@contrast/agent
Advanced tools
Comparing version 2.13.0 to 2.13.3
25
cli.js
@@ -16,15 +16,18 @@ #!/usr/bin/env node | ||
*/ | ||
const path = require('path'); | ||
const fs = require('fs'); | ||
require('./loader.js'); | ||
let PATH; | ||
const loader = require('./agent-loader'); | ||
const isCli = true; | ||
// only requiring so we can inject mock for testing | ||
const process = require('process'); | ||
// for local development | ||
if (fs.existsSync(`${__dirname + path.sep}lib`)) { | ||
PATH = './lib/cli'; | ||
} else { | ||
PATH = './lib.asar/cli'; | ||
async function exec() { | ||
const { script, enabled } = await loader.init(process.argv, isCli); | ||
// only bootstrap if agent is enabled | ||
if (enabled) { | ||
await loader.bootstrap(process.argv); | ||
} | ||
await loader.run(process.argv[0], script); | ||
} | ||
const cli = require(PATH); | ||
cli.main(process.argv); | ||
exec(); |
127
loader.js
@@ -17,3 +17,2 @@ /** | ||
(function() { | ||
const hooker = require('hooker'); | ||
const Module = require('module'); | ||
@@ -23,5 +22,6 @@ const asar = require('asar'); | ||
const path = require('path'); | ||
const utils = module.exports; | ||
// Methods from Module | ||
function statPath(path) { | ||
utils.statPath = function(path) { | ||
try { | ||
@@ -33,7 +33,7 @@ return fs.statSync(path); | ||
return false; | ||
} | ||
}; | ||
// tryFile barrowed from pre 4.0 so we can hook fs.statSync and realpathSync | ||
function tryFile(requestPath) { | ||
const stats = statPath(requestPath); | ||
utils.tryFile = function(requestPath) { | ||
const stats = utils.statPath(requestPath); | ||
if (stats && !stats.isDirectory()) { | ||
@@ -43,7 +43,7 @@ return fs.realpathSync(requestPath, Module._realpathCache); | ||
return false; | ||
} | ||
}; | ||
function tryExtensions(p, exts) { | ||
utils.tryExtensions = function(p, exts) { | ||
for (let i = 0, EL = exts.length; i < EL; i++) { | ||
const filename = tryFile(p + exts[i]); | ||
const filename = utils.tryFile(p + exts[i]); | ||
@@ -55,6 +55,6 @@ if (filename) { | ||
return false; | ||
} | ||
}; | ||
function tryPackage(requestPath, exts) { | ||
const pkg = readPackage(requestPath); | ||
utils.tryPackage = function(requestPath, exts) { | ||
const pkg = utils.readPackage(requestPath); | ||
@@ -65,16 +65,16 @@ if (!pkg) return false; | ||
return ( | ||
tryFile(filename) || | ||
tryExtensions(filename, exts) || | ||
tryExtensions(path.resolve(filename, 'index'), exts) | ||
utils.tryFile(filename) || | ||
utils.tryExtensions(filename, exts) || | ||
utils.tryExtensions(path.resolve(filename, 'index'), exts) | ||
); | ||
} | ||
}; | ||
const packageMainCache = {}; | ||
function hasOwnProperty(obj, prop) { | ||
utils.hasOwnProperty = function(obj, prop) { | ||
return Object.prototype.hasOwnProperty.call(obj, prop); | ||
} | ||
}; | ||
function readPackage(requestPath) { | ||
if (hasOwnProperty(packageMainCache, requestPath)) { | ||
utils.readPackage = function(requestPath) { | ||
if (utils.hasOwnProperty(packageMainCache, requestPath)) { | ||
return packageMainCache[requestPath]; | ||
@@ -100,5 +100,5 @@ } | ||
return pkg; | ||
} | ||
}; | ||
const splitPath = function(p) { | ||
utils.splitPath = function(p) { | ||
if (typeof p !== 'string') { | ||
@@ -117,31 +117,54 @@ return [false]; | ||
hooker.hook(Module, '_findPath', { | ||
post(result, request, paths) { | ||
if (!paths) { | ||
return false; | ||
} | ||
const cacheKey = resolveCacheKey(request, paths); | ||
// https://github.com/nodejs/node/blob/57003520f83a9431dbef0dfce2edacf430923f20/lib/module.js | ||
const exts = Object.keys(Module._extensions); | ||
const trailingSlash = request.slice(-1) === path.sep; | ||
const origFindPath = Module._findPath; | ||
Module._findPath = function(...args) { | ||
const request = args[0]; | ||
let paths = args[1]; | ||
const result = origFindPath.call(this, ...args); | ||
if (request.charAt(0) === path.sep) { | ||
paths = ['']; | ||
} | ||
if (!paths) { | ||
return false; | ||
} | ||
const cacheKey = utils.resolveCacheKey(request, paths); | ||
// https://github.com/nodejs/node/blob/57003520f83a9431dbef0dfce2edacf430923f20/lib/module.js | ||
const exts = Object.keys(Module._extensions); | ||
const trailingSlash = request.slice(-1) === path.sep; | ||
if (Module._pathCache[cacheKey]) { | ||
return Module._pathCache[cacheKey]; | ||
} | ||
if (request.charAt(0) === path.sep) { | ||
paths = ['']; | ||
} | ||
return checkDependencies(paths, request, exts, cacheKey, trailingSlash); | ||
if (Module._pathCache[cacheKey]) { | ||
return Module._pathCache[cacheKey]; | ||
} | ||
}); | ||
function resolveCacheKey(request, paths) { | ||
const override = utils.checkDepsForFile( | ||
paths, | ||
request, | ||
exts, | ||
cacheKey, | ||
trailingSlash | ||
); | ||
// if we're still not in the cache after our operations | ||
// we want to return the original result as a failsafe | ||
if (override) return override; | ||
return result; | ||
}; | ||
utils.resolveCacheKey = function(request, paths) { | ||
return `${request}\x00${ | ||
paths.length === 1 ? paths[0] : paths.join('\x00') | ||
}`; | ||
} | ||
}; | ||
function checkDependencies(paths, request, exts, cacheKey, trailingSlash) { | ||
// check if any of the loaded dependencies contain a module we | ||
// want to override the default with. Otherwise, the loader will | ||
// just used the default given by the original function | ||
utils.checkDepsForFile = function( | ||
paths, | ||
request, | ||
exts, | ||
cacheKey, | ||
trailingSlash | ||
) { | ||
for (let i = 0; i < paths.length; i++) { | ||
@@ -154,3 +177,4 @@ const basePath = path.resolve(paths[i], request); | ||
// try it with each of the extensions | ||
filename = tryFile(basePath) || tryExtensions(basePath, exts); | ||
filename = | ||
utils.tryFile(basePath) || utils.tryExtensions(basePath, exts); | ||
} | ||
@@ -160,5 +184,5 @@ | ||
filename = | ||
tryPackage(basePath, exts) || | ||
utils.tryPackage(basePath, exts) || | ||
// try it with each of the extensions at "index" | ||
tryExtensions(path.resolve(basePath, 'index'), exts); | ||
utils.tryExtensions(path.resolve(basePath, 'index'), exts); | ||
} | ||
@@ -168,6 +192,7 @@ | ||
Module._pathCache[cacheKey] = filename; | ||
return hooker.override(filename); | ||
return filename; | ||
} | ||
} | ||
} | ||
return false; | ||
}; | ||
@@ -226,3 +251,3 @@ // TODO fork require asar-require to add these fixes. | ||
const [path] = args; | ||
const [isAsar, asarPath, filePath] = splitPath(path); | ||
const [isAsar, asarPath, filePath] = utils.splitPath(path); | ||
@@ -253,3 +278,3 @@ if (!isAsar) { | ||
const [path] = args; | ||
const [isAsar, asarPath, filePath] = splitPath(path); | ||
const [isAsar, asarPath, filePath] = utils.splitPath(path); | ||
if (!isAsar) { | ||
@@ -265,3 +290,3 @@ return statSync.apply(this, args); | ||
const [p] = args; | ||
const [isAsar, asarPath, fp] = splitPath(p); | ||
const [isAsar, asarPath, fp] = utils.splitPath(p); | ||
let filePath = fp; | ||
@@ -282,3 +307,3 @@ if (!isAsar) { | ||
const [path, callback] = args; | ||
const [isAsar, asarPath, filePath] = splitPath(path); | ||
const [isAsar, asarPath, filePath] = utils.splitPath(path); | ||
if (!isAsar) { | ||
@@ -303,3 +328,3 @@ return readdir.apply(this, args); | ||
const [path] = args; | ||
const [isAsar, asarPath, filePath] = splitPath(path); | ||
const [isAsar, asarPath, filePath] = utils.splitPath(path); | ||
@@ -306,0 +331,0 @@ if (!isAsar) { |
{ | ||
"name": "@contrast/agent", | ||
"version": "2.13.0", | ||
"version": "2.13.3", | ||
"description": "Node.js security instrumentation by Contrast Security", | ||
@@ -25,2 +25,3 @@ "keywords": [ | ||
"docs": "jsdoc -c ../.jsdoc.json", | ||
"release": "scripts/make-release.js", | ||
"test:debug": "scripts/test.sh debug", | ||
@@ -37,3 +38,2 @@ "test": "scripts/test.sh", | ||
"fix": "eslint . --fix", | ||
"preversion": "npm run test:no-cov", | ||
"postversion": "scripts/npm-publish.sh", | ||
@@ -59,4 +59,6 @@ "postpublish": "git add package.json package-lock.json; git commit -m 'bumping version'; git push origin; git push origin --tags" | ||
"bin/**", | ||
"agent-loader.js", | ||
"loader.js", | ||
"cli.js" | ||
"cli.js", | ||
"bootstrap.js" | ||
], | ||
@@ -69,6 +71,8 @@ "repository": { | ||
"@contrast/distringuish-prebuilt": "^1.8.6", | ||
"@contrast/escodegen": "^1.11.3", | ||
"@contrast/escodegen": "^1.15.1", | ||
"@contrast/estraverse": "^5.1.0", | ||
"@contrast/flat": "^4.1.1", | ||
"@contrast/heapdump": "^0.3.13", | ||
"@contrast/protobuf-api": "^1.7.0", | ||
"@contrast/trumpet": "^1.8.0", | ||
"asar": "^3.0.1", | ||
@@ -79,3 +83,3 @@ "base64url": "^3.0.1", | ||
"cls-hooked": "^4.2.2", | ||
"commander": "^2.19.0", | ||
"commander": "^5.0.0", | ||
"content-security-policy-parser": "^0.2.0", | ||
@@ -85,5 +89,3 @@ "cookie": "^0.3.1", | ||
"crc-32": "^1.0.0", | ||
"estraverse": "^4.2.0", | ||
"gunzip-maybe": "^1.4.1", | ||
"hooker": "^0.2.3", | ||
"ipaddr.js": "^1.8.1", | ||
@@ -102,3 +104,2 @@ "js-yaml": "^3.13.1", | ||
"semver": "^5.6.0", | ||
"trumpet": "^1.7.2", | ||
"winston": "^3.1.0", | ||
@@ -134,5 +135,6 @@ "winston-daily-rotate-file": "^3.5.1", | ||
"marsdb": "file:test/mock/marsdb", | ||
"mocha": "^5.2.0", | ||
"mocha": "^7.1.1", | ||
"mongodb": "file:test/mock/mongodb", | ||
"mustache": "^3.0.1", | ||
"mysql": "file:test/mock/mysql", | ||
"nock": "^12.0.3", | ||
@@ -148,5 +150,7 @@ "npm-license-crawler": "^0.2.0", | ||
"sqlite3": "file:test/mock/sqlite3", | ||
"xunit-file": "1.0.0" | ||
"typeorm": "file:test/mock/typeorm", | ||
"xunit-file": "1.0.0", | ||
"yargs-interactive": "^3.0.0" | ||
}, | ||
"main": "cli.js", | ||
"main": "bootstrap.js", | ||
"directories": { | ||
@@ -153,0 +157,0 @@ "test": "test" |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
132895249
34
12
376
51
42
5
1
+ Added@contrast/estraverse@^5.1.0
+ Added@contrast/trumpet@^1.8.0
+ Added@contrast/estraverse@5.1.0(transitive)
+ Added@contrast/html-select@2.4.0(transitive)
+ Added@contrast/trumpet@1.8.0(transitive)
+ Addedbuffer-from@0.1.2(transitive)
+ Addedhtml-tokenize@2.0.1(transitive)
+ Addedminimist@1.2.8(transitive)
- Removedestraverse@^4.2.0
- Removedhooker@^0.2.3
- Removedtrumpet@^1.7.2
- Removedcommander@2.20.3(transitive)
- Removedhooker@0.2.3(transitive)
- Removedhtml-select@2.3.24(transitive)
- Removedhtml-tokenize@1.2.5(transitive)
- Removedminimist@0.0.10(transitive)
- Removedtrumpet@1.7.2(transitive)
Updated@contrast/escodegen@^1.15.1
Updatedcommander@^5.0.0