(rules: Rule[] | undefined, ruleType: string)
| 501 | }; |
| 502 | |
| 503 | const validateRulesSecurity = (rules: Rule[] | undefined, ruleType: string): void => { |
| 504 | if (!rules) return; |
| 505 | |
| 506 | rules.forEach((rule, index) => { |
| 507 | for (const pattern of DANGEROUS_PATTERNS) { |
| 508 | if (pattern.test(rule.value)) { |
| 509 | throw new PentestError( |
| 510 | `rules.${ruleType}[${index}].value contains potentially dangerous pattern: ${pattern.source}`, |
| 511 | 'config', |
| 512 | false, |
| 513 | { field: `rules.${ruleType}[${index}].value`, pattern: pattern.source }, |
| 514 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 515 | ); |
| 516 | } |
| 517 | if (pattern.test(rule.description)) { |
| 518 | throw new PentestError( |
| 519 | `rules.${ruleType}[${index}].description contains potentially dangerous pattern: ${pattern.source}`, |
| 520 | 'config', |
| 521 | false, |
| 522 | { field: `rules.${ruleType}[${index}].description`, pattern: pattern.source }, |
| 523 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 524 | ); |
| 525 | } |
| 526 | } |
| 527 | |
| 528 | validateRuleTypeSpecific(rule, ruleType, index); |
| 529 | }); |
| 530 | }; |
| 531 | |
| 532 | const validateRuleTypeSpecific = (rule: Rule, ruleType: string, index: number): void => { |
| 533 | const field = `rules.${ruleType}[${index}].value`; |
no test coverage detected