Socket
Socket
Sign inDemoInstall

@contrast/protect

Package Overview
Dependencies
Maintainers
15
Versions
73
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@contrast/protect - npm Package Compare versions

Comparing version 1.13.1 to 1.14.0

113

lib/input-analysis/handlers.js

@@ -23,2 +23,3 @@ /*

Rule,
ProtectRuleMode,
isString,

@@ -439,53 +440,101 @@ ProtectRuleMode: { OFF },

const { resultsMap } = sourceContext;
// Detecting probes
const { resultsMap, policy: { rulesMask } } = sourceContext;
const probesRules = [Rule.CMD_INJECTION, Rule.PATH_TRAVERSAL, Rule.SQL_INJECTION, Rule.XXE];
const props = {};
const probes = {};
// Detecting probes
const findingsForScoreRequest = {
HeaderValue: {},
ParameterValue: {},
CookieValue: {},
};
const findingsForScoreAtom = {};
const valueToResultByRuleId = {};
Object.values(resultsMap).forEach(resultsByRuleId => {
resultsByRuleId.forEach((resultByRuleId) => {
resultsByRuleId.forEach(resultByRuleId => {
const {
ruleId,
blocked,
exploitMetadata,
score,
value,
key,
inputType
} = resultByRuleId;
if (blocked || !blocked && exploitMetadata.length > 0 || !probesRules.some(rule => rule === ruleId)) return;
const { policy: { rulesMask } } = sourceContext;
if (
!isMonitorMode(ruleId, sourceContext) ||
exploitMetadata.length > 0 ||
score >= 90 ||
!probesRules.some((rule) => rule === ruleId)
) {
return;
}
const results = (agentLib.scoreAtom(
rulesMask,
value,
agentLib.InputType[inputType],
{
preferWorthWatching: false
const dataType = findingsForScoreRequest[inputType];
if (!dataType) {
if (!findingsForScoreAtom[value]) {
findingsForScoreAtom[value] = {};
}
) || []).filter(({ score }) => score >= 90);
if (!results.length) return;
findingsForScoreAtom[value][inputType] = resultByRuleId;
return;
}
results.forEach(result => {
const isAlreadyBlocked = (resultsMap[result.ruleId] || []).some(element =>
element.blocked && element.inputType === inputType && element.value === value
);
dataType[key] = value;
valueToResultByRuleId[value] = resultByRuleId;
});
});
if (isAlreadyBlocked) return;
const { ParameterValue, HeaderValue, CookieValue } = findingsForScoreRequest;
const probe = Object.assign({}, resultByRuleId, result, {
mappedId: result.ruleId
});
const key = [probe.ruleId, probe.inputType, ...probe.path, probe.value].join('|');
props[key] = probe;
const results =
agentLib.scoreRequestConnect(
rulesMask,
{
queries: Object.entries(ParameterValue).flat(),
headers: Object.entries(HeaderValue).flat(),
cookies: Object.entries(CookieValue).flat(),
},
{
preferWorthWatching: false,
}
).resultsList || [];
Object.entries(findingsForScoreAtom).forEach(([value, inputTypes]) => {
Object.entries(inputTypes).forEach(([inputType, resultByRuleId]) =>
(
agentLib.scoreAtom(rulesMask, value, agentLib.InputType[inputType], {
preferWorthWatching: false,
}) || []
).forEach(result => {
results.push({ value, ...result });
valueToResultByRuleId[value] = resultByRuleId;
})
);
});
results
.filter(({ score, ruleId }) => score >= 90 && isMonitorMode(ruleId, sourceContext))
.forEach((result) => {
const resultByRuleId = valueToResultByRuleId[result.value];
const probe = Object.assign({}, resultByRuleId, result, {
mappedId: result.ruleId,
});
const key = [
probe.ruleId,
probe.inputType,
...probe.path,
probe.value,
].join('|');
probes[key] = probe;
});
});
Object.values(props).forEach(prop => {
if (!resultsMap[prop.ruleId]) {
resultsMap[prop.ruleId] = [];
Object.values(probes).forEach(probe => {
if (!resultsMap[probe.ruleId]) {
resultsMap[probe.ruleId] = [];
}
resultsMap[prop.ruleId].push(prop);
resultsMap[probe.ruleId].push(probe);
});

@@ -822,1 +871,5 @@ };

}
function isMonitorMode(ruleId, sourceContext) {
return sourceContext.policy[ruleId] === ProtectRuleMode.MONITOR;
}

4

lib/input-analysis/ip-analysis.js

@@ -32,4 +32,4 @@ /*

const now = new Date().getTime();
const updatedIpAllowList = serverUpdate.features?.defend?.ipAllowlist.map((ipEntry) => ipEntryMap(ipEntry, now));
const updatedIpDenyList = serverUpdate.features?.defend?.ipDenylist.map((ipEntry) => ipEntryMap(ipEntry, now));
const updatedIpAllowList = serverUpdate.features?.defend?.ipAllowlist?.map?.((ipEntry) => ipEntryMap(ipEntry, now));
const updatedIpDenyList = serverUpdate.features?.defend?.ipDenylist?.map?.((ipEntry) => ipEntryMap(ipEntry, now));

@@ -36,0 +36,0 @@ if (updatedIpAllowList) {

8

package.json
{
"name": "@contrast/protect",
"version": "1.13.1",
"version": "1.14.0",
"description": "Contrast service providing framework-agnostic Protect support",

@@ -21,5 +21,5 @@ "license": "SEE LICENSE IN LICENSE",

"@contrast/agent-lib": "^5.3.4",
"@contrast/common": "1.4.1",
"@contrast/core": "1.11.1",
"@contrast/esm-hooks": "1.7.1",
"@contrast/common": "1.5.0",
"@contrast/core": "1.12.0",
"@contrast/esm-hooks": "1.8.0",
"@contrast/scopes": "1.3.0",

@@ -26,0 +26,0 @@ "ipaddr.js": "^2.0.1",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc