@contrast/reporter
Advanced tools
Comparing version 1.6.2 to 1.7.0
@@ -56,3 +56,7 @@ "use strict"; | ||
const buildInputPayload = (result, time) => ({ | ||
filters: result.mongoExpansionResult ? ['nosql-expansion'] : result.ruleId === common_1.Rule.UNSAFE_FILE_UPLOAD ? ['agent-lib'] : [], | ||
filters: result.mongoExpansionResult | ||
? ['nosql-expansion'] | ||
: result.ruleId === common_1.Rule.UNSAFE_FILE_UPLOAD | ||
? ['agent-lib'] | ||
: [], | ||
name: result.key || '', | ||
@@ -68,10 +72,10 @@ time, | ||
function default_1() { | ||
const untrustedDeserializationDetailsBuilder = (el) => el.details?.[0]; | ||
const virtualPatchDetailsBuilder = (el) => el.details?.[0] || {}; | ||
const ipDenylistDetailsBuilder = (el) => el.details?.[0] || {}; | ||
const untrustedDeserializationDetailsBuilder = (el) => el.exploitMetadata[0]; | ||
const virtualPatchDetailsBuilder = (el) => el.exploitMetadata?.[0] || {}; | ||
const ipDenylistDetailsBuilder = (el) => el.exploitMetadata?.[0] || {}; | ||
const ssjsDetailsBuilder = (el) => { | ||
if (!el.details || el.details.length === 0) { | ||
if (!el.exploitMetadata || el.exploitMetadata.length === 0) { | ||
return {}; | ||
} | ||
const { findings } = el.details[0]; | ||
const { findings } = el.exploitMetadata[0]; | ||
return { | ||
@@ -85,6 +89,6 @@ start: findings.startIndex, | ||
const sqlInjectionDetailsBuilder = (el) => { | ||
if (!el.details || el.details.length === 0) { | ||
if (!el.exploitMetadata || el.exploitMetadata.length === 0) { | ||
return {}; | ||
} | ||
const { findings, sinkContext } = el.details[0]; | ||
const { findings, sinkContext } = el.exploitMetadata[0]; | ||
return { | ||
@@ -99,6 +103,6 @@ start: findings.startIndex, | ||
const nosqliMongoDetailsBuilder = (el) => { | ||
if (!el.details || el.details.length === 0) { | ||
if (!el.exploitMetadata || el.exploitMetadata.length === 0) { | ||
return {}; | ||
} | ||
const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext } = el.details[0]; | ||
const { findings: { start, end, boundaryOverrunIndex, inputBoundaryIndex }, sinkContext, } = el.exploitMetadata[0]; | ||
return { | ||
@@ -109,10 +113,12 @@ start, | ||
inputBoundaryIndex, | ||
query: typeof sinkContext.value === 'string' ? sinkContext.value : JSON.stringify(sinkContext.value), | ||
query: typeof sinkContext.value === 'string' | ||
? sinkContext.value | ||
: JSON.stringify(sinkContext.value), | ||
}; | ||
}; | ||
const cmdInjectionDetailsBuilder = (el) => { | ||
if (!el.details || el.details.length === 0) { | ||
if (!el.exploitMetadata || el.exploitMetadata.length === 0) { | ||
return {}; | ||
} | ||
const { findings } = el.details[0]; | ||
const { findings } = el.exploitMetadata[0]; | ||
return { | ||
@@ -132,7 +138,7 @@ command: el.value, | ||
[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]: 1, | ||
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2 | ||
[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]: 2, | ||
}; | ||
return { | ||
command: el.value, | ||
findings: [ruleIdMap[ruleId]] | ||
findings: [ruleIdMap[ruleId]], | ||
}; | ||
@@ -143,6 +149,6 @@ }; | ||
const { prolog, entities } = el.findings; | ||
const details = { | ||
const exploitMetadata = { | ||
xml: prolog, | ||
declaredEntities: [], | ||
entitiesResolved: [] | ||
entitiesResolved: [], | ||
}; | ||
@@ -153,11 +159,11 @@ // @ts-expect-error: Unreachable code error | ||
start: entity.start, | ||
end: entity.finish | ||
end: entity.finish, | ||
}); | ||
acc.entitiesResolved.push({ | ||
publicId: entity.type === 'PUBLIC' ? entity.uri : undefined, | ||
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined | ||
systemId: entity.type === 'SYSTEM' ? entity.uri : undefined, | ||
}); | ||
return acc; | ||
}, details); | ||
return details; | ||
}, exploitMetadata); | ||
return exploitMetadata; | ||
}; | ||
@@ -200,6 +206,7 @@ const buildRequestObject = (reqData) => { | ||
for (const result of results) { | ||
const detail = Array.isArray(result.details) && result.details.length > 0 | ||
? result.details[0] | ||
const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0 | ||
? result.exploitMetadata[0] | ||
: null; | ||
if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO && typeof result.value !== 'string') { | ||
if (result.ruleId === common_1.Rule.NOSQL_INJECTION_MONGO && | ||
typeof result.value !== 'string') { | ||
result.mongoExpansionResult = true; | ||
@@ -214,3 +221,3 @@ } | ||
methodName: method, | ||
lineNumber | ||
lineNumber, | ||
})), | ||
@@ -257,3 +264,3 @@ blocked: result.blocked, | ||
}; | ||
const sqlInjection = protect.findings.resultsMap[common_1.Rule.SQL_INJECTION]; | ||
const sqlInjection = protect.resultsMap[common_1.Rule.SQL_INJECTION]; | ||
if (sqlInjection) { | ||
@@ -267,3 +274,3 @@ const isBlockMode = protect.policy[common_1.Rule.SQL_INJECTION] === 'block'; | ||
} | ||
const cmdInjection = protect.findings.resultsMap[common_1.Rule.CMD_INJECTION]; | ||
const cmdInjection = protect.resultsMap[common_1.Rule.CMD_INJECTION]; | ||
if (cmdInjection) { | ||
@@ -277,3 +284,3 @@ const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION] === 'block'; | ||
} | ||
const pathTraversal = protect.findings.resultsMap[common_1.Rule.PATH_TRAVERSAL]; | ||
const pathTraversal = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL]; | ||
if (pathTraversal) { | ||
@@ -287,3 +294,3 @@ const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL] === 'block'; | ||
} | ||
const reflectedXSS = protect.findings.resultsMap[common_1.Rule.REFLECTED_XSS]; | ||
const reflectedXSS = protect.resultsMap[common_1.Rule.REFLECTED_XSS]; | ||
if (reflectedXSS) { | ||
@@ -297,3 +304,3 @@ const isBlockMode = protect.policy[common_1.Rule.REFLECTED_XSS] === 'block'; | ||
} | ||
const ssjs = protect.findings.resultsMap[common_1.Rule.SSJS_INJECTION]; | ||
const ssjs = protect.resultsMap[common_1.Rule.SSJS_INJECTION]; | ||
if (ssjs) { | ||
@@ -307,3 +314,3 @@ const isBlockMode = protect.policy[common_1.Rule.SSJS_INJECTION] === 'block'; | ||
} | ||
const nosqlInjectionMongo = protect.findings.resultsMap[common_1.Rule.NOSQL_INJECTION_MONGO]; | ||
const nosqlInjectionMongo = protect.resultsMap[common_1.Rule.NOSQL_INJECTION_MONGO]; | ||
if (nosqlInjectionMongo) { | ||
@@ -317,3 +324,3 @@ const isBlockMode = protect.policy[common_1.Rule.NOSQL_INJECTION_MONGO] === 'block'; | ||
} | ||
const cmdiSemanticAnalysisDangerousPaths = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]; | ||
const cmdiSemanticAnalysisDangerousPaths = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS]; | ||
if (cmdiSemanticAnalysisDangerousPaths) { | ||
@@ -325,5 +332,2 @@ const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS] === 'block'; | ||
key: 'Unknown', | ||
value: vulnerability.findings?.command, | ||
ruleId: common_1.Rule.CMD_INJECTION_SEMANTIC_DANGEROUS_PATHS, | ||
details: [{ ...vulnerability.findings }] | ||
}); | ||
@@ -337,5 +341,6 @@ }); | ||
} | ||
const cmdiSemanticAnalysisChainedCommands = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS]; | ||
const cmdiSemanticAnalysisChainedCommands = protect.resultsMap[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS]; | ||
if (cmdiSemanticAnalysisChainedCommands) { | ||
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] === 'block'; | ||
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS] === | ||
'block'; | ||
cmdiSemanticAnalysisChainedCommands.forEach((vulnerability) => { | ||
@@ -345,5 +350,2 @@ Object.assign(vulnerability, { | ||
key: 'Unknown', | ||
value: vulnerability.findings?.command, | ||
ruleId: common_1.Rule.CMD_INJECTION_SEMANTIC_CHAINED_COMMANDS, | ||
details: [{ ...vulnerability.findings }] | ||
}); | ||
@@ -357,3 +359,3 @@ }); | ||
} | ||
const xxeSemanticAnalysis = protect.findings.semanticResultsMap[common_1.Rule.XXE]; | ||
const xxeSemanticAnalysis = protect.resultsMap[common_1.Rule.XXE]; | ||
if (xxeSemanticAnalysis) { | ||
@@ -365,5 +367,2 @@ const isBlockMode = protect.policy[common_1.Rule.XXE] === 'block'; | ||
key: 'Unknown', | ||
value: vulnerability.findings?.prolog, | ||
ruleId: common_1.Rule.XXE, | ||
details: [{ ...vulnerability.findings }] | ||
}); | ||
@@ -377,24 +376,20 @@ }); | ||
} | ||
const cmdiCommandBackdoors = protect.findings.semanticResultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]; | ||
const cmdiCommandBackdoors = protect.resultsMap[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS]; | ||
if (cmdiCommandBackdoors) { | ||
const isBlockMode = protect.policy[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] === 'block'; | ||
cmdiCommandBackdoors.forEach((vulnerability) => { | ||
Object.assign(vulnerability, { | ||
ruleId: common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS, | ||
details: [{ ...vulnerability.findings }], | ||
}); | ||
}); | ||
const protectionRules = buildProtectionRules(cmdiCommandBackdoors, requestPayload, time, isBlockMode, cmdInjectionSemanticAnalysisDetailsBuilder); | ||
if (protectionRules) { | ||
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] = protectionRules; | ||
defendObject.protectionRules[common_1.Rule.CMD_INJECTION_COMMAND_BACKDOORS] = | ||
protectionRules; | ||
hasAttack = true; | ||
} | ||
} | ||
const pathTraversalSemanticFileSecurityBypass = protect.findings.semanticResultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS]; | ||
const pathTraversalSemanticFileSecurityBypass = protect.resultsMap[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS]; | ||
if (pathTraversalSemanticFileSecurityBypass) { | ||
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] === 'block'; | ||
const isBlockMode = protect.policy[common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS] === | ||
'block'; | ||
pathTraversalSemanticFileSecurityBypass.forEach((vulnerability) => { | ||
Object.assign(vulnerability, { | ||
ruleId: common_1.Rule.PATH_TRAVERSAL_SEMANTIC_FILE_SECURITY_BYPASS, | ||
details: [{ ...vulnerability.findings }], | ||
exploitMetadata: [{ ...vulnerability.findings }], | ||
inputType: 'Unknown', | ||
@@ -411,3 +406,3 @@ key: 'Unknown', | ||
} | ||
const unsafeFileUpload = protect.findings.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD]; | ||
const unsafeFileUpload = protect.resultsMap[common_1.Rule.UNSAFE_FILE_UPLOAD]; | ||
if (unsafeFileUpload) { | ||
@@ -421,19 +416,13 @@ const isBlockMode = protect.policy[common_1.Rule.UNSAFE_FILE_UPLOAD] === 'block_at_perimeter'; | ||
} | ||
const untrustedDeserialization = protect.findings.hardeningResultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION]; | ||
const untrustedDeserialization = protect.resultsMap[common_1.Rule.UNTRUSTED_DESERIALIZATION]; | ||
if (untrustedDeserialization) { | ||
const isBlockMode = protect.policy[common_1.Rule.UNTRUSTED_DESERIALIZATION] === 'block'; | ||
untrustedDeserialization.forEach((vulnerability) => { | ||
Object.assign(vulnerability, { | ||
ruleId: common_1.Rule.UNTRUSTED_DESERIALIZATION, | ||
value: vulnerability.sinkContext.value, | ||
details: [{ ...vulnerability.findings }], | ||
}); | ||
}); | ||
const protectionRules = buildProtectionRules(untrustedDeserialization, requestPayload, time, isBlockMode, untrustedDeserializationDetailsBuilder); | ||
if (protectionRules) { | ||
defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] = protectionRules; | ||
defendObject.protectionRules[common_1.Rule.UNTRUSTED_DESERIALIZATION] = | ||
protectionRules; | ||
hasAttack = true; | ||
} | ||
} | ||
const virtualPatch = protect.findings.serverFeaturesResultsMap[common_1.Rule.VIRTUAL_PATCH]; | ||
const virtualPatch = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH]; | ||
if (virtualPatch) { | ||
@@ -445,4 +434,4 @@ const mappedVirtualPatchResults = virtualPatch.map((vulnerability) => ({ | ||
value: 'Virtual Patch', | ||
details: [{ uuid: vulnerability.uuid }], | ||
blocked: true | ||
exploitMetadata: [{ uuid: vulnerability.uuid }], | ||
blocked: true, | ||
})); | ||
@@ -455,3 +444,3 @@ const protectionRules = buildProtectionRules(mappedVirtualPatchResults, requestPayload, time, true, virtualPatchDetailsBuilder); | ||
} | ||
const ipDenylist = protect.findings.serverFeaturesResultsMap[common_1.Rule.IP_DENYLIST]; | ||
const ipDenylist = protect.resultsMap[common_1.Rule.IP_DENYLIST]; | ||
if (ipDenylist) { | ||
@@ -463,4 +452,4 @@ const mappedIpDenylist = ipDenylist.map((vulnerability) => ({ | ||
value: vulnerability.ip, | ||
details: [{ uuid: vulnerability.uuid, ip: vulnerability.ip }], | ||
blocked: true | ||
exploitMetadata: [{ uuid: vulnerability.uuid, ip: vulnerability.ip }], | ||
blocked: true, | ||
})); | ||
@@ -473,3 +462,3 @@ const protectionRules = buildProtectionRules(mappedIpDenylist, requestPayload, time, true, ipDenylistDetailsBuilder); | ||
} | ||
const botBlocker = protect.findings.resultsMap[common_1.Rule.BOT_BLOCKER]; | ||
const botBlocker = protect.resultsMap[common_1.Rule.BOT_BLOCKER]; | ||
if (botBlocker) { | ||
@@ -476,0 +465,0 @@ const uaIdx = protect.reqData.headers.indexOf('user-agent'); |
@@ -35,3 +35,3 @@ "use strict"; | ||
this.protectName = core.protect.packageName; | ||
this.protectVersion = core.protect.version; | ||
this.protectVersion = core.protect?.version || ''; | ||
this.appInfo = core.appInfo; | ||
@@ -38,0 +38,0 @@ this.config = core.config; |
@@ -48,3 +48,3 @@ import { Rule } from '@contrast/common'; | ||
input: DefendInput; | ||
details: T; | ||
exploitMetadata: T; | ||
} | ||
@@ -133,4 +133,4 @@ export interface BlockedAtPerimeterSample { | ||
export interface UntrustedDeserializationDetails { | ||
command: boolean; | ||
deserializer: string; | ||
command?: boolean; | ||
deserializer?: string; | ||
} | ||
@@ -137,0 +137,0 @@ export interface CMDInjectionSemanticAnalysis { |
@@ -71,4 +71,4 @@ "use strict"; | ||
severity_blocked_perimeter: 'notice', | ||
severity_suspicious: 'warning' | ||
} | ||
severity_suspicious: 'warning', | ||
}, | ||
}; | ||
@@ -87,3 +87,3 @@ class SecurityLogger extends base_1.default { | ||
}); | ||
this.version = core.protect.version; | ||
this.version = core.protect?.version || ''; | ||
core.messages.on(common_1.Event.SERVER_SETTINGS_UPDATE, (msg) => { | ||
@@ -150,4 +150,4 @@ Object.assign(this.config.syslog, (0, utils_1.translateServerSettings)(core.config.agent.security_logger.syslog, msg?.features?.syslog)); | ||
} | ||
const detail = Array.isArray(result.details) && result.details.length > 0 | ||
? result.details[0] | ||
const detail = Array.isArray(result.exploitMetadata) && result.exploitMetadata.length > 0 | ||
? result.exploitMetadata[0] | ||
: null; | ||
@@ -196,3 +196,3 @@ let level; | ||
const { protect } = msg; | ||
const virtualPatchResults = protect.findings.serverFeaturesResultsMap[common_1.Rule.VIRTUAL_PATCH]; | ||
const virtualPatchResults = protect.resultsMap[common_1.Rule.VIRTUAL_PATCH]; | ||
if (virtualPatchResults) { | ||
@@ -207,3 +207,3 @@ virtualPatchResults.forEach((result) => { | ||
} | ||
const ipDenyListResults = protect.findings.serverFeaturesResultsMap[common_1.Rule.IP_DENYLIST]; | ||
const ipDenyListResults = protect.resultsMap[common_1.Rule.IP_DENYLIST]; | ||
if (ipDenyListResults) { | ||
@@ -218,3 +218,4 @@ ipDenyListResults.forEach((result) => { | ||
} | ||
Object.entries(protect.findings.resultsMap).forEach(([rule, results]) => { | ||
const { commonResultsMap, hardeningResultsMap, semanticResultsMap } = (0, common_1.groupResultsMap)(protect.resultsMap); | ||
Object.entries(commonResultsMap).forEach(([rule, results]) => { | ||
results.forEach((result) => { | ||
@@ -224,21 +225,9 @@ this.handleProtectResult(protect, rule, result); | ||
}); | ||
Object.entries(protect.findings.hardeningResultsMap).forEach(([rule, results]) => { | ||
Object.entries(hardeningResultsMap).forEach(([rule, results]) => { | ||
results.forEach((result) => { | ||
// copied from UI logger -- is this necessary? | ||
Object.assign(result, { | ||
value: result.sinkContext.value, | ||
details: [{ ...result.findings }], | ||
}); | ||
this.handleProtectResult(protect, rule, result); | ||
}); | ||
}); | ||
Object.entries(protect.findings.semanticResultsMap).forEach(([rule, results]) => { | ||
Object.entries(semanticResultsMap).forEach(([rule, results]) => { | ||
results.forEach((result) => { | ||
// copied from UI logger -- is this necessary? | ||
Object.assign(result, { | ||
ruleId: rule, | ||
mappedId: rule, | ||
value: result.findings?.command, | ||
details: [{ ...result.findings }], | ||
}); | ||
this.handleProtectResult(protect, rule, result); | ||
@@ -245,0 +234,0 @@ }); |
{ | ||
"name": "@contrast/reporter", | ||
"version": "1.6.2", | ||
"version": "1.7.0", | ||
"description": "Subscribes to agent messages and reports them", | ||
@@ -20,3 +20,3 @@ "license": "SEE LICENSE IN LICENSE", | ||
"dependencies": { | ||
"@contrast/common": "1.1.5", | ||
"@contrast/common": "1.2.0", | ||
"axios": "^0.27.2", | ||
@@ -27,2 +27,2 @@ "hpagent": "^1.2.0", | ||
} | ||
} | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
101664
1557
+ Added@contrast/common@1.2.0(transitive)
- Removed@contrast/common@1.1.5(transitive)
Updated@contrast/common@1.2.0