Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@contrast/reporter

Package Overview
Dependencies
Maintainers
17
Versions
62
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@contrast/reporter - npm Package Compare versions

Comparing version 1.6.2 to 1.7.0

133

lib/reporters/contrast-ui/app-activity-builder.js

@@ -56,3 +56,7 @@ "use strict";

const buildInputPayload = (result, time) => ({
filters: result.mongoExpansionResult ? ['nosql-expansion'] : result.ruleId === common_1.Rule.UNSAFE_FILE_UPLOAD ? ['agent-lib'] : [],
filters: result.mongoExpansionResult
? ['nosql-expansion']
: result.ruleId === common_1.Rule.UNSAFE_FILE_UPLOAD
? ['agent-lib']
: [],
name: result.key || '',

@@ -68,10 +72,10 @@ time,

function default_1() {
const untrustedDeserializationDetailsBuilder = (el) => el.details?.[0];
const virtualPatchDetailsBuilder = (el) => el.details?.[0] || {};
const ipDenylistDetailsBuilder = (el) => el.details?.[0] || {};
const untrustedDeserializationDetailsBuilder = (el) => el.exploitMetadata[0];
const virtualPatchDetailsBuilder = (el) => el.exploitMetadata?.[0] || {};
const ipDenylistDetailsBuilder = (el) => el.exploitMetadata?.[0] || {};
const ssjsDetailsBuilder = (el) => {
if (!el.details || el.details.length === 0) {
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
return {};
}
const { findings } = el.details[0];
const { findings } = el.exploitMetadata[0];
return {

@@ -85,6 +89,6 @@ start: findings.startIndex,

const sqlInjectionDetailsBuilder = (el) => {
if (!el.details || el.details.length === 0) {
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
return {};
}
const { findings, sinkContext } = el.details[0];
const { findings, sinkContext } = el.exploitMetadata[0];
return {

@@ -99,6 +103,6 @@ start: findings.startIndex,

const nosqliMongoDetailsBuilder = (el) => {
if (!el.details || el.details.length === 0) {
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
return {};
}
const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext } = el.details[0];
const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext, } = el.exploitMetadata[0];
return {

@@ -109,10 +113,12 @@ start,

inputBoundaryIndex,
query: typeof sinkContext.value === 'string' ? sinkContext.value : JSON.stringify(sinkContext.value),
query: typeof sinkContext.value === 'string'
? sinkContext.value
: JSON.stringify(sinkContext.value),
};
};
const cmdInjectionDetailsBuilder = (el) => {
if (!el.details || el.details.length === 0) {
if (!el.exploitMetadata || el.exploitMetadata.length === 0) {
return {};
}
const { findings } = el.details[0];
const { findings } = el.exploitMetadata[0];
return {

@@ -132,7 +138,7 @@ command: el.value,

[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]: 1,
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2,
};
return {
command: el.value,
findings: [ruleIdMap[ruleId]]
findings: [ruleIdMap[ruleId]],
};

@@ -143,6 +149,6 @@ };

const { prolog, entities } = el.findings;
const details = {
const exploitMetadata = {
xml: prolog,
declaredEntities: [],
entitiesResolved: []
entitiesResolved: [],
};

@@ -153,11 +159,11 @@ // @ts-expect-error: Unreachable code error

start: entity.start,
end: entity.finish
end: entity.finish,
});
acc.entitiesResolved.push({
publicId: entity.type === 'PUBLIC' ? entity.uri : undefined,
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined,
});
return acc;
}, details);
return details;
}, exploitMetadata);
return exploitMetadata;
};

@@ -200,6 +206,7 @@ const buildRequestObject = (reqData) => {

for (const result of results) {
const detail = Array.isArray(result.details) && result.details.length > 0
? result.details[0]
const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0
? result.exploitMetadata[0]
: null;
if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO && typeof result.value !== 'string') {
if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO &&
typeof result.value !== 'string') {
result.mongoExpansionResult = true;

@@ -214,3 +221,3 @@ }

methodName: method,
lineNumber
lineNumber,
})),

@@ -257,3 +264,3 @@ blocked: result.blocked,

};
const sqlInjection = protect.findings.resultsMap[common_1.Rule.SQL_INJECTION];
const sqlInjection = protect.resultsMap[common_1.Rule.SQL_INJECTION];
if (sqlInjection) {

@@ -267,3 +274,3 @@ const isBlockMode = protect.policy[common_1.Rule.SQL_INJECTION] === 'block';

}
const cmdInjection = protect.findings.resultsMap[common_1.Rule.CMD_INJECTION];
const cmdInjection = protect.resultsMap[common_1.Rule.CMD_INJECTION];
if (cmdInjection) {

@@ -277,3 +284,3 @@ const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION] === 'block';

}
const pathTraversal = protect.findings.resultsMap[common_1.Rule.PATH_TRAVERSAL];
const pathTraversal = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL];
if (pathTraversal) {

@@ -287,3 +294,3 @@ const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL] === 'block';

}
const reflectedXSS = protect.findings.resultsMap[common_1.Rule.REFLECTED_XSS];
const reflectedXSS = protect.resultsMap[common_1.Rule.REFLECTED_XSS];
if (reflectedXSS) {

@@ -297,3 +304,3 @@ const isBlockMode = protect.policy[common_1.Rule.REFLECTED_XSS] === 'block';

}
const ssjs = protect.findings.resultsMap[common_1.Rule.SSJS_INJECTION];
const ssjs = protect.resultsMap[common_1.Rule.SSJS_INJECTION];
if (ssjs) {

@@ -307,3 +314,3 @@ const isBlockMode = protect.policy[common_1.Rule.SSJS_INJECTION] === 'block';

}
const nosqlInjectionMongo = protect.findings.resultsMap[common_1.Rule.NOSQL_INJECTION_MONGO];
const nosqlInjectionMongo = protect.resultsMap[common_1.Rule.NOSQL_INJECTION_MONGO];
if (nosqlInjectionMongo) {

@@ -317,3 +324,3 @@ const isBlockMode = protect.policy[common_1.Rule.NOSQL_INJECTION_MONGO] === 'block';

}
const cmdiSemanticAnalysisDangerousPaths = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS];
const cmdiSemanticAnalysisDangerousPaths = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS];
if (cmdiSemanticAnalysisDangerousPaths) {

@@ -325,5 +332,2 @@ const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] === 'block';

key: 'Unknown',
value: vulnerability.findings?.command,
ruleId: common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS,
details: [{ ...vulnerability.findings }]
});

@@ -337,5 +341,6 @@ });

}
const cmdiSemanticAnalysisChainedCommands = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS];
const cmdiSemanticAnalysisChainedCommands = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS];
if (cmdiSemanticAnalysisChainedCommands) {
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] === 'block';
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] ===
'block';
cmdiSemanticAnalysisChainedCommands.forEach((vulnerability) => {

@@ -345,5 +350,2 @@ Object.assign(vulnerability, {

key: 'Unknown',
value: vulnerability.findings?.command,
ruleId: common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS,
details: [{ ...vulnerability.findings }]
});

@@ -357,3 +359,3 @@ });

}
const xxeSemanticAnalysis = protect.findings.semanticResultsMap[common_1.Rule.XXE];
const xxeSemanticAnalysis = protect.resultsMap[common_1.Rule.XXE];
if (xxeSemanticAnalysis) {

@@ -365,5 +367,2 @@ const isBlockMode = protect.policy[common_1.Rule.XXE] === 'block';

key: 'Unknown',
value: vulnerability.findings?.prolog,
ruleId: common_1.Rule.XXE,
details: [{ ...vulnerability.findings }]
});

@@ -377,24 +376,20 @@ });

}
const cmdiCommandBackdoors = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS];
const cmdiCommandBackdoors = protect.resultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS];
if (cmdiCommandBackdoors) {
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] === 'block';
cmdiCommandBackdoors.forEach((vulnerability) => {
Object.assign(vulnerability, {
ruleId: common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS,
details: [{ ...vulnerability.findings }],
});
});
const protectionRules = buildProtectionRules(cmdiCommandBackdoors, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder);
if (protectionRules) {
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] = protectionRules;
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] =
protectionRules;
hasAttack = true;
}
}
const pathTraversalSemanticFileSecurityBypass = protect.findings.semanticResultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS];
const pathTraversalSemanticFileSecurityBypass = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS];
if (pathTraversalSemanticFileSecurityBypass) {
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] === 'block';
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] ===
'block';
pathTraversalSemanticFileSecurityBypass.forEach((vulnerability) => {
Object.assign(vulnerability, {
ruleId: common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS,
details: [{ ...vulnerability.findings }],
exploitMetadata: [{ ...vulnerability.findings }],
inputType: 'Unknown',

@@ -411,3 +406,3 @@ key: 'Unknown',

}
const unsafeFileUpload = protect.findings.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD];
const unsafeFileUpload = protect.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD];
if (unsafeFileUpload) {

@@ -421,19 +416,13 @@ const isBlockMode = protect.policy[common_1.Rule.UNSAFE_FILE_UPLOAD] === 'block_at_perimeter';

}
const untrustedDeserialization = protect.findings.hardeningResultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION];
const untrustedDeserialization = protect.resultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION];
if (untrustedDeserialization) {
const isBlockMode = protect.policy[common_1.Rule.UNTRUSTED_DESERIALIZATION] === 'block';
untrustedDeserialization.forEach((vulnerability) => {
Object.assign(vulnerability, {
ruleId: common_1.Rule.UNTRUSTED_DESERIALIZATION,
value: vulnerability.sinkContext.value,
details: [{ ...vulnerability.findings }],
});
});
const protectionRules = buildProtectionRules(untrustedDeserialization, requestPayload, time, isBlockMode, untrustedDeserializationDetailsBuilder);
if (protectionRules) {
defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] = protectionRules;
defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] =
protectionRules;
hasAttack = true;
}
}
const virtualPatch = protect.findings.serverFeaturesResultsMap[common_1.Rule.VIRTUAL_PATCH];
const virtualPatch = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
if (virtualPatch) {

@@ -445,4 +434,4 @@ const mappedVirtualPatchResults = virtualPatch.map((vulnerability) => ({

value: 'Virtual Patch',
details: [{ uuid: vulnerability.uuid }],
blocked: true
exploitMetadata: [{ uuid: vulnerability.uuid }],
blocked: true,
}));

@@ -455,3 +444,3 @@ const protectionRules = buildProtectionRules(mappedVirtualPatchResults, requestPayload, time, true, virtualPatchDetailsBuilder);

}
const ipDenylist = protect.findings.serverFeaturesResultsMap[common_1.Rule.IP_DENYLIST];
const ipDenylist = protect.resultsMap[common_1.Rule.IP_DENYLIST];
if (ipDenylist) {

@@ -463,4 +452,4 @@ const mappedIpDenylist = ipDenylist.map((vulnerability) => ({

value: vulnerability.ip,
details: [{ uuid: vulnerability.uuid, ip: vulnerability.ip }],
blocked: true
exploitMetadata: [{ uuid: vulnerability.uuid, ip: vulnerability.ip }],
blocked: true,
}));

@@ -473,3 +462,3 @@ const protectionRules = buildProtectionRules(mappedIpDenylist, requestPayload, time, true, ipDenylistDetailsBuilder);

}
const botBlocker = protect.findings.resultsMap[common_1.Rule.BOT_BLOCKER];
const botBlocker = protect.resultsMap[common_1.Rule.BOT_BLOCKER];
if (botBlocker) {

@@ -476,0 +465,0 @@ const uaIdx = protect.reqData.headers.indexOf('user-agent');

@@ -35,3 +35,3 @@ "use strict";

this.protectName = core.protect.packageName;
this.protectVersion = core.protect.version;
this.protectVersion = core.protect?.version || '';
this.appInfo = core.appInfo;

@@ -38,0 +38,0 @@ this.config = core.config;

@@ -48,3 +48,3 @@ import { Rule } from '@contrast/common';

input: DefendInput;
details: T;
exploitMetadata: T;
}

@@ -133,4 +133,4 @@ export interface BlockedAtPerimeterSample {

export interface UntrustedDeserializationDetails {
command: boolean;
deserializer: string;
command?: boolean;
deserializer?: string;
}

@@ -137,0 +137,0 @@ export interface CMDInjectionSemanticAnalysis {

@@ -71,4 +71,4 @@ "use strict";

severity_blocked_perimeter: 'notice',
severity_suspicious: 'warning'
}
severity_suspicious: 'warning',
},
};

@@ -87,3 +87,3 @@ class SecurityLogger extends base_1.default {

});
this.version = core.protect.version;
this.version = core.protect?.version || '';
core.messages.on(common_1.Event.SERVER_SETTINGS_UPDATE, (msg) => {

@@ -150,4 +150,4 @@ Object.assign(this.config.syslog, (0, utils_1.translateServerSettings)(core.config.agent.security_logger.syslog, msg?.features?.syslog));

}
const detail = Array.isArray(result.details) && result.details.length > 0
? result.details[0]
const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0
? result.exploitMetadata[0]
: null;

@@ -196,3 +196,3 @@ let level;

const { protect } = msg;
const virtualPatchResults = protect.findings.serverFeaturesResultsMap[common_1.Rule.VIRTUAL_PATCH];
const virtualPatchResults = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH];
if (virtualPatchResults) {

@@ -207,3 +207,3 @@ virtualPatchResults.forEach((result) => {

}
const ipDenyListResults = protect.findings.serverFeaturesResultsMap[common_1.Rule.IP_DENYLIST];
const ipDenyListResults = protect.resultsMap[common_1.Rule.IP_DENYLIST];
if (ipDenyListResults) {

@@ -218,3 +218,4 @@ ipDenyListResults.forEach((result) => {

}
Object.entries(protect.findings.resultsMap).forEach(([rule, results]) => {
const { commonResultsMap, hardeningResultsMap, semanticResultsMap } = (0, common_1.groupResultsMap)(protect.resultsMap);
Object.entries(commonResultsMap).forEach(([rule, results]) => {
results.forEach((result) => {

@@ -224,21 +225,9 @@ this.handleProtectResult(protect, rule, result);

});
Object.entries(protect.findings.hardeningResultsMap).forEach(([rule, results]) => {
Object.entries(hardeningResultsMap).forEach(([rule, results]) => {
results.forEach((result) => {
// copied from UI logger -- is this necessary?
Object.assign(result, {
value: result.sinkContext.value,
details: [{ ...result.findings }],
});
this.handleProtectResult(protect, rule, result);
});
});
Object.entries(protect.findings.semanticResultsMap).forEach(([rule, results]) => {
Object.entries(semanticResultsMap).forEach(([rule, results]) => {
results.forEach((result) => {
// copied from UI logger -- is this necessary?
Object.assign(result, {
ruleId: rule,
mappedId: rule,
value: result.findings?.command,
details: [{ ...result.findings }],
});
this.handleProtectResult(protect, rule, result);

@@ -245,0 +234,0 @@ });

{
"name": "@contrast/reporter",
"version": "1.6.2",
"version": "1.7.0",
"description": "Subscribes to agent messages and reports them",

@@ -20,3 +20,3 @@ "license": "SEE LICENSE IN LICENSE",

"dependencies": {
"@contrast/common": "1.1.5",
"@contrast/common": "1.2.0",
"axios": "^0.27.2",

@@ -27,2 +27,2 @@ "hpagent": "^1.2.0",

}
}
}

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc