@contrast/assess 1.34.0 → 1.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -63,7 +63,7 @@ module.exports = function (core) {
|
|
|
63
63
|
};
|
|
64
64
|
|
|
65
65
|
sources.createStacktrace = function (stacktraceOpts) {
|
|
66
|
-
return config.assess.stacktraces === 'NONE'
|
|
66
|
+
return config.assess.stacktraces === 'NONE' || config.assess.stacktraces === 'SINK'
|
|
67
67
|
? emptyStack
|
|
68
68
|
: createSnapshot(stacktraceOpts)();
|
|
69
69
|
};
|
|
@@ -139,6 +139,44 @@ describe('assess dataflow sources handler', function () {
|
|
|
139
139
|
});
|
|
140
140
|
});
|
|
141
141
|
|
|
142
|
+
['SINK', 'NONE'].forEach((option) => {
|
|
143
|
+
it(`does not capture stacktrace for assess.stacktraces=${option}`, function() {
|
|
144
|
+
simulateRequestScope(() => {
|
|
145
|
+
const sourceContext = core.scopes.sources.getStore()?.assess;
|
|
146
|
+
core.config.assess.stacktraces = option;
|
|
147
|
+
const trackedObj = sources.handle({
|
|
148
|
+
name: 'test-source-name',
|
|
149
|
+
inputType: InputType.QUERYSTRING,
|
|
150
|
+
data: { prop1: 'foo' },
|
|
151
|
+
sourceContext
|
|
152
|
+
});
|
|
153
|
+
|
|
154
|
+
const trackData = tracker.getData(trackedObj.prop1);
|
|
155
|
+
expect(trackData.stack).to.deep.equal([]);
|
|
156
|
+
});
|
|
157
|
+
});
|
|
158
|
+
});
|
|
159
|
+
|
|
160
|
+
['SOME', 'ALL'].forEach((option) => {
|
|
161
|
+
it(`captures stacktrace for assess.stacktraces=${option}`, function() {
|
|
162
|
+
simulateRequestScope(() => {
|
|
163
|
+
const sourceContext = core.scopes.sources.getStore()?.assess;
|
|
164
|
+
core.config.assess.stacktraces = option;
|
|
165
|
+
const trackedObj = sources.handle({
|
|
166
|
+
name: 'test-source-name',
|
|
167
|
+
inputType: InputType.QUERYSTRING,
|
|
168
|
+
data: { prop1: 'foo' },
|
|
169
|
+
sourceContext
|
|
170
|
+
});
|
|
171
|
+
|
|
172
|
+
const trackData = tracker.getData(trackedObj.prop1);
|
|
173
|
+
expect(trackData.stack).to.be.instanceOf(Array);
|
|
174
|
+
expect(trackData.stack.length).to.be.greaterThan(0);
|
|
175
|
+
});
|
|
176
|
+
});
|
|
177
|
+
});
|
|
178
|
+
|
|
179
|
+
|
|
142
180
|
it('traverses objects and tracks string values', function () {
|
|
143
181
|
simulateRequestScope(() => {
|
|
144
182
|
const sourceContext = core.scopes.sources.getStore()?.assess;
|
|
@@ -199,14 +199,16 @@ testMethod('assess event-factory', function () {
|
|
|
199
199
|
});
|
|
200
200
|
});
|
|
201
201
|
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
202
|
+
['SOME', 'SINK', 'NONE'].forEach((option) => {
|
|
203
|
+
it(`returns an event without stacktrace generator function when stacktraces option is not set to "ALL" and set to ${option}`, function () {
|
|
204
|
+
core.config.assess.stacktraces = option;
|
|
205
|
+
core.scopes.sources.run(validStore, function () {
|
|
206
|
+
const result = createPropagationEvent(validData);
|
|
206
207
|
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
208
|
+
expect(result).to.be.like(validResult);
|
|
209
|
+
expect(result.time).not.to.be.undefined;
|
|
210
|
+
expect(result.stack).to.deep.equal([]);
|
|
211
|
+
});
|
|
210
212
|
});
|
|
211
213
|
});
|
|
212
214
|
});
|
|
@@ -296,14 +298,17 @@ testMethod('assess event-factory', function () {
|
|
|
296
298
|
});
|
|
297
299
|
});
|
|
298
300
|
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
301
|
+
['ALL', 'SOME', 'SINK'].forEach((option) => {
|
|
302
|
+
it(`returns an event with stacktrace generator function when stacktraces option is not set to "NONE" and set to ${option}`, function () {
|
|
303
|
+
core.config.assess.stacktraces = option;
|
|
304
|
+
core.scopes.sources.run(validStore, function () {
|
|
305
|
+
const result = createSinkEvent(validData);
|
|
303
306
|
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
+
expect(result).to.be.like(validResult);
|
|
308
|
+
expect(result.time).not.to.be.undefined;
|
|
309
|
+
expect(result.stack).to.be.instanceOf(Array);
|
|
310
|
+
expect(result.stack.length).to.be.greaterThan(0);
|
|
311
|
+
});
|
|
307
312
|
});
|
|
308
313
|
});
|
|
309
314
|
|
package/lib/index.d.ts
CHANGED
|
@@ -12,17 +12,22 @@
|
|
|
12
12
|
* engineered, modified, repackaged, sold, redistributed or otherwise used in a
|
|
13
13
|
* way not consistent with the End User License Agreement.
|
|
14
14
|
*/
|
|
15
|
-
import {
|
|
16
|
-
import {
|
|
17
|
-
Rule,
|
|
18
|
-
SessionConfigurationRule,
|
|
19
|
-
} from '@contrast/common';
|
|
15
|
+
import { Rule, SessionConfigurationRule } from '@contrast/common';
|
|
16
|
+
import { Config } from '@contrast/config';
|
|
20
17
|
import { Core as _Core } from '@contrast/core';
|
|
18
|
+
import { Deadzones } from '@contrast/deadzones';
|
|
19
|
+
import { DepHooks } from '@contrast/dep-hooks';
|
|
20
|
+
import { Logger } from '@contrast/logger';
|
|
21
|
+
import { Patcher } from '@contrast/patcher';
|
|
22
|
+
import { ReporterBus } from '@contrast/reporter';
|
|
23
|
+
import { Rewriter } from '@contrast/rewriter';
|
|
24
|
+
import { Scopes } from '@contrast/scopes';
|
|
25
|
+
import { IncomingMessage, ServerResponse } from 'node:http';
|
|
21
26
|
|
|
22
27
|
export interface Core extends _Core {
|
|
23
28
|
config: Config;
|
|
24
29
|
logger: Logger;
|
|
25
|
-
depHooks:
|
|
30
|
+
depHooks: DepHooks;
|
|
26
31
|
patcher: Patcher
|
|
27
32
|
rewriter: Rewriter;
|
|
28
33
|
scopes: Scopes;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/assess",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.35.0",
|
|
4
4
|
"description": "Contrast service providing framework-agnostic Assess support",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -18,15 +18,15 @@
|
|
|
18
18
|
},
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"@contrast/common": "1.25.0",
|
|
21
|
-
"@contrast/config": "1.
|
|
22
|
-
"@contrast/core": "1.
|
|
23
|
-
"@contrast/dep-hooks": "1.
|
|
21
|
+
"@contrast/config": "1.33.0",
|
|
22
|
+
"@contrast/core": "1.37.0",
|
|
23
|
+
"@contrast/dep-hooks": "1.5.0",
|
|
24
24
|
"@contrast/distringuish": "^5.1.0",
|
|
25
|
-
"@contrast/instrumentation": "1.
|
|
26
|
-
"@contrast/logger": "1.
|
|
27
|
-
"@contrast/patcher": "1.
|
|
28
|
-
"@contrast/rewriter": "1.
|
|
29
|
-
"@contrast/scopes": "1.
|
|
25
|
+
"@contrast/instrumentation": "1.15.0",
|
|
26
|
+
"@contrast/logger": "1.10.0",
|
|
27
|
+
"@contrast/patcher": "1.9.0",
|
|
28
|
+
"@contrast/rewriter": "1.13.0",
|
|
29
|
+
"@contrast/scopes": "1.6.0",
|
|
30
30
|
"semver": "^7.6.0"
|
|
31
31
|
}
|
|
32
32
|
}
|