perimeterx-js-core 0.20.0 → 0.21.0

package/lib/cjs/config/ConfigurationBase.js

@@ -15,20 +15,21 @@ exports.ConfigurationBase = void 0;
 var defaults_1 = require("./defaults");
 var logger_1 = require("../logger");
 var utils_1 = require("../utils");
+var remote_config_1 = require("./remote_config");
 var ConfigurationBase = /** @class */ (function () {
     function ConfigurationBase(params, defaultParams) {
         this.defaultConfigParams = __assign(__assign({}, defaults_1.DEFAULT_CONFIGURATION_PARAMS), defaultParams);
-        this.activeConfigParams = this.initialize(params, this.defaultConfigParams);
+        this.activeConfigParams = this.createActiveConfiguration(params, this.defaultConfigParams);
         this.staticConfigParams = params;
-        this.internalLogger = this.createInternalLogger(this.activeConfigParams.px_logger_severity);
     }
-    ConfigurationBase.prototype.initialize = function (params, defaultParams) {
+    ConfigurationBase.prototype.createActiveConfiguration = function (params, defaultParams) {
         var _this = this;
         this.throwIfMissingRequiredField(params);
         var config = {};
         Object.keys(defaultParams).forEach(function (k) {
             config[k] = _this.getValidConfigValue(params, defaultParams, k);
         });
+        this.internalLogger = this.createInternalLogger(config.px_logger_severity);
         return config;
     };
     ConfigurationBase.prototype.throwIfMissingRequiredField = function (params) {
@@ -78,7 +79,8 @@ var ConfigurationBase = /** @class */ (function () {
     };
     ConfigurationBase.prototype.addRemoteConfig = function (remoteConfigParams) {
         this.remoteConfigParams = remoteConfigParams;
-        this.activeConfigParams = this.initialize(__assign(__assign({}, this.staticConfigParams), remoteConfigParams), this.defaultConfigParams);
+        var mergedParams = __assign(__assign({}, this.staticConfigParams), remote_config_1.RemoteConfigUtils.prepareRemoteConfigParams(remoteConfigParams, this.logger));
+        this.activeConfigParams = this.createActiveConfiguration(mergedParams, this.defaultConfigParams);
     };
     ConfigurationBase.prototype.getActiveConfig = function () {
         return Object.assign({}, this.activeConfigParams);

package/lib/cjs/config/ConfigurationBuilderBase.js

@@ -48,6 +48,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ConfigurationBuilderBase = void 0;
+var remote_config_1 = require("./remote_config");
 var ConfigurationBuilderBase = /** @class */ (function () {
     function ConfigurationBuilderBase(base64Utils) {
         this.base64Utils = base64Utils;
@@ -88,12 +89,16 @@ var ConfigurationBuilderBase = /** @class */ (function () {
                     case 2:
                         remoteConfigData = _a.sent();
                         if (!remoteConfigData) {
-                            staticConfig.logger.debug('unable to load remote config from storage');
+                            staticConfig.logger.debug('unable to load remote config from storage', {
+                                error_type: remote_config_1.READ_REMOTE_CONFIG_ERROR_NAME,
+                            });
                             return [2 /*return*/, null];
                         }
                         configValue = remoteConfigData.configValue, id = remoteConfigData.id, version = remoteConfigData.version;
                         if (!this.isValidRemoteConfigId(staticConfig.remoteConfigAuthToken, id)) {
-                            staticConfig.logger.debug("remote config ID in auth token does not match ID found in storage ".concat(id));
+                            staticConfig.logger.debug("remote config ID in auth token does not match ID found in storage ".concat(id), {
+                                error_type: remote_config_1.READ_REMOTE_CONFIG_ERROR_NAME,
+                            });
                             return [2 /*return*/, null];
                         }
                         if (!configValue.px_remote_config_enabled) {

package/lib/cjs/config/defaults/DefaultConfigurationParams.js

@@ -1,18 +1,136 @@
 "use strict";
-var __assign = (this && this.__assign) || function () {
-    __assign = Object.assign || function(t) {
-        for (var s, i = 1, n = arguments.length; i < n; i++) {
-            s = arguments[i];
-            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
-                t[p] = s[p];
-        }
-        return t;
-    };
-    return __assign.apply(this, arguments);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DEFAULT_CONFIGURATION_PARAMS = void 0;
-var DefaultStaticConfigurationParams_1 = require("./DefaultStaticConfigurationParams");
-var DefaultRemoteConfigurationParams_1 = require("./DefaultRemoteConfigurationParams");
-var DefaultCommonConfigurationParams_1 = require("./DefaultCommonConfigurationParams");
-exports.DEFAULT_CONFIGURATION_PARAMS = __assign(__assign(__assign({}, DefaultStaticConfigurationParams_1.DEFAULT_STATIC_CONFIGURATION_PARAMS), DefaultRemoteConfigurationParams_1.DEFAULT_REMOTE_CONFIGURATION_PARAMS), DefaultCommonConfigurationParams_1.DEFAULT_COMMON_CONFIGURATION_PARAMS);
+var logger_1 = require("../../logger");
+var utils_1 = require("../../utils");
+var products_1 = require("../../products");
+exports.DEFAULT_CONFIGURATION_PARAMS = {
+    px_app_id: '',
+    px_auth_token: '',
+    px_cookie_secret: '',
+    px_logger_auth_token: '',
+    px_remote_config_auth_token: '',
+    px_remote_config_enabled: true,
+    px_remote_config_id: '',
+    px_remote_config_version: 0,
+    px_filter_by_route_regex: [],
+    px_monitored_routes_regex: [],
+    px_enforced_routes_regex: [],
+    px_graphql_routes_regex: [],
+    px_sensitive_routes_regex: [],
+    px_s2s_timeout: 1000,
+    px_blocking_score: 100,
+    px_user_agent_max_length: 8528,
+    px_risk_cookie_max_length: 2048,
+    px_risk_cookie_min_iterations: 500,
+    px_risk_cookie_max_iterations: 5000,
+    px_logger_severity: logger_1.LoggerSeverity.ERROR,
+    px_ip_headers: [],
+    px_module_enabled: true,
+    px_module_mode: utils_1.ModuleMode.MONITOR,
+    px_additional_activity_handler: null,
+    px_advanced_blocking_response_enabled: true,
+    px_max_activity_batch_size: 0,
+    px_batch_activities_timeout_ms: 1000,
+    px_bypass_monitor_header: 'x-px-block',
+    px_enforced_routes: [],
+    px_first_party_enabled: true,
+    px_custom_first_party_prefix: '',
+    px_custom_first_party_sensor_endpoint: '',
+    px_custom_first_party_xhr_endpoint: '',
+    px_custom_first_party_captcha_endpoint: '',
+    px_first_party_timeout_ms: 4000,
+    px_backend_url: '',
+    px_backend_collector_url: '',
+    px_backend_captcha_url: 'https://captcha.px-cdn.net',
+    px_backend_client_url: 'https://client.perimeterx.net',
+    px_login_credentials_extraction_enabled: false,
+    px_login_credentials_extraction: [],
+    px_credentials_intelligence_version: products_1.CredentialIntelligenceVersion.BOTH,
+    px_compromised_credentials_header: products_1.DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME,
+    px_send_raw_username_on_additional_s2s_activity: false,
+    px_automatic_additional_s2s_activity_enabled: true,
+    px_additional_s2s_activity_header_enabled: false,
+    px_login_successful_reporting_method: products_1.LoginSuccessfulReportingMethod.STATUS,
+    px_login_successful_body_regex: '',
+    px_login_successful_header_name: '',
+    px_login_successful_header_value: '',
+    px_login_successful_status: [200],
+    px_login_successful_custom_callback: null,
+    px_monitored_routes: [],
+    px_sensitive_headers: ['cookie', 'cookies'],
+    px_sensitive_routes: [],
+    px_filter_by_extension: [
+        '.css',
+        '.bmp',
+        '.tif',
+        '.ttf',
+        '.docx',
+        '.woff2',
+        '.js',
+        '.pict',
+        '.tiff',
+        '.eot',
+        '.xlsx',
+        '.jpg',
+        '.csv',
+        '.eps',
+        '.woff',
+        '.xls',
+        '.jpeg',
+        '.doc',
+        '.ejs',
+        '.otf',
+        '.pptx',
+        '.gif',
+        '.pdf',
+        '.swf',
+        '.svg',
+        '.ps',
+        '.ico',
+        '.pls',
+        '.midi',
+        '.svgz',
+        '.class',
+        '.png',
+        '.ppt',
+        '.mid',
+        '.webp',
+        '.jar',
+        '.json',
+        '.xml',
+    ],
+    px_filter_by_http_method: [],
+    px_filter_by_ip: [],
+    px_filter_by_route: [],
+    px_filter_by_user_agent: [],
+    px_css_ref: '',
+    px_js_ref: '',
+    px_custom_cookie_header: 'x-px-cookies',
+    px_custom_logo: '',
+    px_graphql_enabled: true,
+    px_graphql_routes: ['/graphql'],
+    px_graphql_keywords: [],
+    px_sensitive_graphql_operation_names: [],
+    px_sensitive_graphql_operation_types: [],
+    px_enrich_custom_parameters: null,
+    px_jwt_cookie_name: '',
+    px_jwt_cookie_user_id_field_name: '',
+    px_jwt_cookie_additional_field_names: [],
+    px_jwt_header_name: '',
+    px_jwt_header_user_id_field_name: '',
+    px_jwt_header_additional_field_names: [],
+    px_cors_support_enabled: false,
+    px_cors_custom_preflight_handler: null,
+    px_cors_preflight_request_filter_enabled: false,
+    px_cors_create_custom_block_response_headers: null,
+    px_remote_config_max_fetch_attempts: 5,
+    px_remote_config_retry_interval_ms: 1000,
+    px_url_decode_reserved_characters: false,
+    px_secured_pxhd_enabled: false,
+    px_custom_is_sensitive_request: null,
+    px_custom_is_monitored_request: null,
+    px_custom_is_enforced_request: null,
+    px_custom_is_filtered_request: null,
+    px_extract_graphql_keywords: null,
+};

package/lib/cjs/config/defaults/index.js

@@ -15,6 +15,3 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./DefaultConfigurationParams"), exports);
-__exportStar(require("./DefaultRemoteConfigurationParams"), exports);
-__exportStar(require("./DefaultStaticConfigurationParams"), exports);
-__exportStar(require("./DefaultCommonConfigurationParams"), exports);

package/lib/cjs/config/params/StaticConfigurationParamsOnly.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/cjs/config/params/index.js

@@ -15,7 +15,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./CommonConfigurationParams"), exports);
-__exportStar(require("./RemoteConfigurationParams"), exports);
+__exportStar(require("./RemoteConfigurationParamsOnly"), exports);
+__exportStar(require("./StaticConfigurationParamsOnly"), exports);
 __exportStar(require("./StaticConfigurationParams"), exports);
+__exportStar(require("./RemoteConfigurationParams"), exports);
 __exportStar(require("./ConfigurationParams"), exports);
-__exportStar(require("./InitializeConfigurationParams"), exports);

package/lib/cjs/config/remote_config/RemoteConfigUtils.js

@@ -1,4 +1,13 @@
 "use strict";
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RemoteConfigUtils = void 0;
 var http_1 = require("../../http");
@@ -11,4 +20,20 @@ var RemoteConfigUtils;
             request.headers.get(utils_1.PUSH_DATA_FEATURE_HEADER_NAME) === constants_1.REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME &&
             !!request.headers.get(utils_1.PUSH_DATA_HMAC_HEADER_NAME);
     };
+    RemoteConfigUtils.prepareRemoteConfigParams = function (remoteConfigParams, logger) {
+        var remoteConfig = Object.assign({}, remoteConfigParams);
+        // Remote config receives strings and regexes in separate fields (px_sensitive_routes, px_sensitive_routes_regex)
+        // Before initializing a new active configuration, we merge the two into the more generic field (px_sensitive_routes)
+        constants_1.CONFIG_KEYS_WITH_REGEX_EQUIVALENT_IN_REMOTE_CONFIG.forEach(function (k) {
+            if (remoteConfig[k] || remoteConfig["".concat(k, "_regex")]) {
+                remoteConfig[k] = RemoteConfigUtils.mergeStringRegexConfigurationValues(remoteConfig[k], remoteConfig["".concat(k, "_regex")], logger);
+                delete remoteConfig["".concat(k, "_regex")];
+            }
+        });
+        return remoteConfig;
+    };
+    RemoteConfigUtils.mergeStringRegexConfigurationValues = function (stringFields, regexFields, logger) {
+        var merged = __spreadArray(__spreadArray([], (stringFields || []), true), (regexFields || []).map(function (regexString) { return (0, utils_1.convertRegexStringToRegex)(regexString, logger); }), true);
+        return merged.filter(Boolean);
+    };
 })(RemoteConfigUtils || (exports.RemoteConfigUtils = RemoteConfigUtils = {}));

package/lib/cjs/config/remote_config/constants.js

@@ -1,6 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WRITE_REMOTE_CONFIG_ERROR_NAME = exports.REMOTE_CONFIG_ENDPOINT = exports.REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME = void 0;
+exports.CONFIG_KEYS_WITH_REGEX_EQUIVALENT_IN_REMOTE_CONFIG = exports.READ_REMOTE_CONFIG_ERROR_NAME = exports.WRITE_REMOTE_CONFIG_ERROR_NAME = exports.REMOTE_CONFIG_ENDPOINT = exports.REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME = void 0;
 exports.REMOTE_CONFIG_PUSH_DATA_FEATURE_NAME = 'enforcer_config';
 exports.REMOTE_CONFIG_ENDPOINT = '/config/';
 exports.WRITE_REMOTE_CONFIG_ERROR_NAME = 'write_remote_config';
+exports.READ_REMOTE_CONFIG_ERROR_NAME = 'read_remote_config';
+exports.CONFIG_KEYS_WITH_REGEX_EQUIVALENT_IN_REMOTE_CONFIG = [
+    'px_sensitive_routes',
+    'px_monitored_routes',
+    'px_enforced_routes',
+    'px_filter_by_route',
+    'px_graphql_routes',
+];

package/lib/cjs/graphql/DefaultGraphQLParser.js

@@ -201,8 +201,9 @@ var DefaultGraphQLParser = /** @class */ (function () {
         return /^\s*{/.test(query);
     };
     DefaultGraphQLParser.prototype.getOperationName = function (operationNameToTypeMap, operation) {
+        var _a;
         return (operation.operationName ||
-            (Object.keys(operationNameToTypeMap).length === 1 ? Object.keys(operationNameToTypeMap)[0] : undefined));
+            (Object.keys(operationNameToTypeMap).length === 1 ? (_a = Object.keys(operationNameToTypeMap)) === null || _a === void 0 ? void 0 : _a[0] : undefined));
     };
     DefaultGraphQLParser.prototype.getQueryKeywords = function (query, context) {
         var _a;
@@ -272,7 +273,10 @@ var DefaultGraphQLParser = /** @class */ (function () {
         return (this.config.sensitiveGraphqlOperationTypes.some(function (type) { return type === operationType; }) ||
             this.config.sensitiveGraphqlOperationNames.some(function (name) {
                 var pattern = _this.toGlobalRegExp(name);
-                return pattern.test(operationName) || (keywords === null || keywords === void 0 ? void 0 : keywords.some(function (kw) { return pattern.test(kw); }));
+                if (!pattern) {
+                    return false;
+                }
+                return !!(operationName === null || operationName === void 0 ? void 0 : operationName.match(pattern)) || (keywords === null || keywords === void 0 ? void 0 : keywords.some(function (kw) { return !!kw.match(pattern); }));
             }));
     };
     DefaultGraphQLParser.prototype.extractGraphQLVariableNames = function (variables) {

package/lib/cjs/products/credential_intelligence/endpoint/login_successful/BodyLoginSuccessfulParser.js

@@ -42,10 +42,11 @@ var BodyLoginSuccessfulParser = /** @class */ (function () {
         this.bodyRegex = new RegExp(regex);
     }
     BodyLoginSuccessfulParser.prototype.isLoginSuccessful = function (response) {
+        var _a, _b;
         return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
+            return __generator(this, function (_c) {
                 // TODO: Possibly add IBody methods to IOutgoingResponse interface?
-                return [2 /*return*/, this.bodyRegex.test(response.body)];
+                return [2 /*return*/, !!((_b = (_a = response.body) === null || _a === void 0 ? void 0 : _a.match) === null || _b === void 0 ? void 0 : _b.call(_a, this.bodyRegex))];
             });
         });
     };

package/lib/cjs/products/credential_intelligence/endpoint/matcher/RegexPathEndpointMatcher.js

@@ -8,7 +8,7 @@ var RegexPathEndpointMatcher = /** @class */ (function () {
     }
     RegexPathEndpointMatcher.prototype.matches = function (_a) {
         var method = _a.method, url = _a.url;
-        return method === this.method && this.pathnameRegex.test(url.pathname);
+        return method === this.method && !!url.pathname.match(this.pathnameRegex);
     };
     return RegexPathEndpointMatcher;
 }());

package/lib/cjs/telemetry/DefaultTelemetry.js

@@ -143,9 +143,9 @@ var DefaultTelemetry = /** @class */ (function () {
             'px_remote_config_auth_token',
         ];
         var telemetryConfig = {
-            active_config: (0, utils_1.removeSensitiveFields)(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
-            static_config: (0, utils_1.removeSensitiveFields)(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
-            remote_config: (0, utils_1.removeSensitiveFields)(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
+            active_config: (0, utils_1.redactSensitiveFields)(this.config.getActiveConfig(), SENSITIVE_CONFIG_FIELDS),
+            static_config: (0, utils_1.redactSensitiveFields)(this.config.getStaticConfig(), SENSITIVE_CONFIG_FIELDS),
+            remote_config: (0, utils_1.redactSensitiveFields)(this.config.getRemoteConfig(), SENSITIVE_CONFIG_FIELDS),
         };
         var activity = {
             type: activities_1.ActivityType.ENFORCER_TELEMETRY,

package/lib/cjs/utils/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CORE_MODULE_VERSION = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
+exports.CORE_MODULE_VERSION = exports.REGEX_STRUCTURE = exports.URL_REGEX = exports.EMAIL_ADDRESS_REGEX = exports.PUSH_DATA_FEATURE_HEADER_NAME = exports.PUSH_DATA_HMAC_HEADER_NAME = exports.X_PX_BYPASS_REASON_HEADER_NAME = exports.X_PX_ORIGINAL_TOKEN_HEADER_NAME = exports.X_PX_AUTHORIZATION_HEADER_NAME = exports.BYPASS_MONITOR_HEADER_VALUE = exports.CD_PXVID_COOKIE_NAME = exports.PXDE_COOKIE_NAME = exports.PXHD_COOKIE_NAME = exports.PXVID_COOKIE_NAME = void 0;
 exports.PXVID_COOKIE_NAME = '_pxvid';
 exports.PXHD_COOKIE_NAME = '_pxhd';
 exports.PXDE_COOKIE_NAME = '_pxde';
@@ -13,4 +13,5 @@ exports.PUSH_DATA_HMAC_HEADER_NAME = 'x-px-pushdata';
 exports.PUSH_DATA_FEATURE_HEADER_NAME = 'x-px-feature';
 exports.EMAIL_ADDRESS_REGEX = /^[a-zA-Z0-9_+&*-]+(?:\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,7}$/;
 exports.URL_REGEX = /^(https?\:)\/\/(([^@\s:]+):?([^@\s]*)@)?(([^:\/?#]*)(?:\:([0-9]+))?)([\/]{0,1}[^?#]*)(\?[^#]*|)(#.*|)$/;
-exports.CORE_MODULE_VERSION = 'JS Core 0.20.0';
+exports.REGEX_STRUCTURE = /^\/(.+?)\/([gimsuyvd]*)$/;
+exports.CORE_MODULE_VERSION = 'JS Core 0.21.0';

package/lib/cjs/utils/utils.js

@@ -36,7 +36,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
     }
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.telemetryConfigReplacer = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.removeSensitiveFields = exports.getExtension = exports.getAuthorizationHeader = exports.getCollectorDomain = exports.getScoreApiDomain = exports.isEmailAddress = exports.isValidUuid = exports.isValidEnumValue = void 0;
+exports.telemetryConfigReplacer = exports.convertRegexStringToRegex = exports.algoToCryptoString = exports.algoToSubtleCryptoString = exports.sleep = exports.getPropertyFromObject = exports.rejectOnTimeout = exports.transferExistingProperties = exports.isRouteMatch = exports.isRouteInPatterns = exports.removeSensitiveHeaders = exports.redactSensitiveFields = exports.getExtension = exports.getAuthorizationHeader = exports.getCollectorDomain = exports.getScoreApiDomain = exports.isEmailAddress = exports.isValidUuid = exports.isValidEnumValue = void 0;
 var http_1 = require("../http");
 var error_1 = require("./error");
 var constants_1 = require("./constants");
@@ -77,14 +77,22 @@ var getExtension = function (route) {
     return endOfPath.substring(extensionIndex);
 };
 exports.getExtension = getExtension;
-var removeSensitiveFields = function (object, sensitiveFields) {
+var redactSensitiveFields = function (object, sensitiveFields) {
+    var NUMBER_OF_TRAILING_CHARS_TO_EXPOSE = 5;
+    var SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS = NUMBER_OF_TRAILING_CHARS_TO_EXPOSE * 10;
     var newObj = Object.assign({}, object);
     sensitiveFields.forEach(function (fieldName) {
-        delete newObj[fieldName];
+        var sensitiveValue = object[fieldName];
+        if (!sensitiveValue) {
+            return;
+        }
+        var trailingCharsExposed = sensitiveValue.length >= SENSITIVE_VALUE_MINIMUM_LENGTH_TO_EXPOSE_TRAILING_CHARS;
+        var trailingChars = sensitiveValue.substring(sensitiveValue.length - (trailingCharsExposed ? NUMBER_OF_TRAILING_CHARS_TO_EXPOSE : 0));
+        newObj[fieldName] = "***REDACTED***".concat(trailingChars);
     });
     return newObj;
 };
-exports.removeSensitiveFields = removeSensitiveFields;
+exports.redactSensitiveFields = redactSensitiveFields;
 var removeSensitiveHeaders = function (headers, sensitiveHeaderNames) {
     var ret = (0, http_1.toMutableHeaders)(headers);
     sensitiveHeaderNames.forEach(function (name) {
@@ -101,7 +109,7 @@ var isRouteMatch = function (route, pattern) {
     if (!route || !pattern) {
         return false;
     }
-    if (pattern instanceof RegExp && pattern.test(route)) {
+    if (pattern instanceof RegExp && !!route.match(pattern)) {
         return true;
     }
     if (typeof pattern === 'string' && route.startsWith(pattern)) {
@@ -184,6 +192,27 @@ var algoToCryptoString = function (algo) {
     }
 };
 exports.algoToCryptoString = algoToCryptoString;
+var convertRegexStringToRegex = function (regexString, logger) {
+    if (!regexString) {
+        logger === null || logger === void 0 ? void 0 : logger.debug('regex string cannot be empty or null');
+        return null;
+    }
+    var match = regexString.match(constants_1.REGEX_STRUCTURE);
+    if (!match) {
+        logger === null || logger === void 0 ? void 0 : logger.debug("invalid regex string: '".concat(regexString, "'. The string should be in the format ").concat(constants_1.REGEX_STRUCTURE.source));
+        return null;
+    }
+    var pattern = match[1];
+    var flags = match[2];
+    try {
+        return new RegExp(pattern, flags);
+    }
+    catch (e) {
+        logger === null || logger === void 0 ? void 0 : logger.debug("unable to parse string regex with pattern ".concat(pattern, ", flags ").concat(flags, ": ").concat(e));
+        return null;
+    }
+};
+exports.convertRegexStringToRegex = convertRegexStringToRegex;
 // Hash based on https://stackoverflow.com/questions/7616461/generate-a-hash-from-string-in-javascript
 var toHash = function (string) {
     var hash = 0;

package/lib/esm/config/ConfigurationBase.js

@@ -1,6 +1,7 @@
 import { DEFAULT_CONFIGURATION_PARAMS } from './defaults';
 import { LoggerSeverity, DefaultLogger } from '../logger';
 import { ModuleMode, getScoreApiDomain, getCollectorDomain, isValidEnumValue, EnforcerError, CORE_MODULE_VERSION, } from '../utils';
+import { RemoteConfigUtils } from './remote_config';
 export class ConfigurationBase {
     activeConfigParams;
     staticConfigParams;
@@ -9,16 +10,16 @@ export class ConfigurationBase {
     internalLogger;
     constructor(params, defaultParams) {
         this.defaultConfigParams = { ...DEFAULT_CONFIGURATION_PARAMS, ...defaultParams };
-        this.activeConfigParams = this.initialize(params, this.defaultConfigParams);
+        this.activeConfigParams = this.createActiveConfiguration(params, this.defaultConfigParams);
         this.staticConfigParams = params;
-        this.internalLogger = this.createInternalLogger(this.activeConfigParams.px_logger_severity);
     }
-    initialize(params, defaultParams) {
+    createActiveConfiguration(params, defaultParams) {
         this.throwIfMissingRequiredField(params);
         const config = {};
         Object.keys(defaultParams).forEach((k) => {
             config[k] = this.getValidConfigValue(params, defaultParams, k);
         });
+        this.internalLogger = this.createInternalLogger(config.px_logger_severity);
         return config;
     }
     throwIfMissingRequiredField(params) {
@@ -68,7 +69,11 @@ export class ConfigurationBase {
     }
     addRemoteConfig(remoteConfigParams) {
         this.remoteConfigParams = remoteConfigParams;
-        this.activeConfigParams = this.initialize({ ...this.staticConfigParams, ...remoteConfigParams }, this.defaultConfigParams);
+        const mergedParams = {
+            ...this.staticConfigParams,
+            ...RemoteConfigUtils.prepareRemoteConfigParams(remoteConfigParams, this.logger),
+        };
+        this.activeConfigParams = this.createActiveConfiguration(mergedParams, this.defaultConfigParams);
     }
     getActiveConfig() {
         return Object.assign({}, this.activeConfigParams);

package/lib/esm/config/ConfigurationBuilderBase.js

@@ -1,3 +1,4 @@
+import { READ_REMOTE_CONFIG_ERROR_NAME } from './remote_config';
 export class ConfigurationBuilderBase {
     base64Utils;
     constructor(base64Utils) {
@@ -20,12 +21,16 @@ export class ConfigurationBuilderBase {
             const storageClient = await this.createRemoteConfigStorageClient(staticConfig);
             const remoteConfigData = await storageClient?.load();
             if (!remoteConfigData) {
-                staticConfig.logger.debug('unable to load remote config from storage');
+                staticConfig.logger.debug('unable to load remote config from storage', {
+                    error_type: READ_REMOTE_CONFIG_ERROR_NAME,
+                });
                 return null;
             }
             const { configValue, id, version } = remoteConfigData;
             if (!this.isValidRemoteConfigId(staticConfig.remoteConfigAuthToken, id)) {
-                staticConfig.logger.debug(`remote config ID in auth token does not match ID found in storage ${id}`);
+                staticConfig.logger.debug(`remote config ID in auth token does not match ID found in storage ${id}`, {
+                    error_type: READ_REMOTE_CONFIG_ERROR_NAME,
+                });
                 return null;
             }
             if (!configValue.px_remote_config_enabled) {

package/lib/esm/config/defaults/DefaultConfigurationParams.js

@@ -1,8 +1,133 @@
-import { DEFAULT_STATIC_CONFIGURATION_PARAMS } from './DefaultStaticConfigurationParams';
-import { DEFAULT_REMOTE_CONFIGURATION_PARAMS } from './DefaultRemoteConfigurationParams';
-import { DEFAULT_COMMON_CONFIGURATION_PARAMS } from './DefaultCommonConfigurationParams';
+import { LoggerSeverity } from '../../logger';
+import { ModuleMode } from '../../utils';
+import { CredentialIntelligenceVersion, DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME, LoginSuccessfulReportingMethod, } from '../../products';
 export const DEFAULT_CONFIGURATION_PARAMS = {
-    ...DEFAULT_STATIC_CONFIGURATION_PARAMS,
-    ...DEFAULT_REMOTE_CONFIGURATION_PARAMS,
-    ...DEFAULT_COMMON_CONFIGURATION_PARAMS,
+    px_app_id: '',
+    px_auth_token: '',
+    px_cookie_secret: '',
+    px_logger_auth_token: '',
+    px_remote_config_auth_token: '',
+    px_remote_config_enabled: true,
+    px_remote_config_id: '',
+    px_remote_config_version: 0,
+    px_filter_by_route_regex: [],
+    px_monitored_routes_regex: [],
+    px_enforced_routes_regex: [],
+    px_graphql_routes_regex: [],
+    px_sensitive_routes_regex: [],
+    px_s2s_timeout: 1000,
+    px_blocking_score: 100,
+    px_user_agent_max_length: 8528,
+    px_risk_cookie_max_length: 2048,
+    px_risk_cookie_min_iterations: 500,
+    px_risk_cookie_max_iterations: 5000,
+    px_logger_severity: LoggerSeverity.ERROR,
+    px_ip_headers: [],
+    px_module_enabled: true,
+    px_module_mode: ModuleMode.MONITOR,
+    px_additional_activity_handler: null,
+    px_advanced_blocking_response_enabled: true,
+    px_max_activity_batch_size: 0,
+    px_batch_activities_timeout_ms: 1000,
+    px_bypass_monitor_header: 'x-px-block',
+    px_enforced_routes: [],
+    px_first_party_enabled: true,
+    px_custom_first_party_prefix: '',
+    px_custom_first_party_sensor_endpoint: '',
+    px_custom_first_party_xhr_endpoint: '',
+    px_custom_first_party_captcha_endpoint: '',
+    px_first_party_timeout_ms: 4000,
+    px_backend_url: '',
+    px_backend_collector_url: '',
+    px_backend_captcha_url: 'https://captcha.px-cdn.net',
+    px_backend_client_url: 'https://client.perimeterx.net',
+    px_login_credentials_extraction_enabled: false,
+    px_login_credentials_extraction: [],
+    px_credentials_intelligence_version: CredentialIntelligenceVersion.BOTH,
+    px_compromised_credentials_header: DEFAULT_COMPROMISED_CREDENTIALS_HEADER_NAME,
+    px_send_raw_username_on_additional_s2s_activity: false,
+    px_automatic_additional_s2s_activity_enabled: true,
+    px_additional_s2s_activity_header_enabled: false,
+    px_login_successful_reporting_method: LoginSuccessfulReportingMethod.STATUS,
+    px_login_successful_body_regex: '',
+    px_login_successful_header_name: '',
+    px_login_successful_header_value: '',
+    px_login_successful_status: [200],
+    px_login_successful_custom_callback: null,
+    px_monitored_routes: [],
+    px_sensitive_headers: ['cookie', 'cookies'],
+    px_sensitive_routes: [],
+    px_filter_by_extension: [
+        '.css',
+        '.bmp',
+        '.tif',
+        '.ttf',
+        '.docx',
+        '.woff2',
+        '.js',
+        '.pict',
+        '.tiff',
+        '.eot',
+        '.xlsx',
+        '.jpg',
+        '.csv',
+        '.eps',
+        '.woff',
+        '.xls',
+        '.jpeg',
+        '.doc',
+        '.ejs',
+        '.otf',
+        '.pptx',
+        '.gif',
+        '.pdf',
+        '.swf',
+        '.svg',
+        '.ps',
+        '.ico',
+        '.pls',
+        '.midi',
+        '.svgz',
+        '.class',
+        '.png',
+        '.ppt',
+        '.mid',
+        '.webp',
+        '.jar',
+        '.json',
+        '.xml',
+    ],
+    px_filter_by_http_method: [],
+    px_filter_by_ip: [],
+    px_filter_by_route: [],
+    px_filter_by_user_agent: [],
+    px_css_ref: '',
+    px_js_ref: '',
+    px_custom_cookie_header: 'x-px-cookies',
+    px_custom_logo: '',
+    px_graphql_enabled: true,
+    px_graphql_routes: ['/graphql'],
+    px_graphql_keywords: [],
+    px_sensitive_graphql_operation_names: [],
+    px_sensitive_graphql_operation_types: [],
+    px_enrich_custom_parameters: null,
+    px_jwt_cookie_name: '',
+    px_jwt_cookie_user_id_field_name: '',
+    px_jwt_cookie_additional_field_names: [],
+    px_jwt_header_name: '',
+    px_jwt_header_user_id_field_name: '',
+    px_jwt_header_additional_field_names: [],
+    px_cors_support_enabled: false,
+    px_cors_custom_preflight_handler: null,
+    px_cors_preflight_request_filter_enabled: false,
+    px_cors_create_custom_block_response_headers: null,
+    px_remote_config_max_fetch_attempts: 5,
+    px_remote_config_retry_interval_ms: 1000,
+    px_url_decode_reserved_characters: false,
+    px_secured_pxhd_enabled: false,
+    px_custom_is_sensitive_request: null,
+    px_custom_is_monitored_request: null,
+    px_custom_is_enforced_request: null,
+    px_custom_is_filtered_request: null,
+    px_extract_graphql_keywords: null,
 };

package/lib/esm/config/defaults/index.js

@@ -1,4 +1 @@
 export * from './DefaultConfigurationParams';
-export * from './DefaultRemoteConfigurationParams';
-export * from './DefaultStaticConfigurationParams';
-export * from './DefaultCommonConfigurationParams';