@contrast/agent-bundle 5.42.0 → 5.46.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -10
- package/node_modules/@contrast/agent/README.md +1 -10
- package/node_modules/@contrast/agent/package.json +12 -12
- package/node_modules/@contrast/agent-swc-plugin/package.json +3 -3
- package/node_modules/@contrast/agentify/lib/rewrite-hooks.js +3 -3
- package/node_modules/@contrast/agentify/lib/utils.js +13 -7
- package/node_modules/@contrast/agentify/package.json +17 -17
- package/node_modules/@contrast/architecture-components/package.json +6 -6
- package/node_modules/@contrast/assess/lib/dataflow/propagation/install/ejs/template.js +1 -1
- package/node_modules/@contrast/assess/lib/dataflow/propagation/install/pug/index.js +1 -1
- package/node_modules/@contrast/assess/lib/dataflow/sinks/install/http/server-response.js +1 -12
- package/node_modules/@contrast/assess/lib/dataflow/sinks/install/restify.js +1 -1
- package/node_modules/@contrast/assess/lib/dataflow/sources/handler.js +21 -24
- package/node_modules/@contrast/assess/lib/dataflow/sources/install/http.js +1 -1
- package/node_modules/@contrast/assess/lib/dataflow/tracker.js +1 -1
- package/node_modules/@contrast/assess/lib/get-source-context.js +11 -22
- package/node_modules/@contrast/assess/lib/index.js +1 -1
- package/node_modules/@contrast/assess/lib/make-source-context.js +5 -10
- package/node_modules/@contrast/assess/lib/policy.js +400 -0
- package/node_modules/@contrast/assess/lib/response-scanning/handlers/index.js +10 -14
- package/node_modules/@contrast/assess/lib/response-scanning/install/http.js +0 -12
- package/node_modules/@contrast/assess/lib/session-configuration/handlers.js +1 -1
- package/node_modules/@contrast/assess/package.json +14 -14
- package/node_modules/@contrast/code-events/binding.gyp +1 -1
- package/node_modules/@contrast/code-events/package.json +11 -9
- package/node_modules/@contrast/code-events/prebuilds/darwin-x64+arm64/@contrast+code-events.abi108.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/darwin-x64+arm64/@contrast+code-events.abi115.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/darwin-x64+arm64/@contrast+code-events.abi127.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/darwin-x64+arm64/{@contrast+code-events.abi93.node → @contrast+code-events.abi137.node} +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-arm64/@contrast+code-events.abi108.armv8.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-arm64/@contrast+code-events.abi115.armv8.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-arm64/@contrast+code-events.abi127.armv8.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-arm64/@contrast+code-events.abi137.armv8.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi108.glibc.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi108.musl.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi115.glibc.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi115.musl.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi127.glibc.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi127.musl.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi137.glibc.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi137.musl.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/win32-x64/@contrast+code-events.abi108.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/win32-x64/@contrast+code-events.abi115.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/win32-x64/@contrast+code-events.abi127.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/win32-x64/@contrast+code-events.abi137.node +0 -0
- package/node_modules/@contrast/common/lib/constants.d.ts +1 -1
- package/node_modules/@contrast/common/lib/constants.js +1 -1
- package/node_modules/@contrast/common/lib/index.js +15 -15
- package/node_modules/@contrast/common/lib/primordials.d.ts +22 -20
- package/node_modules/@contrast/common/lib/types.d.ts +18 -6
- package/node_modules/@contrast/common/package.json +2 -2
- package/node_modules/@contrast/config/lib/options.js +37 -4
- package/node_modules/@contrast/config/package.json +4 -4
- package/node_modules/@contrast/core/lib/app-info.js +53 -74
- package/node_modules/@contrast/core/lib/index.d.ts +17 -1
- package/node_modules/@contrast/core/lib/sensitive-data-masking/index.js +33 -5
- package/node_modules/@contrast/core/package.json +10 -9
- package/node_modules/@contrast/deadzones/package.json +6 -6
- package/node_modules/@contrast/dep-hooks/lib/export-handler-registry.d.ts +17 -13
- package/node_modules/@contrast/dep-hooks/lib/export-handler-registry.js +16 -4
- package/node_modules/@contrast/dep-hooks/lib/export-hook-descriptor.d.ts +2 -2
- package/node_modules/@contrast/dep-hooks/lib/export-hook-descriptor.js +2 -3
- package/node_modules/@contrast/dep-hooks/lib/handler-invoker.d.ts +6 -6
- package/node_modules/@contrast/dep-hooks/lib/handler-invoker.js +0 -1
- package/node_modules/@contrast/dep-hooks/lib/helpers.d.ts +0 -7
- package/node_modules/@contrast/dep-hooks/lib/helpers.js +2 -18
- package/node_modules/@contrast/dep-hooks/lib/index.d.ts +17 -12
- package/node_modules/@contrast/dep-hooks/lib/index.js +5 -3
- package/node_modules/@contrast/dep-hooks/lib/package-finder.d.ts +2 -1
- package/node_modules/@contrast/dep-hooks/lib/package-finder.js +6 -6
- package/node_modules/@contrast/dep-hooks/package.json +4 -3
- package/node_modules/@contrast/distringuish/package.json +7 -6
- package/node_modules/@contrast/distringuish/prebuilds/darwin-x64+arm64/@contrast+distringuish.abi108.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/darwin-x64+arm64/@contrast+distringuish.abi115.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/darwin-x64+arm64/@contrast+distringuish.abi127.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/darwin-x64+arm64/{@contrast+distringuish.abi93.node → @contrast+distringuish.abi137.node} +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-arm64/@contrast+distringuish.abi108.armv8.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-arm64/@contrast+distringuish.abi115.armv8.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-arm64/@contrast+distringuish.abi127.armv8.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-arm64/@contrast+distringuish.abi137.armv8.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi108.glibc.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi108.musl.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi115.glibc.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi115.musl.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi127.glibc.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi127.musl.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi137.glibc.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi137.musl.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/win32-x64/@contrast+distringuish.abi108.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/win32-x64/@contrast+distringuish.abi115.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/win32-x64/@contrast+distringuish.abi127.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/win32-x64/@contrast+distringuish.abi137.node +0 -0
- package/node_modules/@contrast/esm-hooks/lib/debug-methods.mjs +4 -4
- package/node_modules/@contrast/esm-hooks/lib/get-file-type.mjs +2 -9
- package/node_modules/@contrast/esm-hooks/lib/hooks.mjs +0 -2
- package/node_modules/@contrast/esm-hooks/lib/redirects/builtin/fs/promises.mjs +2 -0
- package/node_modules/@contrast/esm-hooks/lib/redirects/builtin/fs.mjs +3 -0
- package/node_modules/@contrast/esm-hooks/lib/redirects/builtin/util.mjs +1 -0
- package/node_modules/@contrast/esm-hooks/package.json +7 -7
- package/node_modules/@contrast/fn-inspect/package.json +9 -5
- package/node_modules/@contrast/fn-inspect/prebuilds/darwin-x64+arm64/@contrast+fn-inspect.abi108.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/darwin-x64+arm64/@contrast+fn-inspect.abi115.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/darwin-x64+arm64/@contrast+fn-inspect.abi127.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/darwin-x64+arm64/{@contrast+fn-inspect.abi93.node → @contrast+fn-inspect.abi137.node} +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-arm64/@contrast+fn-inspect.abi108.armv8.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-arm64/@contrast+fn-inspect.abi115.armv8.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-arm64/@contrast+fn-inspect.abi127.armv8.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-arm64/@contrast+fn-inspect.abi137.armv8.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi108.glibc.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi108.musl.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi115.glibc.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi115.musl.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi127.glibc.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi127.musl.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi137.glibc.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/{@contrast+fn-inspect.abi93.musl.node → @contrast+fn-inspect.abi137.musl.node} +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/win32-x64/@contrast+fn-inspect.abi108.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/win32-x64/@contrast+fn-inspect.abi115.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/win32-x64/@contrast+fn-inspect.abi127.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/win32-x64/@contrast+fn-inspect.abi137.node +0 -0
- package/node_modules/@contrast/instrumentation/lib/http2.js +0 -11
- package/node_modules/@contrast/instrumentation/package.json +6 -6
- package/node_modules/@contrast/library-analysis/lib/install/library-reporting/dep.json +312 -224
- package/node_modules/@contrast/library-analysis/package.json +6 -6
- package/node_modules/@contrast/logger/lib/index.js +18 -8
- package/node_modules/@contrast/logger/lib/serializers.js +5 -5
- package/node_modules/@contrast/logger/lib/utils.d.ts +0 -6
- package/node_modules/@contrast/logger/package.json +4 -4
- package/node_modules/@contrast/metrics/lib/index.d.ts +6 -6
- package/node_modules/@contrast/metrics/lib/index.js +0 -1
- package/node_modules/@contrast/metrics/package.json +7 -7
- package/node_modules/@contrast/patcher/package.json +3 -3
- package/node_modules/@contrast/perf/package.json +7 -4
- package/node_modules/@contrast/protect/lib/hardening/handlers.js +37 -21
- package/node_modules/@contrast/protect/lib/index.d.ts +3 -2
- package/node_modules/@contrast/protect/lib/index.js +9 -2
- package/node_modules/@contrast/protect/lib/input-analysis/handlers.js +269 -238
- package/node_modules/@contrast/protect/lib/input-analysis/install/http.js +3 -4
- package/node_modules/@contrast/protect/lib/input-tracing/{handlers/index.js → handlers.js} +15 -15
- package/node_modules/@contrast/protect/lib/input-tracing/index.js +0 -1
- package/node_modules/@contrast/protect/lib/make-source-context.js +5 -7
- package/node_modules/@contrast/protect/lib/policy.js +130 -95
- package/node_modules/@contrast/protect/lib/semantic-analysis/handlers.js +19 -18
- package/node_modules/@contrast/protect/package.json +12 -12
- package/node_modules/@contrast/reporter/lib/index.js +1 -1
- package/node_modules/@contrast/reporter/lib/reporters/base.d.ts +0 -1
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/index.d.ts +4 -2
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/index.js +14 -14
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.d.ts +43 -6
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/application-activity/translations.js +262 -429
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/server-inventory.d.ts +3 -3
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/index.js +17 -7
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/traces/translations.js +12 -13
- package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/utils.js +6 -7
- package/node_modules/@contrast/reporter/lib/reporters/file.js +1 -1
- package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.d.ts +2 -3
- package/node_modules/@contrast/reporter/lib/reporters/security-logger/index.js +72 -86
- package/node_modules/@contrast/reporter/lib/reporters/security-logger/messages.js +6 -7
- package/node_modules/@contrast/reporter/lib/validators.js +0 -1
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/.husky/pre-commit +2 -2
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/.taprc +5 -0
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/README.md +2 -4
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/bench.js +5 -36
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/index.js +56 -300
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/package.json +12 -7
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test.js +1684 -0
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/types/index.d.ts +1 -2
- package/node_modules/@contrast/reporter/package.json +10 -10
- package/node_modules/@contrast/rewriter/lib/index.js +5 -43
- package/node_modules/@contrast/rewriter/package.json +8 -8
- package/node_modules/@contrast/route-coverage/lib/install/express/express5.js +0 -5
- package/node_modules/@contrast/route-coverage/lib/install/restify.js +1 -1
- package/node_modules/@contrast/route-coverage/package.json +10 -10
- package/node_modules/@contrast/scopes/package.json +6 -6
- package/node_modules/@contrast/sec-obs/lib/traces/http.js +1 -1
- package/node_modules/@contrast/sec-obs/lib/traces/http.test.js +1 -1
- package/node_modules/@contrast/sec-obs/package.json +10 -10
- package/node_modules/@contrast/sources/lib/index.js +1 -1
- package/node_modules/@contrast/sources/lib/index.test.js +0 -26
- package/node_modules/@contrast/sources/package.json +3 -3
- package/node_modules/@contrast/telemetry/package.json +6 -6
- package/node_modules/@opentelemetry/semantic-conventions/README.md +3 -2
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.d.ts +4350 -2882
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.js +4350 -2882
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_events.d.ts +136 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_events.js +154 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.d.ts +713 -141
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.js +713 -141
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index-incubating.d.ts +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index-incubating.js +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index-incubating.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index.d.ts +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index.js +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/index.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.d.ts +7 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.js +7 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_events.d.ts +5 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_events.js +23 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/stable_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esm/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.d.ts +4350 -2882
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.js +4350 -2882
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_events.d.ts +136 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_events.js +154 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.d.ts +713 -141
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.js +713 -141
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index-incubating.d.ts +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index-incubating.js +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index-incubating.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index.d.ts +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index.js +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/index.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.d.ts +7 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.js +7 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_events.d.ts +5 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_events.js +23 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/stable_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/esnext/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.d.ts +4350 -2882
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.js +4354 -2883
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_events.d.ts +136 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_events.js +157 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.d.ts +713 -141
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.js +720 -147
- package/node_modules/@opentelemetry/semantic-conventions/build/src/experimental_metrics.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index-incubating.d.ts +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index-incubating.js +2 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index-incubating.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index.d.ts +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index.js +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/index.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.d.ts +7 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.js +10 -4
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_attributes.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_events.d.ts +5 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_events.js +26 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/stable_events.js.map +1 -0
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.d.ts +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.js +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/build/src/version.js.map +1 -1
- package/node_modules/@opentelemetry/semantic-conventions/package.json +6 -7
- package/node_modules/@swc/core/README.md +5 -0
- package/node_modules/@swc/core/binding.d.ts +2 -2
- package/node_modules/@swc/core/index.d.ts +5 -4
- package/node_modules/@swc/core/index.js +2 -2
- package/node_modules/@swc/core/package.json +12 -12
- package/node_modules/@swc/core-darwin-arm64/package.json +1 -1
- package/node_modules/@swc/core-darwin-arm64/swc.darwin-arm64.node +0 -0
- package/node_modules/@swc/core-darwin-x64/package.json +1 -1
- package/node_modules/@swc/core-darwin-x64/swc.darwin-x64.node +0 -0
- package/node_modules/@swc/core-linux-arm64-gnu/package.json +1 -1
- package/node_modules/@swc/core-linux-arm64-gnu/swc.linux-arm64-gnu.node +0 -0
- package/node_modules/@swc/core-linux-arm64-musl/package.json +1 -1
- package/node_modules/@swc/core-linux-arm64-musl/swc.linux-arm64-musl.node +0 -0
- package/node_modules/@swc/core-linux-x64-gnu/package.json +1 -1
- package/node_modules/@swc/core-linux-x64-gnu/swc.linux-x64-gnu.node +0 -0
- package/node_modules/@swc/core-linux-x64-musl/package.json +1 -1
- package/node_modules/@swc/core-linux-x64-musl/swc.linux-x64-musl.node +0 -0
- package/node_modules/@swc/core-win32-arm64-msvc/package.json +1 -1
- package/node_modules/@swc/core-win32-arm64-msvc/swc.win32-arm64-msvc.node +0 -0
- package/node_modules/@swc/core-win32-x64-msvc/package.json +1 -1
- package/node_modules/@swc/core-win32-x64-msvc/swc.win32-x64-msvc.node +0 -0
- package/node_modules/@swc/types/index.d.ts +14 -5
- package/node_modules/@swc/types/package.json +2 -2
- package/node_modules/@types/node/README.md +1 -1
- package/node_modules/@types/node/assert/strict.d.ts +105 -2
- package/node_modules/@types/node/assert.d.ts +119 -95
- package/node_modules/@types/node/buffer.d.ts +1 -1
- package/node_modules/@types/node/child_process.d.ts +26 -122
- package/node_modules/@types/node/crypto.d.ts +161 -17
- package/node_modules/@types/node/dns.d.ts +5 -0
- package/node_modules/@types/node/events.d.ts +79 -33
- package/node_modules/@types/node/fs/promises.d.ts +41 -26
- package/node_modules/@types/node/fs.d.ts +276 -35
- package/node_modules/@types/node/globals.d.ts +148 -347
- package/node_modules/@types/node/http.d.ts +57 -8
- package/node_modules/@types/node/https.d.ts +5 -0
- package/node_modules/@types/node/index.d.ts +7 -2
- package/node_modules/@types/node/inspector.d.ts +187 -4089
- package/node_modules/@types/node/inspector.generated.d.ts +4052 -0
- package/node_modules/@types/node/module.d.ts +1 -0
- package/node_modules/@types/node/net.d.ts +21 -0
- package/node_modules/@types/node/package.json +3 -3
- package/node_modules/@types/node/sqlite.d.ts +34 -0
- package/node_modules/@types/node/test.d.ts +106 -23
- package/node_modules/@types/node/tls.d.ts +32 -0
- package/node_modules/@types/node/ts5.6/index.d.ts +7 -2
- package/node_modules/@types/node/ts5.7/index.d.ts +7 -2
- package/node_modules/@types/node/url.d.ts +25 -6
- package/node_modules/@types/node/util.d.ts +11 -4
- package/node_modules/@types/node/vm.d.ts +73 -10
- package/node_modules/@types/node/wasi.d.ts +21 -0
- package/node_modules/@types/node/web-globals/abortcontroller.d.ts +34 -0
- package/node_modules/@types/node/web-globals/domexception.d.ts +68 -0
- package/node_modules/@types/node/{dom-events.d.ts → web-globals/events.d.ts} +49 -51
- package/node_modules/@types/node/web-globals/fetch.d.ts +50 -0
- package/node_modules/@types/node/web-globals/navigator.d.ts +25 -0
- package/node_modules/@types/node/web-globals/storage.d.ts +24 -0
- package/node_modules/@types/node/worker_threads.d.ts +84 -50
- package/node_modules/@types/node/zlib.d.ts +6 -0
- package/node_modules/axios/CHANGELOG.md +58 -0
- package/node_modules/axios/README.md +87 -10
- package/node_modules/axios/dist/axios.js +355 -289
- package/node_modules/axios/dist/axios.js.map +1 -1
- package/node_modules/axios/dist/axios.min.js +2 -2
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +286 -213
- package/node_modules/axios/dist/browser/axios.cjs.map +1 -1
- package/node_modules/axios/dist/esm/axios.js +286 -213
- package/node_modules/axios/dist/esm/axios.js.map +1 -1
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +377 -213
- package/node_modules/axios/dist/node/axios.cjs.map +1 -1
- package/node_modules/axios/index.d.cts +12 -5
- package/node_modules/axios/index.d.ts +13 -4
- package/node_modules/axios/lib/adapters/adapters.js +6 -4
- package/node_modules/axios/lib/adapters/fetch.js +221 -162
- package/node_modules/axios/lib/adapters/http.js +18 -0
- package/node_modules/axios/lib/adapters/xhr.js +11 -8
- package/node_modules/axios/lib/core/Axios.js +0 -2
- package/node_modules/axios/lib/core/AxiosError.js +10 -3
- package/node_modules/axios/lib/core/dispatchRequest.js +1 -1
- package/node_modules/axios/lib/defaults/index.js +1 -1
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/buildURL.js +1 -3
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +73 -0
- package/node_modules/axios/lib/helpers/resolveConfig.js +13 -9
- package/node_modules/axios/lib/utils.js +5 -3
- package/node_modules/axios/package.json +18 -12
- package/node_modules/balanced-match/.github/FUNDING.yml +2 -0
- package/node_modules/balanced-match/LICENSE.md +21 -0
- package/node_modules/balanced-match/README.md +97 -0
- package/node_modules/balanced-match/index.js +62 -0
- package/node_modules/balanced-match/package.json +48 -0
- package/node_modules/brace-expansion/.github/FUNDING.yml +2 -0
- package/node_modules/brace-expansion/LICENSE +21 -0
- package/node_modules/brace-expansion/README.md +135 -0
- package/node_modules/brace-expansion/index.js +203 -0
- package/node_modules/brace-expansion/package.json +49 -0
- package/node_modules/detect-libc/lib/detect-libc.js +59 -13
- package/node_modules/detect-libc/lib/elf.js +39 -0
- package/node_modules/detect-libc/lib/filesystem.js +18 -8
- package/node_modules/detect-libc/package.json +3 -2
- package/node_modules/minimatch/LICENSE +15 -0
- package/node_modules/minimatch/README.md +454 -0
- package/node_modules/minimatch/dist/commonjs/assert-valid-pattern.d.ts +2 -0
- package/node_modules/minimatch/dist/commonjs/assert-valid-pattern.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js +14 -0
- package/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js.map +1 -0
- package/node_modules/minimatch/dist/commonjs/ast.d.ts +20 -0
- package/node_modules/minimatch/dist/commonjs/ast.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/ast.js +592 -0
- package/node_modules/minimatch/dist/commonjs/ast.js.map +1 -0
- package/node_modules/minimatch/dist/commonjs/brace-expressions.d.ts +8 -0
- package/node_modules/minimatch/dist/commonjs/brace-expressions.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/brace-expressions.js +152 -0
- package/node_modules/minimatch/dist/commonjs/brace-expressions.js.map +1 -0
- package/node_modules/minimatch/dist/commonjs/escape.d.ts +12 -0
- package/node_modules/minimatch/dist/commonjs/escape.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/escape.js +22 -0
- package/node_modules/minimatch/dist/commonjs/escape.js.map +1 -0
- package/node_modules/minimatch/dist/commonjs/index.d.ts +94 -0
- package/node_modules/minimatch/dist/commonjs/index.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/index.js +1017 -0
- package/node_modules/minimatch/dist/commonjs/index.js.map +1 -0
- package/node_modules/minimatch/dist/commonjs/package.json +3 -0
- package/node_modules/minimatch/dist/commonjs/unescape.d.ts +17 -0
- package/node_modules/minimatch/dist/commonjs/unescape.d.ts.map +1 -0
- package/node_modules/minimatch/dist/commonjs/unescape.js +24 -0
- package/node_modules/minimatch/dist/commonjs/unescape.js.map +1 -0
- package/node_modules/minimatch/dist/esm/assert-valid-pattern.d.ts +2 -0
- package/node_modules/minimatch/dist/esm/assert-valid-pattern.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/assert-valid-pattern.js +10 -0
- package/node_modules/minimatch/dist/esm/assert-valid-pattern.js.map +1 -0
- package/node_modules/minimatch/dist/esm/ast.d.ts +20 -0
- package/node_modules/minimatch/dist/esm/ast.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/ast.js +588 -0
- package/node_modules/minimatch/dist/esm/ast.js.map +1 -0
- package/node_modules/minimatch/dist/esm/brace-expressions.d.ts +8 -0
- package/node_modules/minimatch/dist/esm/brace-expressions.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/brace-expressions.js +148 -0
- package/node_modules/minimatch/dist/esm/brace-expressions.js.map +1 -0
- package/node_modules/minimatch/dist/esm/escape.d.ts +12 -0
- package/node_modules/minimatch/dist/esm/escape.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/escape.js +18 -0
- package/node_modules/minimatch/dist/esm/escape.js.map +1 -0
- package/node_modules/minimatch/dist/esm/index.d.ts +94 -0
- package/node_modules/minimatch/dist/esm/index.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/index.js +1001 -0
- package/node_modules/minimatch/dist/esm/index.js.map +1 -0
- package/node_modules/minimatch/dist/esm/package.json +3 -0
- package/node_modules/minimatch/dist/esm/unescape.d.ts +17 -0
- package/node_modules/minimatch/dist/esm/unescape.d.ts.map +1 -0
- package/node_modules/minimatch/dist/esm/unescape.js +20 -0
- package/node_modules/minimatch/dist/esm/unescape.js.map +1 -0
- package/node_modules/minimatch/package.json +82 -0
- package/node_modules/node-abi/LICENSE +21 -0
- package/node_modules/node-abi/README.md +54 -0
- package/node_modules/node-abi/abi_registry.json +408 -0
- package/node_modules/node-abi/getNextTarget.js +13 -0
- package/node_modules/node-abi/index.js +161 -0
- package/node_modules/node-abi/package.json +46 -0
- package/node_modules/node-addon-api/README.md +25 -249
- package/node_modules/node-addon-api/common.gypi +1 -0
- package/node_modules/node-addon-api/index.js +2 -0
- package/node_modules/node-addon-api/napi-inl.h +592 -166
- package/node_modules/node-addon-api/napi.h +167 -59
- package/node_modules/node-addon-api/node_addon_api.gyp +10 -0
- package/node_modules/node-addon-api/noexcept.gypi +1 -1
- package/node_modules/node-addon-api/package.json +13 -13
- package/node_modules/node-addon-api/tools/conversion.js +1 -1
- package/node_modules/protobufjs/dist/light/protobuf.js +2 -2
- package/node_modules/protobufjs/dist/light/protobuf.min.js +2 -2
- package/node_modules/protobufjs/dist/minimal/protobuf.js +2 -2
- package/node_modules/protobufjs/dist/minimal/protobuf.min.js +2 -2
- package/node_modules/protobufjs/dist/protobuf.js +2 -2
- package/node_modules/protobufjs/dist/protobuf.min.js +2 -2
- package/node_modules/protobufjs/google/protobuf/descriptor.json +2 -2
- package/node_modules/protobufjs/google/protobuf/descriptor.proto +2 -1
- package/node_modules/protobufjs/package.json +1 -1
- package/node_modules/undici-types/agent.d.ts +0 -4
- package/node_modules/undici-types/client.d.ts +0 -2
- package/node_modules/undici-types/diagnostics-channel.d.ts +9 -0
- package/node_modules/undici-types/dispatcher.d.ts +3 -8
- package/node_modules/undici-types/env-http-proxy-agent.d.ts +2 -1
- package/node_modules/undici-types/eventsource.d.ts +3 -3
- package/node_modules/undici-types/fetch.d.ts +1 -0
- package/node_modules/undici-types/h2c-client.d.ts +0 -2
- package/node_modules/undici-types/handlers.d.ts +1 -1
- package/node_modules/undici-types/index.d.ts +3 -1
- package/node_modules/undici-types/mock-client.d.ts +2 -0
- package/node_modules/undici-types/mock-interceptor.d.ts +2 -1
- package/node_modules/undici-types/mock-pool.d.ts +2 -0
- package/node_modules/undici-types/package.json +1 -1
- package/node_modules/undici-types/retry-handler.d.ts +9 -0
- package/node_modules/undici-types/snapshot-agent.d.ts +107 -0
- package/node_modules/undici-types/webidl.d.ts +29 -15
- package/node_modules/undici-types/websocket.d.ts +3 -1
- package/package.json +3 -3
- package/node_modules/@contrast/assess/lib/get-policy.js +0 -336
- package/node_modules/@contrast/code-events/prebuilds/linux-arm64/@contrast+code-events.abi93.armv8.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi93.glibc.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/linux-x64/@contrast+code-events.abi93.musl.node +0 -0
- package/node_modules/@contrast/code-events/prebuilds/win32-x64/@contrast+code-events.abi93.node +0 -0
- package/node_modules/@contrast/core/lib/sensitive-data-masking/protect-listener.js +0 -111
- package/node_modules/@contrast/distringuish/prebuilds/linux-arm64/@contrast+distringuish.abi93.armv8.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi93.glibc.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/linux-x64/@contrast+distringuish.abi93.musl.node +0 -0
- package/node_modules/@contrast/distringuish/prebuilds/win32-x64/@contrast+distringuish.abi93.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-arm64/@contrast+fn-inspect.abi93.armv8.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/linux-x64/@contrast+fn-inspect.abi93.glibc.node +0 -0
- package/node_modules/@contrast/fn-inspect/prebuilds/win32-x64/@contrast+fn-inspect.abi93.node +0 -0
- package/node_modules/@contrast/perf/lib/index.test.js +0 -547
- package/node_modules/@contrast/perf/lib/tsconfig.json +0 -31
- package/node_modules/@contrast/protect/lib/input-tracing/install/spdy.js +0 -63
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/.taprc.yaml +0 -11
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/destroy.test.js +0 -49
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/end.test.js +0 -98
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/flush-sync.test.js +0 -140
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/flush.test.js +0 -419
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/fsync.test.js +0 -63
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/helper.js +0 -42
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/minlength.test.js +0 -35
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/mode.test.js +0 -116
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/reopen.test.js +0 -239
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/retry.test.js +0 -414
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/sync.test.js +0 -261
- package/node_modules/@contrast/reporter/node_modules/sonic-boom/test/write.test.js +0 -465
- package/node_modules/node-addon-api/tools/eslint-format.js +0 -79
|
@@ -14,460 +14,293 @@
|
|
|
14
14
|
* way not consistent with the End User License Agreement.
|
|
15
15
|
*/
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.
|
|
17
|
+
exports.Translations = exports.FindingGroup = void 0;
|
|
18
18
|
const common_1 = require("@contrast/common");
|
|
19
19
|
const types_1 = require("../../types");
|
|
20
20
|
const { StringPrototypeToUpperCase, StringPrototypeSplit, JSONStringify } = common_1.primordials;
|
|
21
|
-
const
|
|
22
|
-
const
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
21
|
+
const CONTRAST_REDACTED_VECTOR = 'contrast-redacted-vector';
|
|
22
|
+
const rulesThatExploitWithoutFindings = new Set([
|
|
23
|
+
common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS,
|
|
24
|
+
common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS,
|
|
25
|
+
common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS,
|
|
26
|
+
common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS,
|
|
27
|
+
]);
|
|
28
|
+
const rulesThatBlockAtPerimeterOnly = new Set([
|
|
29
|
+
common_1.Rule.VIRTUAL_PATCH,
|
|
30
|
+
common_1.Rule.IP_DENYLIST,
|
|
31
|
+
common_1.Rule.REFLECTED_XSS,
|
|
32
|
+
]);
|
|
33
|
+
var FindingGroup;
|
|
34
|
+
(function (FindingGroup) {
|
|
35
|
+
FindingGroup["INEFFECTIVE"] = "ineffective";
|
|
36
|
+
FindingGroup["BLOCKED"] = "blocked";
|
|
37
|
+
FindingGroup["BLOCKED_AT_PERIMETER"] = "blockedAtPerimeter";
|
|
38
|
+
FindingGroup["EXPLOITED"] = "exploited";
|
|
39
|
+
})(FindingGroup || (exports.FindingGroup = FindingGroup = {}));
|
|
40
|
+
class Translations {
|
|
41
|
+
constructor(core) {
|
|
42
|
+
Object.defineProperty(this, 'core', { value: core, enumerable: false });
|
|
43
|
+
this.detailsBuilders = new Map([
|
|
44
|
+
[common_1.Rule.CMD_INJECTION, this.createDetailsMapper((e) => ({
|
|
45
|
+
command: e.result.value,
|
|
46
|
+
startIndex: e.findings.startIndex,
|
|
47
|
+
endIndex: e.findings.endIndex,
|
|
48
|
+
}))],
|
|
49
|
+
[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS, (e) => ({
|
|
50
|
+
command: e.result.value,
|
|
51
|
+
findings: [0],
|
|
52
|
+
})],
|
|
53
|
+
[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS, (e) => ({
|
|
54
|
+
command: e.result.value,
|
|
55
|
+
findings: [1],
|
|
56
|
+
})],
|
|
57
|
+
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS, (e) => ({
|
|
58
|
+
command: e.result.value,
|
|
59
|
+
findings: [2],
|
|
60
|
+
})],
|
|
61
|
+
[common_1.Rule.IP_DENYLIST, (e) => e.findings],
|
|
62
|
+
[common_1.Rule.METHOD_TAMPERING, (e) => ({
|
|
63
|
+
method: StringPrototypeToUpperCase.call(e.result.value),
|
|
64
|
+
statusCode: e.findings.statusCode,
|
|
65
|
+
})],
|
|
66
|
+
[common_1.Rule.NOSQL_INJECTION_MONGO, this.createDetailsMapper((e) => ({
|
|
67
|
+
start: e.findings.start,
|
|
68
|
+
end: e.findings.end,
|
|
69
|
+
boundaryOverrunIndex: e.findings.boundaryOverrunIndex,
|
|
70
|
+
inputBoundaryIndex: e.findings.inputBoundaryIndex,
|
|
71
|
+
query: typeof e.sinkContext?.value === 'string'
|
|
72
|
+
? e.sinkContext.value
|
|
73
|
+
: JSONStringify(e.sinkContext?.value),
|
|
74
|
+
}))],
|
|
75
|
+
[common_1.Rule.PATH_TRAVERSAL, (e) => ({
|
|
76
|
+
path: e.result.value,
|
|
77
|
+
})],
|
|
78
|
+
[common_1.Rule.REFLECTED_XSS, (e) => ({})], // TODO
|
|
79
|
+
[common_1.Rule.SQL_INJECTION, this.createDetailsMapper((e) => ({
|
|
80
|
+
start: e.findings.startIndex,
|
|
81
|
+
end: e.findings.endIndex,
|
|
82
|
+
boundaryOverrunIndex: e.findings.boundaryIndex,
|
|
83
|
+
inputBoundaryIndex: e.findings.overrunIndex,
|
|
84
|
+
query: e.sinkContext?.value,
|
|
85
|
+
}))],
|
|
86
|
+
[common_1.Rule.SSJS_INJECTION, (e) => ({
|
|
87
|
+
start: e.findings.startIndex,
|
|
88
|
+
end: e.findings.endIndex,
|
|
89
|
+
boundaryOverrunIndex: e.findings.boundaryIndex,
|
|
90
|
+
codeString: e.findings.codeString,
|
|
91
|
+
})],
|
|
92
|
+
[common_1.Rule.UNTRUSTED_DESERIALIZATION, (e) => e.findings],
|
|
93
|
+
[common_1.Rule.VIRTUAL_PATCH, (e) => e.findings],
|
|
94
|
+
[common_1.Rule.XXE, (e) => e.findings.entities.reduce((acc, entity) => {
|
|
95
|
+
acc.declaredEntities.push({
|
|
96
|
+
start: entity.start,
|
|
97
|
+
end: entity.finish,
|
|
98
|
+
});
|
|
99
|
+
acc.entitiesResolved.push({
|
|
100
|
+
publicId: entity.type === 'PUBLIC' ? entity.uri : undefined,
|
|
101
|
+
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined,
|
|
102
|
+
});
|
|
103
|
+
return acc;
|
|
104
|
+
}, { xml: e.findings.prolog, declaredEntities: [], entitiesResolved: [] })],
|
|
105
|
+
]);
|
|
55
106
|
}
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
}
|
|
91
|
-
const { findings, sinkContext } = el.exploitMetadata[0];
|
|
92
|
-
return {
|
|
93
|
-
start: findings.startIndex,
|
|
94
|
-
end: findings.endIndex,
|
|
95
|
-
boundaryOverrunIndex: findings.boundaryIndex,
|
|
96
|
-
inputBoundaryIndex: findings.overrunIndex,
|
|
97
|
-
query: sinkContext.value,
|
|
98
|
-
};
|
|
99
|
-
};
|
|
100
|
-
const nosqliMongoDetailsBuilder = (el) => {
|
|
101
|
-
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
|
|
102
|
-
return {};
|
|
103
|
-
}
|
|
104
|
-
const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext, } = el.exploitMetadata[0];
|
|
105
|
-
return {
|
|
106
|
-
start,
|
|
107
|
-
end,
|
|
108
|
-
boundaryOverrunIndex,
|
|
109
|
-
inputBoundaryIndex,
|
|
110
|
-
query: typeof sinkContext.value === 'string'
|
|
111
|
-
? sinkContext.value
|
|
112
|
-
: JSONStringify(sinkContext.value),
|
|
113
|
-
};
|
|
114
|
-
};
|
|
115
|
-
const cmdInjectionDetailsBuilder = (el) => {
|
|
116
|
-
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
|
|
117
|
-
return {};
|
|
107
|
+
mapInputType(result) {
|
|
108
|
+
/* c8 ignore next 31 */
|
|
109
|
+
if (result.inputType in types_1.InputType)
|
|
110
|
+
return result.inputType;
|
|
111
|
+
switch (result.inputType) {
|
|
112
|
+
case 'UriPath':
|
|
113
|
+
return types_1.InputType.URI;
|
|
114
|
+
case 'UrlParameter':
|
|
115
|
+
return types_1.InputType.URL_PARAMETER;
|
|
116
|
+
case 'CookieName':
|
|
117
|
+
return types_1.InputType.COOKIE_NAME;
|
|
118
|
+
case 'CookieValue':
|
|
119
|
+
return types_1.InputType.COOKIE_VALUE;
|
|
120
|
+
case 'HeaderKey':
|
|
121
|
+
return types_1.InputType.UNKNOWN;
|
|
122
|
+
case 'HeaderValue':
|
|
123
|
+
return types_1.InputType.HEADER;
|
|
124
|
+
case 'JsonKey':
|
|
125
|
+
return types_1.InputType.UNKNOWN;
|
|
126
|
+
case 'JsonValue':
|
|
127
|
+
return types_1.InputType.JSON_VALUE;
|
|
128
|
+
case 'Method':
|
|
129
|
+
return types_1.InputType.METHOD;
|
|
130
|
+
case 'ParameterKey':
|
|
131
|
+
return types_1.InputType.PARAMETER_NAME;
|
|
132
|
+
case 'ParameterValue':
|
|
133
|
+
return types_1.InputType.PARAMETER_VALUE;
|
|
134
|
+
case 'MultipartName':
|
|
135
|
+
return types_1.InputType.MULTIPART_NAME;
|
|
136
|
+
case 'XmlValue':
|
|
137
|
+
return types_1.InputType.XML_VALUE;
|
|
138
|
+
case 'Unknown':
|
|
139
|
+
return types_1.InputType.UNKNOWN;
|
|
140
|
+
}
|
|
118
141
|
}
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
};
|
|
126
|
-
const pathTraversalDetailsBuilder = (el) => ({
|
|
127
|
-
path: el.value,
|
|
128
|
-
});
|
|
129
|
-
const cmdInjectionSemanticAnalysisDetailsBuilder = (el) => {
|
|
130
|
-
const ruleId = el.ruleId;
|
|
131
|
-
const ruleIdMap = {
|
|
132
|
-
[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS]: 0,
|
|
133
|
-
[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]: 1,
|
|
134
|
-
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2,
|
|
135
|
-
};
|
|
136
|
-
return {
|
|
137
|
-
command: el.value,
|
|
138
|
-
findings: [ruleIdMap[ruleId]],
|
|
139
|
-
};
|
|
140
|
-
};
|
|
141
|
-
function methodTamperingDetailsBuilder(result) {
|
|
142
|
-
return {
|
|
143
|
-
method: StringPrototypeToUpperCase.call(result.value),
|
|
144
|
-
statusCode: result.exploitMetadata?.[0]?.statusCode
|
|
145
|
-
};
|
|
146
|
-
}
|
|
147
|
-
const xxeSemanticAnalysisDetailsBuilder = (el) => {
|
|
148
|
-
// @ts-expect-error: Unreachable code error
|
|
149
|
-
const { prolog, entities } = el.exploitMetadata[0];
|
|
150
|
-
const exploitMetadata = {
|
|
151
|
-
xml: prolog,
|
|
152
|
-
declaredEntities: [],
|
|
153
|
-
entitiesResolved: [],
|
|
154
|
-
};
|
|
155
|
-
// @ts-expect-error: Unreachable code error
|
|
156
|
-
entities.reduce((acc, entity) => {
|
|
157
|
-
acc.declaredEntities.push({
|
|
158
|
-
start: entity.start,
|
|
159
|
-
end: entity.finish,
|
|
160
|
-
});
|
|
161
|
-
acc.entitiesResolved.push({
|
|
162
|
-
publicId: entity.type === 'PUBLIC' ? entity.uri : undefined,
|
|
163
|
-
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined,
|
|
164
|
-
});
|
|
165
|
-
return acc;
|
|
166
|
-
}, exploitMetadata);
|
|
167
|
-
return exploitMetadata;
|
|
168
|
-
};
|
|
169
|
-
const buildRequestObject = (sourceInfo) => {
|
|
170
|
-
const searchParams = new URLSearchParams(sourceInfo.queries);
|
|
171
|
-
const parameters = {};
|
|
172
|
-
for (const [key, value] of searchParams) {
|
|
173
|
-
if (parameters[key]) {
|
|
174
|
-
parameters[key].push(value);
|
|
142
|
+
buildInputPayload(result, time, masker) {
|
|
143
|
+
const { sensitiveDataMasking } = this.core;
|
|
144
|
+
const filters = [];
|
|
145
|
+
if (result.ruleId == common_1.Rule.NOSQL_INJECTION_MONGO) {
|
|
146
|
+
if (typeof result.value !== 'string')
|
|
147
|
+
filters.push('nosql-expansion');
|
|
175
148
|
}
|
|
176
|
-
|
|
177
|
-
|
|
149
|
+
if (result.ruleId == common_1.Rule.UNSAFE_FILE_UPLOAD)
|
|
150
|
+
filters.push('agent-lib');
|
|
151
|
+
const name = result.key || '';
|
|
152
|
+
let value;
|
|
153
|
+
if (sensitiveDataMasking.policy.maskAttackVector) {
|
|
154
|
+
if (masker.unmasked?.has(result.value)) {
|
|
155
|
+
value = CONTRAST_REDACTED_VECTOR;
|
|
156
|
+
}
|
|
157
|
+
else if (name) {
|
|
158
|
+
for (const set of sensitiveDataMasking.policy.keywordSets) {
|
|
159
|
+
if (set.has(name))
|
|
160
|
+
value = CONTRAST_REDACTED_VECTOR;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
178
163
|
}
|
|
164
|
+
value = value ?? result.value;
|
|
165
|
+
return {
|
|
166
|
+
filters,
|
|
167
|
+
name,
|
|
168
|
+
time,
|
|
169
|
+
type: this.mapInputType(result) || 'UNKNOWN',
|
|
170
|
+
// NOTE: In v4 we have other documentTypes too, why pick only NORMAL?
|
|
171
|
+
documentType: types_1.DocumentType.NORMAL,
|
|
172
|
+
value,
|
|
173
|
+
};
|
|
179
174
|
}
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
headers[sourceInfo.rawHeaders[i]] = StringPrototypeSplit.call(sourceInfo.rawHeaders[i + 1], /[,;]+/);
|
|
175
|
+
buildTimePayload(time) {
|
|
176
|
+
return { start: time, elapsed: time };
|
|
183
177
|
}
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
for (const result of results) {
|
|
202
|
-
const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0
|
|
203
|
-
? result.exploitMetadata[0]
|
|
204
|
-
: null;
|
|
205
|
-
if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO &&
|
|
206
|
-
typeof result.value !== 'string') {
|
|
207
|
-
result.mongoExpansionResult = true;
|
|
178
|
+
buildRequestObject(sourceInfo, masker) {
|
|
179
|
+
const searchParams = new URLSearchParams(sourceInfo.queries);
|
|
180
|
+
const parameters = {};
|
|
181
|
+
for (const [key, value] of searchParams) {
|
|
182
|
+
const redacted = masker.getMaskedValue(key, value);
|
|
183
|
+
if (parameters[key]) {
|
|
184
|
+
parameters[key].push(redacted);
|
|
185
|
+
}
|
|
186
|
+
else {
|
|
187
|
+
parameters[key] = [redacted];
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
const headers = {};
|
|
191
|
+
for (let i = 0; i < sourceInfo.rawHeaders.length; i += 2) {
|
|
192
|
+
const key = sourceInfo.rawHeaders[i];
|
|
193
|
+
const redactedValue = masker.getMaskedValue(key, sourceInfo.rawHeaders[i + 1]);
|
|
194
|
+
headers[key] = StringPrototypeSplit.call(redactedValue, /[,;]+/);
|
|
208
195
|
}
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
lineNumber,
|
|
217
|
-
})),
|
|
218
|
-
blocked: result.blocked,
|
|
219
|
-
timestamp: buildTimePayload(time),
|
|
220
|
-
request: requestPayload,
|
|
196
|
+
return {
|
|
197
|
+
version: sourceInfo.httpVersion,
|
|
198
|
+
method: sourceInfo.method,
|
|
199
|
+
uri: sourceInfo.uriPath,
|
|
200
|
+
queryString: sourceInfo.queries,
|
|
201
|
+
parameters,
|
|
202
|
+
headers,
|
|
221
203
|
};
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
204
|
+
}
|
|
205
|
+
;
|
|
206
|
+
accumulateUserAgent(set, eventArg) {
|
|
207
|
+
const userAgent = eventArg.store.sourceInfo?.getHeader?.('user-agent');
|
|
208
|
+
if (userAgent)
|
|
209
|
+
set.add(userAgent);
|
|
210
|
+
}
|
|
211
|
+
accumulateFinding(_attackersMap, eventArg) {
|
|
212
|
+
let targetGroup;
|
|
213
|
+
let { ruleId } = eventArg.result;
|
|
214
|
+
const { blocked } = eventArg.result;
|
|
215
|
+
const accum = this.ensureAccum(_attackersMap, eventArg.store.sourceInfo.ip);
|
|
216
|
+
const detailsBuilder = this.detailsBuilders.get(ruleId);
|
|
217
|
+
const masker = this.core.sensitiveDataMasking.createMasker();
|
|
218
|
+
const details = detailsBuilder ? detailsBuilder(eventArg, masker) : null;
|
|
219
|
+
if (eventArg.result.blocked) {
|
|
220
|
+
if ((details && !rulesThatBlockAtPerimeterOnly.has(ruleId)) ||
|
|
221
|
+
rulesThatExploitWithoutFindings.has(ruleId)) {
|
|
222
|
+
targetGroup = FindingGroup.BLOCKED;
|
|
226
223
|
}
|
|
227
224
|
else {
|
|
228
|
-
|
|
229
|
-
accumulator.blockedAtPerimeter.samples.push(data);
|
|
225
|
+
targetGroup = FindingGroup.BLOCKED_AT_PERIMETER;
|
|
230
226
|
}
|
|
231
227
|
}
|
|
232
228
|
else {
|
|
233
|
-
if (
|
|
234
|
-
|
|
235
|
-
accumulator.exploited.samples.push(data);
|
|
229
|
+
if (details) {
|
|
230
|
+
targetGroup = FindingGroup.EXPLOITED;
|
|
236
231
|
}
|
|
237
|
-
else
|
|
238
|
-
|
|
239
|
-
accumulator.ineffective.samples.push(data);
|
|
232
|
+
else {
|
|
233
|
+
targetGroup = FindingGroup.INEFFECTIVE;
|
|
240
234
|
}
|
|
241
235
|
}
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
!accumulator.exploited?.samples.length &&
|
|
245
|
-
!accumulator.blockedAtPerimeter?.samples.length &&
|
|
246
|
-
!accumulator.ineffective?.samples?.length)
|
|
247
|
-
return;
|
|
248
|
-
return accumulator;
|
|
249
|
-
};
|
|
250
|
-
const buildDefendPayload = (store) => {
|
|
251
|
-
const { sourceInfo, protect } = store;
|
|
252
|
-
const requestPayload = buildRequestObject(store.sourceInfo);
|
|
253
|
-
const time = Date.now();
|
|
254
|
-
let hasAttack = false;
|
|
255
|
-
const defendObject = {
|
|
256
|
-
source: { ip: store.sourceInfo.ip },
|
|
257
|
-
protectionRules: {},
|
|
258
|
-
};
|
|
259
|
-
const sqlInjection = store.protect.resultsMap[common_1.Rule.SQL_INJECTION];
|
|
260
|
-
if (sqlInjection) {
|
|
261
|
-
const isBlockMode = store.protect.policy[common_1.Rule.SQL_INJECTION] === 'block';
|
|
262
|
-
const protectionRules = buildProtectionRules(sqlInjection, requestPayload, time, isBlockMode, sqlInjectionDetailsBuilder);
|
|
263
|
-
if (protectionRules) {
|
|
264
|
-
defendObject.protectionRules[common_1.Rule.SQL_INJECTION] = protectionRules;
|
|
265
|
-
hasAttack = true;
|
|
266
|
-
}
|
|
267
|
-
}
|
|
268
|
-
const cmdInjection = store.protect.resultsMap[common_1.Rule.CMD_INJECTION];
|
|
269
|
-
if (cmdInjection) {
|
|
270
|
-
const isBlockMode = store.protect.policy[common_1.Rule.CMD_INJECTION] === 'block';
|
|
271
|
-
const protectionRules = buildProtectionRules(cmdInjection, requestPayload, time, isBlockMode, cmdInjectionDetailsBuilder);
|
|
272
|
-
if (protectionRules) {
|
|
273
|
-
defendObject.protectionRules[common_1.Rule.CMD_INJECTION] = protectionRules;
|
|
274
|
-
hasAttack = true;
|
|
275
|
-
}
|
|
276
|
-
}
|
|
277
|
-
const pathTraversal = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL];
|
|
278
|
-
if (pathTraversal) {
|
|
279
|
-
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL] === 'block';
|
|
280
|
-
const protectionRules = buildProtectionRules(pathTraversal, requestPayload, time, isBlockMode, pathTraversalDetailsBuilder);
|
|
281
|
-
if (protectionRules) {
|
|
282
|
-
defendObject.protectionRules[common_1.Rule.PATH_TRAVERSAL] = protectionRules;
|
|
283
|
-
hasAttack = true;
|
|
284
|
-
}
|
|
285
|
-
}
|
|
286
|
-
const reflectedXSS = protect.resultsMap[common_1.Rule.REFLECTED_XSS];
|
|
287
|
-
if (reflectedXSS) {
|
|
288
|
-
const isBlockMode = protect.policy[common_1.Rule.REFLECTED_XSS] === 'block';
|
|
289
|
-
const protectionRules = buildProtectionRules(reflectedXSS, requestPayload, time, isBlockMode, reflectedXSSDetailsBuilder);
|
|
290
|
-
if (protectionRules) {
|
|
291
|
-
defendObject.protectionRules[common_1.Rule.REFLECTED_XSS] = protectionRules;
|
|
292
|
-
hasAttack = true;
|
|
293
|
-
}
|
|
294
|
-
}
|
|
295
|
-
const ssjs = protect.resultsMap[common_1.Rule.SSJS_INJECTION];
|
|
296
|
-
if (ssjs) {
|
|
297
|
-
const isBlockMode = protect.policy[common_1.Rule.SSJS_INJECTION] === 'block';
|
|
298
|
-
const protectionRules = buildProtectionRules(ssjs, requestPayload, time, isBlockMode, ssjsDetailsBuilder);
|
|
299
|
-
if (protectionRules) {
|
|
300
|
-
defendObject.protectionRules[common_1.Rule.SSJS_INJECTION] = protectionRules;
|
|
301
|
-
hasAttack = true;
|
|
236
|
+
if (!targetGroup) {
|
|
237
|
+
throw new Error('unable to determine finding\'s group');
|
|
302
238
|
}
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
const
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
const cmdiSemanticAnalysisDangerousPaths = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS];
|
|
314
|
-
if (cmdiSemanticAnalysisDangerousPaths) {
|
|
315
|
-
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] === 'block';
|
|
316
|
-
cmdiSemanticAnalysisDangerousPaths.forEach((vulnerability) => {
|
|
317
|
-
Object.assign(vulnerability, {
|
|
318
|
-
inputType: 'Unknown',
|
|
319
|
-
key: 'Unknown',
|
|
320
|
-
});
|
|
321
|
-
});
|
|
322
|
-
const protectionRules = buildProtectionRules(cmdiSemanticAnalysisDangerousPaths, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
|
|
323
|
-
if (protectionRules) {
|
|
324
|
-
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] = protectionRules;
|
|
325
|
-
hasAttack = true;
|
|
326
|
-
}
|
|
327
|
-
}
|
|
328
|
-
const cmdiSemanticAnalysisChainedCommands = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS];
|
|
329
|
-
if (cmdiSemanticAnalysisChainedCommands) {
|
|
330
|
-
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] ===
|
|
331
|
-
'block';
|
|
332
|
-
cmdiSemanticAnalysisChainedCommands.forEach((vulnerability) => {
|
|
333
|
-
Object.assign(vulnerability, {
|
|
334
|
-
inputType: 'Unknown',
|
|
335
|
-
key: 'Unknown',
|
|
336
|
-
});
|
|
337
|
-
});
|
|
338
|
-
const protectionRules = buildProtectionRules(cmdiSemanticAnalysisChainedCommands, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
|
|
339
|
-
if (protectionRules) {
|
|
340
|
-
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] = protectionRules;
|
|
341
|
-
hasAttack = true;
|
|
342
|
-
}
|
|
343
|
-
}
|
|
344
|
-
const xxeSemanticAnalysis = protect.resultsMap[common_1.Rule.XXE];
|
|
345
|
-
if (xxeSemanticAnalysis) {
|
|
346
|
-
const isBlockMode = protect.policy[common_1.Rule.XXE] === 'block';
|
|
347
|
-
xxeSemanticAnalysis.forEach((vulnerability) => {
|
|
348
|
-
Object.assign(vulnerability, {
|
|
349
|
-
type: 'Unknown',
|
|
350
|
-
key: 'Unknown',
|
|
351
|
-
});
|
|
352
|
-
});
|
|
353
|
-
const protectionRules = buildProtectionRules(xxeSemanticAnalysis, requestPayload, time, isBlockMode, xxeSemanticAnalysisDetailsBuilder);
|
|
354
|
-
if (protectionRules) {
|
|
355
|
-
defendObject.protectionRules[common_1.Rule.XXE] = protectionRules;
|
|
356
|
-
hasAttack = true;
|
|
357
|
-
}
|
|
358
|
-
}
|
|
359
|
-
const cmdiCommandBackdoors = protect.resultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS];
|
|
360
|
-
if (cmdiCommandBackdoors) {
|
|
361
|
-
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] === 'block';
|
|
362
|
-
const protectionRules = buildProtectionRules(cmdiCommandBackdoors, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
|
|
363
|
-
if (protectionRules) {
|
|
364
|
-
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] =
|
|
365
|
-
protectionRules;
|
|
366
|
-
hasAttack = true;
|
|
367
|
-
}
|
|
368
|
-
}
|
|
369
|
-
const pathTraversalSemanticFileSecurityBypass = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS];
|
|
370
|
-
if (pathTraversalSemanticFileSecurityBypass) {
|
|
371
|
-
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] ===
|
|
372
|
-
'block';
|
|
373
|
-
pathTraversalSemanticFileSecurityBypass.forEach((vulnerability) => {
|
|
374
|
-
Object.assign(vulnerability, {
|
|
375
|
-
inputType: 'Unknown',
|
|
376
|
-
key: 'Unknown',
|
|
377
|
-
});
|
|
378
|
-
});
|
|
379
|
-
const protectionRules = buildProtectionRules(pathTraversalSemanticFileSecurityBypass, requestPayload, time, isBlockMode, (result) => ({ path: result.value }));
|
|
380
|
-
if (protectionRules) {
|
|
381
|
-
defendObject.protectionRules[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] = protectionRules;
|
|
382
|
-
hasAttack = true;
|
|
383
|
-
}
|
|
384
|
-
}
|
|
385
|
-
const unsafeFileUpload = protect.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD];
|
|
386
|
-
if (unsafeFileUpload) {
|
|
387
|
-
const isBlockMode = protect.policy[common_1.Rule.UNSAFE_FILE_UPLOAD] === 'block_at_perimeter';
|
|
388
|
-
const protectionRules = buildProtectionRules(unsafeFileUpload, requestPayload, time, isBlockMode, () => null);
|
|
389
|
-
if (protectionRules) {
|
|
390
|
-
defendObject.protectionRules[common_1.Rule.UNSAFE_FILE_UPLOAD] = protectionRules;
|
|
391
|
-
hasAttack = true;
|
|
392
|
-
}
|
|
393
|
-
}
|
|
394
|
-
const untrustedDeserialization = protect.resultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION];
|
|
395
|
-
if (untrustedDeserialization) {
|
|
396
|
-
const isBlockMode = protect.policy[common_1.Rule.UNTRUSTED_DESERIALIZATION] === 'block';
|
|
397
|
-
const protectionRules = buildProtectionRules(untrustedDeserialization, requestPayload, time, isBlockMode, untrustedDeserializationDetailsBuilder);
|
|
398
|
-
if (protectionRules) {
|
|
399
|
-
defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] =
|
|
400
|
-
protectionRules;
|
|
401
|
-
hasAttack = true;
|
|
402
|
-
}
|
|
403
|
-
}
|
|
404
|
-
const methodTampering = protect.resultsMap[common_1.Rule.METHOD_TAMPERING];
|
|
405
|
-
if (methodTampering) {
|
|
406
|
-
const protectionRules = buildProtectionRules(methodTampering, requestPayload, time, protect.policy[common_1.Rule.METHOD_TAMPERING] === 'block', methodTamperingDetailsBuilder);
|
|
407
|
-
if (protectionRules) {
|
|
408
|
-
defendObject.protectionRules[common_1.Rule.METHOD_TAMPERING] = protectionRules;
|
|
409
|
-
}
|
|
410
|
-
hasAttack = true;
|
|
411
|
-
}
|
|
412
|
-
const virtualPatch = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
|
|
413
|
-
if (virtualPatch) {
|
|
414
|
-
const mappedVirtualPatchResults = virtualPatch.map((vulnerability) => ({
|
|
415
|
-
key: vulnerability.name,
|
|
416
|
-
inputType: 'UNKNOWN',
|
|
417
|
-
ruleId: common_1.Rule.VIRTUAL_PATCH,
|
|
418
|
-
value: 'Virtual Patch',
|
|
419
|
-
exploitMetadata: [{ uuid: vulnerability.uuid }],
|
|
420
|
-
blocked: true,
|
|
239
|
+
const time = Date.now();
|
|
240
|
+
const timestamp = this.buildTimePayload(time);
|
|
241
|
+
const request = this.buildRequestObject(eventArg.store.sourceInfo, masker);
|
|
242
|
+
// build this lastly since we need to use masker.unmasked values that get set prior
|
|
243
|
+
const input = this.buildInputPayload(eventArg.result, time, masker);
|
|
244
|
+
const stack = (eventArg.sinkContext?.stack || common_1.empties.ARRAY).map(({ file, lineNumber, method, type }) => ({
|
|
245
|
+
fileName: file,
|
|
246
|
+
declaringClass: type,
|
|
247
|
+
methodName: method,
|
|
248
|
+
lineNumber,
|
|
421
249
|
}));
|
|
422
|
-
|
|
423
|
-
if (
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
250
|
+
// coerce ruleId now, since builders above leverage sub-rule name
|
|
251
|
+
if (ruleId == common_1.Rule.NOSQL_INJECTION_MONGO)
|
|
252
|
+
ruleId = common_1.Rule.NOSQL_INJECTION;
|
|
253
|
+
const groups = this.ensureGroups(accum.protectionRules, ruleId);
|
|
254
|
+
groups[targetGroup].total++;
|
|
255
|
+
groups[targetGroup].samples.push({ blocked, details, input, request, stack, timestamp });
|
|
427
256
|
}
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
257
|
+
ensureGroups(protectionRules, ruleId) {
|
|
258
|
+
let groups = protectionRules[ruleId];
|
|
259
|
+
if (!groups) {
|
|
260
|
+
groups = protectionRules[ruleId] = {
|
|
261
|
+
[FindingGroup.BLOCKED]: {
|
|
262
|
+
total: 0,
|
|
263
|
+
startTime: 0,
|
|
264
|
+
samples: []
|
|
265
|
+
},
|
|
266
|
+
[FindingGroup.EXPLOITED]: {
|
|
267
|
+
total: 0,
|
|
268
|
+
startTime: 0,
|
|
269
|
+
samples: []
|
|
270
|
+
},
|
|
271
|
+
[FindingGroup.INEFFECTIVE]: {
|
|
272
|
+
total: 0,
|
|
273
|
+
startTime: 0,
|
|
274
|
+
samples: []
|
|
275
|
+
},
|
|
276
|
+
[FindingGroup.BLOCKED_AT_PERIMETER]: {
|
|
277
|
+
total: 0,
|
|
278
|
+
startTime: 0,
|
|
279
|
+
samples: []
|
|
280
|
+
},
|
|
281
|
+
};
|
|
442
282
|
}
|
|
283
|
+
return groups;
|
|
443
284
|
}
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
defendObject.protectionRules[common_1.Rule.BOT_BLOCKER] = protectionRules;
|
|
453
|
-
hasAttack = true;
|
|
285
|
+
ensureAccum(map, ip) {
|
|
286
|
+
let accum = map.get(ip);
|
|
287
|
+
if (!accum) {
|
|
288
|
+
accum = {
|
|
289
|
+
source: { ip },
|
|
290
|
+
protectionRules: {}
|
|
291
|
+
};
|
|
292
|
+
map.set(ip, accum);
|
|
454
293
|
}
|
|
294
|
+
return accum;
|
|
295
|
+
}
|
|
296
|
+
createDetailsMapper(cb) {
|
|
297
|
+
return function (eventArg) {
|
|
298
|
+
if (!eventArg.findings || !eventArg.sinkContext)
|
|
299
|
+
return null;
|
|
300
|
+
return cb(eventArg);
|
|
301
|
+
};
|
|
455
302
|
}
|
|
456
|
-
return hasAttack ? defendObject : null;
|
|
457
|
-
};
|
|
458
|
-
function handleProtectMessage(store) {
|
|
459
|
-
if (!store.sourceInfo || !store.protect)
|
|
460
|
-
return null;
|
|
461
|
-
const attackers = {
|
|
462
|
-
userAgent: null,
|
|
463
|
-
attackModel: null,
|
|
464
|
-
};
|
|
465
|
-
const userAgentIndex = store.sourceInfo.rawHeaders.findIndex((el) => el === 'user-agent');
|
|
466
|
-
attackers.userAgent = userAgentIndex != -1
|
|
467
|
-
? store.sourceInfo.rawHeaders[userAgentIndex + 1]
|
|
468
|
-
: null;
|
|
469
|
-
attackers.attackModel = buildDefendPayload(store);
|
|
470
|
-
return attackers;
|
|
471
303
|
}
|
|
472
|
-
exports.
|
|
304
|
+
exports.Translations = Translations;
|
|
305
|
+
;
|
|
473
306
|
//# sourceMappingURL=translations.js.map
|