@contrast/agent 4.10.6 → 4.12.1

package/bin/VERSION

@@ -1 +1 @@
-2.28.13
+2.28.17

package/lib/agent.js

@@ -31,8 +31,13 @@ class ContrastAgent {
   constructor() {
     /**
      * Instance of AppInfo containing application information.
-     * @member */
+     * @type {import('./app-info')}
+     */
     this.appInfo = null;
+
+    /** @type {import('./telemetry') */
+    this.telemetry = null;
+
     /**
      * Holds user settings for the agent
      * @member */
@@ -94,7 +99,9 @@ class ContrastAgent {
      */
     this.argv = process.argv;
     this.tsFeatureSet._subscribers.push(this.agentEmitter);
-    this.exclusions = new ExclusionFactory({ featureSet: this.tsFeatureSet });
+    this.exclusions = new ExclusionFactory({
+      featureSet: this.tsFeatureSet
+    });
     this.agentEmitter.on('application-settings', (applicationSettings) => {
       this.exclusions.updateSettings({
         settings: applicationSettings,

package/lib/app-info.js

@@ -14,87 +14,123 @@ Copyright: 2022 Contrast Security, Inc
 */
 'use strict';
 const os = require('os');
+const fs = require('fs');
 const path = require('path');
-
+const parentPackageJson = require('parent-package-json');
+const semver = require('semver');
+const { AGENT_INFO } = require('./constants');
 const logger = require('./core/logger')('contrast:appInfo');
-const fileFinder = require('./util/file-finder');
-const {
-  AGENT_INFO: { VERSION }
-} = require('./constants');
+
+const isContainer = () => {
+  try {
+    fs.statSync('/.dockerenv');
+    return true;
+  } catch (err) {
+    // if no docker env, check /proc/self/cgroup
+  }
+
+  try {
+    return fs.readFileSync('/proc/self/cgroup', 'utf8').includes('docker');
+  } catch (err) {
+    // if file not present,
+    return false;
+  }
+};
 
 /**
  * An AppInfo instance carries properties of the application being instrumented,
  * such as OS-related information, hostname, name and version information. The
  * name, version, and package.json data
  *
- * @class
- * @param {String} script File name/location for the app.
- * @param {} options Current configuration for the agent
- *
  * TODO(ehden): I'd like to get rid of this and put it more inline with what's happening in config/util.js,
  * but that's a bigger refactor and out of the scope of common config work.
  */
 class AppInfo {
+  /**
+   * @param {string} script File name/location for the app.
+   * @param {any} config Current configuration for the agent
+   */
   constructor(script, config) {
+    this.indexFile = path.resolve(script);
+    let isDir = false;
+
+    try {
+      const stats = fs.statSync(script);
+      isDir = stats.isDirectory();
+    } catch (err) {
+      // if we can't stat the start script we'll likely throw unless `app_root`
+      // is set. We'll let the logic below handle that.
+    }
+
     this.os = {
-      type: os.type(),
-      platform: os.platform(),
       architecture: os.arch(),
-      release: os.release()
+      platform: os.platform(),
+      release: os.release(),
+      type: os.type()
     };
     this.hostname = os.hostname();
-    const cmd = path.resolve(script);
-    logger.info('finding package.json for %s', cmd);
-    this.path = AppInfo.resolveAppPath(
-      config.agent.node.app_root,
-      path.dirname(cmd)
+    this.isContainer = isContainer();
+
+    logger.info('finding package.json for %s', this.indexFile);
+
+    // If started with `script` as a directory, append a file similar to below.
+    if (isDir) {
+      this.indexFile = path.join(this.indexFile, 'index.js');
+    }
+
+    const manifest = parentPackageJson(
+      // The `parent-package-json` library expects the start path to be a file,
+      // not a directory, so we append `package.json`. This lets us use the lib
+      // without changing the expected config option.
+      config.agent.node.app_root
+        ? path.join(config.agent.node.app_root, 'package.json')
+        : this.indexFile
     );
-    config.agent.node.app_root = this.path;
 
-    try {
-      this.appPackage = require(this.path);
-    } catch (e) {
+    if (!manifest) {
       throw new Error("Unable to find application's package.json.");
     }
-    this.name = config.application.name || this.appPackage.name;
 
-    const packageVersion = this.appPackage.version;
-    this.version = config.application.version || packageVersion;
-    this.serverVersion = config.server.version || VERSION;
+    /**
+     * Path to the application's package.json
+     * @type {string}
+     */
+    this.path = manifest.path;
+    logger.info('using package.json at %s', this.path);
 
-    logger.info('using appname %s', this.name);
+    /**
+     * Actual application location (directory containing package.json)
+     * @type {string}
+     */
+    this.appDir = path.dirname(this.path);
 
-    this.node_version = process.version;
-    this.app_dir = path.dirname(this.path);
-    this.appPath = config.application.path || this.app_dir;
-    this.indexFile = script; // cli.js, app.js, index.js, server.js... etc
-    this.serverName = config.server.name;
-    this.serverEnvironment = config.server.environment;
-  }
-
-  /**
-   * Returns the location of the app package
-   *
-   * @param {string} appRoot config.agent.node.app_root
-   * @param {string} scriptPath directory the script is in
-   * @returns {string} location of the app package
-   */
-  static resolveAppPath(appRoot, scriptPath) {
-    let packageLocation;
+    /**
+     * Contents of the application's package.json
+     * @type {Record<string, any>}
+     */
+    this.appPackage = manifest.parse();
 
-    if (appRoot) {
-      packageLocation = fileFinder.findFile(appRoot, 'package.json');
+    if (isDir) {
+      this.indexFile = path.resolve(this.appDir, this.appPackage.main);
     }
 
-    if (!packageLocation) {
-      packageLocation = fileFinder.findFile(scriptPath, 'package.json');
-    }
+    this.name = config.application.name || this.appPackage.name;
+    logger.info('using appname %s', this.name);
 
-    if (packageLocation) {
-      logger.info('using package.json at %s', packageLocation);
-    }
+    this.version = config.application.version || this.appPackage.version;
+    this.serverVersion = config.server.version || AGENT_INFO.VERSION;
 
-    return packageLocation;
+    this.nodeVersion = process.version;
+    this.nodeVersionMajor = semver.major(this.nodeVersion);
+
+    /**
+     * Configured application path to report
+     * @type {string}
+     */
+    this.appPath = config.application.path || this.appDir;
+
+    this.serverName = config.server.name;
+    this.serverEnvironment = config.server.environment;
   }
 }
 

package/lib/assess/loopback4/route-coverage.js

@@ -24,7 +24,7 @@ const { funcinfo } = require('@contrast/fn-inspect');
 class RouteCoverage {
   constructor(agent) {
     this.routes = new Map();
-    this.appDir = agent.appInfo.app_dir;
+    this.appDir = agent.appInfo.appDir;
     moduleHook.resolve(
       { name: '@loopback/rest', file: 'dist/router/routing-table.js' },
       this.patchRoutingTable.bind(this)

package/lib/contrast.js

@@ -1,4 +1,3 @@
-#!/usr/bin/env node
 /**
 Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
@@ -13,13 +12,8 @@ Copyright: 2022 Contrast Security, Inc
   engineered, modified, repackaged, sold, redistributed or otherwise used in a
   way not consistent with the End User License Agreement.
 */
-/**
- * Process flows to bootstrapping user code with the node agent code
- *
- * @module lib/contrastAgent
- *
- */
 'use strict';
+
 const { program } = require('./core/config/options');
 const path = require('path');
 const os = require('os');
@@ -27,8 +21,6 @@ const semver = require('semver');
 const colors = require('./util/colors');
 const { AGENT_INFO } = require('./constants');
 const { VERSION, SUPPORTED_VERSIONS, NAME } = AGENT_INFO;
-const contrastAgent = module.exports;
-const Promise = require('bluebird');
 const Module = require('module');
 const sourceMapUtility = require('./util/source-map');
 const loggerFactory = require('./core/logger');
@@ -43,10 +35,18 @@ function getAgentSnippet() {
 }
 
 let AppInfo,
+  /** @type {import('./agent')} */
   agent = {},
   TSReporter,
-  tracker,
-  instrument;
+  instrument,
+  /** @type {import('./telemetry')} */
+  Telemetry,
+  tracker;
+
+/**
+ * Process flows to bootstrapping user code with the node agent code
+ */
+const contrastAgent = module.exports;
 
 /**
  * Who doesn't like ASCII art. Displays Matt's cat when CONTRAST_CAT env var is set to MATT
@@ -56,7 +56,6 @@ contrastAgent.showBanner = function showBanner() {
     const fs = require('fs');
     const file = path.resolve(__dirname, 'cat.txt');
     const cat = fs.readFileSync(file, 'utf8');
-    // eslint-disable-next-line no-console
     console.log(colors.red(cat));
   }
 
@@ -71,9 +70,10 @@ contrastAgent.showBanner = function showBanner() {
 contrastAgent.doImports = function doImports() {
   AppInfo = require('./app-info');
   agent = require('./agent');
-  tracker = require('./tracker');
   TSReporter = require('./reporter/ts-reporter');
   instrument = require('./instrumentation');
+  Telemetry = require('./telemetry');
+  tracker = require('./tracker');
 };
 
 /**
@@ -229,7 +229,7 @@ contrastAgent.prepare = function(...args) {
 
     if (isCli) {
       logger.error(
-        `DEPRECATED: Agent is started as runner. Please use '%s'`,
+        "DEPRECATED: Agent is started as runner. Please use '%s'",
         getAgentSnippet()
       );
     } else {
@@ -256,7 +256,7 @@ contrastAgent.prepare = function(...args) {
     }
 
     if (config.agent.node.dev.global_tracker) {
-      logger.debug('>> config.agent.node.dev.global_tracker enabled <<'); // eslint-disable-line
+      logger.debug('>> config.agent.node.dev.global_tracker enabled <<');
       global.contrast_tracker = tracker;
     }
 
@@ -271,13 +271,12 @@ contrastAgent.prepare = function(...args) {
 
     config.version = semver.valid(semver.coerce(VERSION));
     agent.appInfo = app;
+    agent.telemetry = new Telemetry(agent, config);
 
     config.override('application.name', app.name);
 
     sourceMapUtility.init(agent);
 
-    contrastAgent.logRewriteCacheInfo(agent);
-
     // return to startup if agent is enabled
     return config.enable;
   });
@@ -306,6 +305,7 @@ contrastAgent.bootstrap = function(args) {
         agent.clearIntervals();
         return;
       } else {
+        contrastAgent.logRewriteCacheInfo(agent);
         return instrument(agent, reporter);
       }
     })
@@ -358,12 +358,11 @@ contrastAgent.init = async function(args, isCli = false) {
       }
     })
     .on('--help', function() {
-      // eslint-disable-next-line no-console
-      console.log(`
-Example:
-${colors.cyan(
-  `    $ ${getAgentSnippet()} -c ../contrast_security.yaml -- --appArg1 --appArg2 -e -t -c`
-)}`);
+      console.log('Example:');
+      console.log(
+        colors.cyan('\t$ %s -c ../contrast_security.yaml -- --appArg1 --appArg2 -e -t -c'),
+        getAgentSnippet(),
+      );
     });
 
   await program.parseAsync(args);
@@ -407,7 +406,9 @@ contrastAgent.resetArgs = function(nodePath, script) {
   process.argv = agent.config
     ? [nodePath, script].concat(agent.config.application.args)
     : process.argv;
-  const isPrimary = !agent.hasOwnProperty('cluster') || agent.cluster.isPrimary;
+  const isPrimary =
+    !Object.prototype.hasOwnProperty.call(agent, 'cluster') ||
+    agent.cluster.isPrimary;
   const location = isPrimary ? 'Entering main' : 'Entering fork';
 
   logger.debug('%s at %s', location, script);