npm - @contrast/agent - Versions diffs - 4.25.4 → 4.25.6-beta.0 - Mend

@contrast/agent 4.25.4 → 4.25.6-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/assess/models/call-context.js +6 -19
package/lib/core/config/util.js +36 -17
package/lib/tracker.js +8 -0
package/package.json +2 -2

package/lib/assess/models/call-context.js CHANGED Viewed

@@ -20,7 +20,7 @@ const tracker = require('../../tracker');
 const stackFactory = require('../../core/stacktrace').singleton;
 const { PROXY_TARGET } = require('../../../lib/constants');
 const TagRange = require('../models/tag-range');
-const { toUntrackedString } = require('../utils');
+const distringuish = require('@contrast/distringuish');
 /**
  * Holds information about the call context of a function
@@ -126,7 +126,10 @@ function getDisplayRange(arg, orgArg = arg, iteration = 0) {
  */
 function valueString(value) {
   if (_.isString(value)) {
-    return toUntrackedString(value);
+    if (distringuish.isExternal(value.valueOf())) {
+      return distringuish.internalize(value.valueOf());
+    }
+    return value.valueOf();
   }
   if (_.isNumber(value)) {
@@ -156,23 +159,7 @@ function create(params) {
     constructorOpt: params.hooked
   });
-  let stack;
-  // If this occurs within the constructor it will leak all references within
-  // the snapshot's closure.
-  Object.defineProperty(instance, 'stack', {
-    enumerable: true,
-    configurable: true,
-    get() {
-      if (!stack) {
-        stack = snapshot();
-      }
-      return stack;
-    },
-    set(value) {
-      stack = value;
-    }
-  });
+  instance.stack = typeof snapshot === 'function' ? snapshot() : snapshot;
   return instance;
 }

package/lib/core/config/util.js CHANGED Viewed

@@ -37,7 +37,7 @@ const util = module.exports;
  * @param {*} value
  * @param {boolean} def set from default or not
  */
-function set(conf, name, value, def) {
+function set(conf, name, value, def, origin) {
   // use _.set so we can nest properties for names like 'application.vulnerability.tags'
   // and ensure 'var t = config.application.vulnerability.tags' is not going
   // to throw anything like 'can't read property tagRanges of undefined'
@@ -47,6 +47,7 @@ function set(conf, name, value, def) {
   if (!name.startsWith('api.')) {
     conf._flat[name] = value;
   }
+  conf._sources[name] = origin;
 }
 class ConfigurationError extends Error {
@@ -59,6 +60,7 @@ class Config {
   constructor() {
     this._default = {};
     this._flat = {};
+    this._sources = {};
     // all properties on node.agent should always exist, so that
     // no code needs to check whether they exist or not. this rule
@@ -87,6 +89,10 @@ class Config {
     return this._default[name];
   }
+  getOrigin(name) {
+    return this._sources[name];
+  }
   query(name) {
     const isDefault = this.isDefault(name);
     const value = this.get(name);
@@ -188,9 +194,8 @@ function readConfig(cliOptions, logger) {
   let fileContents;
   if (configPath) {
-    cliOptions.configFile = path.resolve(configPath);
     try {
-      fileContents = fs.readFileSync(cliOptions.configFile, 'utf-8');
+      fileContents = fs.readFileSync(path.resolve(configPath), 'utf-8');
     } catch (e) {
       logger.error(`Unable to read config file. ${e.message}`);
     }
@@ -211,7 +216,7 @@ function readConfig(cliOptions, logger) {
     }
   }
-  return config;
+  return { config, configPath };
 }
 /**
@@ -221,10 +226,9 @@ function readConfig(cliOptions, logger) {
  * @param {Object} cliOptions
  * @return {Object} "un-flattened" file options
  */
-function getFileOptions(cliOptions, logger) {
-  const config = readConfig(cliOptions, logger);
-  return _.reduce(
-    config,
+util.getFileOptions = function(cliOptions, logger) {
+  const { config, configPath } = readConfig(cliOptions, logger);
+  return _.reduce({ ...config, configPath },
     (memo, value, key) => {
       // Merge if necessary,
       if (memo[key]) {
@@ -233,12 +237,11 @@ function getFileOptions(cliOptions, logger) {
         // but otherwise set the config path.
         _.set(memo, key, value);
       }
       return memo;
     },
     {}
   );
-}
+};
 /**
  * only set autoEnv if it's a common config option
@@ -256,8 +259,9 @@ function getAutoEnv(name) {
  * @return {Config} merged options
  */
 function mergeCliOptions(cliOptions, logger) {
-  const fileOptions = getFileOptions(cliOptions, logger);
+  const fileOptions = util.getFileOptions(cliOptions, logger);
+  // eslint-disable-next-line complexity
   return configOptions.reduce((options, option) => {
     const {
       default: optDefault,
@@ -273,12 +277,26 @@ function mergeCliOptions(cliOptions, logger) {
     const fileFlag = _.get(fileOptions, name);
     // For some values, we want to know if we assigned by falling back to default
-    let isFromDefault;
     // cli > env > file > default
+    let isFromDefault, origin;
+    if (cliFlag != null) {
+      origin = 'CLI';
+    } else if (env != null || autoEnv != null) {
+      origin = 'ENV';
+    } else if (fileFlag != null) {
+      origin = 'YAML';
+    }
     let value = [cliFlag, env, autoEnv, fileFlag]
-      .map((v) => fn(v, logger))
-      .find((flag) => flag !== undefined);
+      .map((v) => fn(v, logger)).find((flag) => flag !== undefined);
+    // This is kind of a special case. We never set a default value for it so
+    // if we want to see it in the config, it needs to be set explicitly
+    if (name == 'configFile' && value == null) {
+      value = fileOptions.configPath;
+      origin = 'DEFAULT';
+    }
     // if it's an enum, find it in the enum or set the value to default
     // ineffective if optDefault wasn't in the enum;
@@ -288,6 +306,7 @@ function mergeCliOptions(cliOptions, logger) {
     if (optEnum && optEnum.indexOf(value) === -1) {
       value = fn(optDefault, logger);
       isFromDefault = true;
+      origin = 'DEFAULT';
     }
     // set default last and separately, so that we can mark that the option was
@@ -297,12 +316,12 @@ function mergeCliOptions(cliOptions, logger) {
         logger.error("Missing required option '%s'", name);
         return options;
       }
       value = fn(optDefault, logger);
       isFromDefault = true;
+      origin = 'DEFAULT';
     }
+    set(options, name, value, isFromDefault, origin);
-    set(options, name, value, isFromDefault);
     return options;
   }, new Config());
 }

package/lib/tracker.js CHANGED Viewed

@@ -132,6 +132,14 @@ class Tracker {
    */
   untrack(str) {
     if (typeof str === 'string') {
+      const props = distringuish.getProperties(str);
+      if (props) {
+        Object.assign(props, {
+          event: null,
+          tagRanges: [],
+          tracked: false,
+        });
+      }
       return distringuish.internalize(str);
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.25.4",
+  "version": "4.25.6-beta.0",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -77,7 +77,7 @@
     "@babel/traverse": "^7.12.1",
     "@babel/types": "^7.12.1",
     "@contrast/agent-lib": "^4.3.0",
-    "@contrast/distringuish": "^4.0.0",
+    "@contrast/distringuish": "^4.2.1",
     "@contrast/flat": "^4.1.1",
     "@contrast/fn-inspect": "^3.1.0",
     "@contrast/protobuf-api": "^3.2.5",