npm - @contrast/agent-bundle - Versions diffs - 5.46.0 → 5.48.0 - Mend

@contrast/agent-bundle 5.46.0 → 5.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (647) hide show

package/node_modules/@contrast/assess/lib/dataflow/sources/install/fastify-websocket.js ADDED Viewed

@@ -0,0 +1,63 @@
+'use strict';
+const { InputType, set } = require('@contrast/common');
+const Core = require('@contrast/core/lib/ioc/core');
+const { patchType } = require('../common');
+const COMPONENT_NAME = 'assess.dataflow.sources.fastifyWebsocketInstrumentation';
+module.exports = Core.makeComponent({
+  name: COMPONENT_NAME,
+  factory: (core) => new FastifyWebsocketAssessSource(core),
+});
+class FastifyWebsocketAssessSource {
+  constructor(core) {
+    Object.defineProperty(this, 'core', { value: core });
+    set(core, COMPONENT_NAME, this);
+  }
+  /**
+   * Deploys @fastify/websocket instrumentation.
+   */
+  install() {
+    const {
+      depHooks,
+      patcher,
+      assess,
+    } = this.core;
+    depHooks.resolve({ name: '@fastify/websocket', version: '*' }, (fws) => {
+      // patch exported function
+      return patcher.patch(fws, {
+        name: '@fastify/websocket',
+        patchType,
+        post(data) {
+          // the plugin decorates fastify with the ws.WebSocketServer instance.
+          // we use the connection event to get reference to connecting
+          // WebSockets, and track when they emit message buffers.
+          data.args[0].websocketServer?.on?.('connection', (socket) => {
+            socket.on('message', function handler(data) {
+              const sourceContext = assess.getSourceContext();
+              // this should be present since sources run 'upgrade' requests in request scope
+              if (!sourceContext) return;
+              // this will track the emitted buffer
+              assess.dataflow.sources.handle({
+                data,
+                name: 'fastify-websocket',
+                inputType: InputType.WEBSOCKET,
+                stacktraceOpts: { constructorOpt: handler },
+                sourceContext,
+                onEvent(event) {
+                  event.context = 'WebSocket.on("message", ...args)';
+                  event.args = [{ value: 'args.0', tracked: true }];
+                },
+              });
+            });
+          });
+        }
+      });
+    });
+  }
+};

package/node_modules/@contrast/assess/lib/dataflow/sources/install/http.js CHANGED Viewed

@@ -36,63 +36,68 @@ module.exports = function (core) {
   const logger = core.logger.child({ name: 'contrast:assess' });
   /**
-   * The around hook for `emit` that
-   * invokes the protect service to do analysis when appropriate.
+   * The around hook for `emit` that handles tracking URL and header values.
+   * We track those when the event is 'request' or 'upgrade'. Also, for when
+   * event is 'request', we will also patch some ServerResponse methods. We
+   * currentl don't patch the raw socket for tracking when event is 'upgrade',
+   * sources instrumentation for websocket events happens per framework.
    */
   function around(next, data) {
     const [type] = data.args;
-    if (type !== 'request') return next();
+    if (type !== 'request' && type !== 'upgrade') return next();
     try {
-      const [, req, res] = data.args;
+      const [, req, resOrSocket] = data.args;
       const sourceContext = getSourceContext();
       if (!sourceContext?.policy) {
         return next();
       }
-      patcher.patch(res, 'writeHead', {
-        name: 'write-head',
-        patchType,
-        pre(data) {
-          const obj = data.args[data.args.length - 1];
-          if (!obj) return;
+      if (type == 'request') {
+        patcher.patch(resOrSocket, 'writeHead', {
+          name: 'write-head',
+          patchType,
+          pre(data) {
+            const obj = data.args[data.args.length - 1];
+            if (!obj) return;
-          if (Array.isArray(obj)) {
-            for (let i = 0; i < obj.length; i += 2) {
-              const key = obj[i];
-              const value = obj[i + 1];
+            if (Array.isArray(obj)) {
+              for (let i = 0; i < obj.length; i += 2) {
+                const key = obj[i];
+                const value = obj[i + 1];
-              if (StringPrototypeToLowerCase.call(key) === 'content-type') {
-                sourceContext.responseData.contentType = value;
+                if (StringPrototypeToLowerCase.call(key) === 'content-type') {
+                  sourceContext.responseData.contentType = value;
+                }
               }
-            }
-          } else if (typeof obj === 'object') {
-            for (const [key, value] of Object.entries(obj)) {
-              if (StringPrototypeToLowerCase.call(key) === 'content-type') {
-                sourceContext.responseData.contentType = value;
+            } else if (typeof obj === 'object') {
+              for (const [key, value] of Object.entries(obj)) {
+                if (StringPrototypeToLowerCase.call(key) === 'content-type') {
+                  sourceContext.responseData.contentType = value;
+                }
               }
             }
           }
-        }
-      });
+        });
-      if (!patcher.hooks.get(res?.setHeader)?.funcKeys.has(`${patchType}:set-header`)) {
-        patcher.patch(res, 'setHeader', {
-          name: 'set-header',
-          patchType,
-          pre(data) {
-            const [name = '', value] = data.args;
-            if (
-              value &&
-              StringPrototypeToLowerCase.call(name) === 'content-type' &&
-              getSourceContext()
-            ) {
-              sourceContext.responseData.contentType = value;
+        if (!patcher.hooks.get(resOrSocket?.setHeader)?.funcKeys.has(`${patchType}:set-header`)) {
+          patcher.patch(resOrSocket, 'setHeader', {
+            name: 'set-header',
+            patchType,
+            pre(data) {
+              const [name = '', value] = data.args;
+              if (
+                value &&
+                StringPrototypeToLowerCase.call(name) === 'content-type' &&
+                getSourceContext()
+              ) {
+                sourceContext.responseData.contentType = value;
+              }
             }
-          }
-        });
+          });
+        }
       }
       const sourceName = 'ClientRequest';
@@ -143,7 +148,6 @@ module.exports = function (core) {
         }
       });
       //
       // now track the rawHeaders. headers are complicated because they appear
       // three times: headers, headersDistinct, and rawHeaders and we want to

package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/index.js CHANGED Viewed

@@ -20,7 +20,7 @@ const { callChildComponentMethodsSync } = require('@contrast/common');
 module.exports = function(core) {
   const koaSources = core.assess.dataflow.sources.koaInstrumentation = {};
-  require('./koa2')(core);
+  require('./koa')(core);
   require('./koa-bodyparsers')(core);
   require('./koa-multer')(core);
   require('./koa-routers')(core);

package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/koa-bodyparsers.js CHANGED Viewed

@@ -30,58 +30,86 @@ module.exports = (core) => {
     },
   } = core;
-  function install() {
-    [['koa-body', '<7'], ['koa-bodyparser', '<5']].forEach(([name, version]) => {
-      depHooks.resolve({ name, version }, (koaBody) => patcher.patch(koaBody, {
+  function postFn(name) {
+    return function(data) {
+      data.result = patcher.patch(data.result, {
         name,
         patchType,
-        post(data) {
-          data.result = patcher.patch(data.result, {
-            name,
-            patchType,
-            pre(data) {
-              const { funcKey } = data;
-              const [ctx, origNext] = data.args;
-              const sourceContext = getSourceContext();
-              if (!sourceContext) return;
-              if (sourceContext.parsedBody) {
-                logger.trace({ funcKey }, 'values already tracked');
-                return;
-              }
-              data.args[1] = async function contrastNext(origErr) {
-                const contentType = scopes.sources.getStore()?.sourceInfo?.contentType;
-                const inputType = contentType?.includes?.('/json')
-                  ? InputType.JSON_VALUE
-                  : typeof ctx.request.body == 'object'
-                    ? InputType.PARAMETER_VALUE
-                    : InputType.BODY;
-                try {
-                  sources.handle({
-                    context: 'ctx.request.body',
-                    name,
-                    inputType,
-                    stacktraceOpts: {
-                      constructorOpt: contrastNext,
-                    },
-                    data: ctx.request.body,
-                    sourceContext
-                  });
-                  sourceContext.parsedBody = !!Object.keys(ctx.request.body).length;
-                } catch (err) {
-                  logger.error({ err, inputType, funcKey }, 'unable to handle Koa source');
-                }
-                await origNext(origErr);
-              };
+        pre(data) {
+          const { funcKey } = data;
+          const [ctx, origNext] = data.args;
+          const sourceContext = getSourceContext();
+          if (!sourceContext) return;
+          if (sourceContext.parsedBody) {
+            logger.trace({ funcKey }, 'values already tracked');
+            return;
+          }
+          data.args[1] = async function contrastNext(origErr) {
+            const contentType = scopes.sources.getStore()?.sourceInfo?.contentType;
+            const inputType = contentType?.includes?.('/json')
+              ? InputType.JSON_VALUE
+              : typeof ctx.request.body == 'object'
+                ? InputType.PARAMETER_VALUE
+                : InputType.BODY;
+            try {
+              sources.handle({
+                context: 'ctx.request.body',
+                name,
+                inputType,
+                stacktraceOpts: {
+                  constructorOpt: contrastNext,
+                },
+                data: ctx.request.body,
+                sourceContext
+              });
+              sourceContext.parsedBody = !!Object.keys(ctx.request.body || {}).length;
+            } catch (err) {
+              logger.error({ err, inputType, funcKey }, 'unable to handle Koa source');
             }
-          });
+            await origNext(origErr);
+          };
         }
-      }));
+      });
+    };
+  }
+  function install() {
+    [['koa-body', '>=4 <6'], ['koa-bodyparser', '>=4 <5']].forEach(([name, version]) => {
+      depHooks.resolve({ name, version }, (koaBody) =>
+        patcher.patch(koaBody, {
+          name,
+          patchType,
+          post: postFn(name)
+        })
+      );
+    });
+    depHooks.resolve({ name: 'koa-body', version: '>=6 <7' }, (koaBody) =>
+      patcher.patch(koaBody, 'koaBody', {
+        name: 'koaBody',
+        patchType,
+        post: postFn('koa-body')
+      })
+    );
+    depHooks.resolve({ name: '@koa/bodyparser', version: '>=5 <7' }, (koaBody) => {
+      const patchedBodyParser = patcher.patch(koaBody.bodyParser, {
+        name: '@koa/bodyparser',
+        patchType,
+        post: postFn('@koa/bodyparser')
+      }
+      );
+      return {
+        default: patchedBodyParser,
+        bodyParser: patchedBodyParser
+      };
     });
   }

package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/koa-multer.js CHANGED Viewed

@@ -67,7 +67,7 @@ module.exports = (core) => {
   }
   function install() {
-    [['koa-multer', '<2'], ['@koa/multer', '<4']].forEach(([name, version]) => {
+    [['koa-multer', '<2'], ['@koa/multer', '>=3 <5']].forEach(([name, version]) => {
       depHooks.resolve(
         { name, version }, (_export) => {
           const origMulter = _export;

package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/koa-routers.js CHANGED Viewed

@@ -31,11 +31,11 @@ module.exports = (core) => {
   // Patch `koa-router` and `@koa/router` to handle parsed params
   function install() {
-    [['koa-router', '<14'], ['@koa/router', '<14']].forEach(([router, version]) => {
+    [['koa-router', '>=12 <15'], ['@koa/router', '>=12 <15']].forEach(([router, version]) => {
       depHooks.resolve(
         { name: router, version, file: 'lib/layer.js' },
         (layer) => {
-          layer.prototype = patcher.patch(layer.prototype, 'params', {
+          patcher.patch(layer.prototype, 'params', {
             name: `[${router}].layer.prototype`,
             patchType,
             post({ orig, hooked, result, name, funcKey }) {

package/node_modules/@contrast/assess/lib/dataflow/sources/install/koa/{koa2.js → koa.js} RENAMED Viewed

@@ -40,7 +40,7 @@ module.exports = (core) => {
    * registers a depHook for koa module instrumentation
    */
   function install() {
-    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
+    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <4' }, (Koa) => {
       const createMiddleware = ({ name, funcKey }) => {
         const contrastStartMiddleware = function contrastStartMiddleware(ctx, next) {
           const sourceContext = getSourceContext();
@@ -101,9 +101,9 @@ module.exports = (core) => {
     });
   }
-  const koa2Instrumentation = sources.koaInstrumentation.koa2 = {
+  const koaInstrumentation = sources.koaInstrumentation.koa = {
     install
   };
-  return koa2Instrumentation;
+  return koaInstrumentation;
 };

package/node_modules/@contrast/assess/lib/dataflow/sources/install/socket.io.js ADDED Viewed

@@ -0,0 +1,80 @@
+/*
+ * Copyright: 2025 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+'use strict';
+const { InputType, set } = require('@contrast/common');
+const Core = require('@contrast/core/lib/ioc/core');
+const { patchType } = require('../common');
+const COMPONENT_NAME = 'assess.dataflow.sources.socketIoInstrumentation';
+module.exports = Core.makeComponent({
+  name: COMPONENT_NAME,
+  factory: (core) => new SocketIOAssessSource(core),
+});
+class SocketIOAssessSource {
+  constructor(core) {
+    Object.defineProperty(this, 'core', { value: core });
+    set(core, COMPONENT_NAME, this);
+  }
+  /**
+   * Deploys socket.io instrumentation.
+   */
+  install() {
+    const {
+      depHooks,
+      patcher,
+      assess,
+    } = this.core;
+    depHooks.resolve(
+      { name: 'socket.io', version: '4' },
+      /**
+       * @param {import('socket.io-4')} xport the exported socket.io module
+       */
+      (xport) => {
+        patcher.patch(xport.Socket.prototype, 'dispatch', {
+          name: 'socket.io.Socket.prototype.dispatch',
+          patchType,
+          pre(data) {
+            if (!Array.isArray(data.args[0])) return;
+            const sourceContext = assess.getSourceContext();
+            if (!sourceContext) return;
+            const [eventName, ...params] = data.args[0];
+            assess.dataflow.sources.handle({
+              data: params,
+              name: 'socket.io.Socket.prototype.dispatch',
+              inputType: InputType.WEBSOCKET,
+              stacktraceOpts: { constructorOpt: data.hooked },
+              sourceContext,
+              onEvent(event, fieldName, pathName) {
+                event.context = `socket.io Socket.on("${eventName}", ...params)`;
+                event.args = [{
+                  tracked: true,
+                  value: `params.${pathName}`,
+                }];
+              },
+            });
+            data.args[0] = [eventName, ...params];
+          }
+        });
+      }
+    );
+  }
+}

package/node_modules/@contrast/assess/lib/index.d.ts CHANGED Viewed

@@ -12,7 +12,7 @@
  * engineered, modified, repackaged, sold, redistributed or otherwise used in a
  * way not consistent with the End User License Agreement.
  */
-import { Rule, SessionConfigurationRule } from '@contrast/common';
+import { Rule, ConfigurationRule } from '@contrast/common';
 import { Config } from '@contrast/config';
 import { Core as _Core } from '@contrast/core';
 import { Deadzones } from '@contrast/deadzones';
@@ -61,8 +61,9 @@ export interface SessionRuleState {
 }
 export interface RuleState {
-  [SessionConfigurationRule.HTTPONLY]?: SessionRuleState,
-  [SessionConfigurationRule.SECURE_FLAG_MISSING]?: SessionRuleState,
+  [ConfigurationRule.HTTPONLY]?: SessionRuleState,
+  [ConfigurationRule.SECURE_FLAG_MISSING]?: SessionRuleState,
+  [ConfigurationRule.GRAPHQL_INTROSPECTION]?: SessionRuleState,
 }
 export interface Assess {

package/node_modules/@contrast/assess/lib/index.js CHANGED Viewed

@@ -70,7 +70,7 @@ module.exports = function assess(core) {
   require('./dataflow')(core);
   require('./crypto-analysis')(core);
   require('./response-scanning')(core);
-  require('./session-configuration')(core);
+  require('./configuration-analysis')(core);
   // append async state to sources store when request-scope sources are created
   sources.addHook('onSource', (ctx) => {

package/node_modules/@contrast/assess/lib/policy.js CHANGED Viewed

@@ -21,7 +21,7 @@ const {
   InputType,
   Rule,
   ResponseScanningRule,
-  SessionConfigurationRule,
+  ConfigurationRule,
   set,
   primordials: { ArrayPrototypeJoin, RegExpPrototypeTest }
 } = require('@contrast/common');
@@ -30,7 +30,7 @@ const { Core } = require('@contrast/core/lib/ioc/core');
 const ASSESS_RULES = Object.values({
   ...Rule,
   ...ResponseScanningRule,
-  ...SessionConfigurationRule,
+  ...ConfigurationRule,
 });
 const BROAD_INPUT_EXCLUSION_TYPES = [
   ExclusionType.BODY,

package/node_modules/@contrast/assess/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/assess",
-  "version": "1.64.0",
+  "version": "1.66.0",
   "description": "Contrast service providing framework-agnostic Assess support",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,18 +20,18 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.37.0",
-    "@contrast/config": "1.53.0",
-    "@contrast/core": "1.58.0",
-    "@contrast/dep-hooks": "1.27.0",
+    "@contrast/common": "1.38.0",
+    "@contrast/config": "1.54.1",
+    "@contrast/core": "1.59.1",
+    "@contrast/dep-hooks": "1.28.1",
     "@contrast/distringuish": "^6.0.2",
-    "@contrast/instrumentation": "1.37.0",
-    "@contrast/logger": "1.31.0",
-    "@contrast/patcher": "1.30.0",
-    "@contrast/rewriter": "1.35.0",
-    "@contrast/route-coverage": "1.50.0",
-    "@contrast/scopes": "1.28.0",
-    "@contrast/sources": "1.4.0",
+    "@contrast/instrumentation": "1.38.1",
+    "@contrast/logger": "1.32.1",
+    "@contrast/patcher": "1.31.1",
+    "@contrast/rewriter": "1.36.1",
+    "@contrast/route-coverage": "1.52.0",
+    "@contrast/scopes": "1.29.1",
+    "@contrast/sources": "1.5.1",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/common/lib/constants.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export declare enum Event {
     ASSESS_DATAFLOW_FINDING = "assess-dataflow-findings",
     ASSESS_DATAFLOW_SAFE_POSITIVE = "assess-dataflow-safe-positive",
     ASSESS_RESPONSE_SCANNING_FINDING = "assess-response-scanning-findings",
-    ASSESS_SESSION_CONFIGURATION_FINDING = "assess-session-configuration-findings",
+    ASSESS_CONFIGURATION_FINDING = "assess-configuration-findings",
     ASSESS_CRYPTO_ANALYSIS_FINDING = "assess-crypto-analysis-finding",
     LIBRARY = "library",
     LIBRARY_USAGE = "library-usage",
@@ -60,9 +60,10 @@ export declare enum ResponseScanningRule {
     XCONTENTTYPE_HEADER_MISSING = "xcontenttype-header-missing",
     XXSPROTECTION_HEADER_DISABLED = "xxssprotection-header-disabled"
 }
-export declare enum SessionConfigurationRule {
+export declare enum ConfigurationRule {
     HTTPONLY = "httponly",
-    SECURE_FLAG_MISSING = "secure-flag-missing"
+    SECURE_FLAG_MISSING = "secure-flag-missing",
+    GRAPHQL_INTROSPECTION = "graphql-introspection"
 }
 export declare enum InputType {
     UNDEFINED_TYPE = "UNDEFINED_TYPE",
@@ -86,7 +87,8 @@ export declare enum InputType {
     METHOD = "METHOD",
     REQUEST = "REQUEST",
     URL_PARAMETER = "URL_PARAMETER",
-    UNKNOWN = "UNKNOWN"
+    UNKNOWN = "UNKNOWN",
+    WEBSOCKET = "WEBSOCKET"
 }
 export declare enum ExclusionType {
     BODY = "BODY",
@@ -96,6 +98,12 @@ export declare enum ExclusionType {
     QUERYSTRING = "QUERYSTRING",
     URL = "URL"
 }
+export declare enum RouteType {
+    HTTP = "HTTP",
+    MESSAGE_BROKER = "MESSAGE_BROKER",
+    MIDDLEWARE = "MIDDLEWARE",
+    RPC = "RPC"
+}
 export declare enum DataflowTag {
     XML_ENCODED = "XML_ENCODED",
     XML_DECODED = "XML_DECODED",

package/node_modules/@contrast/common/lib/constants.js CHANGED Viewed

@@ -14,7 +14,7 @@
  * way not consistent with the End User License Agreement.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.URI_REGEXES = exports.symbols = exports.agentLibIDListTypes = exports.FS_METHODS = exports.BLOCKING_MODES = exports.ServerEnvironment = exports.DataflowTag = exports.ExclusionType = exports.InputType = exports.SessionConfigurationRule = exports.ResponseScanningRule = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
+exports.URI_REGEXES = exports.symbols = exports.agentLibIDListTypes = exports.FS_METHODS = exports.BLOCKING_MODES = exports.ServerEnvironment = exports.DataflowTag = exports.RouteType = exports.ExclusionType = exports.InputType = exports.ConfigurationRule = exports.ResponseScanningRule = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
 var Event;
 (function (Event) {
     // lifecycle
@@ -26,7 +26,7 @@ var Event;
     Event["ASSESS_DATAFLOW_FINDING"] = "assess-dataflow-findings";
     Event["ASSESS_DATAFLOW_SAFE_POSITIVE"] = "assess-dataflow-safe-positive";
     Event["ASSESS_RESPONSE_SCANNING_FINDING"] = "assess-response-scanning-findings";
-    Event["ASSESS_SESSION_CONFIGURATION_FINDING"] = "assess-session-configuration-findings";
+    Event["ASSESS_CONFIGURATION_FINDING"] = "assess-configuration-findings";
     Event["ASSESS_CRYPTO_ANALYSIS_FINDING"] = "assess-crypto-analysis-finding";
     Event["LIBRARY"] = "library";
     Event["LIBRARY_USAGE"] = "library-usage";
@@ -85,11 +85,12 @@ var ResponseScanningRule;
     ResponseScanningRule["XCONTENTTYPE_HEADER_MISSING"] = "xcontenttype-header-missing";
     ResponseScanningRule["XXSPROTECTION_HEADER_DISABLED"] = "xxssprotection-header-disabled";
 })(ResponseScanningRule || (exports.ResponseScanningRule = ResponseScanningRule = {}));
-var SessionConfigurationRule;
-(function (SessionConfigurationRule) {
-    SessionConfigurationRule["HTTPONLY"] = "httponly";
-    SessionConfigurationRule["SECURE_FLAG_MISSING"] = "secure-flag-missing";
-})(SessionConfigurationRule || (exports.SessionConfigurationRule = SessionConfigurationRule = {}));
+var ConfigurationRule;
+(function (ConfigurationRule) {
+    ConfigurationRule["HTTPONLY"] = "httponly";
+    ConfigurationRule["SECURE_FLAG_MISSING"] = "secure-flag-missing";
+    ConfigurationRule["GRAPHQL_INTROSPECTION"] = "graphql-introspection";
+})(ConfigurationRule || (exports.ConfigurationRule = ConfigurationRule = {}));
 var InputType;
 (function (InputType) {
     InputType["UNDEFINED_TYPE"] = "UNDEFINED_TYPE";
@@ -114,6 +115,7 @@ var InputType;
     InputType["REQUEST"] = "REQUEST";
     InputType["URL_PARAMETER"] = "URL_PARAMETER";
     InputType["UNKNOWN"] = "UNKNOWN";
+    InputType["WEBSOCKET"] = "WEBSOCKET";
 })(InputType || (exports.InputType = InputType = {}));
 var ExclusionType;
 (function (ExclusionType) {
@@ -124,6 +126,13 @@ var ExclusionType;
     ExclusionType["QUERYSTRING"] = "QUERYSTRING";
     ExclusionType["URL"] = "URL";
 })(ExclusionType || (exports.ExclusionType = ExclusionType = {}));
+var RouteType;
+(function (RouteType) {
+    RouteType["HTTP"] = "HTTP";
+    RouteType["MESSAGE_BROKER"] = "MESSAGE_BROKER";
+    RouteType["MIDDLEWARE"] = "MIDDLEWARE";
+    RouteType["RPC"] = "RPC";
+})(RouteType || (exports.RouteType = RouteType = {}));
 var DataflowTag;
 (function (DataflowTag) {
     DataflowTag["XML_ENCODED"] = "XML_ENCODED";

package/node_modules/@contrast/common/lib/types.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { EventEmitter } from 'events';
 import { ServerResponse } from 'node:http';
-import { Event, ProtectRuleMode, Rule } from './constants';
+import { Event, ProtectRuleMode, RouteType, Rule } from './constants';
 export interface Installable {
     install(...args: any[]): void | Promise<void>;
     uninstall?(): void | Promise<void>;
@@ -335,6 +335,10 @@ export interface RouteInfo {
      * @example "get"
      */
     method?: string;
+    /**
+     * The type of route that is being reported. Default should be RouteType.HTTP.
+     */
+    type: RouteType;
     /**
      * URL for a route.
      * @example "prefix/route/path"