@contrast/agent 4.29.2-alpha.2 → 4.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (580) hide show
  1. package/LICENSE +11 -11
  2. package/README.md +86 -57
  3. package/agent-loader.js +14 -0
  4. package/bin/VERSION +1 -0
  5. package/bin/contrast-service-darwin-arm64 +0 -0
  6. package/bin/contrast-service-darwin-x64 +0 -0
  7. package/bin/contrast-service-linux-arm64 +0 -0
  8. package/bin/contrast-service-linux-x64 +0 -0
  9. package/bin/contrast-service-win32-x64.exe +0 -0
  10. package/bootstrap.js +14 -0
  11. package/changelog.config.js +56 -0
  12. package/cli-rewriter.js +14 -0
  13. package/cli.js +14 -0
  14. package/config-diagnostics.js +14 -0
  15. package/esm.mjs +14 -0
  16. package/lib/agent-emitter.js +14 -0
  17. package/lib/agent.js +14 -0
  18. package/lib/app-info.js +14 -0
  19. package/lib/assess/deadzones/index.js +14 -0
  20. package/lib/assess/deadzones/rewrite.js +14 -0
  21. package/lib/assess/express/index.js +14 -0
  22. package/lib/assess/express/route-coverage.js +14 -0
  23. package/lib/assess/express/sinks/index.js +14 -0
  24. package/lib/assess/express/sinks/xss.js +14 -0
  25. package/lib/assess/express/sources.js +14 -0
  26. package/lib/assess/fastify/index.js +14 -0
  27. package/lib/assess/fastify/route-coverage.js +14 -0
  28. package/lib/assess/fastify/sinks/index.js +13 -1
  29. package/lib/assess/fastify/sinks/response-scanning.js +14 -0
  30. package/lib/assess/fastify/sinks/unvalidated-redirect.js +14 -0
  31. package/lib/assess/fastify/sinks/xss.js +14 -0
  32. package/lib/assess/fastify/sources.js +14 -0
  33. package/lib/assess/hapi/index.js +14 -0
  34. package/lib/assess/hapi/route-coverage.js +14 -0
  35. package/lib/assess/hapi/sinks/index.js +14 -0
  36. package/lib/assess/hapi/sinks/response-scanning.js +14 -0
  37. package/lib/assess/hapi/sinks/session.js +14 -0
  38. package/lib/assess/hapi/sinks/unvalidated-redirect.js +14 -0
  39. package/lib/assess/hapi/sinks/xss.js +14 -0
  40. package/lib/assess/hapi/sources.js +14 -0
  41. package/lib/assess/index.js +14 -0
  42. package/lib/assess/koa/index.js +14 -0
  43. package/lib/assess/koa/route-coverage.js +14 -0
  44. package/lib/assess/koa/sinks/index.js +14 -0
  45. package/lib/assess/koa/sinks/response-scanning.js +14 -0
  46. package/lib/assess/koa/sinks/unvalidated-redirect.js +14 -0
  47. package/lib/assess/koa/sinks/xss.js +14 -0
  48. package/lib/assess/koa/sources.js +14 -0
  49. package/lib/assess/loopback4/index.js +14 -0
  50. package/lib/assess/loopback4/route-coverage.js +14 -0
  51. package/lib/assess/loopback4/sinks/index.js +14 -0
  52. package/lib/assess/loopback4/sinks/response-scanning.js +14 -0
  53. package/lib/assess/loopback4/sinks/xss.js +14 -0
  54. package/lib/assess/loopback4/sources.js +14 -0
  55. package/lib/assess/membrane/debraner.js +14 -0
  56. package/lib/assess/membrane/deserialization-membrane.js +14 -0
  57. package/lib/assess/membrane/index.js +14 -0
  58. package/lib/assess/membrane/source-membrane.js +14 -0
  59. package/lib/assess/models/base-event.js +14 -0
  60. package/lib/assess/models/call-context.js +14 -0
  61. package/lib/assess/models/index.js +14 -0
  62. package/lib/assess/models/propagation-event.js +14 -0
  63. package/lib/assess/models/signature.js +14 -0
  64. package/lib/assess/models/sink-event.js +14 -0
  65. package/lib/assess/models/source-event.js +14 -0
  66. package/lib/assess/models/tag-range/index.js +14 -0
  67. package/lib/assess/models/tag-range/relationships.js +14 -0
  68. package/lib/assess/models/tag-range/util.js +14 -0
  69. package/lib/assess/policy/index.js +14 -0
  70. package/lib/assess/policy/init.js +14 -0
  71. package/lib/assess/policy/util.js +14 -0
  72. package/lib/assess/propagators/JSON/parse.js +14 -0
  73. package/lib/assess/propagators/JSON/stringify.js +14 -0
  74. package/lib/assess/propagators/ajv/conditionals.js +14 -0
  75. package/lib/assess/propagators/ajv/evaluator-shim.js +14 -0
  76. package/lib/assess/propagators/ajv/index.js +14 -0
  77. package/lib/assess/propagators/ajv/json-schema-type-evaluators.js +14 -0
  78. package/lib/assess/propagators/ajv/object-walk.js +14 -0
  79. package/lib/assess/propagators/ajv/refs.js +14 -0
  80. package/lib/assess/propagators/ajv/schema-context.js +14 -0
  81. package/lib/assess/propagators/array-prototype-join.js +14 -0
  82. package/lib/assess/propagators/common.js +14 -0
  83. package/lib/assess/propagators/dustjs/escape-html.js +14 -0
  84. package/lib/assess/propagators/dustjs/escape-js.js +14 -0
  85. package/lib/assess/propagators/ejs-template-generate-source.js +14 -0
  86. package/lib/assess/propagators/encode-uri/encode-uri-component.js +14 -0
  87. package/lib/assess/propagators/encode-uri/encode-uri.js +14 -0
  88. package/lib/assess/propagators/fastify-static/allowed-path.js +14 -0
  89. package/lib/assess/propagators/handlebars-compile.js +14 -0
  90. package/lib/assess/propagators/handlebars-escape-expresssion.js +14 -0
  91. package/lib/assess/propagators/index.js +14 -0
  92. package/lib/assess/propagators/joi/any.js +14 -0
  93. package/lib/assess/propagators/joi/boolean.js +14 -0
  94. package/lib/assess/propagators/joi/expression.js +14 -0
  95. package/lib/assess/propagators/joi/index.js +14 -0
  96. package/lib/assess/propagators/joi/keys.js +14 -0
  97. package/lib/assess/propagators/joi/number.js +14 -0
  98. package/lib/assess/propagators/joi/object.js +14 -0
  99. package/lib/assess/propagators/joi/string-base.js +14 -0
  100. package/lib/assess/propagators/joi/string-schema.js +14 -0
  101. package/lib/assess/propagators/joi/values.js +14 -0
  102. package/lib/assess/propagators/manager.js +14 -0
  103. package/lib/assess/propagators/mongoose/helpers.js +14 -0
  104. package/lib/assess/propagators/mongoose/index.js +14 -0
  105. package/lib/assess/propagators/mongoose/map.js +14 -0
  106. package/lib/assess/propagators/mongoose/mixed.js +14 -0
  107. package/lib/assess/propagators/mongoose/string.js +14 -0
  108. package/lib/assess/propagators/mustache/escape.js +14 -0
  109. package/lib/assess/propagators/number.js +14 -0
  110. package/lib/assess/propagators/object.js +14 -0
  111. package/lib/assess/propagators/path/basename.js +14 -0
  112. package/lib/assess/propagators/path/common.js +14 -0
  113. package/lib/assess/propagators/path/dirname.js +14 -0
  114. package/lib/assess/propagators/path/extname.js +14 -0
  115. package/lib/assess/propagators/path/format.js +14 -0
  116. package/lib/assess/propagators/path/join.js +14 -0
  117. package/lib/assess/propagators/path/normalize.js +14 -0
  118. package/lib/assess/propagators/path/parse.js +14 -0
  119. package/lib/assess/propagators/path/relative.js +14 -0
  120. package/lib/assess/propagators/path/resolve.js +14 -0
  121. package/lib/assess/propagators/path/to-namespaced-path.js +14 -0
  122. package/lib/assess/propagators/pug-compile.js +14 -0
  123. package/lib/assess/propagators/querystring/escape.js +14 -0
  124. package/lib/assess/propagators/querystring/parse.js +14 -0
  125. package/lib/assess/propagators/querystring/stringify.js +14 -0
  126. package/lib/assess/propagators/querystring/unescape.js +14 -0
  127. package/lib/assess/propagators/querystring/utils.js +14 -0
  128. package/lib/assess/propagators/sequelize/sql-string-escape.js +14 -0
  129. package/lib/assess/propagators/sequelize/sql-string-format-named-parameters.js +14 -0
  130. package/lib/assess/propagators/sequelize/sql-string-format.js +14 -0
  131. package/lib/assess/propagators/sequelize/utils.js +14 -0
  132. package/lib/assess/propagators/string-prototype-replace.js +14 -0
  133. package/lib/assess/propagators/string-prototype-split.js +14 -0
  134. package/lib/assess/propagators/string-prototype-trim.js +14 -0
  135. package/lib/assess/propagators/string.js +14 -0
  136. package/lib/assess/propagators/template-escape.js +14 -0
  137. package/lib/assess/propagators/templates.js +14 -0
  138. package/lib/assess/propagators/url/url-prototype-parse.js +14 -0
  139. package/lib/assess/propagators/url/url-url.js +14 -0
  140. package/lib/assess/propagators/url/utils.js +14 -0
  141. package/lib/assess/propagators/util/format.js +14 -0
  142. package/lib/assess/propagators/utils.js +14 -0
  143. package/lib/assess/propagators/v8/init-hooks.js +14 -0
  144. package/lib/assess/propagators/validator/init-hooks.js +14 -0
  145. package/lib/assess/propagators/validator/validator-methods.js +14 -0
  146. package/lib/assess/response-scanning/app-activity.js +14 -0
  147. package/lib/assess/response-scanning/autocomplete-missing.js +14 -0
  148. package/lib/assess/response-scanning/cache-controls-missing.js +14 -0
  149. package/lib/assess/response-scanning/clickjacking-control-missing.js +14 -0
  150. package/lib/assess/response-scanning/common.js +14 -0
  151. package/lib/assess/response-scanning/cookies/common.js +14 -0
  152. package/lib/assess/response-scanning/cookies/events.js +14 -0
  153. package/lib/assess/response-scanning/cookies/httponly.js +14 -0
  154. package/lib/assess/response-scanning/cookies/secure-flag-missing.js +14 -0
  155. package/lib/assess/response-scanning/headers/csp-header-insecure.js +14 -0
  156. package/lib/assess/response-scanning/headers/csp-header-missing.js +14 -0
  157. package/lib/assess/response-scanning/headers/csp-utils.js +14 -0
  158. package/lib/assess/response-scanning/headers/hsts-header-missing.js +14 -0
  159. package/lib/assess/response-scanning/headers/powered-by.js +14 -0
  160. package/lib/assess/response-scanning/headers/xcontenttype-header-missing.js +14 -0
  161. package/lib/assess/response-scanning/headers/xxssprotection-header-disabled.js +14 -0
  162. package/lib/assess/response-scanning/parameter-pollution.js +14 -0
  163. package/lib/assess/response-scanning/parseable-response-emitter.js +14 -0
  164. package/lib/assess/restify/index.js +14 -0
  165. package/lib/assess/restify/route-coverage.js +14 -0
  166. package/lib/assess/restify/session.js +14 -0
  167. package/lib/assess/restify/sinks/index.js +14 -0
  168. package/lib/assess/restify/sinks/response-scanning.js +14 -0
  169. package/lib/assess/restify/sinks/unvalidated-redirect.js +14 -0
  170. package/lib/assess/restify/sinks/xss.js +14 -0
  171. package/lib/assess/restify/sources.js +14 -0
  172. package/lib/assess/sinks/common.js +14 -0
  173. package/lib/assess/sinks/dustjs-linkedin-xss.js +14 -0
  174. package/lib/assess/sinks/dynamo.js +14 -0
  175. package/lib/assess/sinks/hapi-16-xss.js +14 -0
  176. package/lib/assess/sinks/index.js +14 -0
  177. package/lib/assess/sinks/libxmljs-xxe.js +14 -0
  178. package/lib/assess/sinks/mongodb.js +14 -0
  179. package/lib/assess/sinks/rethinkdb-nosql-injection.js +14 -0
  180. package/lib/assess/sinks/ssrf-url.js +14 -0
  181. package/lib/assess/sources/event-handler.js +16 -3
  182. package/lib/assess/sources/formidable.js +14 -0
  183. package/lib/assess/sources/index.js +14 -0
  184. package/lib/assess/spdy/index.js +14 -0
  185. package/lib/assess/spdy/sinks/index.js +14 -0
  186. package/lib/assess/spdy/sinks/xss.js +14 -0
  187. package/lib/assess/static/hardcoded.js +14 -0
  188. package/lib/assess/static/read-findings-from-cache.js +14 -0
  189. package/lib/assess/technologies/index.js +14 -0
  190. package/lib/assess/utils.js +14 -0
  191. package/lib/cli-rewriter/index.js +14 -0
  192. package/lib/constants.js +14 -0
  193. package/lib/contrast.js +17 -1
  194. package/lib/core/arch-components/dynamodb.js +14 -0
  195. package/lib/core/arch-components/dynamodbv3.js +14 -0
  196. package/lib/core/arch-components/index.js +14 -0
  197. package/lib/core/arch-components/mongodb.js +14 -0
  198. package/lib/core/arch-components/mysql.js +14 -0
  199. package/lib/core/arch-components/postgres.js +14 -0
  200. package/lib/core/arch-components/rethinkdb.js +14 -0
  201. package/lib/core/arch-components/sqlite3.js +14 -0
  202. package/lib/core/arch-components/util.js +14 -0
  203. package/lib/core/async-storage/context.js +14 -0
  204. package/lib/core/async-storage/hooks/bluebird.js +14 -0
  205. package/lib/core/async-storage/hooks/mongodb.js +14 -0
  206. package/lib/core/async-storage/hooks/mysql.js +14 -0
  207. package/lib/core/async-storage/hooks/redis.js +14 -0
  208. package/lib/core/async-storage/hooks/utils.js +14 -0
  209. package/lib/core/async-storage/index.js +14 -0
  210. package/lib/core/async-storage/scopes/index.js +14 -0
  211. package/lib/core/common/formidable.js +14 -0
  212. package/lib/core/common/index.js +14 -0
  213. package/lib/core/config/options.js +14 -0
  214. package/lib/core/config/util.js +14 -0
  215. package/lib/core/exclusions/exclusion-factory.js +14 -0
  216. package/lib/core/exclusions/exclusion.js +14 -0
  217. package/lib/core/exclusions/input.js +14 -0
  218. package/lib/core/exclusions/url.js +14 -0
  219. package/lib/core/express/index.js +14 -0
  220. package/lib/core/express/utils.js +14 -0
  221. package/lib/core/fastify/index.js +14 -0
  222. package/lib/core/fastify/utils.js +14 -0
  223. package/lib/core/hapi/index.js +14 -0
  224. package/lib/core/hapi/utils.js +14 -0
  225. package/lib/core/index.js +14 -0
  226. package/lib/core/koa/index.js +14 -0
  227. package/lib/core/koa/utils.js +14 -0
  228. package/lib/core/logger/daily-rotate-file.js +14 -0
  229. package/lib/core/logger/dataflow-monitor.js +14 -0
  230. package/lib/core/logger/debug-logger.js +14 -0
  231. package/lib/core/logger/index.js +14 -0
  232. package/lib/core/logger/perf-logger.js +14 -0
  233. package/lib/core/logger/umbrella-logger.js +14 -0
  234. package/lib/core/loopback4/index.js +14 -0
  235. package/lib/core/metrics/index.js +14 -0
  236. package/lib/core/restify/index.js +14 -0
  237. package/lib/core/restify/utils.js +14 -0
  238. package/lib/core/rewrite/assignment-expression.js +14 -0
  239. package/lib/core/rewrite/binary-expression.js +14 -0
  240. package/lib/core/rewrite/call-expression.js +14 -0
  241. package/lib/core/rewrite/callees.js +14 -0
  242. package/lib/core/rewrite/catch-clause.js +14 -0
  243. package/lib/core/rewrite/function-wrap.js +14 -0
  244. package/lib/core/rewrite/import-declaration.js +14 -0
  245. package/lib/core/rewrite/index.js +14 -0
  246. package/lib/core/rewrite/injections.js +14 -0
  247. package/lib/core/rewrite/is-contrast-method.js +14 -0
  248. package/lib/core/rewrite/log.js +14 -0
  249. package/lib/core/rewrite/member-expression.js +14 -0
  250. package/lib/core/rewrite/object-property.js +14 -0
  251. package/lib/core/rewrite/prepend-globals.js +14 -0
  252. package/lib/core/rewrite/rewrite-log.js +14 -0
  253. package/lib/core/rewrite/switch-statement.js +14 -0
  254. package/lib/core/rewrite/template-literal.js +14 -0
  255. package/lib/core/stacktrace.js +14 -0
  256. package/lib/coverage.js +14 -0
  257. package/lib/feature-set.js +14 -0
  258. package/lib/generator-function.js +14 -0
  259. package/lib/hooks/array.js +14 -0
  260. package/lib/hooks/cluster.js +14 -0
  261. package/lib/hooks/dataflow-monitor.js +14 -0
  262. package/lib/hooks/encoding.js +14 -0
  263. package/lib/hooks/express-fileupload.js +14 -0
  264. package/lib/hooks/express-session.js +14 -0
  265. package/lib/hooks/fn-to-string.js +14 -0
  266. package/lib/hooks/frameworks/base.js +14 -0
  267. package/lib/hooks/frameworks/common.js +14 -0
  268. package/lib/hooks/frameworks/hapi16.js +14 -0
  269. package/lib/hooks/frameworks/http.js +14 -0
  270. package/lib/hooks/frameworks/http2.js +14 -0
  271. package/lib/hooks/frameworks/index.js +14 -0
  272. package/lib/hooks/frameworks/spdy.js +14 -0
  273. package/lib/hooks/hapi-16-reply.js +14 -0
  274. package/lib/hooks/hapi-16-session.js +14 -0
  275. package/lib/hooks/http.js +18 -8
  276. package/lib/hooks/module/extensions.js +14 -0
  277. package/lib/hooks/module/helpers.js +14 -0
  278. package/lib/hooks/module/index.js +14 -0
  279. package/lib/hooks/newrelic.js +14 -0
  280. package/lib/hooks/object-is.js +14 -0
  281. package/lib/hooks/object-to-primitive.js +14 -0
  282. package/lib/hooks/patcher.js +14 -0
  283. package/lib/hooks/require.js +14 -0
  284. package/lib/hooks/stealthy-require.js +14 -0
  285. package/lib/instrumentation.js +14 -0
  286. package/lib/libraries.js +14 -0
  287. package/lib/library-usage.js +14 -0
  288. package/lib/list-installed.js +14 -0
  289. package/lib/protect/analysis/aho-corasick.js +14 -0
  290. package/lib/protect/analysis/dfsa-analyzer.js +14 -0
  291. package/lib/protect/errors/handler-async-errors.js +14 -0
  292. package/lib/protect/errors/handler.js +14 -0
  293. package/lib/protect/errors/security-exception.js +14 -0
  294. package/lib/protect/express/index.js +14 -0
  295. package/lib/protect/express/sinks.js +14 -0
  296. package/lib/protect/express/sources.js +14 -0
  297. package/lib/protect/express/utils.js +14 -0
  298. package/lib/protect/fastify/index.js +14 -0
  299. package/lib/protect/fastify/sinks.js +14 -0
  300. package/lib/protect/fastify/sources.js +14 -0
  301. package/lib/protect/hapi/error-handler.js +14 -0
  302. package/lib/protect/hapi/index.js +14 -0
  303. package/lib/protect/hapi/sinks.js +14 -0
  304. package/lib/protect/hapi/sources.js +14 -0
  305. package/lib/protect/index.js +14 -0
  306. package/lib/protect/input-analysis.js +14 -0
  307. package/lib/protect/koa/index.js +14 -0
  308. package/lib/protect/koa/sinks.js +14 -0
  309. package/lib/protect/koa/sources.js +14 -0
  310. package/lib/protect/listeners.js +14 -0
  311. package/lib/protect/loopback4/index.js +14 -0
  312. package/lib/protect/loopback4/sources.js +14 -0
  313. package/lib/protect/models/application-context.js +14 -0
  314. package/lib/protect/models/sink-event.js +14 -0
  315. package/lib/protect/models/source-event.js +14 -0
  316. package/lib/protect/restify/index.js +14 -0
  317. package/lib/protect/restify/sinks.js +14 -0
  318. package/lib/protect/restify/sources.js +14 -0
  319. package/lib/protect/rules/assessment.js +14 -0
  320. package/lib/protect/rules/attack-patterns.js +14 -0
  321. package/lib/protect/rules/base-scanner/index.js +14 -0
  322. package/lib/protect/rules/base-scanner/java-script-scanner.js +14 -0
  323. package/lib/protect/rules/base-scanner/postgresqlscanner.js +14 -0
  324. package/lib/protect/rules/base-scanner/scan-state.js +14 -0
  325. package/lib/protect/rules/base-scanner/substring-finder.js +14 -0
  326. package/lib/protect/rules/base-scanner/token-sequence.js +14 -0
  327. package/lib/protect/rules/bot-blocker/bot-blocker-rule.js +14 -0
  328. package/lib/protect/rules/bot-blocker/index.js +14 -0
  329. package/lib/protect/rules/cmd-injection/cmdinjection-rule.js +14 -0
  330. package/lib/protect/rules/cmd-injection-command-backdoors/backdoor-detector.js +14 -0
  331. package/lib/protect/rules/cmd-injection-command-backdoors/cmd-injection-command-backdoors-rule.js +14 -0
  332. package/lib/protect/rules/cmd-injection-semantic-chained-commands/chained-command-scanner.js +14 -0
  333. package/lib/protect/rules/cmd-injection-semantic-chained-commands/cmd-injection-semantic-chained-commands-rule.js +14 -0
  334. package/lib/protect/rules/cmd-injection-semantic-dangerous-paths/cmd-injection-semantic-dangerous-paths-rule.js +14 -0
  335. package/lib/protect/rules/cmd-injection-semantic-dangerous-paths/dangerous-paths-scanner.js +14 -0
  336. package/lib/protect/rules/common.js +14 -0
  337. package/lib/protect/rules/index.js +14 -0
  338. package/lib/protect/rules/ip-denylist/ip-denylist-rule.js +14 -0
  339. package/lib/protect/rules/method-tampering/evaluator.js +14 -0
  340. package/lib/protect/rules/method-tampering/method-tampering-rule.js +14 -0
  341. package/lib/protect/rules/nosqli/nosql-injection-rule.js +14 -0
  342. package/lib/protect/rules/nosqli/nosql-scanner/index.js +14 -0
  343. package/lib/protect/rules/nosqli/nosql-scanner/mongodbscanner.js +14 -0
  344. package/lib/protect/rules/nosqli/nosql-scanner/rethinkdbscanner.js +14 -0
  345. package/lib/protect/rules/path-traversal/path-traversal-rule.js +14 -0
  346. package/lib/protect/rules/rule-factory.js +14 -0
  347. package/lib/protect/rules/signatures/cmd-injection/custom-searchers/chained-command-searcher.js +14 -0
  348. package/lib/protect/rules/signatures/cmd-injection/custom-searchers/index.js +14 -0
  349. package/lib/protect/rules/signatures/cmd-injection/index.js +14 -0
  350. package/lib/protect/rules/signatures/evaluator.js +14 -0
  351. package/lib/protect/rules/signatures/index.js +14 -0
  352. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/index.js +14 -0
  353. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/nosql-comment-searcher.js +14 -0
  354. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/simple-or-searcher.js +14 -0
  355. package/lib/protect/rules/signatures/nosql-injection/index.js +14 -0
  356. package/lib/protect/rules/signatures/path-traversal/index.js +14 -0
  357. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/behavior-url-searcher.js +14 -0
  358. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/function-definition-searcher.js +14 -0
  359. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/immediate-function-searcher.js +14 -0
  360. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/index.js +14 -0
  361. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/link-and-src-target-searcher.js +14 -0
  362. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/location-set-searcher.js +14 -0
  363. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/map-access-searcher.js +14 -0
  364. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/native-function-execution-searcher.js +14 -0
  365. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/no-alnum-searcher.js +14 -0
  366. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/redefined-function-searcher.js +14 -0
  367. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/style-url-injection-searcher.js +14 -0
  368. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/variable-assignment-searcher.js +14 -0
  369. package/lib/protect/rules/signatures/reflected-xss/helpers/function-call.js +14 -0
  370. package/lib/protect/rules/signatures/reflected-xss/index.js +14 -0
  371. package/lib/protect/rules/signatures/signature.js +14 -0
  372. package/lib/protect/rules/signatures/sql-injection/custom-searchers/if-else-drop-searcher.js +14 -0
  373. package/lib/protect/rules/signatures/sql-injection/custom-searchers/index.js +14 -0
  374. package/lib/protect/rules/signatures/sql-injection/custom-searchers/simple-or-searcher.js +14 -0
  375. package/lib/protect/rules/signatures/sql-injection/custom-searchers/sql-comment-searcher.js +14 -0
  376. package/lib/protect/rules/signatures/sql-injection/custom-searchers/time-function-searcher.js +14 -0
  377. package/lib/protect/rules/signatures/sql-injection/custom-searchers/tsql-exec-searcher.js +14 -0
  378. package/lib/protect/rules/signatures/sql-injection/index.js +14 -0
  379. package/lib/protect/rules/signatures/ssjs-injection/index.js +14 -0
  380. package/lib/protect/rules/signatures/unsafe-file-upload/index.js +14 -0
  381. package/lib/protect/rules/signatures/untrusted-deserialization/index.js +14 -0
  382. package/lib/protect/rules/sqli/generic-complicated.js +14 -0
  383. package/lib/protect/rules/sqli/sql-injection-rule.js +14 -0
  384. package/lib/protect/rules/sqli/sql-scanner/index.js +14 -0
  385. package/lib/protect/rules/sqli/sql-scanner/mysql-scanner.js +14 -0
  386. package/lib/protect/rules/ssjs-injection/evaluator.js +14 -0
  387. package/lib/protect/rules/ssjs-injection/ssjsinjection-rule.js +14 -0
  388. package/lib/protect/rules/unsafe-file-upload/unsafe-file-upload-rule.js +14 -0
  389. package/lib/protect/rules/untrusted-deserialization/untrusted-deserialization-rule.js +14 -0
  390. package/lib/protect/rules/virtual-patch/index.js +14 -0
  391. package/lib/protect/rules/virtual-patch/utils.js +14 -0
  392. package/lib/protect/rules/virtual-patch/virtual-patch-rule.js +14 -0
  393. package/lib/protect/rules/xss/helpers/function-call.js +14 -0
  394. package/lib/protect/rules/xss/reflected-xss-rule.js +14 -0
  395. package/lib/protect/rules/xxe/xxerule.js +14 -0
  396. package/lib/protect/sample-aggregator.js +14 -0
  397. package/lib/protect/samples.js +14 -0
  398. package/lib/protect/service.js +14 -0
  399. package/lib/protect/sinks/child-process.js +14 -0
  400. package/lib/protect/sinks/eval.js +14 -0
  401. package/lib/protect/sinks/fs.js +14 -0
  402. package/lib/protect/sinks/function.js +14 -0
  403. package/lib/protect/sinks/index.js +14 -0
  404. package/lib/protect/sinks/libxmljs.js +14 -0
  405. package/lib/protect/sinks/mongodb.js +14 -0
  406. package/lib/protect/sinks/mysql.js +14 -0
  407. package/lib/protect/sinks/node-serialize.js +14 -0
  408. package/lib/protect/sinks/postgres.js +14 -0
  409. package/lib/protect/sinks/rethinkdb.js +14 -0
  410. package/lib/protect/sinks/sequelize.js +14 -0
  411. package/lib/protect/sinks/sqlite3.js +14 -0
  412. package/lib/protect/sinks/vm.js +14 -0
  413. package/lib/protect/sources/busboy.js +14 -0
  414. package/lib/protect/sources/formidable.js +14 -0
  415. package/lib/protect/sources/index.js +14 -0
  416. package/lib/protect/validators/authorization.js +14 -0
  417. package/lib/protect/validators/common.js +14 -0
  418. package/lib/protect/validators/connection.js +14 -0
  419. package/lib/protect/validators/content-length.js +14 -0
  420. package/lib/protect/validators/host.js +14 -0
  421. package/lib/protect/validators/if-none-match.js +14 -0
  422. package/lib/protect/validators/index.js +14 -0
  423. package/lib/protect/validators/origin.js +14 -0
  424. package/lib/reporter/app-activity-queue.js +14 -0
  425. package/lib/reporter/grpc-client.js +14 -0
  426. package/lib/reporter/messages/speedracer/activity.js +14 -0
  427. package/lib/reporter/messages/speedracer/application-create.js +14 -0
  428. package/lib/reporter/messages/speedracer/application-update.js +14 -0
  429. package/lib/reporter/messages/speedracer/base.js +14 -0
  430. package/lib/reporter/messages/speedracer/index.js +14 -0
  431. package/lib/reporter/messages/speedracer/observed-route.js +14 -0
  432. package/lib/reporter/messages/speedracer/poll.js +14 -0
  433. package/lib/reporter/messages/speedracer/request.js +14 -0
  434. package/lib/reporter/messages/speedracer/startup.js +14 -0
  435. package/lib/reporter/messaging-router.js +14 -0
  436. package/lib/reporter/models/app-activity/app-activity.js +14 -0
  437. package/lib/reporter/models/app-activity/attacker-activity.js +14 -0
  438. package/lib/reporter/models/app-activity/defend.js +14 -0
  439. package/lib/reporter/models/app-activity/inventory.js +14 -0
  440. package/lib/reporter/models/app-activity/protection-rule-activity.js +14 -0
  441. package/lib/reporter/models/app-activity/rule-events.js +14 -0
  442. package/lib/reporter/models/app-activity/sample.js +14 -0
  443. package/lib/reporter/models/app-activity/source.js +14 -0
  444. package/lib/reporter/models/app-activity/user-input.js +14 -0
  445. package/lib/reporter/models/app-create.js +14 -0
  446. package/lib/reporter/models/app-update/index.js +14 -0
  447. package/lib/reporter/models/app-update/library-manifest.js +14 -0
  448. package/lib/reporter/models/app-update/library-usage.js +14 -0
  449. package/lib/reporter/models/app-update/library.js +14 -0
  450. package/lib/reporter/models/event-tag.js +14 -0
  451. package/lib/reporter/models/finding/event.js +14 -0
  452. package/lib/reporter/models/finding/finding.js +14 -0
  453. package/lib/reporter/models/frameworks/express-request.js +14 -0
  454. package/lib/reporter/models/frameworks/fastify-request.js +14 -0
  455. package/lib/reporter/models/frameworks/hapi-request.js +14 -0
  456. package/lib/reporter/models/frameworks/index.js +14 -0
  457. package/lib/reporter/models/frameworks/koa-request.js +14 -0
  458. package/lib/reporter/models/frameworks/restify-request.js +14 -0
  459. package/lib/reporter/models/observed-route.js +14 -0
  460. package/lib/reporter/models/request.js +14 -0
  461. package/lib/reporter/models/route-coverage.js +14 -0
  462. package/lib/reporter/models/startup.js +14 -0
  463. package/lib/reporter/models/trace-event-source.js +14 -0
  464. package/lib/reporter/models/utils/request-factory.js +14 -0
  465. package/lib/reporter/models/utils/user-input-factory.js +14 -0
  466. package/lib/reporter/models/utils/user-input-kit.js +14 -0
  467. package/lib/reporter/mq-client.js +14 -0
  468. package/lib/reporter/server-activity-queue.js +14 -0
  469. package/lib/reporter/socket-client.js +14 -0
  470. package/lib/reporter/speedracer/base-connection-state.js +14 -0
  471. package/lib/reporter/speedracer/constants.js +14 -0
  472. package/lib/reporter/speedracer/failure-connection-state.js +14 -0
  473. package/lib/reporter/speedracer/index.js +14 -0
  474. package/lib/reporter/speedracer/success-connection-state.js +14 -0
  475. package/lib/reporter/speedracer/unknown-connection-state.js +14 -0
  476. package/lib/reporter/translations/enums.js +14 -0
  477. package/lib/reporter/translations/helpers.js +14 -0
  478. package/lib/reporter/translations/to-protobuf/dtm/activity.js +14 -0
  479. package/lib/reporter/translations/to-protobuf/dtm/address.js +14 -0
  480. package/lib/reporter/translations/to-protobuf/dtm/agent-startup.js +14 -0
  481. package/lib/reporter/translations/to-protobuf/dtm/application-create.js +14 -0
  482. package/lib/reporter/translations/to-protobuf/dtm/application-update.js +14 -0
  483. package/lib/reporter/translations/to-protobuf/dtm/architecture-component.js +14 -0
  484. package/lib/reporter/translations/to-protobuf/dtm/attack-result.js +14 -0
  485. package/lib/reporter/translations/to-protobuf/dtm/bot-blocker-details.js +14 -0
  486. package/lib/reporter/translations/to-protobuf/dtm/cmd-injection-details.js +14 -0
  487. package/lib/reporter/translations/to-protobuf/dtm/cmd-injection-semantic-analysis-details.js +14 -0
  488. package/lib/reporter/translations/to-protobuf/dtm/finding.js +14 -0
  489. package/lib/reporter/translations/to-protobuf/dtm/http-method-tampering-details.js +14 -0
  490. package/lib/reporter/translations/to-protobuf/dtm/http-request.js +14 -0
  491. package/lib/reporter/translations/to-protobuf/dtm/index.js +14 -0
  492. package/lib/reporter/translations/to-protobuf/dtm/ip-denylist-details.js +14 -0
  493. package/lib/reporter/translations/to-protobuf/dtm/library-usage-update.js +14 -0
  494. package/lib/reporter/translations/to-protobuf/dtm/no-sql-injection-details.js +14 -0
  495. package/lib/reporter/translations/to-protobuf/dtm/observed-route.js +14 -0
  496. package/lib/reporter/translations/to-protobuf/dtm/pair.js +14 -0
  497. package/lib/reporter/translations/to-protobuf/dtm/path-traversal-details.js +14 -0
  498. package/lib/reporter/translations/to-protobuf/dtm/poll.js +14 -0
  499. package/lib/reporter/translations/to-protobuf/dtm/rasp-rule-sample.js +14 -0
  500. package/lib/reporter/translations/to-protobuf/dtm/raw-request.js +14 -0
  501. package/lib/reporter/translations/to-protobuf/dtm/route-coverage.js +14 -0
  502. package/lib/reporter/translations/to-protobuf/dtm/simple-pair.js +14 -0
  503. package/lib/reporter/translations/to-protobuf/dtm/sql-injection-details.js +14 -0
  504. package/lib/reporter/translations/to-protobuf/dtm/ssjs-injection-details.js +14 -0
  505. package/lib/reporter/translations/to-protobuf/dtm/stack-trace-element.js +14 -0
  506. package/lib/reporter/translations/to-protobuf/dtm/trace-event/action.js +14 -0
  507. package/lib/reporter/translations/to-protobuf/dtm/trace-event/index.js +14 -0
  508. package/lib/reporter/translations/to-protobuf/dtm/trace-event/parent-object-id.js +14 -0
  509. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-object.js +14 -0
  510. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-signature.js +14 -0
  511. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-source.js +14 -0
  512. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-stack.js +14 -0
  513. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-taint-range.js +14 -0
  514. package/lib/reporter/translations/to-protobuf/dtm/trace-event/type.js +14 -0
  515. package/lib/reporter/translations/to-protobuf/dtm/untrusted-deserialization-details.js +14 -0
  516. package/lib/reporter/translations/to-protobuf/dtm/user-input.js +14 -0
  517. package/lib/reporter/translations/to-protobuf/dtm/virtual-patch-details.js +14 -0
  518. package/lib/reporter/translations/to-protobuf/dtm/xss-details.js +14 -0
  519. package/lib/reporter/translations/to-protobuf/dtm/xxe-details.js +14 -0
  520. package/lib/reporter/translations/to-protobuf/index.js +14 -0
  521. package/lib/reporter/translations/to-protobuf/settings/application-settings.js +14 -0
  522. package/lib/reporter/translations/to-protobuf/settings/assess-features.js +14 -0
  523. package/lib/reporter/translations/to-protobuf/settings/auth.js +14 -0
  524. package/lib/reporter/translations/to-protobuf/settings/bot-blocker.js +14 -0
  525. package/lib/reporter/translations/to-protobuf/settings/custom-rule-feature.js +14 -0
  526. package/lib/reporter/translations/to-protobuf/settings/defend-features.js +14 -0
  527. package/lib/reporter/translations/to-protobuf/settings/exclusions.js +14 -0
  528. package/lib/reporter/translations/to-protobuf/settings/index.js +14 -0
  529. package/lib/reporter/translations/to-protobuf/settings/input-analysis-result.js +14 -0
  530. package/lib/reporter/translations/to-protobuf/settings/inventory-features.js +14 -0
  531. package/lib/reporter/translations/to-protobuf/settings/ip-filter.js +14 -0
  532. package/lib/reporter/translations/to-protobuf/settings/log-enhancer.js +14 -0
  533. package/lib/reporter/translations/to-protobuf/settings/protection-rule.js +14 -0
  534. package/lib/reporter/translations/to-protobuf/settings/reaction.js +14 -0
  535. package/lib/reporter/translations/to-protobuf/settings/rule-definition.js +14 -0
  536. package/lib/reporter/translations/to-protobuf/settings/sampling.js +14 -0
  537. package/lib/reporter/translations/to-protobuf/settings/server-features.js +14 -0
  538. package/lib/reporter/translations/to-protobuf/settings/syslog.js +14 -0
  539. package/lib/reporter/translations/to-protobuf/settings/virtual-patch.js +14 -0
  540. package/lib/reporter/ts-reporter.js +14 -0
  541. package/lib/telemetry.js +14 -0
  542. package/lib/tracker.js +14 -0
  543. package/lib/util/base64.js +14 -0
  544. package/lib/util/bitset.js +14 -0
  545. package/lib/util/block-request.js +14 -0
  546. package/lib/util/callback-resolver.js +14 -0
  547. package/lib/util/clean-stack.js +14 -0
  548. package/lib/util/clean-string/brackets.js +14 -0
  549. package/lib/util/clean-string/clean-string-base.js +14 -0
  550. package/lib/util/clean-string/comments.js +14 -0
  551. package/lib/util/clean-string/concatenations.js +14 -0
  552. package/lib/util/clean-string/jsclean-string.js +14 -0
  553. package/lib/util/clean-string/placeholders.js +14 -0
  554. package/lib/util/clean-string/util.js +14 -0
  555. package/lib/util/colors.js +14 -0
  556. package/lib/util/config-diagnostics-utils.js +26 -1
  557. package/lib/util/file-finder.js +14 -0
  558. package/lib/util/get-file-type.js +14 -0
  559. package/lib/util/heap-dump.js +14 -0
  560. package/lib/util/html-util.js +14 -0
  561. package/lib/util/ip-analyzer.js +14 -0
  562. package/lib/util/is-agent-path.js +14 -0
  563. package/lib/util/is-contrast-error.js +14 -0
  564. package/lib/util/is-piped-to-dev.js +14 -0
  565. package/lib/util/is-string.js +14 -0
  566. package/lib/util/partial.js +14 -0
  567. package/lib/util/pkg-name.js +14 -0
  568. package/lib/util/request-util.js +14 -0
  569. package/lib/util/resolve-obj.js +14 -0
  570. package/lib/util/route-info.js +14 -0
  571. package/lib/util/some.js +14 -0
  572. package/lib/util/source-map.js +14 -0
  573. package/lib/util/static-rules.js +14 -0
  574. package/lib/util/trace-util.js +14 -0
  575. package/lib/util/traverse.js +14 -0
  576. package/lib/util/user-input-evaluator.js +14 -0
  577. package/lib/util/xml-analyzer/external-entity-finder.js +14 -0
  578. package/package.json +1 -1
  579. package/perf-logs.js +14 -0
  580. package/system-diagnostics.js +14 -0
package/lib/reporter/translations/to-protobuf/settings/server-features.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const { settings } = require('@contrast/protobuf-api');
package/lib/reporter/translations/to-protobuf/settings/syslog.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const { settings } = require('@contrast/protobuf-api');
package/lib/reporter/translations/to-protobuf/settings/virtual-patch.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const { settings } = require('@contrast/protobuf-api');
package/lib/reporter/ts-reporter.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  /**
2
16
  * This module is responsible for all of the agent's communication to TeamServer.
3
17
  * @module lib/reporter/tsReporter
package/lib/telemetry.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const { default: axios } = require('axios');
package/lib/tracker.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const logger = require('./core/logger')('contrast:tracker');
package/lib/util/base64.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  const base64util = exports;
2
16
 
3
17
  base64util.utf8ToBase64 = function(text) {
package/lib/util/bitset.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const bigInt = require('big-integer');
package/lib/util/block-request.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const {
package/lib/util/callback-resolver.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  /**
package/lib/util/clean-stack.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  /**
package/lib/util/clean-string/brackets.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const DOT = '.';
3
17
 
package/lib/util/clean-string/clean-string-base.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  /**
package/lib/util/clean-string/comments.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const os = require('os');
3
17
  const BLOCK = { START: '/*', END: '*/' };
package/lib/util/clean-string/concatenations.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const { searchTimesF, searchTimesR } = require('./util');
package/lib/util/clean-string/jsclean-string.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const Brackets = require('./brackets');
package/lib/util/clean-string/placeholders.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const BACKTICK = '`';
package/lib/util/clean-string/util.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  /**
package/lib/util/colors.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const util = require('util');
3
17
 
package/lib/util/config-diagnostics-utils.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const path = require('path');
@@ -100,7 +114,10 @@ function getProtectValues(option, config, tsData) {
100
114
  Source: 'ContrastUI',
101
115
  };
102
116
  } else if (option.name.includes('protect.rules') && option.name.includes('mode')) {
103
- const apiRule = tsData.protectionRulesList.find(r => r.id == option.name.split('.')[2]);
117
+ let apiRule;
118
+ if (tsData.protectionRulesList) {
119
+ apiRule = tsData.protectionRulesList.find(r => r.id == option.name.split('.')[2]);
120
+ }
104
121
 
105
122
  const apiMode = apiRule ? apiRule.mode : undefined;
106
123
  const ymlMode = config._flat[option.name];
@@ -185,6 +202,14 @@ function outputAgentConfigFile(agent, options, args, err) {
185
202
  effectiveConfig.Config.Status = 'Success';
186
203
  }
187
204
 
205
+ try {
206
+ fs.accessSync(path.join(args.output, '..'), fs.constants.RDWD_OK);
207
+ fs.writeFileSync(args.output, JSON.stringify(effectiveConfig, null, 2), 'utf-8');
208
+ } catch (err) {
209
+ // try to write the file at pwd instead
210
+ args.output = path.join(process.cwd(), 'contrast_effective_config.json');
211
+ }
212
+
188
213
  try {
189
214
  fs.accessSync(path.join(args.output, '..'), fs.constants.RDWD_OK);
190
215
  fs.writeFileSync(args.output, JSON.stringify(effectiveConfig, null, 2), 'utf-8');
package/lib/util/file-finder.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const fs = require('fs');
3
17
  const path = require('path');
package/lib/util/get-file-type.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const path = require('path');
package/lib/util/heap-dump.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const fs = require('fs');
package/lib/util/html-util.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  /**
2
16
  * @param {string} tag
3
17
  * @param {string} content
package/lib/util/ip-analyzer.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
 
3
17
  const address = require('ipaddr.js');
package/lib/util/is-agent-path.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const path = require('path');
3
17
  const agentPath = path.resolve(__dirname, '..', '..');
package/lib/util/is-contrast-error.js CHANGED
@@ -1 +1,15 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  module.exports = (err = {}) => !!err && err.type === 'contrast';
package/lib/util/is-piped-to-dev.js CHANGED
@@ -1,2 +1,16 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  module.exports = (string) => string.match(/^\/dev\//);
package/lib/util/is-string.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  /**
3
17
  * Checks if value is an instance of a String
package/lib/util/partial.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  /**
3
17
  * simulates what lodash partial would do but
package/lib/util/pkg-name.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const pkg = module.exports;
3
17
  let pkgName;
package/lib/util/request-util.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  'use strict';
2
16
  const ACCEPT_TYPES = ['image/', 'text/css', 'text/javascript'];
3
17
  const CONTENT_TYPES = [...ACCEPT_TYPES, 'application/javascript'];
package/lib/util/resolve-obj.js CHANGED
@@ -1,3 +1,17 @@
1
+ /**
2
+ Copyright: 2023 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
1
15
  /* (Foo, 'bar.baz') --> Foo.bar.baz */
2
16
  function resolveLastObj(obj, str) {
3
17
  return str.split('.').reduce(function(o, x) {