npm - @contrast/agent-bundle - Versions diffs - 5.40.0 → 5.42.0 - Mend

@contrast/agent-bundle 5.40.0 → 5.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/constants.js DELETED Viewed

@@ -1,270 +0,0 @@
-"use strict";
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.symbols = exports.agentLibIDListTypes = exports.FS_METHODS = exports.BLOCKING_MODES = exports.DataflowTag = exports.ExclusionType = exports.InputType = exports.SessionConfigurationRule = exports.ResponseScanningRule = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
-var Event;
-(function (Event) {
-    // lifecycle
-    Event["RESPONSE_FINISH"] = "response-finish";
-    Event["ROUTE_COVERAGE_DISCOVERY_FINISHED"] = "route-coverage-discovery-finished";
-    // reports
-    Event["ARCHITECTURE_COMPONENT"] = "architecture-component";
-    Event["ASSESS_DATAFLOW_FINDING"] = "assess-dataflow-findings";
-    Event["ASSESS_DATAFLOW_SAFE_POSITIVE"] = "assess-dataflow-safe-positive";
-    Event["ASSESS_RESPONSE_SCANNING_FINDING"] = "assess-response-scanning-findings";
-    Event["ASSESS_SESSION_CONFIGURATION_FINDING"] = "assess-session-configuration-findings";
-    Event["ASSESS_CRYPTO_ANALYSIS_FINDING"] = "assess-crypto-analysis-finding";
-    Event["LIBRARY"] = "library";
-    Event["LIBRARY_USAGE"] = "library-usage";
-    Event["PROTECT"] = "protect";
-    Event["ROUTE_COVERAGE_OBSERVATION"] = "route-coverage-observation";
-    // state changes
-    Event["SERVER_SETTINGS_UPDATE"] = "server-settings-update";
-    Event["UNINSTALL"] = "uninstall";
-    // telemetry
-    Event["UNSUPPORTED_LIBRARY"] = "unsupported-library";
-})(Event || (exports.Event = Event = {}));
-var ProtectRuleMode;
-(function (ProtectRuleMode) {
-    ProtectRuleMode["OFF"] = "off";
-    ProtectRuleMode["MONITOR"] = "monitor";
-    ProtectRuleMode["BLOCK"] = "block";
-    ProtectRuleMode["BLOCK_AT_PERIMETER"] = "block_at_perimeter";
-})(ProtectRuleMode || (exports.ProtectRuleMode = ProtectRuleMode = {}));
-var Rule;
-(function (Rule) {
-    Rule["BOT_BLOCKER"] = "bot-blocker";
-    Rule["CMD_INJECTION"] = "cmd-injection";
-    Rule["CMD_INJECTION_COMMAND_BACKDOORS"] = "cmd-injection-command-backdoors";
-    Rule["CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS"] = "cmd-injection-semantic-chained-commands";
-    Rule["CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS"] = "cmd-injection-semantic-dangerous-paths";
-    Rule["CRYPTO_BAD_MAC"] = "crypto-bad-mac";
-    Rule["CRYPTO_BAD_CIPHERS"] = "crypto-bad-ciphers";
-    Rule["CRYPTO_WEAK_RANDOMNESS"] = "crypto-weak-randomness";
-    Rule["IP_DENYLIST"] = "ip-denylist";
-    Rule["METHOD_TAMPERING"] = "method-tampering";
-    Rule["NOSQL_INJECTION"] = "nosql-injection";
-    Rule["NOSQL_INJECTION_MONGO"] = "nosql-injection-mongo";
-    Rule["PATH_TRAVERSAL"] = "path-traversal";
-    Rule["PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS"] = "path-traversal-semantic-file-security-bypass";
-    Rule["REFLECTED_XSS"] = "reflected-xss";
-    Rule["SQL_INJECTION"] = "sql-injection";
-    Rule["SSJS_INJECTION"] = "ssjs-injection";
-    Rule["SSRF"] = "ssrf";
-    Rule["UNSAFE_CODE_EXECUTION"] = "unsafe-code-execution";
-    Rule["UNSAFE_FILE_UPLOAD"] = "unsafe-file-upload";
-    Rule["UNTRUSTED_DESERIALIZATION"] = "untrusted-deserialization";
-    Rule["VIRTUAL_PATCH"] = "virtual-patch";
-    Rule["XXE"] = "xxe";
-    Rule["UNVALIDATED_REDIRECT"] = "unvalidated-redirect";
-})(Rule || (exports.Rule = Rule = {}));
-var ResponseScanningRule;
-(function (ResponseScanningRule) {
-    ResponseScanningRule["AUTOCOMPLETE_MISSING"] = "autocomplete-missing";
-    ResponseScanningRule["CACHE_CONTROLS_MISSING"] = "cache-controls-missing";
-    ResponseScanningRule["CLICKJACKING_CONTROL_MISSING"] = "clickjacking-control-missing";
-    ResponseScanningRule["PARAMETER_POLLUTION"] = "parameter-pollution";
-    ResponseScanningRule["CSP_HEADER_MISSING"] = "csp-header-missing";
-    ResponseScanningRule["CSP_HEADER_INSECURE"] = "csp-header-insecure";
-    ResponseScanningRule["HSTS_HEADER_MISSING"] = "hsts-header-missing";
-    ResponseScanningRule["X_POWERED_BY_HEADER"] = "x-powered-by-header";
-    ResponseScanningRule["XCONTENTTYPE_HEADER_MISSING"] = "xcontenttype-header-missing";
-    ResponseScanningRule["XXSPROTECTION_HEADER_DISABLED"] = "xxssprotection-header-disabled";
-})(ResponseScanningRule || (exports.ResponseScanningRule = ResponseScanningRule = {}));
-var SessionConfigurationRule;
-(function (SessionConfigurationRule) {
-    SessionConfigurationRule["HTTPONLY"] = "httponly";
-    SessionConfigurationRule["SECURE_FLAG_MISSING"] = "secure-flag-missing";
-})(SessionConfigurationRule || (exports.SessionConfigurationRule = SessionConfigurationRule = {}));
-var InputType;
-(function (InputType) {
-    InputType["UNDEFINED_TYPE"] = "UNDEFINED_TYPE";
-    InputType["BODY"] = "BODY";
-    InputType["COOKIE_NAME"] = "COOKIE_NAME";
-    InputType["COOKIE_VALUE"] = "COOKIE_VALUE";
-    InputType["HEADER"] = "HEADER";
-    InputType["PARAMETER_NAME"] = "PARAMETER_NAME";
-    InputType["PARAMETER_VALUE"] = "PARAMETER_VALUE";
-    InputType["QUERYSTRING"] = "QUERYSTRING";
-    InputType["URI"] = "URI";
-    InputType["SOCKET"] = "SOCKET";
-    InputType["JSON_VALUE"] = "JSON_VALUE";
-    InputType["JSON_ARRAYED_VALUE"] = "JSON_ARRAYED_VALUE";
-    InputType["MULTIPART_CONTENT_TYPE"] = "MULTIPART_CONTENT_TYPE";
-    InputType["MULTIPART_VALUE"] = "MULTIPART_VALUE";
-    InputType["MULTIPART_FIELD_NAME"] = "MULTIPART_FIELD_NAME";
-    InputType["MULTIPART_NAME"] = "MULTIPART_NAME";
-    InputType["XML_VALUE"] = "XML_VALUE";
-    InputType["DWR_VALUE"] = "DWR_VALUE";
-    InputType["METHOD"] = "METHOD";
-    InputType["REQUEST"] = "REQUEST";
-    InputType["URL_PARAMETER"] = "URL_PARAMETER";
-    InputType["UNKNOWN"] = "UNKNOWN";
-})(InputType || (exports.InputType = InputType = {}));
-var ExclusionType;
-(function (ExclusionType) {
-    ExclusionType["BODY"] = "BODY";
-    ExclusionType["COOKIE"] = "COOKIE";
-    ExclusionType["HEADER"] = "HEADER";
-    ExclusionType["PARAMETER"] = "PARAMETER";
-    ExclusionType["QUERYSTRING"] = "QUERYSTRING";
-    ExclusionType["URL"] = "URL";
-})(ExclusionType || (exports.ExclusionType = ExclusionType = {}));
-var DataflowTag;
-(function (DataflowTag) {
-    DataflowTag["XML_ENCODED"] = "XML_ENCODED";
-    DataflowTag["XML_DECODED"] = "XML_DECODED";
-    DataflowTag["HTML_ENCODED"] = "HTML_ENCODED";
-    DataflowTag["HTML_DECODED"] = "HTML_DECODED";
-    DataflowTag["URL_ENCODED"] = "URL_ENCODED";
-    DataflowTag["URL_DECODED"] = "URL_DECODED";
-    DataflowTag["CSS_ENCODED"] = "CSS_ENCODED";
-    DataflowTag["CSS_DECODED"] = "CSS_DECODED";
-    DataflowTag["BASE64_ENCODED"] = "BASE64_ENCODED";
-    DataflowTag["BASE64_DECODED"] = "BASE64_DECODED";
-    DataflowTag["JAVASCRIPT_ENCODED"] = "JAVASCRIPT_ENCODED";
-    DataflowTag["JAVASCRIPT_DECODED"] = "JAVASCRIPT_DECODED";
-    DataflowTag["JAVA_ENCODED"] = "JAVA_ENCODED";
-    DataflowTag["JAVA_DECODED"] = "JAVA_DECODED";
-    DataflowTag["CSV_ENCODED"] = "CSV_ENCODED";
-    DataflowTag["CSV_DECODED"] = "CSV_DECODED";
-    DataflowTag["SQL_ENCODED"] = "SQL_ENCODED";
-    DataflowTag["SQL_DECODED"] = "SQL_DECODED";
-    DataflowTag["LDAP_ENCODED"] = "LDAP_ENCODED";
-    DataflowTag["LDAP_DECODED"] = "LDAP_DECODED";
-    DataflowTag["XPATH_ENCODED"] = "XPATH_ENCODED";
-    DataflowTag["XPATH_DECODED"] = "XPATH_DECODED";
-    DataflowTag["OS_ENCODED"] = "OS_ENCODED";
-    DataflowTag["OS_DECODED"] = "OS_DECODED";
-    DataflowTag["VBSCRIPT_ENCODED"] = "VBSCRIPT_ENCODED";
-    DataflowTag["VBSCRIPT_DECODED"] = "VBSCRIPT_DECODED";
-    DataflowTag["POTENTIAL_SANITIZED"] = "POTENTIAL_SANITIZED";
-    DataflowTag["POTENTIAL_VALIDATED"] = "POTENTIAL_VALIDATED";
-    DataflowTag["NO_CONTROL_CHARS"] = "NO_CONTROL_CHARS";
-    DataflowTag["CUSTOM"] = "CUSTOM_CATCH_ALL";
-    // custom encoded/validated tags, only for data flow rules
-    DataflowTag["CUSTOM_ENCODED"] = "CUSTOM_ENCODED";
-    DataflowTag["CUSTOM_ENCODED_CMD_INJECTION"] = "CUSTOM_ENCODED_CMD_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION"] = "CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_HEADER_INJECTION"] = "CUSTOM_ENCODED_HEADER_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_HQL_INJECTION"] = "CUSTOM_ENCODED_HQL_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_LDAP_INJECTION"] = "CUSTOM_ENCODED_LDAP_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_LOG_INJECTION"] = "CUSTOM_ENCODED_LOG_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_NOSQL_INJECTIOn"] = "CUSTOM_ENCODED_NOSQL_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_PATH_TRAVERSAL"] = "CUSTOM_ENCODED_PATH_TRAVERSAL";
-    DataflowTag["CUSTOM_ENCODED_REDOS"] = "CUSTOM_ENCODED_REDOS";
-    DataflowTag["CUSTOM_ENCODED_REFLECTED_XSS"] = "CUSTOM_ENCODED_REFLECTED_XSS";
-    DataflowTag["CUSTOM_ENCODED_REFLECTION_INJECTION"] = "CUSTOM_ENCODED_REFLECTION_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_SMTP_INJECTION"] = "CUSTOM_ENCODED_SMTP_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_SQL_INJECTION"] = "CUSTOM_ENCODED_SQL_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_SSRF"] = "CUSTOM_ENCODED_SSRF";
-    DataflowTag["CUSTOM_ENCODED_STORED_XSS"] = "CUSTOM_ENCODED_STORED_XSS";
-    DataflowTag["CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION"] = "CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION";
-    DataflowTag["CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION"] = "CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION";
-    DataflowTag["CUSTOM_ENCODED_UNSAFE_READLINE"] = "CUSTOM_ENCODED_UNSAFE_READLINE";
-    DataflowTag["CUSTOM_ENCODED_UNSAFE_XML_DECODE"] = "CUSTOM_ENCODED_UNSAFE_XML_DECODE";
-    DataflowTag["CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION"] = "CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION";
-    DataflowTag["CUSTOM_ENCODED_UNVALIDATED_FORWARD"] = "CUSTOM_ENCODED_UNVALIDATED_FORWARD";
-    DataflowTag["CUSTOM_ENCODED_UNVALIDATED_REDIRECT"] = "CUSTOM_ENCODED_UNVALIDATED_REDIRECT";
-    DataflowTag["CUSTOM_ENCODED_XPATH_INJECTION"] = "CUSTOM_ENCODED_XPATH_INJECTION";
-    DataflowTag["CUSTOM_ENCODED_XXE"] = "CUSTOM_ENCODED_XXE";
-    DataflowTag["CUSTOM_SECURITY_CONTROL_APPLIED"] = "CUSTOM_SECURITY_CONTROL_APPLIED";
-    DataflowTag["CUSTOM_VALIDATED"] = "CUSTOM_VALIDATED";
-    DataflowTag["CUSTOM_VALIDATED_CMD_INJECTION"] = "CUSTOM_VALIDATED_CMD_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION"] = "CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_HEADER_INJECTION"] = "CUSTOM_VALIDATED_HEADER_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_HQL_INJECTION"] = "CUSTOM_VALIDATED_HQL_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_LDAP_INJECTION"] = "CUSTOM_VALIDATED_LDAP_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_LOG_INJECTION"] = "CUSTOM_VALIDATED_LOG_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_NOSQL_INJECTION"] = "CUSTOM_VALIDATED_NOSQL_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_PATH_TRAVERSAL"] = "CUSTOM_VALIDATED_PATH_TRAVERSAL";
-    DataflowTag["CUSTOM_VALIDATED_REDOS"] = "CUSTOM_VALIDATED_REDOS";
-    DataflowTag["CUSTOM_VALIDATED_REFLECTED_XSS"] = "CUSTOM_VALIDATED_REFLECTED_XSS";
-    DataflowTag["CUSTOM_VALIDATED_REFLECTION_INJECTION"] = "CUSTOM_VALIDATED_REFLECTION_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_SMTP_INJECTION"] = "CUSTOM_VALIDATED_SMTP_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_SQL_INJECTION"] = "CUSTOM_VALIDATED_SQL_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_SSRF"] = "CUSTOM_VALIDATED_SSRF";
-    DataflowTag["CUSTOM_VALIDATED_STORED_XSS"] = "CUSTOM_VALIDATED_STORED_XSS";
-    DataflowTag["CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION"] = "CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION";
-    DataflowTag["CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION"] = "CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION";
-    DataflowTag["CUSTOM_VALIDATED_UNSAFE_READLINE"] = "CUSTOM_VALIDATED_UNSAFE_READLINE";
-    DataflowTag["CUSTOM_VALIDATED_UNSAFE_XML_DECODE"] = "CUSTOM_VALIDATED_UNSAFE_XML_DECODE";
-    DataflowTag["CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION"] = "CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION";
-    DataflowTag["CUSTOM_VALIDATED_UNVALIDATED_FORWARD"] = "CUSTOM_VALIDATED_UNVALIDATED_FORWARD";
-    DataflowTag["CUSTOM_VALIDATED_UNVALIDATED_REDIRECT"] = "CUSTOM_VALIDATED_UNVALIDATED_REDIRECT";
-    DataflowTag["CUSTOM_VALIDATED_XPATH_INJECTION"] = "CUSTOM_VALIDATED_XPATH_INJECTION";
-    DataflowTag["CUSTOM_VALIDATED_XXE"] = "CUSTOM_VALIDATED_XXE";
-    // tracked_string range tags
-    DataflowTag["NO_NEWLINES"] = "NO_NEWLINES";
-    DataflowTag["UNTRUSTED"] = "UNTRUSTED";
-    DataflowTag["CROSS_SITE"] = "CROSS_SITE";
-    DataflowTag["LIMITED_CHARS"] = "LIMITED_CHARS";
-    DataflowTag["ALPHANUM_SPACE_HYPHEN"] = "ALPHANUM_SPACE_HYPHEN";
-    DataflowTag["STRING_TYPE_CHECKED"] = "STRING_TYPE_CHECKED";
-    DataflowTag["DATABASE_WRITE"] = "DATABASE_WRITE";
-    DataflowTag["HEADER"] = "HEADER";
-    DataflowTag["COOKIE"] = "COOKIE";
-    DataflowTag["WEAK_URL_ENCODED"] = "WEAK_URL_ENCODED";
-})(DataflowTag || (exports.DataflowTag = DataflowTag = {}));
-exports.BLOCKING_MODES = ['block', 'block_at_perimeter'];
-exports.FS_METHODS = [
-    { name: 'access', promises: true, sync: true, indices: [0] },
-    { name: 'appendFile', promises: true, sync: true, indices: [0] },
-    { name: 'chmod', promises: true, sync: true, indices: [0] },
-    { name: 'chown', promises: true, sync: true, indices: [0] },
-    { name: 'copyFile', promises: true, sync: true, indices: [0, 1] },
-    { name: 'cp', promises: true, sync: true, indices: [0, 1] },
-    { name: 'createReadStream', promises: false, sync: false, indices: [0] },
-    { name: 'createWriteStream', promises: false, sync: false, indices: [0] },
-    { name: 'exists', promises: false, sync: true, indices: [0] },
-    { name: 'glob', promises: true, sync: true, indices: [0] },
-    { name: 'lchmod', promises: true, sync: true, indices: [0] },
-    { name: 'lchown', promises: true, sync: true, indices: [0] },
-    { name: 'link', promises: true, sync: true, indices: [0] },
-    { name: 'lstat', promises: true, sync: true, indices: [0] },
-    { name: 'lutimes', promises: true, sync: true, indices: [0] },
-    { name: 'mkdir', promises: true, sync: true, indices: [0] },
-    { name: 'mkdtemp', promises: true, sync: true, indices: [0] },
-    { name: 'open', promises: true, sync: true, indices: [0] },
-    { name: 'openAsBlob', promises: false, sync: false, indices: [0] },
-    { name: 'opendir', promises: true, sync: true, indices: [0] },
-    { name: 'readdir', promises: true, sync: true, indices: [0] },
-    { name: 'readFile', promises: true, sync: true, indices: [0] },
-    { name: 'readlink', promises: true, sync: true, indices: [0] },
-    { name: 'realpath', promises: true, sync: true, indices: [0] },
-    { name: 'rename', promises: true, sync: true, indices: [0, 1] },
-    { name: 'rmdir', promises: true, sync: true, indices: [0] },
-    { name: 'rm', promises: true, sync: true, indices: [0] },
-    { name: 'stat', promises: true, sync: true, indices: [0] },
-    { name: 'statfs', promises: true, sync: true, indices: [0] },
-    { name: 'symlink', promises: true, sync: true, indices: [0, 1] },
-    { name: 'truncate', promises: true, sync: true, indices: [0] },
-    { name: 'unlink', promises: true, sync: true, indices: [0] },
-    { name: 'unwatchFile', promises: false, sync: false, indices: [0] },
-    { name: 'utimes', promises: true, sync: true, indices: [0] },
-    { name: 'watch', promises: true, sync: false, indices: [0] },
-    { name: 'watchFile', promises: false, sync: false, indices: [0] },
-    { name: 'writeFile', promises: true, sync: true, indices: [0] },
-];
-var agentLibIDListTypes;
-(function (agentLibIDListTypes) {
-    agentLibIDListTypes["MONGO_SLEEP"] = "MONGO-SLEEP";
-    agentLibIDListTypes["TRUE_CLAUSE_1"] = "TRUE-CLAUSE-1";
-})(agentLibIDListTypes || (exports.agentLibIDListTypes = agentLibIDListTypes = {}));
-exports.symbols = {
-    kMetrics: Symbol('contrast.metrics'),
-};
-//# sourceMappingURL=constants.js.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.d.ts DELETED Viewed

@@ -1,40 +0,0 @@
-import { CommonRulesResultsMap, HardeningResultsMap, ResultMap, SemanticAnalysisResultsMap, ServerFeaturePreliminaryResultsMap } from './types';
-export * from './constants';
-export * from './types';
-export * from './primordials';
-interface TraverseCallback {
-    (path: any[], type: 'Key' | 'Value', value: any, obj: any): unknown;
-}
-export declare const empties: {
-    OBJECT: Readonly<{}>;
-    ARRAY: readonly never[];
-    UNTRACKED_VALUE_OBJ: Readonly<{
-        value: null;
-        tracked: false;
-    }>;
-};
-/**
- * Returns true if the value passed is either a primitive string or a
- * String object.
- */
-export declare function isString(value: unknown): value is string | String;
-export declare function isNonEmptyObject(value: unknown): value is object;
-export declare function encodeString(str: string): string;
-export declare function traverseKeysAndValues(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function traverseValues(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function traverseKeys(obj: any, cb: TraverseCallback, depth?: number): void;
-export declare function callChildComponentMethodsSync(parent: any, method: 'install' | 'uninstall', order?: string[]): void;
-export declare function callChildComponentMethods(parent: any, method: 'install' | 'uninstall', order?: string[]): Promise<void>;
-export declare function groupResultsMap(resultsMap: Partial<ResultMap>): {
-    commonResultsMap: Partial<CommonRulesResultsMap>;
-    hardeningResultsMap: Partial<HardeningResultsMap>;
-    semanticResultsMap: Partial<SemanticAnalysisResultsMap>;
-    serverFeaturesResultsMap: Partial<ServerFeaturePreliminaryResultsMap>;
-};
-export declare function get(obj: any, name: string): any;
-export declare function set(obj: Record<string, any>, name: string, value: any): void;
-/** Suppresses output to stderr when installed by the universal agent */
-export declare function safeConsoleError(...args: Parameters<typeof console.error>): void;
-/** Suppresses output to stderr when installed by the universal agent */
-export declare function safeConsoleWarn(...args: Parameters<typeof console.warn>): void;
-//# sourceMappingURL=index.d.ts.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/index.js DELETED Viewed

@@ -1,228 +0,0 @@
-"use strict";
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.safeConsoleWarn = exports.safeConsoleError = exports.set = exports.get = exports.groupResultsMap = exports.callChildComponentMethods = exports.callChildComponentMethodsSync = exports.traverseKeys = exports.traverseValues = exports.traverseKeysAndValues = exports.encodeString = exports.isNonEmptyObject = exports.isString = exports.empties = void 0;
-const constants_1 = require("./constants");
-const primordials_1 = require("./primordials");
-__exportStar(require("./constants"), exports);
-__exportStar(require("./types"), exports);
-__exportStar(require("./primordials"), exports);
-const { CONTRAST_INSTALLATION_TOOL = 'NONE' } = process.env;
-const { StringPrototypeSplit, BufferFrom, BufferPrototypeToString } = primordials_1.primordials;
-exports.empties = {
-    OBJECT: Object.freeze({}),
-    ARRAY: Object.freeze([]),
-    UNTRACKED_VALUE_OBJ: Object.freeze({ value: null, tracked: false })
-};
-/**
- * Returns true if the value passed is either a primitive string or a
- * String object.
- */
-// eslint-disable-next-line @typescript-eslint/ban-types
-function isString(value) {
-    return typeof value === 'string' || value instanceof String;
-}
-exports.isString = isString;
-function isNonEmptyObject(value) {
-    return !!value && typeof value === 'object' && Object.keys(value).length > 0;
-}
-exports.isNonEmptyObject = isNonEmptyObject;
-/* c8 ignore next 3 */
-function encodeString(str) {
-    return BufferPrototypeToString.call(BufferFrom(str), 'base64');
-}
-exports.encodeString = encodeString;
-function traverse(obj, cb, path, traverseValues, traverseKeys, depth = Infinity) {
-    let shouldKeepTraversing = true;
-    let reachedDepth = 0;
-    function _traverse(obj, cb, path, traverseValues, traverseKeys) {
-        const isArray = Array.isArray(obj);
-        for (const k in obj) {
-            if (!shouldKeepTraversing || reachedDepth >= depth)
-                return;
-            if (isArray) {
-                const _k = Number(k);
-                // if it is an array, store each index in path but don't call the
-                // callback on the index itself as they are just numeric strings.
-                path.push(_k);
-                if (typeof obj[_k] === 'object' && obj[_k] !== null) {
-                    reachedDepth++;
-                    _traverse(obj[_k], cb, path, traverseValues, traverseKeys);
-                }
-                else if (typeof obj[_k] === 'string' && obj[_k]) {
-                    if (traverseValues && cb(path, 'Value', obj[_k], obj)) {
-                        return shouldKeepTraversing = false;
-                    }
-                }
-                path.pop();
-            }
-            else if (typeof obj[k] === 'object' && obj[k] !== null) {
-                if (traverseKeys && cb(path, 'Key', k, obj)) {
-                    return shouldKeepTraversing = false;
-                }
-                path.push(k);
-                reachedDepth++;
-                _traverse(obj[k], cb, path, traverseValues, traverseKeys);
-                path.pop();
-            }
-            else {
-                if (traverseKeys && cb(path, 'Key', k, obj)) {
-                    return shouldKeepTraversing = false;
-                }
-                // only callback if the value is a non-empty string
-                if (typeof obj[k] === 'string' && obj[k]) {
-                    path.push(k);
-                    if (traverseValues && cb(path, 'Value', obj[k], obj)) {
-                        return shouldKeepTraversing = false;
-                    }
-                    path.pop();
-                }
-            }
-        }
-    }
-    _traverse(obj, cb, path, traverseValues, traverseKeys);
-}
-function traverseKeysAndValues(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], true, true, depth);
-}
-exports.traverseKeysAndValues = traverseKeysAndValues;
-function traverseValues(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], true, false, depth);
-}
-exports.traverseValues = traverseValues;
-function traverseKeys(obj, cb, depth) {
-    if (typeof obj !== 'object' || obj === null) {
-        return;
-    }
-    traverse(obj, cb, [], false, true, depth);
-}
-exports.traverseKeys = traverseKeys;
-function callChildComponentMethodsSync(parent, method, order) {
-    const keys = order || Object.keys(parent);
-    for (const key of keys) {
-        const component = parent[key];
-        component?.[method]?.();
-    }
-}
-exports.callChildComponentMethodsSync = callChildComponentMethodsSync;
-async function callChildComponentMethods(parent, method, order) {
-    const keys = order || Object.keys(parent);
-    for (const key of keys) {
-        const component = parent[key];
-        await component?.[method]?.();
-    }
-}
-exports.callChildComponentMethods = callChildComponentMethods;
-function groupResultsMap(resultsMap) {
-    const result = {
-        commonResultsMap: {},
-        hardeningResultsMap: {},
-        semanticResultsMap: {},
-        serverFeaturesResultsMap: {},
-    };
-    Object.keys(resultsMap).reduce((acc, rule) => {
-        switch (rule) {
-            case constants_1.Rule.SQL_INJECTION:
-            case constants_1.Rule.CMD_INJECTION:
-            case constants_1.Rule.PATH_TRAVERSAL:
-            case constants_1.Rule.REFLECTED_XSS:
-            case constants_1.Rule.SSJS_INJECTION:
-            case constants_1.Rule.NOSQL_INJECTION_MONGO:
-            case constants_1.Rule.UNSAFE_FILE_UPLOAD:
-            case constants_1.Rule.BOT_BLOCKER:
-            case constants_1.Rule.NOSQL_INJECTION:
-                acc.commonResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS:
-            case constants_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS:
-            case constants_1.Rule.XXE:
-            case constants_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS:
-            case constants_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS:
-                acc.semanticResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.VIRTUAL_PATCH:
-            case constants_1.Rule.IP_DENYLIST:
-                acc.serverFeaturesResultsMap[rule] = resultsMap[rule];
-                break;
-            case constants_1.Rule.UNTRUSTED_DESERIALIZATION:
-                acc.hardeningResultsMap[rule] = resultsMap[rule];
-        }
-        return acc;
-    }, result);
-    return result;
-}
-exports.groupResultsMap = groupResultsMap;
-function get(obj, name) {
-    let target = obj;
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    const props = StringPrototypeSplit.call(name, '.');
-    for (const prop of props) {
-        target = target?.[prop];
-        if (target === undefined)
-            break;
-    }
-    return target;
-}
-exports.get = get;
-function set(obj, name, value) {
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    const props = StringPrototypeSplit.call(name, '.');
-    const lastProp = props.pop();
-    for (const p of props) {
-        if (!obj[p])
-            obj[p] = {};
-        obj = obj[p];
-    }
-    obj[lastProp] = value;
-}
-exports.set = set;
-/** Suppresses output to stderr when installed by the universal agent */
-function safeConsoleError(...args) {
-    if (CONTRAST_INSTALLATION_TOOL === 'NONE') {
-        console.error(...args);
-    }
-}
-exports.safeConsoleError = safeConsoleError;
-/** Suppresses output to stderr when installed by the universal agent */
-function safeConsoleWarn(...args) {
-    if (CONTRAST_INSTALLATION_TOOL === 'NONE') {
-        console.warn(...args);
-    }
-}
-exports.safeConsoleWarn = safeConsoleWarn;
-//# sourceMappingURL=index.js.map

package/node_modules/@contrast/sec-obs/node_modules/@contrast/common/lib/primordials.d.ts DELETED Viewed

@@ -1,65 +0,0 @@
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-/// <reference types="node" />
-import { inspect } from 'util';
-import fs from 'fs';
-export declare const primordials: {
-    ArrayPrototypeJoin: (separator?: string | undefined) => string;
-    ArrayPrototypeSlice: (start?: number | undefined, end?: number | undefined) => any[];
-    BufferFrom: typeof Buffer.from;
-    BufferPrototypeToString: (encoding?: BufferEncoding | undefined, start?: number | undefined, end?: number | undefined) => string;
-    StringPrototypeConcat: (...strings: string[]) => string;
-    StringPrototypeMatch: {
-        (regexp: string | RegExp): RegExpMatchArray | null;
-        (matcher: {
-            [Symbol.match](string: string): RegExpMatchArray | null;
-        }): RegExpMatchArray | null;
-    };
-    StringPrototypeMatchAll: (regexp: RegExp) => IterableIterator<RegExpMatchArray>;
-    StringPrototypeReplace: {
-        (searchValue: string | RegExp, replaceValue: string): string;
-        (searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string;
-        (searchValue: {
-            [Symbol.replace](string: string, replaceValue: string): string;
-        }, replaceValue: string): string;
-        (searchValue: {
-            [Symbol.replace](string: string, replacer: (substring: string, ...args: any[]) => string): string;
-        }, replacer: (substring: string, ...args: any[]) => string): string;
-    };
-    StringPrototypeReplaceAll: {
-        (searchValue: string | RegExp, replaceValue: string): string;
-        (searchValue: string | RegExp, replacer: (substring: string, ...args: any[]) => string): string;
-    };
-    StringPrototypeSlice: (start?: number | undefined, end?: number | undefined) => string;
-    StringPrototypeSplit: {
-        (separator: string | RegExp, limit?: number | undefined): string[];
-        (splitter: {
-            [Symbol.split](string: string, limit?: number | undefined): string[];
-        }, limit?: number | undefined): string[];
-    };
-    StringPrototypeSubstr: (from: number, length?: number | undefined) => string;
-    StringPrototypeSubstring: (start: number, end?: number | undefined) => string;
-    StringPrototypeToLowerCase: () => string;
-    StringPrototypeToUpperCase: () => string;
-    StringPrototypeToLocaleLowerCase: (locales?: string | string[] | undefined) => string;
-    StringPrototypeToLocaleUpperCase: (locales?: string | string[] | undefined) => string;
-    StringPrototypeTrim: () => string;
-    RegExpPrototypeTest: (string: string) => boolean;
-    RegExpPrototypeExec: (string: string) => RegExpExecArray | null;
-    FunctionPrototypeToString: () => string;
-    JSONParse: (text: string, reviver?: ((this: any, key: string, value: any) => any) | undefined) => any;
-    JSONStringify: {
-        (value: any, replacer?: ((this: any, key: string, value: any) => any) | undefined, space?: string | number | undefined): string;
-        (value: any, replacer?: (string | number)[] | null | undefined, space?: string | number | undefined): string;
-    };
-    UtilInspect: typeof inspect;
-    PathBasename: (path: string, ext?: string | undefined) => string;
-    FsOpen: typeof fs.open;
-    FsOpenSync: typeof fs.openSync;
-    FsReadFile: typeof fs.readFile;
-    FsReadFileSync: typeof fs.readFileSync;
-    FsPromisesOpen: typeof fs.promises.open;
-    FsPromiseReadFile: typeof fs.promises.readFile;
-};
-//# sourceMappingURL=primordials.d.ts.map