@contrast/agent-bundle 5.39.1 → 5.40.0

package/node_modules/@contrast/library-analysis/lib/install/library-reporting/index.js

@@ -73,7 +73,6 @@ module.exports = function init(core) {
   } = core;
 
   const libPathHashMap = new Map();
-
   /**
    * @returns {Promise<string | undefined>}
    */
@@ -100,6 +99,14 @@ module.exports = function init(core) {
 
   const libraryReporting = core.libraryAnalysis.libraryReporting = {
     async install() {
+      const topLevelPkgInfo = core.appInfo.pkg;
+      if (!topLevelPkgInfo) {
+        logger.warn('Unable to get top-level package.json; aborting library analysis. Ensure the `agent.node.app_root` configuration variable is set to the directory containing your `node_modules` folder.');
+        return;
+      }
+
+      const { dependencies: topLevelDependencies } = topLevelPkgInfo;
+
       const nodeModulesPath = await getNodeModulesPath();
       if (!nodeModulesPath) {
         logger.warn('Unable to determine the location of the `node_modules` directory; aborting library analysis. Ensure the `agent.node.app_root` configuration variable is set to the directory containing your `node_modules` folder.');
@@ -108,7 +115,7 @@ module.exports = function init(core) {
 
       try {
         const flatAgentDeps = flattenDeps(agentDeps);
-        const npmData = listInstalled(nodeModulesPath, flatAgentDeps, logger);
+        const npmData = listInstalled(topLevelDependencies, nodeModulesPath, flatAgentDeps, logger);
         processDependencies(npmData, libPathHashMap, logger);
       } catch (err) {
         logger.warn({ err }, 'Unable to perform library analysis.');

package/node_modules/@contrast/library-analysis/lib/install/library-reporting/utils.js

@@ -19,6 +19,27 @@ const path = require('path');
 
 const { primordials: { JSONParse } } = require('@contrast/common');
 
+function parsePackage(filePath, logger) {
+  const pkgPath = path.join(filePath, 'package.json');
+  if (!fs.existsSync(pkgPath)) return;
+
+  const pkg = fs.readFileSync(pkgPath, 'utf-8');
+  if (!pkg) {
+    logger.warn('Error reading package.json for %s', pkgPath);
+    return;
+  }
+
+  if (typeof pkg !== 'string') return;
+
+  let pkgInfo;
+  try {
+    pkgInfo = JSONParse(pkg);
+  } catch (err) {
+    logger.warn({ err }, 'Error parsing package.json for %s', pkgPath);
+  }
+  return pkgInfo;
+}
+
 // Just used, for now, to flatten the agent dependencies stored in dep.json
 function flattenDeps(deps, flatDeps = {}) {
   Object.entries(deps.dependencies).forEach(([key, val]) => {
@@ -31,59 +52,48 @@ function flattenDeps(deps, flatDeps = {}) {
   return flatDeps;
 }
 
-function listInstalled(nodeModulesPath, agentDeps, logger, installed = new Map()) {
+function listInstalled(topLevelDeps, nodeModulesPath, agentDeps, logger, installed = new Map()) {
 
   if (!fs.existsSync(nodeModulesPath)) return;
 
   function traversePackage(filePath, checkingAgentDeps = false) {
-    const pkgPath = path.join(filePath, 'package.json');
-    if (!fs.existsSync(pkgPath)) return;
-
-    const pkg = fs.readFileSync(pkgPath, 'utf-8');
-    try {
-      if (typeof pkg === 'string') {
-        const pkgInfo = JSONParse(pkg);
-        pkgInfo.path = filePath;
-
-        const { name } = pkgInfo;
-        const pkgId = `${name}:${pkgInfo?.version}`;
-        if (installed.has(pkgId)) return;
-
-        // The library we are checking is a known agent dependency
-        // store its path so if it turns out to also be an app
-        // dependency we can go back and traverse it later
-        if (!checkingAgentDeps && agentDeps[name]) {
-          agentDeps[name] = { filePath };
-          return;
-        }
-
-        installed.set(pkgId, pkgInfo);
-
-        // Looks in a library's package.json for dependencies shared by the agent
-        // if one is found, go back and traverse it
-        ['dependencies', 'peerDependencies', 'optionalDependencies'].forEach((deps) => {
-          if (pkgInfo?.[deps]) {
-            Object.entries(pkgInfo[deps]).forEach(([key]) => {
-              if (agentDeps[key]) {
-                const { filePath } = agentDeps[key];
-                agentDeps[key] = false;
-                if (filePath) traversePackage(filePath, true);
-              }
-            });
+    const pkgInfo = parsePackage(filePath, logger);
+    if (!pkgInfo) return;
+
+    pkgInfo.path = filePath;
+
+    const { name } = pkgInfo;
+    const pkgId = `${name}:${pkgInfo?.version}`;
+    if (installed.has(pkgId)) return;
+
+    // The library we are checking is a known agent dependency
+    // store its path so if it turns out to also be an app
+    // dependency we can go back and traverse it later
+    if (!checkingAgentDeps && agentDeps[name] && !topLevelDeps[name]) {
+      agentDeps[name] = { filePath };
+      return;
+    }
+
+    installed.set(pkgId, pkgInfo);
+
+    // Looks in a library's package.json for dependencies shared by the agent
+    // if one is found, go back and traverse it
+    ['dependencies', 'peerDependencies', 'optionalDependencies'].forEach((deps) => {
+      if (pkgInfo?.[deps]) {
+        Object.entries(pkgInfo[deps]).forEach(([key]) => {
+          if (agentDeps[key]) {
+            const { filePath } = agentDeps[key];
+            agentDeps[key] = false;
+            if (filePath) traversePackage(filePath, true);
           }
         });
-      } else {
-        logger.warn('Error reading package.json for %s', pkgPath);
       }
-    } catch (err) {
-      logger.warn(err);
-      logger.warn('Error parsing package.json for %s', pkgPath);
-    }
+    });
 
     // If a library contains its own node_modules directory
     const filePathNodeModulesPath = path.join(filePath, 'node_modules');
     if (fs.existsSync(filePathNodeModulesPath)) {
-      listInstalled(filePathNodeModulesPath, agentDeps, logger, installed);
+      listInstalled(topLevelDeps, filePathNodeModulesPath, agentDeps, logger, installed);
     }
   }
 
@@ -110,6 +120,7 @@ function listInstalled(nodeModulesPath, agentDeps, logger, installed = new Map()
 }
 
 module.exports = {
+  parsePackage,
   flattenDeps,
-  listInstalled
+  listInstalled,
 };

package/node_modules/@contrast/library-analysis/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/library-analysis",
-  "version": "1.44.1",
+  "version": "1.44.2",
   "description": "Handles library reporting and library usage analysis",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
   },
   "dependencies": {
     "@contrast/code-events": "^3.1.0",
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/logger": "1.27.1",
+    "@contrast/logger": "1.27.2",
     "semver": "^7.6.0"
   }
 }

package/node_modules/@contrast/logger/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/logger",
-  "version": "1.27.1",
+  "version": "1.27.2",
   "description": "Centralized logging for Contrast agent services",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,8 +21,8 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
     "pino": "^8.15.0"
   }
 }

package/node_modules/@contrast/metrics/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/metrics",
-  "version": "1.31.1",
+  "version": "1.31.2",
   "description": "Records and logs route latency",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/dep-hooks": "1.23.1",
-    "@contrast/logger": "1.27.1",
-    "@contrast/patcher": "1.26.1"
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
+    "@contrast/dep-hooks": "1.23.2",
+    "@contrast/logger": "1.27.2",
+    "@contrast/patcher": "1.26.2"
   }
 }

package/node_modules/@contrast/patcher/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/patcher",
-  "version": "1.26.1",
+  "version": "1.26.2",
   "description": "Advanced monkey patching--registers hooks to run in and around functions",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,6 +20,6 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/logger": "1.27.1"
+    "@contrast/logger": "1.27.2"
   }
 }

package/node_modules/@contrast/protect/lib/input-analysis/index.js

@@ -27,7 +27,7 @@ module.exports = function(core) {
   require('./install/http')(core);
 
   // common libraries instrumentation
-  require('./install/body-parser1')(core);
+  require('./install/body-parser')(core);
   require('./install/cookie-parser1')(core);
   require('./install/formidable1')(core);
   require('./install/koa-body5')(core);

package/node_modules/@contrast/protect/lib/input-analysis/install/{body-parser1.js → body-parser.js}

@@ -62,7 +62,7 @@ module.exports = (core) => {
 
   // Patch body parser - `body-parser` used by `express` framework
   function install() {
-    depHooks.resolve({ name: 'body-parser', version: '<2' }, (bodyParser) => {
+    depHooks.resolve({ name: 'body-parser', version: '<3' }, (bodyParser) => {
       const origBodyParser = bodyParser;
 
       const { json: origJson, raw: origRaw, text: origText, urlencoded: origUrlencoded } = bodyParser;

package/node_modules/@contrast/protect/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/protect",
-  "version": "1.64.1",
+  "version": "1.64.2",
   "description": "Contrast service providing framework-agnostic Protect support",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,16 +21,16 @@
   },
   "dependencies": {
     "@contrast/agent-lib": "^9.1.0",
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/core": "1.54.1",
-    "@contrast/dep-hooks": "1.23.1",
-    "@contrast/esm-hooks": "2.28.1",
-    "@contrast/instrumentation": "1.33.1",
-    "@contrast/logger": "1.27.1",
-    "@contrast/patcher": "1.26.1",
-    "@contrast/rewriter": "1.30.1",
-    "@contrast/scopes": "1.24.1",
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
+    "@contrast/core": "1.54.2",
+    "@contrast/dep-hooks": "1.23.2",
+    "@contrast/esm-hooks": "2.28.2",
+    "@contrast/instrumentation": "1.33.2",
+    "@contrast/logger": "1.27.2",
+    "@contrast/patcher": "1.26.2",
+    "@contrast/rewriter": "1.30.2",
+    "@contrast/scopes": "1.24.2",
     "async-hook-domain": "^4.0.1",
     "ipaddr.js": "^2.0.1",
     "on-finished": "^2.4.1",

package/node_modules/@contrast/reporter/lib/reporters/contrast-ui/endpoints/routes-observed.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const v1_endpoint_1 = __importDefault(require("./v1-endpoint"));
+const common_1 = require("@contrast/common");
 class RoutesObserved extends v1_endpoint_1.default {
     constructor(core, uiReporter) {
         super(core, {
@@ -13,7 +14,7 @@ class RoutesObserved extends v1_endpoint_1.default {
     }
     async post(route) {
         const { client, core: { config }, } = this;
-        const PROD = config.getEffectiveSource('server.environment');
+        const PROD = config.getEffectiveSource('server.environment') == common_1.ServerEnvironment.PRODUCTION;
         const session_id = config.getEffectiveValue('application.session_id');
         await client.post(this.appUrl('/observed'), {
             /**

package/node_modules/@contrast/reporter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/reporter",
-  "version": "1.51.1",
+  "version": "1.51.2",
   "description": "Subscribes to agent messages and reports them",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,12 +21,12 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/core": "1.54.1",
-    "@contrast/logger": "1.27.1",
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
+    "@contrast/core": "1.54.2",
+    "@contrast/logger": "1.27.2",
     "@contrast/perf": "1.3.1",
-    "@contrast/scopes": "1.24.1",
+    "@contrast/scopes": "1.24.2",
     "axios": "^1.7.4",
     "crc-32": "^1.2.2",
     "safe-stable-stringify": "^2.4.1",

package/node_modules/@contrast/rewriter/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/rewriter",
-  "version": "1.30.1",
+  "version": "1.30.2",
   "description": "A transpilation tool mainly used for instrumentation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,10 +21,10 @@
   },
   "dependencies": {
     "@contrast/agent-swc-plugin": "3.0.0",
-    "@contrast/common": "1.34.1",
-    "@contrast/config": "1.49.1",
-    "@contrast/core": "1.54.1",
-    "@contrast/logger": "1.27.1",
+    "@contrast/common": "1.34.2",
+    "@contrast/config": "1.49.2",
+    "@contrast/core": "1.54.2",
+    "@contrast/logger": "1.27.2",
     "@swc/core": "1.11.24"
   }
 }

package/node_modules/@contrast/route-coverage/lib/index.d.ts

@@ -23,11 +23,13 @@ import { Scopes } from '@contrast/scopes';
 export { RouteInfo };
 
 export interface RouteCoverage extends Installable {
+  _normalizedUrlMapper: any;
   discover(info: RouteInfo): void;
   discoveryFinished(): void;
   queue(info: RouteInfo): void;
   queuingFinished(): void;
   observe(info: RouteInfo): void;
+  uriPathToNormalizedUrl(uriPath: string): string;
 }
 
 export interface Core {

package/node_modules/@contrast/route-coverage/lib/index.js

@@ -44,8 +44,11 @@ module.exports = function init(core) {
     },
 
     discover(info) {
+      const id = routeIdentifier(info.method, info.signature);
+      if (routeInfo.get(id)) return;
+
       logger.trace({ info }, 'Discovered new route:');
-      routeInfo.set(routeIdentifier(info.method, info.signature), info);
+      routeInfo.set(id, info);
       this._normalizedUrlMapper.handleDiscover(info);
 
     },
@@ -67,7 +70,7 @@ module.exports = function init(core) {
       if (routeQueue.size === 1) {
         setTimeout(() => {
           this.discoveryFinished();
-        }, 10000);
+        }, 10_000);
       }
     },
 
@@ -99,16 +102,12 @@ module.exports = function init(core) {
       route.method = info.method;
       route.url = info.url;
       const store = scopes.sources.getStore();
-      if (store && !store.route) {
-        store.route = route;
-      }
 
+      if (store) store.route = route;
       if (recentlyObserved.has(route.signature)) return;
 
       recentlyObserved.add(route.signature);
-
       logger.trace({ info }, 'Observed route:');
-
       // these events need source correlation
       messages.emit(Event.ROUTE_COVERAGE_OBSERVATION, {
         ...route,
@@ -122,7 +121,6 @@ module.exports = function init(core) {
     },
   };
 
-  require('./install/http')(core);
   require('./install/express')(core);
   require('./install/fastify')(core);
   require('./install/graphql')(core);
@@ -130,5 +128,13 @@ module.exports = function init(core) {
   require('./install/koa')(core);
   require('./install/restify')(core);
 
+  messages.on(Event.SERVER_LISTENING, () => {
+    // we wait to report in timers event loop phase, this way we can
+    // have components respond to this synchronously to finalize discovery
+    setImmediate(() => {
+      core.routeCoverage.discoveryFinished();
+    });
+  });
+
   return routeCoverage;
 };