unsafe
94800ae 
* 'main' of github.com:AikidoSec/node-RASP:
  Increase to 25%
  Fix flaky performance test
  Remove eval sink
  Add performance test
  Shorten function
  Shorten methods
  Fix tests for attackPath
  Add failing tests
  Add breaking test
  Add test
  Add more tests
  Improve test coverage
  Extend and fix tests
  Link to Aikido Blog for Command Injection attacks
  Use more efficient ip matcher
@hansott
Accept multiple arguments for markUnsafe(...)
aacd155
@hansott
Improve docs
168690b
@hansott
Fix lint
b2af456
@hansott
Check type of values
62e4912
@hansott hansott added the feat label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timokoessler timokoessler timokoessler approved these changes

Assignees
No one assigned
Labels
feat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hansott @timokoessler