npm - @contrast/config - Versions diffs - 1.10.0 → 1.12.0 - Mend

@contrast/config 1.10.0 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/index.d.ts CHANGED Viewed

@@ -14,7 +14,14 @@
  */
 import { ProtectRuleMode, Rule } from '@contrast/common';
-import { Level } from 'pino';
+import { LevelWithSilent } from 'pino';
+export type Level =
+  | 'error'
+  | 'warn'
+  | 'info'
+  | 'debug'
+  | 'trace';
 export type SyslogLevel =
   | 'alert'
@@ -70,7 +77,7 @@ export interface Config {
        * Minimum log level. 'silent' disables logging entirely.
        * Default: `'error'`
        */
-      level: Level | 'silent';
+      level: LevelWithSilent;
       /** Default: `'node-contrast'` */
       path: string;
@@ -80,8 +87,8 @@ export interface Config {
     };
     security_logger: {
-      /** Default: `'debug'` */
-      level: SyslogLevel;
+      /** Default: `'error'` */
+      level: Level;
       /** Default: `'security'` */
       path: string;
@@ -165,7 +172,7 @@ export interface Config {
     session_id: string | null;
     /** Provide metadata used to create a new session within Contrast UI/ */
-    session_metadtata: string | null;
+    session_metadata: string | null;
   };
   assess: {

package/lib/options.js CHANGED Viewed

@@ -231,13 +231,11 @@ const agent = [
   },
   {
     name: 'agent.security_logger.level',
-    default: 'debug',
+    default: 'error',
     arg: '<level>',
     fn: lowercase,
-    // NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but
-    // we do not let the user set emergency for whatever reason
-    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
-    desc: 'security logging level (alert, crit, err, warning, notice, info, debug)',
+    enum: ['error', 'warn', 'info', 'debug', 'trace'],
+    desc: 'security logging level (error, warn, info, debug, trace)',
   },
   {
     name: 'agent.security_logger.path',
@@ -467,6 +465,7 @@ const assess = [
   {
     name: 'assess.trust_custom_validators',
     arg: '<trust-custom-validators>',
+    fn: castBoolean,
     default: false,
     desc: 'trust incoming strings when they pass custom validators (Mongoose, Joi)',
   },
@@ -492,6 +491,14 @@ const assess = [
     fn: parseNum,
     desc: 'set limit for maximum number of source events (tracked strings) created per request',
   },
+  {
+    name: 'assess.safe_positives.enable',
+    arg: '[false]',
+    default: false,
+    fn: castBoolean,
+    desc: 'enable detection and reporting of findings regarding safe security practices, aka safe positives. ' +
+      'these results will be written to the location described by the `agent.reporters.file` option.',
+  },
 ];
 const server = [

package/lib/util.js CHANGED Viewed

@@ -109,8 +109,9 @@ function checkConfigPath() {
     os.platform() === 'win32'
       ? `${process.env['ProgramData']}\\contrast`
       : '/etc/contrast';
+  const configSubDir = `${configDir}${path.sep}node`;
-  for (const dir of [process.cwd(), configDir]) {
+  for (const dir of [process.cwd(), configSubDir, configDir]) {
     const checkPath = path.resolve(dir, 'contrast_security.yaml');
     if (fs.existsSync(checkPath)) {
       return checkPath;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.10.0",
+  "version": "1.12.0",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.8.0",
+    "@contrast/common": "1.10.0",
     "yaml": "^2.2.2"
   }
 }