npm - @contrast/config - Versions diffs - 1.17.0 → 1.18.0 - Mend

@contrast/config 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/common.js ADDED Viewed

@@ -0,0 +1,102 @@
+/*
+ * Copyright: 2023 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+'use strict';
+const {
+  ProtectRuleMode: {
+    OFF,
+    MONITOR,
+    BLOCK,
+    BLOCK_AT_PERIMETER
+  },
+  Rule: {
+    CMD_INJECTION,
+    CMD_INJECTION_COMMAND_BACKDOORS,
+    CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS,
+    CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS,
+    METHOD_TAMPERING,
+    NOSQL_INJECTION,
+    NOSQL_INJECTION_MONGO,
+    PATH_TRAVERSAL,
+    PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS,
+    REFLECTED_XSS,
+    SQL_INJECTION,
+    SSJS_INJECTION,
+    UNSAFE_FILE_UPLOAD,
+    UNTRUSTED_DESERIALIZATION,
+    XXE,
+  },
+} = require('@contrast/common');
+function protectModeReader(ruleId) {
+  return function (msg) {
+    const remoteSetting = msg?.protect?.rules?.[ruleId];
+    switch (remoteSetting?.mode) {
+      case 'OFF': return OFF;
+      case 'MONITOR':
+      case 'MONITORING': return MONITOR;
+      case 'BLOCK':
+      case 'BLOCKING': return BLOCK;
+      case 'BLOCK_AT_PERIMETER': return BLOCK_AT_PERIMETER;
+    }
+  };
+}
+const ConfigSource = {
+  CONTRAST_UI: 'CONTRAST_UI',
+  DEFAULT_VALUE: 'DEFAULT_VALUE',
+  ENVIRONMENT_VARIABLE: 'ENVIRONMENT_VARIABLE',
+  USER_CONFIGURATION_FILE: 'USER_CONFIGURATION_FILE',
+};
+const mappings = {
+  // server features
+  'agent.logger.level': (remoteData) => remoteData.logger?.level?.toLowerCase?.(),
+  'agent.logger.path': (remoteData) => remoteData.logger?.path,
+  'application.session_id': (remoteData) => remoteData?.settings?.assessment?.session_id,
+  'agent.security_logger.syslog.enable': (remoteData) => remoteData.security_logger?.syslog?.enable,
+  'agent.security_logger.syslog.ip': (remoteData) => remoteData.security_logger?.syslog?.ip,
+  'agent.security_logger.syslog.port': (remoteData) => remoteData.security_logger?.syslog?.port,
+  'agent.security_logger.syslog.facility': (remoteData) => remoteData.security_logger?.syslog?.facility,
+  'agent.security_logger.syslog.severity_exploited': (remoteData) => remoteData.security_logger?.syslog?.severity_exploited?.toLowerCase(),
+  'agent.security_logger.syslog.severity_blocked': (remoteData) => remoteData.security_logger?.syslog?.severity_blocked?.toLowerCase(),
+  'agent.security_logger.syslog.severity_probed': (remoteData) => remoteData.security_logger?.syslog?.severity_probed?.toLowerCase(),
+  // application settings
+  'protect.rules.cmd-injection.mode': protectModeReader(CMD_INJECTION),
+  'protect.rules.cmd-injection-command-backdoors.mode': protectModeReader(CMD_INJECTION_COMMAND_BACKDOORS),
+  'protect.rules.cmd-injection-semantic-chained-commands.mode': protectModeReader(CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS),
+  'protect.rules.cmd-injection-semantic-dangerous-paths.mode': protectModeReader(CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS),
+  'protect.rules.method-tampering.mode': protectModeReader(METHOD_TAMPERING),
+  'protect.rules.nosql-injection.mode': protectModeReader(NOSQL_INJECTION),
+  'protect.rules.nosql-injection-mongo.mode': protectModeReader(NOSQL_INJECTION_MONGO),
+  'protect.rules.path-traversal.mode': protectModeReader(PATH_TRAVERSAL),
+  'protect.rules.path-traversal-semantic-file-security-bypass.mode': protectModeReader(PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS),
+  'protect.rules.reflected-xss.mode': protectModeReader(REFLECTED_XSS),
+  'protect.rules.sql-injection.mode': protectModeReader(SQL_INJECTION),
+  'protect.rules.ssjs-injection.mode': protectModeReader(SSJS_INJECTION),
+  'protect.rules.unsafe-file-upload.mode': protectModeReader(UNSAFE_FILE_UPLOAD),
+  'protect.rules.untrusted-deserialization.mode': protectModeReader(UNTRUSTED_DESERIALIZATION),
+  'protect.rules.xxe.mode': protectModeReader(XXE),
+};
+/*
+ * Keys are canonical name and values are functions which read the equivalent value
+ * from the TS response object message.
+ */
+module.exports = {
+  ConfigSource,
+  mappings,
+};

package/lib/config.js ADDED Viewed

@@ -0,0 +1,263 @@
+/*
+ * Copyright: 2023 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+'use strict';
+const process = require('process');
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const yaml = require('yaml');
+const { Event, get, set } = require('@contrast/common');
+const options = require('./options');
+const {
+  ConfigSource: {
+    CONTRAST_UI,
+    DEFAULT_VALUE,
+    ENVIRONMENT_VARIABLE,
+    USER_CONFIGURATION_FILE,
+  },
+  mappings,
+} = require('./common');
+const CONTRAST_CONFIG_PATH = 'CONTRAST_CONFIG_PATH';
+const CONTRAST_PREFIX = 'CONTRAST_';
+const OS_CONFIG_DIR = os.platform() === 'win32'
+  ? path.resolve(process.env.ProgramData || '', 'contrast')
+  : '/etc/contrast';
+const REDACTED_KEYS = ['api.api_key', 'api.service_key'];
+module.exports = class Config {
+  constructor(core) {
+    // internals
+    this._filepath = '';
+    this._errors = [];
+    this._effectiveMap = new Map();
+    this._status = '';
+    // config object
+    this.api = {};
+    this.agent = {
+      diagnostics: {},
+      reporters: {},
+      security_logger: {},
+      logger: {},
+      node: {},
+    };
+    this.application = {};
+    this.assess = {};
+    this.inventory = {};
+    this.protect = {
+      rules: {},
+      disabled_rules: ''
+    };
+    this.server = {};
+    // initialize
+    this._build();
+    this._validate();
+    core.messages?.on?.(Event.SERVER_SETTINGS_UPDATE, (msg) => {
+      if (!this._status) this._status = 'Success';
+      for (const [name, mapper] of Object.entries(mappings)) {
+        if (this.getEffectiveSource(name) === DEFAULT_VALUE) {
+          const remoteValue = mapper(msg);
+          if (remoteValue != null) {
+            this._effectiveMap.set(name, {
+              canonical_name: name,
+              name,
+              value: remoteValue,
+              source: CONTRAST_UI,
+            });
+          }
+        }
+      }
+    });
+  }
+  _initEnv() {
+    const { env } = process;
+    if (env.pm2_env?.includes?.(CONTRAST_PREFIX)) {
+      let parsedEnv;
+      try {
+        parsedEnv = JSON.parse(env.pm2_env);
+      } catch (_err) {
+        const err = new Error(`Unable to parse pm2 environment variable: '${env.pm2_env}'`);
+        err.cause = _err;
+        this._errors.push(err);
+      }
+      for (const pm2EnvConfig of [parsedEnv?.env, parsedEnv]) {
+        if (!pm2EnvConfig) continue;
+        for (const [name, value] of Object.entries(pm2EnvConfig)) {
+          if (env[name] || !name.startsWith(CONTRAST_PREFIX)) continue;
+          env[name] = value;
+        }
+      }
+    }
+    return Object.entries(env).reduce((acc, [key, val]) => {
+      const name = key.toUpperCase();
+      if (name.startsWith('CONTRAST_')) {
+        acc[name] = val;
+      }
+      return acc;
+    }, {});
+  }
+  /**
+   * Returns the locations to search for configuration files. Being a function
+   * allows us to stub these locations within tests.
+   */
+  _configDirs() {
+    return [
+      process.cwd(),
+      path.resolve(OS_CONFIG_DIR, 'node'),
+      OS_CONFIG_DIR,
+      path.resolve(os.homedir(), '.config', 'contrast'),
+    ];
+  }
+  _initFile() {
+    let fileConfig = {};
+    this._filepath = process.env[CONTRAST_CONFIG_PATH];
+    if (!this._filepath) {
+      for (const dir of this._configDirs()) {
+        const currentPath = path.resolve(dir, 'contrast_security.yaml');
+        if (fs.existsSync(currentPath)) {
+          this._filepath = currentPath;
+          break;
+        }
+      }
+    }
+    const { _filepath } = this;
+    if (_filepath) {
+      let fileContents;
+      try {
+        fileContents = fs.readFileSync(_filepath).toString('utf-8');
+      } catch (e) {
+        const err = new Error(`Unable to read Contrast configuration file: '${_filepath}'`);
+        err.cause = e;
+        this._errors.push(err);
+      }
+      if (fileContents) {
+        try {
+          fileConfig = yaml.parse(fileContents, { prettyErrors: true });
+        } catch (e) {
+          const err = new Error(`Contrast configuration file is malformed: '${_filepath}'`);
+          this._errors.push(err);
+          err.cause = e;
+        }
+      }
+    }
+    return fileConfig;
+  }
+  _build() {
+    const envOptions = this._initEnv();
+    const fileOptions = this._initFile();
+    this._effectiveMap.clear();
+    for (const opt of options) {
+      const envValue = envOptions[opt.env];
+      const fileValue = get(fileOptions, opt.name);
+      let source, value;
+      if (envValue != null) {
+        source = ENVIRONMENT_VARIABLE;
+        value = envValue;
+      } else if (fileValue != null) {
+        source = USER_CONFIGURATION_FILE;
+        value = fileValue;
+      } else {
+        value = opt.default;
+        source = DEFAULT_VALUE;
+      }
+      if (opt.fn) value = opt.fn(value);
+      if (opt.enum && !opt.enum.includes(value)) value = opt.default;
+      set(this, opt.name, value);
+      this._effectiveMap.set(opt.name, {
+        canonical_name: opt.name,
+        name: opt.name,
+        value,
+        source,
+      });
+    }
+  }
+  _redact(name, value) {
+    if (value == null) return value;
+    return REDACTED_KEYS.includes(name) ? `contrast-redacted-${name}` : value;
+  }
+  _validate() {
+    if (
+      get(this, 'application.session_id') &&
+      get(this, 'application.session_metadata')
+    ) {
+      const err = new Error('Cannot set both `application.session_id` and `application.session_metadata`');
+      this._errors.push(err);
+    }
+  }
+  getReport({ redact = true }) {
+    const effective_config = [], environment_variable = [], contrast_ui = [];
+    Array.from(this._effectiveMap.values()).forEach((v) => {
+      let value = redact ? this._redact(v.name, v.value) : v.value;
+      if (value === undefined) value = null;
+      effective_config.push({ ...v, value: String(value) });
+      if (v.source === ENVIRONMENT_VARIABLE) environment_variable.push(v);
+      if (v.source === CONTRAST_UI) contrast_ui.push(v);
+    });
+    return {
+      report_create: new Date(),
+      config: {
+        status: this._status,
+        effective_config,
+        environment_variable,
+        contrast_ui,
+      }
+    };
+  }
+  getEffectiveSource(canonicalName) {
+    return this._effectiveMap.get(canonicalName)?.source;
+  }
+  getEffectiveValue(canonicalName) {
+    return this._effectiveMap.get(canonicalName)?.value;
+  }
+  setValue(name, value, source) {
+    this._effectiveMap.set(name, { canonical_name: name, name, source, value });
+    set(this, name, value);
+  }
+};

package/lib/index.d.ts CHANGED Viewed

@@ -15,6 +15,14 @@
 import { ProtectRuleMode, Rule } from '@contrast/common';
 import { LevelWithSilent } from 'pino';
+export { ConfigSource } from './common.js';
+export interface EffectiveEntry {
+  canonical_name: string;
+  name: string;
+  value: any;
+  source: ConfigSource;
+}
 export type Level =
   | 'error'
@@ -44,10 +52,10 @@ export interface ConfigOption<T> {
 }
 export interface Config {
-  configFile: string;
-  _default: Record<string, any>;
-  _flat: Record<string, any>;
-  _sources: Record<string, 'DEFAULT_VALUE' | 'ENVIRONMENT_VARIABLE' | 'USER_CONFIGURATION_FILE' | 'CONTRAST_UI'>;
+  _filepath: string;
+  _effectiveMap: Map<EffectiveEntry>;
+  _errors: Error[];
+  _status: string,
   api: {
     /** Default: `true` */
@@ -263,6 +271,10 @@ export interface Config {
     tags?: string;
     version?: string;
   };
+  getEffectiveSource(cannonicalName: string): any;
+  getEffectiveValue(cannonicalName: string): any;
+  getReport({ redact: boolean }): any;
+  setValue(name: string, value: any, source: ConfigSource): void;
 }
 interface Core {

package/lib/index.js CHANGED Viewed

@@ -15,8 +15,11 @@
 'use strict';
-const configUtil = require('./util');
+const Config = require('./config');
+const { ConfigSource } = require('./common');
-module.exports = function init(core = {}) {
-  return core.config = configUtil.setup();
+module.exports = function (core = {}) {
+  return core.config = new Config(core);
 };
+module.exports.ConfigSource = ConfigSource;

package/lib/options.js CHANGED Viewed

@@ -77,7 +77,6 @@ const parseNum = (val) => {
  * The module currently houses all new common config settings.
  *
  * Other settings include:
- * - env: environment variable to check for value in
  * - fn: a function to run on the original value (eg type coercion or sanitizing). returns undefined if it can't do anything with the value it is given.
  * - enum: validation of whether type matches enumerated value
  *
@@ -90,15 +89,6 @@ const parseNum = (val) => {
  * @type {import('.').ConfigOption[]}
  */
 const options = [
-  // config
-  {
-    name: 'configFile',
-    abbrev: 'c',
-    // special case this guy because it should be settable via ENV
-    env: 'CONTRAST_CONFIG_PATH',
-    arg: '<path>',
-    desc: 'set config file location. defaults to <app_root>/contrast_security.yaml',
-  },
   // api
   {
     name: 'api.enable',
@@ -109,7 +99,6 @@ const options = [
   },
   {
     name: 'api.url',
-    env: 'CONTRASTSECURITY_URL',
     arg: '<url>',
     default: 'https://app.contrastsecurity.com/Contrast',
     // The old json spec used to expect that the url would not end in /Contrast
@@ -146,19 +135,16 @@ const options = [
   },
   {
     name: 'api.api_key',
-    env: 'CONTRASTSECURITY_API_KEY',
     arg: '<key>',
     desc: 'Set the API key needed to communicate with the Contrast UI.',
   },
   {
     name: 'api.service_key',
-    env: 'CONTRASTSECURITY_SECRET_KEY',
     arg: '<key>',
     desc: 'Set the service key needed to communicate with the Contrast UI. It is used to calculate the Authorization header.',
   },
   {
     name: 'api.user_name',
-    env: 'CONTRASTSECURITY_UID',
     arg: '<name>',
     desc: 'Set the user name used to communicate with the Contrast UI. It is used to calculate the Authorization header.',
   },
@@ -270,7 +256,7 @@ Example - \`/opt/Contrast/contrast.log\` creates a log in the \`/opt/Contrast\`
     name: 'agent.logger.level',
     arg: '<level>',
     enum: ['error', 'warn', 'info', 'debug', 'trace'],
-    // default: 'info', // this has no default at the config level but is instead handled by `@contrast/logger` to account for TS settings.
+    default: 'info',
     fn: lowercase,
     desc: 'Set the the log output level. Valid options are `ERROR`, `WARN`, `INFO`, `DEBUG`, and `TRACE`.',
   },
@@ -503,13 +489,13 @@ Example - \`label1, label2, label3\``,
     .map((ruleId) => ({
       name: `protect.rules.${ruleId}.mode`,
       arg: '<mode>',
+      default: 'off',
       enum: ['monitor', 'block', 'block_at_perimeter', 'off'],
       desc: 'Set the mode of the rule. Value options are `monitor`, `block`, `block_at_perimeter`, or `off`.',
     })),
   // application
   {
     name: 'application.name',
-    env: 'CONTRASTSECURITY_APP_NAME',
     arg: '<name>',
     desc: "Override the reported application name. Defaults to the `name` field from an application's `package.json`",
   },
@@ -563,8 +549,11 @@ Example - \`label1, label2, label3\``,
     arg: '<version>',
     desc: "override the reported server version (if different from 'version' field in the application's package.json)",
   },
-];
+].map((opt) => Object.assign(opt, {
+  env: `CONTRAST__${opt.name.toUpperCase().replace(/\./g, '__')
+    .replace(/-/g, '_')}`
+}));
-module.exports.configOptions = options;
+module.exports = options;
 module.exports.clearBaseCase = clearBaseCase;
 module.exports.castBoolean = castBoolean;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.17.0",
+  "version": "1.18.0",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.14.0",
+    "@contrast/common": "1.15.0",
     "yaml": "^2.2.2"
   }
-}
+}

package/lib/util.js DELETED Viewed

@@ -1,288 +0,0 @@
-/*
- * Copyright: 2023 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const process = require('process');
-const path = require('path');
-const fs = require('fs');
-const os = require('os');
-const yaml = require('yaml');
-const { set } = require('@contrast/common');
-const { configOptions } = require('./options');
-const util = module.exports;
-/**
- * Sets initial config values to the config.
- *
- * @param {Config} conf the config. mutates.
- * @param {string} name name of the option, eg 'agent.logger.stdout'
- * @param {*} value
- * @param {boolean} def set from default or not
- */
-function setConfig(conf, name, value, def, origin) {
-  set(conf, name, value);
-  conf._default[name] = def;
-  conf._flat[name] = value;
-  conf._sources[name] = origin;
-}
-class ConfigurationError extends Error {
-  constructor(message) {
-    super(`Configuration Error: ${message}`);
-  }
-}
-class Config {
-  constructor() {
-    Object.assign(this, {
-      _default: {},
-      _flat: {},
-      _sources: {},
-      api: {},
-      agent: {
-        diagnostics: {},
-        reporters: {},
-        security_logger: {},
-        logger: {},
-        node: {},
-      },
-      inventory: {},
-      assess: {},
-      protect: {
-        rules: {},
-      },
-      application: {},
-      server: {},
-    });
-  }
-  /**
-   * Override the setting, if set from its default.
-   *
-   * @param {string} name name of the option, eg 'agent.logger.stdout'
-   * @param {*} value
-   */
-  override(name, value) {
-    if (this._default[name]) {
-      setConfig(this, name, value, true);
-    }
-  }
-  get(name) {
-    return name.split('.').reduce((obj, prop) => obj?.[prop], this);
-  }
-  /**
-   * Custom validation logic.
-   * @throws {Error}
-   */
-  validate() {
-    // Mutually exclusive options:
-    if (
-      this.get('application.session_id') &&
-      this.get('application.session_metadata')
-    ) {
-      throw new ConfigurationError(
-        'Cannot set both `application.session_id` and `application.session_metadata`'
-      );
-    }
-  }
-}
-/**
- * Find location of config given options and name of config file
- * @return {string|void} path, if valid
- */
-function checkConfigPath() {
-  const configDir =
-    os.platform() === 'win32'
-      ? `${process.env['ProgramData']}\\contrast`
-      : '/etc/contrast';
-  const configSubDir = `${configDir}${path.sep}node`;
-  for (const dir of [process.cwd(), configSubDir, configDir]) {
-    const checkPath = path.resolve(dir, 'contrast_security.yaml');
-    if (fs.existsSync(checkPath)) {
-      return checkPath;
-    }
-  }
-  return;
-}
-/**
- * Read config into object
- * @return {Object} configuration
- */
-function readConfig() {
-  let config = {};
-  let fileContents;
-  const configPath = process.env['CONTRAST_CONFIG_PATH'] || checkConfigPath();
-  if (configPath) {
-    try {
-      fileContents = fs.readFileSync(configPath).toString('utf-8');
-    } catch (e) {
-      console.error(
-        'Unable to read config file at %s: %s',
-        configPath,
-        e.message
-      );
-    }
-  }
-  if (fileContents) {
-    try {
-      config = yaml.parse(fileContents, {
-        prettyErrors: true,
-      });
-    } catch (e) {
-      console.error(
-        'YAML validator found an error in %s: %s',
-        configPath,
-        e.message
-      );
-    }
-  }
-  return config;
-}
-/**
- * We want to "un-flatten" the config, in the
- * event that there are any dot-delimited keys remaining.
- * FIXME: when we get rid of JSON, don't do this anymore
- * @return {Object} "un-flattened" file options
- */
-function getFileOptions() {
-  const config = readConfig();
-  return Object.values(config).reduce((memo, value, idx) => {
-    const key = Object.keys(config)[idx];
-    // Merge if necessary,
-    if (memo[key]) {
-      Object.assign(memo[key], value);
-    } else {
-      // but otherwise set the config path.
-      set(memo, key, value);
-    }
-    return memo;
-  }, {});
-}
-/**
- * only set autoEnv if it's a common config option
- * @param {string} name
- */
-function getAutoEnv(name) {
-  // fix rule names too e.g. sql-injecxtion -> SQL_INJECTION
-  const envName = name.toUpperCase().replace(/\./g, '__')
-    .replace(/-/g, '_');
-  return name === 'configFile'
-    ? undefined
-    : process.env[`CONTRAST__${envName}`] || process.env[envName];
-}
-/**
- * When you run an application with pm2 on cluster mode, pm2 attaches the
- * process.env to a property pm2_env(only for the agent since we start it with -r flag), so
- * the function checks if there is a pm2_env property and merge contrast
- * related properties to process.env
- */
-function mergePM2Envs() {
-  if (!process.env.pm2_env) return;
-  const pm2_env = JSON.parse(process.env.pm2_env);
-  const objectEntries = Object.entries(pm2_env.env).concat(Object.entries(pm2_env));
-  const cfgPath = 'CONTRAST_CONFIG_PATH';
-  const pm2CfgPath = pm2_env.env[cfgPath] || pm2_env[cfgPath];
-  if (pm2CfgPath) process.env[cfgPath] = pm2CfgPath;
-  objectEntries.forEach(([key, value]) => {
-    if (
-      !process.env[key] && key.toLocaleLowerCase().includes('contrast')
-    ) {
-      process.env[key] = value;
-    }
-  });
-}
-/**
- * @return {Config} merged options
- */
-function mergeOptions() {
-  const fileOptions = getFileOptions();
-  return configOptions.reduce((options, option) => {
-    const {
-      default: optDefault,
-      enum: optEnum,
-      fn = (arg) => arg,
-      name,
-    } = option;
-    const env = process.env[option.env];
-    const autoEnv = getAutoEnv(name);
-    const fileFlag = name
-      .split('.')
-      .reduce((obj, prop) => obj?.[prop], fileOptions);
-    // For some values, we want to know if we assigned by falling back to default
-    let isFromDefault, origin;
-    if (env != null || autoEnv != null) {
-      origin = 'ENVIRONMENT_VARIABLE';
-    } else if (fileFlag != null) {
-      origin = 'USER_CONFIGURATION_FILE';
-    }
-    // env > file > default
-    let value = [env, autoEnv, fileFlag]
-      .map((v) => fn(v)).find((flag) => flag !== undefined);
-    // if it's an enum, find it in the enum or set the value to default
-    // ineffective if optDefault wasn't in the enum;
-    // optDefault won't get passed through fn, so it needs to be valid.
-    if (optEnum && optEnum.indexOf(value) === -1) {
-      value = fn(optDefault);
-      isFromDefault = true;
-      origin = 'DEFAULT_VALUE';
-    }
-    // set default last and separately, so that we can mark that the option was
-    // set from default
-    if (value === undefined) {
-      value = fn(optDefault);
-      isFromDefault = true;
-      origin = 'DEFAULT_VALUE';
-    }
-    setConfig(options, name, value, isFromDefault, origin);
-    return options;
-  }, new Config());
-}
-util.Config = Config;
-util.setup = function setup() {
-  mergePM2Envs();
-  const mergedOptions = mergeOptions();
-  mergedOptions.validate();
-  return mergedOptions;
-};
-// We want to use the set method used here for creating a correct mock object for tests
-util.setConfig = setConfig;