perimeterx-js-core 0.20.0 → 0.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/graphql/DefaultGraphQLParser.js +6 -2
- package/lib/cjs/products/credential_intelligence/endpoint/login_successful/BodyLoginSuccessfulParser.js +3 -2
- package/lib/cjs/products/credential_intelligence/endpoint/matcher/RegexPathEndpointMatcher.js +1 -1
- package/lib/cjs/telemetry/DefaultTelemetry.js +3 -3
- package/lib/cjs/utils/constants.js +1 -1
- package/lib/cjs/utils/utils.js +13 -5
- package/lib/esm/graphql/DefaultGraphQLParser.js +5 -2
- package/lib/esm/products/credential_intelligence/endpoint/login_successful/BodyLoginSuccessfulParser.js +1 -1
- package/lib/esm/products/credential_intelligence/endpoint/matcher/RegexPathEndpointMatcher.js +1 -1
- package/lib/esm/telemetry/DefaultTelemetry.js +4 -4
- package/lib/esm/utils/constants.js +1 -1
- package/lib/esm/utils/utils.js +11 -3
- package/lib/types/utils/constants.d.ts +1 -1
- package/lib/types/utils/utils.d.ts +1 -1
- package/package.json +1 -1
|
@@ -201,8 +201,9 @@ var DefaultGraphQLParser = /** @class */ (function () {
|
|
|
201
201
|
return /^\s*{/.test(query);
|
|
202
202
|
};
|
|
203
203
|
DefaultGraphQLParser.prototype.getOperationName = function (operationNameToTypeMap, operation) {
|
|
204
|
+
var _a;
|
|
204
205
|
return (operation.operationName ||
|
|
205
|
-
(Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined));
|
|
206
|
+
(Object.keys(operationNameToTypeMap).length === 1 ? (_a = Object.keys(operationNameToTypeMap)) === null || _a === void 0 ? void 0 : _a[0] : undefined));
|
|
206
207
|
};
|
|
207
208
|
DefaultGraphQLParser.prototype.getQueryKeywords = function (query, context) {
|
|
208
209
|
var _a;
|
|
@@ -272,7 +273,10 @@ var DefaultGraphQLParser = /** @class */ (function () {
|
|
|
272
273
|
return (this.config.sensitiveGraphqlOperationTypes.some(function (type) { return type === operationType; }) ||
|
|
273
274
|
this.config.sensitiveGraphqlOperationNames.some(function (name) {
|
|
274
275
|
var pattern = _this.toGlobalRegExp(name);
|
|
275
|
-
|
|
276
|
+
if (!pattern) {
|
|
277
|
+
return false;
|
|
278
|
+
}
|
|
279
|
+
return !!(operationName === null || operationName === void 0 ? void 0 : operationName.match(pattern)) || (keywords === null || keywords === void 0 ? void 0 : keywords.some(function (kw) { return !!kw.match(pattern); }));
|
|
276
280
|
}));
|
|
277
281
|
};
|
|
278
282
|
DefaultGraphQLParser.prototype.extractGraphQLVariableNames = function (variables) {
|
|
@@ -42,10 +42,11 @@ var BodyLoginSuccessfulParser = /** @class */ (function () {
|
|
|
42
42
|
this.bodyRegex = new RegExp(regex);
|
|
43
43
|
}
|
|
44
44
|
BodyLoginSuccessfulParser.prototype.isLoginSuccessful = function (response) {
|
|
45
|
+
var _a, _b;
|
|
45
46
|
return __awaiter(this, void 0, void 0, function () {
|
|
46
|
-
return __generator(this, function (
|
|
47
|
+
return __generator(this, function (_c) {
|
|
47
48
|
// TODO: Possibly add IBody methods to IOutgoingResponse interface?
|
|
48
|
-
return [2 /*return*/,
|
|
49
|
+
return [2 /*return*/, !!((_b = (_a = response.body) === null || _a === void 0 ? void 0 : _a.match) === null || _b === void 0 ? void 0 : _b.call(_a, this.bodyRegex))];
|
|
49
50
|
});
|
|
50
51
|
});
|
|
51
52
|
};
|
package/lib/cjs/products/credential_intelligence/endpoint/matcher/RegexPathEndpointMatcher.js
CHANGED
|
@@ -8,7 +8,7 @@ var RegexPathEndpointMatcher = /** @class */ (function () {
|
|
|
8
8
|
}
|
|
9
9
|
RegexPathEndpointMatcher.prototype.matches = function (_a) {
|
|
10
10
|
var method = _a.method, url = _a.url;
|
|
11
|
-
return method === this.method &&
|
|
11
|
+
return method === this.method && !!url.pathname.match(this.pathnameRegex);
|
|
12
12
|
};
|
|
13
13
|
return RegexPathEndpointMatcher;
|
|
14
14
|
}());
|
|
@@ -143,9 +143,9 @@ var DefaultTelemetry = /** @class */ (function () {
|
|
|
143
143
|
'px_remote_config_auth_token',
|
|
144
144
|
];
|
|
145
145
|
var telemetryConfig = {
|
|
146
|
-
active_config: (0, utils_1.
|
|
147
|
-
static_config: (0, utils_1.
|
|
148
|
-
remote_config: (0, utils_1.
|
|
146
|
+
active_config: (0, utils_1.redactSensitiveFields)(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
147
|
+
static_config: (0, utils_1.redactSensitiveFields)(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
148
|
+
remote_config: (0, utils_1.redactSensitiveFields)(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
149
149
|
};
|
|
150
150
|
var activity = {
|
|
151
151
|
type: activities_1.ActivityType.ENFORCER_TELEMETRY,
|
|
@@ -13,4 +13,4 @@ exports.PUSH_DATA_HMAC_HEADER_NAME = 'x-px-pushdata';
|
|
|
13
13
|
exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
|
|
14
14
|
exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
|
|
15
15
|
exports.URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
|
|
16
|
-
exports.CORE_MODULE_VERSION = 'JS Core 0.20.
|
|
16
|
+
exports.CORE_MODULE_VERSION = 'JS Core 0.20.1';
|
package/lib/cjs/utils/utils.js
CHANGED
|
@@ -36,7 +36,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
|
36
36
|
}
|
|
37
37
|
};
|
|
38
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
-
exports.telemetryConfigReplacer = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.
|
|
39
|
+
exports.telemetryConfigReplacer = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.redactSensitiveFields = exports.getExtension = exports.getAuthorizationHeader = exports.getCollectorDomain = exports.getScoreApiDomain = exports.isEmailAddress = exports.isValidUuid = exports.isValidEnumValue = void 0;
|
|
40
40
|
var http_1 = require("../http");
|
|
41
41
|
var error_1 = require("./error");
|
|
42
42
|
var constants_1 = require("./constants");
|
|
@@ -77,14 +77,22 @@ var getExtension = function (route) {
|
|
|
77
77
|
return endOfPath.substring(extensionIndex);
|
|
78
78
|
};
|
|
79
79
|
exports.getExtension = getExtension;
|
|
80
|
-
var
|
|
80
|
+
var redactSensitiveFields = function (object, sensitiveFields) {
|
|
81
|
+
var NUMBER_OF_TRAILING_CHARS_TO_EXPOSE = 5;
|
|
82
|
+
var SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS = NUMBER_OF_TRAILING_CHARS_TO_EXPOSE * 10;
|
|
81
83
|
var newObj = Object.assign({}, object);
|
|
82
84
|
sensitiveFields.forEach(function (fieldName) {
|
|
83
|
-
|
|
85
|
+
var sensitiveValue = object[fieldName];
|
|
86
|
+
if (!sensitiveValue) {
|
|
87
|
+
return;
|
|
88
|
+
}
|
|
89
|
+
var trailingCharsExposed = sensitiveValue.length >= SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS;
|
|
90
|
+
var trailingChars = sensitiveValue.substring(sensitiveValue.length - (trailingCharsExposed ? NUMBER_OF_TRAILING_CHARS_TO_EXPOSE : 0));
|
|
91
|
+
newObj[fieldName] = "***REDACTED***".concat(trailingChars);
|
|
84
92
|
});
|
|
85
93
|
return newObj;
|
|
86
94
|
};
|
|
87
|
-
exports.
|
|
95
|
+
exports.redactSensitiveFields = redactSensitiveFields;
|
|
88
96
|
var removeSensitiveHeaders = function (headers, sensitiveHeaderNames) {
|
|
89
97
|
var ret = (0, http_1.toMutableHeaders)(headers);
|
|
90
98
|
sensitiveHeaderNames.forEach(function (name) {
|
|
@@ -101,7 +109,7 @@ var isRouteMatch = function (route, pattern) {
|
|
|
101
109
|
if (!route || !pattern) {
|
|
102
110
|
return false;
|
|
103
111
|
}
|
|
104
|
-
if (pattern instanceof RegExp &&
|
|
112
|
+
if (pattern instanceof RegExp && !!route.match(pattern)) {
|
|
105
113
|
return true;
|
|
106
114
|
}
|
|
107
115
|
if (typeof pattern === 'string' && route.startsWith(pattern)) {
|
|
@@ -123,7 +123,7 @@ export class DefaultGraphQLParser {
|
|
|
123
123
|
}
|
|
124
124
|
getOperationName(operationNameToTypeMap, operation) {
|
|
125
125
|
return (operation.operationName ||
|
|
126
|
-
(Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined));
|
|
126
|
+
(Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)?.[0] : undefined));
|
|
127
127
|
}
|
|
128
128
|
async getQueryKeywords(query, context) {
|
|
129
129
|
if (this.config.extractGraphQLKeywords && typeof this.config.extractGraphQLKeywords === 'function') {
|
|
@@ -173,7 +173,10 @@ export class DefaultGraphQLParser {
|
|
|
173
173
|
return (this.config.sensitiveGraphqlOperationTypes.some((type) => type === operationType) ||
|
|
174
174
|
this.config.sensitiveGraphqlOperationNames.some((name) => {
|
|
175
175
|
const pattern = this.toGlobalRegExp(name);
|
|
176
|
-
|
|
176
|
+
if (!pattern) {
|
|
177
|
+
return false;
|
|
178
|
+
}
|
|
179
|
+
return !!operationName?.match(pattern) || keywords?.some((kw) => !!kw.match(pattern));
|
|
177
180
|
}));
|
|
178
181
|
}
|
|
179
182
|
extractGraphQLVariableNames(variables) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { AUTHORIZATION_HEADER_NAME, CONTENT_TYPE_HEADER_NAME, ContentType, HttpMethod, OutgoingRequestImpl, } from '../http';
|
|
2
2
|
import { ActivityType } from '../activities';
|
|
3
|
-
import { getAuthorizationHeader,
|
|
3
|
+
import { getAuthorizationHeader, transferExistingProperties, DefaultTimestampHmacHeaderValidator, telemetryConfigReplacer, redactSensitiveFields, } from '../utils';
|
|
4
4
|
import { TELEMETRY_ENDPOINT, TELEMETRY_HEADER_NAME, TELEMETRY_UPDATE_REASON } from './constants';
|
|
5
5
|
export class DefaultTelemetry {
|
|
6
6
|
config;
|
|
@@ -65,9 +65,9 @@ export class DefaultTelemetry {
|
|
|
65
65
|
'px_remote_config_auth_token',
|
|
66
66
|
];
|
|
67
67
|
const telemetryConfig = {
|
|
68
|
-
active_config:
|
|
69
|
-
static_config:
|
|
70
|
-
remote_config:
|
|
68
|
+
active_config: redactSensitiveFields(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
69
|
+
static_config: redactSensitiveFields(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
70
|
+
remote_config: redactSensitiveFields(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
|
|
71
71
|
};
|
|
72
72
|
const activity = {
|
|
73
73
|
type: ActivityType.ENFORCER_TELEMETRY,
|
|
@@ -10,4 +10,4 @@ export const PUSH_DATA_HMAC_HEADER_NAME = 'x-px-pushdata';
|
|
|
10
10
|
export const PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
|
|
11
11
|
export const EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
|
|
12
12
|
export const URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
|
|
13
|
-
export const CORE_MODULE_VERSION = 'JS Core 0.20.
|
|
13
|
+
export const CORE_MODULE_VERSION = 'JS Core 0.20.1';
|
package/lib/esm/utils/utils.js
CHANGED
|
@@ -31,10 +31,18 @@ export const getExtension = (route) => {
|
|
|
31
31
|
}
|
|
32
32
|
return endOfPath.substring(extensionIndex);
|
|
33
33
|
};
|
|
34
|
-
export const
|
|
34
|
+
export const redactSensitiveFields = (object, sensitiveFields) => {
|
|
35
|
+
const NUMBER_OF_TRAILING_CHARS_TO_EXPOSE = 5;
|
|
36
|
+
const SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS = NUMBER_OF_TRAILING_CHARS_TO_EXPOSE * 10;
|
|
35
37
|
const newObj = Object.assign({}, object);
|
|
36
38
|
sensitiveFields.forEach((fieldName) => {
|
|
37
|
-
|
|
39
|
+
const sensitiveValue = object[fieldName];
|
|
40
|
+
if (!sensitiveValue) {
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
const trailingCharsExposed = sensitiveValue.length >= SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS;
|
|
44
|
+
const trailingChars = sensitiveValue.substring(sensitiveValue.length - (trailingCharsExposed ? NUMBER_OF_TRAILING_CHARS_TO_EXPOSE : 0));
|
|
45
|
+
newObj[fieldName] = `***REDACTED***${trailingChars}`;
|
|
38
46
|
});
|
|
39
47
|
return newObj;
|
|
40
48
|
};
|
|
@@ -52,7 +60,7 @@ export const isRouteMatch = (route, pattern) => {
|
|
|
52
60
|
if (!route || !pattern) {
|
|
53
61
|
return false;
|
|
54
62
|
}
|
|
55
|
-
if (pattern instanceof RegExp &&
|
|
63
|
+
if (pattern instanceof RegExp && !!route.match(pattern)) {
|
|
56
64
|
return true;
|
|
57
65
|
}
|
|
58
66
|
if (typeof pattern === 'string' && route.startsWith(pattern)) {
|
|
@@ -10,4 +10,4 @@ export declare const PUSH_DATA_HMAC_HEADER_NAME = "x-px-pushdata";
|
|
|
10
10
|
export declare const PUSH_DATA_FEATURE_HEADER_NAME = "x-px-feature";
|
|
11
11
|
export declare const EMAIL_ADDRESS_REGEX: RegExp;
|
|
12
12
|
export declare const URL_REGEX: RegExp;
|
|
13
|
-
export declare const CORE_MODULE_VERSION = "JS Core 0.20.
|
|
13
|
+
export declare const CORE_MODULE_VERSION = "JS Core 0.20.1";
|
|
@@ -7,7 +7,7 @@ export declare const getScoreApiDomain: (appId: string) => string;
|
|
|
7
7
|
export declare const getCollectorDomain: (appId: string) => string;
|
|
8
8
|
export declare const getAuthorizationHeader: (authToken: string) => string;
|
|
9
9
|
export declare const getExtension: (route: string) => string;
|
|
10
|
-
export declare const
|
|
10
|
+
export declare const redactSensitiveFields: <T extends Record<string, any>>(object: T, sensitiveFields: (keyof T)[]) => T;
|
|
11
11
|
export declare const removeSensitiveHeaders: (headers: ReadonlyHeaders, sensitiveHeaderNames: string[]) => Record<string, string[]>;
|
|
12
12
|
export declare const isRouteInPatterns: (route: string, patterns: Array<string | RegExp>) => boolean;
|
|
13
13
|
export declare const isRouteMatch: (route: string, pattern: string | RegExp) => boolean;
|