@contrast/reporter - npm Package Compare versions

Comparing version 1.3.0 to 1.4.0

lib/reporters/contrast-ui/app-activity-builder.js

@@ -167,2 +167,3 @@ "use strict";
             blockedAtPerimeter: { total: 0, startTime: 0, samples: [] },
+            ineffective: { total: 0, startTime: 0, samples: [] },
         };
@@ -185,3 +186,3 @@ for (const result of results) {
                 })),
-                blocked: isBlockMode,
+                blocked: result.blocked,
                 timestamp: buildTimePayload(time),
@@ -205,4 +206,6 @@ request: requestPayload,
                 }
-                // TODO: "probed" events are when there are scores >=90 that weren't
-                // blocked and don't have sink details
+                else if (result.score >= 90) {
+                    accumulator.ineffective.total += 1;
+                    accumulator.ineffective.samples.push(data);
+                }
             }
@@ -212,3 +215,4 @@ }
             !accumulator.exploited?.samples.length &&
-            !accumulator.blockedAtPerimeter?.samples.length)
+            !accumulator.blockedAtPerimeter?.samples.length &&
+            !accumulator.ineffective?.samples?.length)
             return;
@@ -330,2 +334,20 @@ return accumulator;
         }
+        const pathTraversalSemanticFileSecurityBypass = protect.findings.semanticResultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS];
+        if (pathTraversalSemanticFileSecurityBypass) {
+            const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] === 'block';
+            pathTraversalSemanticFileSecurityBypass.forEach((vulnerability) => {
+                Object.assign(vulnerability, {
+                    ruleId: common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS,
+                    details: [{ ...vulnerability.findings }],
+                    inputType: 'Unknown',
+                    key: 'Unknown',
+                    value: vulnerability.findings?.path,
+                });
+            });
+            const protectionRules = buildProtectionRules(pathTraversalSemanticFileSecurityBypass, requestPayload, time, isBlockMode, (result) => ({ path: result.value }));
+            if (protectionRules) {
+                defendObject.protectionRules[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] = protectionRules;
+                hasAttack = true;
+            }
+        }
         const untrustedDeserialization = protect.findings.hardeningResultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION];
@@ -332,0 +354,0 @@ if (untrustedDeserialization) {

lib/reporters/contrast-ui/types.d.ts

@@ -69,2 +69,3 @@ import { Rule } from '@contrast/common';
         [Rule.PATH_TRAVERSAL]?: PathTraversal;
+        [Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS]?: any;
         [Rule.REFLECTED_XSS]?: ReflectedXSS;
@@ -71,0 +72,0 @@ [Rule.SQL_INJECTION]?: SQLInjection;

package.json

 {
   "name": "@contrast/reporter",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "Subscribes to agent messages and reports them",
@@ -21,3 +21,3 @@ "license": "SEE LICENSE IN LICENSE",
   "dependencies": {
-    "@contrast/common": "1.1.1",
+    "@contrast/common": "1.1.2",
     "axios": "^0.27.2",
@@ -24,0 +24,0 @@ "safe-stable-stringify": "^2.3.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

71842

increased by3.5%

Lines of code

1084

increased by2.17%

Dependency changes

• + Added@contrast/common@1.1.2(transitive)

• - Removed@contrast/common@1.1.1(transitive)

• Updated@contrast/common@1.1.2