@contrast/agent 4.12.0 → 4.13.0

package/lib/reporter/models/app-activity/sample.js

@@ -39,6 +39,12 @@ class Sample {
     this.input = input;
     this.request = appContext.request;
 
+    // extra info for processing at sink time.
+    // NOT TO BE INCLUDED IN ACTUAL DTM AT REPORTING TIME.
+    // This is particularly useful when using the agent lib for processing
+    // mongo expansion and injection.
+    this._inputInfoForSink = {};
+
     this.assessment = assessment;
 
     if (assessment) {

package/lib/reporter/ts-reporter.js

@@ -386,7 +386,7 @@ module.exports = class TSReporter {
     }
 
     if (!context) {
-      logger.warn(`StorageContext unavailable - unable to send 'Activity'`);
+      logger.warn('StorageContext unavailable - sendActivityMessage() failed');
       return;
     }
 

package/lib/util/get-file-type.js

@@ -0,0 +1,47 @@
+/**
+Copyright: 2022 Contrast Security, Inc
+  Contact: support@contrastsecurity.com
+  License: Commercial
+
+  NOTICE: This Software and the patented inventions embodied within may only be
+  used as part of Contrast Security’s commercial offerings. Even though it is
+  made available through public repositories, use of this Software is subject to
+  the applicable End User Licensing Agreement found at
+  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+  between Contrast Security and the End User. The Software may not be reverse
+  engineered, modified, repackaged, sold, redistributed or otherwise used in a
+  way not consistent with the End User License Agreement.
+*/
+'use strict';
+
+const path = require('path');
+const parent = require('parent-package-json');
+
+// eslint-disable-next-line complexity
+function getType(filename) {
+  const url = filename.startsWith('file://') ? filename : `file://${filename}`;
+
+  const { protocol, pathname } = new URL(url);
+
+  let parentType = 'commonjs';
+  try {
+    parentType = parent(pathname).parse().type;
+  } catch (err) {
+    // Node assumes `commonjs ` if there's no `type` set in package.json
+  }
+
+  if (protocol === 'node:') {
+    return 'builtin';
+  }
+  if (protocol === 'file:') {
+    const ext = path.extname(pathname);
+    if (ext === '.mjs' || (ext === '.js' && parentType === 'module')) {
+      return 'module';
+    } else if (ext === '.cjs' || (ext === '.js' && parentType !== 'module')) {
+      return 'commonjs';
+    }
+  }
+  return 'unknown';
+}
+
+module.exports = getType;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.12.0",
+  "version": "4.13.0",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -76,12 +76,13 @@
     "@babel/template": "^7.10.4",
     "@babel/traverse": "^7.12.1",
     "@babel/types": "^7.12.1",
+    "@contrast/agent-lib": "^2.2.3",
     "@contrast/distringuish-prebuilt": "^2.2.0",
     "@contrast/flat": "^4.1.1",
     "@contrast/fn-inspect": "^2.4.4",
     "@contrast/heapdump": "^1.1.0",
     "@contrast/protobuf-api": "^3.2.3",
-    "@contrast/require-hook": "^2.0.10",
+    "@contrast/require-hook": "^3.0.0",
     "@contrast/synchronous-source-maps": "^1.1.0",
     "amqp-connection-manager": "^3.2.2",
     "amqplib": "^0.8.0",
@@ -161,6 +162,7 @@
     "marsdb": "file:test/mock/marsdb",
     "mocha": "^9.2.0",
     "mochawesome": "^7.0.1",
+    "mock-fs": "^5.1.2",
     "mongodb": "file:test/mock/mongodb",
     "mongodb-npm": "npm:mongodb@^3.6.5",
     "mongoose": "^6.1.1",
@@ -179,7 +181,7 @@
     "rethinkdb": "file:test/mock/rethinkdb",
     "sequelize": "^6.11.0",
     "shellcheck": "^1.0.0",
-    "sinon": "^7.2.2",
+    "sinon": "^9.2.4",
     "sinon-chai": "^3.3.0",
     "sqlite3": "file:test/mock/sqlite3",
     "swig": "file:test/mock/swig",