@contrast/agent-bundle 5.39.1 → 5.41.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@contrast/agent/lib/start-agent.js +50 -40
- package/node_modules/@contrast/agent/package.json +11 -11
- package/node_modules/@contrast/agent-swc-plugin/index.js +9 -3
- package/node_modules/@contrast/agent-swc-plugin/methods.js +15 -1
- package/node_modules/@contrast/agent-swc-plugin/package.json +5 -8
- package/node_modules/@contrast/agent-swc-plugin/rewriter.wasm +0 -0
- package/node_modules/@contrast/agentify/lib/index.js +2 -2
- package/node_modules/@contrast/agentify/package.json +15 -14
- package/node_modules/@contrast/architecture-components/package.json +5 -5
- package/node_modules/@contrast/assess/lib/dataflow/propagation/install/string/replace.js +6 -3
- package/node_modules/@contrast/assess/lib/dataflow/propagation/install/util-format.js +44 -21
- package/node_modules/@contrast/assess/lib/dataflow/sources/index.js +1 -1
- package/node_modules/@contrast/assess/lib/dataflow/sources/install/{body-parser1.js → body-parser.js} +2 -2
- package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/koa-bodyparsers.js +3 -1
- package/node_modules/@contrast/assess/lib/dataflow/sources/install/qs6.js +5 -5
- package/node_modules/@contrast/assess/lib/dataflow/sources/install/querystring.js +2 -1
- package/node_modules/@contrast/assess/lib/index.d.ts +0 -1
- package/node_modules/@contrast/assess/lib/make-source-context.js +7 -37
- package/node_modules/@contrast/assess/lib/sampler/common.js +7 -11
- package/node_modules/@contrast/assess/package.json +12 -11
- package/node_modules/@contrast/common/lib/constants.d.ts +6 -0
- package/node_modules/@contrast/common/lib/constants.js +8 -1
- package/node_modules/@contrast/common/lib/types.d.ts +7 -1
- package/node_modules/@contrast/common/package.json +1 -1
- package/node_modules/@contrast/config/lib/common.js +1 -1
- package/node_modules/@contrast/config/lib/config.js +49 -27
- package/node_modules/@contrast/config/lib/index.d.ts +3 -2
- package/node_modules/@contrast/config/lib/options.js +4 -4
- package/node_modules/@contrast/config/package.json +4 -3
- package/node_modules/@contrast/core/lib/sensitive-data-masking/protect-listener.js +15 -15
- package/node_modules/@contrast/core/package.json +6 -6
- package/node_modules/@contrast/deadzones/package.json +5 -5
- package/node_modules/@contrast/dep-hooks/package.json +3 -3
- package/node_modules/@contrast/esm-hooks/package.json +6 -6
- package/node_modules/@contrast/instrumentation/lib/index.js +0 -1
- package/node_modules/@contrast/instrumentation/package.json +5 -5
- package/node_modules/@contrast/library-analysis/lib/install/library-reporting/dep.json +300 -152
- package/node_modules/@contrast/library-analysis/lib/install/library-reporting/index.js +9 -2
- package/node_modules/@contrast/library-analysis/lib/install/library-reporting/utils.js +54 -43
- package/node_modules/@contrast/library-analysis/package.json +4 -4
- package/node_modules/@contrast/logger/lib/serializers.js +2 -2
- package/node_modules/@contrast/logger/package.json +3 -3
- package/node_modules/@contrast/metrics/package.json +6 -6
- package/node_modules/@contrast/patcher/package.json +2 -2
- package/node_modules/@contrast/protect/lib/get-source-context.js +3 -1
- package/node_modules/@contrast/protect/lib/index.js +6 -1
- package/node_modules/@contrast/protect/lib/input-analysis/handlers.js +7 -9
- package/node_modules/@contrast/protect/lib/input-analysis/index.js +1 -1
- package/node_modules/@contrast/protect/lib/input-analysis/install/{body-parser1.js → body-parser.js} +1 -1
- package/node_modules/@contrast/protect/lib/input-analysis/install/http.js +18 -19
- package/node_modules/@contrast/protect/lib/input-analysis/install/qs6.js +18 -17
- package/node_modules/@contrast/protect/lib/input-analysis/install/universal-cookie4.js +2 -3
- package/node_modules/@contrast/protect/lib/make-source-context.js +22 -66
- package/node_modules/@contrast/protect/lib/semantic-analysis/handlers.js +73 -72
- package/node_modules/@contrast/protect/package.json +11 -11
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/index.js +7 -7
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.d.ts +3 -3
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.js +24 -21
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/routes-observed.js +2 -1
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.js +1 -1
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.d.ts +1 -2
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.js +8 -2
- package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.d.ts +2 -2
- package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.js +22 -20
- package/node_modules/@contrast/reporter/package.json +7 -7
- package/node_modules/@contrast/rewriter/lib/index.js +2 -2
- package/node_modules/@contrast/rewriter/package.json +6 -6
- package/node_modules/@contrast/route-coverage/lib/index.d.ts +2 -0
- package/node_modules/@contrast/route-coverage/lib/index.js +15 -17
- package/node_modules/@contrast/route-coverage/lib/install/express/express5.js +489 -202
- package/node_modules/@contrast/route-coverage/package.json +9 -9
- package/node_modules/@contrast/scopes/package.json +5 -5
- package/node_modules/@contrast/sec-obs/lib/traces/http.js +2 -2
- package/node_modules/@contrast/sec-obs/lib/traces/http.test.js +17 -0
- package/node_modules/@contrast/sec-obs/lib/traces/outbound-service-call.js +2 -2
- package/node_modules/@contrast/sec-obs/lib/traces/outbound-service-call.test.js +17 -0
- package/node_modules/@contrast/sec-obs/package.json +9 -9
- package/node_modules/@contrast/sources/lib/index.js +109 -0
- package/node_modules/@contrast/sources/lib/index.test.js +120 -0
- package/node_modules/@contrast/{route-coverage/lib/normalized-url-mapper.js → sources/lib/normalized-uri-mapper.js} +10 -3
- package/node_modules/@contrast/sources/lib/normalized-uri-mapper.test.js +59 -0
- package/node_modules/@contrast/{sec-obs/node_modules/@contrast/core/lib/sensitive-data-masking/constants.js → sources/lib/req-data.js} +0 -6
- package/node_modules/@contrast/sources/lib/source-info.js +183 -0
- package/node_modules/@contrast/sources/lib/source-info.test.js +68 -0
- package/node_modules/@contrast/sources/package.json +16 -0
- package/node_modules/@contrast/telemetry/package.json +6 -6
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.d.ts +2831 -77
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.js +2831 -77
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.d.ts +415 -98
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.js +415 -98
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.d.ts +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.js +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.d.ts +2831 -77
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.js +2831 -77
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.d.ts +415 -98
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.js +415 -98
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.d.ts +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.js +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.d.ts +2831 -77
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.js +2858 -103
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.d.ts +415 -98
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.js +420 -102
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.d.ts +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.js +106 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/package.json +3 -3
- package/node_modules/@types/node/README.md +2 -2
- package/node_modules/@types/node/buffer.d.ts +5 -0
- package/node_modules/@types/node/dns/promises.d.ts +11 -10
- package/node_modules/@types/node/dns.d.ts +18 -19
- package/node_modules/@types/node/fs.d.ts +13 -1
- package/node_modules/@types/node/http.d.ts +4 -19
- package/node_modules/@types/node/inspector.d.ts +53 -0
- package/node_modules/@types/node/package.json +2 -82
- package/node_modules/@types/node/stream/web.d.ts +4 -0
- package/node_modules/axios/CHANGELOG.md +17 -0
- package/node_modules/axios/README.md +1 -4
- package/node_modules/axios/dist/axios.js +39 -5
- package/node_modules/axios/dist/axios.js.map +1 -1
- package/node_modules/axios/dist/axios.min.js +2 -2
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +46 -9
- package/node_modules/axios/dist/browser/axios.cjs.map +1 -1
- package/node_modules/axios/dist/esm/axios.js +46 -9
- package/node_modules/axios/dist/esm/axios.js.map +1 -1
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +46 -9
- package/node_modules/axios/dist/node/axios.cjs.map +1 -1
- package/node_modules/axios/index.d.cts +13 -2
- package/node_modules/axios/lib/core/Axios.js +2 -2
- package/node_modules/axios/lib/core/mergeConfig.js +1 -1
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/throttle.js +1 -1
- package/node_modules/axios/lib/helpers/toURLEncodedForm.js +4 -3
- package/node_modules/axios/lib/utils.js +36 -0
- package/node_modules/axios/package.json +5 -5
- package/node_modules/deepmerge/.editorconfig +7 -0
- package/node_modules/deepmerge/.eslintcache +1 -0
- package/node_modules/deepmerge/changelog.md +167 -0
- package/node_modules/deepmerge/dist/cjs.js +133 -0
- package/node_modules/deepmerge/dist/umd.js +139 -0
- package/node_modules/deepmerge/index.d.ts +20 -0
- package/node_modules/deepmerge/index.js +106 -0
- package/node_modules/{path-to-regexp/LICENSE → deepmerge/license.txt} +1 -1
- package/node_modules/deepmerge/package.json +42 -0
- package/node_modules/deepmerge/readme.md +264 -0
- package/node_modules/deepmerge/rollup.config.js +22 -0
- package/node_modules/follow-redirects/package.json +1 -1
- package/node_modules/form-data/CHANGELOG.md +601 -0
- package/node_modules/form-data/{Readme.md → README.md} +4 -4
- package/node_modules/form-data/lib/form_data.js +2 -6
- package/node_modules/form-data/package.json +22 -6
- package/node_modules/nan/.github/workflows/ci.yml +8 -10
- package/node_modules/nan/.pre-commit-config.yaml +8 -0
- package/node_modules/nan/CHANGELOG.md +5 -1
- package/node_modules/nan/README.md +4 -4
- package/node_modules/nan/nan.h +16 -12
- package/node_modules/nan/nan_callbacks.h +13 -0
- package/node_modules/nan/nan_callbacks_12_inl.h +16 -2
- package/node_modules/nan/nan_callbacks_pre_12_inl.h +6 -2
- package/node_modules/nan/nan_maybe_43_inl.h +1 -1
- package/node_modules/nan/nan_maybe_pre_43_inl.h +1 -1
- package/node_modules/nan/nan_scriptorigin.h +11 -9
- package/node_modules/nan/nan_typedarray_contents.h +1 -1
- package/node_modules/nan/package.json +2 -2
- package/package.json +5 -3
- package/node_modules/@contrast/agentify/lib/sources.js +0 -94
- package/node_modules/@contrast/route-coverage/lib/install/http.js +0 -44
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/constants.d.ts +0 -385
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/constants.js +0 -270
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.d.ts +0 -40
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.js +0 -228
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/primordials.d.ts +0 -65
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/primordials.js +0 -66
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/types.d.ts +0 -383
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/types.js +0 -30
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/package.json +0 -23
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/README.md +0 -44
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/common.js +0 -131
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/config.js +0 -290
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/index.d.ts +0 -328
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/index.js +0 -29
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/options.js +0 -836
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/validators.js +0 -23
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/package.json +0 -27
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/README.md +0 -98
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/agent-info.js +0 -36
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/app-info.js +0 -233
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/build-id.js +0 -51
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/capture-stacktrace.js +0 -256
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/contrast-methods.js +0 -155
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/index.d.ts +0 -52
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/ioc/core.js +0 -95
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/is-agent-path.js +0 -37
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/messages.js +0 -28
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/sensitive-data-masking/index.js +0 -63
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/sensitive-data-masking/protect-listener.js +0 -111
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/sensitive-data-masking/server-settings-listener.js +0 -44
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/system-info/cloud-provider-metadata.js +0 -146
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/system-info/index.js +0 -225
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/system-info/linux-os-info.js +0 -137
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/system-info/utils.js +0 -35
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/package.json +0 -33
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/README.md +0 -94
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/export-handler-registry.d.ts +0 -121
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/export-handler-registry.js +0 -206
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/export-hook-descriptor.d.ts +0 -72
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/export-hook-descriptor.js +0 -88
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/handler-invoker.d.ts +0 -46
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/handler-invoker.js +0 -106
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/helpers.d.ts +0 -28
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/helpers.js +0 -66
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/index.d.ts +0 -115
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/index.js +0 -208
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/package-finder.d.ts +0 -43
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/lib/package-finder.js +0 -79
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/dep-hooks/package.json +0 -29
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/README.md +0 -270
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/index.d.ts +0 -16
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/index.js +0 -132
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/serializers.d.ts +0 -33
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/serializers.js +0 -75
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/utils.d.ts +0 -15
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/lib/utils.js +0 -34
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/logger/package.json +0 -28
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/README.md +0 -51
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/lib/index.d.ts +0 -101
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/lib/index.js +0 -544
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/package.json +0 -25
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/README.md +0 -6
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/cache.js +0 -318
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/index.js +0 -216
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/rewrite-is-deadzoned.js +0 -143
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/package.json +0 -30
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/LICENSE +0 -12
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/constants.js +0 -26
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/index.d.ts +0 -46
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/index.js +0 -70
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/bluebird.js +0 -128
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/index.js +0 -34
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb-core.js +0 -83
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb3.js +0 -89
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb4.js +0 -80
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mongodb6.js +0 -46
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/mysql.js +0 -151
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/install/redis.js +0 -79
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/lib/utils.js +0 -35
- package/node_modules/@contrast/sec-obs/node_modules/@contrast/scopes/package.json +0 -28
- package/node_modules/form-data/README.md.bak +0 -355
- package/node_modules/path-to-regexp/Readme.md +0 -216
- package/node_modules/path-to-regexp/dist/index.d.ts +0 -136
- package/node_modules/path-to-regexp/dist/index.js +0 -403
- package/node_modules/path-to-regexp/dist/index.js.map +0 -1
- package/node_modules/path-to-regexp/package.json +0 -62
|
@@ -75,6 +75,79 @@ module.exports = function(core) {
|
|
|
75
75
|
}
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
+
/**
|
|
79
|
+
* Backdoor detection logic:
|
|
80
|
+
* - command is >= 2 chars
|
|
81
|
+
* - iterates over every piece of request and checks
|
|
82
|
+
* - the full value is the param to sink
|
|
83
|
+
* - the value matches a regex and ends the param to the sink
|
|
84
|
+
*/
|
|
85
|
+
function findBackdoorInjection(sourceContext, command) {
|
|
86
|
+
if (command?.length < 2) {
|
|
87
|
+
return null;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
const { sourceInfo } = core.scopes.sources.getStore();
|
|
91
|
+
const valuesOfInterest = {
|
|
92
|
+
[InputType.QUERYSTRING]: sourceContext.parsedQuery,
|
|
93
|
+
[InputType.PARAMETER_VALUE]: sourceContext.parsedParams,
|
|
94
|
+
[InputType.BODY]: sourceContext.parsedBody,
|
|
95
|
+
[InputType.COOKIE_VALUE]: sourceContext.parsedCookies,
|
|
96
|
+
[InputType.HEADER]: sourceInfo.rawHeaders,
|
|
97
|
+
};
|
|
98
|
+
|
|
99
|
+
let found;
|
|
100
|
+
for (const inputType in valuesOfInterest) {
|
|
101
|
+
if (found) break;
|
|
102
|
+
|
|
103
|
+
const values = valuesOfInterest[inputType];
|
|
104
|
+
|
|
105
|
+
if (values && Object.keys(values).length) {
|
|
106
|
+
traverseValues(values, (path, type, value, obj) => {
|
|
107
|
+
if (isBackdoorDetected(value, command)) {
|
|
108
|
+
let key;
|
|
109
|
+
if (inputType === InputType.HEADER) {
|
|
110
|
+
key = obj[path[0] - 1];
|
|
111
|
+
} else {
|
|
112
|
+
key = path[path.length - 1];
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
found = {
|
|
116
|
+
key,
|
|
117
|
+
inputType: path.length > 1 ? InputType.JSON_VALUE : inputType,
|
|
118
|
+
path: ArrayPrototypeSlice.call(path, 0, -1),
|
|
119
|
+
value: command
|
|
120
|
+
};
|
|
121
|
+
|
|
122
|
+
// halt traversal
|
|
123
|
+
return true;
|
|
124
|
+
}
|
|
125
|
+
});
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
return found;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* strips the whitespace of the request value and the command,
|
|
134
|
+
* checks if the command equals the request value
|
|
135
|
+
* or if the command looks like the start of a shell execution
|
|
136
|
+
* and ends with the request value passed to the sink
|
|
137
|
+
*
|
|
138
|
+
* @param {string} value from request key
|
|
139
|
+
*/
|
|
140
|
+
function isBackdoorDetected(requestValue, command) {
|
|
141
|
+
const normalizedValue = stripWhiteSpace(requestValue);
|
|
142
|
+
const normalizedCommand = stripWhiteSpace(command);
|
|
143
|
+
|
|
144
|
+
return (
|
|
145
|
+
normalizedValue === normalizedCommand ||
|
|
146
|
+
(normalizedCommand.endsWith(normalizedValue) &&
|
|
147
|
+
RegExpPrototypeTest.call(SINK_EXPLOIT_PATTERN_START, normalizedCommand))
|
|
148
|
+
);
|
|
149
|
+
}
|
|
150
|
+
|
|
78
151
|
semanticAnalysis.handleCmdInjectionSemanticDangerous = function(sourceContext, sinkContext) {
|
|
79
152
|
const mode = sourceContext.policy[Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS];
|
|
80
153
|
|
|
@@ -137,75 +210,3 @@ module.exports = function(core) {
|
|
|
137
210
|
|
|
138
211
|
return semanticAnalysis;
|
|
139
212
|
};
|
|
140
|
-
|
|
141
|
-
/**
|
|
142
|
-
* Backdoor detection logic:
|
|
143
|
-
* - command is >= 2 chars
|
|
144
|
-
* - iterates over every piece of request and checks
|
|
145
|
-
* - the full value is the param to sink
|
|
146
|
-
* - the value matches a regex and ends the param to the sink
|
|
147
|
-
*/
|
|
148
|
-
function findBackdoorInjection(sourceContext, command) {
|
|
149
|
-
if (command?.length < 2) {
|
|
150
|
-
return null;
|
|
151
|
-
}
|
|
152
|
-
|
|
153
|
-
const valuesOfInterest = {
|
|
154
|
-
[InputType.QUERYSTRING]: sourceContext.parsedQuery,
|
|
155
|
-
[InputType.PARAMETER_VALUE]: sourceContext.parsedParams,
|
|
156
|
-
[InputType.BODY]: sourceContext.parsedBody,
|
|
157
|
-
[InputType.COOKIE_VALUE]: sourceContext.parsedCookies,
|
|
158
|
-
[InputType.HEADER]: sourceContext.reqData.headers,
|
|
159
|
-
};
|
|
160
|
-
|
|
161
|
-
let found;
|
|
162
|
-
for (const inputType in valuesOfInterest) {
|
|
163
|
-
if (found) break;
|
|
164
|
-
|
|
165
|
-
const values = valuesOfInterest[inputType];
|
|
166
|
-
|
|
167
|
-
if (values && Object.keys(values).length) {
|
|
168
|
-
traverseValues(values, (path, type, value, obj) => {
|
|
169
|
-
if (isBackdoorDetected(value, command)) {
|
|
170
|
-
let key;
|
|
171
|
-
if (inputType === InputType.HEADER) {
|
|
172
|
-
key = obj[path[0] - 1];
|
|
173
|
-
} else {
|
|
174
|
-
key = path[path.length - 1];
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
found = {
|
|
178
|
-
key,
|
|
179
|
-
inputType: path.length > 1 ? InputType.JSON_VALUE : inputType,
|
|
180
|
-
path: ArrayPrototypeSlice.call(path, 0, -1),
|
|
181
|
-
value: command
|
|
182
|
-
};
|
|
183
|
-
|
|
184
|
-
// halt traversal
|
|
185
|
-
return true;
|
|
186
|
-
}
|
|
187
|
-
});
|
|
188
|
-
}
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
return found;
|
|
192
|
-
}
|
|
193
|
-
|
|
194
|
-
/**
|
|
195
|
-
* strips the whitespace of the request value and the command,
|
|
196
|
-
* checks if the command equals the request value
|
|
197
|
-
* or if the command looks like the start of a shell execution
|
|
198
|
-
* and ends with the request value passed to the sink
|
|
199
|
-
*
|
|
200
|
-
* @param {string} value from request key
|
|
201
|
-
*/
|
|
202
|
-
function isBackdoorDetected(requestValue, command) {
|
|
203
|
-
const normalizedValue = stripWhiteSpace(requestValue);
|
|
204
|
-
const normalizedCommand = stripWhiteSpace(command);
|
|
205
|
-
|
|
206
|
-
return (
|
|
207
|
-
normalizedValue === normalizedCommand ||
|
|
208
|
-
(normalizedCommand.endsWith(normalizedValue) &&
|
|
209
|
-
RegExpPrototypeTest.call(SINK_EXPLOIT_PATTERN_START, normalizedCommand))
|
|
210
|
-
);
|
|
211
|
-
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/protect",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.65.0",
|
|
4
4
|
"description": "Contrast service providing framework-agnostic Protect support",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -21,16 +21,16 @@
|
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
23
|
"@contrast/agent-lib": "^9.1.0",
|
|
24
|
-
"@contrast/common": "1.
|
|
25
|
-
"@contrast/config": "1.
|
|
26
|
-
"@contrast/core": "1.
|
|
27
|
-
"@contrast/dep-hooks": "1.
|
|
28
|
-
"@contrast/esm-hooks": "2.
|
|
29
|
-
"@contrast/instrumentation": "1.
|
|
30
|
-
"@contrast/logger": "1.
|
|
31
|
-
"@contrast/patcher": "1.
|
|
32
|
-
"@contrast/rewriter": "1.
|
|
33
|
-
"@contrast/scopes": "1.
|
|
24
|
+
"@contrast/common": "1.35.0",
|
|
25
|
+
"@contrast/config": "1.50.0",
|
|
26
|
+
"@contrast/core": "1.55.0",
|
|
27
|
+
"@contrast/dep-hooks": "1.24.0",
|
|
28
|
+
"@contrast/esm-hooks": "2.29.0",
|
|
29
|
+
"@contrast/instrumentation": "1.34.0",
|
|
30
|
+
"@contrast/logger": "1.28.0",
|
|
31
|
+
"@contrast/patcher": "1.27.0",
|
|
32
|
+
"@contrast/rewriter": "1.31.0",
|
|
33
|
+
"@contrast/scopes": "1.25.0",
|
|
34
34
|
"async-hook-domain": "^4.0.1",
|
|
35
35
|
"ipaddr.js": "^2.0.1",
|
|
36
36
|
"on-finished": "^2.4.1",
|
|
@@ -27,15 +27,15 @@ class ApplicationActivity extends ng_endpoint_1.default {
|
|
|
27
27
|
this.defendPayload = [];
|
|
28
28
|
this.lastUpdate = 0;
|
|
29
29
|
this.userAgentSet = new Set();
|
|
30
|
-
uiReporter.subscribeWithLock(common_1.Event.PROTECT, (
|
|
31
|
-
if (!
|
|
30
|
+
uiReporter.subscribeWithLock(common_1.Event.PROTECT, (store) => {
|
|
31
|
+
if (!store.protect || !store.sourceInfo)
|
|
32
32
|
return;
|
|
33
|
-
const
|
|
34
|
-
if (userAgent) {
|
|
35
|
-
this.userAgentSet.add(userAgent);
|
|
33
|
+
const result = (0, translations_1.handleProtectMessage)(store);
|
|
34
|
+
if (result?.userAgent) {
|
|
35
|
+
this.userAgentSet.add(result.userAgent);
|
|
36
36
|
}
|
|
37
|
-
if (attackModel) {
|
|
38
|
-
this.defendPayload.push(attackModel);
|
|
37
|
+
if (result?.attackModel) {
|
|
38
|
+
this.defendPayload.push(result.attackModel);
|
|
39
39
|
}
|
|
40
40
|
});
|
|
41
41
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { RequestStore } from '@contrast/common';
|
|
2
2
|
import { AttackModel } from '../../types';
|
|
3
|
-
export declare function handleProtectMessage(
|
|
3
|
+
export declare function handleProtectMessage(store: RequestStore): {
|
|
4
4
|
userAgent: string | null;
|
|
5
5
|
attackModel: AttackModel | null;
|
|
6
|
-
};
|
|
6
|
+
} | null;
|
|
7
7
|
//# sourceMappingURL=translations.d.ts.map
|
|
@@ -166,8 +166,8 @@ const xxeSemanticAnalysisDetailsBuilder = (el) => {
|
|
|
166
166
|
}, exploitMetadata);
|
|
167
167
|
return exploitMetadata;
|
|
168
168
|
};
|
|
169
|
-
const buildRequestObject = (
|
|
170
|
-
const searchParams = new URLSearchParams(
|
|
169
|
+
const buildRequestObject = (sourceInfo) => {
|
|
170
|
+
const searchParams = new URLSearchParams(sourceInfo.queries);
|
|
171
171
|
const parameters = {};
|
|
172
172
|
for (const [key, value] of searchParams) {
|
|
173
173
|
if (parameters[key]) {
|
|
@@ -178,14 +178,14 @@ const buildRequestObject = (reqData) => {
|
|
|
178
178
|
}
|
|
179
179
|
}
|
|
180
180
|
const headers = {};
|
|
181
|
-
for (let i = 0; i <
|
|
182
|
-
headers[
|
|
181
|
+
for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
|
|
182
|
+
headers[sourceInfo.rawHeaders[i]] = StringPrototypeSplit.call(sourceInfo.rawHeaders[i + 1], /[,;]+/);
|
|
183
183
|
}
|
|
184
184
|
return {
|
|
185
|
-
version:
|
|
186
|
-
method:
|
|
187
|
-
uri:
|
|
188
|
-
queryString:
|
|
185
|
+
version: sourceInfo.httpVersion,
|
|
186
|
+
method: sourceInfo.method,
|
|
187
|
+
uri: sourceInfo.uriPath,
|
|
188
|
+
queryString: sourceInfo.queries,
|
|
189
189
|
parameters,
|
|
190
190
|
headers,
|
|
191
191
|
};
|
|
@@ -247,26 +247,27 @@ const buildProtectionRules = (results, requestPayload, time, isBlockMode, detail
|
|
|
247
247
|
return;
|
|
248
248
|
return accumulator;
|
|
249
249
|
};
|
|
250
|
-
const buildDefendPayload = (
|
|
251
|
-
const
|
|
250
|
+
const buildDefendPayload = (store) => {
|
|
251
|
+
const { sourceInfo, protect } = store;
|
|
252
|
+
const requestPayload = buildRequestObject(store.sourceInfo);
|
|
252
253
|
const time = Date.now();
|
|
253
254
|
let hasAttack = false;
|
|
254
255
|
const defendObject = {
|
|
255
|
-
source: { ip:
|
|
256
|
+
source: { ip: store.sourceInfo.ip },
|
|
256
257
|
protectionRules: {},
|
|
257
258
|
};
|
|
258
|
-
const sqlInjection = protect.resultsMap[common_1.Rule.SQL_INJECTION];
|
|
259
|
+
const sqlInjection = store.protect.resultsMap[common_1.Rule.SQL_INJECTION];
|
|
259
260
|
if (sqlInjection) {
|
|
260
|
-
const isBlockMode = protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
|
|
261
|
+
const isBlockMode = store.protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
|
|
261
262
|
const protectionRules = buildProtectionRules(sqlInjection, requestPayload, time, isBlockMode, sqlInjectionDetailsBuilder);
|
|
262
263
|
if (protectionRules) {
|
|
263
264
|
defendObject.protectionRules[common_1.Rule.SQL_INJECTION] = protectionRules;
|
|
264
265
|
hasAttack = true;
|
|
265
266
|
}
|
|
266
267
|
}
|
|
267
|
-
const cmdInjection = protect.resultsMap[common_1.Rule.CMD_INJECTION];
|
|
268
|
+
const cmdInjection = store.protect.resultsMap[common_1.Rule.CMD_INJECTION];
|
|
268
269
|
if (cmdInjection) {
|
|
269
|
-
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
|
|
270
|
+
const isBlockMode = store.protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
|
|
270
271
|
const protectionRules = buildProtectionRules(cmdInjection, requestPayload, time, isBlockMode, cmdInjectionDetailsBuilder);
|
|
271
272
|
if (protectionRules) {
|
|
272
273
|
defendObject.protectionRules[common_1.Rule.CMD_INJECTION] = protectionRules;
|
|
@@ -442,10 +443,10 @@ const buildDefendPayload = (protect) => {
|
|
|
442
443
|
}
|
|
443
444
|
const botBlocker = protect.resultsMap[common_1.Rule.BOT_BLOCKER];
|
|
444
445
|
if (botBlocker) {
|
|
445
|
-
const uaIdx =
|
|
446
|
+
const uaIdx = sourceInfo.rawHeaders.indexOf('user-agent');
|
|
446
447
|
const protectionRules = buildProtectionRules(botBlocker, requestPayload, time, true, (result) => ({
|
|
447
448
|
bot: result?.idsList?.[0],
|
|
448
|
-
userAgent:
|
|
449
|
+
userAgent: sourceInfo.rawHeaders[uaIdx + 1],
|
|
449
450
|
}));
|
|
450
451
|
if (protectionRules) {
|
|
451
452
|
defendObject.protectionRules[common_1.Rule.BOT_BLOCKER] = protectionRules;
|
|
@@ -454,16 +455,18 @@ const buildDefendPayload = (protect) => {
|
|
|
454
455
|
}
|
|
455
456
|
return hasAttack ? defendObject : null;
|
|
456
457
|
};
|
|
457
|
-
function handleProtectMessage(
|
|
458
|
+
function handleProtectMessage(store) {
|
|
459
|
+
if (!store.sourceInfo || !store.protect)
|
|
460
|
+
return null;
|
|
458
461
|
const attackers = {
|
|
459
462
|
userAgent: null,
|
|
460
463
|
attackModel: null,
|
|
461
464
|
};
|
|
462
|
-
const userAgentIndex =
|
|
465
|
+
const userAgentIndex = store.sourceInfo.rawHeaders.findIndex((el) => el === 'user-agent');
|
|
463
466
|
attackers.userAgent = userAgentIndex != -1
|
|
464
|
-
?
|
|
467
|
+
? store.sourceInfo.rawHeaders[userAgentIndex + 1]
|
|
465
468
|
: null;
|
|
466
|
-
attackers.attackModel = buildDefendPayload(
|
|
469
|
+
attackers.attackModel = buildDefendPayload(store);
|
|
467
470
|
return attackers;
|
|
468
471
|
}
|
|
469
472
|
exports.handleProtectMessage = handleProtectMessage;
|
package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/routes-observed.js
CHANGED
|
@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
const v1_endpoint_1 = __importDefault(require("./v1-endpoint"));
|
|
7
|
+
const common_1 = require("@contrast/common");
|
|
7
8
|
class RoutesObserved extends v1_endpoint_1.default {
|
|
8
9
|
constructor(core, uiReporter) {
|
|
9
10
|
super(core, {
|
|
@@ -13,7 +14,7 @@ class RoutesObserved extends v1_endpoint_1.default {
|
|
|
13
14
|
}
|
|
14
15
|
async post(route) {
|
|
15
16
|
const { client, core: { config }, } = this;
|
|
16
|
-
const PROD = config.getEffectiveSource('server.environment');
|
|
17
|
+
const PROD = config.getEffectiveSource('server.environment') == common_1.ServerEnvironment.PRODUCTION;
|
|
17
18
|
const session_id = config.getEffectiveValue('application.session_id');
|
|
18
19
|
await client.post(this.appUrl('/observed'), {
|
|
19
20
|
/**
|
|
@@ -125,7 +125,7 @@ class Traces extends ng_endpoint_1.default {
|
|
|
125
125
|
if (route) {
|
|
126
126
|
accum.routes = tx.getRoutes(route, this.inProd);
|
|
127
127
|
}
|
|
128
|
-
if (store?.
|
|
128
|
+
if (store?.sourceInfo) {
|
|
129
129
|
accum.request = tx.getRequest(store, this.inProd);
|
|
130
130
|
}
|
|
131
131
|
this.initiateCompletenessCondition(accum);
|
package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { RequestStore } from '@contrast/common';
|
|
2
1
|
import { Signature, TraceEvent } from './types';
|
|
3
2
|
export declare function getTaintRanges(tags: Record<string, number[]>): Record<string, string>[];
|
|
4
3
|
export declare function getEventAction(event: any): string;
|
|
@@ -16,7 +15,7 @@ export declare function getRoutes(route: any, prod?: boolean): {
|
|
|
16
15
|
signature: any;
|
|
17
16
|
}[];
|
|
18
17
|
export declare function maskSensitiveRequestData(req: any): any;
|
|
19
|
-
export declare function getRequest(store:
|
|
18
|
+
export declare function getRequest(store: any, prod?: boolean): any;
|
|
20
19
|
export declare function maskSensitiveTraceData(event: any): any;
|
|
21
20
|
export declare function getTraceEvents(sinkEvent: any, prod: boolean, eventDetail: string): TraceEvent[];
|
|
22
21
|
//# sourceMappingURL=translations.d.ts.map
|
package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.js
CHANGED
|
@@ -272,10 +272,16 @@ function maskSensitiveRequestData(req) {
|
|
|
272
272
|
}
|
|
273
273
|
exports.maskSensitiveRequestData = maskSensitiveRequestData;
|
|
274
274
|
function getRequest(store, prod) {
|
|
275
|
-
const {
|
|
275
|
+
const {
|
|
276
276
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
277
277
|
// @ts-ignore
|
|
278
|
-
|
|
278
|
+
sourceInfo: { method, rawHeaders, httpVersion, queries: queryString, uriPath: uri, }, route, } = store;
|
|
279
|
+
const headers = {};
|
|
280
|
+
for (let idx = 0; idx < rawHeaders.length - 1; idx += 2) {
|
|
281
|
+
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
282
|
+
// @ts-ignore
|
|
283
|
+
headers[rawHeaders[idx]] = StringPrototypeSplit.call(rawHeaders[idx + 1], ';');
|
|
284
|
+
}
|
|
279
285
|
const request = {
|
|
280
286
|
body: undefined,
|
|
281
287
|
headers,
|
|
@@ -27,8 +27,8 @@ export default class SecurityLogger extends BaseReporter {
|
|
|
27
27
|
private buildMetadata;
|
|
28
28
|
private handleProtectResult;
|
|
29
29
|
install(): Promise<void>;
|
|
30
|
-
handleAssessEvent(
|
|
31
|
-
handleProtectEvent(
|
|
30
|
+
handleAssessEvent(store: RequestStore): void;
|
|
31
|
+
handleProtectEvent(store: RequestStore): void;
|
|
32
32
|
}
|
|
33
33
|
export {};
|
|
34
34
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -98,8 +98,8 @@ class SecurityLogger extends base_1.default {
|
|
|
98
98
|
});
|
|
99
99
|
});
|
|
100
100
|
if (core.config.protect.enable) {
|
|
101
|
-
this.subscribeWithLock(common_1.Event.PROTECT, (
|
|
102
|
-
this.handleProtectEvent(
|
|
101
|
+
this.subscribeWithLock(common_1.Event.PROTECT, (store) => {
|
|
102
|
+
this.handleProtectEvent(store);
|
|
103
103
|
});
|
|
104
104
|
}
|
|
105
105
|
}
|
|
@@ -142,25 +142,27 @@ class SecurityLogger extends base_1.default {
|
|
|
142
142
|
});
|
|
143
143
|
}
|
|
144
144
|
}
|
|
145
|
-
buildMetadata(
|
|
145
|
+
buildMetadata(sourceInfo, outcome) {
|
|
146
146
|
return {
|
|
147
|
-
src:
|
|
147
|
+
src: sourceInfo.ip,
|
|
148
148
|
spt: '-', // do we have port data?
|
|
149
|
-
requestMethod:
|
|
150
|
-
request:
|
|
149
|
+
requestMethod: sourceInfo.method,
|
|
150
|
+
request: sourceInfo.uriPath,
|
|
151
151
|
app: this.appInfo.name,
|
|
152
152
|
outcome,
|
|
153
153
|
};
|
|
154
154
|
}
|
|
155
|
-
handleProtectResult(
|
|
156
|
-
|
|
155
|
+
handleProtectResult(store, rule, result) {
|
|
156
|
+
if (!store?.protect && !store?.sourceInfo)
|
|
157
|
+
return;
|
|
158
|
+
const mode = store.protect?.policy[rule] || common_1.ProtectRuleMode.OFF;
|
|
157
159
|
if (mode === common_1.ProtectRuleMode.OFF)
|
|
158
160
|
return;
|
|
159
161
|
if (rule === common_1.Rule.BOT_BLOCKER) {
|
|
160
162
|
const level = this.loggerConfig.syslog.severity_blocked;
|
|
161
163
|
this.log(level, {
|
|
162
164
|
bbi: 'Contrast Bot Blocker',
|
|
163
|
-
...this.buildMetadata(
|
|
165
|
+
...this.buildMetadata(store.sourceInfo, 'success'),
|
|
164
166
|
}, messages.botBlocker(result));
|
|
165
167
|
return;
|
|
166
168
|
}
|
|
@@ -193,25 +195,25 @@ class SecurityLogger extends base_1.default {
|
|
|
193
195
|
}
|
|
194
196
|
this.log(level, {
|
|
195
197
|
pri: result.mappedId,
|
|
196
|
-
...this.buildMetadata(
|
|
198
|
+
...this.buildMetadata(store.sourceInfo, outcome),
|
|
197
199
|
}, message(result));
|
|
198
200
|
}
|
|
199
201
|
async install() { }
|
|
200
202
|
/* c8 ignore next 3 */
|
|
201
|
-
handleAssessEvent(
|
|
203
|
+
handleAssessEvent(store) {
|
|
202
204
|
// Assess NYI
|
|
203
205
|
}
|
|
204
|
-
handleProtectEvent(
|
|
205
|
-
if (!
|
|
206
|
+
handleProtectEvent(store) {
|
|
207
|
+
if (!store.protect || !store.sourceInfo)
|
|
206
208
|
return;
|
|
207
|
-
const { protect } =
|
|
209
|
+
const { protect, sourceInfo } = store;
|
|
208
210
|
const virtualPatchResults = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
|
|
209
211
|
if (virtualPatchResults) {
|
|
210
212
|
virtualPatchResults.forEach((result) => {
|
|
211
213
|
const level = this.loggerConfig.syslog.severity_blocked;
|
|
212
214
|
this.log(level, {
|
|
213
215
|
vpi: result.uuid,
|
|
214
|
-
...this.buildMetadata(
|
|
216
|
+
...this.buildMetadata(sourceInfo, 'success'),
|
|
215
217
|
}, messages.virtualPatch(result));
|
|
216
218
|
});
|
|
217
219
|
}
|
|
@@ -221,24 +223,24 @@ class SecurityLogger extends base_1.default {
|
|
|
221
223
|
const level = this.loggerConfig.syslog.severity_blocked;
|
|
222
224
|
this.log(level, {
|
|
223
225
|
bli: result.uuid,
|
|
224
|
-
...this.buildMetadata(
|
|
225
|
-
}, messages.ipDenyList(
|
|
226
|
+
...this.buildMetadata(sourceInfo, 'success'),
|
|
227
|
+
}, messages.ipDenyList(sourceInfo.ip, result));
|
|
226
228
|
});
|
|
227
229
|
}
|
|
228
230
|
const { commonResultsMap, hardeningResultsMap, semanticResultsMap } = (0, common_1.groupResultsMap)(protect.resultsMap);
|
|
229
231
|
Object.entries(commonResultsMap).forEach(([rule, results]) => {
|
|
230
232
|
results.forEach((result) => {
|
|
231
|
-
this.handleProtectResult(
|
|
233
|
+
this.handleProtectResult(store, rule, result);
|
|
232
234
|
});
|
|
233
235
|
});
|
|
234
236
|
Object.entries(hardeningResultsMap).forEach(([rule, results]) => {
|
|
235
237
|
results.forEach((result) => {
|
|
236
|
-
this.handleProtectResult(
|
|
238
|
+
this.handleProtectResult(store, rule, result);
|
|
237
239
|
});
|
|
238
240
|
});
|
|
239
241
|
Object.entries(semanticResultsMap).forEach(([rule, results]) => {
|
|
240
242
|
results.forEach((result) => {
|
|
241
|
-
this.handleProtectResult(
|
|
243
|
+
this.handleProtectResult(store, rule, result);
|
|
242
244
|
});
|
|
243
245
|
});
|
|
244
246
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/reporter",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.52.0",
|
|
4
4
|
"description": "Subscribes to agent messages and reports them",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -21,13 +21,13 @@
|
|
|
21
21
|
"test": "bash ../scripts/test.sh"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@contrast/common": "1.
|
|
25
|
-
"@contrast/config": "1.
|
|
26
|
-
"@contrast/core": "1.
|
|
27
|
-
"@contrast/logger": "1.
|
|
24
|
+
"@contrast/common": "1.35.0",
|
|
25
|
+
"@contrast/config": "1.50.0",
|
|
26
|
+
"@contrast/core": "1.55.0",
|
|
27
|
+
"@contrast/logger": "1.28.0",
|
|
28
28
|
"@contrast/perf": "1.3.1",
|
|
29
|
-
"@contrast/scopes": "1.
|
|
30
|
-
"axios": "^1.
|
|
29
|
+
"@contrast/scopes": "1.25.0",
|
|
30
|
+
"axios": "^1.11.0",
|
|
31
31
|
"crc-32": "^1.2.2",
|
|
32
32
|
"safe-stable-stringify": "^2.4.1",
|
|
33
33
|
"sonic-boom": "^3.2.0"
|
|
@@ -200,9 +200,9 @@ module.exports = function init(core) {
|
|
|
200
200
|
parseSync('');
|
|
201
201
|
} catch (cause) {
|
|
202
202
|
// @ts-expect-error TS hates errors.
|
|
203
|
-
throw cause.message === '
|
|
203
|
+
throw cause.message === 'Failed to load native binding'
|
|
204
204
|
? new Error(
|
|
205
|
-
`Contrast cannot detect the correct precompiled dependencies for the current environment: ${platform()}-${arch()}. This typically occurs when deploying an installation from one environment to a different execution environment
|
|
205
|
+
`Contrast cannot detect the correct precompiled dependencies for the current environment: ${platform()}-${arch()}. This typically occurs when deploying an installation from one environment to a different execution environment or when the \`--omit=optional\` or \`--no-optional\` flags are provided to \`npm install\`.`,
|
|
206
206
|
// @ts-expect-error `cause` requires ts to target es2022 or above, which corresponds to Node 17+, despite being added to Node in 16.9.
|
|
207
207
|
{ cause },
|
|
208
208
|
)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/rewriter",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.31.0",
|
|
4
4
|
"description": "A transpilation tool mainly used for instrumentation",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -20,11 +20,11 @@
|
|
|
20
20
|
"test": "bash ../scripts/test.sh"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@contrast/agent-swc-plugin": "3.
|
|
24
|
-
"@contrast/common": "1.
|
|
25
|
-
"@contrast/config": "1.
|
|
26
|
-
"@contrast/core": "1.
|
|
27
|
-
"@contrast/logger": "1.
|
|
23
|
+
"@contrast/agent-swc-plugin": "3.1.0",
|
|
24
|
+
"@contrast/common": "1.35.0",
|
|
25
|
+
"@contrast/config": "1.50.0",
|
|
26
|
+
"@contrast/core": "1.55.0",
|
|
27
|
+
"@contrast/logger": "1.28.0",
|
|
28
28
|
"@swc/core": "1.11.24"
|
|
29
29
|
}
|
|
30
30
|
}
|
|
@@ -23,11 +23,13 @@ import { Scopes } from '@contrast/scopes';
|
|
|
23
23
|
export { RouteInfo };
|
|
24
24
|
|
|
25
25
|
export interface RouteCoverage extends Installable {
|
|
26
|
+
_normalizedUrlMapper: any;
|
|
26
27
|
discover(info: RouteInfo): void;
|
|
27
28
|
discoveryFinished(): void;
|
|
28
29
|
queue(info: RouteInfo): void;
|
|
29
30
|
queuingFinished(): void;
|
|
30
31
|
observe(info: RouteInfo): void;
|
|
32
|
+
uriPathToNormalizedUrl(uriPath: string): string;
|
|
31
33
|
}
|
|
32
34
|
|
|
33
35
|
export interface Core {
|