Fix CVE-2024-46256 and CVE-2024-46257

- Schema validate against bad domain characters
- Integration test for CVE POC examples
- Cypress rewrite of plugins for file upload

backend/schema/common.json

@@ -76,7 +76,7 @@
 			"uniqueItems": true,
 			"items": {
 				"type": "string",
-				"pattern": "^(?:\\*\\.)?(?:[^.*]+\\.?)+[^.]$"
+				"pattern": "^[^&| @!#%^();:/\\\\}{=+?<>,~`'\"]+$"
 			}
 		},
 		"enabled": {

backend/schema/components/error.json

@@ -0,0 +1,9 @@
+{
+	"type": "object",
+	"description": "Error",
+	"properties": {
+		"error": {
+			"$ref": "./error-object.json"
+		}
+	}
+}

backend/schema/paths/nginx/certificates/post.json

@@ -72,6 +72,26 @@
 					}
 				}
 			}
+		},
+		"400": {
+			"description": "400 response",
+			"content": {
+				"application/json": {
+					"examples": {
+						"default": {
+							"value": {
+								"error": {
+									"code": 400,
+									"message": "Domains are invalid"
+								}
+							}
+						}
+					},
+					"schema": {
+						"$ref": "../../../components/error.json"
+					}
+				}
+			}
 		}
 	}
 }

backend/schema/paths/nginx/certificates/validate/post.json

@@ -50,6 +50,42 @@
 								"certificate_key": true
 							}
 						}
+					},
+					"schema": {
+						"type": "object",
+						"additionalProperties": false,
+						"required": ["certificate", "certificate_key"],
+						"properties": {
+							"certificate": {
+								"type": "object",
+								"additionalProperties": false,
+								"required": ["cn", "issuer", "dates"],
+								"properties": {
+									"cn": {
+										"type": "string"
+									},
+									"issuer": {
+										"type": "string"
+									},
+									"dates": {
+										"type": "object",
+										"additionalProperties": false,
+										"required": ["from", "to"],
+										"properties": {
+											"from": {
+												"type": "integer"
+											},
+											"to": {
+												"type": "integer"
+											}
+										}
+									}
+								}
+							},
+							"certificate_key": {
+								"type": "boolean"
+							}
+						}
 					}
 				}
 			}
@@ -67,6 +103,9 @@
 								}
 							}
 						}
+					},
+					"schema": {
+						"$ref": "../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/dead-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/dead-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/proxy-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/proxy-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/redirection-hosts/hostID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/redirection-hosts/hostID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/streams/streamID/disable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

backend/schema/paths/nginx/streams/streamID/enable/post.json

@@ -50,7 +50,7 @@
 						}
 					},
 					"schema": {
-						"$ref": "../../../../../components/error-object.json"
+						"$ref": "../../../../../components/error.json"
 					}
 				}
 			}

test/cypress/e2e/api/Certificates.cy.js

@@ -0,0 +1,50 @@
+/// <reference types="Cypress" />
+
+describe('Certificates endpoints', () => {
+	let token;
+
+	before(() => {
+		cy.getToken().then((tok) => {
+			token = tok;
+		});
+	});
+
+	it('Validate custom certificate', function() {
+		cy.task('backendApiPostFiles', {
+			token: token,
+			path:  '/api/nginx/certificates/validate',
+			files:  {
+				certificate: 'test.example.com.pem',
+				certificate_key: 'test.example.com-key.pem',
+			},
+		}).then((data) => {
+			cy.validateSwaggerSchema('post', 200, '/nginx/certificates/validate', data);
+			expect(data).to.have.property('certificate');
+			expect(data).to.have.property('certificate_key');
+		});
+	});
+
+	it('Request Certificate - CVE-2024-46256/CVE-2024-46257', function() {
+		cy.task('backendApiPost', {
+			token: token,
+			path:  '/api/nginx/certificates',
+			data:  {
+				domain_names: ['test.com"||echo hello-world||\\\\n test.com"'],
+				meta:         {
+					dns_challenge:     false,
+					letsencrypt_agree: true,
+					letsencrypt_email: '[email protected]',
+				},
+				provider: 'letsencrypt',
+			},
+			returnOnError: true,
+		}).then((data) => {
+			cy.validateSwaggerSchema('post', 400, '/nginx/certificates', data);
+			expect(data).to.have.property('error');
+			expect(data.error).to.have.property('message');
+			expect(data.error).to.have.property('code');
+			expect(data.error.code).to.equal(400);
+			expect(data.error.message).to.contain('data/domain_names/0 must match pattern');
+		});
+	});
+});

test/cypress/fixtures/test.example.com-key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1n9j9C5Bes1nd
+qACDckERauxXVNKCnUlUM1buGBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2w
+rbmvZvLuPmXePOKbIKS+XXh+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHge
+Yz6Cv/Si2/LJPCh/CoBfM4hUQJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQ
+oxRAHiOR9081Xn1WeoKr7kVBIa5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7Z
+Eo+nS8Wr/4QWicatIWZXpVaEOPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79X
+zGONeH1PAgMBAAECggEAANb3Wtwl07pCjRrMvc7WbC0xYIn82yu8/g2qtjkYUJcU
+ia5lQbYN7RGCS85Oc/tkq48xQEG5JQWNH8b918jDEMTrFab0aUEyYcru1q9L8PL6
+YHaNgZSrMrDcHcS8h0QOXNRJT5jeGkiHJaTR0irvB526tqF3knbK9yW22KTfycUe
+a0Z9voKn5xRk1DCbHi/nk2EpT7xnjeQeLFaTIRXbS68omkr4YGhwWm5OizoyEGZu
+W0Zum5BkQyMr6kor3wdxOTG97ske2rcyvvHi+ErnwL0xBv0qY0Dhe8DpuXpDezqw
+o72yY8h31Fu84i7sAj24YuE5Df8DozItFXQpkgbQ6QKBgQDPrufhvIFm2S/MzBdW
+H8JxY7CJlJPyxOvc1NIl9RczQGAQR90kx52cgIcuIGEG6/wJ/xnGfMmW40F0DnQ+
+N+oLgB9SFxeLkRb7s9Z/8N3uIN8JJFYcerEOiRQeN2BXEEWJ7bUThNtsVrAcKoUh
+ELsDmnHW/3V+GKwhd0vpk842+wKBgQDf4PGLG9PTE5tlAoyHFodJRd2RhTJQkwsU
+MDNjLJ+KecLv+Nl+QiJhoflG1ccqtSFlBSCG067CDQ5LV0xm3mLJ7pfJoMgjcq31
+qjEmX4Ls91GuVOPtbwst3yFKjsHaSoKB5fBvWRcKFpBUezM7Qcw2JP3+dQT+bQIq
+cMTkRWDSvQKBgQDOdCQFDjxg/lR7NQOZ1PaZe61aBz5P3pxNqa7ClvMaOsuEQ7w9
+vMYcdtRq8TsjA2JImbSI0TIg8gb2FQxPcYwTJKl+FICOeIwtaSg5hTtJZpnxX5LO
+utTaC0DZjNkTk5RdOdWA8tihyUdGqKoxJY2TVmwGe2rUEDjFB++J4inkEwKBgB6V
+g0nmtkxanFrzOzFlMXwgEEHF+Xaqb9QFNa/xs6XeNnREAapO7JV75Cr6H2hFMFe1
+mJjyqCgYUoCWX3iaHtLJRnEkBtNY4kzyQB6m46LtsnnnXO/dwKA2oDyoPfFNRoDq
+YatEd3JIXNU9s2T/+x7WdOBjKhh72dTkbPFmTPDdAoGAU6rlPBevqOFdObYxdPq8
+EQWu44xqky3Mf5sBpOwtu6rqCYuziLiN7K4sjN5GD5mb1cEU+oS92ZiNcUQ7MFXk
+8yTYZ7U0VcXyAcpYreWwE8thmb0BohJBr+Mp3wLTx32x0HKdO6vpUa0d35LUTUmM
+RrKmPK/msHKK/sVHiL+NFqo=
+-----END PRIVATE KEY-----

test/cypress/fixtures/test.example.com.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYDCCAsigAwIBAgIRAPoSC0hvitb26ODMlsH6YbowDQYJKoZIhvcNAQELBQAw
+gZExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTEzMDEGA1UECwwqamN1
+cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJub3cpMTowOAYDVQQD
+DDFta2NlcnQgamN1cm5vd0BKYW1pZXMtTGFwdG9wLmxvY2FsIChKYW1pZSBDdXJu
+b3cpMB4XDTI0MTAwOTA3MjIxN1oXDTI3MDEwOTA3MjIxN1owXjEnMCUGA1UEChMe
+bWtjZXJ0IGRldmVsb3BtZW50IGNlcnRpZmljYXRlMTMwMQYDVQQLDCpqY3Vybm93
+QEphbWllcy1MYXB0b3AubG9jYWwgKEphbWllIEN1cm5vdykwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC1n9j9C5Bes1ndqACDckERauxXVNKCnUlUM1bu
+GBx1xc+j2e2Ar23wUJJuWBY18VfT8yqfqVDktO2wrbmvZvLuPmXePOKbIKS+XXh+
+2NG9L5bDG9rwGFCRXnbQj+GWCdMfzx14+CR1IHgeYz6Cv/Si2/LJPCh/CoBfM4hU
+QJON3lxAWrWBpdbZnKYMrxuPBRfW9OuzTbCVXToQoxRAHiOR9081Xn1WeoKr7kVB
+Ia5UphlvWXa12w1YmUwJu7YndnJGIavLWeNCVc7ZEo+nS8Wr/4QWicatIWZXpVaE
+OPhRoeplQDxNWg5b/Q26rYoVd7PrCmRs7sVcH79XzGONeH1PAgMBAAGjZTBjMA4G
+A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAfBgNVHSMEGDAWgBSB
+/vfmBUd4W7CvyEMl7YpMVQs8vTAbBgNVHREEFDASghB0ZXN0LmV4YW1wbGUuY29t
+MA0GCSqGSIb3DQEBCwUAA4IBgQASwON/jPAHzcARSenY0ZGY1m5OVTYoQ/JWH0oy
+l8SyFCQFEXt7UHDD/eTtLT0vMyc190nP57P8lTnZGf7hSinZz1B1d6V4cmzxpk0s
+VXZT+irL6bJVJoMBHRpllKAhGULIo33baTrWFKA0oBuWx4AevSWKcLW5j87kEawn
+ATCuMQ1I3ifR1mSlB7X8fb+vF+571q0NGuB3a42j6rdtXJ6SmH4+9B4qO0sfHDNt
+IImpLCH/tycDpcYrGSCn1QrekFG1bSEh+Bb9i8rqMDSDsYrTFPZTuOQ3EtjGni9u
+m+rEP3OyJg+md8c+0LVP7/UU4QWWnw3/Wolo5kSCxE8vNTFqi4GhVbdLnUtcIdTV
+XxuR6cKyW87Snj1a0nG76ZLclt/akxDhtzqeV60BO0p8pmiev8frp+E94wFNYCmp
+1cr3CnMEGRaficLSDFC6EBENzlZW2BQT6OMIV+g0NBgSyQe39s2zcdEl5+SzDVuw
+hp8bJUp/QN7pnOVCDbjTQ+HVMXw=
+-----END CERTIFICATE-----

test/cypress/plugins/backendApi/client.js

@@ -1,9 +1,14 @@
 const logger  = require('./logger');
-const restler = require('@jc21/restler');
+const axios = require('axios').default;
 
 const BackendApi = function(config, token) {
 	this.config = config;
 	this.token  = token;
+
+	this.axios = axios.create({
+		baseURL: config.baseUrl,
+		timeout: 5000,
+	});
 };
 
 /**
@@ -14,128 +19,113 @@ BackendApi.prototype.setToken = function(token) {
 };
 
 /**
- * @param {string} path
- * @param {bool}   [returnOnError]
- * @returns {Promise<object>}
+ * @param {bool} returnOnError
  */
-BackendApi.prototype.get = function(path, returnOnError) {
-	return new Promise((resolve, reject) => {
-		let headers = {
+BackendApi.prototype._prepareOptions = function(returnOnError) {
+	let options = {
+		headers: {
 			Accept: 'application/json'
-		};
-		if (this.token) {
-			headers.Authorization = 'Bearer ' + this.token;
 		}
-
-		logger('GET ', this.config.baseUrl + path);
-
-		restler
-			.get(this.config.baseUrl + path, {
-				headers: headers,
-			})
-			.on('complete', function(data, response) {
-				logger('Response data:', data);
-				if (!returnOnError && data instanceof Error) {
-					reject(data);
-				} else if (!returnOnError && response.statusCode != 200) {
-					if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') {
-						reject(new Error(data.error.code + ': ' + data.error.message));
-					} else {
-						reject(new Error('Error ' + response.statusCode));
-					}
-				} else {
-					resolve(data);
-				}
-			});
-	});
+	}
+	if (this.token) {
+		options.headers.Authorization = 'Bearer ' + this.token;
+	}
+	if (returnOnError) {
+		options.validateStatus = function () {
+			return true;
+		}
+	}
+	return options;
 };
 
 /**
- * @param {string} path
- * @param {bool}   [returnOnError]
- * @returns {Promise<object>}
+ * @param {*} response
+ * @param {function} resolve
+ * @param {function} reject
+ * @param {bool} returnOnError
  */
-BackendApi.prototype.delete = function(path, returnOnError) {
-	return new Promise((resolve, reject) => {
-		let headers = {
-			Accept: 'application/json'
-		};
-		if (this.token) {
-			headers.Authorization = 'Bearer ' + this.token;
+BackendApi.prototype._handleResponse = function(response, resolve, reject, returnOnError) {
+	logger('Response data:', response.data);
+	if (!returnOnError && typeof response.data === 'object' && typeof response.data.error === 'object') {
+		if (typeof response.data === 'object' && typeof response.data.error === 'object' && typeof response.data.error.message !== 'undefined') {
+			reject(new Error(response.data.error.code + ': ' + response.data.error.message));
+		} else {
+			reject(new Error('Error ' + response.status));
 		}
-
-		logger('DELETE ', this.config.baseUrl + path);
-
-		restler
-			.del(this.config.baseUrl + path, {
-				headers: headers,
-			})
-			.on('complete', function(data, response) {
-				logger('Response data:', data);
-				if (!returnOnError && data instanceof Error) {
-					reject(data);
-				} else if (!returnOnError && response.statusCode != 200) {
-					if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') {
-						reject(new Error(data.error.code + ': ' + data.error.message));
-					} else {
-						reject(new Error('Error ' + response.statusCode));
-					}
-				} else {
-					resolve(data);
-				}
-			});
-	});
+	} else {
+		resolve(response.data);
+	}
 };
 
 /**
- * @param {string} path
- * @param {object} data
- * @param {bool}   [returnOnError]
- * @returns {Promise<object>}
+ * @param {*} err
+ * @param {function} resolve
+ * @param {function} reject
+ * @param {bool} returnOnError
  */
-BackendApi.prototype.postJson = function(path, data, returnOnError) {
-	logger('POST ', this.config.baseUrl + path);
-	return this._putPostJson('postJson', path, data, returnOnError);
+BackendApi.prototype._handleError = function(err, resolve, reject, returnOnError) {
+	logger('Axios Error:', err);
+	if (returnOnError) {
+		resolve(typeof err.response.data !== 'undefined' ? err.response.data : err);
+	} else {
+		reject(err);
+	}
 };
 
 /**
+ * @param {string} method
  * @param {string} path
- * @param {object} data
  * @param {bool}   [returnOnError]
+ * @param {*}      [data]
  * @returns {Promise<object>}
  */
-BackendApi.prototype.putJson = function(path, data, returnOnError) {
-	logger('PUT ', this.config.baseUrl + path);
-	return this._putPostJson('putJson', path, data, returnOnError);
+BackendApi.prototype.request = function (method, path, returnOnError, data) {
+	logger(method.toUpperCase(), this.config.baseUrl + path);
+	const options = this._prepareOptions(returnOnError);
+
+	return new Promise((resolve, reject) => {
+		let opts = {
+			method: method,
+			url: path,
+			...options
+		}
+		if (data !== undefined && data !== null) {
+			opts.data = data;
+		}
+
+		this.axios(opts)
+			.then((response) => {
+				this._handleResponse(response, resolve, reject, returnOnError);
+			})
+			.catch((err) => {
+				this._handleError(err, resolve, reject, returnOnError);
+			});
+	});
 };
 
 /**
  * @param {string} path
- * @param {object} data
+ * @param {form}   form
  * @param {bool}   [returnOnError]
  * @returns {Promise<object>}
  */
-BackendApi.prototype._putPostJson = function(fn, path, data, returnOnError) {
+BackendApi.prototype.postForm = function (path, form, returnOnError) {
+	logger('POST', this.config.baseUrl + path);
+	const options = this._prepareOptions(returnOnError);
+
 	return new Promise((resolve, reject) => {
-		restler[fn](this.config.baseUrl + path, data, {
-			headers: {
-				Accept:        'application/json',
-				Authorization: 'Bearer ' + this.token,
-			},
-		}).on('complete', function(data, response) {
-			logger('Response data:', data);
-			if (!returnOnError && data instanceof Error) {
-				reject(data);
-			} else if (!returnOnError && (response.statusCode < 200 || response.statusCode >= 300)) {
-				if (typeof data === 'object' && typeof data.error === 'object' && typeof data.error.message !== 'undefined') {
-					reject(new Error(data.error.code + ': ' + data.error.message));
-				} else {
-					reject(new Error('Error ' + response.statusCode));
-				}
-			} else {
-				resolve(data);
-			}
-		});
+		const opts = {
+			...options,
+			...form.getHeaders(),
+		}
+
+		this.axios.post(path, form, opts)
+			.then((response) => {
+				this._handleResponse(response, resolve, reject, returnOnError);
+			})
+			.catch((err) => {
+				this._handleError(err, resolve, reject, returnOnError);
+			});
 	});
 };
 

test/cypress/plugins/backendApi/task.js

@@ -1,8 +1,9 @@
+const fs     = require('fs');
+const FormData = require('form-data');
 const logger = require('./logger');
 const Client = require('./client');
 
 module.exports = function (config) {
-
 	logger('Client Ready using', config.baseUrl);
 
 	return {
@@ -17,7 +18,7 @@ module.exports = function (config) {
 		backendApiGet: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.get(options.path, options.returnOnError || false);
+			return api.request('get', options.path, options.returnOnError || false);
 		},
 
 		/**
@@ -31,7 +32,26 @@ module.exports = function (config) {
 		backendApiPost: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.postJson(options.path, options.data, options.returnOnError || false);
+			return api.request('post', options.path, options.returnOnError || false, options.data);
+		},
+
+		/**
+		 * @param   {object}    options
+		 * @param   {string}    options.token        JWT
+		 * @param   {string}    options.path         API path
+		 * @param   {object}    options.files
+		 * @param   {bool}      [options.returnOnError] If true, will return instead of throwing errors
+		 * @returns {string}
+		 */
+		backendApiPostFiles: (options) => {
+			const api = new Client(config);
+			api.setToken(options.token);
+
+			const form = new FormData();
+			for (let [key, value] of Object.entries(options.files)) {
+				form.append(key, fs.createReadStream(config.fixturesFolder + '/' + value));
+			}
+			return api.postForm(options.path, form, options.returnOnError || false);
 		},
 
 		/**
@@ -45,7 +65,7 @@ module.exports = function (config) {
 		backendApiPut: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.putJson(options.path, options.data, options.returnOnError || false);
+			return api.request('put', options.path, options.returnOnError || false, options.data);
 		},
 
 		/**
@@ -58,7 +78,7 @@ module.exports = function (config) {
 		backendApiDelete: (options) => {
 			const api = new Client(config);
 			api.setToken(options.token);
-			return api.delete(options.path, options.returnOnError || false);
+			return api.request('delete', options.path, options.returnOnError || false);
 		}
 	};
-};
+};

test/package.json

@@ -1,11 +1,11 @@
 {
-	"name": "test",
+	"name": "npm-test",
 	"version": "1.0.0",
 	"description": "",
 	"main": "index.js",
 	"dependencies": {
-		"@jc21/cypress-swagger-validation": "^0.2.6",
-		"@jc21/restler": "^3.4.0",
+		"@jc21/cypress-swagger-validation": "^0.2.7",
+		"axios": "^1.7.7",
 		"cypress": "^13.15.0",
 		"cypress-multi-reporters": "^1.6.4",
 		"cypress-wait-until": "^3.0.2",
@@ -13,6 +13,7 @@
 		"eslint-plugin-align-assignments": "^1.1.2",
 		"eslint-plugin-chai-friendly": "^1.0.1",
 		"eslint-plugin-cypress": "^3.5.0",
+		"form-data": "^4.0.1",
 		"lodash": "^4.17.21",
 		"mocha": "^10.7.3",
 		"mocha-junit-reporter": "^2.2.1"

test/yarn.lock

@@ -167,29 +167,19 @@
   resolved "https://registry.yarnpkg.com/@humanwhocodes/retry/-/retry-0.3.1.tgz#c72a5c76a9fbaf3488e231b13dc52c0da7bab42a"
   integrity sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA==
 
-"@jc21/cypress-swagger-validation@^0.2.6":
-  version "0.2.6"
-  resolved "https://registry.yarnpkg.com/@jc21/cypress-swagger-validation/-/cypress-swagger-validation-0.2.6.tgz#8b61f2413fa81cae6f8c2f33ecce5a6ded897030"
-  integrity sha512-8i8poTwi13e4BRKWpvmXFmqvEfQq3Kn9tunWhNYT7IQwiMeUVou+g1yh99QzuI501DBPtL2XEwjNukxTf5GiyQ==
+"@jc21/cypress-swagger-validation@^0.2.7":
+  version "0.2.7"
+  resolved "https://registry.yarnpkg.com/@jc21/cypress-swagger-validation/-/cypress-swagger-validation-0.2.7.tgz#64642b12d98b884df8c30b72852162941285d2af"
+  integrity sha512-4EQ0gfigRwVVl3DnVYbR48/EKGnn7oH5YYdMzf6zqypO+bqYvDHu9kgk/WqkGlT/aauGQ7e0YGMo8ZvR7mL0Ng==
   dependencies:
     "@apidevtools/swagger-parser" "^10.1.0"
-    ajv "^8.12.0"
+    ajv "^8.17.1"
     json-schema "^0.4.0"
-    json-schema-ref-parser "^9.0.6"
+    json-schema-ref-parser "^9.0.9"
     jsonpath "^1.1.1"
     lodash "^4.17.21"
     openapi-types "^12.1.3"
-    picocolors "^1.0.0"
-
-"@jc21/restler@^3.4.0":
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/@jc21/restler/-/restler-3.4.0.tgz#cfa214ddb9946a800c6fe472529f72b01e93c763"
-  integrity sha512-P1Nl2ifoQwqtxcqJKYHvxgPfckeIZWbVSYMlNAP+cL2KNk3U5eErPKt4xr5YLIQ+NarFsHMGH8+CBa00FKAGrw==
-  dependencies:
-    iconv-lite "0.2.11"
-    qs "1.2.0"
-    xml2js "0.4.0"
-    yaml "0.2.3"
+    picocolors "^1.1.0"
 
 "@jsdevtools/ono@^7.1.3":
   version "7.1.3"
@@ -271,7 +261,17 @@ ajv@^6.12.4:
     json-schema-traverse "^0.4.1"
     uri-js "^4.2.2"
 
-ajv@^8.12.0, ajv@^8.6.3:
+ajv@^8.17.1:
+  version "8.17.1"
+  resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6"
+  integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==
+  dependencies:
+    fast-deep-equal "^3.1.3"
+    fast-uri "^3.0.1"
+    json-schema-traverse "^1.0.0"
+    require-from-string "^2.0.2"
+
+ajv@^8.6.3:
   version "8.13.0"
   resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.13.0.tgz#a3939eaec9fb80d217ddf0c3376948c023f28c91"
   integrity sha512-PRA911Blj99jR5RMeTunVbNXMF6Lp4vZXnk5GQjcnUWUTsrXtekg/pnmFFI2u/I36Y/2bITGS30GZCXei6uNkA==
@@ -390,6 +390,15 @@ aws4@^1.8.0:
   resolved "https://registry.yarnpkg.com/aws4/-/aws4-1.9.0.tgz#24390e6ad61386b0a747265754d2a17219de862c"
   integrity sha512-Uvq6hVe90D0B2WEnUqtdgY1bATGz3mw33nH9Y+dmA+w5DHvUmBgkr5rM/KCHpCsiFNRUfokW/szpPPgMK2hm4A==
 
+axios@^1.7.7:
+  version "1.7.7"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.7.tgz#2f554296f9892a72ac8d8e4c5b79c14a91d0a47f"
+  integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==
+  dependencies:
+    follow-redirects "^1.15.6"
+    form-data "^4.0.0"
+    proxy-from-env "^1.1.0"
+
 balanced-match@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
@@ -506,11 +515,6 @@ chalk@^4.0.0, chalk@^4.1.0:
     ansi-styles "^4.1.0"
     supports-color "^7.1.0"
 
-chalk@^5.3.0:
-  version "5.3.0"
-  resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.3.0.tgz#67c20a7ebef70e7f3970a01f90fa210cb6860385"
-  integrity sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==
-
 [email protected]:
   version "0.0.2"
   resolved "https://registry.yarnpkg.com/charenc/-/charenc-0.0.2.tgz#c0a1d2f3a7092e03774bfa83f14c0fc5790a8667"
@@ -1049,6 +1053,11 @@ fast-levenshtein@^2.0.6, fast-levenshtein@~2.0.6:
   resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917"
   integrity sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=
 
+fast-uri@^3.0.1:
+  version "3.0.2"
+  resolved "https://registry.yarnpkg.com/fast-uri/-/fast-uri-3.0.2.tgz#d78b298cf70fd3b752fd951175a3da6a7b48f024"
+  integrity sha512-GR6f0hD7XXyNJa25Tb9BuIdN0tdr+0BMi6/CJPH3wJO1JjNG3n/VsSw38AwRdKZABm8lGbPfakLRkYzx2V9row==
+
 fd-slicer@~1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.1.0.tgz#25c7c89cb1f9077f8891bbe61d8f390eae256f1e"
@@ -1103,11 +1112,25 @@ flatted@^3.2.9:
   resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.3.1.tgz#21db470729a6734d4997002f439cb308987f567a"
   integrity sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==
 
+follow-redirects@^1.15.6:
+  version "1.15.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.9.tgz#a604fa10e443bf98ca94228d9eebcc2e8a2c8ee1"
+  integrity sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==
+
 forever-agent@~0.6.1:
   version "0.6.1"
   resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
   integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=
 
+form-data@^4.0.0, form-data@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.1.tgz#ba1076daaaa5bfd7e99c1a6cb02aa0a5cff90d48"
+  integrity sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==
+  dependencies:
+    asynckit "^0.4.0"
+    combined-stream "^1.0.8"
+    mime-types "^2.1.12"
+
 form-data@~4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
@@ -1283,11 +1306,6 @@ human-signals@^1.1.1:
   resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-1.1.1.tgz#c5b1cd14f50aeae09ab6c59fe63ba3395fe4dfa3"
   integrity sha512-SEQu7vl8KjNL2eoGBLF3+wAjpsNfA9XMlXAYj/3EdaNfAlxKthD1xjEQfGOUhllCGGJVNY34bRr6lPINhNjyZw==
 
[email protected]:
-  version "0.2.11"
-  resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.2.11.tgz#1ce60a3a57864a292d1321ff4609ca4bb965adc8"
-  integrity sha1-HOYKOleGSiktEyH/RgnKS7llrcg=
-
 ieee754@^1.1.13:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352"
@@ -1450,7 +1468,7 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.1.tgz#9338802a30d3b6605fbe0613e094008ca8c05a13"
   integrity sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==
 
-json-schema-ref-parser@^9.0.6:
+json-schema-ref-parser@^9.0.9:
   version "9.0.9"
   resolved "https://registry.yarnpkg.com/json-schema-ref-parser/-/json-schema-ref-parser-9.0.9.tgz#66ea538e7450b12af342fa3d5b8458bc1e1e013f"
   integrity sha512-qcP2lmGy+JUoQJ4DOQeLaZDqH9qSkeGCK3suKWxJXS82dg728Mn3j97azDMaOUmJAN4uCq91LdPx4K7E8F1a7Q==
@@ -1812,10 +1830,10 @@ performance-now@^2.1.0:
   resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
   integrity sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=
 
-picocolors@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.1.tgz#a8ad579b571952f0e5d25892de5445bcfe25aaa1"
-  integrity sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==
+picocolors@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.0.tgz#5358b76a78cde483ba5cef6a9dc9671440b27d59"
+  integrity sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw==
 
 picomatch@^2.0.4:
   version "2.2.2"
@@ -1857,6 +1875,11 @@ [email protected]:
   resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.0.0.tgz#33c50398f70ea7eb96d21f7b817630a55791c7ee"
   integrity sha512-F2JHgJQ1iqwnHDcQjVBsq3n/uoaFL+iPW/eAeL7kVxy/2RrWaN4WroKjjvbsoRtv0ftelNyC01bjRhn/bhcf4A==
 
+proxy-from-env@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2"
+  integrity sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==
+
 psl@^1.1.33:
   version "1.9.0"
   resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7"
@@ -1875,11 +1898,6 @@ punycode@^2.1.0, punycode@^2.1.1:
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
   integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
 
[email protected]:
-  version "1.2.0"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-1.2.0.tgz#ed079be28682147e6fd9a34cc2b0c1e0ec6453ee"
-  integrity sha1-7Qeb4oaCFH5v2aNMwrDB4OxkU+4=
-
 [email protected]:
   version "6.13.0"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906"
@@ -1968,11 +1986,6 @@ safer-buffer@^2.0.2, safer-buffer@^2.1.0, safer-buffer@~2.1.0:
   resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
   integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
 
[email protected]:
-  version "0.5.8"
-  resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1"
-  integrity sha1-1HLbIo6zMcJQaw6MFVJK25OdEsE=
-
 semver@^7.5.3:
   version "7.6.2"
   resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.2.tgz#1e3b34759f896e8f14d6134732ce798aeb0c6e13"
@@ -2309,34 +2322,16 @@ wrappy@1:
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
 
[email protected]:
-  version "0.4.0"
-  resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.4.0.tgz#124fc4114b4129c810800ecb2ac86cf25462cb9a"
-  integrity sha1-Ek/EEUtBKcgQgA7LKshs8lRiy5o=
-  dependencies:
-    sax "0.5.x"
-    xmlbuilder ">=0.4.2"
-
 xml@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5"
   integrity sha512-huCv9IH9Tcf95zuYCsQraZtWnJvBtLVE0QHMOs8bWyZAFZNDcYjsPq1nEx8jKA9y+Beo9v+7OBPRisQTjinQMw==
 
-xmlbuilder@>=0.4.2:
-  version "13.0.2"
-  resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-13.0.2.tgz#02ae33614b6a047d1c32b5389c1fdacb2bce47a7"
-  integrity sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==
-
 y18n@^5.0.5:
   version "5.0.8"
   resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55"
   integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
 
[email protected]:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/yaml/-/yaml-0.2.3.tgz#b5450e92e76ef36b5dd24e3660091ebaeef3e5c7"
-  integrity sha1-tUUOkudu82td0k42YAkeuu7z5cc=
-
 yargs-parser@^20.2.2, yargs-parser@^20.2.9:
   version "20.2.9"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee"