@contrast/config
Advanced tools
Comparing version 1.2.0 to 1.3.0
@@ -19,2 +19,11 @@ /* | ||
type SyslogLevel = | ||
| 'alert' | ||
| 'critical' | ||
| 'error' | ||
| 'warning' | ||
| 'notice' | ||
| 'info' | ||
| 'debug'; | ||
export interface Config { | ||
@@ -35,3 +44,3 @@ configFile: string; | ||
url: string; | ||
} | ||
}; | ||
}; | ||
@@ -42,3 +51,4 @@ | ||
app_activity_ms: number; | ||
}, | ||
}; | ||
reporters: { | ||
@@ -69,2 +79,40 @@ /** Path indicating where to report all agent findings. */ | ||
security_logger: { | ||
/** Default: `'debug'` */ | ||
level: SyslogLevel; | ||
/** Default: `'security'` */ | ||
path: string; | ||
syslog: { | ||
enable: boolean; | ||
ip: string; | ||
/** Default: UDP `514` */ | ||
port: number; | ||
/** | ||
* The facility code of the messages the agent sends to Syslog. | ||
* Values: 0-23, inclusive. Default: `19` | ||
*/ | ||
facility: number; | ||
/** Log level of 'Blocked' attacks. Default: `'notice'` */ | ||
severity_blocked: SyslogLevel; | ||
/** Log level of 'Exploited' attacks. Default: `'alert'` */ | ||
severity_exploited: SyslogLevel; | ||
/** Log level of 'Probed' attacks. Default: `'warning'` */ | ||
severity_probed: SyslogLevel; | ||
/** Log level of 'Blocked at Perimeter' attacks. Default: `'notice'` */ | ||
severity_blocked_perimeter: SyslogLevel; | ||
/** Log level of suspcious but not blocked attacks. Default: `'warning'` */ | ||
severity_suspicious: SyslogLevel; | ||
}; | ||
}; | ||
node: { | ||
@@ -129,2 +177,3 @@ /** Default: `true` */ | ||
environment?: string; | ||
tags?: string; | ||
/** Default: `os.hostname()` */ | ||
@@ -131,0 +180,0 @@ name: string; |
@@ -55,7 +55,7 @@ /* | ||
value = value.toString().toLowerCase(); | ||
return (value === 'true' || value === 't') | ||
return value === 'true' || value === 't' | ||
? true | ||
: (value === 'false' || value === 'f') | ||
? false | ||
: undefined; | ||
: value === 'false' || value === 'f' | ||
? false | ||
: undefined; | ||
} | ||
@@ -100,5 +100,4 @@ | ||
arg: '<path>', | ||
desc: | ||
'set config file location. defaults to <app_root>/contrast_security.yaml' | ||
} | ||
desc: 'set config file location. defaults to <app_root>/contrast_security.yaml', | ||
}, | ||
]; | ||
@@ -112,3 +111,3 @@ | ||
default: true, | ||
desc: 'set false to disable reporting' | ||
desc: 'set false to disable reporting', | ||
}, | ||
@@ -119,3 +118,3 @@ { | ||
arg: '<key>', | ||
desc: 'the organization API key' | ||
desc: 'the organization API key', | ||
}, | ||
@@ -126,3 +125,3 @@ { | ||
arg: '<key>', | ||
desc: 'account service key' | ||
desc: 'account service key', | ||
}, | ||
@@ -164,3 +163,3 @@ { | ||
}, | ||
desc: 'url to report on' | ||
desc: 'url to report on', | ||
}, | ||
@@ -171,3 +170,3 @@ { | ||
arg: '<name>', | ||
desc: 'account user name' | ||
desc: 'account user name', | ||
}, | ||
@@ -191,3 +190,3 @@ { | ||
arg: '<path>', | ||
desc: 'path indicating where to report all agent findings' | ||
desc: 'path indicating where to report all agent findings', | ||
}, | ||
@@ -199,4 +198,3 @@ { | ||
default: true, | ||
desc: | ||
'if false, create a new log file on startup instead of appending and rolling daily' | ||
desc: 'if false, create a new log file on startup instead of appending and rolling daily', | ||
}, | ||
@@ -209,4 +207,3 @@ { | ||
default: 'error', | ||
desc: | ||
'logging level (error, warn, info, debug, trace). overrides FeatureSet:logLevel' | ||
desc: 'logging level (error, warn, info, debug, trace). overrides FeatureSet:logLevel', | ||
}, | ||
@@ -218,3 +215,3 @@ { | ||
arg: '<path>', | ||
desc: 'where contrast will put its debug log' | ||
desc: 'where contrast will put its debug log', | ||
}, | ||
@@ -226,5 +223,89 @@ { | ||
default: true, | ||
desc: 'if false, suppress output to STDOUT' | ||
desc: 'if false, suppress output to STDOUT', | ||
}, | ||
{ | ||
name: 'agent.security_logger.level', | ||
arg: '<level>', | ||
fn: lowercase, | ||
// NOTE: syslog actually specifies 8 levels, starting with 0-emergency, but | ||
// we do not let the user set emergency for whatever reason | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'debug', | ||
desc: 'security logging level (alert, crit, err, warning, notice, info, debug)', | ||
}, | ||
{ | ||
name: 'agent.security_logger.path', | ||
// default: 'security', | ||
fn: toAbsolutePath, | ||
arg: '<path>', | ||
desc: 'where to log security events', | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.enable', | ||
fn: castBoolean, | ||
desc: 'Set to true to enable Syslog logging', | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.ip', | ||
desc: 'Set the IP address of the Syslog server to which the agent should send messages', | ||
arg: '<ip>', | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.port', | ||
desc: 'Set the port of the Syslog server to which the agent should send messages', | ||
default: 514, | ||
arg: '<port>', | ||
fn: parseNum, | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.facility', | ||
desc: 'Set the facility code of the messages the agent sends to Syslog', | ||
enum: [ | ||
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, | ||
21, 22, 23, | ||
], | ||
default: 19, | ||
arg: '<facility>', | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.severity_blocked', | ||
desc: 'Set the log level of Blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG', | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'notice', | ||
arg: '<level>', | ||
fn: lowercase, | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.severity_exploited', | ||
desc: 'Set the log level of Exploited attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG', | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'alert', | ||
arg: '<level>', | ||
fn: lowercase, | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.severity_probed', | ||
desc: 'Set the log level of Probed attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG', | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'warning', | ||
arg: '<level>', | ||
fn: lowercase, | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.severity_blocked_perimeter', | ||
desc: 'Set the log level of Blocked at Perimeter attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG', | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'notice', | ||
arg: '<level>', | ||
fn: lowercase, | ||
}, | ||
{ | ||
name: 'agent.security_logger.syslog.severity_suspicious', | ||
desc: 'Set the log level of suspicious but not blocked attacks. Value options are ALERT/CRITICAL/ERROR/WARNING/NOTICE/INFO/DEBUG', | ||
enum: ['alert', 'critical', 'error', 'warning', 'notice', 'info', 'debug'], | ||
default: 'warning', | ||
arg: '<level>', | ||
fn: lowercase, | ||
}, | ||
{ | ||
name: 'agent.node.enable_rewrite', | ||
@@ -234,3 +315,3 @@ arg: '[false]', | ||
default: true, | ||
desc: 'if false, disable source rewriting (not recommended)' | ||
desc: 'if false, disable source rewriting (not recommended)', | ||
}, | ||
@@ -242,3 +323,3 @@ { | ||
default: true, | ||
desc: 'enable source map support in reporting' | ||
desc: 'enable source map support in reporting', | ||
}, | ||
@@ -249,3 +330,3 @@ { | ||
desc: "set location to look for the app's package.json", | ||
default: process.cwd() | ||
default: process.cwd(), | ||
}, | ||
@@ -257,4 +338,3 @@ { | ||
fn: parseNum, | ||
desc: | ||
'set limit for stack trace size (larger limits will improve accuracy but increase memory usage)' | ||
desc: 'set limit for stack trace size (larger limits will improve accuracy but increase memory usage)', | ||
}, | ||
@@ -266,3 +346,3 @@ { | ||
fn: split, | ||
desc: 'comma-separated list of patterns to ignore within stack traces' | ||
desc: 'comma-separated list of patterns to ignore within stack traces', | ||
}, | ||
@@ -283,3 +363,3 @@ { | ||
env: 'CONTRASTSECURITY_APP_NAME', | ||
desc: 'override the reported application name. (default: package.json:name)' | ||
desc: 'override the reported application name. (default: package.json:name)', | ||
}, | ||
@@ -290,3 +370,3 @@ { | ||
default: '/', | ||
desc: 'override the reported application path' | ||
desc: 'override the reported application path', | ||
}, | ||
@@ -296,4 +376,3 @@ { | ||
arg: '<version>', | ||
desc: | ||
"override the reported application version (if different from 'version' field in the application's package.json)" | ||
desc: "override the reported application version (if different from 'version' field in the application's package.json)", | ||
}, | ||
@@ -304,3 +383,3 @@ { | ||
default: null, | ||
desc: 'provide the ID of a session existing within Contrast UI' | ||
desc: 'provide the ID of a session existing within Contrast UI', | ||
}, | ||
@@ -311,4 +390,4 @@ { | ||
default: null, | ||
desc: 'provide metadata used to create a new session within Contrast UI' | ||
} | ||
desc: 'provide metadata used to create a new session within Contrast UI', | ||
}, | ||
]; | ||
@@ -321,3 +400,3 @@ | ||
fn: castBoolean, | ||
desc: 'if false, disable protect for this agent' | ||
desc: 'if false, disable protect for this agent', | ||
}, | ||
@@ -329,3 +408,3 @@ { | ||
default: '', | ||
desc: 'comma-separated list of rule ids to disable' | ||
desc: 'comma-separated list of rule ids to disable', | ||
}, | ||
@@ -343,4 +422,4 @@ { | ||
enum: ['monitor', 'block', 'block_at_perimeter', 'off'], | ||
desc: `the mode in which to run the ${ruleId} rule` | ||
})) | ||
desc: `the mode in which to run the ${ruleId} rule`, | ||
})), | ||
]; | ||
@@ -351,7 +430,12 @@ | ||
name: 'server.environment', | ||
arg: '<name>', | ||
arg: '<environment>', | ||
fn: uppercase, | ||
// enum: ['QA', 'PRODUCTION', 'DEVELOPMENT'], none of the other agents validate this | ||
desc: 'environment the server is running in (QA, PRODUCTION, or DEVELOPMENT)', | ||
}, | ||
{ | ||
name: 'server.tags', | ||
arg: '<tags>', | ||
desc: | ||
'environment the server is running in (QA, PRODUCTION, or DEVELOPMENT)' | ||
'server tags provided by the user to the agent that instrumented this server.', | ||
}, | ||
@@ -362,3 +446,3 @@ { | ||
default: os.hostname(), | ||
desc: 'override the reported server name' | ||
desc: 'override the reported server name', | ||
}, | ||
@@ -368,15 +452,7 @@ { | ||
arg: '<version>', | ||
desc: | ||
"override the reported server version (if different from 'version' field in the application's package.json)" | ||
} | ||
desc: "override the reported server version (if different from 'version' field in the application's package.json)", | ||
}, | ||
]; | ||
const options = [].concat( | ||
config, | ||
api, | ||
agent, | ||
application, | ||
protect, | ||
server | ||
); | ||
const options = [].concat(config, api, agent, application, protect, server); | ||
@@ -383,0 +459,0 @@ module.exports.configOptions = options; |
{ | ||
"name": "@contrast/config", | ||
"version": "1.2.0", | ||
"version": "1.3.0", | ||
"description": "An API for discovering Contrast agent configuration data", | ||
@@ -20,5 +20,5 @@ "license": "SEE LICENSE IN LICENSE", | ||
"dependencies": { | ||
"@contrast/common": "1.1.2", | ||
"@contrast/common": "1.1.3", | ||
"yaml": "^2.0.1" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
27539
822
+ Added@contrast/common@1.1.3(transitive)
- Removed@contrast/common@1.1.2(transitive)
Updated@contrast/common@1.1.3