@contrast/assess 1.54.1 → 1.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
'use strict';
|
|
17
17
|
|
|
18
|
-
const { isString } = require('@contrast/common');
|
|
18
|
+
const { isString, primordials: { ArrayPrototypeJoin } } = require('@contrast/common');
|
|
19
19
|
const { createSubsetTags, truncateStringValue } = require('../../../tag-utils');
|
|
20
20
|
const { patchType } = require('../../common');
|
|
21
21
|
const { getKeyValueIndices } = require('./parse-fn');
|
|
@@ -73,7 +73,7 @@ module.exports = function (core) {
|
|
|
73
73
|
|
|
74
74
|
return createPropagationEvent({
|
|
75
75
|
get context() {
|
|
76
|
-
return `${method}(${eventArgs.map((arg, i) => i == 0 ? data.truncatedArg0 : `'${arg.value}'`)})`;
|
|
76
|
+
return `${method}(${ArrayPrototypeJoin.call(eventArgs.map((arg, i) => i == 0 ? data.truncatedArg0 : `'${arg.value}'`))})`;
|
|
77
77
|
},
|
|
78
78
|
name: method,
|
|
79
79
|
history: [strInfo],
|
|
@@ -36,6 +36,9 @@ module.exports = function (core) {
|
|
|
36
36
|
patchType,
|
|
37
37
|
post({ result: server, funcKey }) {
|
|
38
38
|
server.addHook('preValidation', function preValidationHandler(request, reply, done) {
|
|
39
|
+
// todo(NODE-3793): support for @fastify/websocket
|
|
40
|
+
if (request.constructor.name == 'WebSocket') return;
|
|
41
|
+
|
|
39
42
|
const sourceContext = getSourceContext();
|
|
40
43
|
if (!sourceContext) return done();
|
|
41
44
|
|
|
@@ -64,7 +64,6 @@ function factory(core) {
|
|
|
64
64
|
// there is a context, but if policy is null then assess is intentionally
|
|
65
65
|
// disabled (i.e., url exclusion or the request is not sampled).
|
|
66
66
|
if (!ctx.policy) {
|
|
67
|
-
core.logger.trace('Assess intentionally disabled for this request');
|
|
68
67
|
return null;
|
|
69
68
|
}
|
|
70
69
|
|
|
@@ -84,7 +83,6 @@ function factory(core) {
|
|
|
84
83
|
if (!ctx) return null;
|
|
85
84
|
|
|
86
85
|
if (!ctx.policy) {
|
|
87
|
-
core.logger.trace('Assess intentionally disabled for this request');
|
|
88
86
|
return null;
|
|
89
87
|
}
|
|
90
88
|
|
|
@@ -108,7 +106,6 @@ function factory(core) {
|
|
|
108
106
|
}
|
|
109
107
|
|
|
110
108
|
if (!ctx.policy) {
|
|
111
|
-
core.logger.trace('Assess intentionally disabled for this request');
|
|
112
109
|
return null;
|
|
113
110
|
}
|
|
114
111
|
|
package/lib/sampler/common.js
CHANGED
|
@@ -84,23 +84,34 @@ class BaseSampler {
|
|
|
84
84
|
class AssessTurnedOffSampler extends BaseSampler {
|
|
85
85
|
constructor() {
|
|
86
86
|
super(SamplingStrategies.AssessTurnedOff);
|
|
87
|
-
this.
|
|
87
|
+
this.sampleInfo = Object.seal({ canSample: false });
|
|
88
88
|
}
|
|
89
89
|
|
|
90
90
|
getSampleInfo() {
|
|
91
|
-
return this.
|
|
91
|
+
return this.sampleInfo;
|
|
92
92
|
}
|
|
93
93
|
}
|
|
94
94
|
|
|
95
95
|
class ProbabilisticSampler extends BaseSampler {
|
|
96
96
|
constructor(opts) {
|
|
97
97
|
super(SamplingStrategies.Probabilistic, opts);
|
|
98
|
+
this.baseline = 0;
|
|
99
|
+
this.defaultSampleInfo = Object.seal({ canSample: true });
|
|
100
|
+
// reset baseline each window_ms
|
|
101
|
+
setInterval(() => {
|
|
102
|
+
this.baseline = 0;
|
|
103
|
+
}, opts.window_ms).unref();
|
|
98
104
|
}
|
|
99
105
|
|
|
100
106
|
getSampleInfo(sourceInfo) {
|
|
101
|
-
const { base_probability } = this.opts;
|
|
107
|
+
const { baseline, base_probability } = this.opts;
|
|
102
108
|
const { reqData } = sourceInfo.store.assess;
|
|
103
109
|
|
|
110
|
+
if (this.baseline < baseline) {
|
|
111
|
+
this.baseline++;
|
|
112
|
+
return this.defaultSampleInfo;
|
|
113
|
+
}
|
|
114
|
+
|
|
104
115
|
// base caclulation
|
|
105
116
|
const rand = Math.random();
|
|
106
117
|
const canSample = rand < base_probability;
|
package/lib/sampler/index.js
CHANGED
|
@@ -70,6 +70,8 @@ module.exports = function assess(core) {
|
|
|
70
70
|
opts = {
|
|
71
71
|
base_probability: baseProbability,
|
|
72
72
|
route_monitor: config.assess.probabilistic_sampling.route_monitor,
|
|
73
|
+
baseline: config.getEffectiveValue('assess.probabilistic_sampling.baseline'),
|
|
74
|
+
window_ms: config.getEffectiveValue('assess.probabilistic_sampling.window_ms'),
|
|
73
75
|
};
|
|
74
76
|
}
|
|
75
77
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/assess",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.56.0",
|
|
4
4
|
"description": "Contrast service providing framework-agnostic Assess support",
|
|
5
5
|
"license": "SEE LICENSE IN LICENSE",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
|
@@ -17,20 +17,20 @@
|
|
|
17
17
|
"node": ">= 16.9.1"
|
|
18
18
|
},
|
|
19
19
|
"scripts": {
|
|
20
|
-
"test": "../scripts/test.sh"
|
|
20
|
+
"test": "bash ../scripts/test.sh"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@contrast/common": "1.
|
|
24
|
-
"@contrast/config": "1.
|
|
25
|
-
"@contrast/core": "1.
|
|
26
|
-
"@contrast/dep-hooks": "1.
|
|
23
|
+
"@contrast/common": "1.33.0",
|
|
24
|
+
"@contrast/config": "1.48.0",
|
|
25
|
+
"@contrast/core": "1.53.0",
|
|
26
|
+
"@contrast/dep-hooks": "1.22.0",
|
|
27
27
|
"@contrast/distringuish": "^5.1.0",
|
|
28
|
-
"@contrast/instrumentation": "1.
|
|
29
|
-
"@contrast/logger": "1.
|
|
30
|
-
"@contrast/patcher": "1.
|
|
31
|
-
"@contrast/rewriter": "1.
|
|
32
|
-
"@contrast/route-coverage": "1.
|
|
33
|
-
"@contrast/scopes": "1.
|
|
28
|
+
"@contrast/instrumentation": "1.32.0",
|
|
29
|
+
"@contrast/logger": "1.26.0",
|
|
30
|
+
"@contrast/patcher": "1.25.0",
|
|
31
|
+
"@contrast/rewriter": "1.29.0",
|
|
32
|
+
"@contrast/route-coverage": "1.44.0",
|
|
33
|
+
"@contrast/scopes": "1.23.0",
|
|
34
34
|
"semver": "^7.6.0"
|
|
35
35
|
}
|
|
36
36
|
}
|