perimeterx-js-core 0.19.0 → 0.20.1

package/lib/cjs/config/ConfigurationBase.js

@@ -427,6 +427,20 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "graphqlKeywords", {
+        get: function () {
+            return this.activeConfigParams.px_graphql_keywords;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(ConfigurationBase.prototype, "extractGraphQLKeywords", {
+        get: function () {
+            return this.activeConfigParams.px_extract_graphql_keywords;
+        },
+        enumerable: false,
+        configurable: true
+    });
     Object.defineProperty(ConfigurationBase.prototype, "sensitiveGraphqlOperationNames", {
         get: function () {
             return this.activeConfigParams.px_sensitive_graphql_operation_names;

package/lib/cjs/config/defaults/DefaultCommonConfigurationParams.js

@@ -19,7 +19,7 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_advanced_blocking_response_enabled: true,
     px_max_activity_batch_size: 0,
     px_batch_activities_timeout_ms: 1000,
-    px_bypass_monitor_header: '',
+    px_bypass_monitor_header: 'x-px-block',
     px_enforced_routes: [],
     px_first_party_enabled: true,
     px_custom_first_party_prefix: '',
@@ -97,6 +97,7 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_custom_logo: '',
     px_graphql_enabled: true,
     px_graphql_routes: ['/graphql'],
+    px_graphql_keywords: [],
     px_sensitive_graphql_operation_names: [],
     px_sensitive_graphql_operation_types: [],
     px_enrich_custom_parameters: null,
@@ -118,4 +119,5 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_custom_is_monitored_request: null,
     px_custom_is_enforced_request: null,
     px_custom_is_filtered_request: null,
+    px_extract_graphql_keywords: null,
 };

package/lib/cjs/graphql/DefaultGraphQLParser.js

@@ -42,13 +42,14 @@ var http_1 = require("../http");
 var model_1 = require("./model");
 var DefaultGraphQLParser = /** @class */ (function () {
     function DefaultGraphQLParser(config) {
-        this.graphqlRoutes = config.graphqlRoutes;
-        this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
-        this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
+        this.config = config;
+        this.maxCharactersInGraphqlKeyword = 100;
+        this.maxGraphqlKeywordCount = 500;
     }
     DefaultGraphQLParser.prototype.isGraphQLRequest = function (_a) {
         var requestData = _a.requestData;
-        return (requestData.method === http_1.HttpMethod.POST && (0, utils_1.isRouteInPatterns)(requestData.url.pathname, this.graphqlRoutes));
+        return (requestData.method === http_1.HttpMethod.POST &&
+            (0, utils_1.isRouteInPatterns)(requestData.url.pathname, this.config.graphqlRoutes));
     };
     DefaultGraphQLParser.prototype.parseGraphQLRequest = function (context) {
         return __awaiter(this, void 0, void 0, function () {
@@ -56,7 +57,7 @@ var DefaultGraphQLParser = /** @class */ (function () {
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
-                        _a.trys.push([0, 2, , 3]);
+                        _a.trys.push([0, 3, , 4]);
                         requestData = context.requestData;
                         return [4 /*yield*/, this.getGraphQLOperationsFromBody(requestData.request, context)];
                     case 1:
@@ -65,18 +66,20 @@ var DefaultGraphQLParser = /** @class */ (function () {
                             context.logger.debug('unable to get graphql operations from request body');
                             return [2 /*return*/, null];
                         }
-                        data = this.parseGraphQLOperations(graphQLOperations);
+                        return [4 /*yield*/, this.parseGraphQLOperations(graphQLOperations, context)];
+                    case 2:
+                        data = _a.sent();
                         if (!data || data.length === 0) {
                             context.logger.debug('unable to parse graphql operations');
                             return [2 /*return*/, null];
                         }
                         context.logger.debug("".concat(data.length, " graphql operation").concat(data.length === 1 ? '' : 's', " parsed successfully"));
                         return [2 /*return*/, data];
-                    case 2:
+                    case 3:
                         e_1 = _a.sent();
                         context.logger.debug("unable to parse graphql request: ".concat(e_1));
                         return [2 /*return*/, null];
-                    case 3: return [2 /*return*/];
+                    case 4: return [2 /*return*/];
                 }
             });
         });
@@ -92,6 +95,7 @@ var DefaultGraphQLParser = /** @class */ (function () {
                     case 1:
                         body = _a.sent();
                         if (!body) {
+                            context.logger.debug("received empty graphql body when calling .json()");
                             return [2 /*return*/, null];
                         }
                         return [2 /*return*/, Array.isArray(body) ? body : [body]];
@@ -104,19 +108,31 @@ var DefaultGraphQLParser = /** @class */ (function () {
             });
         });
     };
-    DefaultGraphQLParser.prototype.parseGraphQLOperations = function (operations) {
-        var _this = this;
-        return operations.map(function (operation) { return _this.parseGraphQlOperation(operation); }).filter(function (x) { return x; });
+    DefaultGraphQLParser.prototype.parseGraphQLOperations = function (operations, context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var data;
+            var _this = this;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, Promise.all(operations.map(function (operation) { return _this.parseGraphQLOperation(operation, context); }))];
+                    case 1:
+                        data = _a.sent();
+                        return [2 /*return*/, data.filter(Boolean)];
+                }
+            });
+        });
     };
-    DefaultGraphQLParser.prototype.parseGraphQlOperation = function (operation) {
+    DefaultGraphQLParser.prototype.parseGraphQLOperation = function (operation, context) {
         if (!operation.query || typeof operation.query !== 'string') {
+            context.logger.debug('no query found');
             return null;
         }
         var operationNameToTypeMap = this.getOperationNameToTypeMap(operation.query);
         if (!operationNameToTypeMap) {
+            context.logger.debug('operationNameToTypeMap returned null');
             return null;
         }
-        return this.getGraphQLData(operationNameToTypeMap, operation);
+        return this.getGraphQLData(operationNameToTypeMap, operation, context);
     };
     DefaultGraphQLParser.prototype.getOperationNameToTypeMap = function (query) {
         var operationTypesString = Object.values(model_1.GraphQLOperationType).join('|');
@@ -136,28 +152,132 @@ var DefaultGraphQLParser = /** @class */ (function () {
         }
         return map;
     };
-    DefaultGraphQLParser.prototype.getGraphQLData = function (operationNameToTypeMap, operation) {
-        var name = operation.operationName ||
-            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined);
-        var type = operationNameToTypeMap[name];
-        if (!type && /^\s*{/.test(operation.query)) {
-            type = model_1.GraphQLOperationType.QUERY;
+    DefaultGraphQLParser.prototype.getGraphQLData = function (operationNameToTypeMap, operation, context) {
+        return __awaiter(this, void 0, void 0, function () {
+            var name, type, data, keywords;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        name = this.getOperationName(operationNameToTypeMap, operation);
+                        type = this.getOperationType(operation, name, operationNameToTypeMap);
+                        if (!type) {
+                            return [2 /*return*/, null];
+                        }
+                        data = { type: type };
+                        if (name) {
+                            data.name = name;
+                        }
+                        return [4 /*yield*/, this.getQueryKeywords(operation.query, context)];
+                    case 1:
+                        keywords = _a.sent();
+                        if (keywords) {
+                            data.keywords = this.cleanKeywords(keywords);
+                        }
+                        if (this.isSensitiveOperation(name, type, keywords)) {
+                            data.sensitive = true;
+                        }
+                        if (operation.variables && typeof operation.variables === 'object') {
+                            data.variables = this.extractGraphQLVariableNames(operation.variables);
+                        }
+                        return [2 /*return*/, data];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.getOperationType = function (operation, operationName, operationNameToTypeMap) {
+        if (operationName && operationNameToTypeMap[operationName]) {
+            return operationNameToTypeMap[operationName];
         }
-        if (!type) {
-            return null;
+        if (this.isGraphqlQueryShorthand(operation.query)) {
+            return model_1.GraphQLOperationType.QUERY;
+        }
+        var match = operation.query.match(new RegExp("^\\s*(".concat(Object.values(model_1.GraphQLOperationType).join('|'), ")(?:\\s|{)")));
+        if ((match === null || match === void 0 ? void 0 : match[1]) && !operationName) {
+            return match[1];
         }
-        var data = { name: name, type: type };
-        if (this.isSensitiveOperation(name, type)) {
-            data.sensitive = true;
+        return null;
+    };
+    DefaultGraphQLParser.prototype.isGraphqlQueryShorthand = function (query) {
+        return /^\s*{/.test(query);
+    };
+    DefaultGraphQLParser.prototype.getOperationName = function (operationNameToTypeMap, operation) {
+        var _a;
+        return (operation.operationName ||
+            (Object.keys(operationNameToTypeMap).length === 1 ? (_a = Object.keys(operationNameToTypeMap)) === null || _a === void 0 ? void 0 : _a[0] : undefined));
+    };
+    DefaultGraphQLParser.prototype.getQueryKeywords = function (query, context) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function () {
+            var keywords;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        if (!(this.config.extractGraphQLKeywords && typeof this.config.extractGraphQLKeywords === 'function')) return [3 /*break*/, 2];
+                        return [4 /*yield*/, this.getQueryKeywordsFromCustomFunction(query, context)];
+                    case 1:
+                        keywords = _b.sent();
+                        if (Array.isArray(keywords)) {
+                            return [2 /*return*/, keywords];
+                        }
+                        _b.label = 2;
+                    case 2:
+                        if (((_a = this.config.graphqlKeywords) === null || _a === void 0 ? void 0 : _a.length) > 0) {
+                            return [2 /*return*/, this.getQueryKeywordsFromArray(query, context)];
+                        }
+                        return [2 /*return*/, null];
+                }
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.cleanKeywords = function (keywords) {
+        var _this = this;
+        return keywords
+            .slice(0, this.maxGraphqlKeywordCount)
+            .map(function (kw) { return kw.trim().substring(0, _this.maxCharactersInGraphqlKeyword); });
+    };
+    DefaultGraphQLParser.prototype.getQueryKeywordsFromCustomFunction = function (query, context) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                try {
+                    return [2 /*return*/, this.config.extractGraphQLKeywords(query)];
+                }
+                catch (e) {
+                    context.logger.debug("unable to extract graphql keywords via custom function: ".concat(e));
+                    return [2 /*return*/, null];
+                }
+                return [2 /*return*/];
+            });
+        });
+    };
+    DefaultGraphQLParser.prototype.getQueryKeywordsFromArray = function (query, context) {
+        var _this = this;
+        var keywords = [];
+        try {
+            this.config.graphqlKeywords.forEach(function (keyword) {
+                var pattern = _this.toGlobalRegExp(keyword);
+                var matchGroup = query.match(pattern);
+                if (!matchGroup) {
+                    return;
+                }
+                keywords = keywords.concat(matchGroup);
+            });
         }
-        if (operation.variables && typeof operation.variables === 'object') {
-            data.variables = this.extractGraphQLVariableNames(operation.variables);
+        catch (e) {
+            context.logger.debug("unable to extract graphql keywords via array: ".concat(e));
+            return null;
         }
-        return data;
+        return keywords;
     };
-    DefaultGraphQLParser.prototype.isSensitiveOperation = function (operationName, operationType) {
-        return (this.sensitiveOperationTypes.some(function (type) { return type === operationType; }) ||
-            this.sensitiveOperationNames.some(function (name) { return name === operationName; }));
+    DefaultGraphQLParser.prototype.isSensitiveOperation = function (operationName, operationType, keywords) {
+        var _this = this;
+        return (this.config.sensitiveGraphqlOperationTypes.some(function (type) { return type === operationType; }) ||
+            this.config.sensitiveGraphqlOperationNames.some(function (name) {
+                var pattern = _this.toGlobalRegExp(name);
+                if (!pattern) {
+                    return false;
+                }
+                return !!(operationName === null || operationName === void 0 ? void 0 : operationName.match(pattern)) || (keywords === null || keywords === void 0 ? void 0 : keywords.some(function (kw) { return !!kw.match(pattern); }));
+            }));
     };
     DefaultGraphQLParser.prototype.extractGraphQLVariableNames = function (variables) {
         var processVariables = function (variablesObj, prefix) {
@@ -174,6 +294,15 @@ var DefaultGraphQLParser = /** @class */ (function () {
         };
         return processVariables(variables, '');
     };
+    DefaultGraphQLParser.prototype.toGlobalRegExp = function (pattern) {
+        if (typeof pattern === 'string') {
+            return new RegExp(pattern, 'g');
+        }
+        if (pattern.global) {
+            return pattern;
+        }
+        return new RegExp(pattern, pattern.flags + 'g');
+    };
     return DefaultGraphQLParser;
 }());
 exports.DefaultGraphQLParser = DefaultGraphQLParser;

package/lib/cjs/graphql/ExtractGraphQLKeywordsFunction.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/graphql/index.js

@@ -17,3 +17,4 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./model"), exports);
 __exportStar(require("./IGraphQLParser"), exports);
 __exportStar(require("./DefaultGraphQLParser"), exports);
+__exportStar(require("./ExtractGraphQLKeywordsFunction"), exports);

package/lib/cjs/products/credential_intelligence/endpoint/login_successful/BodyLoginSuccessfulParser.js

@@ -42,10 +42,11 @@ var BodyLoginSuccessfulParser = /** @class */ (function () {
         this.bodyRegex = new RegExp(regex);
     }
     BodyLoginSuccessfulParser.prototype.isLoginSuccessful = function (response) {
+        var _a, _b;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
+            return __generator(this, function (_c) {
                 // TODO: Possibly add IBody methods to IOutgoingResponse interface?
-                return [2 /*return*/, this.bodyRegex.test(response.body)];
+                return [2 /*return*/, !!((_b = (_a = response.body) === null || _a === void 0 ? void 0 : _a.match) === null || _b === void 0 ? void 0 : _b.call(_a, this.bodyRegex))];
             });
         });
     };

package/lib/cjs/products/credential_intelligence/endpoint/matcher/RegexPathEndpointMatcher.js

@@ -8,7 +8,7 @@ var RegexPathEndpointMatcher = /** @class */ (function () {
     }
     RegexPathEndpointMatcher.prototype.matches = function (_a) {
         var method = _a.method, url = _a.url;
-        return method === this.method && this.pathnameRegex.test(url.pathname);
+        return method === this.method && !!url.pathname.match(this.pathnameRegex);
     };
     return RegexPathEndpointMatcher;
 }());

package/lib/cjs/telemetry/DefaultTelemetry.js

@@ -143,9 +143,9 @@ var DefaultTelemetry = /** @class */ (function () {
             'px_remote_config_auth_token',
         ];
         var telemetryConfig = {
-            active_config: (0, utils_1.removeSensitiveFields)(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
-            static_config: (0, utils_1.removeSensitiveFields)(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
-            remote_config: (0, utils_1.removeSensitiveFields)(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
+            active_config: (0, utils_1.redactSensitiveFields)(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
+            static_config: (0, utils_1.redactSensitiveFields)(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
+            remote_config: (0, utils_1.redactSensitiveFields)(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
         };
         var activity = {
             type: activities_1.ActivityType.ENFORCER_TELEMETRY,

package/lib/cjs/utils/constants.js

@@ -13,4 +13,4 @@ exports.PUSH_DATA_HMAC_HEADER_NAME = 'x-px-pushdata';
 exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.19.0';
+exports.CORE_MODULE_VERSION = 'JS Core 0.20.1';

package/lib/cjs/utils/utils.js

@@ -36,7 +36,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
     }
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.telemetryConfigReplacer = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.removeSensitiveFields = exports.getExtension = exports.getAuthorizationHeader = exports.getCollectorDomain = exports.getScoreApiDomain = exports.isEmailAddress = exports.isValidUuid = exports.isValidEnumValue = void 0;
+exports.telemetryConfigReplacer = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.redactSensitiveFields = exports.getExtension = exports.getAuthorizationHeader = exports.getCollectorDomain = exports.getScoreApiDomain = exports.isEmailAddress = exports.isValidUuid = exports.isValidEnumValue = void 0;
 var http_1 = require("../http");
 var error_1 = require("./error");
 var constants_1 = require("./constants");
@@ -77,14 +77,22 @@ var getExtension = function (route) {
     return endOfPath.substring(extensionIndex);
 };
 exports.getExtension = getExtension;
-var removeSensitiveFields = function (object, sensitiveFields) {
+var redactSensitiveFields = function (object, sensitiveFields) {
+    var NUMBER_OF_TRAILING_CHARS_TO_EXPOSE = 5;
+    var SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS = NUMBER_OF_TRAILING_CHARS_TO_EXPOSE * 10;
     var newObj = Object.assign({}, object);
     sensitiveFields.forEach(function (fieldName) {
-        delete newObj[fieldName];
+        var sensitiveValue = object[fieldName];
+        if (!sensitiveValue) {
+            return;
+        }
+        var trailingCharsExposed = sensitiveValue.length >= SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS;
+        var trailingChars = sensitiveValue.substring(sensitiveValue.length - (trailingCharsExposed ? NUMBER_OF_TRAILING_CHARS_TO_EXPOSE : 0));
+        newObj[fieldName] = "***REDACTED***".concat(trailingChars);
     });
     return newObj;
 };
-exports.removeSensitiveFields = removeSensitiveFields;
+exports.redactSensitiveFields = redactSensitiveFields;
 var removeSensitiveHeaders = function (headers, sensitiveHeaderNames) {
     var ret = (0, http_1.toMutableHeaders)(headers);
     sensitiveHeaderNames.forEach(function (name) {
@@ -101,7 +109,7 @@ var isRouteMatch = function (route, pattern) {
     if (!route || !pattern) {
         return false;
     }
-    if (pattern instanceof RegExp && pattern.test(route)) {
+    if (pattern instanceof RegExp && !!route.match(pattern)) {
         return true;
     }
     if (typeof pattern === 'string' && route.startsWith(pattern)) {

package/lib/esm/config/ConfigurationBase.js

@@ -223,6 +223,12 @@ export class ConfigurationBase {
     get graphqlRoutes() {
         return this.activeConfigParams.px_graphql_routes;
     }
+    get graphqlKeywords() {
+        return this.activeConfigParams.px_graphql_keywords;
+    }
+    get extractGraphQLKeywords() {
+        return this.activeConfigParams.px_extract_graphql_keywords;
+    }
     get sensitiveGraphqlOperationNames() {
         return this.activeConfigParams.px_sensitive_graphql_operation_names;
     }

package/lib/esm/config/defaults/DefaultCommonConfigurationParams.js

@@ -16,7 +16,7 @@ export const DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_advanced_blocking_response_enabled: true,
     px_max_activity_batch_size: 0,
     px_batch_activities_timeout_ms: 1000,
-    px_bypass_monitor_header: '',
+    px_bypass_monitor_header: 'x-px-block',
     px_enforced_routes: [],
     px_first_party_enabled: true,
     px_custom_first_party_prefix: '',
@@ -94,6 +94,7 @@ export const DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_custom_logo: '',
     px_graphql_enabled: true,
     px_graphql_routes: ['/graphql'],
+    px_graphql_keywords: [],
     px_sensitive_graphql_operation_names: [],
     px_sensitive_graphql_operation_types: [],
     px_enrich_custom_parameters: null,
@@ -115,4 +116,5 @@ export const DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_custom_is_monitored_request: null,
     px_custom_is_enforced_request: null,
     px_custom_is_filtered_request: null,
+    px_extract_graphql_keywords: null,
 };

package/lib/esm/graphql/DefaultGraphQLParser.js

@@ -2,16 +2,17 @@ import { isRouteInPatterns } from '../utils';
 import { HttpMethod } from '../http';
 import { GraphQLOperationType } from './model';
 export class DefaultGraphQLParser {
-    graphqlRoutes;
-    sensitiveOperationTypes;
-    sensitiveOperationNames;
+    config;
+    maxCharactersInGraphqlKeyword;
+    maxGraphqlKeywordCount;
     constructor(config) {
-        this.graphqlRoutes = config.graphqlRoutes;
-        this.sensitiveOperationNames = config.sensitiveGraphqlOperationNames;
-        this.sensitiveOperationTypes = config.sensitiveGraphqlOperationTypes;
+        this.config = config;
+        this.maxCharactersInGraphqlKeyword = 100;
+        this.maxGraphqlKeywordCount = 500;
     }
     isGraphQLRequest({ requestData }) {
-        return (requestData.method === HttpMethod.POST && isRouteInPatterns(requestData.url.pathname, this.graphqlRoutes));
+        return (requestData.method === HttpMethod.POST &&
+            isRouteInPatterns(requestData.url.pathname, this.config.graphqlRoutes));
     }
     async parseGraphQLRequest(context) {
         try {
@@ -21,7 +22,7 @@ export class DefaultGraphQLParser {
                 context.logger.debug('unable to get graphql operations from request body');
                 return null;
             }
-            const data = this.parseGraphQLOperations(graphQLOperations);
+            const data = await this.parseGraphQLOperations(graphQLOperations, context);
             if (!data || data.length === 0) {
                 context.logger.debug('unable to parse graphql operations');
                 return null;
@@ -36,8 +37,9 @@ export class DefaultGraphQLParser {
     }
     async getGraphQLOperationsFromBody(request, context) {
         try {
-            let body = await request.json();
+            const body = await request.json();
             if (!body) {
+                context.logger.debug(`received empty graphql body when calling .json()`);
                 return null;
             }
             return Array.isArray(body) ? body : [body];
@@ -47,18 +49,21 @@ export class DefaultGraphQLParser {
             return null;
         }
     }
-    parseGraphQLOperations(operations) {
-        return operations.map((operation) => this.parseGraphQlOperation(operation)).filter((x) => x);
+    async parseGraphQLOperations(operations, context) {
+        const data = await Promise.all(operations.map((operation) => this.parseGraphQLOperation(operation, context)));
+        return data.filter(Boolean);
     }
-    parseGraphQlOperation(operation) {
+    parseGraphQLOperation(operation, context) {
         if (!operation.query || typeof operation.query !== 'string') {
+            context.logger.debug('no query found');
             return null;
         }
         const operationNameToTypeMap = this.getOperationNameToTypeMap(operation.query);
         if (!operationNameToTypeMap) {
+            context.logger.debug('operationNameToTypeMap returned null');
             return null;
         }
-        return this.getGraphQLData(operationNameToTypeMap, operation);
+        return this.getGraphQLData(operationNameToTypeMap, operation, context);
     }
     getOperationNameToTypeMap(query) {
         const operationTypesString = Object.values(GraphQLOperationType).join('|');
@@ -78,18 +83,21 @@ export class DefaultGraphQLParser {
         }
         return map;
     }
-    getGraphQLData(operationNameToTypeMap, operation) {
-        let name = operation.operationName ||
-            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined);
-        let type = operationNameToTypeMap[name];
-        if (!type && /^\s*{/.test(operation.query)) {
-            type = GraphQLOperationType.QUERY;
-        }
+    async getGraphQLData(operationNameToTypeMap, operation, context) {
+        const name = this.getOperationName(operationNameToTypeMap, operation);
+        const type = this.getOperationType(operation, name, operationNameToTypeMap);
         if (!type) {
             return null;
         }
-        const data = { name, type };
-        if (this.isSensitiveOperation(name, type)) {
+        const data = { type };
+        if (name) {
+            data.name = name;
+        }
+        const keywords = await this.getQueryKeywords(operation.query, context);
+        if (keywords) {
+            data.keywords = this.cleanKeywords(keywords);
+        }
+        if (this.isSensitiveOperation(name, type, keywords)) {
             data.sensitive = true;
         }
         if (operation.variables && typeof operation.variables === 'object') {
@@ -97,9 +105,79 @@ export class DefaultGraphQLParser {
         }
         return data;
     }
-    isSensitiveOperation(operationName, operationType) {
-        return (this.sensitiveOperationTypes.some((type) => type === operationType) ||
-            this.sensitiveOperationNames.some((name) => name === operationName));
+    getOperationType(operation, operationName, operationNameToTypeMap) {
+        if (operationName && operationNameToTypeMap[operationName]) {
+            return operationNameToTypeMap[operationName];
+        }
+        if (this.isGraphqlQueryShorthand(operation.query)) {
+            return GraphQLOperationType.QUERY;
+        }
+        const match = operation.query.match(new RegExp(`^\\s*(${Object.values(GraphQLOperationType).join('|')})(?:\\s|{)`));
+        if (match?.[1] && !operationName) {
+            return match[1];
+        }
+        return null;
+    }
+    isGraphqlQueryShorthand(query) {
+        return /^\s*{/.test(query);
+    }
+    getOperationName(operationNameToTypeMap, operation) {
+        return (operation.operationName ||
+            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)?.[0] : undefined));
+    }
+    async getQueryKeywords(query, context) {
+        if (this.config.extractGraphQLKeywords && typeof this.config.extractGraphQLKeywords === 'function') {
+            const keywords = await this.getQueryKeywordsFromCustomFunction(query, context);
+            if (Array.isArray(keywords)) {
+                return keywords;
+            }
+        }
+        if (this.config.graphqlKeywords?.length > 0) {
+            return this.getQueryKeywordsFromArray(query, context);
+        }
+        return null;
+    }
+    cleanKeywords(keywords) {
+        return keywords
+            .slice(0, this.maxGraphqlKeywordCount)
+            .map((kw) => kw.trim().substring(0, this.maxCharactersInGraphqlKeyword));
+    }
+    async getQueryKeywordsFromCustomFunction(query, context) {
+        try {
+            return this.config.extractGraphQLKeywords(query);
+        }
+        catch (e) {
+            context.logger.debug(`unable to extract graphql keywords via custom function: ${e}`);
+            return null;
+        }
+    }
+    getQueryKeywordsFromArray(query, context) {
+        let keywords = [];
+        try {
+            this.config.graphqlKeywords.forEach((keyword) => {
+                const pattern = this.toGlobalRegExp(keyword);
+                let matchGroup = query.match(pattern);
+                if (!matchGroup) {
+                    return;
+                }
+                keywords = keywords.concat(matchGroup);
+            });
+        }
+        catch (e) {
+            context.logger.debug(`unable to extract graphql keywords via array: ${e}`);
+            return null;
+        }
+        return keywords;
+    }
+    isSensitiveOperation(operationName, operationType, keywords) {
+        return (this.config.sensitiveGraphqlOperationTypes.some((type) => type === operationType) ||
+            this.config.sensitiveGraphqlOperationNames.some((name) => {
+                const pattern = this.toGlobalRegExp(name);
+                if (!pattern) {
+                    return false;
+                }
+                return !!operationName?.match(pattern) || keywords?.some((kw) => !!kw.match(pattern));
+            }));
     }
     extractGraphQLVariableNames(variables) {
         const processVariables = (variablesObj, prefix) => Object.entries(variablesObj).reduce((total, [key, value]) => {
@@ -113,4 +191,13 @@ export class DefaultGraphQLParser {
         }, []);
         return processVariables(variables, '');
     }
+    toGlobalRegExp(pattern) {
+        if (typeof pattern === 'string') {
+            return new RegExp(pattern, 'g');
+        }
+        if (pattern.global) {
+            return pattern;
+        }
+        return new RegExp(pattern, pattern.flags + 'g');
+    }
 }

package/lib/esm/graphql/ExtractGraphQLKeywordsFunction.js

@@ -0,0 +1 @@
+export {};

package/lib/esm/graphql/index.js

@@ -1,3 +1,4 @@
 export * from './model';
 export * from './IGraphQLParser';
 export * from './DefaultGraphQLParser';
+export * from './ExtractGraphQLKeywordsFunction';