npm - @contrast/common - Versions diffs - 1.8.0 → 1.10.0 - Mend

@contrast/common 1.8.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/lib/constants.d.ts +279 -0
package/lib/constants.d.ts.map +1 -1
package/lib/constants.js +141 -1
package/lib/constants.js.map +1 -1
package/lib/index.d.ts +3 -0
package/lib/index.d.ts.map +1 -1
package/lib/index.js +17 -1
package/lib/index.js.map +1 -1
package/lib/signatures/fs.d.ts +4 -0
package/lib/signatures/fs.d.ts.map +1 -0
package/lib/signatures/fs.js +58 -0
package/lib/signatures/fs.js.map +1 -0
package/lib/signatures/index.d.ts +2 -1
package/lib/signatures/index.d.ts.map +1 -1
package/lib/signatures/index.js +29 -313
package/lib/signatures/index.js.map +1 -1
package/lib/signatures/mongodb.d.ts +3 -0
package/lib/signatures/mongodb.d.ts.map +1 -0
package/lib/signatures/mongodb.js +58 -0
package/lib/signatures/mongodb.js.map +1 -0
package/lib/signatures/mssql.d.ts +2 -1
package/lib/signatures/mssql.d.ts.map +1 -1
package/lib/signatures/mssql.js +3 -3
package/lib/signatures/mssql.js.map +1 -1
package/lib/types.d.ts +11 -0
package/lib/types.d.ts.map +1 -1
package/package.json +1 -1
package/src/constants.ts +140 -0
package/src/index.ts +16 -0
package/src/signatures/fs.ts +65 -0
package/src/signatures/index.ts +32 -315
package/src/signatures/mongodb.ts +59 -0
package/src/signatures/mssql.ts +7 -5
package/src/types.ts +12 -0

package/lib/signatures/mssql.js CHANGED Viewed

@@ -20,7 +20,7 @@ const mssql = new Map([
         {
             moduleName: 'mssql',
             version: '>=6.4.0',
-            filename: 'lib/base/prepared-statement.js',
+            fileName: 'lib/base/prepared-statement.js',
             methodName: 'PreparedStatement.prototype.prepare',
             isModule: true,
         },
@@ -30,7 +30,7 @@ const mssql = new Map([
         {
             moduleName: 'mssql',
             version: '>=6.4.0',
-            filename: 'lib/base/request.js',
+            fileName: 'lib/base/request.js',
             methodName: 'Request.prototype.batch',
             isModule: true,
         },
@@ -40,7 +40,7 @@ const mssql = new Map([
         {
             moduleName: 'mssql',
             version: '>=6.4.0',
-            filename: 'lib/base/request.js',
+            fileName: 'lib/base/request.js',
             methodName: 'Request.prototype.query',
             isModule: true,
         },

package/lib/signatures/mssql.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mssql.js","sourceRoot":"","sources":["../../src/signatures/mssql.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;~~AAGH~~,MAAM,KAAK,~~GAAqB~~,IAAI,GAAG,~~CAAC~~;~~IACtC~~;QACE,qDAAqD;QACrD;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,gCAAgC;YAC1C,UAAU,EAAE,qCAAqC;YACjD,QAAQ,EAAE,IAAI;SACf;KACF;IACD;QACE,wCAAwC;QACxC;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,qBAAqB;YAC/B,UAAU,EAAE,yBAAyB;YACrC,QAAQ,EAAE,IAAI;SACf;KACF;IACD;QACE,wCAAwC;QACxC;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,qBAAqB;YAC/B,UAAU,EAAE,yBAAyB;YACrC,QAAQ,EAAE,IAAI;SACf;KACF;~~CACF~~,CAAC,CAAC;~~AAEH~~,kBAAe,KAAK,CAAC"}
1	+ {"version":3,"file":"mssql.js","sourceRoot":"","sources":["../../src/signatures/mssql.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAKH,MAAM,KAAK,GAAG,IAAI,GAAG,CAAoB;IACvC;QACE,qDAAqD;QACrD;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,gCAAgC;YAC1C,UAAU,EAAE,qCAAqC;YACjD,QAAQ,EAAE,IAAI;SACf;KACF;IACD;QACE,wCAAwC;QACxC;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,qBAAqB;YAC/B,UAAU,EAAE,yBAAyB;YACrC,QAAQ,EAAE,IAAI;SACf;KACF;IACD;QACE,wCAAwC;QACxC;YACE,UAAU,EAAE,OAAO;YACnB,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,qBAAqB;YAC/B,UAAU,EAAE,yBAAyB;YACrC,QAAQ,EAAE,IAAI;SACf;KACF;CACuB,CAAC,CAAC;AAE5B,kBAAe,KAAK,CAAC"}

package/lib/types.d.ts CHANGED Viewed

@@ -5,6 +5,16 @@ export interface Installable {
     install(): void | Promise<void>;
     uninstall?(): void | Promise<void>;
 }
+export interface Signature {
+    moduleName: string;
+    methodName: string;
+    fileName?: string;
+    version?: string;
+    isModule: boolean;
+    isConstructor?: boolean;
+    source?: 'O' | 'P' | 'R';
+    target?: 'O' | 'P' | 'R';
+}
 export interface AppInfo {
     os: {
         type: string;
@@ -24,6 +34,7 @@ export interface AppInfo {
     serverName: string;
     serverEnvironment: string;
     version: string;
+    session_id: string | null;
 }
 export type CommonRules = Rule.SQL_INJECTION | Rule.CMD_INJECTION | Rule.PATH_TRAVERSAL | Rule.REFLECTED_XSS | Rule.SSJS_INJECTION | Rule.NOSQL_INJECTION_MONGO | Rule.UNSAFE_FILE_UPLOAD | Rule.NOSQL_INJECTION | Rule.METHOD_TAMPERING | Rule.BOT_BLOCKER;
 export type SemanticAnalysisRules = Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS | Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS | Rule.XXE | Rule.CMD_INJECTION_COMMAND_BACKDOORS | Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS;

package/lib/types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAeA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAE3D,MAAM,WAAW,WAAW;IAC1B,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,SAAS,CAAC,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE;QACF,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;~~CACjB~~;AAED,MAAM,MAAM,WAAW,GACrB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,cAAc,GACnB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,cAAc,GACnB,IAAI,CAAC,qBAAqB,GAC1B,IAAI,CAAC,kBAAkB,GACvB,IAAI,CAAC,eAAe,GACpB,IAAI,CAAC,gBAAgB,GACrB,IAAI,CAAC,WAAW,CAAC;AAEnB,MAAM,MAAM,qBAAqB,GAC/B,IAAI,CAAC,sCAAsC,GAC3C,IAAI,CAAC,uCAAuC,GAC5C,IAAI,CAAC,GAAG,GACR,IAAI,CAAC,+BAA+B,GACpC,IAAI,CAAC,4CAA4C,CAAC;AAEpD,MAAM,MAAM,6BAA6B,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC;AAElF,MAAM,MAAM,cAAc,GAAG,IAAI,CAAC,yBAAyB,CAAC;AAE5D,MAAM,WAAW,MAAM;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,sBAAuB,SAAQ,MAAM;IACpD,MAAM,EAAE,qBAAqB,CAAC;IAC9B,eAAe,EAAE;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,EAAE,CAAC;IACJ,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,eAAgB,SAAQ,MAAM;IAC7C,eAAe,EAAE;QACf,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,EAAE,CAAC;IACJ,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,8BAA8B;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,mBAAoB,SAAQ,MAAM;IACjD,eAAe,CAAC,EAAE,8BAA8B,EAAE,CAAC;CACpD;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,qBAAqB,GAAG;KACjC,IAAI,IAAI,WAAW,GAAG,MAAM,EAAE;CAChC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;KACtC,IAAI,IAAI,qBAAqB,GAAG,sBAAsB,EAAE;CAC1D,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;KAC9C,IAAI,IAAI,6BAA6B,GAAG,8BAA8B,EAAE;CAC1E,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;KAC/B,IAAI,IAAI,cAAc,GAAG,eAAe,EAAE;CAC5C,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,qBAAqB,GAAG,0BAA0B,GAAG,kCAAkC,GAAG,mBAAmB,CAAC;AAEtI,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAC9C,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;IAC/C,UAAU,EAAE,GAAG,EAAE,CAAC;IAClB,cAAc,EAAE,GAAG,EAAE,CAAC;IACtB,YAAY,EAAE,OAAO,CAAC;IACtB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;IACjC,UAAU,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;IAC9B,UAAU,EAAE,GAAG,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,YAAY,EAAE,GAAG,CAAC;IAClB,WAAW,EAAE,GAAG,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAY;IAE3B,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,KAAK,CAAC,EAAE,GAAG,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,4EAA4E;IAC5E,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,IAAI,CAAC;IAC3B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;GAMG;AACH,MAAM,WAAW,QAAS,SAAQ,YAAY;IAC5C,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC;IAC/E,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,uBAAuB,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;IAC9D,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC;IAC7D,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC;IACvD,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,wBAAwB,EAAE,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;IACvE,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,iCAAiC,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IACnF,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,0BAA0B,EAAE,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;IACzE,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC;IAC7E,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE5C,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,qBAAqB,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9F,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,uBAAuB,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9E,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,GAAG,IAAI,CAAC;IACjE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,aAAa,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IAC5E,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IACtE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,wBAAwB,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,IAAI,CAAC;IACtF,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,iCAAiC,EAAE,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;IAClG,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,0BAA0B,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,IAAI,CAAC;IACxF,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,IAAI,GAAG,IAAI,CAAC;IAC5F,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;CAC5D;AAED;;;;;GAKG;AACH,MAAM,WAAW,SAAU,SAAQ,YAAY;IAC7C,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE5C,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9E,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;CAC5D"}
1	+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";AAeA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAE3D,MAAM,WAAW,WAAW;IAC1B,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChC,SAAS,CAAC,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,MAAM,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACzB,MAAM,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;CAC1B;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE;QACF,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,MAAM,WAAW,GACrB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,cAAc,GACnB,IAAI,CAAC,aAAa,GAClB,IAAI,CAAC,cAAc,GACnB,IAAI,CAAC,qBAAqB,GAC1B,IAAI,CAAC,kBAAkB,GACvB,IAAI,CAAC,eAAe,GACpB,IAAI,CAAC,gBAAgB,GACrB,IAAI,CAAC,WAAW,CAAC;AAEnB,MAAM,MAAM,qBAAqB,GAC/B,IAAI,CAAC,sCAAsC,GAC3C,IAAI,CAAC,uCAAuC,GAC5C,IAAI,CAAC,GAAG,GACR,IAAI,CAAC,+BAA+B,GACpC,IAAI,CAAC,4CAA4C,CAAC;AAEpD,MAAM,MAAM,6BAA6B,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC;AAElF,MAAM,MAAM,cAAc,GAAG,IAAI,CAAC,yBAAyB,CAAC;AAE5D,MAAM,WAAW,MAAM;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,sBAAuB,SAAQ,MAAM;IACpD,MAAM,EAAE,qBAAqB,CAAC;IAC9B,eAAe,EAAE;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,EAAE,CAAC;IACJ,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,eAAgB,SAAQ,MAAM;IAC7C,eAAe,EAAE;QACf,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,EAAE,CAAC;IACJ,WAAW,CAAC,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,WAAW,8BAA8B;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,mBAAoB,SAAQ,MAAM;IACjD,eAAe,CAAC,EAAE,8BAA8B,EAAE,CAAC;CACpD;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,qBAAqB,GAAG;KACjC,IAAI,IAAI,WAAW,GAAG,MAAM,EAAE;CAChC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;KACtC,IAAI,IAAI,qBAAqB,GAAG,sBAAsB,EAAE;CAC1D,CAAC;AAEF,MAAM,MAAM,kCAAkC,GAAG;KAC9C,IAAI,IAAI,6BAA6B,GAAG,8BAA8B,EAAE;CAC1E,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;KAC/B,IAAI,IAAI,cAAc,GAAG,eAAe,EAAE;CAC5C,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,qBAAqB,GAAG,0BAA0B,GAAG,kCAAkC,GAAG,mBAAmB,CAAC;AAEtI,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAC9C,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;IAC/C,UAAU,EAAE,GAAG,EAAE,CAAC;IAClB,cAAc,EAAE,GAAG,EAAE,CAAC;IACtB,YAAY,EAAE,OAAO,CAAC;IACtB,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,EAAE,MAAM,GAAG,YAAY,CAAC;IACjC,UAAU,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;IAC9B,UAAU,EAAE,GAAG,CAAC;IAChB,aAAa,EAAE,GAAG,CAAC;IACnB,YAAY,EAAE,GAAG,CAAC;IAClB,WAAW,EAAE,GAAG,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAY;IAE3B,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,KAAK,CAAC,EAAE,GAAG,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,4EAA4E;IAC5E,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,IAAI,CAAC;IAC3B;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;;;;;GAMG;AACH,MAAM,WAAW,QAAS,SAAQ,YAAY;IAC5C,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC;IAC/E,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,uBAAuB,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;IAC9D,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;IAClD,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC;IAC7D,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC;IACvD,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,wBAAwB,EAAE,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;IACvE,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,iCAAiC,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IACnF,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,0BAA0B,EAAE,KAAK,EAAE,SAAS,GAAG,OAAO,CAAC;IACzE,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC;IAC7E,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE5C,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,qBAAqB,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9F,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,uBAAuB,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9E,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,IAAI,GAAG,IAAI,CAAC;IACjE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,aAAa,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IAC5E,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IACtE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,wBAAwB,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,IAAI,CAAC;IACtF,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,iCAAiC,EAAE,QAAQ,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;IAClG,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,0BAA0B,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,IAAI,CAAC;IACxF,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,sBAAsB,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,IAAI,GAAG,IAAI,CAAC;IAC5F,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;CAC5D;AAED;;;;;GAKG;AACH,MAAM,WAAW,SAAU,SAAQ,YAAY;IAC7C,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE5C,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,IAAI,GAAG,IAAI,CAAC;IAC9E,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,IAAI,CAAC;CAC5D"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/common",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "Shared constants and utilities for all Contrast Agent modules",
   "license": "UNLICENSED",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",

package/src/constants.ts CHANGED Viewed

@@ -21,6 +21,7 @@ export enum Event {
   ARCHITECTURE_COMPONENT = 'architecture-component',
   SERVER_SETTINGS_UPDATE = 'server-settings-update',
   ASSESS_DATAFLOW_FINDING = 'assess-dataflow-findings',
+  ASSESS_DATAFLOW_SAFE_POSITIVE = 'assess-dataflow-safe-positive',
   ASSESS_RESPONSE_SCANNING_FINDING = 'assess-response-scanning-findings',
   RESPONSE_FINISH = 'response-finish',
   ROUTE_COVERAGE_DISCOVERY = 'route-coverage-discovery',
@@ -94,5 +95,144 @@ export enum InputType {
   UNKNOWN = 'UNKNOWN',
 }
+export enum DataflowTag {
+  XML_ENCODED = 'XML_ENCODED',
+  XML_DECODED = 'XML_DECODED',
+  HTML_ENCODED = 'HTML_ENCODED',
+  HTML_DECODED = 'HTML_DECODED',
+  URL_ENCODED = 'URL_ENCODED',
+  URL_DECODED = 'URL_DECODED',
+  CSS_ENCODED = 'CSS_ENCODED',
+  CSS_DECODED = 'CSS_DECODED',
+  BASE64_ENCODED = 'BASE64_ENCODED',
+  BASE64_DECODED = 'BASE64_DECODED',
+  JAVASCRIPT_ENCODED = 'JAVASCRIPT_ENCODED',
+  JAVASCRIPT_DECODED = 'JAVASCRIPT_DECODED',
+  JAVA_ENCODED = 'JAVA_ENCODED',
+  JAVA_DECODED = 'JAVA_DECODED',
+  CSV_ENCODED = 'CSV_ENCODED',
+  CSV_DECODED = 'CSV_DECODED',
+  SQL_ENCODED = 'SQL_ENCODED',
+  SQL_DECODED = 'SQL_DECODED',
+  LDAP_ENCODED = 'LDAP_ENCODED',
+  LDAP_DECODED = 'LDAP_DECODED',
+  XPATH_ENCODED = 'XPATH_ENCODED',
+  XPATH_DECODED = 'XPATH_DECODED',
+  OS_ENCODED = 'OS_ENCODED',
+  OS_DECODED = 'OS_DECODED',
+  VBSCRIPT_ENCODED = 'VBSCRIPT_ENCODED',
+  VBSCRIPT_DECODED = 'VBSCRIPT_DECODED',
+  POTENTIAL_SANITIZED = 'POTENTIAL_SANITIZED',
+  POTENTIAL_VALIDATED = 'POTENTIAL_VALIDATED',
+  NO_CONTROL_CHARS = 'NO_CONTROL_CHARS',
+  CUSTOM = 'CUSTOM_CATCH_ALL',
+  // custom encoded/validated tags, only for data flow rules
+  CUSTOM_ENCODED = 'CUSTOM_ENCODED',
+  CUSTOM_ENCODED_CMD_INJECTION = 'CUSTOM_ENCODED_CMD_INJECTION',
+  CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION = 'CUSTOM_ENCODED_EXPRESSION_LANGUAGE_INJECTION',
+  CUSTOM_ENCODED_HEADER_INJECTION = 'CUSTOM_ENCODED_HEADER_INJECTION',
+  CUSTOM_ENCODED_HQL_INJECTION = 'CUSTOM_ENCODED_HQL_INJECTION',
+  CUSTOM_ENCODED_LDAP_INJECTION = 'CUSTOM_ENCODED_LDAP_INJECTION',
+  CUSTOM_ENCODED_LOG_INJECTION = 'CUSTOM_ENCODED_LOG_INJECTION',
+  CUSTOM_ENCODED_NOSQL_INJECTIOn = 'CUSTOM_ENCODED_NOSQL_INJECTION',
+  CUSTOM_ENCODED_PATH_TRAVERSAL = 'CUSTOM_ENCODED_PATH_TRAVERSAL',
+  CUSTOM_ENCODED_REDOS = 'CUSTOM_ENCODED_REDOS',
+  CUSTOM_ENCODED_REFLECTED_XSS = 'CUSTOM_ENCODED_REFLECTED_XSS',
+  CUSTOM_ENCODED_REFLECTION_INJECTION = 'CUSTOM_ENCODED_REFLECTION_INJECTION',
+  CUSTOM_ENCODED_SMTP_INJECTION = 'CUSTOM_ENCODED_SMTP_INJECTION',
+  CUSTOM_ENCODED_SQL_INJECTION = 'CUSTOM_ENCODED_SQL_INJECTION',
+  CUSTOM_ENCODED_SSRF = 'CUSTOM_ENCODED_SSRF',
+  CUSTOM_ENCODED_STORED_XSS = 'CUSTOM_ENCODED_STORED_XSS',
+  CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION = 'CUSTOM_ENCODED_TRUST_BOUNDARY_VIOLATION',
+  CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION = 'CUSTOM_ENCODED_UNSAFE_CODE_EXECUTION',
+  CUSTOM_ENCODED_UNSAFE_READLINE = 'CUSTOM_ENCODED_UNSAFE_READLINE',
+  CUSTOM_ENCODED_UNSAFE_XML_DECODE = 'CUSTOM_ENCODED_UNSAFE_XML_DECODE',
+  CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION = 'CUSTOM_ENCODED_UNTRUSTED_DESERIALIZATION',
+  CUSTOM_ENCODED_UNVALIDATED_FORWARD = 'CUSTOM_ENCODED_UNVALIDATED_FORWARD',
+  CUSTOM_ENCODED_UNVALIDATED_REDIRECT = 'CUSTOM_ENCODED_UNVALIDATED_REDIRECT',
+  CUSTOM_ENCODED_XPATH_INJECTION = 'CUSTOM_ENCODED_XPATH_INJECTION',
+  CUSTOM_ENCODED_XXE = 'CUSTOM_ENCODED_XXE',
+  CUSTOM_SECURITY_CONTROL_APPLIED = 'CUSTOM_SECURITY_CONTROL_APPLIED',
+  CUSTOM_VALIDATED = 'CUSTOM_VALIDATED',
+  CUSTOM_VALIDATED_CMD_INJECTION = 'CUSTOM_VALIDATED_CMD_INJECTION',
+  CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION = 'CUSTOM_VALIDATED_EXPRESSION_LANGUAGE_INJECTION',
+  CUSTOM_VALIDATED_HEADER_INJECTION = 'CUSTOM_VALIDATED_HEADER_INJECTION',
+  CUSTOM_VALIDATED_HQL_INJECTION = 'CUSTOM_VALIDATED_HQL_INJECTION',
+  CUSTOM_VALIDATED_LDAP_INJECTION = 'CUSTOM_VALIDATED_LDAP_INJECTION',
+  CUSTOM_VALIDATED_LOG_INJECTION = 'CUSTOM_VALIDATED_LOG_INJECTION',
+  CUSTOM_VALIDATED_NOSQL_INJECTION = 'CUSTOM_VALIDATED_NOSQL_INJECTION',
+  CUSTOM_VALIDATED_PATH_TRAVERSAL = 'CUSTOM_VALIDATED_PATH_TRAVERSAL',
+  CUSTOM_VALIDATED_REDOS = 'CUSTOM_VALIDATED_REDOS',
+  CUSTOM_VALIDATED_REFLECTED_XSS = 'CUSTOM_VALIDATED_REFLECTED_XSS',
+  CUSTOM_VALIDATED_REFLECTION_INJECTION = 'CUSTOM_VALIDATED_REFLECTION_INJECTION',
+  CUSTOM_VALIDATED_SMTP_INJECTION = 'CUSTOM_VALIDATED_SMTP_INJECTION',
+  CUSTOM_VALIDATED_SQL_INJECTION = 'CUSTOM_VALIDATED_SQL_INJECTION',
+  CUSTOM_VALIDATED_SSRF = 'CUSTOM_VALIDATED_SSRF',
+  CUSTOM_VALIDATED_STORED_XSS = 'CUSTOM_VALIDATED_STORED_XSS',
+  CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION = 'CUSTOM_VALIDATED_TRUST_BOUNDARY_VIOLATION',
+  CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION = 'CUSTOM_VALIDATED_UNSAFE_CODE_EXECUTION',
+  CUSTOM_VALIDATED_UNSAFE_READLINE = 'CUSTOM_VALIDATED_UNSAFE_READLINE',
+  CUSTOM_VALIDATED_UNSAFE_XML_DECODE = 'CUSTOM_VALIDATED_UNSAFE_XML_DECODE',
+  CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION = 'CUSTOM_VALIDATED_UNTRUSTED_DESERIALIZATION',
+  CUSTOM_VALIDATED_UNVALIDATED_FORWARD = 'CUSTOM_VALIDATED_UNVALIDATED_FORWARD',
+  CUSTOM_VALIDATED_UNVALIDATED_REDIRECT = 'CUSTOM_VALIDATED_UNVALIDATED_REDIRECT',
+  CUSTOM_VALIDATED_XPATH_INJECTION = 'CUSTOM_VALIDATED_XPATH_INJECTION',
+  CUSTOM_VALIDATED_XXE = 'CUSTOM_VALIDATED_XXE',
+  // tracked_string range tags
+  NO_NEWLINES = 'NO_NEWLINES',
+  UNTRUSTED = 'UNTRUSTED',
+  CROSS_SITE = 'CROSS_SITE',
+  LIMITED_CHARS = 'LIMITED_CHARS',
+  ALPHANUM_SPACE_HYPHEN = 'ALPHANUM_SPACE_HYPHEN',
+  STRING_TYPE_CHECKED = 'STRING_TYPE_CHECKED',
+  DATABASE_WRITE = 'DATABASE_WRITE',
+  HEADER = 'HEADER',
+  COOKIE = 'COOKIE',
+  WEAK_URL_ENCODED = 'WEAK_URL_ENCODED',
+}
 export const BLOCKING_MODES = ['block', 'block_at_perimeter'];
+export const FS_METHODS = [
+  { name: 'access', promises: true, sync: true, indices: [0] },
+  { name: 'appendFile', promises: true, sync: true, indices: [0] },
+  { name: 'chmod', promises: true, sync: true, indices: [0] },
+  { name: 'chown', promises: true, sync: true, indices: [0] },
+  { name: 'copyFile', promises: true, sync: true, indices: [0, 1] },
+  { name: 'cp', promises: true, sync: true, indices: [0, 1] },
+  { name: 'createReadStream', promises: false, sync: false, indices: [0] },
+  { name: 'createWriteStream', promises: false, sync: false, indices: [0] },
+  { name: 'exists', promises: false, sync: true, indices: [0] },
+  { name: 'lchmod', promises: true, sync: true, indices: [0] },
+  { name: 'lchown', promises: true, sync: true, indices: [0] },
+  { name: 'link', promises: true, sync: true, indices: [0] },
+  { name: 'lstat', promises: true, sync: true, indices: [0] },
+  { name: 'lutimes', promises: true, sync: true, indices: [0] },
+  { name: 'mkdir', promises: true, sync: true, indices: [0] },
+  { name: 'mkdtemp', promises: true, sync: true, indices: [0] },
+  { name: 'open', promises: true, sync: true, indices: [0] },
+  { name: 'openAsBlob', promises: false, sync: false, indices: [0] },
+  { name: 'opendir', promises: true, sync: true, indices: [0] },
+  { name: 'readdir', promises: true, sync: true, indices: [0] },
+  { name: 'readFile', promises: true, sync: true, indices: [0] },
+  { name: 'readlink', promises: true, sync: true, indices: [0] },
+  { name: 'realpath', promises: true, sync: true, indices: [0] },
+  { name: 'rename', promises: true, sync: true, indices: [0, 1] },
+  { name: 'rmdir', promises: true, sync: true, indices: [0] },
+  { name: 'rm', promises: true, sync: true, indices: [0] },
+  { name: 'stat', promises: true, sync: true, indices: [0] },
+  { name: 'statfs', promises: true, sync: true, indices: [0] },
+  { name: 'symlink', promises: true, sync: true, indices: [0, 1] },
+  { name: 'truncate', promises: true, sync: true, indices: [0] },
+  { name: 'unlink', promises: true, sync: true, indices: [0] },
+  { name: 'unwatchFile', promises: false, sync: false, indices: [0] },
+  { name: 'utimes', promises: true, sync: true, indices: [0] },
+  { name: 'watch', promises: true, sync: false, indices: [0] },
+  { name: 'watchFile', promises: false, sync: false, indices: [0] },
+  { name: 'writeFile', promises: true, sync: true, indices: [0] },
+] as const;
+export enum agentLibIDListTypes {
+  MONGO_SLEEP = 'MONGO-SLEEP',
+  TRUE_CLAUSE_1 = 'TRUE-CLAUSE-1'
+}

package/src/index.ts CHANGED Viewed

@@ -131,6 +131,14 @@ export function callChildComponentMethodsSync(parent: any, method: 'install' | '
   }
 }
+export async function callChildComponentMethods(parent: any, method: 'install' | 'uninstall', order?: string[]) {
+  const keys = order || Object.keys(parent);
+  for (const key of keys) {
+    const component: any = parent[key];
+    await component?.[method]?.();
+  }
+}
 export function groupResultsMap(resultsMap: Partial<ResultMap>) {
   const result: {
     commonResultsMap: Partial<CommonRulesResultsMap>;
@@ -209,6 +217,7 @@ export function mergeRemoteData(
 export const featureReaders = {
   'agent.logger.level': (remoteData: any) => remoteData.logger?.level,
   'agent.logger.path': (remoteData: any) => remoteData.logger?.path,
+  'application.session_id': (remoteData: any) => remoteData?.settings?.assessment?.session_id,
   'agent.security_logger.syslog.enable': (remoteData: any) => remoteData.security_logger?.syslog?.enable,
   'agent.security_logger.syslog.ip': (remoteData: any) => remoteData.security_logger?.syslog?.ip,
   'agent.security_logger.syslog.port': (remoteData: any) => remoteData.security_logger?.syslog?.port,
@@ -282,3 +291,10 @@ const { trim: origTrim } = String.prototype;
 export function trim(str: string, ...args: []) {
   return origTrim.call(str, ...args);
 }
+import { inspect as originalInspect } from 'util';
+export function inspect(...args: any) {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
+  return originalInspect.call(null, ...args);
+}

package/src/signatures/fs.ts ADDED Viewed

@@ -0,0 +1,65 @@
+/*
+ * Copyright: 2022 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+import { FS_METHODS } from '../constants';
+import { Signature } from '../types';
+const fs = new Map<string, Signature>(
+  FS_METHODS.reduce((sigs, method) => {
+    sigs.push([
+      `fs.${method.name}`,
+      {
+        moduleName: 'fs',
+        methodName: method.name,
+        isModule: true,
+      }
+    ]);
+    if (method.sync) {
+      sigs.push([
+        `fs.${method.name}Sync`,
+        {
+          moduleName: 'fs',
+          methodName: `${method.name}Sync`,
+          isModule: true,
+        }
+      ]);
+    }
+    if (method.promises) {
+      sigs.push([
+        `fs.promises.${method.name}`,
+        {
+          moduleName: 'fs.promises',
+          methodName: method.name,
+          isModule: true,
+        }
+      ]);
+      sigs.push([
+        `fsPromises.${method.name}`,
+        {
+          moduleName: 'fsPromises',
+          methodName: method.name,
+          isModule: true,
+        }
+      ]);
+    }
+    return sigs;
+  }, [] as [string, Signature][])
+);
+export default fs;