@contrast/config - npm Package Compare versions

Comparing version 1.2.0 to 1.3.0

lib/index.d.ts

@@ -19,2 +19,11 @@ /*
 
+type SyslogLevel =
+  | 'alert'
+  | 'critical'
+  | 'error'
+  | 'warning'
+  | 'notice'
+  | 'info'
+  | 'debug';
+
 export interface Config {
@@ -35,3 +44,3 @@ configFile: string;
       url: string;
-    }
+    };
   };
@@ -42,3 +51,4 @@
       app_activity_ms: number;
-    },
+    };
+
     reporters: {
@@ -69,2 +79,40 @@ /** Path indicating where to report all agent findings. */
 
+    security_logger: {
+      /** Default: `'debug'` */
+      level: SyslogLevel;
+
+      /** Default: `'security'` */
+      path: string;
+
+      syslog: {
+        enable: boolean;
+
+        ip: string;
+
+        /** Default: UDP `514` */
+        port: number;
+
+        /**
+         * The facility code of the messages the agent sends to Syslog.
+         * Values: 0-23, inclusive. Default: `19`
+         */
+        facility: number;
+
+        /** Log level of 'Blocked' attacks. Default: `'notice'` */
+        severity_blocked: SyslogLevel;
+
+        /** Log level of 'Exploited' attacks. Default: `'alert'` */
+        severity_exploited: SyslogLevel;
+
+        /** Log level of 'Probed' attacks. Default: `'warning'` */
+        severity_probed: SyslogLevel;
+
+        /** Log level of 'Blocked at Perimeter' attacks. Default: `'notice'` */
+        severity_blocked_perimeter: SyslogLevel;
+
+        /** Log level of suspcious but not blocked attacks. Default: `'warning'` */
+        severity_suspicious: SyslogLevel;
+      };
+    };
+
     node: {
@@ -129,2 +177,3 @@ /** Default: `true` */
     environment?: string;
+    tags?: string;
     /** Default: `os.hostname()` */
@@ -131,0 +180,0 @@ name: string;

lib/options.js

@@ -55,7 +55,7 @@ /*
   value = value.toString().toLowerCase();
-  return (value === 'true' || value === 't')
+  return value === 'true' || value === 't'
     ? true
-    : (value === 'false' || value === 'f')
-        ? false
-        : undefined;
+    : value === 'false' || value === 'f'
+      ? false
+      : undefined;
 }
@@ -100,5 +100,4 @@
     arg: '<path>',
-    desc:
-      'set config file location. defaults to <app_root>/contrast_security.yaml'
-  }
+    desc: 'set config file location. defaults to <app_root>/contrast_security.yaml',
+  },
 ];
@@ -112,3 +111,3 @@
     default: true,
-    desc: 'set false to disable reporting'
+    desc: 'set false to disable reporting',
   },
@@ -119,3 +118,3 @@ {
     arg: '<key>',
-    desc: 'the organization API key'
+    desc: 'the organization API key',
   },
@@ -126,3 +125,3 @@ {
     arg: '<key>',
-    desc: 'account service key'
+    desc: 'account service key',
   },
@@ -164,3 +163,3 @@ {
     },
-    desc: 'url to report on'
+    desc: 'url to report on',
   },
@@ -171,3 +170,3 @@ {
     arg: '<name>',
-    desc: 'account user name'
+    desc: 'account user name',
   },
@@ -191,3 +190,3 @@ {
     arg: '<path>',
-    desc: 'path indicating where to report all agent findings'
+    desc: 'path indicating where to report all agent findings',
   },
@@ -199,4 +198,3 @@ {
     default: true,
-    desc:
-      'if false, create a new log file on startup instead of appending and rolling daily'
+    desc: 'if false, create a new log file on startup instead of appending and rolling daily',
   },
@@ -209,4 +207,3 @@ {
     default: 'error',
-    desc:
-      'logging level (error, warn, info, debug, trace). overrides FeatureSet:logLevel'
+    desc: 'logging level (error, warn, info, debug, trace). overrides FeatureSet:logLevel',
   },
@@ -218,3 +215,3 @@ {
     arg: '<path>',
-    desc: 'where contrast will put its debug log'
+    desc: 'where contrast will put its debug log',
   },
@@ -226,5 +223,89 @@ {
     default: true,
-    desc: 'if false, suppress output to STDOUT'
+    desc: 'if false, suppress output to STDOUT',
   },
   {
+    name: 'agent.security_logger.level',
+    arg: '<level>',
+    fn: lowercase,
+    // NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but
+    // we do not let the user set emergency for whatever reason
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'debug',
+    desc: 'security logging level (alert, crit, err, warning, notice, info, debug)',
+  },
+  {
+    name: 'agent.security_logger.path',
+    // default: 'security',
+    fn: toAbsolutePath,
+    arg: '<path>',
+    desc: 'where to log security events',
+  },
+  {
+    name: 'agent.security_logger.syslog.enable',
+    fn: castBoolean,
+    desc: 'Set to true to enable Syslog logging',
+  },
+  {
+    name: 'agent.security_logger.syslog.ip',
+    desc: 'Set the IP address of the Syslog server to which the agent should send messages',
+    arg: '<ip>',
+  },
+  {
+    name: 'agent.security_logger.syslog.port',
+    desc: 'Set the port of the Syslog server to which the agent should send messages',
+    default: 514,
+    arg: '<port>',
+    fn: parseNum,
+  },
+  {
+    name: 'agent.security_logger.syslog.facility',
+    desc: 'Set the facility code of the messages the agent sends to Syslog',
+    enum: [
+      0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
+      21, 22, 23,
+    ],
+    default: 19,
+    arg: '<facility>',
+  },
+  {
+    name: 'agent.security_logger.syslog.severity_blocked',
+    desc: 'Set the log level of Blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'notice',
+    arg: '<level>',
+    fn: lowercase,
+  },
+  {
+    name: 'agent.security_logger.syslog.severity_exploited',
+    desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'alert',
+    arg: '<level>',
+    fn: lowercase,
+  },
+  {
+    name: 'agent.security_logger.syslog.severity_probed',
+    desc: 'Set the log level of Probed attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'warning',
+    arg: '<level>',
+    fn: lowercase,
+  },
+  {
+    name: 'agent.security_logger.syslog.severity_blocked_perimeter',
+    desc: 'Set the log level of Blocked at Perimeter attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'notice',
+    arg: '<level>',
+    fn: lowercase,
+  },
+  {
+    name: 'agent.security_logger.syslog.severity_suspicious',
+    desc: 'Set the log level of suspicious but not blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG',
+    enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'],
+    default: 'warning',
+    arg: '<level>',
+    fn: lowercase,
+  },
+  {
     name: 'agent.node.enable_rewrite',
@@ -234,3 +315,3 @@ arg: '[false]',
     default: true,
-    desc: 'if false, disable source rewriting (not recommended)'
+    desc: 'if false, disable source rewriting (not recommended)',
   },
@@ -242,3 +323,3 @@ {
     default: true,
-    desc: 'enable source map support in reporting'
+    desc: 'enable source map support in reporting',
   },
@@ -249,3 +330,3 @@ {
     desc: "set location to look for the app's package.json",
-    default: process.cwd()
+    default: process.cwd(),
   },
@@ -257,4 +338,3 @@ {
     fn: parseNum,
-    desc:
-      'set limit for stack trace size (larger limits will improve accuracy but increase memory usage)'
+    desc: 'set limit for stack trace size (larger limits will improve accuracy but increase memory usage)',
   },
@@ -266,3 +346,3 @@ {
     fn: split,
-    desc: 'comma-separated list of patterns to ignore within stack traces'
+    desc: 'comma-separated list of patterns to ignore within stack traces',
   },
@@ -283,3 +363,3 @@ {
     env: 'CONTRASTSECURITY_APP_NAME',
-    desc: 'override the reported application name. (default: package.json:name)'
+    desc: 'override the reported application name. (default: package.json:name)',
   },
@@ -290,3 +370,3 @@ {
     default: '/',
-    desc: 'override the reported application path'
+    desc: 'override the reported application path',
   },
@@ -296,4 +376,3 @@ {
     arg: '<version>',
-    desc:
-      "override the reported application version (if different from 'version' field in the application's package.json)"
+    desc: "override the reported application version (if different from 'version' field in the application's package.json)",
   },
@@ -304,3 +383,3 @@ {
     default: null,
-    desc: 'provide the ID of a session existing within Contrast UI'
+    desc: 'provide the ID of a session existing within Contrast UI',
   },
@@ -311,4 +390,4 @@ {
     default: null,
-    desc: 'provide metadata used to create a new session within Contrast UI'
-  }
+    desc: 'provide metadata used to create a new session within Contrast UI',
+  },
 ];
@@ -321,3 +400,3 @@
     fn: castBoolean,
-    desc: 'if false, disable protect for this agent'
+    desc: 'if false, disable protect for this agent',
   },
@@ -329,3 +408,3 @@ {
     default: '',
-    desc: 'comma-separated list of rule ids to disable'
+    desc: 'comma-separated list of rule ids to disable',
   },
@@ -343,4 +422,4 @@ {
     enum: ['monitor', 'block', 'block_at_perimeter', 'off'],
-    desc: `the mode in which to run the ${ruleId} rule`
-  }))
+    desc: `the mode in which to run the ${ruleId} rule`,
+  })),
 ];
@@ -351,7 +430,12 @@
     name: 'server.environment',
-    arg: '<name>',
+    arg: '<environment>',
     fn: uppercase,
     // enum: ['QA', 'PRODUCTION', 'DEVELOPMENT'], none of the other agents validate this
+    desc: 'environment the server is running in (QA, PRODUCTION, or DEVELOPMENT)',
+  },
+  {
+    name: 'server.tags',
+    arg: '<tags>',
     desc:
-      'environment the server is running in (QA, PRODUCTION, or DEVELOPMENT)'
+      'server tags provided by the user to the agent that instrumented this server.',
   },
@@ -362,3 +446,3 @@ {
     default: os.hostname(),
-    desc: 'override the reported server name'
+    desc: 'override the reported server name',
   },
@@ -368,15 +452,7 @@ {
     arg: '<version>',
-    desc:
-      "override the reported server version (if different from 'version' field in the application's package.json)"
-  }
+    desc: "override the reported server version (if different from 'version' field in the application's package.json)",
+  },
 ];
 
-const options = [].concat(
-  config,
-  api,
-  agent,
-  application,
-  protect,
-  server
-);
+const options = [].concat(config, api, agent, application, protect, server);
 
@@ -383,0 +459,0 @@ module.exports.configOptions = options;

package.json

 {
   "name": "@contrast/config",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "An API for discovering Contrast agent configuration data",
@@ -20,5 +20,5 @@ "license": "SEE LICENSE IN LICENSE",
   "dependencies": {
-    "@contrast/common": "1.1.2",
+    "@contrast/common": "1.1.3",
     "yaml": "^2.0.1"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

27539

increased by18.64%

Lines of code

822

increased by15.77%

Dependency changes

• + Added@contrast/common@1.1.3(transitive)

• - Removed@contrast/common@1.1.2(transitive)

• Updated@contrast/common@1.1.3