npm - @contrast/config - Versions diffs - 1.4.0 → 1.5.1 - Mend

@contrast/config 1.4.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/options.js CHANGED Viewed

@@ -177,6 +177,25 @@ const api = [
 ];
 const agent = [
+  {
+    name: 'agent.diagnostics.enable',
+    arg: '[false]',
+    default: true,
+    fn: castBoolean,
+    desc: 'If true the agent will try to create both diagnostic files at startup',
+  },
+  {
+    name: 'agent.diagnostics.quiet',
+    arg: '[true]',
+    default: false,
+    fn: castBoolean,
+    desc: 'If true the agent will print all diagnostic results to stdout as well',
+  },
+  {
+    name: 'agent.diagnostics.report_path',
+    arg: '<path>',
+    desc: 'path indicating where to report all diagnostics results',
+  },
   {
     name: 'agent.reporters.file',
     arg: '<path>',
@@ -306,6 +325,21 @@ const agent = [
     desc: "set location to look for the app's package.json",
     default: process.cwd(),
   },
+  {
+    name: 'agent.node.library_usage.reporting.interval',
+    arg: '<num>',
+    fn: parseNum,
+    default: 1,
+    desc: 'frequency of collecting code events for library usage in milliseconds, defaults to 1 ms',
+  },
+  {
+    name: 'agent.node.library_usage.reporting.enable',
+    arg: '[false]',
+    // setting this falsee for now, until feature is complete
+    default: true,
+    fn: castBoolean,
+    desc: 'add enhanced library usage features (i.e. scanning for composition of dependencies, reporting usage)',
+  },
   {
     name: 'agent.stack_trace_limit',
     arg: '<limit>',
@@ -382,12 +416,14 @@ const protect = [
     fn: castBoolean,
     desc: 'turns on probe analysis and report them to Contrast UI'
   },
-  ...Object.values(Rule).map((ruleId) => ({
-    name: `protect.rules.${ruleId}.mode`,
-    arg: '<mode>',
-    enum: ['monitor', 'block', 'block_at_perimeter', 'off'],
-    desc: `the mode in which to run the ${ruleId} rule`,
-  })),
+  ...Object.values(Rule)
+    .filter((ruleId) => ![Rule.BOT_BLOCKER, Rule.IP_DENYLIST, Rule.VIRTUAL_PATCH].includes(ruleId))
+    .map((ruleId) => ({
+      name: `protect.rules.${ruleId}.mode`,
+      arg: '<mode>',
+      enum: ['monitor', 'block', 'block_at_perimeter', 'off'],
+      desc: `the mode in which to run the ${ruleId} rule`,
+    })),
 ];
 const assess = [
@@ -397,6 +433,21 @@ const assess = [
     fn: castBoolean,
     desc: 'if false, disable assess for this agent'
   },
+  {
+    name: 'assess.stactraces',
+    arg: '<level>',
+    default: 'ALL',
+    fn: uppercase,
+    enum: ['ALL', 'SOME', 'NONE'],
+    desc: 'Select the level of collected stacktraces. ALL - for all asses events, SOME - for Source and Sink events, NONE - no stacktraces collected'
+  },
+  {
+    name: 'assess.max_propagation_events',
+    arg: '<limit>',
+    default: 250,
+    fn: parseNum,
+    desc: 'set limit for maximum number of propagation events created per request',
+  },
 ];
 const server = [

package/lib/util.js CHANGED Viewed

@@ -42,9 +42,11 @@ function set(obj, name, value) {
  * @param {*} value
  * @param {boolean} def set from default or not
  */
-function setConfig(conf, name, value, def) {
+function setConfig(conf, name, value, def, origin) {
   set(conf, name, value);
   conf._default[name] = def;
+  conf._flat[name] = value;
+  conf._sources[name] = origin;
 }
 class ConfigurationError extends Error {
@@ -57,7 +59,8 @@ class Config {
   constructor() {
     Object.assign(this, {
       _default: {},
-      api: {},
+      _flat: {},
+      _sources: {},
       agent: {
         reporters: {},
         logger: {},
@@ -69,6 +72,7 @@ class Config {
       },
       assess: {},
       server: {},
+      api: {},
     });
   }
@@ -244,12 +248,17 @@ function mergeOptions() {
       .reduce((obj, prop) => obj?.[prop], fileOptions);
     // For some values, we want to know if we assigned by falling back to default
-    let isFromDefault;
+    let isFromDefault, origin;
+    if (env != null || autoEnv != null) {
+      origin = 'ENV';
+    } else if (fileFlag != null) {
+      origin = 'YAML';
+    }
     // env > file > default
     let value = [env, autoEnv, fileFlag]
-      .map((v) => fn(v))
-      .find((flag) => flag !== undefined);
+      .map((v) => fn(v)).find((flag) => flag !== undefined);
     // if it's an enum, find it in the enum or set the value to default
     // ineffective if optDefault wasn't in the enum;
@@ -257,6 +266,7 @@ function mergeOptions() {
     if (optEnum && optEnum.indexOf(value) === -1) {
       value = fn(optDefault);
       isFromDefault = true;
+      origin = 'DEFAULT';
     }
     // set default last and separately, so that we can mark that the option was
@@ -264,9 +274,10 @@ function mergeOptions() {
     if (value === undefined) {
       value = fn(optDefault);
       isFromDefault = true;
+      origin = 'DEFAULT';
     }
-    setConfig(options, name, value, isFromDefault);
+    setConfig(options, name, value, isFromDefault, origin);
     return options;
   }, new Config());
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.4.0",
+  "version": "1.5.1",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.2.0",
+    "@contrast/common": "1.3.1",
     "yaml": "^2.0.1"
   }
-}
+}