@contrast/agent 4.32.19 → 4.33.0

package/lib/assess/response-scanning/parseable-response-emitter.js

@@ -16,6 +16,8 @@ Copyright: 2023 Contrast Security, Inc
 
 const agentEmitter = require('../../agent-emitter');
 const httpCommon = require('./common');
+const logger = require('../../core/logger')('contrast:response-scanning');
+
 let setup = false;
 
 module.exports = {
@@ -25,16 +27,20 @@ module.exports = {
     }
     // TODO add generic res.end hook
     agentEmitter.on('send', function({ request, responseHeaders, body }) {
-      // not setting default value in arg because null does not evaluate to false
-      body = body || '';
+      if (typeof body !== 'object' || body === null) {
+        // not setting default value in arg because null does not evaluate to false
+        body = body || '';
 
-      if (httpCommon.isParseableResponse(responseHeaders)) {
-        agentEmitter.emit('parseableResponse', {
-          request,
-          responseHeaders,
-          body,
-          bodyLC: body.toLowerCase()
-        });
+        if (httpCommon.isParseableResponse(responseHeaders)) {
+          agentEmitter.emit('parseableResponse', {
+            request,
+            responseHeaders,
+            body,
+            bodyLC: body.toLowerCase()
+          });
+        }
+      } else {
+        logger.warn('The contrast agent expects the response body to be a string or null.');
       }
     });
 

package/lib/core/config/util.js

@@ -194,7 +194,7 @@ function readConfig(cliOptions, logger) {
 
   if (configPath) {
     try {
-      fileContents = fs.readFileSync(path.resolve(configPath), 'utf-8');
+      fileContents = fs.readFileSync(path.resolve(configPath)).toString('utf-8');
     } catch (e) {
       logger.error(`Unable to read config file. ${e.message}`);
     }

package/lib/library-usage.js

@@ -15,12 +15,14 @@ Copyright: 2023 Contrast Security, Inc
 'use strict';
 
 const path = require('path');
+const semver = require('semver');
 const { setCodeEventListener } = require('@contrast/fn-inspect');
 const agentEmitter = require('./agent-emitter');
 const logger = require('./core/logger')('contrast:library-usage');
 const LibraryUsage = require('./reporter/models/app-update/library-usage');
 
 const reportedFiles = new Set();
+const type = semver.gte(process.version, '20.0.0') ? 'Function' : 'LazyCompile';
 
 /**
  * start listening for v8 code events
@@ -30,7 +32,7 @@ module.exports.listen = function(evalInterval = 1) {
   const handler = (codeEvent) => {
     try {
       if (
-        codeEvent.type !== 'LazyCompile' ||
+        codeEvent.type !== type ||
         codeEvent.script.indexOf(`node_modules${path.sep}`) === -1 ||
         reportedFiles.has(codeEvent.script)
       ) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.32.19",
+  "version": "4.33.0",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -81,9 +81,9 @@
     "@babel/types": "^7.12.1",
     "@contrast/agent-lib": "^4.3.0",
     "@contrast/cls-hooked": "^4.3.1",
-    "@contrast/distringuish": "^4.2.1",
+    "@contrast/distringuish": "^4.4.0",
     "@contrast/flat": "^4.1.1",
-    "@contrast/fn-inspect": "^3.1.0",
+    "@contrast/fn-inspect": "^3.4.0",
     "@contrast/protobuf-api": "^3.2.5",
     "@contrast/require-hook": "^3.2.3",
     "@contrast/synchronous-source-maps": "^1.1.0",
@@ -199,7 +199,7 @@
     "test": "test"
   },
   "engines": {
-    "node": ">=12.13.0 <13 || >=14.15.0 <15 || >=16.9.1 <17 || >=18.7.0 <19",
+    "node": ">=12.13.0 <13 || >=14.15.0 <15 || >=16.9.1 <17 || >=18.7.0 <19 || >=20.5.0 <21",
     "npm": ">=6.13.7 <7 || >=7.11.0"
   },
   "bundleDependencies": [