milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove etag from response when modifying headers

Browse source
This commit is contained in:
Sander Declerck 2025-11-13 16:27:42 +01:00
parent 752504dcc8
commit dc6f37b3ec
No known key found for this signature in database
3 changed files with 18 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
packages/safe-chain/src/registryProxy/interceptors/interceptorBuilder.js
View file

@ -11,7 +11,7 @@ import { EventEmitter } from "events";
* @property {string} targetUrl
* @property {(packageName: string | undefined, version: string | undefined) => void} blockMalware
* @property {(modificationFunc: (headers: NodeJS.Dict<string | string[]>) => void) => void} modifyRequestHeaders
* @property {(modificationFunc: (body: Buffer) => Buffer) => void} modifyBody
* @property {(modificationFunc: (body: Buffer, headers: NodeJS.Dict<string | string[]> | undefined) => Buffer) => void} modifyBody
* @property {() => RequestInterceptionHandler} build
*
*
@ -19,7 +19,7 @@ import { EventEmitter } from "events";
* @property {{statusCode: number, message: string} | undefined} blockResponse
* @property {(headers: NodeJS.Dict<string | string[]> | undefined) => void} modifyRequestHeaders
* @property {() => boolean} modifiesResponse
* @property {(body: Buffer) => Buffer} modifyBody
* @property {(body: Buffer, headers: NodeJS.Dict<string | string[]> | undefined) => Buffer} modifyBody
*/
/**
@ -67,7 +67,7 @@ function createRequestContext(targetUrl, eventEmitter) {
let blockResponse = undefined;
/** @type {Array<(headers: NodeJS.Dict<string | string[]>) => void>} */
let reqheaderModificationFuncs = [];
/** @type {Array<(body: Buffer) => Buffer>} */
/** @type {Array<(body: Buffer, headers: NodeJS.Dict<string | string[]> | undefined) => Buffer>} */
let modifyBodyFuncs = [];
/**
@ -102,13 +102,14 @@ function createRequestContext(targetUrl, eventEmitter) {
/**
* @param {Buffer} body
* @param {NodeJS.Dict<string | string[]> | undefined} headers
* @returns {Buffer}
*/
function modifyBody(body) {
function modifyBody(body, headers) {
let modifiedBody = body;
for (var func of modifyBodyFuncs) {
modifiedBody = func(body);
modifiedBody = func(body, headers);
}
return modifiedBody;

8
packages/safe-chain/src/registryProxy/interceptors/npm/modifyNpmInfo.js
View file

@ -34,9 +34,10 @@ export function isPackageInfoUrl(url) {
/**
*
* @param {Buffer} body
* @param {NodeJS.Dict<string | string[]> | undefined} headers
* @returns Buffer
*/
export function modifyNpmInfoResponse(body) {
export function modifyNpmInfoResponse(body, headers) {
try {
if (body.byteLength === 0) {
return body;
@ -70,6 +71,11 @@ export function modifyNpmInfoResponse(body) {
if (timestamp > cutOff) {
deleteVersionFromJson(bodyJson, version);
if (headers) {
// When modifying the response, the etag no longer matches the content
// so the etag needs to be removed before sending the response.
delete headers["etag"];
}
continue;
}
}