From b660b9976042c8ac86bd30054664145a39106fda Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:37:43 +0000 Subject: [PATCH 1/7] Initial plan From e496a518579b5f0e144861d376fe8c15b42373b6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:41:00 +0000 Subject: [PATCH 2/7] Initial exploration complete Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- package-lock.json | 1016 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1016 insertions(+) create mode 100644 package-lock.json diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000..728194c7 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,1016 @@ +{ + "name": "vulnerable-node-source", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "vulnerable-node-source", + "version": "0.0.0", + "dependencies": { + "body-parser": "~1.13.2", + "cookie-parser": "~1.3.5", + "debug": "~2.2.0", + "ejs": "^2.4.2", + "ejs-locals": "^1.0.2", + "express": "~4.13.1", + "express-session": "^1.13.0", + "log4js": "^0.6.36", + "morgan": "~1.6.1", + "pg-promise": "^4.4.6", + "serve-favicon": "~2.3.0" + } + }, + "node_modules/accepts": { + "version": "1.2.13", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.2.13.tgz", + "integrity": "sha512-R190A3EzrS4huFOVZajhXCYZt5p5yrkaQOB4nsWzfth0cYaDcSN5J86l58FJ1dt7igp37fB/QhnuFkGAJmr+eg==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.6", + "negotiator": "0.5.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/basic-auth": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-1.0.4.tgz", + "integrity": "sha512-uvq3I/zC5TmG0WZJDzsXzIytU9GiiSq23Gl27Dq9sV81JTfPfQhtdADECP1DJZeJoZPuYU0Y81hWC5y/dOR+Yw==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/body-parser": { + "version": "1.13.3", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.13.3.tgz", + "integrity": "sha512-ypX8/9uws2W+CjPp3QMmz1qklzlhRBknQve22Y+WFecHql+qDFfG+VVNX7sooA4Q3+2fdq4ZZj6Xr07gA90RZg==", + "license": "MIT", + "dependencies": { + "bytes": "2.1.0", + "content-type": "~1.0.1", + "debug": "~2.2.0", + "depd": "~1.0.1", + "http-errors": "~1.3.1", + "iconv-lite": "0.4.11", + "on-finished": "~2.3.0", + "qs": "4.0.0", + "raw-body": "~2.1.2", + "type-is": "~1.6.6" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/buffer-writer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-writer/-/buffer-writer-1.0.1.tgz", + "integrity": "sha512-I5M7UuSeDn5aQR2BSH2+270w9qdd2Rd5LB/XhTcIRdSmeLueMNlY3BaMoHtoASmjEQf/NOAqMIZaoAMSpomW6w==", + "license": "MIT" + }, + "node_modules/bytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.1.0.tgz", + "integrity": "sha512-k9VSlRfRi5JYyQWMylSOgjld96ta1qaQUIvmn+na0BzViclH04PBumewv4z5aeXNkn6Z/gAN5FtPeBLvV20F9w==", + "license": "MIT" + }, + "node_modules/content-disposition": { + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.1.tgz", + "integrity": "sha512-LXP3Ekizrynh01Muic+1XMkR46z/d2wAO/TBnwCgdTmpFJrtwkzrCxQCsC7QnNqlShJgrQyygcX2I8oJ0wnzkw==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.1.3.tgz", + "integrity": "sha512-mWkFhcL+HVG1KjeCjEBVJJ7s4sAGMLiBDFSDs4bzzvgLZt7rW8BhP6XV/8b1+pNvx/skd3yYxPuaF3Z6LlQzyw==", + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/cookie-parser": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.3.5.tgz", + "integrity": "sha512-YN/8nzPcK5o6Op4MIzAd4H4qUal5+3UaMhVIeaafFYL0pKvBQA/9Yhzo7ZwvBpjdGshsiTAb1+FC37M6RdPDFg==", + "license": "MIT", + "dependencies": { + "cookie": "0.1.3", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", + "license": "MIT" + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "license": "MIT" + }, + "node_modules/debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha512-X0rGvJcskG1c3TgSCPqHJ0XJgwlcvOC7elJ5Y0hYuKBZoVqWpAMfLOeIh2UI/DCQ5ruodIjvsugZtjUYUw2pUw==", + "license": "MIT", + "dependencies": { + "ms": "0.7.1" + } + }, + "node_modules/depd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.0.1.tgz", + "integrity": "sha512-OEWAMbCkK9IWQ8pfTvHBhCSqHgR+sk5pbiYqq0FqfARG4Cy+cRsCbITx6wh5pcsmfBPiJAcbd98tfdz5fnBbag==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/destroy": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", + "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg==", + "license": "MIT" + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/ejs": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz", + "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA==", + "hasInstallScript": true, + "license": "Apache-2.0", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ejs-locals": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/ejs-locals/-/ejs-locals-1.0.2.tgz", + "integrity": "sha512-gzMyYHoVMcaT30zwd0z69HEthp5c2czMLWCaMh+K+BfogvxrG6smZHLW3Uwn2+6XhE+/aCcEL8pETZ9fa1J24A==", + "dependencies": { + "ejs": "0.8.x" + }, + "engines": { + "node": ">=0.6.0" + } + }, + "node_modules/ejs-locals/node_modules/ejs": { + "version": "0.8.8", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-0.8.8.tgz", + "integrity": "sha512-2E5HBH8LoaSQ2OLW2LmEE1/9dL3YZCKqrQXBEeCv9P/dQlZOfdAYvJFHhNZ35uY6AXba+RllQTRtmJmXXm7i7g==", + "deprecated": "Critical security bugs fixed in 2.5.5" + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.7.0.tgz", + "integrity": "sha512-Mbv5pNpLNPrm1b4rzZlZlfTRpdDr31oiD43N362sIyvSWVNu5Du33EcJGzvEV4YdYLuENB1HzND907cQkFmXNw==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "4.13.4", + "resolved": "https://registry.npmjs.org/express/-/express-4.13.4.tgz", + "integrity": "sha512-pNykF2h4VgBMH8gJfwwBh4kqaIyV/DcFIX6UpC751GF7du2kA1pkxJ2/SmggVGbYCa4mBRcWh0yiTfK8Dp/Rdg==", + "license": "MIT", + "dependencies": { + "accepts": "~1.2.12", + "array-flatten": "1.1.1", + "content-disposition": "0.5.1", + "content-type": "~1.0.1", + "cookie": "0.1.5", + "cookie-signature": "1.0.6", + "debug": "~2.2.0", + "depd": "~1.1.0", + "escape-html": "~1.0.3", + "etag": "~1.7.0", + "finalhandler": "0.4.1", + "fresh": "0.3.0", + "merge-descriptors": "1.0.1", + "methods": "~1.1.2", + "on-finished": "~2.3.0", + "parseurl": "~1.3.1", + "path-to-regexp": "0.1.7", + "proxy-addr": "~1.0.10", + "qs": "4.0.0", + "range-parser": "~1.0.3", + "send": "0.13.1", + "serve-static": "~1.10.2", + "type-is": "~1.6.6", + "utils-merge": "1.0.0", + "vary": "~1.0.1" + }, + "engines": { + "node": ">= 0.10.0" + } + }, + "node_modules/express-session": { + "version": "1.18.2", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.2.tgz", + "integrity": "sha512-SZjssGQC7TzTs9rpPDuUrR23GNZ9+2+IkA/+IJWmvQilTr5OSliEHGF+D9scbIpdC6yGtTI0/VhaHoVes2AN/A==", + "license": "MIT", + "dependencies": { + "cookie": "0.7.2", + "cookie-signature": "1.0.7", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-headers": "~1.1.0", + "parseurl": "~1.3.3", + "safe-buffer": "5.2.1", + "uid-safe": "~2.1.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/express-session/node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express-session/node_modules/cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "license": "MIT" + }, + "node_modules/express-session/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express-session/node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/express-session/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/express/node_modules/cookie": { + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.1.5.tgz", + "integrity": "sha512-/lhu+NGBI5pOLXILS07DrPXYX0QDD/ejVhbwoCUcLPBqMEK9b++f9rUhAlhLkcTz9mV6QSeD+w3cHJ96rMZaFQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/finalhandler": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-0.4.1.tgz", + "integrity": "sha512-+AkanbaabSCYrDcrU+TcA/8SEyMDAN7mjE6GC71GAlvYDXM4wzUsRqLLS2qPtWecIlkX5+MMZGd2RyxO3yBOfg==", + "license": "MIT", + "dependencies": { + "debug": "~2.2.0", + "escape-html": "~1.0.3", + "on-finished": "~2.3.0", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/forwarded": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", + "integrity": "sha512-Ua9xNhH0b8pwE3yRbFfXJvfdWF0UHNCdeyb2sbi9Ul/M+r3PTdrz7Cv4SCfZRMjmzEM9PhraqfZFbGTIg3OMyA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.3.0.tgz", + "integrity": "sha512-akx5WBKAwMSg36qoHTuMMVncHWctlaDGslJASDYAhoLrzDUDCjZlOngNa/iC6lPm9aA0qk8pN5KnpmbJHSIIQQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/generic-pool": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-2.4.2.tgz", + "integrity": "sha512-c2W/8V0451pHnt+a7tVTrNROpsfaIX4P6OrET4e/Uj3ZpK+8e95U6Ck7y5dubhn4QVWBBA8WkcZPTWtNaQGyOw==", + "license": "MIT", + "engines": { + "node": ">= 0.2.0" + } + }, + "node_modules/http-errors": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.3.1.tgz", + "integrity": "sha512-gMygNskMurDCWfoCdyh1gOeDfSbkAHXqz94QoPj5IHIUjC/BG8/xv7FSEUr7waR5RcAya4j58bft9Wu/wHNeXA==", + "license": "MIT", + "dependencies": { + "inherits": "~2.0.1", + "statuses": "1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.11", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.11.tgz", + "integrity": "sha512-8UmnaYeP5puk18SkBrYULVTiq7REcimhx+ykJVJBiaz89DQmVQAfS29ZhHah86la90/t0xy4vRk86/2cCwNodA==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.0.5.tgz", + "integrity": "sha512-wBj+q+3uP78gMowwWgFLAYm/q4x5goyZmDsmuvyz+nd1u0D/ghgXXtc1OkgmTzSiWT101kiqGacwFk9eGQw6xQ==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "license": "MIT" + }, + "node_modules/log4js": { + "version": "0.6.38", + "resolved": "https://registry.npmjs.org/log4js/-/log4js-0.6.38.tgz", + "integrity": "sha512-Cd+klbx7lkiaamEId9/0odHxv/PFHDz2E12kEfd6/CzIOZD084DzysASR/Dot4i1dYPBQKC3r2XIER+dfbLOmw==", + "deprecated": "0.x is no longer supported. Please upgrade to 6.x or higher.", + "license": "Apache-2.0", + "dependencies": { + "readable-stream": "~1.0.2", + "semver": "~4.3.3" + }, + "engines": { + "node": ">=0.8" + } + }, + "node_modules/manakin": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/manakin/-/manakin-0.3.0.tgz", + "integrity": "sha512-rI9KJ8KkEf9T+BV9cQEJapOYHjjRQlJPHYXyxCoAV2aN4v3rZPhOcjn5c5UX2N1Odu4WBJ8C5V8v2aKk8ZT3sA==", + "license": "MIT", + "engines": { + "node": ">=0.10", + "npm": ">=1.4" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", + "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==", + "license": "MIT" + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz", + "integrity": "sha512-sAaYXszED5ALBt665F0wMQCUXpGuZsGdopoqcHPdL39ZYdi7uHoZlhrfZfhv8WzivhBzr/oXwaj+yiK5wY8MXQ==", + "bin": { + "mime": "cli.js" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/morgan": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.6.1.tgz", + "integrity": "sha512-WWxlTx5xCqbtSeX/gPVHUZBhAhSMfYQLgPrWHEN0FYnF+zf1Ju/Zct6rpeKmvzibrYF4QvFVws7IN61BxnKu+Q==", + "license": "MIT", + "dependencies": { + "basic-auth": "~1.0.3", + "debug": "~2.2.0", + "depd": "~1.0.1", + "on-finished": "~2.3.0", + "on-headers": "~1.0.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/morgan/node_modules/on-headers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", + "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/ms": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "integrity": "sha512-lRLiIR9fSNpnP6TC4v8+4OU7oStC01esuNowdQ34L+Gk8e5Puoc88IqJ+XAY/B3Mn2ZKis8l8HX90oU8ivzUHg==" + }, + "node_modules/negotiator": { + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.5.3.tgz", + "integrity": "sha512-oXmnazqehLNFohqgLxRyUdOQU9/UX0NpCpsnbjWUjM62ZM8oSOXYZpHc68XR130ftPNano0oQXGdREAplZRhaQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/on-finished": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/on-headers": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/packet-reader": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/packet-reader/-/packet-reader-0.2.0.tgz", + "integrity": "sha512-3GnoJ2cKeSgikX3llywfuefjtkokRfzySXO2H3bDwVguclnpkvjYcBsQNfCcUpwUKRK+4IhhCD18/rLMVOH+aQ==", + "license": "MIT" + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-to-regexp": { + "version": "0.1.7", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", + "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==", + "license": "MIT" + }, + "node_modules/pg": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/pg/-/pg-5.1.0.tgz", + "integrity": "sha512-ue/z4LkcRnrx97kn61vNN0Lk0kXc2VMLMK19HA8OWCey2JVNqH1PSrwmGI4U9/T/BrmK/B4EblhZJx6sODbeew==", + "license": "MIT", + "dependencies": { + "buffer-writer": "1.0.1", + "generic-pool": "2.4.2", + "packet-reader": "0.2.0", + "pg-connection-string": "0.1.3", + "pg-types": "1.*", + "pgpass": "0.0.6", + "semver": "4.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/pg-connection-string": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-0.1.3.tgz", + "integrity": "sha512-i0NV/CrSkFTaiOQs9AGy3tq0dkSjtTd4d7DfsjeDVZAA4aIHInwfFEmriNYGGJUfZ5x6IAC/QddoUpUJjQAi0w==", + "license": "MIT" + }, + "node_modules/pg-int8": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/pg-int8/-/pg-int8-1.0.1.tgz", + "integrity": "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==", + "license": "ISC", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/pg-minify": { + "version": "0.3.5", + "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-0.3.5.tgz", + "integrity": "sha512-IDyMeIIjSA8OLaYUezZ7iYyOnHMlqozQGO8a4a+nYVOHUcHPUP2DSZaii9KW5yQGmfIoxgO4cdUVwy4OjtRa0w==", + "license": "MIT", + "engines": { + "node": ">=0.10", + "npm": ">=1.4" + } + }, + "node_modules/pg-promise": { + "version": "4.8.1", + "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-4.8.1.tgz", + "integrity": "sha512-uGLwMw+xyt41jbUn6F3GffXXe+qxUzVAmOyXEU9TNuUMbFfaM+RbqhBEbeH/1W8cgNP8/PkLmYeL0EUSt8W3yw==", + "deprecated": "This version of pg-promise is obsolete. You should update to a newer version.", + "license": "MIT", + "dependencies": { + "manakin": "0.3", + "pg": "5.1", + "pg-minify": "0.3", + "spex": "0.4" + }, + "engines": { + "node": ">=0.10", + "npm": ">=1.4" + } + }, + "node_modules/pg-types": { + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/pg-types/-/pg-types-1.13.0.tgz", + "integrity": "sha512-lfKli0Gkl/+za/+b6lzENajczwZHc7D5kiUCZfgm914jipD2kIOIvEkAhZ8GrW3/TUoP9w8FHjwpPObBye5KQQ==", + "license": "MIT", + "dependencies": { + "pg-int8": "1.0.1", + "postgres-array": "~1.0.0", + "postgres-bytea": "~1.0.0", + "postgres-date": "~1.0.0", + "postgres-interval": "^1.1.0" + } + }, + "node_modules/pg/node_modules/semver": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.2.tgz", + "integrity": "sha512-VyFUffiBx8hABJ9HYSTXLRwyZtdDHMzMtFmID1aiNAD2BZppBmJm0Hqw3p2jkgxP9BNt1pQ9RnC49P0EcXf6cA==", + "license": "BSD", + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/pgpass": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/pgpass/-/pgpass-0.0.6.tgz", + "integrity": "sha512-mBONoxI3nFXPVE/Ao9dTv0N0+DLOoVyL5VKeufqOuMJJk3Y3GWMoI6N0Nuo8On+MJc9PkiLKNrESMgKYFRGONQ==", + "license": "MIT", + "dependencies": { + "split": "^1.0.0" + } + }, + "node_modules/postgres-array": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/postgres-array/-/postgres-array-1.0.3.tgz", + "integrity": "sha512-5wClXrAP0+78mcsNX3/ithQ5exKvCyK5lr5NEEEeGwwM6NJdQgzIJBVxLvRW+huFpX92F2QnZ5CcokH0VhK2qQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-bytea": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.0.tgz", + "integrity": "sha512-xy3pmLuQqRBZBXDULy7KbaitYqLcmxigw14Q5sj8QBVLqEwXfeybIKVWiqAXTlcvdvb0+xkOtDbfQMOf4lST1w==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-date": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/postgres-date/-/postgres-date-1.0.7.tgz", + "integrity": "sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-interval": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/postgres-interval/-/postgres-interval-1.2.0.tgz", + "integrity": "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==", + "license": "MIT", + "dependencies": { + "xtend": "^4.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/proxy-addr": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-1.0.10.tgz", + "integrity": "sha512-iq6kR9KN32aFvXjDyC8nIrm203AHeIBPjL6dpaHgSdbpTO8KoPlD0xG92xwwtkCL9+yt1LE5VwpEk43TyP38Dg==", + "license": "MIT", + "dependencies": { + "forwarded": "~0.1.0", + "ipaddr.js": "1.0.5" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/qs": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-4.0.0.tgz", + "integrity": "sha512-8MPmJ83uBOPsQj5tQCv4g04/nTiY+d17yl9o3Bw73vC6XlEm2POIRRlOgWJ8i74bkGLII670cDJJZkgiZ2sIkg==", + "license": "BSD-3-Clause" + }, + "node_modules/random-bytes": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/random-bytes/-/random-bytes-1.0.0.tgz", + "integrity": "sha512-iv7LhNVO047HzYR3InF6pUcUsPQiHTM1Qal51DcGSuZFBil1aBBWG5eHPNek7bvILMaYJ/8RU1e8w1AMdHmLQQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/range-parser": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.0.3.tgz", + "integrity": "sha512-nDsRrtIxVUO5opg/A8T2S3ebULVIfuh8ECbh4w3N4mWxIiT3QILDJDUQayPqm2e8Q8NUa0RSUkGCfe33AfjR3Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.1.7", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.1.7.tgz", + "integrity": "sha512-x4d27vsIG04gZ1imkuDXB9Rd/EkAx5kYzeMijIYw1PAor0Ld3nTlkQQwDjKu42GdRUFCX1AfGnTSQB4O57eWVg==", + "license": "MIT", + "dependencies": { + "bytes": "2.4.0", + "iconv-lite": "0.4.13", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/bytes": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-2.4.0.tgz", + "integrity": "sha512-SvUX8+c/Ga454a4fprIdIUzUN9xfd1YTvYh7ub5ZPJ+ZJ/+K2Bp6IpWGmnw8r3caLTsmhvJAKZz3qjIo9+XuCQ==", + "license": "MIT" + }, + "node_modules/raw-body/node_modules/iconv-lite": { + "version": "0.4.13", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.13.tgz", + "integrity": "sha512-QwVuTNQv7tXC5mMWFX5N5wGjmybjNBBD8P3BReTkPmipoxTUFgWM2gXNvldHQr6T14DH0Dh6qBVg98iJt7u4mQ==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/readable-stream": { + "version": "1.0.34", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz", + "integrity": "sha512-ok1qVCJuRkNmvebYikljxJA/UEsKwLl2nI1OmaqAu4/UE+h0wKCHok4XkL/gvi39OacXvw59RJUOFUkDib2rHg==", + "license": "MIT", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.1", + "isarray": "0.0.1", + "string_decoder": "~0.10.x" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/semver": { + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz", + "integrity": "sha512-IrpJ+yoG4EOH8DFWuVg+8H1kW1Oaof0Wxe7cPcXW3x9BjkN/eVo54F15LyqemnDIUYskQWr9qvl/RihmSy6+xQ==", + "license": "ISC", + "bin": { + "semver": "bin/semver" + } + }, + "node_modules/send": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/send/-/send-0.13.1.tgz", + "integrity": "sha512-tajY7yMvJena2iggWhCzaysOVj/CH4AzqV2lJHUHboVNWQkIFEBJdKtzryKg3fLa83lxq9n/WQV53w9JZCe72w==", + "license": "MIT", + "dependencies": { + "debug": "~2.2.0", + "depd": "~1.1.0", + "destroy": "~1.0.4", + "escape-html": "~1.0.3", + "etag": "~1.7.0", + "fresh": "0.3.0", + "http-errors": "~1.3.1", + "mime": "1.3.4", + "ms": "0.7.1", + "on-finished": "~2.3.0", + "range-parser": "~1.0.3", + "statuses": "~1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/send/node_modules/statuses": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.2.1.tgz", + "integrity": "sha512-pVEuxHdSGrt8QmQ3LOZXLhSA6MP/iPqKzZeO6Squ7PNGkA/9MBsSfV0/L+bIxkoDmjF4tZcLpcVq/fkqoHvuKg==", + "license": "MIT" + }, + "node_modules/serve-favicon": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/serve-favicon/-/serve-favicon-2.3.2.tgz", + "integrity": "sha512-oHEaA3ohvKxEWhjP97cQ6QuTTbMBF3AxDyMSvBtvnl1jXaB2Ik6kXE7nUtPM3YVU5VHCDe6n7JZrFCWzQuvXEQ==", + "license": "MIT", + "dependencies": { + "etag": "~1.7.0", + "fresh": "0.3.0", + "ms": "0.7.2", + "parseurl": "~1.3.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-favicon/node_modules/ms": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.2.tgz", + "integrity": "sha512-5NnE67nQSQDJHVahPJna1PQ/zCXMnQop3yUCxjKPNzCxuyPSKWTQ/5Gu5CZmjetwGLWRA+PzeF5thlbOdbQldA==", + "license": "MIT" + }, + "node_modules/serve-static": { + "version": "1.10.3", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.10.3.tgz", + "integrity": "sha512-ScsFovjz3Db+vGgpofR/U8p8UULEcGV9akqyo8TQ1mMnjcxemE7Y5Muo+dvy3tJLY/doY2v1H61eCBMYGmwfrA==", + "license": "MIT", + "dependencies": { + "escape-html": "~1.0.3", + "parseurl": "~1.3.1", + "send": "0.13.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-static/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-static/node_modules/send": { + "version": "0.13.2", + "resolved": "https://registry.npmjs.org/send/-/send-0.13.2.tgz", + "integrity": "sha512-cQ0rmXHrdO2Iof08igV2bG/yXWD106ANwBg6DkGQNT2Vsznbgq6T0oAIQboy1GoFsIuy51jCim26aA9tj3Z3Zg==", + "license": "MIT", + "dependencies": { + "debug": "~2.2.0", + "depd": "~1.1.0", + "destroy": "~1.0.4", + "escape-html": "~1.0.3", + "etag": "~1.7.0", + "fresh": "0.3.0", + "http-errors": "~1.3.1", + "mime": "1.3.4", + "ms": "0.7.1", + "on-finished": "~2.3.0", + "range-parser": "~1.0.3", + "statuses": "~1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-static/node_modules/statuses": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.2.1.tgz", + "integrity": "sha512-pVEuxHdSGrt8QmQ3LOZXLhSA6MP/iPqKzZeO6Squ7PNGkA/9MBsSfV0/L+bIxkoDmjF4tZcLpcVq/fkqoHvuKg==", + "license": "MIT" + }, + "node_modules/spex": { + "version": "0.4.6", + "resolved": "https://registry.npmjs.org/spex/-/spex-0.4.6.tgz", + "integrity": "sha512-WhTEIvbsZPO1XU6IABOMmN3vlEBJCoDbfrjkIeQi3Yb2bBuN8NL7mtl3shZZoE47CZJfM/2t0+zyKe2Wf7IxHQ==", + "license": "MIT", + "engines": { + "node": ">=0.10", + "npm": ">=1.4" + } + }, + "node_modules/split": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz", + "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==", + "license": "MIT", + "dependencies": { + "through": "2" + }, + "engines": { + "node": "*" + } + }, + "node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/string_decoder": { + "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha512-ev2QzSzWPYmy9GuqfIVildA4OdcGLeFZQrq5ys6RtiuF+RQQiZWr8TZNyAcuVXyQRYfEO+MsoB/1BuQVhOJuoQ==", + "license": "MIT" + }, + "node_modules/through": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", + "integrity": "sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==", + "license": "MIT" + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/uid-safe": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/uid-safe/-/uid-safe-2.1.5.tgz", + "integrity": "sha512-KPHm4VL5dDXKz01UuEd88Df+KzynaohSL9fBh096KWAxSKZQDI2uBrVqtvRM4rwrIrRRKsdLNML/lnaaVSRioA==", + "license": "MIT", + "dependencies": { + "random-bytes": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/utils-merge": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz", + "integrity": "sha512-HwU9SLQEtyo+0uoKXd1nkLqigUWLB+QuNQR4OcmB73eWqksM5ovuqcycks2x043W8XVb75rG1HQ0h93TMXkzQQ==", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/vary": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.0.1.tgz", + "integrity": "sha512-yNsH+tC0r8quK2tg/yqkXqqaYzeKTkSqQ+8T6xCoWgOi/bU/omMYz+6k+I91JJJDeltJzI7oridTOq6OYkY0Tw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/xtend": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "license": "MIT", + "engines": { + "node": ">=0.4" + } + } + } +} From d3146e1e1cadbf3833e38ca3ca051279a3e843f4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:43:04 +0000 Subject: [PATCH 3/7] Add API router with RESTful endpoints Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- app.js | 2 + routes/api.js | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 routes/api.js diff --git a/app.js b/app.js index 08cddf25..80b0b6f5 100644 --- a/app.js +++ b/app.js @@ -12,6 +12,7 @@ var log4js = require("log4js"); var init_db = require('./model/init_db'); var login = require('./routes/login'); var products = require('./routes/products'); +var api = require('./routes/api'); var app = express(); @@ -51,6 +52,7 @@ app.use(session({ /* * Routes config */ +app.use('', api); app.use('', products); app.use('', login); diff --git a/routes/api.js b/routes/api.js new file mode 100644 index 00000000..b82d777b --- /dev/null +++ b/routes/api.js @@ -0,0 +1,121 @@ +var express = require('express'); +var router = express.Router(); +var db_products = require("../model/products"); +var auth = require("../model/auth"); + +/** + * API Routes - RESTful endpoints that return JSON + */ + +// GET /api/products - List all products +router.get('/api/products', function(req, res) { + db_products.list() + .then(function (data) { + res.json({ success: true, products: data }); + }) + .catch(function (err) { + res.status(500).json({ success: false, error: err.message }); + }); +}); + +// GET /api/products/search?q=query - Search products (must be before :id route) +router.get('/api/products/search', function(req, res) { + var query = req.query.q; + + if (!query) { + return res.status(400).json({ success: false, error: 'Query parameter "q" is required' }); + } + + db_products.search(query) + .then(function (data) { + res.json({ success: true, products: data, query: query }); + }) + .catch(function (err) { + res.status(500).json({ success: false, error: err.message }); + }); +}); + +// GET /api/products/:id - Get a specific product by ID +router.get('/api/products/:id', function(req, res) { + var product_id = req.params.id; + + db_products.getProduct(product_id) + .then(function (data) { + res.json({ success: true, product: data }); + }) + .catch(function (err) { + res.status(404).json({ success: false, error: 'Product not found' }); + }); +}); + +// POST /api/purchases - Create a new purchase +router.post('/api/purchases', function(req, res) { + var cart = { + mail: req.body.mail, + address: req.body.address, + ship_date: req.body.ship_date, + phone: req.body.phone, + product_id: req.body.product_id, + product_name: req.body.product_name, + username: req.body.username, + price: req.body.price + }; + + // Validate required fields + for (var prop in cart) { + if (cart[prop] == undefined) { + return res.status(400).json({ success: false, error: "Missing parameter '" + prop + "'" }); + } + } + + // Validate email format + var re = /^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/; + if (!re.test(cart.mail)) { + return res.status(400).json({ success: false, error: 'Invalid mail format' }); + } + + db_products.purchase(cart) + .then(function (data) { + res.status(201).json({ success: true, message: 'Product purchased successfully' }); + }) + .catch(function (err) { + res.status(500).json({ success: false, error: err.message }); + }); +}); + +// GET /api/purchases?username=user - Get purchases for a specific user +router.get('/api/purchases', function(req, res) { + var username = req.query.username; + + if (!username) { + return res.status(400).json({ success: false, error: 'Query parameter "username" is required' }); + } + + db_products.getPurchased(username) + .then(function (data) { + res.json({ success: true, purchases: data }); + }) + .catch(function (err) { + res.status(500).json({ success: false, error: err.message }); + }); +}); + +// POST /api/auth - Authenticate a user +router.post('/api/auth', function(req, res) { + var username = req.body.username; + var password = req.body.password; + + if (!username || !password) { + return res.status(400).json({ success: false, error: 'Username and password are required' }); + } + + auth(username, password) + .then(function (data) { + res.json({ success: true, message: 'Authentication successful', user: { name: data.name } }); + }) + .catch(function (err) { + res.status(401).json({ success: false, error: 'Invalid credentials' }); + }); +}); + +module.exports = router; From 516a44773c027fc3c9aa892dbf57f8cfd7fa9dd2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:53:37 +0000 Subject: [PATCH 4/7] Add API documentation Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- API_DOCUMENTATION.md | 298 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 298 insertions(+) create mode 100644 API_DOCUMENTATION.md diff --git a/API_DOCUMENTATION.md b/API_DOCUMENTATION.md new file mode 100644 index 00000000..c0a5398d --- /dev/null +++ b/API_DOCUMENTATION.md @@ -0,0 +1,298 @@ +# API Endpoints Documentation + +This document describes the RESTful API endpoints available in the vulnerable-node application. + +## Base URL + +All API endpoints are prefixed with `/api`. + +## Authentication + +The authentication endpoint allows you to validate user credentials. + +### POST /api/auth + +Authenticate a user with username and password. + +**Request Body:** +```json +{ + "username": "admin", + "password": "admin" +} +``` + +**Success Response (200):** +```json +{ + "success": true, + "message": "Authentication successful", + "user": { + "name": "admin" + } +} +``` + +**Error Response (401):** +```json +{ + "success": false, + "error": "Invalid credentials" +} +``` + +**Error Response (400):** +```json +{ + "success": false, + "error": "Username and password are required" +} +``` + +## Products + +### GET /api/products + +Get a list of all products. + +**Success Response (200):** +```json +{ + "success": true, + "products": [ + { + "id": 0, + "name": "Product Name", + "description": "Product description", + "price": 100, + "image": "image-url" + } + ] +} +``` + +**Error Response (500):** +```json +{ + "success": false, + "error": "Error message" +} +``` + +### GET /api/products/search?q=query + +Search for products by name or description. + +**Query Parameters:** +- `q` (required): Search query string + +**Success Response (200):** +```json +{ + "success": true, + "products": [ + { + "id": 0, + "name": "Product Name", + "description": "Product description", + "price": 100, + "image": "image-url" + } + ], + "query": "search term" +} +``` + +**Error Response (400):** +```json +{ + "success": false, + "error": "Query parameter \"q\" is required" +} +``` + +### GET /api/products/:id + +Get details of a specific product by ID. + +**URL Parameters:** +- `id`: Product ID + +**Success Response (200):** +```json +{ + "success": true, + "product": { + "id": 0, + "name": "Product Name", + "description": "Product description", + "price": 100, + "image": "image-url" + } +} +``` + +**Error Response (404):** +```json +{ + "success": false, + "error": "Product not found" +} +``` + +## Purchases + +### POST /api/purchases + +Create a new purchase. + +**Request Body:** +```json +{ + "mail": "user@example.com", + "address": "123 Main St", + "ship_date": "2024-01-01", + "phone": "555-1234", + "product_id": 1, + "product_name": "Product Name", + "username": "john", + "price": 100 +} +``` + +**Success Response (201):** +```json +{ + "success": true, + "message": "Product purchased successfully" +} +``` + +**Error Response (400):** +```json +{ + "success": false, + "error": "Missing parameter 'field_name'" +} +``` + +or + +```json +{ + "success": false, + "error": "Invalid mail format" +} +``` + +**Error Response (500):** +```json +{ + "success": false, + "error": "Error message" +} +``` + +### GET /api/purchases?username=user + +Get all purchases for a specific user. + +**Query Parameters:** +- `username` (required): Username to retrieve purchases for + +**Success Response (200):** +```json +{ + "success": true, + "purchases": [ + { + "id": 1, + "product_id": 1, + "product_name": "Product Name", + "user_name": "john", + "mail": "user@example.com", + "address": "123 Main St", + "phone": "555-1234", + "ship_date": "2024-01-01", + "price": 100 + } + ] +} +``` + +**Error Response (400):** +```json +{ + "success": false, + "error": "Query parameter \"username\" is required" +} +``` + +**Error Response (500):** +```json +{ + "success": false, + "error": "Error message" +} +``` + +## Example Usage + +### Using cURL + +**Get all products:** +```bash +curl http://localhost:3000/api/products +``` + +**Search for products:** +```bash +curl "http://localhost:3000/api/products/search?q=laptop" +``` + +**Get a specific product:** +```bash +curl http://localhost:3000/api/products/1 +``` + +**Authenticate:** +```bash +curl -X POST http://localhost:3000/api/auth \ + -H "Content-Type: application/json" \ + -d '{"username": "admin", "password": "admin"}' +``` + +**Create a purchase:** +```bash +curl -X POST http://localhost:3000/api/purchases \ + -H "Content-Type: application/json" \ + -d '{ + "mail": "user@example.com", + "address": "123 Main St", + "ship_date": "2024-01-01", + "phone": "555-1234", + "product_id": 1, + "product_name": "Product Name", + "username": "john", + "price": 100 + }' +``` + +**Get user purchases:** +```bash +curl "http://localhost:3000/api/purchases?username=john" +``` + +## Response Format + +All API endpoints return JSON responses with the following structure: + +- **Success responses** include a `success: true` field +- **Error responses** include a `success: false` field and an `error` field with the error message +- HTTP status codes are used appropriately: + - 200: Success + - 201: Created + - 400: Bad Request + - 401: Unauthorized + - 404: Not Found + - 500: Internal Server Error From d20b7693d7694c3f2604db8a824de440e13d48ef Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:55:31 +0000 Subject: [PATCH 5/7] Fix: Use strict equality in parameter validation Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- routes/api.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/api.js b/routes/api.js index b82d777b..cbda1705 100644 --- a/routes/api.js +++ b/routes/api.js @@ -63,7 +63,7 @@ router.post('/api/purchases', function(req, res) { // Validate required fields for (var prop in cart) { - if (cart[prop] == undefined) { + if (cart[prop] === undefined) { return res.status(400).json({ success: false, error: "Missing parameter '" + prop + "'" }); } } From 77f2c797a411f1e2eb1e0c312112f07227dbd716 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:57:24 +0000 Subject: [PATCH 6/7] Security: Fix ReDoS vulnerability in email validation Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- routes/api.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/routes/api.js b/routes/api.js index cbda1705..ffdf3e3f 100644 --- a/routes/api.js +++ b/routes/api.js @@ -68,8 +68,8 @@ router.post('/api/purchases', function(req, res) { } } - // Validate email format - var re = /^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/; + // Validate email format - using a simpler pattern to avoid ReDoS + var re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; if (!re.test(cart.mail)) { return res.status(400).json({ success: false, error: 'Invalid mail format' }); } @@ -101,6 +101,8 @@ router.get('/api/purchases', function(req, res) { }); // POST /api/auth - Authenticate a user +// Note: This endpoint does not implement rate limiting, which is a security concern +// in production applications. Consider adding rate limiting middleware for production use. router.post('/api/auth', function(req, res) { var username = req.body.username; var password = req.body.password; From 0aedc8f38dfdc88609f25c6c10d3471c8abfc96d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 4 Nov 2025 17:59:11 +0000 Subject: [PATCH 7/7] Security: Replace regex email validation to prevent ReDoS Co-authored-by: scubaninja <26086919+scubaninja@users.noreply.github.com> --- routes/api.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/routes/api.js b/routes/api.js index ffdf3e3f..627ddfdc 100644 --- a/routes/api.js +++ b/routes/api.js @@ -68,9 +68,8 @@ router.post('/api/purchases', function(req, res) { } } - // Validate email format - using a simpler pattern to avoid ReDoS - var re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; - if (!re.test(cart.mail)) { + // Basic email format validation - checking for @ and . characters + if (!cart.mail || cart.mail.indexOf('@') === -1 || cart.mail.indexOf('.') === -1) { return res.status(400).json({ success: false, error: 'Invalid mail format' }); }