aws-xray-sdk-mysql - npm Package Compare versions

Comparing version 3.4.1 to 3.5.0

lib/mysql_p.js

@@ -245,5 +245,3 @@ /**
           subsegment.close();
-        });
-
-        command.catch(errorCapturer);
+        }).catch (errorCapturer);
       } else {
@@ -258,3 +256,3 @@ command.on('end', function() {
 
-    subsegment.addSqlData(createSqlData(config, command));
+    subsegment.addSqlData(createSqlData(config, args.values, args.sql));
     subsegment.namespace = 'remote';
@@ -266,5 +264,14 @@
 
-function createSqlData(config, command) {
-  var commandType = command.values ? PREPARED : null;
-
+/**
+ * Generate a SQL data object.  Note that this implementation differs from
+ * that in postgres_p.js because the posgres client structures commands
+ * and prepared statements differently than mysql/mysql2.
+ *
+ * @param {object} config
+ * @param {any} values
+ * @param {string} sql
+ * @returns SQL data object
+ */
+function createSqlData(config, values, sql) {
+  var commandType = values ? PREPARED : null;
   var data = new SqlData(DATABASE_VERS, DRIVER_VERS, config.user,
@@ -274,3 +281,7 @@ config.host + ':' + config.port + '/' + config.database,
 
+  if (process.env.AWS_XRAY_COLLECT_SQL_QUERIES && sql) {
+    data.sanitized_query = sql;
+  }
+
   return data;
 }

package.json

 {
   "name": "aws-xray-sdk-mysql",
-  "version": "3.4.1",
+  "version": "3.5.0",
   "description": "AWS X-Ray Patcher for MySQL (Javascript)",
@@ -21,3 +21,3 @@ "author": "Amazon Web Services",
   "peerDependencies": {
-    "aws-xray-sdk-core": "^3.4.1"
+    "aws-xray-sdk-core": "^3.5.0"
   },
@@ -41,3 +41,3 @@ "scripts": {
   "repository": "https://github.com/aws/aws-xray-sdk-node/tree/master/packages/mysql",
-  "gitHead": "866f8240fa3120a4b5d933227f922507647c5944"
+  "gitHead": "0579d9c75e08f8747f9eb87596bea58a7d7e9e25"
 }

test/unit/mysql_p.test.js

@@ -144,3 +144,3 @@ var assert = require('chai').assert;
 
-        query.call(connectionObj, 'sql here');
+        query.call(connectionObj, 'sql here', [1]);
 
@@ -251,2 +251,30 @@ stubDataInit.should.have.been.calledWithExactly(undefined, undefined, config.user,
       });
+      it('should add query to the subsegments sql data when AWS_XRAY_COLLECT_SQL_QUERIES is truthy', function () {
+        sandbox.stub(process, 'env').value({ ...AWSXRay, 'AWS_XRAY_COLLECT_SQL_QUERIES': true });
+        var stubAddSql = sandbox.stub(subsegment, 'addSqlData');
+        var stubDataInit = sandbox.stub(SqlData.prototype, 'init');
+        var conParam = connectionObj.config;
+
+        query.call(connectionObj, 'sql here', [1]);
+
+        stubDataInit.should.have.been.calledWithExactly(process.env.MYSQL_DATABASE_VERSION, process.env.MYSQL_DRIVER_VERSION,
+          conParam.user, conParam.host + ':' + conParam.port + '/' + conParam.database, 'statement');
+        stubAddSql.should.have.been.calledWithExactly(sinon.match.instanceOf(SqlData));
+        stubAddSql.should.have.been.calledWithExactly(sinon.match.has('sanitized_query', 'sql here'));
+      });
+      it('should NOT add query to the subsegments sql data when AWS_XRAY_COLLECT_SQL_QUERIES is not set', function () {
+        sandbox.stub(process, 'env').value({ ...AWSXRay, 'AWS_XRAY_COLLECT_SQL_QUERIES': undefined });
+        var stubAddSql = sandbox.stub(subsegment, 'addSqlData');
+        var stubDataInit = sandbox.stub(SqlData.prototype, 'init');
+        var conParam = connectionObj.config;
+
+        query.call(connectionObj, 'sql here', [1]);
+
+        stubDataInit.should.have.been.calledWithExactly(process.env.MYSQL_DATABASE_VERSION, process.env.MYSQL_DRIVER_VERSION,
+          conParam.user, conParam.host + ':' + conParam.port + '/' + conParam.database, 'statement');
+        stubAddSql.should.have.been.calledWithExactly(sinon.match.instanceOf(SqlData));
+        sinon.assert.match(sinon.match, {
+          'sanitized_query': undefined
+        });
+      });
     });
@@ -349,3 +377,2 @@ });
       });
-
     });
@@ -436,3 +463,3 @@ });
 
-        query.call(connectionObj, 'sql here');
+        query.call(connectionObj, 'sql here', [1]);
 
@@ -533,3 +560,3 @@ stubDataInit.should.have.been.calledWithExactly(undefined, undefined, config.user,
 
-        query.call(connectionObj, 'sql here');
+        query.call(connectionObj, 'sql here', [1]);
 
@@ -681,3 +708,3 @@ stubDataInit.should.have.been.calledWithExactly(undefined, undefined, config.user,
 
-        query.call(connectionObj, 'sql here');
+        query.call(connectionObj, 'sql here', [1]);
 
@@ -684,0 +711,0 @@ stubDataInit.should.have.been.calledWithExactly(undefined, undefined, config.user,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

53684

increased by4.21%

Lines of code

953

increased by3.93%

Worsened metrics

Number of low supply chain risk alerts

8

increased by166.67%

No dependency changes