npm - @contrast/config - Versions diffs - 1.5.0 → 1.5.2 - Mend

@contrast/config 1.5.0 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/index.d.ts CHANGED Viewed

@@ -13,7 +13,7 @@
  * way not consistent with the End User License Agreement.
  */
-import { RulesConfig } from '@contrast/common';
+import { ProtectRuleMode, Rule } from '@contrast/common';
 import { Level } from 'pino';
 export type SyslogLevel =
@@ -28,6 +28,9 @@ export type SyslogLevel =
 export interface Config {
   configFile: string;
+  _default: Record<string, any>;
+  _flat: Record<string, any>;
+  _sources: Record<string, 'DEFAULT' | 'ENV' | 'YAML' | 'ContrastUI'>;
   api: {
     enable: boolean;
     api_key: string;
@@ -80,33 +83,40 @@ export interface Config {
       /** Default: `'security'` */
       path: string;
+      /** Default: `false` */
+      stdout: boolean;
       syslog: {
-        enable?: boolean;
+        /** Default: `false` */
+        enable: boolean;
-        ip?: string;
+        /** Default: `'127.0.0.1'` */
+        ip: string;
-        port?: number;
+        /** Default: `514` */
+        port: number;
         /**
          * The facility code of the messages the agent sends to Syslog.
          * Values: 0-23, inclusive.
+         * Default: `19`
          */
-        facility?: number;
+        facility: number;
-        /** Log level of 'Blocked' attacks. */
-        severity_blocked?: SyslogLevel;
+        /** Log level of 'Blocked' attacks. Default: `'notice'` */
+        severity_blocked: SyslogLevel;
-        /** Log level of 'Exploited' attacks. */
-        severity_exploited?: SyslogLevel;
+        /** Log level of 'Exploited' attacks. Default: `'alert'` */
+        severity_exploited: SyslogLevel;
-        /** Log level of 'Probed' attacks. */
-        severity_probed?: SyslogLevel;
+        /** Log level of 'Probed' attacks. Default: `'warning'` */
+        severity_probed: SyslogLevel;
-        /** Log level of 'Blocked at Perimeter' attacks. */
-        severity_blocked_perimeter?: SyslogLevel;
+        /** Log level of 'Blocked at Perimeter' attacks. Default: `'notice'` */
+        severity_blocked_perimeter: SyslogLevel;
-        /** Log level of suspcious but not blocked attacks. */
-        severity_suspicious?: SyslogLevel;
+        /** Log level of suspcious but not blocked attacks. Default: `'warning'` */
+        severity_suspicious: SyslogLevel;
       };
     };
@@ -164,7 +174,7 @@ export interface Config {
      */
     disabled_rules: string[];
-    rules: RulesConfig;
+    rules: Record<Rule, { mode: ProtectRuleMode }>;
   };
   /** Reported server information overrides */

package/lib/options.js CHANGED Viewed

@@ -177,6 +177,25 @@ const api = [
 ];
 const agent = [
+  {
+    name: 'agent.diagnostics.enable',
+    arg: '[false]',
+    default: true,
+    fn: castBoolean,
+    desc: 'If true the agent will try to create both diagnostic files at startup',
+  },
+  {
+    name: 'agent.diagnostics.quiet',
+    arg: '[true]',
+    default: false,
+    fn: castBoolean,
+    desc: 'If true the agent will print all diagnostic results to stdout as well',
+  },
+  {
+    name: 'agent.diagnostics.report_path',
+    arg: '<path>',
+    desc: 'path indicating where to report all diagnostics results',
+  },
   {
     name: 'agent.reporters.file',
     arg: '<path>',
@@ -212,6 +231,7 @@ const agent = [
   },
   {
     name: 'agent.security_logger.level',
+    default: 'debug',
     arg: '<level>',
     fn: lowercase,
     // NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but
@@ -226,33 +246,46 @@ const agent = [
     arg: '<path>',
     desc: 'where to log security events',
   },
+  {
+    name: 'agent.security_logger.stdout',
+    arg: '[false]',
+    default: false,
+    fn: castBoolean,
+    desc: 'if true will output the security_logger loggs to stdout too',
+  },
   {
     name: 'agent.security_logger.syslog.enable',
+    default: false,
     fn: castBoolean,
     desc: 'Set to true to enable Syslog logging',
   },
   {
     name: 'agent.security_logger.syslog.ip',
+    default: '127.0.0.1',
     desc: 'Set the IP address of the Syslog server to which the agent should send messages',
     arg: '<ip>',
   },
   {
     name: 'agent.security_logger.syslog.port',
+    default: '514',
     desc: 'Set the port of the Syslog server to which the agent should send messages',
     arg: '<port>',
     fn: parseNum,
   },
   {
     name: 'agent.security_logger.syslog.facility',
+    default: '19',
     desc: 'Set the facility code of the messages the agent sends to Syslog',
     enum: [
       0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
       21, 22, 23,
     ],
     arg: '<facility>',
+    fn: parseNum,
   },
   {
     name: 'agent.security_logger.syslog.severity_blocked',
+    default: 'notice',
     desc: 'Set the log level of Blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -260,6 +293,7 @@ const agent = [
   },
   {
     name: 'agent.security_logger.syslog.severity_exploited',
+    default: 'alert',
     desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -267,20 +301,15 @@ const agent = [
   },
   {
     name: 'agent.security_logger.syslog.severity_probed',
+    default: 'warning',
     desc: 'Set the log level of Probed attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
     fn: lowercase,
   },
-  {
-    name: 'agent.security_logger.syslog.severity_blocked_perimeter',
-    desc: 'Set the log level of Blocked at Perimeter attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
-    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
-    arg: '<level>',
-    fn: lowercase,
-  },
   {
     name: 'agent.security_logger.syslog.severity_suspicious',
+    default: 'warning',
     desc: 'Set the log level of suspicious but not blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -306,6 +335,21 @@ const agent = [
     desc: "set location to look for the app's package.json",
     default: process.cwd(),
   },
+  {
+    name: 'agent.node.library_usage.reporting.interval',
+    arg: '<num>',
+    fn: parseNum,
+    default: 1,
+    desc: 'frequency of collecting code events for library usage in milliseconds, defaults to 1 ms',
+  },
+  {
+    name: 'agent.node.library_usage.reporting.enable',
+    arg: '[false]',
+    // setting this falsee for now, until feature is complete
+    default: true,
+    fn: castBoolean,
+    desc: 'add enhanced library usage features (i.e. scanning for composition of dependencies, reporting usage)',
+  },
   {
     name: 'agent.stack_trace_limit',
     arg: '<limit>',
@@ -399,6 +443,34 @@ const assess = [
     fn: castBoolean,
     desc: 'if false, disable assess for this agent'
   },
+  {
+    name: 'assess.trust_custom_validators',
+    arg: '<trust-custom-validators>',
+    default: false,
+    desc: 'trust incoming strings when they pass custom validators (Mongoose, Joi)',
+  },
+  {
+    name: 'assess.stacktraces',
+    arg: '<level>',
+    default: 'ALL',
+    fn: uppercase,
+    enum: ['ALL', 'SOME', 'NONE'],
+    desc: 'Select the level of collected stacktraces. ALL - for all asses events, SOME - for Source and Sink events, NONE - no stacktraces collected'
+  },
+  {
+    name: 'assess.max_propagation_events',
+    arg: '<limit>',
+    default: 250,
+    fn: parseNum,
+    desc: 'set limit for maximum number of propagation events created per request',
+  },
+  {
+    name: 'assess.max_context_source_events',
+    arg: '<limit>',
+    default: 150,
+    fn: parseNum,
+    desc: 'set limit for maximum number of source events (tracked strings) created per request',
+  },
 ];
 const server = [

package/lib/util.js CHANGED Viewed

@@ -21,19 +21,10 @@ const fs = require('fs');
 const os = require('os');
 const yaml = require('yaml');
+const { set } = require('@contrast/common');
 const { configOptions } = require('./options');
 const util = module.exports;
-function set(obj, name, value) {
-  const props = name.split('.');
-  const lastProp = props.pop();
-  for (const p of props) {
-    if (!obj[p]) obj[p] = {};
-    obj = obj[p];
-  }
-  obj[lastProp] = value;
-}
 /**
  * Sets initial config values to the config.
  *

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.5.0",
+  "version": "1.5.2",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.3.0",
+    "@contrast/common": "1.3.2",
     "yaml": "^2.0.1"
   }
-}
+}