Socket
Socket
Sign inDemoInstall

@contrast/agent

Package Overview
Dependencies
228
Maintainers
8
Versions
276
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.13.0 to 2.13.3

agent-loader.js
bootstrap.js

25

cli.js

@@ -16,15 +16,18 @@ #!/usr/bin/env node

*/
const path = require('path');
const fs = require('fs');
require('./loader.js');
let PATH;
const loader = require('./agent-loader');
const isCli = true;
// only requiring so we can inject mock for testing
const process = require('process');
// for local development
if (fs.existsSync(`${__dirname + path.sep}lib`)) {
PATH = './lib/cli';
} else {
PATH = './lib.asar/cli';
async function exec() {
const { script, enabled } = await loader.init(process.argv, isCli);
// only bootstrap if agent is enabled
if (enabled) {
await loader.bootstrap(process.argv);
}
await loader.run(process.argv[0], script);
}
const cli = require(PATH);
cli.main(process.argv);
exec();

127

loader.js

@@ -17,3 +17,2 @@ /**

(function() {
const hooker = require('hooker');
const Module = require('module');

@@ -23,5 +22,6 @@ const asar = require('asar');

const path = require('path');
const utils = module.exports;
// Methods from Module
function statPath(path) {
utils.statPath = function(path) {
try {

@@ -33,7 +33,7 @@ return fs.statSync(path);

return false;
}
};
// tryFile barrowed from pre 4.0 so we can hook fs.statSync and realpathSync
function tryFile(requestPath) {
const stats = statPath(requestPath);
utils.tryFile = function(requestPath) {
const stats = utils.statPath(requestPath);
if (stats && !stats.isDirectory()) {

@@ -43,7 +43,7 @@ return fs.realpathSync(requestPath, Module._realpathCache);

return false;
}
};
function tryExtensions(p, exts) {
utils.tryExtensions = function(p, exts) {
for (let i = 0, EL = exts.length; i < EL; i++) {
const filename = tryFile(p + exts[i]);
const filename = utils.tryFile(p + exts[i]);

@@ -55,6 +55,6 @@ if (filename) {

return false;
}
};
function tryPackage(requestPath, exts) {
const pkg = readPackage(requestPath);
utils.tryPackage = function(requestPath, exts) {
const pkg = utils.readPackage(requestPath);

@@ -65,16 +65,16 @@ if (!pkg) return false;

return (
tryFile(filename) ||
tryExtensions(filename, exts) ||
tryExtensions(path.resolve(filename, 'index'), exts)
utils.tryFile(filename) ||
utils.tryExtensions(filename, exts) ||
utils.tryExtensions(path.resolve(filename, 'index'), exts)
);
}
};
const packageMainCache = {};
function hasOwnProperty(obj, prop) {
utils.hasOwnProperty = function(obj, prop) {
return Object.prototype.hasOwnProperty.call(obj, prop);
}
};
function readPackage(requestPath) {
if (hasOwnProperty(packageMainCache, requestPath)) {
utils.readPackage = function(requestPath) {
if (utils.hasOwnProperty(packageMainCache, requestPath)) {
return packageMainCache[requestPath];

@@ -100,5 +100,5 @@ }

return pkg;
}
};
const splitPath = function(p) {
utils.splitPath = function(p) {
if (typeof p !== 'string') {

@@ -117,31 +117,54 @@ return [false];

hooker.hook(Module, '_findPath', {
post(result, request, paths) {
if (!paths) {
return false;
}
const cacheKey = resolveCacheKey(request, paths);
// https://github.com/nodejs/node/blob/57003520f83a9431dbef0dfce2edacf430923f20/lib/module.js
const exts = Object.keys(Module._extensions);
const trailingSlash = request.slice(-1) === path.sep;
const origFindPath = Module._findPath;
Module._findPath = function(...args) {
const request = args[0];
let paths = args[1];
const result = origFindPath.call(this, ...args);
if (request.charAt(0) === path.sep) {
paths = [''];
}
if (!paths) {
return false;
}
const cacheKey = utils.resolveCacheKey(request, paths);
// https://github.com/nodejs/node/blob/57003520f83a9431dbef0dfce2edacf430923f20/lib/module.js
const exts = Object.keys(Module._extensions);
const trailingSlash = request.slice(-1) === path.sep;
if (Module._pathCache[cacheKey]) {
return Module._pathCache[cacheKey];
}
if (request.charAt(0) === path.sep) {
paths = [''];
}
return checkDependencies(paths, request, exts, cacheKey, trailingSlash);
if (Module._pathCache[cacheKey]) {
return Module._pathCache[cacheKey];
}
});
function resolveCacheKey(request, paths) {
const override = utils.checkDepsForFile(
paths,
request,
exts,
cacheKey,
trailingSlash
);
// if we're still not in the cache after our operations
// we want to return the original result as a failsafe
if (override) return override;
return result;
};
utils.resolveCacheKey = function(request, paths) {
return `${request}\x00${
paths.length === 1 ? paths[0] : paths.join('\x00')
}`;
}
};
function checkDependencies(paths, request, exts, cacheKey, trailingSlash) {
// check if any of the loaded dependencies contain a module we
// want to override the default with. Otherwise, the loader will
// just used the default given by the original function
utils.checkDepsForFile = function(
paths,
request,
exts,
cacheKey,
trailingSlash
) {
for (let i = 0; i < paths.length; i++) {

@@ -154,3 +177,4 @@ const basePath = path.resolve(paths[i], request);

// try it with each of the extensions
filename = tryFile(basePath) || tryExtensions(basePath, exts);
filename =
utils.tryFile(basePath) || utils.tryExtensions(basePath, exts);
}

@@ -160,5 +184,5 @@

filename =
tryPackage(basePath, exts) ||
utils.tryPackage(basePath, exts) ||
// try it with each of the extensions at "index"
tryExtensions(path.resolve(basePath, 'index'), exts);
utils.tryExtensions(path.resolve(basePath, 'index'), exts);
}

@@ -168,6 +192,7 @@

Module._pathCache[cacheKey] = filename;
return hooker.override(filename);
return filename;
}
}
}
return false;
};

@@ -226,3 +251,3 @@ // TODO fork require asar-require to add these fixes.

const [path] = args;
const [isAsar, asarPath, filePath] = splitPath(path);
const [isAsar, asarPath, filePath] = utils.splitPath(path);

@@ -253,3 +278,3 @@ if (!isAsar) {

const [path] = args;
const [isAsar, asarPath, filePath] = splitPath(path);
const [isAsar, asarPath, filePath] = utils.splitPath(path);
if (!isAsar) {

@@ -265,3 +290,3 @@ return statSync.apply(this, args);

const [p] = args;
const [isAsar, asarPath, fp] = splitPath(p);
const [isAsar, asarPath, fp] = utils.splitPath(p);
let filePath = fp;

@@ -282,3 +307,3 @@ if (!isAsar) {

const [path, callback] = args;
const [isAsar, asarPath, filePath] = splitPath(path);
const [isAsar, asarPath, filePath] = utils.splitPath(path);
if (!isAsar) {

@@ -303,3 +328,3 @@ return readdir.apply(this, args);

const [path] = args;
const [isAsar, asarPath, filePath] = splitPath(path);
const [isAsar, asarPath, filePath] = utils.splitPath(path);

@@ -306,0 +331,0 @@ if (!isAsar) {

26

package.json
{
"name": "@contrast/agent",
"version": "2.13.0",
"version": "2.13.3",
"description": "Node.js security instrumentation by Contrast Security",

@@ -25,2 +25,3 @@ "keywords": [

"docs": "jsdoc -c ../.jsdoc.json",
"release": "scripts/make-release.js",
"test:debug": "scripts/test.sh debug",

@@ -37,3 +38,2 @@ "test": "scripts/test.sh",

"fix": "eslint . --fix",
"preversion": "npm run test:no-cov",
"postversion": "scripts/npm-publish.sh",

@@ -59,4 +59,6 @@ "postpublish": "git add package.json package-lock.json; git commit -m 'bumping version'; git push origin; git push origin --tags"

"bin/**",
"agent-loader.js",
"loader.js",
"cli.js"
"cli.js",
"bootstrap.js"
],

@@ -69,6 +71,8 @@ "repository": {

"@contrast/distringuish-prebuilt": "^1.8.6",
"@contrast/escodegen": "^1.11.3",
"@contrast/escodegen": "^1.15.1",
"@contrast/estraverse": "^5.1.0",
"@contrast/flat": "^4.1.1",
"@contrast/heapdump": "^0.3.13",
"@contrast/protobuf-api": "^1.7.0",
"@contrast/trumpet": "^1.8.0",
"asar": "^3.0.1",

@@ -79,3 +83,3 @@ "base64url": "^3.0.1",

"cls-hooked": "^4.2.2",
"commander": "^2.19.0",
"commander": "^5.0.0",
"content-security-policy-parser": "^0.2.0",

@@ -85,5 +89,3 @@ "cookie": "^0.3.1",

"crc-32": "^1.0.0",
"estraverse": "^4.2.0",
"gunzip-maybe": "^1.4.1",
"hooker": "^0.2.3",
"ipaddr.js": "^1.8.1",

@@ -102,3 +104,2 @@ "js-yaml": "^3.13.1",

"semver": "^5.6.0",
"trumpet": "^1.7.2",
"winston": "^3.1.0",

@@ -134,5 +135,6 @@ "winston-daily-rotate-file": "^3.5.1",

"marsdb": "file:test/mock/marsdb",
"mocha": "^5.2.0",
"mocha": "^7.1.1",
"mongodb": "file:test/mock/mongodb",
"mustache": "^3.0.1",
"mysql": "file:test/mock/mysql",
"nock": "^12.0.3",

@@ -148,5 +150,7 @@ "npm-license-crawler": "^0.2.0",

"sqlite3": "file:test/mock/sqlite3",
"xunit-file": "1.0.0"
"typeorm": "file:test/mock/typeorm",
"xunit-file": "1.0.0",
"yargs-interactive": "^3.0.0"
},
"main": "cli.js",
"main": "bootstrap.js",
"directories": {

@@ -153,0 +157,0 @@ "test": "test"

bin/linux/contrast-service

Sorry, the diff of this file is not supported yet

bin/mac/contrast-service

Sorry, the diff of this file is not supported yet

bin/VERSION

Sorry, the diff of this file is not supported yet

bin/windows/contrast-service.exe

Sorry, the diff of this file is not supported yet

lib.asar

Sorry, the diff of this file is not supported yet

README

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc