npm - @contrast/agent-bundle - Versions diffs - 5.42.0 → 5.45.1 - Mend

@contrast/agent-bundle 5.42.0 → 5.45.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (468) hide show

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.js CHANGED Viewed

@@ -14,460 +14,293 @@
  * way not consistent with the End User License Agreement.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleProtectMessage = void 0;
+exports.Translations = exports.FindingGroup = void 0;
 const common_1 = require("@contrast/common");
 const types_1 = require("../../types");
 const { StringPrototypeToUpperCase, StringPrototypeSplit, JSONStringify } = common_1.primordials;
-const serverFeaturesRules = ['virtual-patch', 'ip-denylist'];
-const mapInputType = (result) => {
-    /* c8 ignore next 31 */
-    if (result.inputType in types_1.InputType)
-        return result.inputType;
-    switch (result.inputType) {
-        case 'UriPath':
-            return types_1.InputType.URI;
-        case 'UrlParameter':
-            return types_1.InputType.URL_PARAMETER;
-        case 'CookieName':
-            return types_1.InputType.COOKIE_NAME;
-        case 'CookieValue':
-            return types_1.InputType.COOKIE_VALUE;
-        case 'HeaderKey':
-            return types_1.InputType.UNKNOWN;
-        case 'HeaderValue':
-            return types_1.InputType.HEADER;
-        case 'JsonKey':
-            return types_1.InputType.UNKNOWN;
-        case 'JsonValue':
-            return types_1.InputType.JSON_VALUE;
-        case 'Method':
-            return types_1.InputType.METHOD;
-        case 'ParameterKey':
-            return types_1.InputType.PARAMETER_NAME;
-        case 'ParameterValue':
-            return types_1.InputType.PARAMETER_VALUE;
-        case 'MultipartName':
-            return types_1.InputType.MULTIPART_NAME;
-        case 'XmlValue':
-            return types_1.InputType.XML_VALUE;
-        case 'Unknown':
-            return types_1.InputType.UNKNOWN;
+const CONTRAST_REDACTED_VECTOR = 'contrast-redacted-vector';
+const rulesThatExploitWithoutFindings = new Set([
+    common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS,
+    common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS,
+    common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS,
+    common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS,
+]);
+const rulesThatBlockAtPerimeterOnly = new Set([
+    common_1.Rule.VIRTUAL_PATCH,
+    common_1.Rule.IP_DENYLIST,
+    common_1.Rule.REFLECTED_XSS,
+]);
+var FindingGroup;
+(function (FindingGroup) {
+    FindingGroup["INEFFECTIVE"] = "ineffective";
+    FindingGroup["BLOCKED"] = "blocked";
+    FindingGroup["BLOCKED_AT_PERIMETER"] = "blockedAtPerimeter";
+    FindingGroup["EXPLOITED"] = "exploited";
+})(FindingGroup || (exports.FindingGroup = FindingGroup = {}));
+class Translations {
+    constructor(core) {
+        Object.defineProperty(this, 'core', { value: core, enumerable: false });
+        this.detailsBuilders = new Map([
+            [common_1.Rule.CMD_INJECTION, this.createDetailsMapper((e) => ({
+                    command: e.result.value,
+                    startIndex: e.findings.startIndex,
+                    endIndex: e.findings.endIndex,
+                }))],
+            [common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS, (e) => ({
+                    command: e.result.value,
+                    findings: [0],
+                })],
+            [common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS, (e) => ({
+                    command: e.result.value,
+                    findings: [1],
+                })],
+            [common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS, (e) => ({
+                    command: e.result.value,
+                    findings: [2],
+                })],
+            [common_1.Rule.IP_DENYLIST, (e) => e.findings],
+            [common_1.Rule.METHOD_TAMPERING, (e) => ({
+                    method: StringPrototypeToUpperCase.call(e.result.value),
+                    statusCode: e.findings.statusCode,
+                })],
+            [common_1.Rule.NOSQL_INJECTION_MONGO, this.createDetailsMapper((e) => ({
+                    start: e.findings.start,
+                    end: e.findings.end,
+                    boundaryOverrunIndex: e.findings.boundaryOverrunIndex,
+                    inputBoundaryIndex: e.findings.inputBoundaryIndex,
+                    query: typeof e.sinkContext?.value === 'string'
+                        ? e.sinkContext.value
+                        : JSONStringify(e.sinkContext?.value),
+                }))],
+            [common_1.Rule.PATH_TRAVERSAL, (e) => ({
+                    path: e.result.value,
+                })],
+            [common_1.Rule.REFLECTED_XSS, (e) => ({})], // TODO
+            [common_1.Rule.SQL_INJECTION, this.createDetailsMapper((e) => ({
+                    start: e.findings.startIndex,
+                    end: e.findings.endIndex,
+                    boundaryOverrunIndex: e.findings.boundaryIndex,
+                    inputBoundaryIndex: e.findings.overrunIndex,
+                    query: e.sinkContext?.value,
+                }))],
+            [common_1.Rule.SSJS_INJECTION, (e) => ({
+                    start: e.findings.startIndex,
+                    end: e.findings.endIndex,
+                    boundaryOverrunIndex: e.findings.boundaryIndex,
+                    codeString: e.findings.codeString,
+                })],
+            [common_1.Rule.UNTRUSTED_DESERIALIZATION, (e) => e.findings],
+            [common_1.Rule.VIRTUAL_PATCH, (e) => e.findings],
+            [common_1.Rule.XXE, (e) => e.findings.entities.reduce((acc, entity) => {
+                    acc.declaredEntities.push({
+                        start: entity.start,
+                        end: entity.finish,
+                    });
+                    acc.entitiesResolved.push({
+                        publicId: entity.type === 'PUBLIC' ? entity.uri : undefined,
+                        systemId: entity.type === 'SYSTEM' ? entity.uri : undefined,
+                    });
+                    return acc;
+                }, { xml: e.findings.prolog, declaredEntities: [], entitiesResolved: [] })],
+        ]);
     }
-};
-const buildInputPayload = (result, time) => ({
-    filters: result.mongoExpansionResult
-        ? ['nosql-expansion']
-        : result.ruleId === common_1.Rule.UNSAFE_FILE_UPLOAD
-            ? ['agent-lib']
-            : [],
-    name: result.key || '',
-    time,
-    type: mapInputType(result) || 'UNKNOWN',
-    // NOTE: In v4 we have other documentTypes too, why pick only NORMAL?
-    documentType: types_1.DocumentType.NORMAL,
-    value: result.value,
-});
-const buildTimePayload = (time) => ({ start: time, elapsed: time });
-const reflectedXSSDetailsBuilder = (el) => ({}); // TODO
-const untrustedDeserializationDetailsBuilder = (el) => el.exploitMetadata[0];
-const virtualPatchDetailsBuilder = (el) => el.exploitMetadata?.[0] || {};
-const ipDenylistDetailsBuilder = (el) => el.exploitMetadata?.[0] || {};
-const ssjsDetailsBuilder = (el) => {
-    if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
-        return {};
-    }
-    const { findings } = el.exploitMetadata[0];
-    return {
-        start: findings.startIndex,
-        end: findings.endIndex,
-        boundaryOverrunIndex: findings.boundaryIndex,
-        codeString: findings.codeString,
-    };
-};
-const sqlInjectionDetailsBuilder = (el) => {
-    if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
-        return {};
-    }
-    const { findings, sinkContext } = el.exploitMetadata[0];
-    return {
-        start: findings.startIndex,
-        end: findings.endIndex,
-        boundaryOverrunIndex: findings.boundaryIndex,
-        inputBoundaryIndex: findings.overrunIndex,
-        query: sinkContext.value,
-    };
-};
-const nosqliMongoDetailsBuilder = (el) => {
-    if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
-        return {};
-    }
-    const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext, } = el.exploitMetadata[0];
-    return {
-        start,
-        end,
-        boundaryOverrunIndex,
-        inputBoundaryIndex,
-        query: typeof sinkContext.value === 'string'
-            ? sinkContext.value
-            : JSONStringify(sinkContext.value),
-    };
-};
-const cmdInjectionDetailsBuilder = (el) => {
-    if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
-        return {};
+    mapInputType(result) {
+        /* c8 ignore next 31 */
+        if (result.inputType in types_1.InputType)
+            return result.inputType;
+        switch (result.inputType) {
+            case 'UriPath':
+                return types_1.InputType.URI;
+            case 'UrlParameter':
+                return types_1.InputType.URL_PARAMETER;
+            case 'CookieName':
+                return types_1.InputType.COOKIE_NAME;
+            case 'CookieValue':
+                return types_1.InputType.COOKIE_VALUE;
+            case 'HeaderKey':
+                return types_1.InputType.UNKNOWN;
+            case 'HeaderValue':
+                return types_1.InputType.HEADER;
+            case 'JsonKey':
+                return types_1.InputType.UNKNOWN;
+            case 'JsonValue':
+                return types_1.InputType.JSON_VALUE;
+            case 'Method':
+                return types_1.InputType.METHOD;
+            case 'ParameterKey':
+                return types_1.InputType.PARAMETER_NAME;
+            case 'ParameterValue':
+                return types_1.InputType.PARAMETER_VALUE;
+            case 'MultipartName':
+                return types_1.InputType.MULTIPART_NAME;
+            case 'XmlValue':
+                return types_1.InputType.XML_VALUE;
+            case 'Unknown':
+                return types_1.InputType.UNKNOWN;
+        }
     }
-    const { findings } = el.exploitMetadata[0];
-    return {
-        command: el.value,
-        startIndex: findings.startIndex,
-        endIndex: findings.endIndex,
-    };
-};
-const pathTraversalDetailsBuilder = (el) => ({
-    path: el.value,
-});
-const cmdInjectionSemanticAnalysisDetailsBuilder = (el) => {
-    const ruleId = el.ruleId;
-    const ruleIdMap = {
-        [common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS]: 0,
-        [common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]: 1,
-        [common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2,
-    };
-    return {
-        command: el.value,
-        findings: [ruleIdMap[ruleId]],
-    };
-};
-function methodTamperingDetailsBuilder(result) {
-    return {
-        method: StringPrototypeToUpperCase.call(result.value),
-        statusCode: result.exploitMetadata?.[0]?.statusCode
-    };
-}
-const xxeSemanticAnalysisDetailsBuilder = (el) => {
-    // @ts-expect-error: Unreachable code error
-    const { prolog, entities } = el.exploitMetadata[0];
-    const exploitMetadata = {
-        xml: prolog,
-        declaredEntities: [],
-        entitiesResolved: [],
-    };
-    // @ts-expect-error: Unreachable code error
-    entities.reduce((acc, entity) => {
-        acc.declaredEntities.push({
-            start: entity.start,
-            end: entity.finish,
-        });
-        acc.entitiesResolved.push({
-            publicId: entity.type === 'PUBLIC' ? entity.uri : undefined,
-            systemId: entity.type === 'SYSTEM' ? entity.uri : undefined,
-        });
-        return acc;
-    }, exploitMetadata);
-    return exploitMetadata;
-};
-const buildRequestObject = (sourceInfo) => {
-    const searchParams = new URLSearchParams(sourceInfo.queries);
-    const parameters = {};
-    for (const [key, value] of searchParams) {
-        if (parameters[key]) {
-            parameters[key].push(value);
+    buildInputPayload(result, time, masker) {
+        const { sensitiveDataMasking } = this.core;
+        const filters = [];
+        if (result.ruleId == common_1.Rule.NOSQL_INJECTION_MONGO) {
+            if (typeof result.value !== 'string')
+                filters.push('nosql-expansion');
         }
-        else {
-            parameters[key] = [value];
+        if (result.ruleId == common_1.Rule.UNSAFE_FILE_UPLOAD)
+            filters.push('agent-lib');
+        const name = result.key || '';
+        let value;
+        if (sensitiveDataMasking.policy.maskAttackVector) {
+            if (masker.unmasked?.has(result.value)) {
+                value = CONTRAST_REDACTED_VECTOR;
+            }
+            else if (name) {
+                for (const set of sensitiveDataMasking.policy.keywordSets) {
+                    if (set.has(name))
+                        value = CONTRAST_REDACTED_VECTOR;
+                }
+            }
         }
+        value = value ?? result.value;
+        return {
+            filters,
+            name,
+            time,
+            type: this.mapInputType(result) || 'UNKNOWN',
+            // NOTE: In v4 we have other documentTypes too, why pick only NORMAL?
+            documentType: types_1.DocumentType.NORMAL,
+            value,
+        };
     }
-    const headers = {};
-    for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
-        headers[sourceInfo.rawHeaders[i]] = StringPrototypeSplit.call(sourceInfo.rawHeaders[i + 1], /[,;]+/);
+    buildTimePayload(time) {
+        return { start: time, elapsed: time };
     }
-    return {
-        version: sourceInfo.httpVersion,
-        method: sourceInfo.method,
-        uri: sourceInfo.uriPath,
-        queryString: sourceInfo.queries,
-        parameters,
-        headers,
-    };
-};
-const buildProtectionRules = (results, requestPayload, time, isBlockMode, detailsBuilder) => {
-    const accumulator = {
-        startTime: 0,
-        blocked: { total: 0, startTime: 0, samples: [] },
-        exploited: { total: 0, startTime: 0, samples: [] },
-        blockedAtPerimeter: { total: 0, startTime: 0, samples: [] },
-        ineffective: { total: 0, startTime: 0, samples: [] },
-    };
-    for (const result of results) {
-        const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0
-            ? result.exploitMetadata[0]
-            : null;
-        if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO &&
-            typeof result.value !== 'string') {
-            result.mongoExpansionResult = true;
+    buildRequestObject(sourceInfo, masker) {
+        const searchParams = new URLSearchParams(sourceInfo.queries);
+        const parameters = {};
+        for (const [key, value] of searchParams) {
+            const redacted = masker.getMaskedValue(key, value);
+            if (parameters[key]) {
+                parameters[key].push(redacted);
+            }
+            else {
+                parameters[key] = [redacted];
+            }
+        }
+        const headers = {};
+        for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
+            const key = sourceInfo.rawHeaders[i];
+            const redactedValue = masker.getMaskedValue(key, sourceInfo.rawHeaders[i + 1]);
+            headers[key] = StringPrototypeSplit.call(redactedValue, /[,;]+/);
         }
-        const data = {
-            details: detailsBuilder(result),
-            input: buildInputPayload(result, time),
-            stack: (detail?.sinkContext?.stack || []).map(({ file, lineNumber, method, type }) => ({
-                fileName: file,
-                declaringClass: type,
-                methodName: method,
-                lineNumber,
-            })),
-            blocked: result.blocked,
-            timestamp: buildTimePayload(time),
-            request: requestPayload,
+        return {
+            version: sourceInfo.httpVersion,
+            method: sourceInfo.method,
+            uri: sourceInfo.uriPath,
+            queryString: sourceInfo.queries,
+            parameters,
+            headers,
         };
-        if (result.blocked) {
-            if (detail && !serverFeaturesRules.includes(result.ruleId)) {
-                accumulator.blocked.total += 1;
-                accumulator.blocked.samples.push(data);
+    }
+    ;
+    accumulateUserAgent(set, eventArg) {
+        const userAgent = eventArg.store.sourceInfo?.getHeader?.('user-agent');
+        if (userAgent)
+            set.add(userAgent);
+    }
+    accumulateFinding(_attackersMap, eventArg) {
+        let targetGroup;
+        let { ruleId } = eventArg.result;
+        const { blocked } = eventArg.result;
+        const accum = this.ensureAccum(_attackersMap, eventArg.store.sourceInfo.ip);
+        const detailsBuilder = this.detailsBuilders.get(ruleId);
+        const masker = this.core.sensitiveDataMasking.createMasker();
+        const details = detailsBuilder ? detailsBuilder(eventArg, masker) : null;
+        if (eventArg.result.blocked) {
+            if ((details && !rulesThatBlockAtPerimeterOnly.has(ruleId)) ||
+                rulesThatExploitWithoutFindings.has(ruleId)) {
+                targetGroup = FindingGroup.BLOCKED;
             }
             else {
-                accumulator.blockedAtPerimeter.total += 1;
-                accumulator.blockedAtPerimeter.samples.push(data);
+                targetGroup = FindingGroup.BLOCKED_AT_PERIMETER;
             }
         }
         else {
-            if (detail) {
-                accumulator.exploited.total += 1;
-                accumulator.exploited.samples.push(data);
+            if (details) {
+                targetGroup = FindingGroup.EXPLOITED;
             }
-            else if (result.score >= 90) {
-                accumulator.ineffective.total += 1;
-                accumulator.ineffective.samples.push(data);
+            else {
+                targetGroup = FindingGroup.INEFFECTIVE;
             }
         }
-    }
-    if (!accumulator.blocked?.samples.length &&
-        !accumulator.exploited?.samples.length &&
-        !accumulator.blockedAtPerimeter?.samples.length &&
-        !accumulator.ineffective?.samples?.length)
-        return;
-    return accumulator;
-};
-const buildDefendPayload = (store) => {
-    const { sourceInfo, protect } = store;
-    const requestPayload = buildRequestObject(store.sourceInfo);
-    const time = Date.now();
-    let hasAttack = false;
-    const defendObject = {
-        source: { ip: store.sourceInfo.ip },
-        protectionRules: {},
-    };
-    const sqlInjection = store.protect.resultsMap[common_1.Rule.SQL_INJECTION];
-    if (sqlInjection) {
-        const isBlockMode = store.protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
-        const protectionRules = buildProtectionRules(sqlInjection, requestPayload, time, isBlockMode, sqlInjectionDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.SQL_INJECTION] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const cmdInjection = store.protect.resultsMap[common_1.Rule.CMD_INJECTION];
-    if (cmdInjection) {
-        const isBlockMode = store.protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
-        const protectionRules = buildProtectionRules(cmdInjection, requestPayload, time, isBlockMode, cmdInjectionDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.CMD_INJECTION] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const pathTraversal = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL];
-    if (pathTraversal) {
-        const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL] === 'block';
-        const protectionRules = buildProtectionRules(pathTraversal, requestPayload, time, isBlockMode, pathTraversalDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.PATH_TRAVERSAL] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const reflectedXSS = protect.resultsMap[common_1.Rule.REFLECTED_XSS];
-    if (reflectedXSS) {
-        const isBlockMode = protect.policy[common_1.Rule.REFLECTED_XSS] === 'block';
-        const protectionRules = buildProtectionRules(reflectedXSS, requestPayload, time, isBlockMode, reflectedXSSDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.REFLECTED_XSS] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const ssjs = protect.resultsMap[common_1.Rule.SSJS_INJECTION];
-    if (ssjs) {
-        const isBlockMode = protect.policy[common_1.Rule.SSJS_INJECTION] === 'block';
-        const protectionRules = buildProtectionRules(ssjs, requestPayload, time, isBlockMode, ssjsDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.SSJS_INJECTION] = protectionRules;
-            hasAttack = true;
+        if (!targetGroup) {
+            throw new Error('unable to determine finding\'s group');
         }
-    }
-    const nosqlInjectionMongo = protect.resultsMap[common_1.Rule.NOSQL_INJECTION_MONGO];
-    if (nosqlInjectionMongo) {
-        const isBlockMode = protect.policy[common_1.Rule.NOSQL_INJECTION_MONGO] === 'block';
-        const protectionRules = buildProtectionRules(nosqlInjectionMongo, requestPayload, time, isBlockMode, nosqliMongoDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.NOSQL_INJECTION] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const cmdiSemanticAnalysisDangerousPaths = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS];
-    if (cmdiSemanticAnalysisDangerousPaths) {
-        const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] === 'block';
-        cmdiSemanticAnalysisDangerousPaths.forEach((vulnerability) => {
-            Object.assign(vulnerability, {
-                inputType: 'Unknown',
-                key: 'Unknown',
-            });
-        });
-        const protectionRules = buildProtectionRules(cmdiSemanticAnalysisDangerousPaths, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const cmdiSemanticAnalysisChainedCommands = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS];
-    if (cmdiSemanticAnalysisChainedCommands) {
-        const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] ===
-            'block';
-        cmdiSemanticAnalysisChainedCommands.forEach((vulnerability) => {
-            Object.assign(vulnerability, {
-                inputType: 'Unknown',
-                key: 'Unknown',
-            });
-        });
-        const protectionRules = buildProtectionRules(cmdiSemanticAnalysisChainedCommands, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const xxeSemanticAnalysis = protect.resultsMap[common_1.Rule.XXE];
-    if (xxeSemanticAnalysis) {
-        const isBlockMode = protect.policy[common_1.Rule.XXE] === 'block';
-        xxeSemanticAnalysis.forEach((vulnerability) => {
-            Object.assign(vulnerability, {
-                type: 'Unknown',
-                key: 'Unknown',
-            });
-        });
-        const protectionRules = buildProtectionRules(xxeSemanticAnalysis, requestPayload, time, isBlockMode, xxeSemanticAnalysisDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.XXE] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const cmdiCommandBackdoors = protect.resultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS];
-    if (cmdiCommandBackdoors) {
-        const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] === 'block';
-        const protectionRules = buildProtectionRules(cmdiCommandBackdoors, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] =
-                protectionRules;
-            hasAttack = true;
-        }
-    }
-    const pathTraversalSemanticFileSecurityBypass = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS];
-    if (pathTraversalSemanticFileSecurityBypass) {
-        const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] ===
-            'block';
-        pathTraversalSemanticFileSecurityBypass.forEach((vulnerability) => {
-            Object.assign(vulnerability, {
-                inputType: 'Unknown',
-                key: 'Unknown',
-            });
-        });
-        const protectionRules = buildProtectionRules(pathTraversalSemanticFileSecurityBypass, requestPayload, time, isBlockMode, (result) => ({ path: result.value }));
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const unsafeFileUpload = protect.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD];
-    if (unsafeFileUpload) {
-        const isBlockMode = protect.policy[common_1.Rule.UNSAFE_FILE_UPLOAD] === 'block_at_perimeter';
-        const protectionRules = buildProtectionRules(unsafeFileUpload, requestPayload, time, isBlockMode, () => null);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.UNSAFE_FILE_UPLOAD] = protectionRules;
-            hasAttack = true;
-        }
-    }
-    const untrustedDeserialization = protect.resultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION];
-    if (untrustedDeserialization) {
-        const isBlockMode = protect.policy[common_1.Rule.UNTRUSTED_DESERIALIZATION] === 'block';
-        const protectionRules = buildProtectionRules(untrustedDeserialization, requestPayload, time, isBlockMode, untrustedDeserializationDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] =
-                protectionRules;
-            hasAttack = true;
-        }
-    }
-    const methodTampering = protect.resultsMap[common_1.Rule.METHOD_TAMPERING];
-    if (methodTampering) {
-        const protectionRules = buildProtectionRules(methodTampering, requestPayload, time, protect.policy[common_1.Rule.METHOD_TAMPERING] === 'block', methodTamperingDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.METHOD_TAMPERING] = protectionRules;
-        }
-        hasAttack = true;
-    }
-    const virtualPatch = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
-    if (virtualPatch) {
-        const mappedVirtualPatchResults = virtualPatch.map((vulnerability) => ({
-            key: vulnerability.name,
-            inputType: 'UNKNOWN',
-            ruleId: common_1.Rule.VIRTUAL_PATCH,
-            value: 'Virtual Patch',
-            exploitMetadata: [{ uuid: vulnerability.uuid }],
-            blocked: true,
+        const time = Date.now();
+        const timestamp = this.buildTimePayload(time);
+        const request = this.buildRequestObject(eventArg.store.sourceInfo, masker);
+        // build this lastly since we need to use masker.unmasked values that get set prior
+        const input = this.buildInputPayload(eventArg.result, time, masker);
+        const stack = (eventArg.sinkContext?.stack || common_1.empties.ARRAY).map(({ file, lineNumber, method, type }) => ({
+            fileName: file,
+            declaringClass: type,
+            methodName: method,
+            lineNumber,
         }));
-        const protectionRules = buildProtectionRules(mappedVirtualPatchResults, requestPayload, time, true, virtualPatchDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.VIRTUAL_PATCH] = protectionRules;
-            hasAttack = true;
-        }
+        // coerce ruleId now, since builders above leverage sub-rule name
+        if (ruleId == common_1.Rule.NOSQL_INJECTION_MONGO)
+            ruleId = common_1.Rule.NOSQL_INJECTION;
+        const groups = this.ensureGroups(accum.protectionRules, ruleId);
+        groups[targetGroup].total++;
+        groups[targetGroup].samples.push({ blocked, details, input, request, stack, timestamp });
     }
-    const ipDenylist = protect.resultsMap[common_1.Rule.IP_DENYLIST];
-    if (ipDenylist) {
-        const mappedIpDenylist = ipDenylist.map((vulnerability) => ({
-            key: 'IP Address',
-            inputType: 'UNKNOWN',
-            ruleId: common_1.Rule.IP_DENYLIST,
-            value: vulnerability.ip,
-            exploitMetadata: [{ uuid: vulnerability.uuid, ip: vulnerability.ip }],
-            blocked: true,
-        }));
-        const protectionRules = buildProtectionRules(mappedIpDenylist, requestPayload, time, true, ipDenylistDetailsBuilder);
-        if (protectionRules) {
-            defendObject.protectionRules['ip-blacklist'] = protectionRules;
-            hasAttack = true;
+    ensureGroups(protectionRules, ruleId) {
+        let groups = protectionRules[ruleId];
+        if (!groups) {
+            groups = protectionRules[ruleId] = {
+                [FindingGroup.BLOCKED]: {
+                    total: 0,
+                    startTime: 0,
+                    samples: []
+                },
+                [FindingGroup.EXPLOITED]: {
+                    total: 0,
+                    startTime: 0,
+                    samples: []
+                },
+                [FindingGroup.INEFFECTIVE]: {
+                    total: 0,
+                    startTime: 0,
+                    samples: []
+                },
+                [FindingGroup.BLOCKED_AT_PERIMETER]: {
+                    total: 0,
+                    startTime: 0,
+                    samples: []
+                },
+            };
         }
+        return groups;
     }
-    const botBlocker = protect.resultsMap[common_1.Rule.BOT_BLOCKER];
-    if (botBlocker) {
-        const uaIdx = sourceInfo.rawHeaders.indexOf('user-agent');
-        const protectionRules = buildProtectionRules(botBlocker, requestPayload, time, true, (result) => ({
-            bot: result?.idsList?.[0],
-            userAgent: sourceInfo.rawHeaders[uaIdx + 1],
-        }));
-        if (protectionRules) {
-            defendObject.protectionRules[common_1.Rule.BOT_BLOCKER] = protectionRules;
-            hasAttack = true;
+    ensureAccum(map, ip) {
+        let accum = map.get(ip);
+        if (!accum) {
+            accum = {
+                source: { ip },
+                protectionRules: {}
+            };
+            map.set(ip, accum);
         }
+        return accum;
+    }
+    createDetailsMapper(cb) {
+        return function (eventArg) {
+            if (!eventArg.findings || !eventArg.sinkContext)
+                return null;
+            return cb(eventArg);
+        };
     }
-    return hasAttack ? defendObject : null;
-};
-function handleProtectMessage(store) {
-    if (!store.sourceInfo || !store.protect)
-        return null;
-    const attackers = {
-        userAgent: null,
-        attackModel: null,
-    };
-    const userAgentIndex = store.sourceInfo.rawHeaders.findIndex((el) => el === 'user-agent');
-    attackers.userAgent = userAgentIndex != -1
-        ? store.sourceInfo.rawHeaders[userAgentIndex + 1]
-        : null;
-    attackers.attackModel = buildDefendPayload(store);
-    return attackers;
 }
-exports.handleProtectMessage = handleProtectMessage;
+exports.Translations = Translations;
+;
 //# sourceMappingURL=translations.js.map