npm - @contrast/agent - Versions diffs - 4.5.0 → 4.7.0 - Mend

@contrast/agent 4.5.0 → 4.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/bin/VERSION +1 -1
package/bin/linux/contrast-service +0 -0
package/bin/mac/contrast-service +0 -0
package/bin/windows/contrast-service.exe +0 -0
package/lib/assess/membrane/source-membrane.js +4 -18
package/lib/assess/policy/propagators.json +11 -21
package/lib/assess/policy/rules.json +5 -0
package/lib/assess/policy/signatures.json +15 -0
package/lib/assess/propagators/dustjs/escape-html.js +22 -0
package/lib/assess/propagators/dustjs/escape-js.js +22 -0
package/lib/assess/propagators/encode-uri/encode-uri-component.js +22 -0
package/lib/assess/propagators/encode-uri/encode-uri.js +22 -0
package/lib/assess/propagators/index.js +0 -2
package/lib/assess/propagators/joi/values.js +26 -11
package/lib/assess/propagators/mustache/escape.js +22 -0
package/lib/assess/propagators/path/common.js +155 -46
package/lib/assess/propagators/path/join.js +5 -1
package/lib/assess/propagators/path/normalize.js +1 -2
package/lib/assess/propagators/path/resolve.js +11 -2
package/lib/assess/propagators/template-escape.js +84 -0
package/lib/assess/propagators/templates.js +2 -3
package/lib/assess/sinks/dustjs-linkedin-xss.js +131 -0
package/lib/core/arch-components/dynamodb.js +1 -2
package/lib/core/arch-components/dynamodbv3.js +44 -0
package/lib/core/arch-components/index.js +1 -0
package/lib/core/arch-components/rethinkdb.js +53 -0
package/lib/core/async-storage/hooks/bluebird.js +20 -0
package/lib/core/config/options.js +2 -1
package/lib/core/stacktrace.js +3 -4
package/lib/feature-set.js +2 -1
package/lib/hooks/frameworks/base.js +8 -2
package/lib/hooks/frameworks/http.js +23 -16
package/lib/hooks/frameworks/http2.js +73 -0
package/lib/hooks/frameworks/index.js +8 -3
package/lib/hooks/http.js +112 -128
package/lib/hooks/patcher.js +69 -48
package/lib/hooks/require.js +16 -22
package/lib/instrumentation.js +0 -3
package/lib/protect/rules/cmd-injection-command-backdoors/backdoor-detector.js +3 -3
package/lib/protect/rules/signatures/reflected-xss/helpers/function-call.js +1 -1
package/lib/protect/rules/xss/helpers/function-call.js +1 -1
package/lib/util/clean-stack.js +1 -1
package/lib/util/clean-string/brackets.js +3 -3
package/lib/util/ip-analyzer.js +1 -1
package/lib/util/some.js +27 -0
package/lib/util/source-map.js +1 -1
package/lib/util/xml-analyzer/external-entity-finder.js +1 -1
package/package.json +14 -16
package/lib/hooks/frameworks/https.js +0 -42
package/node_modules/bindings/LICENSE.md +0 -22
package/node_modules/bindings/README.md +0 -98
package/node_modules/bindings/bindings.js +0 -221
package/node_modules/bindings/package.json +0 -32
package/node_modules/file-uri-to-path/.npmignore +0 -1
package/node_modules/file-uri-to-path/.travis.yml +0 -30
package/node_modules/file-uri-to-path/History.md +0 -21
package/node_modules/file-uri-to-path/LICENSE +0 -20
package/node_modules/file-uri-to-path/README.md +0 -74
package/node_modules/file-uri-to-path/index.d.ts +0 -2
package/node_modules/file-uri-to-path/index.js +0 -66
package/node_modules/file-uri-to-path/package.json +0 -36
package/node_modules/file-uri-to-path/test/test.js +0 -24
package/node_modules/file-uri-to-path/test/tests.json +0 -13
package/node_modules/glossy/LICENSE +0 -19
package/node_modules/glossy/README.md +0 -129
package/node_modules/glossy/index.js +0 -12
package/node_modules/glossy/lib/glossy/parse.js +0 -520
package/node_modules/glossy/lib/glossy/produce.js +0 -459
package/node_modules/glossy/package.json +0 -47
package/node_modules/glossy/test/decide.js +0 -7
package/node_modules/glossy/test/decode_pri.js +0 -24
package/node_modules/glossy/test/parse_3164.js +0 -104
package/node_modules/glossy/test/parse_5424.js +0 -106
package/node_modules/glossy/test/parse_5848.js +0 -40
package/node_modules/glossy/test/parse_8601.js +0 -14
package/node_modules/glossy/test/parse_rfc3339.js +0 -9
package/node_modules/glossy/test/produce.js +0 -162
package/node_modules/glossy/test/runner.js +0 -40
package/node_modules/glossy/test/structure_data.js +0 -24
package/node_modules/nan/CHANGELOG.md +0 -537
package/node_modules/nan/LICENSE.md +0 -13
package/node_modules/nan/README.md +0 -455
package/node_modules/nan/doc/asyncworker.md +0 -146
package/node_modules/nan/doc/buffers.md +0 -54
package/node_modules/nan/doc/callback.md +0 -76
package/node_modules/nan/doc/converters.md +0 -41
package/node_modules/nan/doc/errors.md +0 -226
package/node_modules/nan/doc/json.md +0 -62
package/node_modules/nan/doc/maybe_types.md +0 -583
package/node_modules/nan/doc/methods.md +0 -664
package/node_modules/nan/doc/new.md +0 -147
package/node_modules/nan/doc/node_misc.md +0 -123
package/node_modules/nan/doc/object_wrappers.md +0 -263
package/node_modules/nan/doc/persistent.md +0 -296
package/node_modules/nan/doc/scopes.md +0 -73
package/node_modules/nan/doc/script.md +0 -38
package/node_modules/nan/doc/string_bytes.md +0 -62
package/node_modules/nan/doc/v8_internals.md +0 -199
package/node_modules/nan/doc/v8_misc.md +0 -85
package/node_modules/nan/include_dirs.js +0 -1
package/node_modules/nan/nan.h +0 -2898
package/node_modules/nan/nan_callbacks.h +0 -88
package/node_modules/nan/nan_callbacks_12_inl.h +0 -514
package/node_modules/nan/nan_callbacks_pre_12_inl.h +0 -520
package/node_modules/nan/nan_converters.h +0 -72
package/node_modules/nan/nan_converters_43_inl.h +0 -68
package/node_modules/nan/nan_converters_pre_43_inl.h +0 -42
package/node_modules/nan/nan_define_own_property_helper.h +0 -29
package/node_modules/nan/nan_implementation_12_inl.h +0 -430
package/node_modules/nan/nan_implementation_pre_12_inl.h +0 -263
package/node_modules/nan/nan_json.h +0 -166
package/node_modules/nan/nan_maybe_43_inl.h +0 -356
package/node_modules/nan/nan_maybe_pre_43_inl.h +0 -268
package/node_modules/nan/nan_new.h +0 -340
package/node_modules/nan/nan_object_wrap.h +0 -156
package/node_modules/nan/nan_persistent_12_inl.h +0 -132
package/node_modules/nan/nan_persistent_pre_12_inl.h +0 -242
package/node_modules/nan/nan_private.h +0 -73
package/node_modules/nan/nan_string_bytes.h +0 -305
package/node_modules/nan/nan_typedarray_contents.h +0 -96
package/node_modules/nan/nan_weak.h +0 -437
package/node_modules/nan/package.json +0 -41
package/node_modules/nan/tools/1to2.js +0 -412
package/node_modules/nan/tools/README.md +0 -14
package/node_modules/nan/tools/package.json +0 -19
package/node_modules/unix-dgram/LICENSE +0 -13
package/node_modules/unix-dgram/README.md +0 -107
package/node_modules/unix-dgram/binding.gyp +0 -20
package/node_modules/unix-dgram/build/Makefile +0 -324
package/node_modules/unix-dgram/build/Release/.deps/Release/obj.target/unix_dgram/src/unix_dgram.o.d +0 -58
package/node_modules/unix-dgram/build/Release/.deps/Release/obj.target/unix_dgram.node.d +0 -1
package/node_modules/unix-dgram/build/Release/.deps/Release/unix_dgram.node.d +0 -1
package/node_modules/unix-dgram/build/Release/obj.target/unix_dgram/src/unix_dgram.o +0 -0
package/node_modules/unix-dgram/build/Release/obj.target/unix_dgram.node +0 -0
package/node_modules/unix-dgram/build/Release/unix_dgram.node +0 -0
package/node_modules/unix-dgram/build/binding.Makefile +0 -6
package/node_modules/unix-dgram/build/config.gypi +0 -213
package/node_modules/unix-dgram/build/unix_dgram.target.mk +0 -159
package/node_modules/unix-dgram/lib/unix_dgram.js +0 -168
package/node_modules/unix-dgram/package.json +0 -36
package/node_modules/unix-dgram/src/unix_dgram.cc +0 -404
package/node_modules/unix-dgram/src/win_dummy.cc +0 -7
package/node_modules/unix-dgram/test/test-connect-callback.js +0 -68
package/node_modules/unix-dgram/test/test-connect.js +0 -53
package/node_modules/unix-dgram/test/test-dgram-unix.js +0 -58
package/node_modules/unix-dgram/test/test-send-error.js +0 -26
package/node_modules/winston-syslog/.eslintrc +0 -7
package/node_modules/winston-syslog/.travis.yml +0 -14
package/node_modules/winston-syslog/CHANGELOG.md +0 -9
package/node_modules/winston-syslog/LICENSE +0 -20
package/node_modules/winston-syslog/README.md +0 -135
package/node_modules/winston-syslog/lib/utils.js +0 -26
package/node_modules/winston-syslog/lib/winston-syslog.js +0 -385
package/node_modules/winston-syslog/package.json +0 -56
package/node_modules/winston-syslog/test/format-test.js +0 -122
package/node_modules/winston-syslog/test/syslog-test.js +0 -95
package/node_modules/winston-syslog/test/unix-connect-test.js +0 -133

package/node_modules/nan/doc/v8_misc.md DELETED Viewed

@@ -1,85 +0,0 @@
-## Miscellaneous V8 Helpers
- - <a href="#api_nan_utf8_string"><b><code>Nan::Utf8String</code></b></a>
- - <a href="#api_nan_get_current_context"><b><code>Nan::GetCurrentContext()</code></b></a>
- - <a href="#api_nan_set_isolate_data"><b><code>Nan::SetIsolateData()</code></b></a>
- - <a href="#api_nan_get_isolate_data"><b><code>Nan::GetIsolateData()</code></b></a>
- - <a href="#api_nan_typedarray_contents"><b><code>Nan::TypedArrayContents</code></b></a>
-<a name="api_nan_utf8_string"></a>
-### Nan::Utf8String
-Converts an object to a UTF-8-encoded character array. If conversion to a string fails (e.g. due to an exception in the toString() method of the object) then the length() method returns 0 and the * operator returns NULL. The underlying memory used for this object is managed by the object.
-An implementation of [`v8::String::Utf8Value`](https://v8docs.nodesource.com/node-8.16/d4/d1b/classv8_1_1_string_1_1_utf8_value.html) that is consistent across all supported versions of V8.
-Definition:
-```c++
-class Nan::Utf8String {
- public:
-  Nan::Utf8String(v8::Local<v8::Value> from);
-  int length() const;
-  char* operator*();
-  const char* operator*() const;
-};
-```
-<a name="api_nan_get_current_context"></a>
-### Nan::GetCurrentContext()
-A call to [`v8::Isolate::GetCurrent()->GetCurrentContext()`](https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#a81c7a1ed7001ae2a65e89107f75fd053) that works across all supported versions of V8.
-Signature:
-```c++
-v8::Local<v8::Context> Nan::GetCurrentContext()
-```
-<a name="api_nan_set_isolate_data"></a>
-### Nan::SetIsolateData()
-A helper to provide a consistent API to [`v8::Isolate#SetData()`](https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#a7acadfe7965997e9c386a05f098fbe36).
-Signature:
-```c++
-void Nan::SetIsolateData(v8::Isolate *isolate, T *data)
-```
-<a name="api_nan_get_isolate_data"></a>
-### Nan::GetIsolateData()
-A helper to provide a consistent API to [`v8::Isolate#GetData()`](https://v8docs.nodesource.com/node-8.16/d5/dda/classv8_1_1_isolate.html#aabd223436bc1100a787dadaa024c6257).
-Signature:
-```c++
-T *Nan::GetIsolateData(v8::Isolate *isolate)
-```
-<a name="api_nan_typedarray_contents"></a>
-### Nan::TypedArrayContents<T>
-A helper class for accessing the contents of an ArrayBufferView (aka a typedarray) from C++.  If the input array is not a valid typedarray, then the data pointer of TypedArrayContents will default to `NULL` and the length will be 0.  If the data pointer is not compatible with the alignment requirements of type, an assertion error will fail.
-Note that you must store a reference to the `array` object while you are accessing its contents.
-Definition:
-```c++
-template<typename T>
-class Nan::TypedArrayContents {
- public:
-  TypedArrayContents(v8::Local<Value> array);
-  size_t length() const;
-  T* const operator*();
-  const T* const operator*() const;
-};
-```

package/node_modules/nan/include_dirs.js DELETED Viewed

	@@ -1 +0,0 @@
1	- console.log(require('path').relative('.', __dirname));