npm - @contrast/config - Versions diffs - 1.5.1 → 1.5.2 - Mend

@contrast/config 1.5.1 → 1.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/index.d.ts CHANGED Viewed

@@ -13,7 +13,7 @@
  * way not consistent with the End User License Agreement.
  */
-import { RulesConfig } from '@contrast/common';
+import { ProtectRuleMode, Rule } from '@contrast/common';
 import { Level } from 'pino';
 export type SyslogLevel =
@@ -28,6 +28,9 @@ export type SyslogLevel =
 export interface Config {
   configFile: string;
+  _default: Record<string, any>;
+  _flat: Record<string, any>;
+  _sources: Record<string, 'DEFAULT' | 'ENV' | 'YAML' | 'ContrastUI'>;
   api: {
     enable: boolean;
     api_key: string;
@@ -80,33 +83,40 @@ export interface Config {
       /** Default: `'security'` */
       path: string;
+      /** Default: `false` */
+      stdout: boolean;
       syslog: {
-        enable?: boolean;
+        /** Default: `false` */
+        enable: boolean;
-        ip?: string;
+        /** Default: `'127.0.0.1'` */
+        ip: string;
-        port?: number;
+        /** Default: `514` */
+        port: number;
         /**
          * The facility code of the messages the agent sends to Syslog.
          * Values: 0-23, inclusive.
+         * Default: `19`
          */
-        facility?: number;
+        facility: number;
-        /** Log level of 'Blocked' attacks. */
-        severity_blocked?: SyslogLevel;
+        /** Log level of 'Blocked' attacks. Default: `'notice'` */
+        severity_blocked: SyslogLevel;
-        /** Log level of 'Exploited' attacks. */
-        severity_exploited?: SyslogLevel;
+        /** Log level of 'Exploited' attacks. Default: `'alert'` */
+        severity_exploited: SyslogLevel;
-        /** Log level of 'Probed' attacks. */
-        severity_probed?: SyslogLevel;
+        /** Log level of 'Probed' attacks. Default: `'warning'` */
+        severity_probed: SyslogLevel;
-        /** Log level of 'Blocked at Perimeter' attacks. */
-        severity_blocked_perimeter?: SyslogLevel;
+        /** Log level of 'Blocked at Perimeter' attacks. Default: `'notice'` */
+        severity_blocked_perimeter: SyslogLevel;
-        /** Log level of suspcious but not blocked attacks. */
-        severity_suspicious?: SyslogLevel;
+        /** Log level of suspcious but not blocked attacks. Default: `'warning'` */
+        severity_suspicious: SyslogLevel;
       };
     };
@@ -164,7 +174,7 @@ export interface Config {
      */
     disabled_rules: string[];
-    rules: RulesConfig;
+    rules: Record<Rule, { mode: ProtectRuleMode }>;
   };
   /** Reported server information overrides */

package/lib/options.js CHANGED Viewed

@@ -231,6 +231,7 @@ const agent = [
   },
   {
     name: 'agent.security_logger.level',
+    default: 'debug',
     arg: '<level>',
     fn: lowercase,
     // NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but
@@ -245,33 +246,46 @@ const agent = [
     arg: '<path>',
     desc: 'where to log security events',
   },
+  {
+    name: 'agent.security_logger.stdout',
+    arg: '[false]',
+    default: false,
+    fn: castBoolean,
+    desc: 'if true will output the security_logger loggs to stdout too',
+  },
   {
     name: 'agent.security_logger.syslog.enable',
+    default: false,
     fn: castBoolean,
     desc: 'Set to true to enable Syslog logging',
   },
   {
     name: 'agent.security_logger.syslog.ip',
+    default: '127.0.0.1',
     desc: 'Set the IP address of the Syslog server to which the agent should send messages',
     arg: '<ip>',
   },
   {
     name: 'agent.security_logger.syslog.port',
+    default: '514',
     desc: 'Set the port of the Syslog server to which the agent should send messages',
     arg: '<port>',
     fn: parseNum,
   },
   {
     name: 'agent.security_logger.syslog.facility',
+    default: '19',
     desc: 'Set the facility code of the messages the agent sends to Syslog',
     enum: [
       0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
       21, 22, 23,
     ],
     arg: '<facility>',
+    fn: parseNum,
   },
   {
     name: 'agent.security_logger.syslog.severity_blocked',
+    default: 'notice',
     desc: 'Set the log level of Blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -279,6 +293,7 @@ const agent = [
   },
   {
     name: 'agent.security_logger.syslog.severity_exploited',
+    default: 'alert',
     desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -286,20 +301,15 @@ const agent = [
   },
   {
     name: 'agent.security_logger.syslog.severity_probed',
+    default: 'warning',
     desc: 'Set the log level of Probed attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
     fn: lowercase,
   },
-  {
-    name: 'agent.security_logger.syslog.severity_blocked_perimeter',
-    desc: 'Set the log level of Blocked at Perimeter attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
-    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
-    arg: '<level>',
-    fn: lowercase,
-  },
   {
     name: 'agent.security_logger.syslog.severity_suspicious',
+    default: 'warning',
     desc: 'Set the log level of suspicious but not blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
     enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
     arg: '<level>',
@@ -434,7 +444,13 @@ const assess = [
     desc: 'if false, disable assess for this agent'
   },
   {
-    name: 'assess.stactraces',
+    name: 'assess.trust_custom_validators',
+    arg: '<trust-custom-validators>',
+    default: false,
+    desc: 'trust incoming strings when they pass custom validators (Mongoose, Joi)',
+  },
+  {
+    name: 'assess.stacktraces',
     arg: '<level>',
     default: 'ALL',
     fn: uppercase,
@@ -448,6 +464,13 @@ const assess = [
     fn: parseNum,
     desc: 'set limit for maximum number of propagation events created per request',
   },
+  {
+    name: 'assess.max_context_source_events',
+    arg: '<limit>',
+    default: 150,
+    fn: parseNum,
+    desc: 'set limit for maximum number of source events (tracked strings) created per request',
+  },
 ];
 const server = [

package/lib/util.js CHANGED Viewed

@@ -21,19 +21,10 @@ const fs = require('fs');
 const os = require('os');
 const yaml = require('yaml');
+const { set } = require('@contrast/common');
 const { configOptions } = require('./options');
 const util = module.exports;
-function set(obj, name, value) {
-  const props = name.split('.');
-  const lastProp = props.pop();
-  for (const p of props) {
-    if (!obj[p]) obj[p] = {};
-    obj = obj[p];
-  }
-  obj[lastProp] = value;
-}
 /**
  * Sets initial config values to the config.
  *

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/config",
-  "version": "1.5.1",
+  "version": "1.5.2",
   "description": "An API for discovering Contrast agent configuration data",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.3.1",
+    "@contrast/common": "1.3.2",
     "yaml": "^2.0.1"
   }
 }