@contrast/common 1.0.3 → 1.1.1

package/lib/constants.d.ts

@@ -1,6 +1,13 @@
 export declare enum Event {
     ASSESS = "assess",
-    PROTECT = "protect"
+    PROTECT = "protect",
+    SERVER_SETTINGS_UPDATE = "server-settings-update"
+}
+export declare enum ProtectRuleMode {
+    OFF = "off",
+    MONITOR = "monitor",
+    BLOCK = "block",
+    BLOCK_AT_PERIMETER = "block_at_perimeter"
 }
 export declare enum Rule {
     BOT_BLOCKER = "bot-blocker",
@@ -21,3 +28,28 @@ export declare enum Rule {
     UNSAFE_FILE_UPLOAD = "unsafe-file-upload",
     XXE = "xxe"
 }
+export declare enum InputType {
+    UNDEFINED_TYPE = "UNDEFINED_TYPE",
+    BODY = "BODY",
+    COOKIE_NAME = "COOKIE_NAME",
+    COOKIE_VALUE = "COOKIE_VALUE",
+    HEADER = "HEADER",
+    PARAMETER_NAME = "PARAMETER_NAME",
+    PARAMETER_VALUE = "PARAMETER_VALUE",
+    QUERYSTRING = "QUERYSTRING",
+    URI = "URI",
+    SOCKET = "SOCKET",
+    JSON_VALUE = "JSON_VALUE",
+    JSON_ARRAYED_VALUE = "JSON_ARRAYED_VALUE",
+    MULTIPART_CONTENT_TYPE = "MULTIPART_CONTENT_TYPE",
+    MULTIPART_VALUE = "MULTIPART_VALUE",
+    MULTIPART_FIELD_NAME = "MULTIPART_FIELD_NAME",
+    MULTIPART_NAME = "MULTIPART_NAME",
+    XML_VALUE = "XML_VALUE",
+    DWR_VALUE = "DWR_VALUE",
+    METHOD = "METHOD",
+    REQUEST = "REQUEST",
+    URL_PARAMETER = "URL_PARAMETER",
+    UNKNOWN = "UNKNOWN"
+}
+export declare const BLOCKING_MODES: string[];

package/lib/constants.js

@@ -14,12 +14,20 @@
  * way not consistent with the End User License Agreement.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Rule = exports.Event = void 0;
+exports.BLOCKING_MODES = exports.InputType = exports.Rule = exports.ProtectRuleMode = exports.Event = void 0;
 var Event;
 (function (Event) {
     Event["ASSESS"] = "assess";
     Event["PROTECT"] = "protect";
+    Event["SERVER_SETTINGS_UPDATE"] = "server-settings-update";
 })(Event = exports.Event || (exports.Event = {}));
+var ProtectRuleMode;
+(function (ProtectRuleMode) {
+    ProtectRuleMode["OFF"] = "off";
+    ProtectRuleMode["MONITOR"] = "monitor";
+    ProtectRuleMode["BLOCK"] = "block";
+    ProtectRuleMode["BLOCK_AT_PERIMETER"] = "block_at_perimeter";
+})(ProtectRuleMode = exports.ProtectRuleMode || (exports.ProtectRuleMode = {}));
 var Rule;
 (function (Rule) {
     Rule["BOT_BLOCKER"] = "bot-blocker";
@@ -40,4 +48,30 @@ var Rule;
     Rule["UNSAFE_FILE_UPLOAD"] = "unsafe-file-upload";
     Rule["XXE"] = "xxe";
 })(Rule = exports.Rule || (exports.Rule = {}));
+var InputType;
+(function (InputType) {
+    InputType["UNDEFINED_TYPE"] = "UNDEFINED_TYPE";
+    InputType["BODY"] = "BODY";
+    InputType["COOKIE_NAME"] = "COOKIE_NAME";
+    InputType["COOKIE_VALUE"] = "COOKIE_VALUE";
+    InputType["HEADER"] = "HEADER";
+    InputType["PARAMETER_NAME"] = "PARAMETER_NAME";
+    InputType["PARAMETER_VALUE"] = "PARAMETER_VALUE";
+    InputType["QUERYSTRING"] = "QUERYSTRING";
+    InputType["URI"] = "URI";
+    InputType["SOCKET"] = "SOCKET";
+    InputType["JSON_VALUE"] = "JSON_VALUE";
+    InputType["JSON_ARRAYED_VALUE"] = "JSON_ARRAYED_VALUE";
+    InputType["MULTIPART_CONTENT_TYPE"] = "MULTIPART_CONTENT_TYPE";
+    InputType["MULTIPART_VALUE"] = "MULTIPART_VALUE";
+    InputType["MULTIPART_FIELD_NAME"] = "MULTIPART_FIELD_NAME";
+    InputType["MULTIPART_NAME"] = "MULTIPART_NAME";
+    InputType["XML_VALUE"] = "XML_VALUE";
+    InputType["DWR_VALUE"] = "DWR_VALUE";
+    InputType["METHOD"] = "METHOD";
+    InputType["REQUEST"] = "REQUEST";
+    InputType["URL_PARAMETER"] = "URL_PARAMETER";
+    InputType["UNKNOWN"] = "UNKNOWN";
+})(InputType = exports.InputType || (exports.InputType = {}));
+exports.BLOCKING_MODES = ['block', 'block_at_perimeter'];
 //# sourceMappingURL=constants.js.map

package/lib/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,IAAY,KAGX;AAHD,WAAY,KAAK;IACf,0BAAiB,CAAA;IACjB,4BAAmB,CAAA;AACrB,CAAC,EAHW,KAAK,GAAL,aAAK,KAAL,aAAK,QAGhB;AAED,IAAY,IAkBX;AAlBD,WAAY,IAAI;IACd,mCAA2B,CAAA;IAC3B,uCAA+B,CAAA;IAC/B,2EAAmE,CAAA;IACnE,2FAAmF,CAAA;IACnF,yFAAiF,CAAA;IACjF,mCAA2B,CAAA;IAC3B,6CAAqC,CAAA;IACrC,2CAAmC,CAAA;IACnC,uDAA+C,CAAA;IAC/C,yCAAiC,CAAA;IACjC,uCAA+B,CAAA;IAC/B,uCAA+B,CAAA;IAC/B,yCAAiC,CAAA;IACjC,uCAA+B,CAAA;IAC/B,+DAAuD,CAAA;IACvD,iDAAyC,CAAA;IACzC,mBAAW,CAAA;AACb,CAAC,EAlBW,IAAI,GAAJ,YAAI,KAAJ,YAAI,QAkBf"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,IAAY,KAIX;AAJD,WAAY,KAAK;IACf,0BAAiB,CAAA;IACjB,4BAAmB,CAAA;IACnB,0DAAiD,CAAA;AACnD,CAAC,EAJW,KAAK,GAAL,aAAK,KAAL,aAAK,QAIhB;AACD,IAAY,eAKX;AALD,WAAY,eAAe;IACzB,8BAAW,CAAA;IACX,sCAAmB,CAAA;IACnB,kCAAe,CAAA;IACf,4DAAyC,CAAA;AAC3C,CAAC,EALW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAK1B;AAED,IAAY,IAkBX;AAlBD,WAAY,IAAI;IACd,mCAA2B,CAAA;IAC3B,uCAA+B,CAAA;IAC/B,2EAAmE,CAAA;IACnE,2FAAmF,CAAA;IACnF,yFAAiF,CAAA;IACjF,mCAA2B,CAAA;IAC3B,6CAAqC,CAAA;IACrC,2CAAmC,CAAA;IACnC,uDAA+C,CAAA;IAC/C,yCAAiC,CAAA;IACjC,uCAA+B,CAAA;IAC/B,uCAA+B,CAAA;IAC/B,yCAAiC,CAAA;IACjC,uCAA+B,CAAA;IAC/B,+DAAuD,CAAA;IACvD,iDAAyC,CAAA;IACzC,mBAAW,CAAA;AACb,CAAC,EAlBW,IAAI,GAAJ,YAAI,KAAJ,YAAI,QAkBf;AAED,IAAY,SAuBX;AAvBD,WAAY,SAAS;IACnB,8CAAiC,CAAA;IACjC,0BAAa,CAAA;IACb,wCAA2B,CAAA;IAC3B,0CAA6B,CAAA;IAC7B,8BAAiB,CAAA;IACjB,8CAAiC,CAAA;IACjC,gDAAmC,CAAA;IACnC,wCAA2B,CAAA;IAC3B,wBAAW,CAAA;IACX,8BAAiB,CAAA;IACjB,sCAAyB,CAAA;IACzB,sDAAyC,CAAA;IACzC,8DAAiD,CAAA;IACjD,gDAAmC,CAAA;IACnC,0DAA6C,CAAA;IAC7C,8CAAiC,CAAA;IACjC,oCAAuB,CAAA;IACvB,oCAAuB,CAAA;IACvB,8BAAiB,CAAA;IACjB,gCAAmB,CAAA;IACnB,4CAA+B,CAAA;IAC/B,gCAAmB,CAAA;AACrB,CAAC,EAvBW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAuBpB;AAEY,QAAA,cAAc,GAAG,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC"}

package/lib/index.d.ts

@@ -5,4 +5,7 @@ export * from './types';
  * String object.
  */
 export declare function isString(value: unknown): value is string | String;
+export declare function isNonEmptyObject(value: unknown): value is object;
 export declare function encodeString(str: string): string;
+export declare function simpleTraverse(obj: any, cb: Function): void;
+export declare function installChildComponentsSync(parent: any, order: string[]): void;

package/lib/index.js

@@ -28,7 +28,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encodeString = exports.isString = void 0;
+exports.installChildComponentsSync = exports.simpleTraverse = exports.encodeString = exports.isNonEmptyObject = exports.isString = void 0;
 __exportStar(require("./constants"), exports);
 __exportStar(require("./types"), exports);
 /**
@@ -40,8 +40,65 @@ function isString(value) {
     return typeof value === 'string' || value instanceof String;
 }
 exports.isString = isString;
+function isNonEmptyObject(value) {
+    return !!value && typeof value === 'object' && Object.keys(value).length > 0;
+}
+exports.isNonEmptyObject = isNonEmptyObject;
+/* c8 ignore next 3 */
 function encodeString(str) {
     return Buffer.from(str).toString('base64');
 }
 exports.encodeString = encodeString;
+function simpleTraverse(obj, cb) {
+    if (typeof obj !== 'object' || obj === null) {
+        return;
+    }
+    const path = [];
+    /* eslint-disable complexity */
+    function traverse(obj) {
+        const isArray = Array.isArray(obj);
+        for (const k in obj) {
+            if (isArray) {
+                const _k = Number(k);
+                // if it is an array, store each index in path but don't call the
+                // callback on the index itself as they are just numeric strings.
+                path.push(_k);
+                if (typeof obj[_k] === 'object' && obj[_k] !== null) {
+                    traverse(obj[_k]);
+                }
+                else if (typeof obj[_k] === 'string' && obj[_k]) {
+                    cb(path, 'Value', obj[_k], obj);
+                }
+                path.pop();
+            }
+            else if (typeof obj[k] === 'object' && obj[k] !== null) {
+                cb(path, 'Key', k, obj);
+                path.push(k);
+                traverse(obj[k]);
+                path.pop();
+            }
+            else {
+                cb(path, 'Key', k, obj);
+                // only callback if the value is a non-empty string
+                if (typeof obj[k] === 'string' && obj[k]) {
+                    path.push(k);
+                    cb(path, 'Value', obj[k], obj);
+                    path.pop();
+                }
+            }
+        }
+    }
+    traverse(obj);
+}
+exports.simpleTraverse = simpleTraverse;
+function installChildComponentsSync(parent, order) {
+    const keys = order || Object.keys(parent);
+    for (const key of keys) {
+        const component = parent[key];
+        if (typeof component.install === 'function') {
+            component.install();
+        }
+    }
+}
+exports.installChildComponentsSync = installChildComponentsSync;
 //# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;AAEH,8CAA4B;AAC5B,0CAAwB;AAExB;;;GAGG;AACH,wDAAwD;AACxD,SAAgB,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,YAAY,MAAM,CAAC;AAC9D,CAAC;AAFD,4BAEC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAFD,oCAEC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;AAEH,8CAA4B;AAC5B,0CAAwB;AAExB;;;GAGG;AACH,wDAAwD;AACxD,SAAgB,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,YAAY,MAAM,CAAC;AAC9D,CAAC;AAFD,4BAEC;AAED,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,OAAO,CAAC,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC/E,CAAC;AAFD,4CAEC;AAED,sBAAsB;AACtB,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAFD,oCAEC;AAED,SAAgB,cAAc,CAAC,GAAQ,EAAE,EAAY;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE;QAC3C,OAAO;KACR;IACD,MAAM,IAAI,GAAU,EAAE,CAAC;IACvB,+BAA+B;IAC/B,SAAS,QAAQ,CAAC,GAAQ;QACxB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE;YACnB,IAAI,OAAO,EAAE;gBACX,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBACrB,iEAAiE;gBACjE,iEAAiE;gBACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACd,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;oBACnD,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;iBACnB;qBAAM,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE;oBACjD,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;iBACjC;gBACD,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;iBAAM,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE;gBACxD,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACb,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjB,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;iBAAM;gBACL,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxB,mDAAmD;gBACnD,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE;oBACxC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACb,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;SACF;IACH,CAAC;IAED,QAAQ,CAAC,GAAG,CAAC,CAAC;AAChB,CAAC;AAtCD,wCAsCC;AAED,SAAgB,0BAA0B,CAAC,MAAW,EAAE,KAAe;IACrE,MAAM,IAAI,GAAG,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;QACtB,MAAM,SAAS,GAAQ,MAAM,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,OAAO,SAAS,CAAC,OAAO,KAAK,UAAU,EAAE;YAC3C,SAAS,CAAC,OAAO,EAAE,CAAC;SACrB;KACF;AACH,CAAC;AARD,gEAQC"}

package/lib/types.d.ts

@@ -0,0 +1,83 @@
+/// <reference types="node" />
+import { Event, Rule, ProtectRuleMode } from './constants';
+import { EventEmitter } from 'events';
+export declare type SemanticAnalysisRules = Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS | Rule.CMD_INJECTION_COMMAND_BACKDOORS | Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS;
+export interface Result {
+    blocked: boolean;
+    ruleId: Rule;
+    inputType: string;
+    path?: string[];
+    key?: string;
+    value: string;
+    details?: any[];
+    mongoExpansionResult?: boolean;
+    idsList?: string[];
+}
+export interface SemanticAnalysisResult extends Result {
+    findings?: {
+        command?: string;
+    };
+    sinkContext?: any;
+}
+export interface HardeningResult extends Result {
+    findings?: {
+        command?: boolean;
+        deserializer?: string;
+    };
+    sinkContext?: any;
+}
+export interface ServerFeaturePreliminaryResult {
+    name?: string;
+    uuid: string;
+    ip?: string;
+}
+export interface ServerFeatureResult extends Result {
+    details?: ServerFeaturePreliminaryResult[];
+}
+export interface ReqData {
+    method: string;
+    headers: string[];
+    uriPath: string;
+    queries: string;
+    contentType?: string;
+    standardUrlParsing: boolean;
+    ip: string;
+    httpVersion: string;
+}
+export interface Findings {
+    trackRequest: boolean;
+    securityException?: [mode: ProtectRuleMode, ruleId: string];
+    bodyType?: 'json' | 'urlencoded';
+    resultsMap: Record<Rule, Result[]>;
+    semanticResultsMap: Record<Rule, SemanticAnalysisResult[]>;
+    serverFeaturesResultsMap: Record<Rule, ServerFeaturePreliminaryResult[]>;
+    hardeningResultsMap: Record<Rule, HardeningResult[]>;
+}
+export interface RequestStore {
+    protect?: ProtectMessage;
+}
+export interface ProtectMessage {
+    reqData: ReqData;
+    block: (mode: string, ruleId: string) => void;
+    policy: any;
+    exclusions: any[];
+    virtualPatches: any[];
+    findings: Findings;
+    parsedBody: any;
+    parsedCookies: any;
+    parsedParams: any;
+    parsedQuery: any;
+}
+export interface Messages extends EventEmitter {
+    addListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
+    emit(event: Event.PROTECT, msg: RequestStore): boolean;
+    emit(event: Event.SERVER_SETTINGS_UPDATE, msg: {
+        [key: string]: any;
+    }): boolean;
+    on(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
+    on(event: Event.SERVER_SETTINGS_UPDATE, listener: (msg: {
+        [key: string]: any;
+    }) => void): this;
+    prependListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
+    prependOnceListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
+}

package/lib/{types/index.js → types.js}

@@ -14,4 +14,4 @@
  * way not consistent with the End User License Agreement.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=index.js.map
+//# sourceMappingURL=types.js.map

package/lib/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/common",
-  "version": "1.0.3",
+  "version": "1.1.1",
   "description": "Shared constants and utilities for all Contrast Agent modules",
   "license": "UNLICENSED",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",

package/src/constants.ts

@@ -16,6 +16,13 @@
 export enum Event {
   ASSESS = 'assess',
   PROTECT = 'protect',
+  SERVER_SETTINGS_UPDATE = 'server-settings-update',
+}
+export enum ProtectRuleMode {
+  OFF = 'off',
+  MONITOR = 'monitor',
+  BLOCK = 'block',
+  BLOCK_AT_PERIMETER = 'block_at_perimeter',
 }
 
 export enum Rule {
@@ -37,3 +44,31 @@ export enum Rule {
   UNSAFE_FILE_UPLOAD = 'unsafe-file-upload',
   XXE = 'xxe',
 }
+
+export enum InputType {
+  UNDEFINED_TYPE = 'UNDEFINED_TYPE',
+  BODY = 'BODY',
+  COOKIE_NAME = 'COOKIE_NAME',
+  COOKIE_VALUE = 'COOKIE_VALUE',
+  HEADER = 'HEADER',
+  PARAMETER_NAME = 'PARAMETER_NAME',
+  PARAMETER_VALUE = 'PARAMETER_VALUE',
+  QUERYSTRING = 'QUERYSTRING',
+  URI = 'URI',
+  SOCKET = 'SOCKET',
+  JSON_VALUE = 'JSON_VALUE',
+  JSON_ARRAYED_VALUE = 'JSON_ARRAYED_VALUE',
+  MULTIPART_CONTENT_TYPE = 'MULTIPART_CONTENT_TYPE',
+  MULTIPART_VALUE = 'MULTIPART_VALUE',
+  MULTIPART_FIELD_NAME = 'MULTIPART_FIELD_NAME',
+  MULTIPART_NAME = 'MULTIPART_NAME',
+  XML_VALUE = 'XML_VALUE',
+  DWR_VALUE = 'DWR_VALUE',
+  METHOD = 'METHOD',
+  REQUEST = 'REQUEST',
+  URL_PARAMETER = 'URL_PARAMETER',
+  UNKNOWN = 'UNKNOWN',
+}
+
+export const BLOCKING_MODES = ['block', 'block_at_perimeter'];
+

package/src/index.ts

@@ -25,6 +25,61 @@ export function isString(value: unknown): value is string | String {
   return typeof value === 'string' || value instanceof String;
 }
 
+export function isNonEmptyObject(value: unknown): value is object {
+  return !!value && typeof value === 'object' && Object.keys(value).length > 0;
+}
+
+/* c8 ignore next 3 */
 export function encodeString(str: string): string {
   return Buffer.from(str).toString('base64');
 }
+
+export function simpleTraverse(obj: any, cb: Function) {
+  if (typeof obj !== 'object' || obj === null) {
+    return;
+  }
+  const path: any[] = [];
+  /* eslint-disable complexity */
+  function traverse(obj: any) {
+    const isArray = Array.isArray(obj);
+    for (const k in obj) {
+      if (isArray) {
+        const _k = Number(k);
+        // if it is an array, store each index in path but don't call the
+        // callback on the index itself as they are just numeric strings.
+        path.push(_k);
+        if (typeof obj[_k] === 'object' && obj[_k] !== null) {
+          traverse(obj[_k]);
+        } else if (typeof obj[_k] === 'string' && obj[_k]) {
+          cb(path, 'Value', obj[_k], obj);
+        }
+        path.pop();
+      } else if (typeof obj[k] === 'object' && obj[k] !== null) {
+        cb(path, 'Key', k, obj);
+        path.push(k);
+        traverse(obj[k]);
+        path.pop();
+      } else {
+        cb(path, 'Key', k, obj);
+        // only callback if the value is a non-empty string
+        if (typeof obj[k] === 'string' && obj[k]) {
+          path.push(k);
+          cb(path, 'Value', obj[k], obj);
+          path.pop();
+        }
+      }
+    }
+  }
+
+  traverse(obj);
+}
+
+export function installChildComponentsSync(parent: any, order: string[]) {
+  const keys = order || Object.keys(parent);
+  for (const key of keys) {
+    const component: any = parent[key];
+    if (typeof component.install === 'function') {
+      component.install();
+    }
+  }
+}

package/src/{types/index.ts → types.ts}

@@ -13,23 +13,46 @@
  * way not consistent with the End User License Agreement.
  */
 
-import { Event, Rule } from '../constants';
+import { Event, Rule, ProtectRuleMode } from './constants';
 import { EventEmitter } from 'events';
 
-export interface RuleConfig {
-  mode: 'monitor' | 'block' | 'block_at_perimeter' | 'off';
-}
-
-export interface RulesConfig extends Record<Rule, RuleConfig> {}
+export type SemanticAnalysisRules = Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS | Rule.CMD_INJECTION_COMMAND_BACKDOORS | Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS;
 
 export interface Result {
   blocked: boolean;
   ruleId: Rule,
   inputType: string, // TODO
-  path: string[],
-  key: string,
+  path?: string[],
+  key?: string,
   value: string,
   details?: any[], // TODO
+  mongoExpansionResult?: boolean,
+  idsList?: string[],
+}
+
+export interface SemanticAnalysisResult extends Result {
+  findings?: {
+    command?: string
+  }
+  sinkContext?: any
+}
+
+export interface HardeningResult extends Result {
+  findings?: {
+    command?: boolean,
+    deserializer?: string
+  }
+  sinkContext?: any
+}
+
+export interface ServerFeaturePreliminaryResult {
+  name?: string,
+  uuid: string,
+  ip?: string
+}
+
+export interface ServerFeatureResult extends Result {
+  details?: ServerFeaturePreliminaryResult[]
 }
 
 export interface ReqData {
@@ -41,14 +64,16 @@ export interface ReqData {
   standardUrlParsing: boolean;
   ip: string;
   httpVersion: string,
-  headers2: { [key: string]: Array<string> };
 }
 
 export interface Findings {
   trackRequest: boolean;
-  securityException?: [mode: string, ruleId: string];
+  securityException?: [mode: ProtectRuleMode, ruleId: string];
   bodyType?: 'json' | 'urlencoded';
-  resultsMap: Record<Rule, Result[]>
+  resultsMap: Record<Rule, Result[]>;
+  semanticResultsMap: Record<Rule, SemanticAnalysisResult[]>;
+  serverFeaturesResultsMap: Record<Rule, ServerFeaturePreliminaryResult[]>;
+  hardeningResultsMap: Record<Rule, HardeningResult[]>;
 }
 
 //
@@ -69,21 +94,22 @@ export interface RequestStore {
 export interface ProtectMessage {
   reqData: ReqData;
   block: (mode: string, ruleId: string) => void;
-  rules: {
-    agentLibRules: RulesConfig;
-    agentLibRulesMask: number;
-    agentRules: RulesConfig;
-  };
+  policy: any;
   exclusions: any[]; // TODO
   virtualPatches: any[]; // TODO
   findings: Findings;
+  parsedBody: any;
+  parsedCookies: any;
+  parsedParams: any;
+  parsedQuery: any;
 }
 
 export interface Messages extends EventEmitter {
   addListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
   emit(event: Event.PROTECT, msg: RequestStore): boolean;
+  emit(event: Event.SERVER_SETTINGS_UPDATE, msg: { [key: string]: any }): boolean;
   on(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-  once(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
+  on(event: Event.SERVER_SETTINGS_UPDATE, listener: (msg: { [key: string]: any }) => void): this;
   prependListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
   prependOnceListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
 }

package/lib/types/index.d.ts

@@ -1,59 +0,0 @@
-/// <reference types="node" />
-import { Event, Rule } from '../constants';
-import { EventEmitter } from 'events';
-export interface RuleConfig {
-    mode: 'monitor' | 'block' | 'block_at_perimeter' | 'off';
-}
-export interface RulesConfig extends Record<Rule, RuleConfig> {
-}
-export interface Result {
-    blocked: boolean;
-    ruleId: Rule;
-    inputType: string;
-    path: string[];
-    key: string;
-    value: string;
-    details?: any[];
-}
-export interface ReqData {
-    method: string;
-    headers: string[];
-    uriPath: string;
-    queries: string;
-    contentType?: string;
-    standardUrlParsing: boolean;
-    ip: string;
-    httpVersion: string;
-    headers2: {
-        [key: string]: Array<string>;
-    };
-}
-export interface Findings {
-    trackRequest: boolean;
-    securityException?: [mode: string, ruleId: string];
-    bodyType?: 'json' | 'urlencoded';
-    resultsMap: Record<Rule, Result[]>;
-}
-export interface RequestStore {
-    protect?: ProtectMessage;
-}
-export interface ProtectMessage {
-    reqData: ReqData;
-    block: (mode: string, ruleId: string) => void;
-    rules: {
-        agentLibRules: RulesConfig;
-        agentLibRulesMask: number;
-        agentRules: RulesConfig;
-    };
-    exclusions: any[];
-    virtualPatches: any[];
-    findings: Findings;
-}
-export interface Messages extends EventEmitter {
-    addListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-    emit(event: Event.PROTECT, msg: RequestStore): boolean;
-    on(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-    once(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-    prependListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-    prependOnceListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
-}

package/lib/types/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG"}