From 87b3455672dea29799a7a5f8b32a5b2b3a1af204 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Wed, 22 Nov 2023 16:58:59 +0200 Subject: [PATCH 01/12] added support for header based logger --- lib/pxenforcer.js | 13 +++++++++++++ px_metadata.json | 3 ++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/pxenforcer.js b/lib/pxenforcer.js index dcc7d0a..6ae97af 100644 --- a/lib/pxenforcer.js +++ b/lib/pxenforcer.js @@ -79,8 +79,14 @@ class PerimeterXEnforcer { function pxMiddleware(req, res, next) { parseCookies(req, res).then(() => { enforcer.enforce(req, res, (err, response) => { + let pxContext = null; if (!err && response) { PerimeterXEnforcer.handleCallbackResponse(err, response, res); + + if (req.locals && req.locals.pxCtx) { + pxContext = req.locals.pxCtx; + } + enforcer.sendHeaderBasedLogs(pxContext, enforcer.config.conf, req); } else { //pass saveResponseBody(res); @@ -95,8 +101,15 @@ class PerimeterXEnforcer { enforcer.handleAdditionalS2SActivity(pxCtx, res); } }); + + if (req.locals && req.locals.pxCtx) { + pxContext = req.locals.pxCtx; + } + enforcer.sendHeaderBasedLogs(pxContext, enforcer.config.conf, req); + next(); } + }); }); } diff --git a/px_metadata.json b/px_metadata.json index cf5bf4d..a25b5d2 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -12,6 +12,7 @@ "bypass_monitor_header", "client_ip_extraction", "cors_support", + "credentials_intelligence", "csp_support", "css_ref", "cookie_v3", @@ -27,9 +28,9 @@ "filter_by_user_agent", "filter_by_extension", "first_party", + "header_based_logger", "js_ref", "logger", - "credentials_intelligence", "mobile_support", "module_enable", "module_mode", From ffe371d68b0faa7750731372d73cc0270f95db16 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Tue, 28 Nov 2023 08:39:57 +0200 Subject: [PATCH 02/12] Added changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 680c6b9..bf20f74 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [7.X.X] - 2023-XX-XX + +### Added + +- Support for header-based logger + ## [7.8.0] - 2023-05-16 ### Changed From 112855d3381289a34e5f255ed0fda493142e16f7 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Tue, 28 Nov 2023 08:49:28 +0200 Subject: [PATCH 03/12] change changelog file --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bf20f74..3ab4b77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ### Added - Support for header-based logger +- Added `sending_risk_timestamp` and `start_enforcer_timestamp` fields to enforcer activities. ## [7.8.0] - 2023-05-16 From cba6f1440adac030f7a1baabeb7d762b0a29fb32 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Tue, 28 Nov 2023 09:10:07 +0200 Subject: [PATCH 04/12] Fix --- lib/pxenforcer.js | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/pxenforcer.js b/lib/pxenforcer.js index 6ae97af..7c9bb37 100644 --- a/lib/pxenforcer.js +++ b/lib/pxenforcer.js @@ -80,12 +80,12 @@ class PerimeterXEnforcer { parseCookies(req, res).then(() => { enforcer.enforce(req, res, (err, response) => { let pxContext = null; + if (req.locals && req.locals.pxCtx) { + pxContext = req.locals.pxCtx; + } if (!err && response) { PerimeterXEnforcer.handleCallbackResponse(err, response, res); - if (req.locals && req.locals.pxCtx) { - pxContext = req.locals.pxCtx; - } enforcer.sendHeaderBasedLogs(pxContext, enforcer.config.conf, req); } else { //pass @@ -102,9 +102,6 @@ class PerimeterXEnforcer { } }); - if (req.locals && req.locals.pxCtx) { - pxContext = req.locals.pxCtx; - } enforcer.sendHeaderBasedLogs(pxContext, enforcer.config.conf, req); next(); From 14cb473cbb710c056a7798068ab509a09f4849e7 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 14 Dec 2023 12:18:53 +0200 Subject: [PATCH 05/12] update node core version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 74eba84..c83c20c 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "dependencies": { "axios": "^0.21.1", "cookie-parser": "^1.4.1", - "perimeterx-node-core": "^3.11.0" + "perimeterx-node-core": "^3.12.0" }, "devDependencies": { "chai": "^4.3.6", From 89045057d892903d05b8698c77e9743ff1f3623f Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 14 Dec 2023 12:48:39 +0200 Subject: [PATCH 06/12] update tests version --- .github/workflows/E2E_CI.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/E2E_CI.yaml b/.github/workflows/E2E_CI.yaml index e583831..b27d27f 100644 --- a/.github/workflows/E2E_CI.yaml +++ b/.github/workflows/E2E_CI.yaml @@ -67,7 +67,7 @@ jobs: with: repository: PerimeterX/connect-helm-charts token: ${{ secrets.CONNECT_PULL_TOKEN }} - ref: enforcer-spec-tests-0.6.0 + ref: enforcer-spec-tests-1.6.0 path: ./deploy_charts/enforcer-spec-tests From 71c55b0cad9b7de9058e69606fe380395aef0606 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 14 Dec 2023 12:56:15 +0200 Subject: [PATCH 07/12] update tests version --- .github/workflows/E2E_CI.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/E2E_CI.yaml b/.github/workflows/E2E_CI.yaml index b27d27f..c751e35 100644 --- a/.github/workflows/E2E_CI.yaml +++ b/.github/workflows/E2E_CI.yaml @@ -67,7 +67,7 @@ jobs: with: repository: PerimeterX/connect-helm-charts token: ${{ secrets.CONNECT_PULL_TOKEN }} - ref: enforcer-spec-tests-1.6.0 + ref: enforcer-spec-tests-0.6.7 path: ./deploy_charts/enforcer-spec-tests From 44c85c9fd16ceffc0c431c85855a6d3945a17599 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 14 Dec 2023 13:15:08 +0200 Subject: [PATCH 08/12] ignore tests with the old schema of the activities --- .github/workflows/E2E_CI.yaml | 2 +- px_metadata.json | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/E2E_CI.yaml b/.github/workflows/E2E_CI.yaml index c751e35..e583831 100644 --- a/.github/workflows/E2E_CI.yaml +++ b/.github/workflows/E2E_CI.yaml @@ -67,7 +67,7 @@ jobs: with: repository: PerimeterX/connect-helm-charts token: ${{ secrets.CONNECT_PULL_TOKEN }} - ref: enforcer-spec-tests-0.6.7 + ref: enforcer-spec-tests-0.6.0 path: ./deploy_charts/enforcer-spec-tests diff --git a/px_metadata.json b/px_metadata.json index a25b5d2..432362b 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -59,6 +59,14 @@ "test_page_requested_activity_cookie_origin", "test_block_page_hard_block_response", "test_risk_api_validate_cookie_origin", - "test_risk_cookie_valid_cookie_with_user_agent_bigger_than_max_length" + "test_risk_cookie_valid_cookie_with_user_agent_bigger_than_max_length", + "test_risk_api_schema", + "test_block_activity_schema", + "test_page_requested_activity_schema", + "test_risk_cookie_validate_client_uuid_in_risk_api", + "test_block_activity_headers", + "test_page_requested_activity_headers", + "test_sensitive_headers_removed_from_page_requested", + "test_sensitive_headers_removed_from_block" ] } \ No newline at end of file From d73210bf508bd10cccb6da360672f2a0e8a9a2dd Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Sun, 17 Dec 2023 09:32:53 +0200 Subject: [PATCH 09/12] fixed metadata --- px_metadata.json | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/px_metadata.json b/px_metadata.json index 432362b..d85cdc9 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -60,13 +60,9 @@ "test_block_page_hard_block_response", "test_risk_api_validate_cookie_origin", "test_risk_cookie_valid_cookie_with_user_agent_bigger_than_max_length", - "test_risk_api_schema", - "test_block_activity_schema", - "test_page_requested_activity_schema", + "test_(risk_api|block_activity|page_requested_activity)_schema", "test_risk_cookie_validate_client_uuid_in_risk_api", - "test_block_activity_headers", - "test_page_requested_activity_headers", - "test_sensitive_headers_removed_from_page_requested", - "test_sensitive_headers_removed_from_block" + "test_(block|page_requested)_activity_headers", + "test_sensitive_headers_removed_from_(block|page_requestd)" ] } \ No newline at end of file From a21d65af222658955be4031c3ac9cccccc7cd252 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 21 Dec 2023 10:30:57 +0200 Subject: [PATCH 10/12] fix metadata tests --- px_metadata.json | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/px_metadata.json b/px_metadata.json index d85cdc9..a465a8a 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -59,10 +59,14 @@ "test_page_requested_activity_cookie_origin", "test_block_page_hard_block_response", "test_risk_api_validate_cookie_origin", + "test_block_activity_headers", + "test_page_requested_activity_headers", + "test_sensitive_headers_removed_from_page_requested", + "test_sensitive_headers_removed_from_block", + "test_risk_api_schema", + "test_block_activity_schema", + "test_page_requested_activity_schema", "test_risk_cookie_valid_cookie_with_user_agent_bigger_than_max_length", - "test_(risk_api|block_activity|page_requested_activity)_schema", - "test_risk_cookie_validate_client_uuid_in_risk_api", - "test_(block|page_requested)_activity_headers", - "test_sensitive_headers_removed_from_(block|page_requestd)" + "test_risk_cookie_validate_client_uuid_in_risk_api" ] } \ No newline at end of file From f07cae200eeec77869a6c8e7078d2330f4aec6e2 Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 21 Dec 2023 10:49:21 +0200 Subject: [PATCH 11/12] release version 7.9.0 --- CHANGELOG.md | 4 ++-- README.md | 2 +- lib/pxenforcer.js | 2 +- package.json | 2 +- px_metadata.json | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ab4b77..e306345 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,12 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [7.X.X] - 2023-XX-XX +## [7.9.0] - 2023-12-21 ### Added - Support for header-based logger -- Added `sending_risk_timestamp` and `start_enforcer_timestamp` fields to enforcer activities. +- Added `risk_start_time` and `enforcer_start_time` fields to enforcer activities. ## [7.8.0] - 2023-05-16 diff --git a/README.md b/README.md index fbdb5e2..fdf01db 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ # [PerimeterX](http://www.perimeterx.com) Express.js Middleware -> Latest stable version: [v7.8.0](https://www.npmjs.com/package/perimeterx-node-express) +> Latest stable version: [v7.9.0](https://www.npmjs.com/package/perimeterx-node-express) ## Table of Contents diff --git a/lib/pxenforcer.js b/lib/pxenforcer.js index 7c9bb37..9746985 100644 --- a/lib/pxenforcer.js +++ b/lib/pxenforcer.js @@ -4,7 +4,7 @@ const { PxEnforcer, PxCdFirstParty } = require('perimeterx-node-core'); const PxExpressClient = require('./pxclient'); const PxCdEnforcer = require('./pxcdenforcer'); -const MODULE_VERSION = 'NodeJS Module v7.8.0'; +const MODULE_VERSION = 'NodeJS Module v7.9.0'; const MILLISECONDS_IN_MINUTE = 60000; function parseCookies(req, res) { diff --git a/package.json b/package.json index c83c20c..2726860 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "perimeterx-node-express", - "version": "7.8.0", + "version": "7.9.0", "description": "PerimeterX Express.js middleware to monitor and block traffic according to PerimeterX risk score", "main": "index.js", "directories": { diff --git a/px_metadata.json b/px_metadata.json index a465a8a..1cb9296 100644 --- a/px_metadata.json +++ b/px_metadata.json @@ -1,5 +1,5 @@ { - "version": "7.8.0", + "version": "7.9.0", "supported_features": [ "additional_activity_handler", "advanced_blocking_response", From 8653857d82fb04b28b851c0fb43d6f237ff2584f Mon Sep 17 00:00:00 2001 From: chen-zimmer-px Date: Thu, 21 Dec 2023 12:34:25 +0200 Subject: [PATCH 12/12] Update node core version --- CHANGELOG.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e306345..25529dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Support for header-based logger - Added `risk_start_time` and `enforcer_start_time` fields to enforcer activities. +- Added `failOnEmptyBody` flag for `callServer` to specify weather or not a request should fail if it has no body. +- Updated the configuration of PX first-party requests to include a connection timeout + +### Changed +- Updated the captcha template to handle empty captcha responses ## [7.8.0] - 2023-05-16 diff --git a/package.json b/package.json index 2726860..036bdeb 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "dependencies": { "axios": "^0.21.1", "cookie-parser": "^1.4.1", - "perimeterx-node-core": "^3.12.0" + "perimeterx-node-core": "^3.13.0" }, "devDependencies": { "chai": "^4.3.6",