@contrast/protect
Advanced tools
Comparing version 1.13.1 to 1.14.0
@@ -23,2 +23,3 @@ /* | ||
Rule, | ||
ProtectRuleMode, | ||
isString, | ||
@@ -439,53 +440,101 @@ ProtectRuleMode: { OFF }, | ||
const { resultsMap } = sourceContext; | ||
// Detecting probes | ||
const { resultsMap, policy: { rulesMask } } = sourceContext; | ||
const probesRules = [Rule.CMD_INJECTION, Rule.PATH_TRAVERSAL, Rule.SQL_INJECTION, Rule.XXE]; | ||
const props = {}; | ||
const probes = {}; | ||
// Detecting probes | ||
const findingsForScoreRequest = { | ||
HeaderValue: {}, | ||
ParameterValue: {}, | ||
CookieValue: {}, | ||
}; | ||
const findingsForScoreAtom = {}; | ||
const valueToResultByRuleId = {}; | ||
Object.values(resultsMap).forEach(resultsByRuleId => { | ||
resultsByRuleId.forEach((resultByRuleId) => { | ||
resultsByRuleId.forEach(resultByRuleId => { | ||
const { | ||
ruleId, | ||
blocked, | ||
exploitMetadata, | ||
score, | ||
value, | ||
key, | ||
inputType | ||
} = resultByRuleId; | ||
if (blocked || !blocked && exploitMetadata.length > 0 || !probesRules.some(rule => rule === ruleId)) return; | ||
const { policy: { rulesMask } } = sourceContext; | ||
if ( | ||
!isMonitorMode(ruleId, sourceContext) || | ||
exploitMetadata.length > 0 || | ||
score >= 90 || | ||
!probesRules.some((rule) => rule === ruleId) | ||
) { | ||
return; | ||
} | ||
const results = (agentLib.scoreAtom( | ||
rulesMask, | ||
value, | ||
agentLib.InputType[inputType], | ||
{ | ||
preferWorthWatching: false | ||
const dataType = findingsForScoreRequest[inputType]; | ||
if (!dataType) { | ||
if (!findingsForScoreAtom[value]) { | ||
findingsForScoreAtom[value] = {}; | ||
} | ||
) || []).filter(({ score }) => score >= 90); | ||
if (!results.length) return; | ||
findingsForScoreAtom[value][inputType] = resultByRuleId; | ||
return; | ||
} | ||
results.forEach(result => { | ||
const isAlreadyBlocked = (resultsMap[result.ruleId] || []).some(element => | ||
element.blocked && element.inputType === inputType && element.value === value | ||
); | ||
dataType[key] = value; | ||
valueToResultByRuleId[value] = resultByRuleId; | ||
}); | ||
}); | ||
if (isAlreadyBlocked) return; | ||
const { ParameterValue, HeaderValue, CookieValue } = findingsForScoreRequest; | ||
const probe = Object.assign({}, resultByRuleId, result, { | ||
mappedId: result.ruleId | ||
}); | ||
const key = [probe.ruleId, probe.inputType, ...probe.path, probe.value].join('|'); | ||
props[key] = probe; | ||
const results = | ||
agentLib.scoreRequestConnect( | ||
rulesMask, | ||
{ | ||
queries: Object.entries(ParameterValue).flat(), | ||
headers: Object.entries(HeaderValue).flat(), | ||
cookies: Object.entries(CookieValue).flat(), | ||
}, | ||
{ | ||
preferWorthWatching: false, | ||
} | ||
).resultsList || []; | ||
Object.entries(findingsForScoreAtom).forEach(([value, inputTypes]) => { | ||
Object.entries(inputTypes).forEach(([inputType, resultByRuleId]) => | ||
( | ||
agentLib.scoreAtom(rulesMask, value, agentLib.InputType[inputType], { | ||
preferWorthWatching: false, | ||
}) || [] | ||
).forEach(result => { | ||
results.push({ value, ...result }); | ||
valueToResultByRuleId[value] = resultByRuleId; | ||
}) | ||
); | ||
}); | ||
results | ||
.filter(({ score, ruleId }) => score >= 90 && isMonitorMode(ruleId, sourceContext)) | ||
.forEach((result) => { | ||
const resultByRuleId = valueToResultByRuleId[result.value]; | ||
const probe = Object.assign({}, resultByRuleId, result, { | ||
mappedId: result.ruleId, | ||
}); | ||
const key = [ | ||
probe.ruleId, | ||
probe.inputType, | ||
...probe.path, | ||
probe.value, | ||
].join('|'); | ||
probes[key] = probe; | ||
}); | ||
}); | ||
Object.values(props).forEach(prop => { | ||
if (!resultsMap[prop.ruleId]) { | ||
resultsMap[prop.ruleId] = []; | ||
Object.values(probes).forEach(probe => { | ||
if (!resultsMap[probe.ruleId]) { | ||
resultsMap[probe.ruleId] = []; | ||
} | ||
resultsMap[prop.ruleId].push(prop); | ||
resultsMap[probe.ruleId].push(probe); | ||
}); | ||
@@ -822,1 +871,5 @@ }; | ||
} | ||
function isMonitorMode(ruleId, sourceContext) { | ||
return sourceContext.policy[ruleId] === ProtectRuleMode.MONITOR; | ||
} |
@@ -32,4 +32,4 @@ /* | ||
const now = new Date().getTime(); | ||
const updatedIpAllowList = serverUpdate.features?.defend?.ipAllowlist.map((ipEntry) => ipEntryMap(ipEntry, now)); | ||
const updatedIpDenyList = serverUpdate.features?.defend?.ipDenylist.map((ipEntry) => ipEntryMap(ipEntry, now)); | ||
const updatedIpAllowList = serverUpdate.features?.defend?.ipAllowlist?.map?.((ipEntry) => ipEntryMap(ipEntry, now)); | ||
const updatedIpDenyList = serverUpdate.features?.defend?.ipDenylist?.map?.((ipEntry) => ipEntryMap(ipEntry, now)); | ||
@@ -36,0 +36,0 @@ if (updatedIpAllowList) { |
{ | ||
"name": "@contrast/protect", | ||
"version": "1.13.1", | ||
"version": "1.14.0", | ||
"description": "Contrast service providing framework-agnostic Protect support", | ||
@@ -21,5 +21,5 @@ "license": "SEE LICENSE IN LICENSE", | ||
"@contrast/agent-lib": "^5.3.4", | ||
"@contrast/common": "1.4.1", | ||
"@contrast/core": "1.11.1", | ||
"@contrast/esm-hooks": "1.7.1", | ||
"@contrast/common": "1.5.0", | ||
"@contrast/core": "1.12.0", | ||
"@contrast/esm-hooks": "1.8.0", | ||
"@contrast/scopes": "1.3.0", | ||
@@ -26,0 +26,0 @@ "ipaddr.js": "^2.0.1", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
185748
4930
+ Added@contrast/agent-swc-plugin@1.5.1(transitive)
+ Added@contrast/agent-swc-plugin-unwrite@1.5.1(transitive)
+ Added@contrast/agentify@1.5.0(transitive)
+ Added@contrast/common@1.5.0(transitive)
+ Added@contrast/config@1.7.0(transitive)
+ Added@contrast/core@1.12.0(transitive)
+ Added@contrast/esm-hooks@1.8.0(transitive)
+ Added@contrast/reporter@1.10.0(transitive)
+ Added@contrast/rewriter@1.4.0(transitive)
+ Added@swc/core@1.3.391.5.29(transitive)
+ Added@swc/core-darwin-arm64@1.3.391.5.29(transitive)
+ Added@swc/core-darwin-x64@1.3.391.5.29(transitive)
+ Added@swc/core-linux-arm-gnueabihf@1.3.391.5.29(transitive)
+ Added@swc/core-linux-arm64-gnu@1.3.391.5.29(transitive)
+ Added@swc/core-linux-arm64-musl@1.3.391.5.29(transitive)
+ Added@swc/core-linux-x64-gnu@1.3.391.5.29(transitive)
+ Added@swc/core-linux-x64-musl@1.3.391.5.29(transitive)
+ Added@swc/core-win32-arm64-msvc@1.3.391.5.29(transitive)
+ Added@swc/core-win32-ia32-msvc@1.3.391.5.29(transitive)
+ Added@swc/core-win32-x64-msvc@1.3.391.5.29(transitive)
+ Added@swc/counter@0.1.3(transitive)
+ Added@swc/types@0.1.13(transitive)
- Removed@babel/code-frame@7.25.7(transitive)
- Removed@babel/generator@7.25.7(transitive)
- Removed@babel/helper-string-parser@7.25.7(transitive)
- Removed@babel/helper-validator-identifier@7.25.7(transitive)
- Removed@babel/highlight@7.25.7(transitive)
- Removed@babel/parser@7.25.8(transitive)
- Removed@babel/template@7.25.7(transitive)
- Removed@babel/traverse@7.25.7(transitive)
- Removed@babel/types@7.25.8(transitive)
- Removed@contrast/agentify@1.4.1(transitive)
- Removed@contrast/common@1.4.1(transitive)
- Removed@contrast/config@1.6.1(transitive)
- Removed@contrast/core@1.11.1(transitive)
- Removed@contrast/esm-hooks@1.7.1(transitive)
- Removed@contrast/reporter@1.9.1(transitive)
- Removed@contrast/rewriter@1.3.1(transitive)
- Removed@jridgewell/gen-mapping@0.3.5(transitive)
- Removed@jridgewell/resolve-uri@3.1.2(transitive)
- Removed@jridgewell/set-array@1.2.1(transitive)
- Removed@jridgewell/sourcemap-codec@1.5.0(transitive)
- Removed@jridgewell/trace-mapping@0.3.25(transitive)
- Removedansi-styles@3.2.1(transitive)
- Removedchalk@2.4.2(transitive)
- Removedcolor-convert@1.9.3(transitive)
- Removedcolor-name@1.1.3(transitive)
- Removeddebug@4.3.7(transitive)
- Removedescape-string-regexp@1.0.5(transitive)
- Removedglobals@11.12.0(transitive)
- Removedhas-flag@3.0.0(transitive)
- Removedjs-tokens@4.0.0(transitive)
- Removedjsesc@3.0.2(transitive)
- Removedms@2.1.3(transitive)
- Removedpicocolors@1.1.0(transitive)
- Removedsupports-color@5.5.0(transitive)
- Removedto-fast-properties@2.0.0(transitive)
Updated@contrast/common@1.5.0
Updated@contrast/core@1.12.0
Updated@contrast/esm-hooks@1.8.0