@datadog/native-iast-rewriter
Advanced tools
Nodejs native AST rewriter heavily based on Speedy Web Compiler o SWC compiler used to instrument Javascript source files.
+ and +=, template literals and some String methodsconst Rewriter = require('@datadog/native-iast-rewriter')
const rewriter = new Rewriter(rewriterConfig)
const result = rewriter.rewrite(code, filename)
RewriterConfig {
// enable/disable sourceMap chaining - false by default
chainSourceMap?: boolean
// enable/disable comments printing - false by default
comments?: boolean
// establishes the prefix for the injected local variables - 6 random characters by default
localVarPrefix?: string
// sets the list of methods or operators to be rewritten
csiMethods?: Array<CsiMethod>
// extracts hardcoded string literals - true by default
literals?: boolean
}
CsiMethod {
// name of the String method to rewrite
src: string
// optional name of the replacement method. If not specified a convention shall be used
dst?: string
// indicates if it is an operator like +
operator?: boolean
}
const Rewriter = require('@datadog/native-iast-rewriter')
const rewriterConfig = {
csiMethods: [{ src: 'substring' }],
localVarPrefix: 'test',
}
const rewriter = new Rewriter(rewriterConfig)
const code = `function sub(a) {
return a.substring(1)
}`
const result = rewriter.rewrite(code, filename)
console.log(result.content)
/*
function sub(a) {
let __datadog_test_0, __datadog_test_1;
return (__datadog_test_0 = a, __datadog_test_1 = __datadog_test_0.substring, _ddiast.stringSubstring(__datadog_test_1.call(__datadog_test_0, 1), __datadog_test_1, __datadog_test_0, 1));
}
*/
To set up the project locally, you should install cargo and wasm-pack:
$ curl https://sh.rustup.rs -sSf | sh
$ cargo install wasm-pack
and project dependencies:
$ npm install
Build the project with
$ npm run build
It will compile WASM binaries by default and then it will be possible to run the tests with
$ npm t
FAQs
Datadog IAST instrumentation addon for NodeJS
We found that @datadog/native-iast-rewriter demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.