npm - @contrast/agent-bundle - Versions diffs - 5.45.1 → 5.46.0 - Mend

@contrast/agent-bundle 5.45.1 → 5.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/node_modules/@contrast/assess/lib/response-scanning/handlers/index.js CHANGED Viewed

@@ -60,7 +60,7 @@ module.exports = function(core) {
   responseScanning.handleAutoCompleteMissing = function(sourceContext, resHeaders, resBody) {
     if (
-      !isEnabled(AUTOCOMPLETE_MISSING, sourceContext) ||
+      !sourceContext.policy?.isRuleEnabled(AUTOCOMPLETE_MISSING) ||
       !isHtmlContent(resHeaders)
     ) {
       return;
@@ -91,7 +91,7 @@ module.exports = function(core) {
     // de-dupe; this will be re-emitted for parseableBody handlers anyway
     if (
-      !isEnabled(CACHE_CONTROLS_MISSING, sourceContext) ||
+      !sourceContext.policy?.isRuleEnabled(CACHE_CONTROLS_MISSING) ||
       (isParseableResponse(resHeaders) && !resBody)
     ) {
       return;
@@ -139,7 +139,7 @@ module.exports = function(core) {
   };
   responseScanning.handleClickJackingControlsMissing = function(sourceContext, resHeaders) {
-    if (!isEnabled(CLICKJACKING_CONTROL_MISSING, sourceContext)) return;
+    if (!sourceContext.policy?.isRuleEnabled(CLICKJACKING_CONTROL_MISSING)) return;
     // look for x-frame-options headers with deny or sameorigin
     const xFrameHeaders = resHeaders['x-frame-options'];
@@ -158,7 +158,7 @@ module.exports = function(core) {
   };
   responseScanning.handleParameterPollution = function(sourceContext, resBody) {
-    if (!isEnabled(PARAMETER_POLLUTION, sourceContext)) return;
+    if (!sourceContext.policy?.isRuleEnabled(PARAMETER_POLLUTION)) return;
     // look for form tag with missing action attribute.
     // ex: <form method="post">..
@@ -189,12 +189,12 @@ module.exports = function(core) {
     const cspHeaders = getCspHeaders(resHeaders);
     // Don't report if not set; this report belongs to 'csp-header-missing'
-    if (!cspHeaders && isEnabled(CSP_HEADER_MISSING, sourceContext)) {
+    if (!cspHeaders && sourceContext.policy?.isRuleEnabled(CSP_HEADER_MISSING)) {
       reportFindings(sourceContext, { ruleId: ResponseScanningRule.CSP_HEADER_MISSING });
       return;
     }
-    if (!isEnabled(CSP_HEADER_INSECURE, sourceContext)) return;
+    if (!sourceContext.policy?.isRuleEnabled(CSP_HEADER_INSECURE)) return;
     const vulnerabilityMetadata = checkCspSources(cspHeaders);
@@ -209,7 +209,7 @@ module.exports = function(core) {
   };
   responseScanning.handleHstsHeaderMissing = function(sourceContext, resHeaders) {
-    if (!isEnabled(HSTS_HEADER_MISSING, sourceContext)) return;
+    if (!sourceContext?.policy?.isRuleEnabled(HSTS_HEADER_MISSING)) return;
     let header = resHeaders['strict-transport-security'];
     let maxAge;
@@ -241,7 +241,7 @@ module.exports = function(core) {
   };
   responseScanning.handleXContentTypeHeaderMissing = function(sourceContext, resHeaders) {
-    if (!isEnabled(XCONTENTTYPE_HEADER_MISSING, sourceContext)) return;
+    if (!sourceContext.policy?.isRuleEnabled(XCONTENTTYPE_HEADER_MISSING)) return;
     const headerName = 'x-content-type-options';
     let header = resHeaders[headerName];
@@ -262,7 +262,7 @@ module.exports = function(core) {
   };
   responseScanning.handleXPoweredByHeader = function(sourceContext, resHeaders) {
-    if (!isEnabled(X_POWERED_BY_HEADER, sourceContext)) return;
+    if (!sourceContext.policy?.isRuleEnabled(X_POWERED_BY_HEADER)) return;
     const headerName = 'x-powered-by';
     let header = resHeaders[headerName];
@@ -280,7 +280,7 @@ module.exports = function(core) {
   };
   responseScanning.handleXxsProtectionHeaderDisabled = function(sourceContext, responseHeaders) {
-    if (!isEnabled(XXSPROTECTION_HEADER_DISABLED, sourceContext)) return;
+    if (!sourceContext?.policy?.isRuleEnabled(XXSPROTECTION_HEADER_DISABLED)) return;
     const header = responseHeaders['x-xss-protection'];
@@ -294,9 +294,5 @@ module.exports = function(core) {
     }
   };
-  function isEnabled(ruleId, sourceContext) {
-    return !!sourceContext?.policy?.enabledRules?.has?.(ruleId);
-  }
   return responseScanning;
 };

package/node_modules/@contrast/assess/lib/session-configuration/handlers.js CHANGED Viewed

@@ -67,7 +67,7 @@ module.exports = function (core) {
   function handle(ruleId, sourceContext, cookie, sessionEvent) {
     const state = ensureState(ruleId, sourceContext);
-    if (!sourceContext?.policy?.enabledRules?.has?.(ruleId) || state.reported) return;
+    if (sourceContext?.policy?.disabledRules?.has?.(ruleId) || state.reported) return;
     for (const value of ensureIterable(cookie)) {
       if (state.valuesAnalyzed.has(value)) continue;

package/node_modules/@contrast/assess/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/assess",
-  "version": "1.63.0",
+  "version": "1.64.0",
   "description": "Contrast service providing framework-agnostic Assess support",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,17 +21,17 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/core": "1.57.1",
-    "@contrast/dep-hooks": "1.26.1",
+    "@contrast/config": "1.53.0",
+    "@contrast/core": "1.58.0",
+    "@contrast/dep-hooks": "1.27.0",
     "@contrast/distringuish": "^6.0.2",
-    "@contrast/instrumentation": "1.36.1",
-    "@contrast/logger": "1.30.1",
-    "@contrast/patcher": "1.29.1",
-    "@contrast/rewriter": "1.34.0",
-    "@contrast/route-coverage": "1.49.1",
-    "@contrast/scopes": "1.27.1",
-    "@contrast/sources": "1.3.1",
+    "@contrast/instrumentation": "1.37.0",
+    "@contrast/logger": "1.31.0",
+    "@contrast/patcher": "1.30.0",
+    "@contrast/rewriter": "1.35.0",
+    "@contrast/route-coverage": "1.50.0",
+    "@contrast/scopes": "1.28.0",
+    "@contrast/sources": "1.4.0",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/config/lib/options.js CHANGED Viewed

@@ -692,6 +692,14 @@ Example - \`label1, label2, label3\``,
     fn: parseNum,
     desc: 'Set the maximum number of untrusted data flow propagations to observe per request.',
   },
+  {
+    name: 'assess.rules.disabled_rules',
+    arg: '<list,of,rules>',
+    default: '',
+    fn: split,
+    desc: 'Define a list of Protect rules to disable in the agent. The rules must be formatted as a comma-delimited list.',
+  },
   {
     name: 'assess.safe_positives.enable',
     arg: '[false]',

package/node_modules/@contrast/config/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.52.1",
+  "version": "1.53.0",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,7 +21,7 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/core": "1.57.1",
+    "@contrast/core": "1.58.0",
     "deepmerge": "^4.3.1",
     "yaml": "^2.2.2"
   }

package/node_modules/@contrast/core/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/core",
-  "version": "1.57.1",
+  "version": "1.58.0",
   "description": "Preconfigured Contrast agent core services and models",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,11 +20,11 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
+    "@contrast/config": "1.53.0",
     "@contrast/find-package-json": "^1.1.0",
     "@contrast/fn-inspect": "^5.0.2",
-    "@contrast/logger": "1.30.1",
-    "@contrast/patcher": "1.29.1",
+    "@contrast/logger": "1.31.0",
+    "@contrast/patcher": "1.30.0",
     "@contrast/perf": "1.4.0",
     "@tsxper/crc32": "^2.1.3",
     "axios": "^1.12.2",

package/node_modules/@contrast/deadzones/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/deadzones",
-  "version": "1.29.1",
+  "version": "1.30.0",
   "description": "Configures Contrast agent services and instrumentation within an application",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,8 +21,8 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/dep-hooks": "1.26.1",
-    "@contrast/patcher": "1.29.1",
-    "@contrast/scopes": "1.27.1"
+    "@contrast/dep-hooks": "1.27.0",
+    "@contrast/patcher": "1.30.0",
+    "@contrast/scopes": "1.28.0"
   }
 }

package/node_modules/@contrast/dep-hooks/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/dep-hooks",
-  "version": "1.26.1",
+  "version": "1.27.0",
   "description": "Post hooks for Module.prototype.require",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -22,9 +22,9 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/core": "1.57.1",
+    "@contrast/core": "1.58.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.30.1",
+    "@contrast/logger": "1.31.0",
     "semver": "^7.6.3"
   }
 }

package/node_modules/@contrast/esm-hooks/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/esm-hooks",
-  "version": "2.32.0",
+  "version": "2.33.0",
   "type": "module",
   "description": "Support for loading and instrumenting ECMAScript modules",
   "license": "SEE LICENSE IN LICENSE",
@@ -23,10 +23,10 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/config": "1.52.1",
-    "@contrast/core": "1.57.1",
+    "@contrast/config": "1.53.0",
+    "@contrast/core": "1.58.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.30.1",
-    "@contrast/rewriter": "1.34.0"
+    "@contrast/logger": "1.31.0",
+    "@contrast/rewriter": "1.35.0"
   }
 }

package/node_modules/@contrast/instrumentation/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/instrumentation",
-  "version": "1.36.1",
+  "version": "1.37.0",
   "description": "Shared hooks and patches between Protect and Assess components",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,8 +21,8 @@
   },
   "dependencies": {
     "@contrast/common": "1.37.0",
-    "@contrast/dep-hooks": "1.26.1",
-    "@contrast/logger": "1.30.1",
-    "@contrast/patcher": "1.29.1"
+    "@contrast/dep-hooks": "1.27.0",
+    "@contrast/logger": "1.31.0",
+    "@contrast/patcher": "1.30.0"
   }
 }