@contrast/common 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/constants.d.ts +4 -1
- package/lib/constants.js +3 -0
- package/lib/constants.js.map +1 -1
- package/lib/index.d.ts +15 -0
- package/lib/index.js +65 -4
- package/lib/index.js.map +1 -1
- package/lib/types.d.ts +1 -0
- package/package.json +1 -1
- package/src/constants.ts +5 -0
- package/src/index.ts +74 -5
- package/src/types.ts +1 -0
package/lib/constants.d.ts
CHANGED
|
@@ -2,9 +2,12 @@ export declare enum Event {
|
|
|
2
2
|
ASSESS = "assess",
|
|
3
3
|
PROTECT = "protect",
|
|
4
4
|
LIBRARY_USAGE = "library-usage",
|
|
5
|
+
LIBRARY = "library",
|
|
5
6
|
ARCHITECTURE_COMPONENT = "architecture-component",
|
|
6
7
|
SERVER_SETTINGS_UPDATE = "server-settings-update",
|
|
7
|
-
ASSESS_DATAFLOW_FINDING = "assess-dataflow-findings"
|
|
8
|
+
ASSESS_DATAFLOW_FINDING = "assess-dataflow-findings",
|
|
9
|
+
ROUTE_COVERAGE_DISCOVERY = "router-coverage-discovery",
|
|
10
|
+
ROUTE_COVERAGE_OBSERVATION = "router-coverage-observation"
|
|
8
11
|
}
|
|
9
12
|
export declare enum ProtectRuleMode {
|
|
10
13
|
OFF = "off",
|
package/lib/constants.js
CHANGED
|
@@ -20,9 +20,12 @@ var Event;
|
|
|
20
20
|
Event["ASSESS"] = "assess";
|
|
21
21
|
Event["PROTECT"] = "protect";
|
|
22
22
|
Event["LIBRARY_USAGE"] = "library-usage";
|
|
23
|
+
Event["LIBRARY"] = "library";
|
|
23
24
|
Event["ARCHITECTURE_COMPONENT"] = "architecture-component";
|
|
24
25
|
Event["SERVER_SETTINGS_UPDATE"] = "server-settings-update";
|
|
25
26
|
Event["ASSESS_DATAFLOW_FINDING"] = "assess-dataflow-findings";
|
|
27
|
+
Event["ROUTE_COVERAGE_DISCOVERY"] = "router-coverage-discovery";
|
|
28
|
+
Event["ROUTE_COVERAGE_OBSERVATION"] = "router-coverage-observation";
|
|
26
29
|
})(Event = exports.Event || (exports.Event = {}));
|
|
27
30
|
var ProtectRuleMode;
|
|
28
31
|
(function (ProtectRuleMode) {
|
package/lib/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,IAAY,
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAEH,IAAY,KAUX;AAVD,WAAY,KAAK;IACf,0BAAiB,CAAA;IACjB,4BAAmB,CAAA;IACnB,wCAA+B,CAAA;IAC/B,4BAAmB,CAAA;IACnB,0DAAiD,CAAA;IACjD,0DAAiD,CAAA;IACjD,6DAAoD,CAAA;IACpD,+DAAsD,CAAA;IACtD,mEAA0D,CAAA;AAC5D,CAAC,EAVW,KAAK,GAAL,aAAK,KAAL,aAAK,QAUhB;AAED,IAAY,eAKX;AALD,WAAY,eAAe;IACzB,8BAAW,CAAA;IACX,sCAAmB,CAAA;IACnB,kCAAe,CAAA;IACf,4DAAyC,CAAA;AAC3C,CAAC,EALW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAK1B;AAED,IAAY,IAmBX;AAnBD,WAAY,IAAI;IACd,mCAA2B,CAAA;IAC3B,uCAA+B,CAAA;IAC/B,2EAAmE,CAAA;IACnE,2FAAmF,CAAA;IACnF,yFAAiF,CAAA;IACjF,mCAA2B,CAAA;IAC3B,6CAAqC,CAAA;IACrC,2CAAmC,CAAA;IACnC,uDAA+C,CAAA;IAC/C,yCAAiC,CAAA;IACjC,qGAA6F,CAAA;IAC7F,uCAA+B,CAAA;IAC/B,uCAA+B,CAAA;IAC/B,yCAAiC,CAAA;IACjC,iDAAyC,CAAA;IACzC,+DAAuD,CAAA;IACvD,uCAA+B,CAAA;IAC/B,mBAAW,CAAA;AACb,CAAC,EAnBW,IAAI,GAAJ,YAAI,KAAJ,YAAI,QAmBf;AAED,IAAY,SAuBX;AAvBD,WAAY,SAAS;IACnB,8CAAiC,CAAA;IACjC,0BAAa,CAAA;IACb,wCAA2B,CAAA;IAC3B,0CAA6B,CAAA;IAC7B,8BAAiB,CAAA;IACjB,8CAAiC,CAAA;IACjC,gDAAmC,CAAA;IACnC,wCAA2B,CAAA;IAC3B,wBAAW,CAAA;IACX,8BAAiB,CAAA;IACjB,sCAAyB,CAAA;IACzB,sDAAyC,CAAA;IACzC,8DAAiD,CAAA;IACjD,gDAAmC,CAAA;IACnC,0DAA6C,CAAA;IAC7C,8CAAiC,CAAA;IACjC,oCAAuB,CAAA;IACvB,oCAAuB,CAAA;IACvB,8BAAiB,CAAA;IACjB,gCAAmB,CAAA;IACnB,4CAA+B,CAAA;IAC/B,gCAAmB,CAAA;AACrB,CAAC,EAvBW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAuBpB;AAEY,QAAA,cAAc,GAAG,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC"}
|
package/lib/index.d.ts
CHANGED
|
@@ -21,3 +21,18 @@ export declare function groupResultsMap(resultsMap: Partial<ResultMap>): {
|
|
|
21
21
|
semanticResultsMap: Partial<SemanticAnalysisResultsMap>;
|
|
22
22
|
serverFeaturesResultsMap: Partial<ServerFeaturePreliminaryResultsMap>;
|
|
23
23
|
};
|
|
24
|
+
export declare function set(obj: Record<string, any>, name: string, value: any): void;
|
|
25
|
+
export declare function mergeRemoteData(config: Record<string, any>, remoteData: Record<string, any>, readers: Record<string, any>, setterFn: (target: Record<string, any>, name: string, value: any) => any, target?: Record<string, any>): Record<string, any>;
|
|
26
|
+
export declare const featureReaders: {
|
|
27
|
+
'agent.logger.level': (remoteData: any) => any;
|
|
28
|
+
'agent.logger.path': (remoteData: any) => any;
|
|
29
|
+
'agent.security_logger.syslog.enable': (remoteData: any) => any;
|
|
30
|
+
'agent.security_logger.syslog.ip': (remoteData: any) => any;
|
|
31
|
+
'agent.security_logger.syslog.port': (remoteData: any) => any;
|
|
32
|
+
'agent.security_logger.syslog.facility': (remoteData: any) => any;
|
|
33
|
+
'agent.security_logger.syslog.severity_exploited': (remoteData: any) => any;
|
|
34
|
+
'agent.security_logger.syslog.severity_blocked': (remoteData: any) => any;
|
|
35
|
+
'agent.security_logger.syslog.severity_probed': (remoteData: any) => any;
|
|
36
|
+
'agent.security_logger.syslog.severity_suspicious': (remoteData: any) => any;
|
|
37
|
+
};
|
|
38
|
+
export declare const settingsReaders: {};
|
package/lib/index.js
CHANGED
|
@@ -28,7 +28,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
28
28
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
29
29
|
};
|
|
30
30
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
31
|
-
exports.groupResultsMap = exports.callChildComponentMethodsSync = exports.traverseKeys = exports.traverseValues = exports.traverseKeysAndValues = exports.encodeString = exports.isNonEmptyObject = exports.isString = void 0;
|
|
31
|
+
exports.settingsReaders = exports.featureReaders = exports.mergeRemoteData = exports.set = exports.groupResultsMap = exports.callChildComponentMethodsSync = exports.traverseKeys = exports.traverseValues = exports.traverseKeysAndValues = exports.encodeString = exports.isNonEmptyObject = exports.isString = void 0;
|
|
32
32
|
const constants_1 = require("./constants");
|
|
33
33
|
__exportStar(require("./constants"), exports);
|
|
34
34
|
__exportStar(require("./types"), exports);
|
|
@@ -122,9 +122,7 @@ function callChildComponentMethodsSync(parent, method, order) {
|
|
|
122
122
|
const keys = order || Object.keys(parent);
|
|
123
123
|
for (const key of keys) {
|
|
124
124
|
const component = parent[key];
|
|
125
|
-
|
|
126
|
-
component[method]();
|
|
127
|
-
}
|
|
125
|
+
component?.[method]?.();
|
|
128
126
|
}
|
|
129
127
|
}
|
|
130
128
|
exports.callChildComponentMethodsSync = callChildComponentMethodsSync;
|
|
@@ -167,4 +165,67 @@ function groupResultsMap(resultsMap) {
|
|
|
167
165
|
return result;
|
|
168
166
|
}
|
|
169
167
|
exports.groupResultsMap = groupResultsMap;
|
|
168
|
+
function set(obj, name, value) {
|
|
169
|
+
const props = name.split('.');
|
|
170
|
+
const lastProp = props.pop();
|
|
171
|
+
for (const p of props) {
|
|
172
|
+
if (!obj[p])
|
|
173
|
+
obj[p] = {};
|
|
174
|
+
obj = obj[p];
|
|
175
|
+
}
|
|
176
|
+
obj[lastProp] = value;
|
|
177
|
+
}
|
|
178
|
+
exports.set = set;
|
|
179
|
+
function mergeRemoteData(config, remoteData, readers, setterFn, target) {
|
|
180
|
+
const targetConfig = target || config;
|
|
181
|
+
for (const [name, readerFn] of Object.entries(readers)) {
|
|
182
|
+
const remoteValue = readerFn(remoteData);
|
|
183
|
+
if (['DEFAULT', 'ContrastUI'].includes(config._sources[name]) && remoteValue != null) {
|
|
184
|
+
setterFn(targetConfig, name, remoteValue);
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
return targetConfig;
|
|
188
|
+
}
|
|
189
|
+
exports.mergeRemoteData = mergeRemoteData;
|
|
190
|
+
exports.featureReaders = {
|
|
191
|
+
'agent.logger.level': (remoteData) => remoteData.features?.logLevel,
|
|
192
|
+
'agent.logger.path': (remoteData) => remoteData.features?.logFile,
|
|
193
|
+
'agent.security_logger.syslog.enable': (remoteData) => remoteData.features?.defend?.syslog?.syslogEnabled,
|
|
194
|
+
'agent.security_logger.syslog.ip': (remoteData) => remoteData.features?.defend?.syslog?.syslogIpAddress,
|
|
195
|
+
'agent.security_logger.syslog.port': (remoteData) => remoteData.features?.defend?.syslog?.syslogPortNumber,
|
|
196
|
+
'agent.security_logger.syslog.facility': (remoteData) => remoteData.features?.defend?.syslog?.syslogFacilityCode,
|
|
197
|
+
'agent.security_logger.syslog.severity_exploited': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityExploited,
|
|
198
|
+
'agent.security_logger.syslog.severity_blocked': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityBlocked,
|
|
199
|
+
'agent.security_logger.syslog.severity_probed': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityProbed,
|
|
200
|
+
'agent.security_logger.syslog.severity_suspicious': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeveritySuspicious,
|
|
201
|
+
};
|
|
202
|
+
exports.settingsReaders = [
|
|
203
|
+
'protect.rules.cmd-injection.mode',
|
|
204
|
+
'protect.rules.cmd-injection-command-backdoors.mode',
|
|
205
|
+
'protect.rules.cmd-injection-semantic-chained-commands.mode',
|
|
206
|
+
'protect.rules.cmd-injection-semantic-dangerous-paths.mode',
|
|
207
|
+
'protect.rules.method-tampering.mode',
|
|
208
|
+
'protect.rules.nosql-injection.mode',
|
|
209
|
+
'protect.rules.nosql-injection-mongo.mode',
|
|
210
|
+
'protect.rules.path-traversal.mode',
|
|
211
|
+
'protect.rules.path-traversal-semantic-file-security-bypass.mode',
|
|
212
|
+
'protect.rules.reflected-xss.mode',
|
|
213
|
+
'protect.rules.sql-injection.mode',
|
|
214
|
+
'protect.rules.ssjs-injection.mode',
|
|
215
|
+
'protect.rules.unsafe-file-upload.mode',
|
|
216
|
+
'protect.rules.untrusted-deserialization.mode',
|
|
217
|
+
'protect.rules.xxe.mode',
|
|
218
|
+
].reduce((acc, name) => {
|
|
219
|
+
const ruleId = name.split('.')[2];
|
|
220
|
+
return Object.assign(acc, {
|
|
221
|
+
[name]: (remoteData) => {
|
|
222
|
+
const remoteSetting = remoteData.settings?.defend?.protectionRules?.find((r) => r.id == ruleId);
|
|
223
|
+
switch (remoteSetting?.mode) {
|
|
224
|
+
case 'OFF': return constants_1.ProtectRuleMode.OFF;
|
|
225
|
+
case 'MONITORING': return constants_1.ProtectRuleMode.MONITOR;
|
|
226
|
+
case 'BLOCKING': return remoteSetting.blockAtEntry ? constants_1.ProtectRuleMode.BLOCK_AT_PERIMETER : constants_1.ProtectRuleMode.BLOCK;
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
});
|
|
230
|
+
}, {});
|
|
170
231
|
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;AAEH,2CAAoD;AAGpD,8CAA4B;AAC5B,0CAAwB;AAMxB;;;GAGG;AACH,wDAAwD;AACxD,SAAgB,QAAQ,CAAC,KAAc;IACrC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,YAAY,MAAM,CAAC;AAC9D,CAAC;AAFD,4BAEC;AAED,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,OAAO,CAAC,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC/E,CAAC;AAFD,4CAEC;AAED,sBAAsB;AACtB,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAFD,oCAEC;AAED,SAAS,QAAQ,CACf,GAAQ,EACR,EAAoB,EACpB,IAAW,EACX,cAAuB,EACvB,YAAqB;IAErB,IAAI,oBAAoB,GAAG,IAAI,CAAC;IAEhC,SAAS,SAAS,CAChB,GAAQ,EACR,EAAoB,EACpB,IAAW,EACX,cAAuB,EACvB,YAAqB;QAErB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEnC,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE;YACnB,IAAI,CAAC,oBAAoB;gBAAE,OAAO;YAElC,IAAI,OAAO,EAAE;gBACX,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;gBACrB,iEAAiE;gBACjE,iEAAiE;gBACjE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACd,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;oBACnD,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;iBAC5D;qBAAM,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,EAAE;oBACjD,IAAI,cAAc,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;wBACrD,OAAO,oBAAoB,GAAG,KAAK,CAAC;qBACrC;iBACF;gBACD,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;iBAAM,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE;gBACxD,IAAI,YAAY,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;oBAC3C,OAAO,oBAAoB,GAAG,KAAK,CAAC;iBACrC;gBACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACb,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;gBAC1D,IAAI,CAAC,GAAG,EAAE,CAAC;aACZ;iBAAM;gBACL,IAAI,YAAY,IAAI,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE;oBAC3C,OAAO,oBAAoB,GAAG,KAAK,CAAC;iBACrC;gBACD,mDAAmD;gBACnD,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE;oBACxC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACb,IAAI,cAAc,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;wBACpD,OAAO,oBAAoB,GAAG,KAAK,CAAC;qBACrC;oBACD,IAAI,CAAC,GAAG,EAAE,CAAC;iBACZ;aACF;SACF;IACH,CAAC;IAED,SAAS,CAAC,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,qBAAqB,CAAC,GAAQ,EAAE,EAAoB;IAClE,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE;QAC3C,OAAO;KACR;IACD,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACpC,CAAC;AALD,sDAKC;AAED,SAAgB,cAAc,CAAC,GAAQ,EAAE,EAAoB;IAC3D,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE;QAC3C,OAAO;KACR;IACD,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;AACrC,CAAC;AALD,wCAKC;AAED,SAAgB,YAAY,CAAC,GAAQ,EAAE,EAAoB;IACzD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE;QAC3C,OAAO;KACR;IACD,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AALD,oCAKC;AAED,SAAgB,6BAA6B,CAAC,MAAW,EAAE,MAA+B,EAAE,KAAgB;IAC1G,MAAM,IAAI,GAAG,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE;QACtB,MAAM,SAAS,GAAQ,MAAM,CAAC,GAAG,CAAC,CAAC;QACnC,SAAS,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;KACzB;AACH,CAAC;AAND,sEAMC;AAED,SAAgB,eAAe,CAAC,UAA8B;IAC5D,MAAM,MAAM,GAKR;QACF,gBAAgB,EAAE,EAAE;QACpB,mBAAmB,EAAE,EAAE;QACvB,kBAAkB,EAAE,EAAE;QACtB,wBAAwB,EAAE,EAAE;KAC7B,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;QAC3C,QAAQ,IAAI,EAAE;YACZ,KAAK,gBAAI,CAAC,aAAa,CAAC;YACxB,KAAK,gBAAI,CAAC,aAAa,CAAC;YACxB,KAAK,gBAAI,CAAC,cAAc,CAAC;YACzB,KAAK,gBAAI,CAAC,aAAa,CAAC;YACxB,KAAK,gBAAI,CAAC,cAAc,CAAC;YACzB,KAAK,gBAAI,CAAC,qBAAqB,CAAC;YAChC,KAAK,gBAAI,CAAC,kBAAkB,CAAC;YAC7B,KAAK,gBAAI,CAAC,WAAW,CAAC;YACtB,KAAK,gBAAI,CAAC,eAAe;gBACvB,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;gBAC9C,MAAM;YACR,KAAK,gBAAI,CAAC,sCAAsC,CAAC;YACjD,KAAK,gBAAI,CAAC,uCAAuC,CAAC;YAClD,KAAK,gBAAI,CAAC,GAAG,CAAC;YACd,KAAK,gBAAI,CAAC,+BAA+B,CAAC;YAC1C,KAAK,gBAAI,CAAC,4CAA4C;gBACpD,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;gBAChD,MAAM;YACR,KAAK,gBAAI,CAAC,aAAa,CAAC;YACxB,KAAK,gBAAI,CAAC,WAAW;gBACnB,GAAG,CAAC,wBAAwB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;gBACtD,MAAM;YACR,KAAK,gBAAI,CAAC,yBAAyB;gBACjC,GAAG,CAAC,mBAAmB,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;SACpD;QAED,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC;IAEX,OAAO,MAAM,CAAC;AAChB,CAAC;AA7CD,0CA6CC;AAED,SAAgB,GAAG,CAAC,GAAwB,EAAE,IAAY,EAAE,KAAU;IACpE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAY,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE;QACrB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACzB,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;KACd;IACD,GAAG,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;AACxB,CAAC;AARD,kBAQC;AAED,SAAgB,eAAe,CAC7B,MAA2B,EAC3B,UAA+B,EAC/B,OAA4B,EAC5B,QAAwE,EACxE,MAA4B;IAE5B,MAAM,YAAY,GAAG,MAAM,IAAI,MAAM,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACtD,MAAM,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,WAAW,IAAI,IAAI,EAAE;YACpF,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;SAC3C;KACF;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAhBD,0CAgBC;AAEY,QAAA,cAAc,GAAG;IAC5B,oBAAoB,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ;IACxE,mBAAmB,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO;IACtE,qCAAqC,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa;IAC9G,iCAAiC,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe;IAC5G,mCAAmC,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB;IAC/G,uCAAuC,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB;IACrH,iDAAiD,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB;IACpI,+CAA+C,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB;IAChI,8CAA8C,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;IAC9H,kDAAkD,EAAE,CAAC,UAAe,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,wBAAwB;CACvI,CAAC;AAEW,QAAA,eAAe,GAAG;IAC7B,kCAAkC;IAClC,oDAAoD;IACpD,4DAA4D;IAC5D,2DAA2D;IAC3D,qCAAqC;IACrC,oCAAoC;IACpC,0CAA0C;IAC1C,mCAAmC;IACnC,iEAAiE;IACjE,kCAAkC;IAClC,kCAAkC;IAClC,mCAAmC;IACnC,uCAAuC;IACvC,8CAA8C;IAC9C,wBAAwB;CACzB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;QACxB,CAAC,IAAI,CAAC,EAAE,CAAC,UAAe,EAAE,EAAE;YAC1B,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,MAAM,CAAC,CAAC;YACrG,QAAQ,aAAa,EAAE,IAAI,EAAE;gBAC3B,KAAK,KAAK,CAAC,CAAC,OAAO,2BAAe,CAAC,GAAG,CAAC;gBACvC,KAAK,YAAY,CAAC,CAAC,OAAO,2BAAe,CAAC,OAAO,CAAC;gBAClD,KAAK,UAAU,CAAC,CAAC,OAAO,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,2BAAe,CAAC,kBAAkB,CAAC,CAAC,CAAC,2BAAe,CAAC,KAAK,CAAC;aACjH;QACH,CAAC;KACF,CAAC,CAAC;AACL,CAAC,EAAE,EAAE,CAAC,CAAC"}
|
package/lib/types.d.ts
CHANGED
|
@@ -112,6 +112,7 @@ export interface ProtectMessage {
|
|
|
112
112
|
*/
|
|
113
113
|
export interface RequestStore {
|
|
114
114
|
protect?: ProtectMessage;
|
|
115
|
+
assess?: any;
|
|
115
116
|
}
|
|
116
117
|
export interface Messages extends EventEmitter {
|
|
117
118
|
addListener(event: Event.PROTECT, listener: (msg: RequestStore) => void): this;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contrast/common",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0",
|
|
4
4
|
"description": "Shared constants and utilities for all Contrast Agent modules",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
|
package/src/constants.ts
CHANGED
|
@@ -17,10 +17,14 @@ export enum Event {
|
|
|
17
17
|
ASSESS = 'assess',
|
|
18
18
|
PROTECT = 'protect',
|
|
19
19
|
LIBRARY_USAGE = 'library-usage',
|
|
20
|
+
LIBRARY = 'library',
|
|
20
21
|
ARCHITECTURE_COMPONENT = 'architecture-component',
|
|
21
22
|
SERVER_SETTINGS_UPDATE = 'server-settings-update',
|
|
22
23
|
ASSESS_DATAFLOW_FINDING = 'assess-dataflow-findings',
|
|
24
|
+
ROUTE_COVERAGE_DISCOVERY = 'router-coverage-discovery',
|
|
25
|
+
ROUTE_COVERAGE_OBSERVATION = 'router-coverage-observation'
|
|
23
26
|
}
|
|
27
|
+
|
|
24
28
|
export enum ProtectRuleMode {
|
|
25
29
|
OFF = 'off',
|
|
26
30
|
MONITOR = 'monitor',
|
|
@@ -75,3 +79,4 @@ export enum InputType {
|
|
|
75
79
|
}
|
|
76
80
|
|
|
77
81
|
export const BLOCKING_MODES = ['block', 'block_at_perimeter'];
|
|
82
|
+
|
package/src/index.ts
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
* way not consistent with the End User License Agreement.
|
|
14
14
|
*/
|
|
15
15
|
|
|
16
|
-
import { Rule } from './constants';
|
|
16
|
+
import { Rule, ProtectRuleMode } from './constants';
|
|
17
17
|
import { CommonRulesResultsMap, HardeningResultsMap, ResultMap, SemanticAnalysisResultsMap, ServerFeaturePreliminaryResultsMap } from './types';
|
|
18
18
|
|
|
19
19
|
export * from './constants';
|
|
@@ -126,13 +126,11 @@ export function callChildComponentMethodsSync(parent: any, method: 'install' | '
|
|
|
126
126
|
const keys = order || Object.keys(parent);
|
|
127
127
|
for (const key of keys) {
|
|
128
128
|
const component: any = parent[key];
|
|
129
|
-
|
|
130
|
-
component[method]();
|
|
131
|
-
}
|
|
129
|
+
component?.[method]?.();
|
|
132
130
|
}
|
|
133
131
|
}
|
|
134
132
|
|
|
135
|
-
export function groupResultsMap
|
|
133
|
+
export function groupResultsMap(resultsMap: Partial<ResultMap>) {
|
|
136
134
|
const result: {
|
|
137
135
|
commonResultsMap: Partial<CommonRulesResultsMap>;
|
|
138
136
|
hardeningResultsMap: Partial<HardeningResultsMap>;
|
|
@@ -178,3 +176,74 @@ export function groupResultsMap (resultsMap: Partial<ResultMap>) {
|
|
|
178
176
|
|
|
179
177
|
return result;
|
|
180
178
|
}
|
|
179
|
+
|
|
180
|
+
export function set(obj: Record<string, any>, name: string, value: any) {
|
|
181
|
+
const props = name.split('.');
|
|
182
|
+
const lastProp = props.pop() as string;
|
|
183
|
+
for (const p of props) {
|
|
184
|
+
if (!obj[p]) obj[p] = {};
|
|
185
|
+
obj = obj[p];
|
|
186
|
+
}
|
|
187
|
+
obj[lastProp] = value;
|
|
188
|
+
}
|
|
189
|
+
|
|
190
|
+
export function mergeRemoteData(
|
|
191
|
+
config: Record<string, any>,
|
|
192
|
+
remoteData: Record<string, any>,
|
|
193
|
+
readers: Record<string, any>,
|
|
194
|
+
setterFn: (target: Record<string, any>, name: string, value: any) => any,
|
|
195
|
+
target?: Record<string, any>
|
|
196
|
+
) {
|
|
197
|
+
const targetConfig = target || config;
|
|
198
|
+
for (const [name, readerFn] of Object.entries(readers)) {
|
|
199
|
+
const remoteValue = readerFn(remoteData);
|
|
200
|
+
if (['DEFAULT', 'ContrastUI'].includes(config._sources[name]) && remoteValue != null) {
|
|
201
|
+
setterFn(targetConfig, name, remoteValue);
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
|
|
205
|
+
return targetConfig;
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
export const featureReaders = {
|
|
209
|
+
'agent.logger.level': (remoteData: any) => remoteData.features?.logLevel,
|
|
210
|
+
'agent.logger.path': (remoteData: any) => remoteData.features?.logFile,
|
|
211
|
+
'agent.security_logger.syslog.enable': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogEnabled,
|
|
212
|
+
'agent.security_logger.syslog.ip': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogIpAddress,
|
|
213
|
+
'agent.security_logger.syslog.port': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogPortNumber,
|
|
214
|
+
'agent.security_logger.syslog.facility': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogFacilityCode,
|
|
215
|
+
'agent.security_logger.syslog.severity_exploited': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogSeverityExploited,
|
|
216
|
+
'agent.security_logger.syslog.severity_blocked': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogSeverityBlocked,
|
|
217
|
+
'agent.security_logger.syslog.severity_probed': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogSeverityProbed,
|
|
218
|
+
'agent.security_logger.syslog.severity_suspicious': (remoteData: any) => remoteData.features?.defend?.syslog?.syslogSeveritySuspicious,
|
|
219
|
+
};
|
|
220
|
+
|
|
221
|
+
export const settingsReaders = [
|
|
222
|
+
'protect.rules.cmd-injection.mode',
|
|
223
|
+
'protect.rules.cmd-injection-command-backdoors.mode',
|
|
224
|
+
'protect.rules.cmd-injection-semantic-chained-commands.mode',
|
|
225
|
+
'protect.rules.cmd-injection-semantic-dangerous-paths.mode',
|
|
226
|
+
'protect.rules.method-tampering.mode',
|
|
227
|
+
'protect.rules.nosql-injection.mode',
|
|
228
|
+
'protect.rules.nosql-injection-mongo.mode',
|
|
229
|
+
'protect.rules.path-traversal.mode',
|
|
230
|
+
'protect.rules.path-traversal-semantic-file-security-bypass.mode',
|
|
231
|
+
'protect.rules.reflected-xss.mode',
|
|
232
|
+
'protect.rules.sql-injection.mode',
|
|
233
|
+
'protect.rules.ssjs-injection.mode',
|
|
234
|
+
'protect.rules.unsafe-file-upload.mode',
|
|
235
|
+
'protect.rules.untrusted-deserialization.mode',
|
|
236
|
+
'protect.rules.xxe.mode',
|
|
237
|
+
].reduce((acc, name) => {
|
|
238
|
+
const ruleId = name.split('.')[2];
|
|
239
|
+
return Object.assign(acc, {
|
|
240
|
+
[name]: (remoteData: any) => {
|
|
241
|
+
const remoteSetting = remoteData.settings?.defend?.protectionRules?.find((r: any) => r.id == ruleId);
|
|
242
|
+
switch (remoteSetting?.mode) {
|
|
243
|
+
case 'OFF': return ProtectRuleMode.OFF;
|
|
244
|
+
case 'MONITORING': return ProtectRuleMode.MONITOR;
|
|
245
|
+
case 'BLOCKING': return remoteSetting.blockAtEntry ? ProtectRuleMode.BLOCK_AT_PERIMETER : ProtectRuleMode.BLOCK;
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
});
|
|
249
|
+
}, {});
|
package/src/types.ts
CHANGED