@contrast/core 1.10.1 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/lib/effective-config/index.js +13 -20
  2. package/lib/index.js +1 -0
  3. package/lib/system-info/index.js +118 -0
  4. package/package.json +11 -11
  5. package/lib/effective-config/feature-readers.js +0 -30
  6. package/lib/effective-config/settings-readers.js +0 -57
package/lib/effective-config/index.js CHANGED
@@ -15,20 +15,27 @@
15
15
 
16
16
  'use strict';
17
17
 
18
- const { Event } = require('@contrast/common');
18
+ const { Event, featureReaders, settingsReaders, mergeRemoteData } = require('@contrast/common');
19
19
  const { configOptions } = require('@contrast/config/lib/options');
20
20
 
21
- const settingsReaders = require('./settings-readers');
22
- const featureReaders = require('./feature-readers');
23
-
24
21
  module.exports = function(core) {
25
22
  const { config, messages } = core;
26
23
  const effectiveConfig = createEffectiveConfig({ config, remoteData: {} });
24
+ function setterFn(target, name, value) {
25
+ let remoteValue = value;
26
+ if (typeof value === 'string') remoteValue = remoteValue.toLowerCase();
27
+ target.set(name, {
28
+ CanonicalName: name,
29
+ Name: name,
30
+ Value: remoteValue,
31
+ Source: 'ContrastUI',
32
+ });
33
+ }
27
34
 
28
35
  if (core.config?.protect?.enable === true) {
29
36
  messages.on(Event.SERVER_SETTINGS_UPDATE, (msg) => {
30
- msg.features && mergeRemoteData(msg, featureReaders);
31
- msg.settings && mergeRemoteData(msg, settingsReaders);
37
+ msg.features && mergeRemoteData(config, msg, featureReaders, setterFn, effectiveConfig);
38
+ msg.settings && mergeRemoteData(config, msg, settingsReaders, setterFn, effectiveConfig);
32
39
  });
33
40
  }
34
41
 
@@ -72,18 +79,4 @@ module.exports = function(core) {
72
79
 
73
80
  return content;
74
81
  }
75
-
76
- function mergeRemoteData(remoteData, readers) {
77
- for (const [name, readerFn] of Object.entries(readers)) {
78
- const remoteValue = readerFn(remoteData);
79
- if (config._sources[name] === 'DEFAULT' && remoteValue != null) {
80
- effectiveConfig.set(name, {
81
- CanonicalName: name,
82
- Name: name,
83
- Value: remoteValue,
84
- Source: 'ContrastUI',
85
- });
86
- }
87
- }
88
- }
89
82
  };
package/lib/index.js CHANGED
@@ -23,6 +23,7 @@ module.exports = function init(core = {}) {
23
23
  require('@contrast/config')(core);
24
24
  require('./logger-factory')(core);
25
25
  require('./effective-config')(core);
26
+ require('./system-info')(core);
26
27
  require('./sensitive-data-masking')(core);
27
28
  require('./app-info')(core);
28
29
  require('./is-agent-path')(core);
package/lib/system-info/index.js ADDED
@@ -0,0 +1,118 @@
1
+ /*
2
+ * Copyright: 2022 Contrast Security, Inc
3
+ * Contact: support@contrastsecurity.com
4
+ * License: Commercial
5
+
6
+ * NOTICE: This Software and the patented inventions embodied within may only be
7
+ * used as part of Contrast Security’s commercial offerings. Even though it is
8
+ * made available through public repositories, use of this Software is subject to
9
+ * the applicable End User Licensing Agreement found at
10
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ * between Contrast Security and the End User. The Software may not be reverse
12
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ * way not consistent with the End User License Agreement.
14
+ */
15
+
16
+ 'use strict';
17
+
18
+ const path = require('path');
19
+ const fs = require('fs');
20
+ const os = require('os');
21
+
22
+ function isUsingPM2() {
23
+ const used = !!process.env.pmx;
24
+ let version = null;
25
+
26
+ for (const pathVar of ['npm_package_json', 'PWD']) {
27
+ const packagePath = process.env[pathVar];
28
+ if (packagePath) {
29
+ try {
30
+ version = require(path.join(packagePath, 'package.json')).dependencies['pm2'];
31
+ } catch (err) {
32
+ //
33
+ }
34
+ }
35
+ if (version) break;
36
+ }
37
+
38
+ return { used, version };
39
+ }
40
+
41
+ function isDocker() {
42
+ const MOUNTINFO_REGEX = /\/docker\/containers\/(.*?)\//;
43
+ const CGROUP_REGEX = /:\/docker\/([^/]+)$/;
44
+
45
+ try {
46
+ const results = fs.readFileSync('/proc/self/mountinfo', 'utf8').match(MOUNTINFO_REGEX);
47
+ if (results) return { isDocker: true, containerID: results[1] };
48
+ } catch (err) {
49
+ // else check /proc/self/cgroup
50
+ }
51
+
52
+ try {
53
+ const results = fs.readFileSync('/proc/self/cgroup', 'utf8').match(CGROUP_REGEX);
54
+ if (results) return { isDocker: true, containerID: results[1] };
55
+ } catch (err) {
56
+ // else check /.dockerenv
57
+ }
58
+
59
+ try {
60
+ const result = fs.statSync('/.dockerenv');
61
+ if (result) return { isDocker: true, containerID: undefined };
62
+ } catch (err) {
63
+ // if there's not such file we can conclude it's not docker env
64
+ }
65
+
66
+ return { isDocker: false, containerID: undefined };
67
+ }
68
+
69
+ module.exports = function(core) {
70
+ // eslint-disable-next-line node/no-extraneous-require
71
+ const pkg = require('@contrast/protect-agent/package.json');
72
+ const { config } = core;
73
+
74
+ core.getSystemInfo = function() {
75
+ const appPath = process.cwd();
76
+
77
+ const info = {
78
+ ReportDate: new Date(),
79
+ MachineName: os.hostname(),
80
+ Contrast: {
81
+ Url: config.api.url,
82
+ Proxy: config.api.proxy,
83
+ Server: {
84
+ Name: config.server.name,
85
+ },
86
+ Agent: {
87
+ Name: pkg.name,
88
+ Version: pkg.version,
89
+ },
90
+ },
91
+ Node: {
92
+ Version: process.version
93
+ },
94
+ OperatingSystem: {
95
+ Architecture: os.arch(),
96
+ Name: os.type(),
97
+ Version: os.release(),
98
+ KernelVersion: os.version(),
99
+ CPU: {
100
+ type: os.cpus()[0].model,
101
+ count: os.cpus().length,
102
+ }
103
+ },
104
+ Host: {
105
+ Docker: isDocker(),
106
+ PM2: isUsingPM2(),
107
+ Memory: {
108
+ Total: (os.totalmem() / 1e6).toFixed(0).concat(' MB'),
109
+ Free: (os.freemem() / 1e6).toFixed(0).concat(' MB'),
110
+ Used: ((os.totalmem() - os.freemem()) / 1e6).toFixed(0).concat(' MB'),
111
+ }
112
+ },
113
+ Application: appPath ? require(path.join(appPath, 'package.json')) : null,
114
+ };
115
+
116
+ return info;
117
+ };
118
+ };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@contrast/core",
3
- "version": "1.10.1",
3
+ "version": "1.11.0",
4
4
  "description": "Preconfigured Contrast agent core services and models",
5
5
  "license": "SEE LICENSE IN LICENSE",
6
6
  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,17 +17,17 @@
17
17
  "test": "../scripts/test.sh"
18
18
  },
19
19
  "dependencies": {
20
- "@contrast/agentify": "1.3.1",
21
- "@contrast/common": "1.3.1",
22
- "@contrast/config": "1.5.1",
23
- "@contrast/deadzones": "1.0.0",
24
- "@contrast/dep-hooks": "1.0.5",
20
+ "@contrast/agentify": "1.4.0",
21
+ "@contrast/common": "1.4.0",
22
+ "@contrast/config": "1.6.0",
23
+ "@contrast/deadzones": "1.1.0",
24
+ "@contrast/dep-hooks": "1.1.0",
25
25
  "@contrast/fn-inspect": "^3.2.0",
26
- "@contrast/instrumentation": "1.0.1",
27
- "@contrast/logger": "1.1.2",
28
- "@contrast/patcher": "1.1.0",
29
- "@contrast/reporter": "1.8.2",
26
+ "@contrast/instrumentation": "1.1.0",
27
+ "@contrast/logger": "1.2.0",
28
+ "@contrast/patcher": "1.2.0",
29
+ "@contrast/reporter": "1.9.0",
30
30
  "@contrast/rewriter": "1.3.1",
31
- "@contrast/scopes": "1.2.0"
31
+ "@contrast/scopes": "1.3.0"
32
32
  }
33
33
  }
package/lib/effective-config/feature-readers.js DELETED
@@ -1,30 +0,0 @@
1
- /*
2
- * Copyright: 2022 Contrast Security, Inc
3
- * Contact: support@contrastsecurity.com
4
- * License: Commercial
5
-
6
- * NOTICE: This Software and the patented inventions embodied within may only be
7
- * used as part of Contrast Security’s commercial offerings. Even though it is
8
- * made available through public repositories, use of this Software is subject to
9
- * the applicable End User Licensing Agreement found at
10
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
- * between Contrast Security and the End User. The Software may not be reverse
12
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
- * way not consistent with the End User License Agreement.
14
- */
15
-
16
- 'use strict';
17
-
18
- const featureReaders = {
19
- 'agent.logger.level': (remoteData) => remoteData.features?.logLevel,
20
- 'agent.logger.path': (remoteData) => remoteData.features?.logFile,
21
- 'agent.security_logger.syslog.enable': (remoteData) => remoteData.features?.defend?.syslog?.syslogEnabled,
22
- 'agent.security_logger.syslog.ip': (remoteData) => remoteData.features?.defend?.syslog?.syslogIpAddress,
23
- 'agent.security_logger.syslog.port': (remoteData) => remoteData.features?.defend?.syslog?.syslogPortNumber,
24
- 'agent.security_logger.syslog.facility': (remoteData) => remoteData.features?.defend?.syslog?.syslogFacilityCode,
25
- 'agent.security_logger.syslog.severity_exploited': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityExploit,
26
- 'agent.security_logger.syslog.severity_blocked': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityBlocke,
27
- 'agent.security_logger.syslog.severity_probed': (remoteData) => remoteData.features?.defend?.syslog?.syslogSeverityProbed,
28
- };
29
-
30
- module.exports = featureReaders;
package/lib/effective-config/settings-readers.js DELETED
@@ -1,57 +0,0 @@
1
- /*
2
- * Copyright: 2022 Contrast Security, Inc
3
- * Contact: support@contrastsecurity.com
4
- * License: Commercial
5
-
6
- * NOTICE: This Software and the patented inventions embodied within may only be
7
- * used as part of Contrast Security’s commercial offerings. Even though it is
8
- * made available through public repositories, use of this Software is subject to
9
- * the applicable End User Licensing Agreement found at
10
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
- * between Contrast Security and the End User. The Software may not be reverse
12
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
- * way not consistent with the End User License Agreement.
14
- */
15
-
16
- 'use strict';
17
-
18
- const {
19
- ProtectRuleMode: {
20
- OFF,
21
- BLOCK,
22
- MONITOR,
23
- BLOCK_AT_PERIMETER
24
- }
25
- } = require('@contrast/common');
26
-
27
- const settingsReaders = [
28
- 'protect.rules.cmd-injection.mode',
29
- 'protect.rules.cmd-injection-command-backdoors.mode',
30
- 'protect.rules.cmd-injection-semantic-chained-commands.mode',
31
- 'protect.rules.cmd-injection-semantic-dangerous-paths.mode',
32
- 'protect.rules.method-tampering.mode',
33
- 'protect.rules.nosql-injection.mode',
34
- 'protect.rules.nosql-injection-mongo.mode',
35
- 'protect.rules.path-traversal.mode',
36
- 'protect.rules.path-traversal-semantic-file-security-bypass.mode',
37
- 'protect.rules.reflected-xss.mode',
38
- 'protect.rules.sql-injection.mode',
39
- 'protect.rules.ssjs-injection.mode',
40
- 'protect.rules.unsafe-file-upload.mode',
41
- 'protect.rules.untrusted-deserialization.mode',
42
- 'protect.rules.xxe.mode',
43
- ].reduce((acc, name) => {
44
- const ruleId = name.split('.')[2];
45
- return Object.assign(acc, {
46
- [name]: (remoteData) => {
47
- const remoteSetting = remoteData.settings?.defend?.protectionRules?.find(r => r.id == ruleId);
48
- switch (remoteSetting?.mode) {
49
- case 'OFF': return OFF;
50
- case 'MONITORING': return MONITOR;
51
- case 'BLOCKING': return remoteSetting.blockAtEntry ? BLOCK_AT_PERIMETER : BLOCK;
52
- }
53
- }
54
- });
55
- }, {});
56
-
57
- module.exports = settingsReaders;