@contrast/agent 4.32.7 → 4.32.9

package/lib/assess/propagators/path/to-namespaced-path.js

@@ -18,6 +18,7 @@ const patcher = require('../../../hooks/patcher');
 const { PATCH_TYPES } = require('../../../constants');
 const moduleHook = require('../../../hooks/require');
 const { propagate } = require('./common');
+const { isString } = require('../../../util/is-string');
 
 const NAMESPACE_PREFIX = '\\\\?\\';
 const UNC_STR = 'UNC\\';
@@ -30,7 +31,7 @@ module.exports.handle = function handle() {
       post(data) {
         const { result } = data;
         // If the result doesn't start with \\? then no namespace was prepended.
-        if (!result.startsWith(NAMESPACE_PREFIX)) return;
+        if (!result || !isString(result) || !result.startsWith(NAMESPACE_PREFIX)) return;
         const resultMeta = {
           evaluator: (segmentOffset) => segmentOffset > -1,
           method: 'path.toNamespacedPath',

package/lib/core/config/options.js

@@ -44,10 +44,6 @@ const path = require('path');
 const util = require('util');
 const _ = require('lodash');
 
-const configPathEnvVars = {
-  path: 'CONTRAST_CONFIG_PATH',
-};
-
 /**
  * Takes strings "true"|"t" or "false"|"f" (case insensitive) and return the appropriate boolean.
  * If we can't match one of the two words, return true;
@@ -112,7 +108,7 @@ const misc = [
     name: 'configFile',
     abbrev: 'c',
     // special case this guy because it should be settable via ENV
-    env: configPathEnvVars.path,
+    env: 'CONTRAST_CONFIG_PATH',
     arg: '<path>',
     desc: 'set config file location. defaults to <app_root>/contrast_security.yaml',
   },
@@ -541,11 +537,9 @@ const agent = [
     name: 'agent.security_logger.level',
     arg: '<level>',
     fn: lowercase,
-    // NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but we do not let the user
-    // set emergency for whatever reason
-    enum: ['alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug'],
-    default: 'debug',
-    desc: 'security logging level (alert, crit, err, warning, notice, info, debug)',
+    enum: ['error', 'warn', 'debug', 'info', 'trace'],
+    default: 'error',
+    desc: 'security logging level (error, warn, debug, info, trace)',
   },
   {
     name: 'agent.security_logger.path',
@@ -580,23 +574,26 @@ const agent = [
   },
   {
     name: 'agent.security_logger.syslog.severity_exploited',
-    desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRIT/ERROR/WARNING/NOTICE/INFO/DEBUG',
-    enum: ['alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug'],
+    desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
+    default: 'notice',
     fn: lowercase,
   },
   {
     name: 'agent.security_logger.syslog.severity_blocked',
-    desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRIT/ERROR/WARNING/NOTICE/INFO/DEBUG',
-    enum: ['alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug'],
+    desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
+    default: 'notice',
     fn: lowercase,
   },
   {
     name: 'agent.security_logger.syslog.severity_probed',
-    desc: 'Set the log level of Probed attacks. Value options are ALERT/CRIT/ERROR/WARNING/NOTICE/INFO/DEBUG',
-    enum: ['alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug'],
+    desc: 'Set the log level of Probed attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
+    default: 'warning',
     fn: lowercase,
   },
   {
@@ -1019,7 +1016,6 @@ function getDefault(optionName) {
   return option.default;
 }
 
-module.exports.configPathEnvVars = configPathEnvVars;
 module.exports.options = options;
 module.exports.program = program;
 module.exports.clearBaseCase = clearBaseCase;

package/lib/core/config/util.js

@@ -24,7 +24,6 @@ const stringify = require('json-stable-stringify');
 
 const common = require('./options');
 const configOptions = common.options;
-const { configPathEnvVars } = common;
 const util = module.exports;
 
 /**
@@ -175,8 +174,7 @@ function checkConfigPath() {
 function getConfigPath(cliOptions) {
   return (
     cliOptions.configFile ||
-    process.env[configPathEnvVars.path] ||
-    process.env[configPathEnvVars.deprecated] ||
+    process.env['CONTRAST_CONFIG_PATH'] ||
     checkConfigPath()
   );
 }
@@ -372,9 +370,11 @@ util.Config = Config;
 util.setup = function setup(cliOptions, logger) {
   mergePM2Envs();
 
+  const { script, configFile } = cliOptions;
   const mergedCliOptions = mergeCliOptions(cliOptions, logger);
-  mergedCliOptions.script = cliOptions.script;
-  mergedCliOptions.configFile = cliOptions.configFile;
+  if (script) mergedCliOptions.script = script;
+  if (configFile) mergedCliOptions.configFile = configFile;
+
   mergedCliOptions.validate();
 
   return mergedCliOptions;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.32.7",
+  "version": "4.32.9",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -120,7 +120,7 @@
     "@bmacnaughton/string-generator": "^1.0.0",
     "@contrast/eslint-config": "^3.0.2",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
-    "@contrast/screener-service": "^1.12.13",
+    "@contrast/screener-service": "^1.12.14",
     "@hapi/boom": "file:test/mock/boom",
     "@hapi/hapi": "file:test/mock/hapi",
     "@ls-lint/ls-lint": "^1.11.2",