@contrast/agent 4.5.2 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (666) hide show
  1. package/LICENSE +1 -1
  2. package/agent-loader.js +1 -1
  3. package/bin/VERSION +1 -1
  4. package/bin/linux/contrast-service +0 -0
  5. package/bin/mac/contrast-service +0 -0
  6. package/bin/windows/contrast-service.exe +0 -0
  7. package/bootstrap.js +1 -1
  8. package/cli-rewriter.js +1 -1
  9. package/cli.js +1 -1
  10. package/esm.mjs +1 -1
  11. package/lib/agent-emitter.js +1 -1
  12. package/lib/agent.js +1 -1
  13. package/lib/app-info.js +1 -1
  14. package/lib/assess/deadzones/index.js +1 -1
  15. package/lib/assess/deadzones/rewrite.js +1 -1
  16. package/lib/assess/express/index.js +1 -1
  17. package/lib/assess/express/route-coverage.js +1 -1
  18. package/lib/assess/express/sinks/index.js +1 -1
  19. package/lib/assess/express/sinks/xss.js +1 -1
  20. package/lib/assess/express/sources.js +1 -1
  21. package/lib/assess/fastify/index.js +1 -1
  22. package/lib/assess/fastify/route-coverage.js +1 -1
  23. package/lib/assess/fastify/sinks/index.js +1 -1
  24. package/lib/assess/fastify/sinks/response-scanning.js +1 -1
  25. package/lib/assess/fastify/sinks/unvalidated-redirect.js +1 -1
  26. package/lib/assess/fastify/sinks/xss.js +1 -1
  27. package/lib/assess/fastify/sources.js +1 -1
  28. package/lib/assess/hapi/index.js +1 -1
  29. package/lib/assess/hapi/route-coverage.js +1 -1
  30. package/lib/assess/hapi/sinks/index.js +1 -1
  31. package/lib/assess/hapi/sinks/response-scanning.js +1 -1
  32. package/lib/assess/hapi/sinks/session.js +1 -1
  33. package/lib/assess/hapi/sinks/unvalidated-redirect.js +1 -1
  34. package/lib/assess/hapi/sinks/xss.js +1 -1
  35. package/lib/assess/hapi/sources.js +1 -1
  36. package/lib/assess/index.js +1 -1
  37. package/lib/assess/koa/index.js +1 -1
  38. package/lib/assess/koa/route-coverage.js +1 -1
  39. package/lib/assess/koa/sinks/index.js +1 -1
  40. package/lib/assess/koa/sinks/response-scanning.js +1 -1
  41. package/lib/assess/koa/sinks/unvalidated-redirect.js +1 -1
  42. package/lib/assess/koa/sinks/xss.js +1 -1
  43. package/lib/assess/koa/sources.js +1 -1
  44. package/lib/assess/loopback4/index.js +1 -1
  45. package/lib/assess/loopback4/route-coverage.js +1 -1
  46. package/lib/assess/loopback4/sinks/index.js +1 -1
  47. package/lib/assess/loopback4/sinks/response-scanning.js +1 -1
  48. package/lib/assess/loopback4/sinks/xss.js +1 -1
  49. package/lib/assess/loopback4/sources.js +1 -1
  50. package/lib/assess/membrane/debraner.js +1 -1
  51. package/lib/assess/membrane/deserialization-membrane.js +5 -6
  52. package/lib/assess/membrane/index.js +1 -1
  53. package/lib/assess/membrane/source-membrane.js +17 -34
  54. package/lib/assess/models/base-event.js +1 -1
  55. package/lib/assess/models/call-context.js +2 -2
  56. package/lib/assess/models/index.js +1 -1
  57. package/lib/assess/models/propagation-event.js +1 -1
  58. package/lib/assess/models/signature.js +1 -1
  59. package/lib/assess/models/sink-event.js +1 -1
  60. package/lib/assess/models/source-event.js +1 -1
  61. package/lib/assess/models/tag-range/index.js +1 -1
  62. package/lib/assess/models/tag-range/relationships.js +1 -1
  63. package/lib/assess/models/tag-range/util.js +1 -1
  64. package/lib/assess/policy/index.js +1 -1
  65. package/lib/assess/policy/init.js +1 -1
  66. package/lib/assess/policy/propagators.json +19 -21
  67. package/lib/assess/policy/rules.json +7 -2
  68. package/lib/assess/policy/signatures.json +42 -6
  69. package/lib/assess/policy/util.js +3 -2
  70. package/lib/assess/propagators/JSON/parse.js +2 -2
  71. package/lib/assess/propagators/JSON/stringify.js +4 -4
  72. package/lib/assess/propagators/ajv/conditionals.js +1 -1
  73. package/lib/assess/propagators/ajv/evaluator-shim.js +1 -1
  74. package/lib/assess/propagators/ajv/index.js +1 -1
  75. package/lib/assess/propagators/ajv/json-schema-type-evaluators.js +1 -1
  76. package/lib/assess/propagators/ajv/object-walk.js +1 -1
  77. package/lib/assess/propagators/ajv/refs.js +1 -1
  78. package/lib/assess/propagators/ajv/schema-context.js +1 -1
  79. package/lib/assess/propagators/array-prototype-join.js +8 -9
  80. package/lib/assess/propagators/common.js +8 -6
  81. package/lib/assess/propagators/dustjs/escape-html.js +22 -0
  82. package/lib/assess/propagators/dustjs/escape-js.js +22 -0
  83. package/lib/assess/propagators/ejs-template-generate-source.js +1 -1
  84. package/lib/assess/propagators/encode-uri/encode-uri-component.js +22 -0
  85. package/lib/assess/propagators/encode-uri/encode-uri.js +22 -0
  86. package/lib/assess/propagators/handlebars-compile.js +1 -1
  87. package/lib/assess/propagators/handlebars-escape-expresssion.js +2 -2
  88. package/lib/assess/propagators/index.js +1 -3
  89. package/lib/assess/propagators/joi/boolean.js +2 -2
  90. package/lib/assess/propagators/joi/expression.js +2 -2
  91. package/lib/assess/propagators/joi/index.js +1 -1
  92. package/lib/assess/propagators/joi/number.js +2 -2
  93. package/lib/assess/propagators/joi/string-base.js +2 -2
  94. package/lib/assess/propagators/joi/string-schema.js +13 -14
  95. package/lib/assess/propagators/joi/values.js +38 -23
  96. package/lib/assess/propagators/manager.js +13 -11
  97. package/lib/assess/propagators/mongoose/helpers.js +20 -0
  98. package/lib/assess/propagators/mongoose/index.js +18 -0
  99. package/lib/assess/propagators/mongoose/map.js +74 -0
  100. package/lib/assess/propagators/mongoose/string.js +104 -0
  101. package/lib/assess/propagators/mustache/escape.js +22 -0
  102. package/lib/assess/propagators/number.js +54 -0
  103. package/lib/assess/propagators/object.js +7 -8
  104. package/lib/assess/propagators/path/basename.js +15 -14
  105. package/lib/assess/propagators/path/common.js +2 -2
  106. package/lib/assess/propagators/path/dirname.js +15 -14
  107. package/lib/assess/propagators/path/extname.js +15 -14
  108. package/lib/assess/propagators/path/format.js +1 -1
  109. package/lib/assess/propagators/path/join.js +1 -1
  110. package/lib/assess/propagators/path/normalize.js +1 -1
  111. package/lib/assess/propagators/path/parse.js +2 -2
  112. package/lib/assess/propagators/path/relative.js +8 -6
  113. package/lib/assess/propagators/path/resolve.js +1 -1
  114. package/lib/assess/propagators/path/to-namespaced-path.js +1 -1
  115. package/lib/assess/propagators/pug-compile.js +1 -1
  116. package/lib/assess/propagators/querystring/escape.js +21 -19
  117. package/lib/assess/propagators/querystring/parse.js +8 -6
  118. package/lib/assess/propagators/querystring/stringify.js +26 -25
  119. package/lib/assess/propagators/querystring/unescape.js +21 -19
  120. package/lib/assess/propagators/querystring/utils.js +1 -1
  121. package/lib/assess/propagators/sequelize/sql-string-escape.js +2 -2
  122. package/lib/assess/propagators/sequelize/sql-string-format-named-parameters.js +2 -2
  123. package/lib/assess/propagators/sequelize/sql-string-format.js +4 -4
  124. package/lib/assess/propagators/sequelize/utils.js +3 -3
  125. package/lib/assess/propagators/string-prototype-replace.js +31 -29
  126. package/lib/assess/propagators/string-prototype-split.js +37 -37
  127. package/lib/assess/propagators/string-prototype-trim.js +16 -18
  128. package/lib/assess/propagators/string.js +13 -17
  129. package/lib/assess/propagators/template-escape.js +87 -0
  130. package/lib/assess/propagators/templates.js +11 -12
  131. package/lib/assess/propagators/url/url-prototype-parse.js +6 -7
  132. package/lib/assess/propagators/url/url-url.js +52 -44
  133. package/lib/assess/propagators/url/utils.js +1 -1
  134. package/lib/assess/propagators/util/format.js +2 -2
  135. package/lib/assess/propagators/utils.js +1 -1
  136. package/lib/assess/propagators/v8/init-hooks.js +4 -4
  137. package/lib/assess/propagators/validator/init-hooks.js +23 -23
  138. package/lib/assess/propagators/validator/validator-methods.js +1 -2
  139. package/lib/assess/response-scanning/app-activity.js +1 -1
  140. package/lib/assess/response-scanning/autocomplete-missing.js +1 -1
  141. package/lib/assess/response-scanning/cache-controls-missing.js +1 -1
  142. package/lib/assess/response-scanning/clickjacking-control-missing.js +1 -1
  143. package/lib/assess/response-scanning/common.js +1 -1
  144. package/lib/assess/response-scanning/cookies/common.js +1 -1
  145. package/lib/assess/response-scanning/cookies/events.js +1 -1
  146. package/lib/assess/response-scanning/cookies/httponly.js +1 -1
  147. package/lib/assess/response-scanning/cookies/secure-flag-missing.js +1 -1
  148. package/lib/assess/response-scanning/headers/csp-header-insecure.js +1 -1
  149. package/lib/assess/response-scanning/headers/csp-header-missing.js +1 -1
  150. package/lib/assess/response-scanning/headers/csp-utils.js +1 -1
  151. package/lib/assess/response-scanning/headers/hsts-header-missing.js +1 -1
  152. package/lib/assess/response-scanning/headers/powered-by.js +1 -1
  153. package/lib/assess/response-scanning/headers/xcontenttype-header-missing.js +1 -1
  154. package/lib/assess/response-scanning/headers/xxssprotection-header-disabled.js +1 -1
  155. package/lib/assess/response-scanning/parameter-pollution.js +1 -1
  156. package/lib/assess/response-scanning/parseable-response-emitter.js +1 -1
  157. package/lib/assess/restify/index.js +1 -1
  158. package/lib/assess/restify/route-coverage.js +1 -1
  159. package/lib/assess/restify/session.js +1 -1
  160. package/lib/assess/restify/sinks/index.js +1 -1
  161. package/lib/assess/restify/sinks/response-scanning.js +1 -1
  162. package/lib/assess/restify/sinks/unvalidated-redirect.js +1 -1
  163. package/lib/assess/restify/sinks/xss.js +1 -1
  164. package/lib/assess/restify/sources.js +1 -1
  165. package/lib/assess/sinks/common.js +11 -6
  166. package/lib/assess/sinks/dustjs-linkedin-xss.js +131 -0
  167. package/lib/assess/sinks/dynamo.js +1 -1
  168. package/lib/assess/sinks/hapi-16-xss.js +1 -1
  169. package/lib/assess/sinks/index.js +1 -1
  170. package/lib/assess/sinks/libxmljs-xxe.js +2 -2
  171. package/lib/assess/sinks/mongodb.js +3 -2
  172. package/lib/assess/sinks/ssrf-url.js +2 -2
  173. package/lib/assess/sources/formidable.js +1 -1
  174. package/lib/assess/sources/index.js +1 -1
  175. package/lib/assess/static/hardcoded.js +1 -1
  176. package/lib/assess/technologies/index.js +1 -1
  177. package/lib/assess/utils.js +1 -1
  178. package/lib/cli-rewriter/index.js +1 -1
  179. package/lib/constants.js +5 -2
  180. package/lib/contrast.js +1 -1
  181. package/lib/core/arch-components/dynamodb.js +1 -1
  182. package/lib/core/arch-components/dynamodbv3.js +1 -1
  183. package/lib/core/arch-components/index.js +1 -1
  184. package/lib/core/arch-components/mongodb.js +1 -1
  185. package/lib/core/arch-components/mysql.js +1 -1
  186. package/lib/core/arch-components/postgres.js +1 -1
  187. package/lib/core/arch-components/rethinkdb.js +53 -0
  188. package/lib/core/arch-components/sqlite3.js +1 -1
  189. package/lib/core/async-storage/context.js +1 -1
  190. package/lib/core/async-storage/hooks/bluebird.js +1 -1
  191. package/lib/core/async-storage/hooks/mongodb-core.js +1 -1
  192. package/lib/core/async-storage/hooks/mysql.js +1 -1
  193. package/lib/core/async-storage/hooks/redis.js +1 -1
  194. package/lib/core/async-storage/hooks/utils.js +1 -1
  195. package/lib/core/async-storage/index.js +1 -1
  196. package/lib/core/async-storage/scopes/index.js +1 -1
  197. package/lib/core/common/formidable.js +1 -1
  198. package/lib/core/common/index.js +1 -1
  199. package/lib/core/config/options.js +4 -3
  200. package/lib/core/config/util.js +1 -1
  201. package/lib/core/exclusions/exclusion-factory.js +1 -1
  202. package/lib/core/exclusions/exclusion.js +1 -1
  203. package/lib/core/exclusions/input.js +1 -1
  204. package/lib/core/exclusions/url.js +1 -1
  205. package/lib/core/express/index.js +1 -1
  206. package/lib/core/express/utils.js +1 -1
  207. package/lib/core/fastify/index.js +1 -1
  208. package/lib/core/fastify/utils.js +1 -1
  209. package/lib/core/hapi/index.js +1 -1
  210. package/lib/core/hapi/utils.js +1 -1
  211. package/lib/core/index.js +1 -1
  212. package/lib/core/koa/index.js +1 -1
  213. package/lib/core/koa/utils.js +1 -1
  214. package/lib/core/logger/daily-rotate-file.js +1 -1
  215. package/lib/core/logger/dataflow-monitor.js +1 -1
  216. package/lib/core/logger/debug-logger.js +1 -1
  217. package/lib/core/logger/index.js +1 -1
  218. package/lib/core/logger/perf-logger.js +1 -1
  219. package/lib/core/logger/umbrella-logger.js +1 -1
  220. package/lib/core/loopback4/index.js +1 -1
  221. package/lib/core/metrics/index.js +1 -1
  222. package/lib/core/restify/index.js +1 -1
  223. package/lib/core/restify/utils.js +1 -1
  224. package/lib/core/rewrite/assignment-expression.js +1 -1
  225. package/lib/core/rewrite/binary-expression.js +1 -1
  226. package/lib/core/rewrite/call-expression.js +1 -1
  227. package/lib/core/rewrite/callees.js +1 -1
  228. package/lib/core/rewrite/catch-clause.js +1 -1
  229. package/lib/core/rewrite/function-wrap.js +1 -1
  230. package/lib/core/rewrite/index.js +1 -1
  231. package/lib/core/rewrite/injections.js +9 -1
  232. package/lib/core/rewrite/is-contrast-method.js +1 -1
  233. package/lib/core/rewrite/log.js +1 -1
  234. package/lib/core/rewrite/member-expression.js +1 -1
  235. package/lib/core/rewrite/object-property.js +1 -1
  236. package/lib/core/rewrite/prepend-globals.js +1 -1
  237. package/lib/core/rewrite/rewrite-log.js +1 -1
  238. package/lib/core/rewrite/switch-statement.js +1 -1
  239. package/lib/core/rewrite/template-literal.js +1 -1
  240. package/lib/core/stacktrace.js +3 -2
  241. package/lib/coverage.js +1 -1
  242. package/lib/feature-set.js +2 -2
  243. package/lib/generator-function.js +1 -1
  244. package/lib/hooks/array.js +1 -1
  245. package/lib/hooks/cluster.js +1 -1
  246. package/lib/hooks/dataflow-monitor.js +1 -1
  247. package/lib/hooks/encoding.js +1 -1
  248. package/lib/hooks/express-fileupload.js +1 -1
  249. package/lib/hooks/express-session.js +1 -1
  250. package/lib/hooks/fn-to-string.js +1 -1
  251. package/lib/hooks/frameworks/base.js +9 -3
  252. package/lib/hooks/frameworks/common.js +1 -1
  253. package/lib/hooks/frameworks/hapi16.js +1 -1
  254. package/lib/hooks/frameworks/http.js +24 -17
  255. package/lib/hooks/frameworks/http2.js +73 -0
  256. package/lib/hooks/frameworks/index.js +9 -4
  257. package/lib/hooks/hapi-16-reply.js +1 -1
  258. package/lib/hooks/hapi-16-session.js +1 -1
  259. package/lib/hooks/http.js +113 -129
  260. package/lib/hooks/module/extensions.js +1 -1
  261. package/lib/hooks/module/helpers.js +1 -1
  262. package/lib/hooks/module/index.js +1 -1
  263. package/lib/hooks/newrelic.js +1 -1
  264. package/lib/hooks/object-is.js +1 -1
  265. package/lib/hooks/object-to-primitive.js +7 -8
  266. package/lib/hooks/patcher.js +62 -39
  267. package/lib/hooks/require.js +17 -23
  268. package/lib/hooks/stealthy-require.js +1 -1
  269. package/lib/instrumentation.js +1 -4
  270. package/lib/libraries.js +1 -1
  271. package/lib/library-usage.js +1 -1
  272. package/lib/list-installed.js +1 -1
  273. package/lib/protect/analysis/aho-corasick.js +1 -1
  274. package/lib/protect/analysis/dfsa-analyzer.js +1 -1
  275. package/lib/protect/errors/handler.js +1 -1
  276. package/lib/protect/errors/security-exception.js +1 -1
  277. package/lib/protect/express/index.js +1 -1
  278. package/lib/protect/express/sinks.js +1 -1
  279. package/lib/protect/express/sources.js +1 -1
  280. package/lib/protect/fastify/index.js +1 -1
  281. package/lib/protect/fastify/sinks.js +1 -1
  282. package/lib/protect/fastify/sources.js +1 -1
  283. package/lib/protect/hapi/error-handler.js +1 -1
  284. package/lib/protect/hapi/index.js +1 -1
  285. package/lib/protect/hapi/sinks.js +1 -1
  286. package/lib/protect/hapi/sources.js +1 -1
  287. package/lib/protect/index.js +1 -1
  288. package/lib/protect/input-analysis.js +1 -1
  289. package/lib/protect/koa/index.js +1 -1
  290. package/lib/protect/koa/sinks.js +1 -1
  291. package/lib/protect/koa/sources.js +1 -1
  292. package/lib/protect/listeners.js +1 -1
  293. package/lib/protect/loopback4/index.js +1 -1
  294. package/lib/protect/loopback4/sources.js +1 -1
  295. package/lib/protect/models/application-context.js +1 -1
  296. package/lib/protect/models/sink-event.js +1 -1
  297. package/lib/protect/models/source-event.js +1 -1
  298. package/lib/protect/restify/index.js +1 -1
  299. package/lib/protect/restify/sinks.js +1 -1
  300. package/lib/protect/restify/sources.js +1 -1
  301. package/lib/protect/rules/assessment.js +1 -1
  302. package/lib/protect/rules/attack-patterns.js +1 -1
  303. package/lib/protect/rules/base-scanner/index.js +1 -1
  304. package/lib/protect/rules/base-scanner/java-script-scanner.js +1 -1
  305. package/lib/protect/rules/base-scanner/postgresqlscanner.js +1 -1
  306. package/lib/protect/rules/base-scanner/scan-state.js +1 -1
  307. package/lib/protect/rules/base-scanner/substring-finder.js +1 -1
  308. package/lib/protect/rules/base-scanner/token-sequence.js +1 -1
  309. package/lib/protect/rules/bot-blocker/bot-blocker-rule.js +1 -1
  310. package/lib/protect/rules/bot-blocker/index.js +1 -1
  311. package/lib/protect/rules/cmd-injection/cmdinjection-rule.js +1 -1
  312. package/lib/protect/rules/cmd-injection-command-backdoors/backdoor-detector.js +1 -1
  313. package/lib/protect/rules/cmd-injection-command-backdoors/cmd-injection-command-backdoors-rule.js +1 -1
  314. package/lib/protect/rules/cmd-injection-semantic-chained-commands/chained-command-scanner.js +1 -1
  315. package/lib/protect/rules/cmd-injection-semantic-chained-commands/cmd-injection-semantic-chained-commands-rule.js +1 -1
  316. package/lib/protect/rules/cmd-injection-semantic-dangerous-paths/cmd-injection-semantic-dangerous-paths-rule.js +1 -1
  317. package/lib/protect/rules/cmd-injection-semantic-dangerous-paths/dangerous-paths-scanner.js +1 -1
  318. package/lib/protect/rules/common.js +1 -1
  319. package/lib/protect/rules/index.js +1 -1
  320. package/lib/protect/rules/ip-denylist/ip-denylist-rule.js +1 -1
  321. package/lib/protect/rules/method-tampering/evaluator.js +1 -1
  322. package/lib/protect/rules/method-tampering/method-tampering-rule.js +1 -1
  323. package/lib/protect/rules/nosqli/nosql-injection-rule.js +228 -0
  324. package/lib/protect/rules/nosqli/nosql-scanner/index.js +1 -1
  325. package/lib/protect/rules/nosqli/nosql-scanner/mongodbscanner.js +1 -1
  326. package/lib/protect/rules/path-traversal/path-traversal-rule.js +1 -1
  327. package/lib/protect/rules/rule-factory.js +3 -3
  328. package/lib/protect/rules/signatures/cmd-injection/custom-searchers/chained-command-searcher.js +1 -1
  329. package/lib/protect/rules/signatures/cmd-injection/custom-searchers/index.js +1 -1
  330. package/lib/protect/rules/signatures/cmd-injection/index.js +1 -1
  331. package/lib/protect/rules/signatures/evaluator.js +1 -1
  332. package/lib/protect/rules/signatures/index.js +1 -1
  333. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/index.js +1 -1
  334. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/nosql-comment-searcher.js +1 -1
  335. package/lib/protect/rules/signatures/nosql-injection/custom-searchers/simple-or-searcher.js +1 -1
  336. package/lib/protect/rules/signatures/nosql-injection/index.js +1 -1
  337. package/lib/protect/rules/signatures/path-traversal/index.js +1 -1
  338. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/behavior-url-searcher.js +1 -1
  339. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/function-definition-searcher.js +1 -1
  340. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/immediate-function-searcher.js +1 -1
  341. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/index.js +1 -1
  342. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/link-and-src-target-searcher.js +1 -1
  343. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/location-set-searcher.js +1 -1
  344. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/map-access-searcher.js +1 -1
  345. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/native-function-execution-searcher.js +1 -1
  346. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/no-alnum-searcher.js +1 -1
  347. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/redefined-function-searcher.js +1 -1
  348. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/style-url-injection-searcher.js +1 -1
  349. package/lib/protect/rules/signatures/reflected-xss/custom-searchers/variable-assignment-searcher.js +1 -1
  350. package/lib/protect/rules/signatures/reflected-xss/helpers/function-call.js +1 -1
  351. package/lib/protect/rules/signatures/reflected-xss/index.js +1 -1
  352. package/lib/protect/rules/signatures/signature.js +1 -1
  353. package/lib/protect/rules/signatures/sql-injection/custom-searchers/if-else-drop-searcher.js +1 -1
  354. package/lib/protect/rules/signatures/sql-injection/custom-searchers/index.js +1 -1
  355. package/lib/protect/rules/signatures/sql-injection/custom-searchers/simple-or-searcher.js +1 -1
  356. package/lib/protect/rules/signatures/sql-injection/custom-searchers/sql-comment-searcher.js +1 -1
  357. package/lib/protect/rules/signatures/sql-injection/custom-searchers/time-function-searcher.js +1 -1
  358. package/lib/protect/rules/signatures/sql-injection/custom-searchers/tsql-exec-searcher.js +1 -1
  359. package/lib/protect/rules/signatures/sql-injection/index.js +1 -1
  360. package/lib/protect/rules/signatures/ssjs-injection/index.js +1 -1
  361. package/lib/protect/rules/signatures/unsafe-file-upload/index.js +1 -1
  362. package/lib/protect/rules/signatures/untrusted-deserialization/index.js +1 -1
  363. package/lib/protect/rules/sqli/generic-complicated.js +1 -1
  364. package/lib/protect/rules/sqli/sql-injection-rule.js +1 -1
  365. package/lib/protect/rules/sqli/sql-scanner/index.js +1 -1
  366. package/lib/protect/rules/sqli/sql-scanner/mysql-scanner.js +1 -1
  367. package/lib/protect/rules/ssjs-injection/evaluator.js +1 -1
  368. package/lib/protect/rules/ssjs-injection/ssjsinjection-rule.js +1 -1
  369. package/lib/protect/rules/unsafe-file-upload/unsafe-file-upload-rule.js +1 -1
  370. package/lib/protect/rules/untrusted-deserialization/untrusted-deserialization-rule.js +1 -1
  371. package/lib/protect/rules/virtual-patch/index.js +1 -1
  372. package/lib/protect/rules/virtual-patch/utils.js +1 -1
  373. package/lib/protect/rules/virtual-patch/virtual-patch-rule.js +1 -1
  374. package/lib/protect/rules/xss/helpers/function-call.js +1 -1
  375. package/lib/protect/rules/xss/reflected-xss-rule.js +1 -1
  376. package/lib/protect/rules/xxe/xxerule.js +1 -1
  377. package/lib/protect/sample-aggregator.js +1 -1
  378. package/lib/protect/samples.js +1 -1
  379. package/lib/protect/service.js +24 -12
  380. package/lib/protect/sinks/child-process.js +1 -1
  381. package/lib/protect/sinks/eval.js +1 -1
  382. package/lib/protect/sinks/fs.js +1 -1
  383. package/lib/protect/sinks/function.js +1 -1
  384. package/lib/protect/sinks/index.js +1 -1
  385. package/lib/protect/sinks/libxmljs.js +1 -1
  386. package/lib/protect/sinks/mongodb.js +57 -56
  387. package/lib/protect/sinks/mysql.js +1 -1
  388. package/lib/protect/sinks/node-serialize.js +1 -1
  389. package/lib/protect/sinks/postgres.js +1 -1
  390. package/lib/protect/sinks/sequelize.js +1 -1
  391. package/lib/protect/sinks/sqlite3.js +1 -1
  392. package/lib/protect/sinks/vm.js +1 -1
  393. package/lib/protect/sources/busboy.js +1 -1
  394. package/lib/protect/sources/formidable.js +1 -1
  395. package/lib/protect/sources/index.js +1 -1
  396. package/lib/protect/validators/authorization.js +1 -1
  397. package/lib/protect/validators/common.js +1 -1
  398. package/lib/protect/validators/connection.js +1 -1
  399. package/lib/protect/validators/content-length.js +1 -1
  400. package/lib/protect/validators/host.js +1 -1
  401. package/lib/protect/validators/if-none-match.js +1 -1
  402. package/lib/protect/validators/index.js +1 -1
  403. package/lib/protect/validators/origin.js +1 -1
  404. package/lib/reporter/app-activity-queue.js +1 -1
  405. package/lib/reporter/grpc-client.js +1 -1
  406. package/lib/reporter/messages/speedracer/activity.js +1 -1
  407. package/lib/reporter/messages/speedracer/application-create.js +1 -1
  408. package/lib/reporter/messages/speedracer/application-update.js +1 -1
  409. package/lib/reporter/messages/speedracer/base.js +1 -1
  410. package/lib/reporter/messages/speedracer/index.js +1 -1
  411. package/lib/reporter/messages/speedracer/observed-route.js +1 -1
  412. package/lib/reporter/messages/speedracer/poll.js +1 -1
  413. package/lib/reporter/messages/speedracer/request.js +1 -1
  414. package/lib/reporter/messages/speedracer/startup.js +1 -1
  415. package/lib/reporter/messaging-router.js +1 -1
  416. package/lib/reporter/models/app-activity/app-activity.js +1 -1
  417. package/lib/reporter/models/app-activity/attacker-activity.js +1 -1
  418. package/lib/reporter/models/app-activity/defend.js +1 -1
  419. package/lib/reporter/models/app-activity/inventory.js +1 -1
  420. package/lib/reporter/models/app-activity/protection-rule-activity.js +1 -1
  421. package/lib/reporter/models/app-activity/rule-events.js +1 -1
  422. package/lib/reporter/models/app-activity/sample.js +1 -1
  423. package/lib/reporter/models/app-activity/source.js +1 -1
  424. package/lib/reporter/models/app-activity/user-input.js +1 -1
  425. package/lib/reporter/models/app-create.js +1 -1
  426. package/lib/reporter/models/app-update/index.js +1 -1
  427. package/lib/reporter/models/app-update/library-manifest.js +1 -1
  428. package/lib/reporter/models/app-update/library-usage.js +1 -1
  429. package/lib/reporter/models/app-update/library.js +1 -1
  430. package/lib/reporter/models/event-tag.js +1 -1
  431. package/lib/reporter/models/finding/event.js +1 -1
  432. package/lib/reporter/models/finding/finding.js +1 -1
  433. package/lib/reporter/models/frameworks/express-request.js +1 -1
  434. package/lib/reporter/models/frameworks/fastify-request.js +1 -1
  435. package/lib/reporter/models/frameworks/hapi-request.js +1 -1
  436. package/lib/reporter/models/frameworks/index.js +1 -1
  437. package/lib/reporter/models/frameworks/koa-request.js +1 -1
  438. package/lib/reporter/models/frameworks/restify-request.js +1 -1
  439. package/lib/reporter/models/observed-route.js +1 -1
  440. package/lib/reporter/models/request.js +1 -1
  441. package/lib/reporter/models/route-coverage.js +1 -1
  442. package/lib/reporter/models/startup.js +1 -1
  443. package/lib/reporter/models/trace-event-source.js +1 -1
  444. package/lib/reporter/models/utils/request-factory.js +1 -1
  445. package/lib/reporter/models/utils/user-input-factory.js +1 -1
  446. package/lib/reporter/models/utils/user-input-kit.js +1 -1
  447. package/lib/reporter/mq-client.js +1 -1
  448. package/lib/reporter/server-activity-queue.js +1 -1
  449. package/lib/reporter/socket-client.js +1 -1
  450. package/lib/reporter/speedracer/base-connection-state.js +1 -1
  451. package/lib/reporter/speedracer/constants.js +1 -1
  452. package/lib/reporter/speedracer/failure-connection-state.js +1 -1
  453. package/lib/reporter/speedracer/index.js +1 -1
  454. package/lib/reporter/speedracer/success-connection-state.js +1 -1
  455. package/lib/reporter/speedracer/unknown-connection-state.js +1 -1
  456. package/lib/reporter/translations/enums.js +1 -1
  457. package/lib/reporter/translations/helpers.js +1 -1
  458. package/lib/reporter/translations/to-protobuf/dtm/activity.js +1 -1
  459. package/lib/reporter/translations/to-protobuf/dtm/address.js +1 -1
  460. package/lib/reporter/translations/to-protobuf/dtm/agent-startup.js +1 -1
  461. package/lib/reporter/translations/to-protobuf/dtm/application-create.js +1 -1
  462. package/lib/reporter/translations/to-protobuf/dtm/application-update.js +1 -1
  463. package/lib/reporter/translations/to-protobuf/dtm/architecture-component.js +1 -1
  464. package/lib/reporter/translations/to-protobuf/dtm/attack-result.js +1 -1
  465. package/lib/reporter/translations/to-protobuf/dtm/bot-blocker-details.js +1 -1
  466. package/lib/reporter/translations/to-protobuf/dtm/cmd-injection-details.js +1 -1
  467. package/lib/reporter/translations/to-protobuf/dtm/cmd-injection-semantic-analysis-details.js +1 -1
  468. package/lib/reporter/translations/to-protobuf/dtm/finding.js +1 -1
  469. package/lib/reporter/translations/to-protobuf/dtm/http-method-tampering-details.js +1 -1
  470. package/lib/reporter/translations/to-protobuf/dtm/http-request.js +1 -1
  471. package/lib/reporter/translations/to-protobuf/dtm/index.js +2 -2
  472. package/lib/reporter/translations/to-protobuf/dtm/ip-denylist-details.js +2 -2
  473. package/lib/reporter/translations/to-protobuf/dtm/library-usage-update.js +1 -1
  474. package/lib/reporter/translations/to-protobuf/dtm/no-sql-injection-details.js +1 -1
  475. package/lib/reporter/translations/to-protobuf/dtm/observed-route.js +1 -1
  476. package/lib/reporter/translations/to-protobuf/dtm/pair.js +1 -1
  477. package/lib/reporter/translations/to-protobuf/dtm/path-traversal-details.js +1 -1
  478. package/lib/reporter/translations/to-protobuf/dtm/poll.js +1 -1
  479. package/lib/reporter/translations/to-protobuf/dtm/rasp-rule-sample.js +2 -2
  480. package/lib/reporter/translations/to-protobuf/dtm/raw-request.js +1 -1
  481. package/lib/reporter/translations/to-protobuf/dtm/route-coverage.js +1 -1
  482. package/lib/reporter/translations/to-protobuf/dtm/simple-pair.js +1 -1
  483. package/lib/reporter/translations/to-protobuf/dtm/sql-injection-details.js +1 -1
  484. package/lib/reporter/translations/to-protobuf/dtm/ssjs-injection-details.js +1 -1
  485. package/lib/reporter/translations/to-protobuf/dtm/stack-trace-element.js +1 -1
  486. package/lib/reporter/translations/to-protobuf/dtm/trace-event/action.js +1 -1
  487. package/lib/reporter/translations/to-protobuf/dtm/trace-event/index.js +1 -1
  488. package/lib/reporter/translations/to-protobuf/dtm/trace-event/parent-object-id.js +1 -1
  489. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-object.js +1 -1
  490. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-signature.js +1 -1
  491. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-event-source.js +1 -1
  492. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-stack.js +1 -1
  493. package/lib/reporter/translations/to-protobuf/dtm/trace-event/trace-taint-range.js +1 -1
  494. package/lib/reporter/translations/to-protobuf/dtm/trace-event/type.js +1 -1
  495. package/lib/reporter/translations/to-protobuf/dtm/untrusted-deserialization-details.js +1 -1
  496. package/lib/reporter/translations/to-protobuf/dtm/user-input.js +1 -1
  497. package/lib/reporter/translations/to-protobuf/dtm/virtual-patch-details.js +1 -1
  498. package/lib/reporter/translations/to-protobuf/dtm/xss-details.js +1 -1
  499. package/lib/reporter/translations/to-protobuf/dtm/xxe-details.js +1 -1
  500. package/lib/reporter/translations/to-protobuf/index.js +1 -1
  501. package/lib/reporter/translations/to-protobuf/settings/application-settings.js +1 -1
  502. package/lib/reporter/translations/to-protobuf/settings/assess-features.js +1 -1
  503. package/lib/reporter/translations/to-protobuf/settings/auth.js +1 -1
  504. package/lib/reporter/translations/to-protobuf/settings/bot-blocker.js +1 -1
  505. package/lib/reporter/translations/to-protobuf/settings/custom-rule-feature.js +1 -1
  506. package/lib/reporter/translations/to-protobuf/settings/defend-features.js +9 -7
  507. package/lib/reporter/translations/to-protobuf/settings/exclusions.js +6 -5
  508. package/lib/reporter/translations/to-protobuf/settings/index.js +1 -1
  509. package/lib/reporter/translations/to-protobuf/settings/input-analysis-result.js +1 -1
  510. package/lib/reporter/translations/to-protobuf/settings/inventory-features.js +1 -1
  511. package/lib/reporter/translations/to-protobuf/settings/ip-filter.js +1 -1
  512. package/lib/reporter/translations/to-protobuf/settings/log-enhancer.js +1 -1
  513. package/lib/reporter/translations/to-protobuf/settings/protection-rule.js +1 -1
  514. package/lib/reporter/translations/to-protobuf/settings/reaction.js +1 -1
  515. package/lib/reporter/translations/to-protobuf/settings/rule-definition.js +1 -1
  516. package/lib/reporter/translations/to-protobuf/settings/sampling.js +1 -1
  517. package/lib/reporter/translations/to-protobuf/settings/server-features.js +1 -1
  518. package/lib/reporter/translations/to-protobuf/settings/syslog.js +1 -1
  519. package/lib/reporter/translations/to-protobuf/settings/virtual-patch.js +1 -1
  520. package/lib/reporter/ts-reporter.js +1 -1
  521. package/lib/tracker.js +14 -66
  522. package/lib/util/base64.js +1 -1
  523. package/lib/util/bitset.js +1 -1
  524. package/lib/util/block-request.js +1 -1
  525. package/lib/util/callback-resolver.js +1 -1
  526. package/lib/util/clean-stack.js +1 -1
  527. package/lib/util/clean-string/brackets.js +1 -1
  528. package/lib/util/clean-string/clean-string-base.js +1 -1
  529. package/lib/util/clean-string/comments.js +1 -1
  530. package/lib/util/clean-string/concatenations.js +1 -1
  531. package/lib/util/clean-string/jsclean-string.js +1 -1
  532. package/lib/util/clean-string/placeholders.js +1 -1
  533. package/lib/util/clean-string/util.js +1 -1
  534. package/lib/util/colors.js +1 -1
  535. package/lib/util/file-finder.js +1 -1
  536. package/lib/util/heap-dump.js +1 -1
  537. package/lib/util/html-util.js +1 -1
  538. package/lib/util/ip-analyzer.js +1 -1
  539. package/lib/util/is-agent-path.js +1 -1
  540. package/lib/util/is-contrast-error.js +1 -1
  541. package/lib/util/is-piped-to-dev.js +1 -1
  542. package/lib/util/is-string.js +1 -1
  543. package/lib/util/partial.js +1 -1
  544. package/lib/util/pkg-name.js +1 -1
  545. package/lib/util/request-util.js +1 -1
  546. package/lib/util/resolve-obj.js +1 -1
  547. package/lib/util/route-info.js +1 -1
  548. package/lib/util/some.js +1 -1
  549. package/lib/util/source-map.js +2 -2
  550. package/lib/util/static-rules.js +1 -1
  551. package/lib/util/trace-util.js +1 -1
  552. package/lib/util/traverse.js +1 -1
  553. package/lib/util/user-input-evaluator.js +1 -1
  554. package/lib/util/xml-analyzer/external-entity-finder.js +1 -1
  555. package/package.json +14 -16
  556. package/perf-logs.js +1 -1
  557. package/lib/hooks/frameworks/https.js +0 -42
  558. package/lib/protect/rules/nosqli/no-sql-injection-rule.js +0 -109
  559. package/node_modules/bindings/LICENSE.md +0 -22
  560. package/node_modules/bindings/README.md +0 -98
  561. package/node_modules/bindings/bindings.js +0 -221
  562. package/node_modules/bindings/package.json +0 -32
  563. package/node_modules/file-uri-to-path/.npmignore +0 -1
  564. package/node_modules/file-uri-to-path/.travis.yml +0 -30
  565. package/node_modules/file-uri-to-path/History.md +0 -21
  566. package/node_modules/file-uri-to-path/LICENSE +0 -20
  567. package/node_modules/file-uri-to-path/README.md +0 -74
  568. package/node_modules/file-uri-to-path/index.d.ts +0 -2
  569. package/node_modules/file-uri-to-path/index.js +0 -66
  570. package/node_modules/file-uri-to-path/package.json +0 -36
  571. package/node_modules/file-uri-to-path/test/test.js +0 -24
  572. package/node_modules/file-uri-to-path/test/tests.json +0 -13
  573. package/node_modules/glossy/LICENSE +0 -19
  574. package/node_modules/glossy/README.md +0 -129
  575. package/node_modules/glossy/index.js +0 -12
  576. package/node_modules/glossy/lib/glossy/parse.js +0 -520
  577. package/node_modules/glossy/lib/glossy/produce.js +0 -459
  578. package/node_modules/glossy/package.json +0 -47
  579. package/node_modules/glossy/test/decide.js +0 -7
  580. package/node_modules/glossy/test/decode_pri.js +0 -24
  581. package/node_modules/glossy/test/parse_3164.js +0 -104
  582. package/node_modules/glossy/test/parse_5424.js +0 -106
  583. package/node_modules/glossy/test/parse_5848.js +0 -40
  584. package/node_modules/glossy/test/parse_8601.js +0 -14
  585. package/node_modules/glossy/test/parse_rfc3339.js +0 -9
  586. package/node_modules/glossy/test/produce.js +0 -162
  587. package/node_modules/glossy/test/runner.js +0 -40
  588. package/node_modules/glossy/test/structure_data.js +0 -24
  589. package/node_modules/nan/CHANGELOG.md +0 -537
  590. package/node_modules/nan/LICENSE.md +0 -13
  591. package/node_modules/nan/README.md +0 -455
  592. package/node_modules/nan/doc/asyncworker.md +0 -146
  593. package/node_modules/nan/doc/buffers.md +0 -54
  594. package/node_modules/nan/doc/callback.md +0 -76
  595. package/node_modules/nan/doc/converters.md +0 -41
  596. package/node_modules/nan/doc/errors.md +0 -226
  597. package/node_modules/nan/doc/json.md +0 -62
  598. package/node_modules/nan/doc/maybe_types.md +0 -583
  599. package/node_modules/nan/doc/methods.md +0 -664
  600. package/node_modules/nan/doc/new.md +0 -147
  601. package/node_modules/nan/doc/node_misc.md +0 -123
  602. package/node_modules/nan/doc/object_wrappers.md +0 -263
  603. package/node_modules/nan/doc/persistent.md +0 -296
  604. package/node_modules/nan/doc/scopes.md +0 -73
  605. package/node_modules/nan/doc/script.md +0 -38
  606. package/node_modules/nan/doc/string_bytes.md +0 -62
  607. package/node_modules/nan/doc/v8_internals.md +0 -199
  608. package/node_modules/nan/doc/v8_misc.md +0 -85
  609. package/node_modules/nan/include_dirs.js +0 -1
  610. package/node_modules/nan/nan.h +0 -2898
  611. package/node_modules/nan/nan_callbacks.h +0 -88
  612. package/node_modules/nan/nan_callbacks_12_inl.h +0 -514
  613. package/node_modules/nan/nan_callbacks_pre_12_inl.h +0 -520
  614. package/node_modules/nan/nan_converters.h +0 -72
  615. package/node_modules/nan/nan_converters_43_inl.h +0 -68
  616. package/node_modules/nan/nan_converters_pre_43_inl.h +0 -42
  617. package/node_modules/nan/nan_define_own_property_helper.h +0 -29
  618. package/node_modules/nan/nan_implementation_12_inl.h +0 -430
  619. package/node_modules/nan/nan_implementation_pre_12_inl.h +0 -263
  620. package/node_modules/nan/nan_json.h +0 -166
  621. package/node_modules/nan/nan_maybe_43_inl.h +0 -356
  622. package/node_modules/nan/nan_maybe_pre_43_inl.h +0 -268
  623. package/node_modules/nan/nan_new.h +0 -340
  624. package/node_modules/nan/nan_object_wrap.h +0 -156
  625. package/node_modules/nan/nan_persistent_12_inl.h +0 -132
  626. package/node_modules/nan/nan_persistent_pre_12_inl.h +0 -242
  627. package/node_modules/nan/nan_private.h +0 -73
  628. package/node_modules/nan/nan_string_bytes.h +0 -305
  629. package/node_modules/nan/nan_typedarray_contents.h +0 -96
  630. package/node_modules/nan/nan_weak.h +0 -437
  631. package/node_modules/nan/package.json +0 -41
  632. package/node_modules/nan/tools/1to2.js +0 -412
  633. package/node_modules/nan/tools/README.md +0 -14
  634. package/node_modules/nan/tools/package.json +0 -19
  635. package/node_modules/unix-dgram/LICENSE +0 -13
  636. package/node_modules/unix-dgram/README.md +0 -107
  637. package/node_modules/unix-dgram/binding.gyp +0 -20
  638. package/node_modules/unix-dgram/build/Makefile +0 -324
  639. package/node_modules/unix-dgram/build/Release/.deps/Release/obj.target/unix_dgram/src/unix_dgram.o.d +0 -58
  640. package/node_modules/unix-dgram/build/Release/.deps/Release/obj.target/unix_dgram.node.d +0 -1
  641. package/node_modules/unix-dgram/build/Release/.deps/Release/unix_dgram.node.d +0 -1
  642. package/node_modules/unix-dgram/build/Release/obj.target/unix_dgram/src/unix_dgram.o +0 -0
  643. package/node_modules/unix-dgram/build/Release/obj.target/unix_dgram.node +0 -0
  644. package/node_modules/unix-dgram/build/Release/unix_dgram.node +0 -0
  645. package/node_modules/unix-dgram/build/binding.Makefile +0 -6
  646. package/node_modules/unix-dgram/build/config.gypi +0 -213
  647. package/node_modules/unix-dgram/build/unix_dgram.target.mk +0 -159
  648. package/node_modules/unix-dgram/lib/unix_dgram.js +0 -168
  649. package/node_modules/unix-dgram/package.json +0 -36
  650. package/node_modules/unix-dgram/src/unix_dgram.cc +0 -404
  651. package/node_modules/unix-dgram/src/win_dummy.cc +0 -7
  652. package/node_modules/unix-dgram/test/test-connect-callback.js +0 -68
  653. package/node_modules/unix-dgram/test/test-connect.js +0 -53
  654. package/node_modules/unix-dgram/test/test-dgram-unix.js +0 -58
  655. package/node_modules/unix-dgram/test/test-send-error.js +0 -26
  656. package/node_modules/winston-syslog/.eslintrc +0 -7
  657. package/node_modules/winston-syslog/.travis.yml +0 -14
  658. package/node_modules/winston-syslog/CHANGELOG.md +0 -9
  659. package/node_modules/winston-syslog/LICENSE +0 -20
  660. package/node_modules/winston-syslog/README.md +0 -135
  661. package/node_modules/winston-syslog/lib/utils.js +0 -26
  662. package/node_modules/winston-syslog/lib/winston-syslog.js +0 -385
  663. package/node_modules/winston-syslog/package.json +0 -56
  664. package/node_modules/winston-syslog/test/format-test.js +0 -122
  665. package/node_modules/winston-syslog/test/syslog-test.js +0 -95
  666. package/node_modules/winston-syslog/test/unix-connect-test.js +0 -133
package/lib/protect/rules/common.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/ip-denylist/ip-denylist-rule.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/method-tampering/evaluator.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/method-tampering/method-tampering-rule.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/nosqli/nosql-injection-rule.js ADDED
@@ -0,0 +1,228 @@
1
+ /**
2
+ Copyright: 2022 Contrast Security, Inc
3
+ Contact: support@contrastsecurity.com
4
+ License: Commercial
5
+
6
+ NOTICE: This Software and the patented inventions embodied within may only be
7
+ used as part of Contrast Security’s commercial offerings. Even though it is
8
+ made available through public repositories, use of this Software is subject to
9
+ the applicable End User Licensing Agreement found at
10
+ https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ between Contrast Security and the End User. The Software may not be reverse
12
+ engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ way not consistent with the End User License Agreement.
14
+ */
15
+ 'use strict';
16
+ /* eslint-disable complexity */
17
+ const _ = require('lodash');
18
+
19
+ const logger = require('../../../core/logger')('contrast:rules:protect');
20
+ const { INPUT_TYPES, SINK_TYPES } = require('../common');
21
+ const AsyncStorage = require('../../../core/async-storage');
22
+ const constants = require('../../../constants');
23
+ const { traverse } = require('../../../util/traverse');
24
+
25
+ const brackets = /\[(.{1,1024}?)\]/;
26
+ const child = /\[(.{1,1024}?)\]/g;
27
+
28
+ const MONGODB = 'mongodb';
29
+
30
+ const ScannerKit = new Map([
31
+ [MONGODB, () => require('../nosqli/nosql-scanner').create('MongoDB')]
32
+ ]);
33
+ const SubstringFinder = require('../base-scanner/substring-finder');
34
+
35
+ class NoSqlInjectionRule extends require('../') {
36
+ constructor(policy = {}) {
37
+ policy.inputParseDepth = 3;
38
+ super(policy);
39
+
40
+ this._scanners = new Map();
41
+
42
+ this.id = 'nosql-injection';
43
+ this.name = 'NoSQL Injection';
44
+ this.applicableInputs = [
45
+ INPUT_TYPES.BODY,
46
+ INPUT_TYPES.JSON_VALUE,
47
+ INPUT_TYPES.JSON_ARRAYED_VALUE,
48
+ INPUT_TYPES.PARAMETER_NAME,
49
+ INPUT_TYPES.PARAMETER_VALUE,
50
+ INPUT_TYPES.QUERYSTRING,
51
+ INPUT_TYPES.XML_VALUE,
52
+ INPUT_TYPES.URI,
53
+ INPUT_TYPES.URL_PARAMETER
54
+ ];
55
+ this.applicableSinks = [SINK_TYPES.NOSQL_QUERY];
56
+ }
57
+
58
+ evaluateAtSink({ event, applicableSamples }) {
59
+ if (_.isEmpty(applicableSamples) || !event.data) {
60
+ return;
61
+ }
62
+
63
+ if (typeof event.data === 'object') {
64
+ for (const sample of applicableSamples) {
65
+ const requestData = this.getRequestData(sample.input);
66
+ if (!requestData) {
67
+ return;
68
+ }
69
+ let found;
70
+ traverse(event.data, (key, value) => {
71
+ if (found) {
72
+ return;
73
+ }
74
+
75
+ Object.keys(requestData).some((reqKey) => {
76
+ if (value[reqKey] === requestData[reqKey]) {
77
+ found = reqKey;
78
+ return true;
79
+ }
80
+ });
81
+ });
82
+
83
+ if (found) {
84
+ const query = require('util').inspect(event.data, false, null);
85
+
86
+ let injection;
87
+ for (const location of new SubstringFinder(query, found)) {
88
+ if (location) {
89
+ injection = {
90
+ input: found,
91
+ location,
92
+ query
93
+ };
94
+ break;
95
+ }
96
+ }
97
+ if (injection) {
98
+ this.appendAttackDetails(sample, injection);
99
+ sample.captureAppContext(event);
100
+ logger.warn(`EFFECTIVE - rule: ${this.id}, mode: ${this.mode}`);
101
+ this.blockRequest(sample);
102
+ }
103
+ }
104
+ }
105
+ } else if (typeof event.data === 'string' || event.data instanceof String) {
106
+ const scanner = this.getScanner(event.id);
107
+
108
+ for (const sample of applicableSamples) {
109
+ const injection = scanner.findInjection(sample.input.value, event.data);
110
+
111
+ if (injection) {
112
+ this.appendAttackDetails(sample, injection);
113
+ sample.captureAppContext(event);
114
+ logger.warn(`EFFECTIVE - rule: ${this.id}, mode: ${this.mode} `);
115
+ this.blockRequest(sample);
116
+ }
117
+ }
118
+ }
119
+ }
120
+
121
+ /**
122
+ * Given the sample's user input object, will read the value from the request
123
+ * from the async storage context.
124
+ * @param {string} _documentPath
125
+ * @param {string} _documentType
126
+ */
127
+ getRequestData({ _documentPath, _documentType }) {
128
+ const ctx = AsyncStorage.getContext();
129
+
130
+ if (!ctx) {
131
+ logger.info(
132
+ 'unable to perform nosql-expansion sink analysis: async storage context not available'
133
+ );
134
+ return;
135
+ }
136
+
137
+ const pathArray = [];
138
+
139
+ if (!_documentPath) {
140
+ return pathArray;
141
+ }
142
+
143
+ if (
144
+ _documentType === constants.INPUT_TYPES.PARAMETER_NAME &&
145
+ _documentPath.length <= 1024
146
+ ) {
147
+ let segment = brackets.exec(_documentPath);
148
+ const parent = segment
149
+ ? _documentPath.slice(0, segment.index)
150
+ : _documentPath;
151
+
152
+ pathArray.push('query');
153
+
154
+ if (parent) {
155
+ pathArray.push(parent);
156
+ }
157
+ while ((segment = child.exec(_documentPath))) {
158
+ pathArray.push(segment[1]);
159
+ }
160
+ pathArray.pop();
161
+ } else {
162
+ // only qs params and body are "expandable"
163
+ pathArray.push('body', ..._documentPath.split('.'));
164
+ }
165
+
166
+ let data;
167
+ let curr = ctx.req;
168
+
169
+ for (const path of pathArray) {
170
+ if (curr) {
171
+ data = curr[path];
172
+ curr = data;
173
+ }
174
+ }
175
+ return data;
176
+ }
177
+
178
+ getScanner(id) {
179
+ if (!ScannerKit.has(id)) {
180
+ throw new Error(`Unknown NoSQL scanner: ${id}`);
181
+ }
182
+
183
+ if (!this._scanners.has(id)) {
184
+ this._scanners.set(id, ScannerKit.get(id)());
185
+ }
186
+
187
+ return this._scanners.get(id);
188
+ }
189
+
190
+ /**
191
+ * Builds details for NoSQL Injection Attack.
192
+ * @param {UserInput} inputDtm The user input that resulted in attack
193
+ * @param {String} query The query that was analyzed
194
+ * @param {Object} results The repsults of the sql-scanner
195
+ * @returns {Object} The details
196
+ */
197
+ buildDetails(sample, findings) {
198
+ if (!findings) {
199
+ return null;
200
+ }
201
+
202
+ const { boundary, location, query } = findings;
203
+ let inputBoundaryIndex, boundaryOverrunIndex;
204
+ const start = location[0];
205
+ const end = location[1] + 1;
206
+
207
+ if (boundary) {
208
+ inputBoundaryIndex = boundary.previous
209
+ ? boundary.previous.start
210
+ : boundary.start;
211
+ boundaryOverrunIndex = boundary.stop + 1;
212
+ } else {
213
+ inputBoundaryIndex = start;
214
+ boundaryOverrunIndex = end;
215
+ }
216
+
217
+ return {
218
+ start,
219
+ end,
220
+ input: sample.input.toSerializable(),
221
+ boundaryOverrunIndex,
222
+ inputBoundaryIndex,
223
+ query
224
+ };
225
+ }
226
+ }
227
+
228
+ module.exports = NoSqlInjectionRule;
package/lib/protect/rules/nosqli/nosql-scanner/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/nosqli/nosql-scanner/mongodbscanner.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/path-traversal/path-traversal-rule.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/rule-factory.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
@@ -34,7 +34,7 @@ const ctors = {
34
34
  [RULES.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS]: require('./cmd-injection-semantic-chained-commands/cmd-injection-semantic-chained-commands-rule'),
35
35
  [RULES.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: require('./cmd-injection-semantic-dangerous-paths/cmd-injection-semantic-dangerous-paths-rule.js'),
36
36
  [RULES.METHOD_TAMPERING]: require('./method-tampering/method-tampering-rule'),
37
- [RULES.NOSQL_INJECTION]: require('./nosqli/no-sql-injection-rule'),
37
+ [RULES.NOSQL_INJECTION]: require('./nosqli/nosql-injection-rule'),
38
38
  [RULES.PATH_TRAVERSAL]: require('./path-traversal/path-traversal-rule'),
39
39
  [RULES.REFLECTED_XSS]: require('./xss/reflected-xss-rule'),
40
40
  [RULES.SQL_INJECTION]: require('./sqli/sql-injection-rule'),
@@ -109,7 +109,7 @@ class ProtectRuleFactory {
109
109
  this.signatures = new SignatureKit(definitionList);
110
110
  }
111
111
 
112
- const denylist = _.get(settings, 'defend.ipBlacklistsList');
112
+ const denylist = _.get(settings, 'defend.ipDenylistsList');
113
113
  if (denylist) {
114
114
  logger.info(`IP Denylist updated. Total: ${denylist.length}`);
115
115
  }
package/lib/protect/rules/signatures/cmd-injection/custom-searchers/chained-command-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/cmd-injection/custom-searchers/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/cmd-injection/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/evaluator.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/nosql-injection/custom-searchers/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/nosql-injection/custom-searchers/nosql-comment-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/nosql-injection/custom-searchers/simple-or-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/nosql-injection/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/path-traversal/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/behavior-url-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/function-definition-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/immediate-function-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/link-and-src-target-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/location-set-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/map-access-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/native-function-execution-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/no-alnum-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/redefined-function-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/style-url-injection-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/custom-searchers/variable-assignment-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/helpers/function-call.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/reflected-xss/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/signature.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/if-else-drop-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/simple-or-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/sql-comment-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/time-function-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/custom-searchers/tsql-exec-searcher.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/sql-injection/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/ssjs-injection/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/unsafe-file-upload/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/signatures/untrusted-deserialization/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/sqli/generic-complicated.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/sqli/sql-injection-rule.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/sqli/sql-scanner/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/sqli/sql-scanner/mysql-scanner.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/ssjs-injection/evaluator.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5
 
package/lib/protect/rules/ssjs-injection/ssjsinjection-rule.js CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- Copyright: 2021 Contrast Security, Inc
2
+ Copyright: 2022 Contrast Security, Inc
3
3
  Contact: support@contrastsecurity.com
4
4
  License: Commercial
5
5