npm - @contrast/agent-bundle - Versions diffs - 5.40.0 → 5.41.0 - Mend

@contrast/agent-bundle 5.40.0 → 5.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/config.js DELETED Viewed

@@ -1,290 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const process = require('process');
-const path = require('path');
-const fs = require('fs');
-const os = require('os');
-const yaml = require('yaml');
-const { Event, get, set, primordials: { ArrayPrototypeJoin, StringPrototypeToUpperCase, JSONParse } } = require('@contrast/common');
-const options = require('./options');
-const {
-  ConfigSource: {
-    CONTRAST_UI,
-    DEFAULT_VALUE,
-    ENVIRONMENT_VARIABLE,
-    USER_CONFIGURATION_FILE,
-  },
-  mappings,
-  ConfigSource,
-} = require('./common');
-const CONTRAST_CONFIG_PATH = 'CONTRAST_CONFIG_PATH';
-const CONTRAST_PREFIX = 'CONTRAST_';
-const HOME_CONFIG_DIR = path.resolve(os.homedir(), '.config', 'contrast');
-const OS_CONFIG_DIR = os.platform() === 'win32'
-  ? path.resolve(process.env.ProgramData || '', 'contrast')
-  : '/etc/contrast';
-const REDACTED_KEYS = ['api.api_key', 'api.service_key', 'api.token'];
-const OVERRIDABLE_SOURCES = [DEFAULT_VALUE, CONTRAST_UI];
-const isValid = (opt) => opt !== undefined && opt !== null && opt !== '';
-module.exports = class Config {
-  constructor(core) {
-    // internals
-    this._filepath = '';
-    this._errors = [];
-    this._effectiveMap = new Map();
-    this._status = '';
-    this._logs = [];
-    // config object
-    this.api = {};
-    this.agent = {
-      diagnostics: {},
-      reporters: {},
-      security_logger: {},
-      logger: {},
-      node: {},
-    };
-    this.application = {};
-    this.assess = {
-      probabilistic_sampling: {
-        route_monitor: {}
-      }
-    };
-    this.inventory = {};
-    this.protect = {
-      rules: {},
-      disabled_rules: ''
-    };
-    this.server = {};
-    // initialize
-    this._build();
-    this._validate();
-    // report all the errors found during initialization.
-    if (this._errors.length) {
-      const errors = ArrayPrototypeJoin.call(this._errors.map((e, ix) => `${ix + 1}) ${e.message}`), '; ');
-      throw new Error(`Errors found in configuration ${errors}`);
-    }
-    core.messages?.on?.(Event.SERVER_SETTINGS_UPDATE, (msg) => {
-      if (!this._status) this._status = 'Success';
-      for (const [name, mapper] of Object.entries(mappings)) {
-        if (OVERRIDABLE_SOURCES.includes(this.getEffectiveSource(name))) {
-          const remoteValue = mapper(msg);
-          if (isValid(remoteValue)) {
-            this._effectiveMap.set(name, {
-              canonical_name: name,
-              name,
-              value: remoteValue,
-              source: CONTRAST_UI,
-            });
-          }
-        }
-      }
-    });
-  }
-  _initEnv() {
-    const { env } = process;
-    if (env.pm2_env?.includes(CONTRAST_PREFIX)) {
-      let parsedEnv;
-      try {
-        parsedEnv = JSONParse(env.pm2_env);
-      } catch (_err) {
-        const err = new Error(`Unable to parse pm2 environment variable: '${env.pm2_env}'`);
-        err.cause = _err;
-        this._errors.push(err);
-      }
-      for (const pm2EnvConfig of [parsedEnv?.env, parsedEnv]) {
-        if (!pm2EnvConfig) continue;
-        for (const [name, value] of Object.entries(pm2EnvConfig)) {
-          if (env[name] || !name.startsWith(CONTRAST_PREFIX)) continue;
-          env[name] = value;
-        }
-      }
-    }
-    return Object.entries(env).reduce((acc, [key, val]) => {
-      const name = StringPrototypeToUpperCase.call(key);
-      if (name.startsWith('CONTRAST_')) {
-        acc[name] = val;
-      }
-      return acc;
-    }, {});
-  }
-  /**
-   * Returns the locations to search for configuration files. Being a function
-   * allows us to stub these locations within tests.
-   */
-  _configDirs() {
-    return [
-      process.cwd(),
-      path.resolve(OS_CONFIG_DIR, 'node'),
-      OS_CONFIG_DIR,
-      path.resolve(HOME_CONFIG_DIR, 'node'),
-      HOME_CONFIG_DIR,
-    ];
-  }
-  _initFile() {
-    let fileConfig = {};
-    this._filepath = process.env[CONTRAST_CONFIG_PATH];
-    if (!this._filepath) {
-      for (const dir of this._configDirs()) {
-        const currentPath = path.resolve(dir, 'contrast_security.yaml');
-        if (fs.existsSync(currentPath)) {
-          this._filepath = currentPath;
-          break;
-        }
-      }
-    }
-    const { _filepath } = this;
-    // deliberately ignore /dev/null (linux) and \\.\\nul (windows)
-    if (_filepath && _filepath !== os.devNull) {
-      let fileContents;
-      try {
-        fileContents = fs.readFileSync(_filepath, 'utf-8');
-      } catch (e) {
-        const err = new Error(`Unable to read Contrast configuration file: '${_filepath}'`);
-        err.cause = e;
-        this._errors.push(err);
-      }
-      if (fileContents) {
-        try {
-          fileConfig = yaml.parse(fileContents, { prettyErrors: true });
-        } catch (e) {
-          const err = new Error(`Contrast configuration file is malformed: '${_filepath}'`);
-          this._errors.push(err);
-          err.cause = e;
-        }
-      }
-    }
-    return fileConfig;
-  }
-  _build() {
-    const envOptions = this._initEnv();
-    const fileOptions = this._initFile();
-    this._effectiveMap.clear();
-    for (const opt of options) {
-      const envValue = envOptions[opt.env];
-      const fileValue = get(fileOptions, opt.name);
-      let source, value;
-      if (isValid(envValue)) {
-        source = ENVIRONMENT_VARIABLE;
-        value = envValue;
-      } else if (isValid(fileValue)) {
-        source = USER_CONFIGURATION_FILE;
-        value = fileValue;
-      } else {
-        value = opt.default;
-        source = DEFAULT_VALUE;
-      }
-      if (opt.fn) value = opt.fn(value, this, source);
-      if (opt.enum && !opt.enum.includes(value)) value = opt.default;
-      set(this, opt.name, value);
-      this._effectiveMap.set(opt.name, {
-        canonical_name: opt.name,
-        name: opt.name,
-        value,
-        source,
-      });
-    }
-    // this is not a common config value
-    this.setValue('preinstrument', !!process.env.CONTRAST_PREINSTRUMENT, ConfigSource.ENVIRONMENT_VARIABLE);
-  }
-  _redact(name, value) {
-    if (value === null) return value;
-    return REDACTED_KEYS.includes(name) ? `contrast-redacted-${name}` : value;
-  }
-  _validate() {
-    if (
-      get(this, 'application.session_id') &&
-      get(this, 'application.session_metadata')
-    ) {
-      const err = new Error('Cannot set both `application.session_id` and `application.session_metadata`');
-      this._errors.push(err);
-    }
-  }
-  getReport({ redact = true }) {
-    const report = {
-      report_create: new Date(),
-      config: {
-        status: this._status
-      }
-    };
-    const effective_config = [], environment_variable = [], contrast_ui = [];
-    Array.from(this._effectiveMap.values()).forEach((v) => {
-      let { value, name, canonical_name, source } = v;
-      if (value === null) return;
-      if (redact) value = this._redact(name, value);
-      value = String(value);
-      effective_config.push({ value, name, canonical_name, source });
-      if (source === ENVIRONMENT_VARIABLE) environment_variable.push({ value, name, canonical_name });
-      if (source === CONTRAST_UI) contrast_ui.push({ value, name, canonical_name });
-    });
-    report.config['effective_config'] = effective_config;
-    if (contrast_ui.length) report.config['contrast_ui'] = contrast_ui;
-    if (environment_variable.length) report.config['environment_variable'] = environment_variable;
-    return report;
-  }
-  getEffectiveSource(canonicalName) {
-    return this._effectiveMap.get(canonicalName)?.source;
-  }
-  getEffectiveValue(canonicalName) {
-    return this._effectiveMap.get(canonicalName)?.value;
-  }
-  setValue(name, value, source) {
-    this._effectiveMap.set(name, { canonical_name: name, name, source, value });
-    set(this, name, value);
-  }
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/index.d.ts DELETED Viewed

@@ -1,328 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-import { ProtectRuleMode, Rule } from '@contrast/common';
-import { LevelWithSilent } from 'pino';
-export { ConfigSource } from './common';
-export interface EffectiveEntry<T> {
-  canonical_name: string;
-  name: string;
-  value: T;
-  source: string;
-}
-export type Level =
-  | 'error'
-  | 'warn'
-  | 'info'
-  | 'debug'
-  | 'trace';
-export type SyslogLevel =
-  | 'alert'
-  | 'critical'
-  | 'error'
-  | 'warning'
-  | 'notice'
-  | 'info'
-  | 'debug';
-export interface ConfigOption<T> {
-  name: string;
-  abbrev?: string;
-  env: string;
-  arg: string;
-  enum?: T[];
-  default?: T;
-  fn?: (arg: any, cfg: Config, source: string) => T;
-  desc: string;
-}
-export interface Config {
-  _filepath: string;
-  _effectiveMap: Map<string, EffectiveEntry<any>>;
-  _errors: Error[];
-  _status: string,
-  _logs: {
-    level: import('pino').LevelWithSilentOrString;
-    obj?: any;
-    msg: string;
-    args?: any[];
-  }[];
-  api: {
-    /** Default: `true` */
-    enable: boolean;
-    /** Default: `'https://app.contrastsecurity.com/Contrast'` */
-    url: string;
-    /** No default value but required when `api.enable` is `true` */
-    api_key: string;
-    /** No default value but required when `api.enable` is `true` */
-    service_key: string;
-    /** No default value but required when `api.enable` is `true` */
-    user_name: string;
-    certificate: {
-      /** If set to `false`, the agent will ignore the certificate configuration in this section. Default: `true` */
-      enable: boolean;
-      /** Set the absolute or relative path to a CA for communication with the Contrast UI using a self-signed certificate. */
-      ca_file?: string;
-      /** Set the absolute or relative path to the Certificate PEM file for communication with the Contrast UI. */
-      cert_file?: string;
-      /** Set the absolute or relative path to the Key PEM file for communication with the Contrast UI. */
-      key_file?: string;
-      /** When set to `true`, the agent ignores certificate verification errors when the agent communicates with the Contrast UI. Default: `false` */
-      ignore_cert_errors: boolean;
-    };
-    proxy: {
-      /** Default: `false` */
-      enable: boolean;
-      /** No default value but required when `api.proxy.enable` is `true` */
-      url: string;
-    };
-  };
-  agent: {
-    /**
-     * Limit for stack trace size (larger limits will improve accuracy but
-     * increase memory usage). Default: `10`
-     */
-    stack_trace_limit: number;
-    /**
-     * List of patterns to ignore within stack traces.
-     * Default: `['agent-', '@contrast', 'node-agent']
-     */
-    stack_trace_filters: string[];
-    diagnostics: {
-      /** Default: `true` */
-      enable: boolean;
-      /** Default: `false` */
-      quiet: boolean
-      report_path?: string;
-    };
-    route_coverage: {
-      /** Default: `true` */
-      enable: boolean;
-    };
-    reporters: {
-      /** Path indicating where to report all agent findings. */
-      file?: string | number;
-    };
-    polling: {
-      /** Default: `30000` */
-      app_activity_ms: number;
-      /** Default: `30000` */
-      app_settings_ms: number;
-      /** Default: `30000` */
-      app_update_ms: number;
-      /** Default: `30000` */
-      server_settings_ms: number;
-    };
-    logger: {
-      /** Default: `'./contrast.log'` */
-      path: string;
-      /**
-       * Minimum log level. 'silent' disables logging entirely.
-       * Default: `'info'`
-       */
-      level: LevelWithSilent;
-      /**
-       * When false, create a new log file on startup instead of appending and
-       * rolling daily. Default: `true`
-       */
-      append: boolean;
-      /** Suppress output when `false`. Default: `true` */
-      stdout: boolean;
-    };
-    security_logger: {
-      /** Default: `'./security.log'` */
-      path: string;
-      /** Default: `'error'` */
-      level: Level;
-      /** Default: `false` */
-      stdout: boolean;
-      syslog: {
-        /** Default: `false` */
-        enable: boolean;
-        /** Default: `'127.0.0.1'` */
-        ip: string;
-        /** Default: `514` */
-        port: number;
-        /**
-         * The facility code of the messages the agent sends to Syslog.
-         * Values: 0-23, inclusive.
-         * Default: `19`
-         */
-        facility: number;
-        /** Log level of 'Exploited' attacks. Default: `'alert'` */
-        severity_exploited: SyslogLevel;
-        /** Log level of 'Blocked' attacks. Default: `'notice'` */
-        severity_blocked: SyslogLevel;
-        /** Log level of 'Blocked at Perimeter' attacks. Default: `'notice'` */
-        severity_blocked_perimeter: SyslogLevel;
-        /** Log level of 'Probed' attacks. Default: `'warning'` */
-        severity_probed: SyslogLevel;
-        /** Log level of suspcious but not blocked attacks. Default: `'warning'` */
-        severity_suspicious: SyslogLevel;
-      };
-    };
-    node: {
-      /** Location to look for the app's package.json. Default: `process.cwd()` */
-      app_root: string;
-      rewrite: {
-        /** Default: `true` */
-        enable: boolean;
-        cache: {
-          /** Default: `true` */
-          enable: boolean;
-          /** Default: `./.contrast` */
-          path: string;
-        }
-        /** Default: `true` */
-        minify: boolean;
-      };
-      source_maps: {
-        /** Default: `true` */
-        enable: boolean;
-      };
-      library_usage: {
-        reporting: {
-          /** Default: `true` */
-          enable: boolean;
-          /** Default: `100` */
-          interval_ms: number;
-        };
-      };
-      metrics: {
-        /** Default: `true` */
-        enable: boolean;
-        /** 'Set the response duration (in milliseconds) after which we will warn that a request has been hanging.' Default: `5000` */
-        warn_ms: number;
-      };
-      /** Set the full path of the npm executable, used for library analysis. Default: `'npm'` */
-      npm_path: string;
-    };
-  };
-  inventory: {
-    /** Default: `true` */
-    analyze_libraries: boolean;
-    gather_metadata_via: 'AWS' | 'Azure' | 'GCP' | undefined;
-  };
-  assess: {
-    /** Default: `false` */
-    enable: boolean;
-    tags?: string;
-    /** Default: `'ALL'` */
-    stacktraces: string;
-    /** Default: `150` */
-    max_context_source_events: number;
-    /** Default: `500` */
-    max_propagation_events: number;
-    safe_positives: {
-      /** Default: `false` */
-      enable: boolean;
-    };
-    /** Defualt: `false` */
-    trust_custom_validators: boolean;
-    // effective based on local config and 'assess.sampling' TS DTM
-    probabilistic_sampling: {
-      /** Defualt: `false` */
-      enable: boolean,
-      route_monitor: {
-        /** Defualt: `3600000` */
-        ttl_ms: number,
-      }
-    }
-  };
-  protect: {
-    /** Default: `false` */
-    enable: boolean;
-    probe_analysis: {
-      /** Default: `true` */
-      enable: boolean;
-    }
-    rules: {
-      /**
-       * List of rule ids to disable.
-       * Default: `[]`
-       */
-      disabled_rules: string[];
-    } & Record<Omit<Rule, Rule.BOT_BLOCKER | Rule.IP_DENYLIST | Rule.VIRTUAL_PATCH>, { mode: ProtectRuleMode }>;
-  };
-  application: {
-    /** Override the reported application name. */
-    name?: string;
-    /** Override the reported application path. Default: `'/'` */
-    path: string;
-    /** Add the name of the application group with which this application should be associated in the Contrast UI. */
-    group?: string;
-    /** Add the application code this application should use in the Contrast UI. */
-    code?: string;
-    /** Override the reported application version. */
-    version?: string;
-    /** Apply labels to an application. Labels must be formatted as a comma-delimited list. Example - `label1,label2,label3` */
-    tags?: string;
-    /** Comma-separated list of key=value pairs that are applied to each application reported by the agent. */
-    metadata?: string;
-    /** Provide the ID of a session existing within Contrast UI. Exclusive with `session_metadata` */
-    session_id?: string;
-    /** Provide metadata used to create a new session within Contrast UI. Exclusive with `session_id` */
-    session_metadata?: string;
-  };
-  /** Reported server information overrides */
-  server: {
-    /** Default: `os.hostname()` */
-    name: string;
-    environment?: string;
-    tags?: string;
-    version?: string;
-    /** Default: `true` */
-    discover_cloud_resource: boolean;
-  };
-  getEffectiveSource(cannonicalName: string): string;
-  getEffectiveValue<T = any>(cannonicalName: string): T;
-  getReport({ redact: boolean }): any;
-  setValue<T = any>(name: string, value: T, source: string): void;
-}
-declare function init(core: { config?: Config }): Config;
-export = init;

package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/index.js DELETED Viewed

@@ -1,29 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { ConfigSource } = require('./common');
-const { Core } = require('@contrast/core/lib/ioc/core');
-const Config = require('./config');
-module.exports = Core.makeComponent({
-  name: 'config',
-  factory(core = {}) {
-    return core.config = new Config(core);
-  }
-});
-module.exports.ConfigSource = ConfigSource;