@contrast/agent 4.12.1 → 4.13.1

package/lib/reporter/models/app-activity/sample.js

@@ -39,6 +39,12 @@ class Sample {
     this.input = input;
     this.request = appContext.request;
 
+    // extra info for processing at sink time.
+    // NOT TO BE INCLUDED IN ACTUAL DTM AT REPORTING TIME.
+    // This is particularly useful when using the agent lib for processing
+    // mongo expansion and injection.
+    this._inputInfoForSink = {};
+
     this.assessment = assessment;
 
     if (assessment) {

package/lib/reporter/speedracer/unknown-connection-state.js

@@ -46,28 +46,23 @@ class UnknownConnectionState extends BaseConnectionState {
    * @param {SpeedracerBaseMessage} message
    * @returns {Promise}
    */
-  send(message) {
-    const { speedracer } = this;
-    return new Promise(async (resolve, reject) => {
+  async send(message) {
+    try {
+      const clientResponse = await super.send(message);
+      this.speedracer.transitionConnectionState(SUCCESS);
+      return clientResponse;
+    } catch (err) {
+      // See if we need to start or wait for service
       try {
-        const clientResponse = await super.send(message);
-        speedracer.transitionConnectionState(SUCCESS);
-        resolve(clientResponse);
+        await this.handleSendFailure(err);
+        await this.retryInitialization();
+        const result = await this.speedracer.send(message);
+        return result;
       } catch (err) {
-        // See if we need to start or wait for service
-        try {
-          await this.handleSendFailure(err);
-          await this.retryInitialization();
-          // eslint-disable-next-line prettier/prettier
-          speedracer.send(message)
-            .then((r) => resolve(r))
-            .catch((e) => reject(e));
-        } catch (err) {
-          speedracer.transitionConnectionState(FAILURE);
-          reject(err);
-        }
+        this.speedracer.transitionConnectionState(FAILURE);
+        throw err;
       }
-    });
+    }
   }
 
   /**
@@ -106,25 +101,18 @@ class UnknownConnectionState extends BaseConnectionState {
    * messages.
    * @returns {Promise}
    */
-  retryInitialization() {
+  async retryInitialization() {
     const startup = this.speedracer.messageCache.get('startup');
     const appcreate = this.speedracer.messageCache.get('appcreate');
 
     if (!startup || !appcreate) return Promise.resolve();
 
-    return new Promise(async (resolve, reject) => {
-      this.speedracer.logger.debug(
-        'Sending initialization messages to service'
-      );
+    this.speedracer.logger.debug(
+      'Sending initialization messages to service'
+    );
 
-      try {
-        await this.speedracer.send(startup);
-        await this.speedracer.send(appcreate);
-        resolve();
-      } catch (err) {
-        reject(err);
-      }
-    });
+    await this.speedracer.send(startup);
+    await this.speedracer.send(appcreate);
   }
 
   /**

package/lib/reporter/translations/to-protobuf/settings/assess-features.js

@@ -36,7 +36,6 @@ function AssessFeatures({
   validatorScopes,
   validators = []
 } = {}) {
-  /* eslint-disable no-sparse-arrays, prettier/prettier */
   return new settings.AssessFeatures([
     enabled, //                                                   1              enabled
     dynamicSources, //                                            2      dynamic_sources
@@ -52,13 +51,12 @@ function AssessFeatures({
     validators.map(CustomRuleFeature).map(v => v.array), //      12           validators
     disabledRules, //                                            13       disabled_rules (deprecated)
     Sampling(sampling).array, //                                 14             sampling
-    , //                                                         15                    -
-    , //                                                         16                    -
-    , //                                                         17                    -
-    , //                                                         18                    -
+    undefined, //                                                15                    -
+    undefined, //                                                16                    -
+    undefined, //                                                17                    -
+    undefined, //                                                18                    -
     [] //                                                        19  dynamic_sources_map
   ]);
-  /* eslint-enable */
 }
 
 function AssessStacktrace(stacktraces) {

package/lib/reporter/ts-reporter.js

@@ -386,7 +386,7 @@ module.exports = class TSReporter {
     }
 
     if (!context) {
-      logger.warn(`StorageContext unavailable - unable to send 'Activity'`);
+      logger.warn('StorageContext unavailable - sendActivityMessage() failed');
       return;
     }
 

package/lib/util/get-file-type.js

@@ -0,0 +1,43 @@
+/**
+Copyright: 2022 Contrast Security, Inc
+  Contact: support@contrastsecurity.com
+  License: Commercial
+
+  NOTICE: This Software and the patented inventions embodied within may only be
+  used as part of Contrast Security’s commercial offerings. Even though it is
+  made available through public repositories, use of this Software is subject to
+  the applicable End User Licensing Agreement found at
+  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+  between Contrast Security and the End User. The Software may not be reverse
+  engineered, modified, repackaged, sold, redistributed or otherwise used in a
+  way not consistent with the End User License Agreement.
+*/
+'use strict';
+
+const path = require('path');
+const parent = require('parent-package-json');
+
+// eslint-disable-next-line complexity
+function getType(filename) {
+  if (filename.startsWith('node:')) {
+    return 'builtin';
+  }
+  filename = filename.replace('file://', '');
+
+  let parentType = 'commonjs';
+  try {
+    parentType = parent(filename).parse().type;
+  } catch (err) {
+    // Node assumes `commonjs ` if there's no `type` set in package.json
+  }
+
+  const ext = path.extname(filename);
+  if (ext === '.mjs' || (ext === '.js' && parentType === 'module')) {
+    return 'module';
+  } else if (ext === '.cjs' || (ext === '.js' && parentType !== 'module')) {
+    return 'commonjs';
+  }
+  return 'unknown';
+}
+
+module.exports = getType;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.12.1",
+  "version": "4.13.1",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -29,8 +29,8 @@
   ],
   "scripts": {
     "docs": "jsdoc -c ../.jsdoc.json",
-    "release": "scripts/make-release.js",
-    "tag": "scripts/tag-release.js",
+    "release": "node scripts/make-release.js",
+    "tag": "node scripts/tag-release.js",
     "test:debug": "scripts/test.sh debug",
     "test": "scripts/test.sh",
     "test:screener": "mocha --parallel test/screener/**/*test.js",
@@ -76,12 +76,13 @@
     "@babel/template": "^7.10.4",
     "@babel/traverse": "^7.12.1",
     "@babel/types": "^7.12.1",
+    "@contrast/agent-lib": "^2.2.3",
     "@contrast/distringuish-prebuilt": "^2.2.0",
     "@contrast/flat": "^4.1.1",
     "@contrast/fn-inspect": "^2.4.4",
     "@contrast/heapdump": "^1.1.0",
     "@contrast/protobuf-api": "^3.2.3",
-    "@contrast/require-hook": "^2.0.10",
+    "@contrast/require-hook": "^3.0.0",
     "@contrast/synchronous-source-maps": "^1.1.0",
     "amqp-connection-manager": "^3.2.2",
     "amqplib": "^0.8.0",
@@ -116,14 +117,14 @@
   "devDependencies": {
     "@aws-sdk/client-dynamodb": "^3.39.0",
     "@bmacnaughton/string-generator": "^1.0.0",
-    "@contrast/eslint-config": "^3.0.0-beta.4",
+    "@contrast/eslint-config": "^3.0.0",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
     "@contrast/screener-service": "^1.12.9",
     "@hapi/boom": "file:test/mock/boom",
     "@hapi/hapi": "file:test/mock/hapi",
     "@ls-lint/ls-lint": "^1.8.1",
-    "@typescript-eslint/eslint-plugin": "^5.12.0",
-    "@typescript-eslint/parser": "^5.12.0",
+    "@typescript-eslint/eslint-plugin": "^5.12.1",
+    "@typescript-eslint/parser": "^5.12.1",
     "ajv": "^8.5.0",
     "ast-types": "^0.12.4",
     "aws-sdk": "file:test/mock/aws-sdk",
@@ -141,10 +142,8 @@
     "ejs": "^3.1.6",
     "escape-html": "^1.0.3",
     "eslint": "^8.9.0",
-    "eslint-config-prettier": "^8.3.0",
     "eslint-plugin-mocha": "^10.0.3",
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-prettier": "^4.0.0",
     "express": "file:test/mock/express",
     "fetch-cookie": "^0.11.0",
     "form-data": "^3.0.0",
@@ -161,6 +160,7 @@
     "marsdb": "file:test/mock/marsdb",
     "mocha": "^9.2.0",
     "mochawesome": "^7.0.1",
+    "mock-fs": "^5.1.2",
     "mongodb": "file:test/mock/mongodb",
     "mongodb-npm": "npm:mongodb@^3.6.5",
     "mongoose": "^6.1.1",
@@ -173,13 +173,12 @@
     "nyc": "^15.1.0",
     "pg": "file:test/mock/pg",
     "pino": "^6.7.0",
-    "prettier": "^2.5.1",
     "proxyquire": "^2.1.0",
     "qs": "^6.9.4",
     "rethinkdb": "file:test/mock/rethinkdb",
     "sequelize": "^6.11.0",
     "shellcheck": "^1.0.0",
-    "sinon": "^7.2.2",
+    "sinon": "^9.2.4",
     "sinon-chai": "^3.3.0",
     "sqlite3": "file:test/mock/sqlite3",
     "swig": "file:test/mock/swig",

package/perf-logs.js

@@ -104,7 +104,6 @@ async function processFile(filename, filter, group) {
         continue;
       }
       if (!group) {
-        // eslint-disable-next-line no-console
         console.log(JSON.stringify(data, null, 4));
       } else {
         const key = filter
@@ -125,7 +124,6 @@ async function processFile(filename, filter, group) {
   }
 
   if (group) {
-    // eslint-disable-next-line no-console
     console.log(JSON.stringify(Object.values(merged), null, 4));
   }
 }
@@ -148,10 +146,9 @@ if (program.filter) {
   try {
     filterRegex = new RegExp(program.filter);
   } catch (e) {
-    // eslint-disable-next-line no-console
     console.error('invalid filter regex');
-    // eslint-disable-next-line no-process-exit
-    process.exit(-1);
+    process.exit(-1); // eslint-disable-line no-process-exit
+
   }
 }