@contrast/agent-bundle 5.39.1 → 5.41.0

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.d.ts

@@ -1,40 +0,0 @@
-import { CommonRulesResultsMap, HardeningResultsMap, ResultMap, SemanticAnalysisResultsMap, ServerFeaturePreliminaryResultsMap } from './types';
-export * from './constants';
-export * from './types';
-export * from './primordials';
-interface TraverseCallback {
-    (path: any[], type: 'Key' | 'Value', value: any, obj: any): unknown;
-}
-export declare const empties: {
-    OBJECT: Readonly<{}>;
-    ARRAY: readonly never[];
-    UNTRACKED_VALUE_OBJ: Readonly<{
-        value: null;
-        tracked: false;
-    }>;
-};
-/**
- * Returns true if the value passed is either a primitive string or a
- * String object.
- */
-export declare function isString(value: unknown): value is string | String;
-export declare function isNonEmptyObject(value: unknown): value is object;
-export declare function encodeString(str: string): string;
-export declare function traverseKeysAndValues(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function traverseValues(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function traverseKeys(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function callChildComponentMethodsSync(parent: any, method: 'install' | 'uninstall', order?: string[]): void;
-export declare function callChildComponentMethods(parent: any, method: 'install' | 'uninstall', order?: string[]): Promise<void>;
-export declare function groupResultsMap(resultsMap: Partial<ResultMap>): {
-    commonResultsMap: Partial<CommonRulesResultsMap>;
-    hardeningResultsMap: Partial<HardeningResultsMap>;
-    semanticResultsMap: Partial<SemanticAnalysisResultsMap>;
-    serverFeaturesResultsMap: Partial<ServerFeaturePreliminaryResultsMap>;
-};
-export declare function get(obj: any, name: string): any;
-export declare function set(obj: Record<string, any>, name: string, value: any): void;
-/** Suppresses output to stderr when installed by the universal agent */
-export declare function safeConsoleError(...args: Parameters<typeof console.error>): void;
-/** Suppresses output to stderr when installed by the universal agent */
-export declare function safeConsoleWarn(...args: Parameters<typeof console.warn>): void;
-//# sourceMappingURL=index.d.ts.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.js

@@ -1,228 +0,0 @@
-"use strict";
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
-
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeConsoleWarn = exports.safeConsoleError = exports.set = exports.get = exports.groupResultsMap = exports.callChildComponentMethods = exports.callChildComponentMethodsSync = exports.traverseKeys = exports.traverseValues = exports.traverseKeysAndValues = exports.encodeString = exports.isNonEmptyObject = exports.isString = exports.empties = void 0;
-const constants_1 = require("./constants");
-const primordials_1 = require("./primordials");
-__exportStar(require("./constants"), exports);
-__exportStar(require("./types"), exports);
-__exportStar(require("./primordials"), exports);
-const { CONTRAST_INSTALLATION_TOOL = 'NONE' } = process.env;
-const { StringPrototypeSplit, BufferFrom, BufferPrototypeToString } = primordials_1.primordials;
-exports.empties = {
-    OBJECT: Object.freeze({}),
-    ARRAY: Object.freeze([]),
-    UNTRACKED_VALUE_OBJ: Object.freeze({ value: null, tracked: false })
-};
-/**
- * Returns true if the value passed is either a primitive string or a
- * String object.
- */
-// eslint-disable-next-line @typescript-eslint/ban-types
-function isString(value) {
-    return typeof value === 'string' || value instanceof String;
-}
-exports.isString = isString;
-function isNonEmptyObject(value) {
-    return !!value && typeof value === 'object' && Object.keys(value).length > 0;
-}
-exports.isNonEmptyObject = isNonEmptyObject;
-/* c8 ignore next 3 */
-function encodeString(str) {
-    return BufferPrototypeToString.call(BufferFrom(str), 'base64');
-}
-exports.encodeString = encodeString;
-function traverse(obj, cb, path, traverseValues, traverseKeys, depth = Infinity) {
-    let shouldKeepTraversing = true;
-    let reachedDepth = 0;
-    function _traverse(obj, cb, path, traverseValues, traverseKeys) {
-        const isArray = Array.isArray(obj);
-        for (const k in obj) {
-            if (!shouldKeepTraversing || reachedDepth >= depth)
-                return;
-            if (isArray) {
-                const _k = Number(k);
-                // if it is an array, store each index in path but don't call the
-                // callback on the index itself as they are just numeric strings.
-                path.push(_k);
-                if (typeof obj[_k] === 'object' && obj[_k] !== null) {
-                    reachedDepth++;
-                    _traverse(obj[_k], cb, path, traverseValues, traverseKeys);
-                }
-                else if (typeof obj[_k] === 'string' && obj[_k]) {
-                    if (traverseValues && cb(path, 'Value', obj[_k], obj)) {
-                        return shouldKeepTraversing = false;
-                    }
-                }
-                path.pop();
-            }
-            else if (typeof obj[k] === 'object' && obj[k] !== null) {
-                if (traverseKeys && cb(path, 'Key', k, obj)) {
-                    return shouldKeepTraversing = false;
-                }
-                path.push(k);
-                reachedDepth++;
-                _traverse(obj[k], cb, path, traverseValues, traverseKeys);
-                path.pop();
-            }
-            else {
-                if (traverseKeys && cb(path, 'Key', k, obj)) {
-                    return shouldKeepTraversing = false;
-                }
-                // only callback if the value is a non-empty string
-                if (typeof obj[k] === 'string' && obj[k]) {
-                    path.push(k);
-                    if (traverseValues && cb(path, 'Value', obj[k], obj)) {
-                        return shouldKeepTraversing = false;
-                    }
-                    path.pop();
-                }
-            }
-        }
-    }
-    _traverse(obj, cb, path, traverseValues, traverseKeys);
-}
-function traverseKeysAndValues(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], true, true, depth);
-}
-exports.traverseKeysAndValues = traverseKeysAndValues;
-function traverseValues(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], true, false, depth);
-}
-exports.traverseValues = traverseValues;
-function traverseKeys(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], false, true, depth);
-}
-exports.traverseKeys = traverseKeys;
-function callChildComponentMethodsSync(parent, method, order) {
-    const keys = order || Object.keys(parent);
-    for (const key of keys) {
-        const component = parent[key];
-        component?.[method]?.();
-    }
-}
-exports.callChildComponentMethodsSync = callChildComponentMethodsSync;
-async function callChildComponentMethods(parent, method, order) {
-    const keys = order || Object.keys(parent);
-    for (const key of keys) {
-        const component = parent[key];
-        await component?.[method]?.();
-    }
-}
-exports.callChildComponentMethods = callChildComponentMethods;
-function groupResultsMap(resultsMap) {
-    const result = {
-        commonResultsMap: {},
-        hardeningResultsMap: {},
-        semanticResultsMap: {},
-        serverFeaturesResultsMap: {},
-    };
-    Object.keys(resultsMap).reduce((acc, rule) => {
-        switch (rule) {
-            case constants_1.Rule.SQL_INJECTION:
-            case constants_1.Rule.CMD_INJECTION:
-            case constants_1.Rule.PATH_TRAVERSAL:
-            case constants_1.Rule.REFLECTED_XSS:
-            case constants_1.Rule.SSJS_INJECTION:
-            case constants_1.Rule.NOSQL_INJECTION_MONGO:
-            case constants_1.Rule.UNSAFE_FILE_UPLOAD:
-            case constants_1.Rule.BOT_BLOCKER:
-            case constants_1.Rule.NOSQL_INJECTION:
-                acc.commonResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS:
-            case constants_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS:
-            case constants_1.Rule.XXE:
-            case constants_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS:
-            case constants_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS:
-                acc.semanticResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.VIRTUAL_PATCH:
-            case constants_1.Rule.IP_DENYLIST:
-                acc.serverFeaturesResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.UNTRUSTED_DESERIALIZATION:
-                acc.hardeningResultsMap[rule] = resultsMap[rule];
-        }
-        return acc;
-    }, result);
-    return result;
-}
-exports.groupResultsMap = groupResultsMap;
-function get(obj, name) {
-    let target = obj;
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    const props = StringPrototypeSplit.call(name, '.');
-    for (const prop of props) {
-        target = target?.[prop];
-        if (target === undefined)
-            break;
-    }
-    return target;
-}
-exports.get = get;
-function set(obj, name, value) {
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    const props = StringPrototypeSplit.call(name, '.');
-    const lastProp = props.pop();
-    for (const p of props) {
-        if (!obj[p])
-            obj[p] = {};
-        obj = obj[p];
-    }
-    obj[lastProp] = value;
-}
-exports.set = set;
-/** Suppresses output to stderr when installed by the universal agent */
-function safeConsoleError(...args) {
-    if (CONTRAST_INSTALLATION_TOOL === 'NONE') {
-        console.error(...args);
-    }
-}
-exports.safeConsoleError = safeConsoleError;
-/** Suppresses output to stderr when installed by the universal agent */
-function safeConsoleWarn(...args) {
-    if (CONTRAST_INSTALLATION_TOOL === 'NONE') {
-        console.warn(...args);
-    }
-}
-exports.safeConsoleWarn = safeConsoleWarn;
-//# sourceMappingURL=index.js.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/primordials.d.ts

@@ -1,65 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-import { inspect } from 'util';
-import fs from 'fs';
-export declare const primordials: {
-    ArrayPrototypeJoin: (separator?: string | undefined) => string;
-    ArrayPrototypeSlice: (start?: number | undefined, end?: number | undefined) => any[];
-    BufferFrom: typeof Buffer.from;
-    BufferPrototypeToString: (encoding?: BufferEncoding | undefined, start?: number | undefined, end?: number | undefined) => string;
-    StringPrototypeConcat: (...strings: string[]) => string;
-    StringPrototypeMatch: {
-        (regexp: string | RegExp): RegExpMatchArray | null;
-        (matcher: {
-            [Symbol.match](string: string): RegExpMatchArray | null;
-        }): RegExpMatchArray | null;
-    };
-    StringPrototypeMatchAll: (regexp: RegExp) => IterableIterator<RegExpMatchArray>;
-    StringPrototypeReplace: {
-        (searchValue: string | RegExp, replaceValue: string): string;
-        (searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string;
-        (searchValue: {
-            [Symbol.replace](string: string, replaceValue: string): string;
-        }, replaceValue: string): string;
-        (searchValue: {
-            [Symbol.replace](string: string, replacer: (substring: string, ...args: any[]) => string): string;
-        }, replacer: (substring: string, ...args: any[]) => string): string;
-    };
-    StringPrototypeReplaceAll: {
-        (searchValue: string | RegExp, replaceValue: string): string;
-        (searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string;
-    };
-    StringPrototypeSlice: (start?: number | undefined, end?: number | undefined) => string;
-    StringPrototypeSplit: {
-        (separator: string | RegExp, limit?: number | undefined): string[];
-        (splitter: {
-            [Symbol.split](string: string, limit?: number | undefined): string[];
-        }, limit?: number | undefined): string[];
-    };
-    StringPrototypeSubstr: (from: number, length?: number | undefined) => string;
-    StringPrototypeSubstring: (start: number, end?: number | undefined) => string;
-    StringPrototypeToLowerCase: () => string;
-    StringPrototypeToUpperCase: () => string;
-    StringPrototypeToLocaleLowerCase: (locales?: string | string[] | undefined) => string;
-    StringPrototypeToLocaleUpperCase: (locales?: string | string[] | undefined) => string;
-    StringPrototypeTrim: () => string;
-    RegExpPrototypeTest: (string: string) => boolean;
-    RegExpPrototypeExec: (string: string) => RegExpExecArray | null;
-    FunctionPrototypeToString: () => string;
-    JSONParse: (text: string, reviver?: ((this: any, key: string, value: any) => any) | undefined) => any;
-    JSONStringify: {
-        (value: any, replacer?: ((this: any, key: string, value: any) => any) | undefined, space?: string | number | undefined): string;
-        (value: any, replacer?: (string | number)[] | null | undefined, space?: string | number | undefined): string;
-    };
-    UtilInspect: typeof inspect;
-    PathBasename: (path: string, ext?: string | undefined) => string;
-    FsOpen: typeof fs.open;
-    FsOpenSync: typeof fs.openSync;
-    FsReadFile: typeof fs.readFile;
-    FsReadFileSync: typeof fs.readFileSync;
-    FsPromisesOpen: typeof fs.promises.open;
-    FsPromiseReadFile: typeof fs.promises.readFile;
-};
-//# sourceMappingURL=primordials.d.ts.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/primordials.js

@@ -1,66 +0,0 @@
-"use strict";
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
-
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.primordials = void 0;
-const util_1 = require("util");
-const path_1 = require("path");
-const fs_1 = __importDefault(require("fs"));
-const promises_1 = __importDefault(require("fs/promises"));
-exports.primordials = {
-    // arrays
-    ArrayPrototypeJoin: Array.prototype.join,
-    ArrayPrototypeSlice: Array.prototype.slice,
-    //buffers,
-    BufferFrom: Buffer.from,
-    BufferPrototypeToString: Buffer.prototype.toString,
-    //strings
-    StringPrototypeConcat: String.prototype.concat,
-    StringPrototypeMatch: String.prototype.match,
-    StringPrototypeMatchAll: String.prototype.matchAll,
-    StringPrototypeReplace: String.prototype.replace,
-    StringPrototypeReplaceAll: String.prototype.replaceAll,
-    StringPrototypeSlice: String.prototype.slice,
-    StringPrototypeSplit: String.prototype.split,
-    StringPrototypeSubstr: String.prototype.substr,
-    StringPrototypeSubstring: String.prototype.substring,
-    StringPrototypeToLowerCase: String.prototype.toLowerCase,
-    StringPrototypeToUpperCase: String.prototype.toUpperCase,
-    StringPrototypeToLocaleLowerCase: String.prototype.toLocaleLowerCase,
-    StringPrototypeToLocaleUpperCase: String.prototype.toLocaleUpperCase,
-    StringPrototypeTrim: String.prototype.trim,
-    //regex,
-    RegExpPrototypeTest: RegExp.prototype.test,
-    RegExpPrototypeExec: RegExp.prototype.exec,
-    //function
-    FunctionPrototypeToString: Function.prototype.toString,
-    // misc
-    JSONParse: JSON.parse,
-    JSONStringify: JSON.stringify,
-    UtilInspect: util_1.inspect,
-    PathBasename: path_1.basename,
-    // fs
-    FsOpen: fs_1.default.open,
-    FsOpenSync: fs_1.default.openSync,
-    FsReadFile: fs_1.default.readFile,
-    FsReadFileSync: fs_1.default.readFileSync,
-    // fs/promises
-    FsPromisesOpen: promises_1.default.open,
-    FsPromiseReadFile: promises_1.default.readFile,
-};
-//# sourceMappingURL=primordials.js.map