@contrast/agent 4.4.0-beta.0 → 4.5.2

package/lib/protect/analysis/aho-corasick.js

@@ -17,9 +17,16 @@ Copyright: 2021 Contrast Security, Inc
 // https://www.geeksforgeeks.org/aho-corasick-algorithm-pattern-searching/
 
 const a = 'a'.charCodeAt(0);
-const z = 'z'.charCodeAt(0);
 const A = 'A'.charCodeAt(0);
 const Z = 'Z'.charCodeAt(0);
+const l2u = a - A;
+
+// initialize the lower -> upper and upper -> lower translation array.
+const TRANSLATION = [];
+for (let byte = A; byte <= Z; byte++) {
+  // translate the uppercase character to lowercase
+  TRANSLATION[byte] = byte + l2u;
+}
 
 class AhoCorasick {
   constructor(words) {
@@ -28,16 +35,6 @@ class AhoCorasick {
     this.maxStates = 0;
     for (const word of words) {
       this.maxStates += word.length;
-      for (const char of word) {
-        // allow for any character to be upper or lower case. this could be
-        // restricted to certain words if desired, by changing the signature
-        // to {caseInsensitive, caseSensitive}.
-        if (char >= 'a' && char <= 'z') {
-          this.maxStates += 1;
-        } else if (char >= 'A' && char <= 'Z') {
-          this.maxStates += 1;
-        }
-      }
     }
 
     // can optimize this by trading off computation for space.
@@ -83,33 +80,17 @@ class AhoCorasick {
       let state = 0;
 
       // create transitions for all character of the current word
-      for (const byte of word) {
+      for (let byte of word) {
         if (byte & 0x80) {
           throw new Error('pattern character codes cannot exceed 127');
+        } else if (TRANSLATION[byte]) {
+          byte = TRANSLATION[byte];
         }
         if (this.goto[state][byte] === undefined) {
           this.goto[state][byte] = stateCount;
           stateCount += 1;
         }
-        const previousState = state;
         state = this.goto[state][byte];
-
-        // now make it case insensitive by mapping the alternate case to the
-        // same state as the original case.
-        let extra;
-        if (byte >= a && byte <= z) {
-          extra = byte - (a - A);
-        } else if (byte >= A && byte <= Z) {
-          extra = byte + (a - A);
-        } else {
-          continue;
-        }
-
-        if (this.goto[previousState][extra] === undefined) {
-          // transition to the state that the other case character transitioned
-          // to.
-          this.goto[previousState][extra] = stateCount - 1;
-        }
       }
 
       // add current word to terminal list
@@ -177,6 +158,8 @@ class AhoCorasick {
     // passes in. and they can be offset by the lowest charcode as well.
     if (byte >= this.maxChars) {
       byte = 0;
+    } else if (TRANSLATION[byte]) {
+      byte = TRANSLATION[byte];
     }
     let next = this.state;
     while (this.goto[next][byte] === undefined) {

package/lib/protect/rules/cmd-injection-command-backdoors/backdoor-detector.js

@@ -14,7 +14,7 @@ Copyright: 2021 Contrast Security, Inc
 */
 'use strict';
 const { INPUT_TYPES } = require('../common');
-const SINK_EXPLOIT_PATTERN = /(?:^|\\|\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)([-/].*)*[-/][a-zA-Z]*c/i;
+const SINK_EXPLOIT_PATTERN_START = /(?:^|\\|\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)/;
 const stripWhiteSpace = (str) => str.replace(/\s/g, '');
 const REQUEST_KEYS = {
   queryParams: INPUT_TYPES.QUERYSTRING,
@@ -96,8 +96,8 @@ module.exports = class BackdoorDetector {
     const normalizedParam = stripWhiteSpace(requestValue);
     return (
       normalizedParam === this.normalizedCmd ||
-      (SINK_EXPLOIT_PATTERN.test(this.normalizedCmd) &&
-        this.normalizedCmd.endsWith(normalizedParam))
+      (this.normalizedCmd.endsWith(normalizedParam) &&
+        SINK_EXPLOIT_PATTERN_START.test(this.normalizedCmd))
     );
   }
 };

package/lib/protect/rules/signatures/reflected-xss/helpers/function-call.js

@@ -73,7 +73,7 @@ class FunctionCall {
   hasMultipleUnquotedBarewords() {
     let rc = false;
     const QUOTES = new RegExp('[\'|"]');
-    const MULTI_WORDS = new RegExp('[a-zA-Z]+\\s+[a-zA-Z]+');
+    const MULTI_WORDS = new RegExp('[\\w\\s]+');
     if (!this.expression.match(QUOTES)) {
       rc = this.expression.match(MULTI_WORDS);
     }

package/lib/protect/rules/xss/helpers/function-call.js

@@ -72,7 +72,7 @@ class FunctionCall {
   hasMultipleUnquotedBarewords() {
     let rc = false;
     const QUOTES = new RegExp('[\'|"]');
-    const MULTI_WORDS = new RegExp('[a-zA-Z]+\\s+[a-zA-Z]+');
+    const MULTI_WORDS = new RegExp('[\\w\\s]+');
     if (!this.expression.match(QUOTES)) {
       rc = this.expression.match(MULTI_WORDS);
     }

package/lib/util/clean-stack.js

@@ -202,7 +202,7 @@ const makeFrame = (callsite) => {
       evalOrigin = CleanStack.formatFileName(callsite.getEvalOrigin());
       [, file, lineNumber, columnNumber] = callsite
         .getEvalOrigin()
-        .match(/\((.*?):(\d+):\d+\)/);
+        .match(/\((.{3,4095}?):(\d+):\d+\)/);
     }
 
     file = file || callsite.getFileName();

package/lib/util/clean-string/brackets.js

@@ -40,7 +40,7 @@ class Brackets {
 }
 
 /**
- * Coerces occurrances of substrings that look like
+ * Coerces occurrences of substrings that look like
  * bracket accessors (['abcd'], ["efgh"]) into their
  * dot-accessor equivalents (.abcd, .efgh).
  * @param {} str
@@ -58,8 +58,8 @@ function coerceToDotAccessors(str) {
   }
 
   const bracketed = str.substring(startIdx, stopIdx + 1);
-  const patt = /^\[\s*(?:`|'|")([a-zA-Z_]+[a-zA-Z0-9_]*)(?:`|'|")\s*\]$/;
-  const match = patt.exec(bracketed);
+  const pattern = /^\[\s*[`'"]([a-zA-Z_]+[a-zA-Z0-9_]*)[`'"]\s*]$/;
+  const match = pattern.exec(bracketed);
 
   return !match
     ? str

package/lib/util/clean-string/concatenations.js

@@ -109,7 +109,7 @@ class Concatenations {
 }
 
 /**
- * Captures the next string concatenation occurrance
+ * Captures the next string concatenation occurrence
  * within the instance's string value.
  * @param {} info
  * @param {} str

package/lib/util/clean-string/util.js

@@ -27,9 +27,8 @@ function searchTimesF(times, target, str, startIdx) {
 
   const coll = [];
   let counter = -1;
-  const stop = false;
 
-  while (0 < times - ++counter || stop) {
+  while (0 < times - ++counter) {
     const fromIndex =
       coll[counter - 1] !== undefined ? coll[counter - 1] : startIdx;
     const idx = str.indexOf(target, fromIndex + 1);

package/lib/util/ip-analyzer.js

@@ -66,7 +66,7 @@ const getReqAddresses = (req = {}) => {
  */
 const getForwardedFor = (req = {}) => {
   const header = req.headers && req.headers['x-forwarded-for'];
-  return header ? header.split(/\s*,\s*/) : [];
+  return header ? header.split(',').map((x) => x.trim()) : [];
 };
 
 /**

package/lib/util/some.js

@@ -0,0 +1,27 @@
+/**
+Copyright: 2021 Contrast Security, Inc
+  Contact: support@contrastsecurity.com
+  License: Commercial
+
+  NOTICE: This Software and the patented inventions embodied within may only be
+  used as part of Contrast Security’s commercial offerings. Even though it is
+  made available through public repositories, use of this Software is subject to
+  the applicable End User Licensing Agreement found at
+  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+  between Contrast Security and the End User. The Software may not be reverse
+  engineered, modified, repackaged, sold, redistributed or otherwise used in a
+  way not consistent with the End User License Agreement.
+*/
+function some(array, predicate) {
+  let index = -1;
+  const length = array == null ? 0 : array.length;
+
+  while (++index < length) {
+    if (predicate(array[index], index, array)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+module.exports = some;

package/lib/util/xml-analyzer/external-entity-finder.js

@@ -38,7 +38,7 @@ const UP_DIR_LINUX = '../';
 const UP_DIR_WIN = '..\\';
 const ENTITY_TYPES = { SYSTEM: 'SYSTEM', PUBLIC: 'PUBLIC' };
 
-const EXTERNAL_RX = /<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+(?:.*?)>/g;
+const EXTERNAL_RX = /<!ENTITY\s+[a-zA-Z0-f]+\s+(?:SYSTEM|PUBLIC)\s+"(.*?)"\s*>/g;
 // <!ENTITY name SYSTEM "URI">
 const SYSTEM_ID_REGEX = /<!ENTITY\s+([a-zA-Z0-9]+)\s+SYSTEM\s+"(.*?)"\s*>/;
 // <!ENTITY name PUBLIC "public_ID" "URI">

package/node_modules/unix-dgram/build/Makefile

@@ -308,8 +308,8 @@ ifeq ($(strip $(foreach prefix,$(NO_LOAD),\
 endif
 
 quiet_cmd_regen_makefile = ACTION Regenerating $@
-cmd_regen_makefile = cd $(srcdir); /opt/hostedtoolcache/node/12.22.6/x64/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py -fmake --ignore-environment "-Dlibrary=shared_library" "-Dvisibility=default" "-Dnode_root_dir=/home/runner/.cache/node-gyp/12.22.6" "-Dnode_gyp_dir=/opt/hostedtoolcache/node/12.22.6/x64/lib/node_modules/npm/node_modules/node-gyp" "-Dnode_lib_file=/home/runner/.cache/node-gyp/12.22.6/<(target_arch)/node.lib" "-Dmodule_root_dir=/home/runner/work/node-agent/node-agent/target/node_modules/unix-dgram" "-Dnode_engine=v8" "--depth=." "-Goutput_dir=." "--generator-output=build" -I/home/runner/work/node-agent/node-agent/target/node_modules/unix-dgram/build/config.gypi -I/opt/hostedtoolcache/node/12.22.6/x64/lib/node_modules/npm/node_modules/node-gyp/addon.gypi -I/home/runner/.cache/node-gyp/12.22.6/include/node/common.gypi "--toplevel-dir=." binding.gyp
-Makefile: $(srcdir)/binding.gyp $(srcdir)/../../../../../../../../opt/hostedtoolcache/node/12.22.6/x64/lib/node_modules/npm/node_modules/node-gyp/addon.gypi $(srcdir)/../../../../../../.cache/node-gyp/12.22.6/include/node/common.gypi $(srcdir)/build/config.gypi
+cmd_regen_makefile = cd $(srcdir); /opt/hostedtoolcache/node/12.22.7/x64/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py -fmake --ignore-environment "-Dlibrary=shared_library" "-Dvisibility=default" "-Dnode_root_dir=/home/runner/.cache/node-gyp/12.22.7" "-Dnode_gyp_dir=/opt/hostedtoolcache/node/12.22.7/x64/lib/node_modules/npm/node_modules/node-gyp" "-Dnode_lib_file=/home/runner/.cache/node-gyp/12.22.7/<(target_arch)/node.lib" "-Dmodule_root_dir=/home/runner/work/node-agent/node-agent/target/node_modules/unix-dgram" "-Dnode_engine=v8" "--depth=." "-Goutput_dir=." "--generator-output=build" -I/home/runner/work/node-agent/node-agent/target/node_modules/unix-dgram/build/config.gypi -I/opt/hostedtoolcache/node/12.22.7/x64/lib/node_modules/npm/node_modules/node-gyp/addon.gypi -I/home/runner/.cache/node-gyp/12.22.7/include/node/common.gypi "--toplevel-dir=." binding.gyp
+Makefile: $(srcdir)/../../../../../../.cache/node-gyp/12.22.7/include/node/common.gypi $(srcdir)/../../../../../../../../opt/hostedtoolcache/node/12.22.7/x64/lib/node_modules/npm/node_modules/node-gyp/addon.gypi $(srcdir)/build/config.gypi $(srcdir)/binding.gyp
 	$(call do_cmd,regen_makefile)
 
 # "all" is a concatenation of the "all" targets from all the included

package/node_modules/unix-dgram/build/Release/.deps/Release/obj.target/unix_dgram/src/unix_dgram.o.d

@@ -1,23 +1,23 @@
-cmd_Release/obj.target/unix_dgram/src/unix_dgram.o := g++ '-DNODE_GYP_MODULE_NAME=unix_dgram' '-DUSING_UV_SHARED=1' '-DUSING_V8_SHARED=1' '-DV8_DEPRECATION_WARNINGS=1' '-DV8_DEPRECATION_WARNINGS' '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-D__STDC_FORMAT_MACROS' '-DOPENSSL_NO_PINSHARED' '-DOPENSSL_THREADS' '-DBUILDING_NODE_EXTENSION' -I/home/runner/.cache/node-gyp/12.22.6/include/node -I/home/runner/.cache/node-gyp/12.22.6/src -I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/config -I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/openssl/include -I/home/runner/.cache/node-gyp/12.22.6/deps/uv/include -I/home/runner/.cache/node-gyp/12.22.6/deps/zlib -I/home/runner/.cache/node-gyp/12.22.6/deps/v8/include -I../../nan  -fPIC -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++1y -MMD -MF ./Release/.deps/Release/obj.target/unix_dgram/src/unix_dgram.o.d.raw   -c -o Release/obj.target/unix_dgram/src/unix_dgram.o ../src/unix_dgram.cc
+cmd_Release/obj.target/unix_dgram/src/unix_dgram.o := g++ '-DNODE_GYP_MODULE_NAME=unix_dgram' '-DUSING_UV_SHARED=1' '-DUSING_V8_SHARED=1' '-DV8_DEPRECATION_WARNINGS=1' '-DV8_DEPRECATION_WARNINGS' '-DV8_IMMINENT_DEPRECATION_WARNINGS' '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-D__STDC_FORMAT_MACROS' '-DOPENSSL_NO_PINSHARED' '-DOPENSSL_THREADS' '-DBUILDING_NODE_EXTENSION' -I/home/runner/.cache/node-gyp/12.22.7/include/node -I/home/runner/.cache/node-gyp/12.22.7/src -I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/config -I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/openssl/include -I/home/runner/.cache/node-gyp/12.22.7/deps/uv/include -I/home/runner/.cache/node-gyp/12.22.7/deps/zlib -I/home/runner/.cache/node-gyp/12.22.7/deps/v8/include -I../../nan  -fPIC -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++1y -MMD -MF ./Release/.deps/Release/obj.target/unix_dgram/src/unix_dgram.o.d.raw   -c -o Release/obj.target/unix_dgram/src/unix_dgram.o ../src/unix_dgram.cc
 Release/obj.target/unix_dgram/src/unix_dgram.o: ../src/unix_dgram.cc \
  ../../nan/nan.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node_version.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv/errno.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv/version.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv/unix.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv/threadpool.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/uv/linux.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/v8.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/v8-internal.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/v8-version.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/v8config.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/v8-platform.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node_version.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node_buffer.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node.h \
- /home/runner/.cache/node-gyp/12.22.6/include/node/node_object_wrap.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node_version.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv/errno.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv/version.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv/unix.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv/threadpool.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/uv/linux.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/v8.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/v8-internal.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/v8-version.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/v8config.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/v8-platform.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node_version.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node_buffer.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node.h \
+ /home/runner/.cache/node-gyp/12.22.7/include/node/node_object_wrap.h \
  ../../nan/nan_callbacks.h ../../nan/nan_callbacks_12_inl.h \
  ../../nan/nan_maybe_43_inl.h ../../nan/nan_converters.h \
  ../../nan/nan_converters_43_inl.h ../../nan/nan_new.h \
@@ -26,23 +26,23 @@ Release/obj.target/unix_dgram/src/unix_dgram.o: ../src/unix_dgram.cc \
  ../../nan/nan_typedarray_contents.h ../../nan/nan_json.h
 ../src/unix_dgram.cc:
 ../../nan/nan.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node_version.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv/errno.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv/version.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv/unix.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv/threadpool.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/uv/linux.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/v8.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/v8-internal.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/v8-version.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/v8config.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/v8-platform.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node_version.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node_buffer.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node.h:
-/home/runner/.cache/node-gyp/12.22.6/include/node/node_object_wrap.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node_version.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv/errno.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv/version.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv/unix.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv/threadpool.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/uv/linux.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/v8.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/v8-internal.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/v8-version.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/v8config.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/v8-platform.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node_version.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node_buffer.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node.h:
+/home/runner/.cache/node-gyp/12.22.7/include/node/node_object_wrap.h:
 ../../nan/nan_callbacks.h:
 ../../nan/nan_callbacks_12_inl.h:
 ../../nan/nan_maybe_43_inl.h:

package/node_modules/unix-dgram/build/config.gypi

@@ -76,7 +76,7 @@
     "v8_use_siphash": 1,
     "v8_use_snapshot": 1,
     "want_separate_host_toolset": 0,
-    "nodedir": "/home/runner/.cache/node-gyp/12.22.6",
+    "nodedir": "/home/runner/.cache/node-gyp/12.22.7",
     "standalone_static_library": 1,
     "dmode": "493",
     "cache_lock_stale": "60000",
@@ -84,7 +84,7 @@
     "legacy_bundling": "",
     "sign_git_tag": "",
     "fmode": "420",
-    "user_agent": "npm/6.14.15 node/v12.22.6 linux x64 ci/github-actions",
+    "user_agent": "npm/6.14.15 node/v12.22.7 linux x64 ci/github-actions",
     "always_auth": "",
     "bin_links": "true",
     "key": "",
@@ -126,7 +126,7 @@
     "progress": "",
     "https_proxy": "",
     "save_prod": "",
-    "npm_session": "122c0d87d87563f8",
+    "npm_session": "3f130026df618e76",
     "audit": "true",
     "cidr": "",
     "onload_script": "",
@@ -137,7 +137,7 @@
     "shell": "bash",
     "dry_run": "",
     "format_package_lock": "true",
-    "prefix": "/opt/hostedtoolcache/node/12.22.6/x64",
+    "prefix": "/opt/hostedtoolcache/node/12.22.7/x64",
     "scope": "",
     "browser": "",
     "cache_lock_wait": "10000",
@@ -154,7 +154,7 @@
     "version": "",
     "local_address": "",
     "viewer": "man",
-    "node_gyp": "/opt/hostedtoolcache/node/12.22.6/x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js",
+    "node_gyp": "/opt/hostedtoolcache/node/12.22.7/x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js",
     "audit_level": "low",
     "prefer_offline": "",
     "color": "true",
@@ -183,7 +183,7 @@
     "unsafe_perm": "true",
     "update_notifier": "true",
     "auth_type": "legacy",
-    "node_version": "12.22.6",
+    "node_version": "12.22.7",
     "tag": "latest",
     "git_tag_version": "true",
     "commit_hooks": "true",
@@ -193,10 +193,10 @@
     "save_exact": "",
     "strict_ssl": "true",
     "dev": "",
-    "globalconfig": "/opt/hostedtoolcache/node/12.22.6/x64/etc/npmrc",
+    "globalconfig": "/opt/hostedtoolcache/node/12.22.7/x64/etc/npmrc",
     "init_module": "/home/runner/.npm-init.js",
     "parseable": "",
-    "globalignorefile": "/opt/hostedtoolcache/node/12.22.6/x64/etc/npmignore",
+    "globalignorefile": "/opt/hostedtoolcache/node/12.22.7/x64/etc/npmignore",
     "cache_lock_retries": "10",
     "searchstaleness": "900",
     "log": "",

package/node_modules/unix-dgram/build/unix_dgram.target.mk

@@ -40,13 +40,13 @@ CFLAGS_CC_Debug := \
 	-std=gnu++1y
 
 INCS_Debug := \
-	-I/home/runner/.cache/node-gyp/12.22.6/include/node \
-	-I/home/runner/.cache/node-gyp/12.22.6/src \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/config \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/openssl/include \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/uv/include \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/zlib \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/v8/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/include/node \
+	-I/home/runner/.cache/node-gyp/12.22.7/src \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/config \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/openssl/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/uv/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/zlib \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/v8/include \
 	-I$(srcdir)/../nan
 
 DEFS_Release := \
@@ -84,13 +84,13 @@ CFLAGS_CC_Release := \
 	-std=gnu++1y
 
 INCS_Release := \
-	-I/home/runner/.cache/node-gyp/12.22.6/include/node \
-	-I/home/runner/.cache/node-gyp/12.22.6/src \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/config \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/openssl/openssl/include \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/uv/include \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/zlib \
-	-I/home/runner/.cache/node-gyp/12.22.6/deps/v8/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/include/node \
+	-I/home/runner/.cache/node-gyp/12.22.7/src \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/config \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/openssl/openssl/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/uv/include \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/zlib \
+	-I/home/runner/.cache/node-gyp/12.22.7/deps/v8/include \
 	-I$(srcdir)/../nan
 
 OBJS := \

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.4.0-beta.0",
+  "version": "4.5.2",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -74,7 +74,7 @@
     "@contrast/fn-inspect": "^2.4.2",
     "@contrast/heapdump": "^1.1.0",
     "@contrast/protobuf-api": "^3.2.0",
-    "@contrast/require-hook": "^2.0.4",
+    "@contrast/require-hook": "^2.0.5",
     "@contrast/synchronous-source-maps": "^1.1.0",
     "amqp-connection-manager": "^3.2.2",
     "amqplib": "^0.8.0",
@@ -109,6 +109,7 @@
     "yaml": "^1.10.0"
   },
   "devDependencies": {
+    "@aws-sdk/client-dynamodb": "^3.39.0",
     "@bmacnaughton/string-generator": "^1.0.0",
     "@contrast/eslint-config": "^2.0.1",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
@@ -129,6 +130,7 @@
     "config": "^3.3.3",
     "csv-writer": "^1.2.0",
     "deasync": "^0.1.20",
+    "ejs": "^3.1.6",
     "escape-html": "^1.0.3",
     "eslint": "^5.16.0",
     "eslint-config-prettier": "^6.11.0",