@contrast/protect 1.69.0 → 1.71.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/lib/error-handlers/index.js +1 -1
  2. package/lib/error-handlers/install/{koa2.js → koa.js} +4 -4
  3. package/lib/index.d.ts +1 -1
  4. package/lib/input-analysis/index.js +2 -3
  5. package/lib/input-analysis/install/koa-bodyparsers.js +92 -0
  6. package/lib/input-analysis/install/{koa2.js → koa.js} +5 -5
  7. package/lib/input-tracing/install/fs.js +0 -8
  8. package/package.json +11 -11
  9. package/lib/input-analysis/install/koa-body5.js +0 -63
  10. package/lib/input-analysis/install/koa-bodyparser4.js +0 -64
package/lib/error-handlers/index.js CHANGED
@@ -28,7 +28,7 @@ module.exports = function(core) {
28
28
  require('./install/express')(core);
29
29
  require('./install/fastify')(core);
30
30
  require('./install/hapi')(core);
31
- require('./install/koa2')(core);
31
+ require('./install/koa')(core);
32
32
  require('./install/restify')(core);
33
33
 
34
34
  errorHandlers.install = function() {
package/lib/error-handlers/install/{koa2.js → koa.js} RENAMED
@@ -27,10 +27,10 @@ module.exports = function (core) {
27
27
  protect,
28
28
  } = core;
29
29
 
30
- const koa2ErrorHandler = protect.errorHandlers.koa2ErrorHandler = {};
30
+ const koaErrorHandler = protect.errorHandlers.koaErrorHandler = {};
31
31
 
32
- koa2ErrorHandler.install = function () {
33
- depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
32
+ koaErrorHandler.install = function () {
33
+ depHooks.resolve({ name: 'koa', version: '>=2.3.0 <4' }, (Koa) => {
34
34
  patcher.patch(Koa.prototype, 'handleRequest', {
35
35
  name: 'Koa.Application.handleRequest',
36
36
  patchType,
@@ -63,5 +63,5 @@ module.exports = function (core) {
63
63
  });
64
64
  };
65
65
 
66
- return koa2ErrorHandler;
66
+ return koaErrorHandler;
67
67
  };
package/lib/index.d.ts CHANGED
@@ -122,7 +122,7 @@ export interface Protect {
122
122
  handler: (err: Error, request: IncomingMessage, reply: ServerResponse) => void,
123
123
  install: () => void
124
124
  }
125
- koa2ErrorHandler: { install: () => void },
125
+ koaErrorHandler: { install: () => void },
126
126
  expressErrorHandler: { install: () => void },
127
127
  install: () => void,
128
128
  },
package/lib/input-analysis/index.js CHANGED
@@ -30,15 +30,14 @@ module.exports = function(core) {
30
30
  require('./install/body-parser')(core);
31
31
  require('./install/cookie-parser1')(core);
32
32
  require('./install/formidable1')(core);
33
- require('./install/koa-body5')(core);
34
- require('./install/koa-bodyparser4')(core);
33
+ require('./install/koa-bodyparsers')(core);
35
34
  require('./install/multer1')(core);
36
35
  require('./install/qs6')(core);
37
36
  require('./install/universal-cookie4')(core);
38
37
 
39
38
  // framework specific instrumentation
40
39
  require('./install/fastify')(core);
41
- require('./install/koa2')(core);
40
+ require('./install/koa')(core);
42
41
  require('./install/express')(core);
43
42
  require('./install/hapi')(core);
44
43
  require('./install/restify')(core);
package/lib/input-analysis/install/koa-bodyparsers.js ADDED
@@ -0,0 +1,92 @@
1
+ /*
2
+ * Copyright: 2025 Contrast Security, Inc
3
+ * Contact: support@contrastsecurity.com
4
+ * License: Commercial
5
+
6
+ * NOTICE: This Software and the patented inventions embodied within may only be
7
+ * used as part of Contrast Security’s commercial offerings. Even though it is
8
+ * made available through public repositories, use of this Software is subject to
9
+ * the applicable End User Licensing Agreement found at
10
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
+ * between Contrast Security and the End User. The Software may not be reverse
12
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
+ * way not consistent with the End User License Agreement.
14
+ */
15
+
16
+ 'use strict';
17
+
18
+ const { patchType } = require('../constants');
19
+
20
+ module.exports = (core) => {
21
+ const {
22
+ depHooks,
23
+ patcher,
24
+ protect,
25
+ protect: { inputAnalysis },
26
+ } = core;
27
+
28
+ function postFn(name) {
29
+ return function(data) {
30
+ data.result = patcher.patch(data.result, {
31
+ name,
32
+ patchType,
33
+ pre(data) {
34
+ const [ctx, origNext] = data.args;
35
+
36
+ async function contrastNext(origErr) {
37
+ const sourceContext = protect.getSourceContext();
38
+
39
+
40
+ if (sourceContext && ctx.request.body && Object.keys(ctx.request.body).length) {
41
+ sourceContext.parsedBody = ctx.request.body;
42
+ inputAnalysis.handleParsedBody(sourceContext, ctx.request.body);
43
+ }
44
+
45
+ await origNext(origErr);
46
+ }
47
+
48
+ data.args[1] = contrastNext;
49
+ }
50
+ });
51
+ };
52
+ }
53
+
54
+ function install() {
55
+ [['koa-body', '>=4 <6'], ['koa-bodyparser', '>=4 <5']].forEach(([name, version]) => {
56
+ depHooks.resolve({ name, version }, (koaBody) =>
57
+ patcher.patch(koaBody, {
58
+ name,
59
+ patchType,
60
+ post: postFn(name)
61
+ })
62
+ );
63
+ });
64
+
65
+ depHooks.resolve({ name: 'koa-body', version: '>=6 <7' }, (koaBody) =>
66
+ patcher.patch(koaBody, 'koaBody', {
67
+ name: 'koaBody',
68
+ patchType,
69
+ post: postFn('koa-body')
70
+ })
71
+ );
72
+
73
+ depHooks.resolve({ name: '@koa/bodyparser', version: '>=5 <7' }, (koaBody) => {
74
+ const patchedBodyParser = patcher.patch(koaBody.bodyParser, {
75
+ name: '@koa/bodyparser',
76
+ patchType,
77
+ post: postFn('@koa/bodyparser')
78
+ }
79
+ );
80
+ return {
81
+ default: patchedBodyParser,
82
+ bodyParser: patchedBodyParser
83
+ };
84
+ });
85
+ }
86
+
87
+ const koaBodyparserInstrumentation = inputAnalysis.koaBodyparserInstrumentation = {
88
+ install
89
+ };
90
+
91
+ return koaBodyparserInstrumentation;
92
+ };
package/lib/input-analysis/install/{koa2.js → koa.js} RENAMED
@@ -34,7 +34,7 @@ module.exports = (core) => {
34
34
  * registers a depHook for koa module instrumentation
35
35
  */
36
36
  function install() {
37
- depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
37
+ depHooks.resolve({ name: 'koa', version: '>=2.3.0 <4' }, (Koa) => {
38
38
  function contrastStartMiddleware(ctx, next) {
39
39
  if (ctx.query && Object.keys(ctx.query).length) {
40
40
  const sourceContext = protect.getSourceContext();
@@ -65,11 +65,11 @@ module.exports = (core) => {
65
65
  });
66
66
 
67
67
  // Patch `koa-router` and `@koa/router` to handle parsed params
68
- [['koa-router', '<14'], ['@koa/router', '<14']].forEach(([router, version]) => {
68
+ [['koa-router', '>=12 <15'], ['@koa/router', '>=12 <15']].forEach(([router, version]) => {
69
69
  depHooks.resolve(
70
70
  { name: router, version, file: 'lib/layer.js' },
71
71
  (layer) => {
72
- layer.prototype = patcher.patch(layer.prototype, 'params', {
72
+ patcher.patch(layer.prototype, 'params', {
73
73
  name: `[${router}].layer.prototype`,
74
74
  patchType,
75
75
  post({ result }) {
@@ -119,9 +119,9 @@ module.exports = (core) => {
119
119
  });
120
120
  }
121
121
 
122
- const koa2Instrumentation = inputAnalysis.koa2Instrumentation = {
122
+ const koaInstrumentation = inputAnalysis.koaInstrumentation = {
123
123
  install
124
124
  };
125
125
 
126
- return koa2Instrumentation;
126
+ return koaInstrumentation;
127
127
  };
package/lib/input-tracing/install/fs.js CHANGED
@@ -86,14 +86,6 @@ module.exports = function init(core) {
86
86
  });
87
87
  }
88
88
  }
89
-
90
- if (method.promises && fs.promises && fs.promises[method.name]) {
91
- patcher.patch(fs.promises, method.name, {
92
- name: `fs.promises.${method.name}`,
93
- patchType,
94
- pre: preHook(method.indices)
95
- });
96
- }
97
89
  }
98
90
  });
99
91
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@contrast/protect",
3
- "version": "1.69.0",
3
+ "version": "1.71.0",
4
4
  "description": "Contrast service providing framework-agnostic Protect support",
5
5
  "license": "SEE LICENSE IN LICENSE",
6
6
  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,16 +21,16 @@
21
21
  },
22
22
  "dependencies": {
23
23
  "@contrast/agent-lib": "^9.1.0",
24
- "@contrast/common": "1.37.0",
25
- "@contrast/config": "1.53.0",
26
- "@contrast/core": "1.58.0",
27
- "@contrast/dep-hooks": "1.27.0",
28
- "@contrast/esm-hooks": "2.33.0",
29
- "@contrast/instrumentation": "1.37.0",
30
- "@contrast/logger": "1.31.0",
31
- "@contrast/patcher": "1.30.0",
32
- "@contrast/rewriter": "1.35.0",
33
- "@contrast/scopes": "1.28.0",
24
+ "@contrast/common": "1.38.0",
25
+ "@contrast/config": "1.54.1",
26
+ "@contrast/core": "1.59.1",
27
+ "@contrast/dep-hooks": "1.28.1",
28
+ "@contrast/esm-hooks": "2.34.1",
29
+ "@contrast/instrumentation": "1.38.1",
30
+ "@contrast/logger": "1.32.1",
31
+ "@contrast/patcher": "1.31.1",
32
+ "@contrast/rewriter": "1.36.1",
33
+ "@contrast/scopes": "1.29.1",
34
34
  "async-hook-domain": "^4.0.1",
35
35
  "ipaddr.js": "^2.0.1",
36
36
  "on-finished": "^2.4.1",
package/lib/input-analysis/install/koa-body5.js DELETED
@@ -1,63 +0,0 @@
1
- /*
2
- * Copyright: 2025 Contrast Security, Inc
3
- * Contact: support@contrastsecurity.com
4
- * License: Commercial
5
-
6
- * NOTICE: This Software and the patented inventions embodied within may only be
7
- * used as part of Contrast Security’s commercial offerings. Even though it is
8
- * made available through public repositories, use of this Software is subject to
9
- * the applicable End User Licensing Agreement found at
10
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
- * between Contrast Security and the End User. The Software may not be reverse
12
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
- * way not consistent with the End User License Agreement.
14
- */
15
-
16
- 'use strict';
17
-
18
- const { patchType } = require('../constants');
19
-
20
- module.exports = (core) => {
21
- const {
22
- depHooks,
23
- patcher,
24
- protect,
25
- protect: { inputAnalysis },
26
- } = core;
27
-
28
- // Patch `koa-body` package
29
- function install() {
30
- depHooks.resolve({ name: 'koa-body', version: '<7' }, (koaBody) => patcher.patch(koaBody, {
31
- name: 'koa-body',
32
- patchType,
33
- post(data) {
34
- data.result = patcher.patch(data.result, {
35
- name: 'koa-body',
36
- patchType,
37
- pre(data) {
38
- const [ctx, origNext] = data.args;
39
-
40
- async function contrastNext(origErr) {
41
- const sourceContext = protect.getSourceContext();
42
-
43
- if (sourceContext && ctx.request.body && Object.keys(ctx.request.body).length) {
44
- sourceContext.parsedBody = ctx.request.body;
45
- inputAnalysis.handleParsedBody(sourceContext, ctx.request.body);
46
- }
47
-
48
- await origNext(origErr);
49
- }
50
-
51
- data.args[1] = contrastNext;
52
- }
53
- });
54
- }
55
- }));
56
- }
57
-
58
- const koaBody5Instrumentation = inputAnalysis.koaBody5Instrumentation = {
59
- install
60
- };
61
-
62
- return koaBody5Instrumentation;
63
- };
package/lib/input-analysis/install/koa-bodyparser4.js DELETED
@@ -1,64 +0,0 @@
1
- /*
2
- * Copyright: 2025 Contrast Security, Inc
3
- * Contact: support@contrastsecurity.com
4
- * License: Commercial
5
-
6
- * NOTICE: This Software and the patented inventions embodied within may only be
7
- * used as part of Contrast Security’s commercial offerings. Even though it is
8
- * made available through public repositories, use of this Software is subject to
9
- * the applicable End User Licensing Agreement found at
10
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
11
- * between Contrast Security and the End User. The Software may not be reverse
12
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
13
- * way not consistent with the End User License Agreement.
14
- */
15
-
16
- 'use strict';
17
-
18
- const { patchType } = require('../constants');
19
-
20
- module.exports = (core) => {
21
- const {
22
- depHooks,
23
- patcher,
24
- protect,
25
- protect: { inputAnalysis },
26
- } = core;
27
-
28
- // Patch `koa-bodyparser` package
29
- function install() {
30
- depHooks.resolve({ name: 'koa-bodyparser', version: '<5' }, (koaBodyparser) => patcher.patch(koaBodyparser, {
31
- name: 'koa-bodyparser',
32
- patchType,
33
- post(data) {
34
- data.result = patcher.patch(data.result, {
35
- name: 'koa-bodyparser',
36
- patchType,
37
- pre(data) {
38
- const [ctx, origNext] = data.args;
39
-
40
- async function contrastNext(origErr) {
41
- const sourceContext = protect.getSourceContext();
42
-
43
-
44
- if (sourceContext && ctx.request.body && Object.keys(ctx.request.body).length) {
45
- sourceContext.parsedBody = ctx.request.body;
46
- inputAnalysis.handleParsedBody(sourceContext, ctx.request.body);
47
- }
48
-
49
- await origNext(origErr);
50
- }
51
-
52
- data.args[1] = contrastNext;
53
- }
54
- });
55
- }
56
- }));
57
- }
58
-
59
- const koaBodyparser4Instrumentation = inputAnalysis.koaBodyparser4Instrumentation = {
60
- install
61
- };
62
-
63
- return koaBodyparser4Instrumentation;
64
- };