@contrast/agent 4.10.2 → 4.10.3

package/bin/VERSION

@@ -1 +1 @@
-2.28.9
+2.28.12

package/bootstrap.js

@@ -1,4 +1,3 @@
-#!/usr/bin/env node
 /**
 Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
@@ -13,6 +12,7 @@ Copyright: 2022 Contrast Security, Inc
   engineered, modified, repackaged, sold, redistributed or otherwise used in a
   way not consistent with the End User License Agreement.
 */
+'use strict';
 
 const startTime = process.hrtime();
 
@@ -25,7 +25,7 @@ const orig = Module.runMain;
  * process before invoking the main
  * script from cli
  */
-Module.runMain = async function(...args) {
+Module.runMain = async function (...args) {
   const { isMainThread } = require('worker_threads');
 
   try {

package/lib/core/logger/debug-logger.js

@@ -108,9 +108,10 @@ class DebugLogFactory {
 
     // We always log to a file, but check whether we should log to stdout
     if (
-      !this.stdout ||
-      !process.env.DEBUG ||
-      !/(^|,\s*)contrast:.+/.test(process.env.DEBUG)
+      this.loggerPath &&
+      (!this.stdout ||
+        !process.env.DEBUG ||
+        !/(^|,\s*)contrast:.+/.test(process.env.DEBUG))
     ) {
       this.mute = true;
     }

package/lib/core/rewrite/binary-expression.js

@@ -15,7 +15,6 @@ Copyright: 2022 Contrast Security, Inc
 'use strict';
 
 const t = require('@babel/types');
-const _ = require('lodash');
 
 /**
  * Wraps binary expressions in one of the following: `ContrastMethods.__add`,
@@ -30,7 +29,7 @@ const _ = require('lodash');
  * @param {import('.').State} state
  */
 module.exports = function BinaryExpression(path, state) {
-  const spec = _.find(state.specs, { token: path.node.operator });
+  const spec = state.specs.find(({ token }) => token === path.node.operator);
   if (
     !spec ||
     !state.callees[spec.name] ||

package/lib/core/rewrite/callees.js

@@ -15,7 +15,6 @@ Copyright: 2022 Contrast Security, Inc
 'use strict';
 
 const { expression } = require('@babel/template');
-const _ = require('lodash');
 
 /**
  * @typedef {Object} Spec
@@ -132,7 +131,9 @@ module.exports = function createCallees(agent) {
   const callees = specs.reduce(
     (memo, spec) =>
       (assessMode && spec.modes.assess) || (protectMode && spec.modes.protect)
-        ? _.set(memo, spec.name, calleeBuilder({ name: spec.name }))
+        ? Object.assign(memo, {
+            [spec.name]: calleeBuilder({ name: spec.name })
+          })
         : memo,
     {}
   );

package/lib/core/rewrite/catch-clause.js

@@ -13,7 +13,6 @@ Copyright: 2022 Contrast Security, Inc
   way not consistent with the End User License Agreement.
 */
 const { statement } = require('@babel/template');
-const _ = require('lodash');
 
 const logStatementBuilder = statement(
   `if (global.CONTRAST_LOG) {
@@ -38,7 +37,10 @@ const logStatementBuilder = statement(
  * @param {import('.').State} state
  */
 module.exports = function CatchClause(path, state) {
-  if (!_.get(state.agent, 'config.agent.node.enable_catch_log')) return;
+  const { config } = state.agent;
+  if (!config || !config.agent.node.enable_catch_log) {
+    return;
+  }
 
   path.node.param = path.node.param || path.scope.generateUidIdentifier('err');
   path

package/lib/core/rewrite/import-declaration.js

@@ -15,7 +15,6 @@ Copyright: 2022 Contrast Security, Inc
 'use strict';
 
 const t = require('@babel/types');
-const _ = require('lodash');
 
 const IMPORT_META_URL_MEMBER_EXPRESSION = t.memberExpression(
   t.memberExpression(t.identifier('import'), t.identifier('meta')),
@@ -49,7 +48,8 @@ module.exports = function ImportDeclaration(path, state) {
 
   path.insertAfter(
     specifiers.map((importSpec) => {
-      const spec = _.find(state.specs, { type: importSpec.type });
+      const spec = state.specs.find(({ type }) => type === importSpec.type);
+
       if (!spec || !state.callees[spec.name]) return;
 
       const args = [importSpec.local];

package/lib/core/rewrite/index.js

@@ -116,6 +116,7 @@ class Rewriter {
       null,
       initialState
     );
+    traverse.cache.clear();
   }
 
   /**

package/lib/core/rewrite/injections.js

@@ -14,7 +14,6 @@ Copyright: 2022 Contrast Security, Inc
 */
 'use strict';
 
-const _ = require('lodash');
 const logger = require('../logger')('contrast:rewrite:injections');
 const patcher = require('../../hooks/patcher');
 const { PATCH_TYPES } = require('../../constants');
@@ -161,8 +160,7 @@ module.exports = {
    * @returns {Injection[]}
    */
   getEnabled() {
-    return _.reduce(
-      injections,
+    return Object.values(injections).reduce(
       (enabled, injection) =>
         injection.enabled() ? [...enabled, injection] : enabled,
       []

package/lib/core/rewrite/rewrite-log.js

@@ -13,7 +13,6 @@ Copyright: 2022 Contrast Security, Inc
   way not consistent with the End User License Agreement.
 */
 'use strict';
-const _ = require('lodash');
 
 /**
  * Helper class that provides some means of optimizing the rewrite process.
@@ -32,11 +31,9 @@ module.exports = class RewriteLog {
     this._tokenMatches = specs.reduce(
       (matches, spec) =>
         callees[spec.name]
-          ? _.set(
-              matches,
-              spec.name,
-              !spec.token || 0 <= codeString.indexOf(spec.token)
-            )
+          ? Object.assign(matches, {
+              [spec.name]: !spec.token || 0 <= codeString.indexOf(spec.token)
+            })
           : matches,
       {}
     );
@@ -60,7 +57,7 @@ module.exports = class RewriteLog {
    * if we need to even rewrite the code at all.
    */
   foundTokens() {
-    return _.some(this._tokenMatches, _.identity);
+    return Object.values(this._tokenMatches).some(Boolean);
   }
 
   /**
@@ -72,6 +69,6 @@ module.exports = class RewriteLog {
    * make changes, we can just return original code.
    */
   rewritesOccurred() {
-    return !this.aborted && _.some(this._tokensRewritten, _.identity);
+    return !this.aborted && Object.values(this._tokensRewritten).some(Boolean);
   }
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.10.2",
+  "version": "4.10.3",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -113,12 +113,14 @@
   "devDependencies": {
     "@aws-sdk/client-dynamodb": "^3.39.0",
     "@bmacnaughton/string-generator": "^1.0.0",
-    "@contrast/eslint-config": "^2.0.1",
+    "@contrast/eslint-config": "^2.2.0",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
     "@contrast/screener-service": "^1.12.9",
     "@hapi/boom": "file:test/mock/boom",
     "@hapi/hapi": "file:test/mock/hapi",
     "@ls-lint/ls-lint": "^1.8.1",
+    "@typescript-eslint/eslint-plugin": "^5.10.2",
+    "@typescript-eslint/parser": "^5.10.2",
     "ajv": "^8.5.0",
     "ast-types": "^0.12.4",
     "aws-sdk": "file:test/mock/aws-sdk",
@@ -135,11 +137,11 @@
     "dustjs-linkedin": "^3.0.1",
     "ejs": "^3.1.6",
     "escape-html": "^1.0.3",
-    "eslint": "^8.2.0",
-    "eslint-config-prettier": "^6.11.0",
-    "eslint-plugin-mocha": "^7.0.1",
+    "eslint": "^8.8.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-plugin-mocha": "^10.0.3",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-prettier": "^3.1.4",
+    "eslint-plugin-prettier": "^4.0.0",
     "express": "file:test/mock/express",
     "fetch-cookie": "^0.11.0",
     "form-data": "^3.0.0",
@@ -168,7 +170,7 @@
     "nyc": "^15.1.0",
     "pg": "file:test/mock/pg",
     "pino": "^6.7.0",
-    "prettier": "^1.19.1",
+    "prettier": "^2.5.1",
     "proxyquire": "^2.1.0",
     "qs": "^6.9.4",
     "rethinkdb": "file:test/mock/rethinkdb",