@contrast/agent 4.27.2 → 4.28.1

package/bin/VERSION

@@ -1 +1 @@
-2.28.22
+2.28.23

package/bootstrap.js

@@ -44,8 +44,12 @@ Module.runMain = async function (...args) {
 
     const diagnostics = process.env['CONTRAST__AGENT__DIAGNOSTICS__ENABLE'];
     if (diagnostics === 'true') {
-      // eslint-disable-next-line no-process-exit
-      process.exit(0);
+      // Delay just a little bit, so the console.log() in config-diagnostics can finish
+      // Might wanna look for a better solution
+      setTimeout(() => {
+        // eslint-disable-next-line no-process-exit
+        process.exit(0);
+      }, 100); // not sure why so long, in v5 it only needed 5ms more
     }
 
     loader.logTime(startTime, 'agent');

package/config-diagnostics.js

@@ -20,11 +20,11 @@ const path = require('path');
 
 const HELP_MESSAGE = `
 Description:
-  The read-contrast-config utility returns the current effective node agent configuration.
+  The config-diagnostics utility returns the current effective node agent configuration.
 
 Usage:
-  npx -p @contrast/agent read-contrast-config <path/to/entry/script> [options]
-  npx -p @contrast/agent read-contrast-config --help
+  npx -p @contrast/agent config-diagnostics <path/to/entry/script> [options]
+  npx -p @contrast/agent config-diagnostics --help
 
 Options:
   --quiet      -q     Prevents output of the report to the console.
@@ -76,7 +76,9 @@ const diagnostics = {
 
   executeNodeAgent(args) {
     let agentEnvArgs =
-      'CONTRAST__SHOW__BANNER=false CONTRAST__AGENT__DIAGNOSTICS__ENABLE=true';
+      'CONTRAST__SHOW__BANNER=false ' +
+      'CONTRAST__AGENT__DIAGNOSTICS__ENABLE=true ' +
+      'CONTRAST__AGENT__SYSTEM_DIAGNOSTICS__ENABLE=false';
 
     if (!args.quiet) {
       agentEnvArgs = `${agentEnvArgs} CONTRAST__AGENT__DIAGNOSTICS__QUIET=false`;

package/lib/assess/express/route-coverage.js

@@ -12,7 +12,7 @@ Copyright: 2022 Contrast Security, Inc
   engineered, modified, repackaged, sold, redistributed or otherwise used in a
   way not consistent with the End User License Agreement.
 */
-'use stict';
+'use strict';
 
 const agentEmitter = require('../../agent-emitter');
 const logger = require('../../core/logger')('contrast:express:route-coverage');
@@ -70,7 +70,7 @@ class ExpressRouteCoverage {
     const { args, result: router } = wrapCtx;
     const layer = Helpers.getLastLayer(router);
 
-    if (!layer) {
+    if (!layer || !layer.route || !layer.route.stack) {
       return;
     }
 
@@ -106,7 +106,7 @@ class ExpressRouteCoverage {
 
     const layer = Helpers.getLastLayer(app._router);
 
-    if (!layer || !layer.route) {
+    if (!layer || !layer.route || !layer.route.stack) {
       return;
     }
 

package/lib/contrast.js

@@ -26,6 +26,7 @@ const sourceMapUtility = require('./util/source-map');
 const loggerFactory = require('./core/logger');
 const logger = loggerFactory('contrast:contrast-init');
 const { outputAgentConfigFile } = require('./util/config-diagnostics-utils');
+const { fetchSystemInfo, outputSystemInfo } = require('../system-diagnostics');
 
 function getAgentSnippet() {
   // getting reference to name every time for testing purposes
@@ -335,6 +336,11 @@ contrastAgent.bootstrap = function(args) {
       } catch (err) {
         outputAgentConfigFile(agent, options, args, err);
       }
+
+      if (!(process.env['CONTRAST__AGENT__SYSTEM_DIAGNOSTICS__ENABLE'] === 'false')) {
+        const info = fetchSystemInfo();
+        outputSystemInfo({ skip: false, quiet: true, output: 'contrast_system_info.json' }, info);
+      }
     });
 };
 

package/lib/core/express/utils.js

@@ -372,6 +372,8 @@ const handleUseDecoration = (self, event, className) => {
  * @param {Layer[]} stack Express application stack
  */
 const instrumentHandler = (layer, id, self, stack) => {
+  if (!layer) return;
+
   const methodName = getLayerHandleMethod(layer);
 
   patcher.patch(layer, methodName, {
@@ -471,14 +473,16 @@ class RouteCoverage {
             alwaysRun: true,
             pre(data) {
               // There's a new stack item for each fn handler.
-              data.nextIdx = this.stack.length;
+              if (this.stack) {
+                data.nextIdx = this.stack.length;
+              }
             },
             post(data) {
               // if the stack didn't actually grow
               // ie if router.get('/') with no callback is called
               // This is done to cache routes in Express, so we want to
-              // skip this.
-              if (this.stack.length === data.nextIdx) {
+              // skip this. In older versions of express stack will be undefined.
+              if (!this.stack || this.stack.length === data.nextIdx) {
                 logger.debug('express router called without a callback.');
                 data.result = undefined;
                 return;

package/lib/util/config-diagnostics-utils.js

@@ -29,25 +29,25 @@ function getLoggerValues(option, config, tsData) {
       tsValue = tsData.logFile;
       break;
     case 'agent.security_logger.syslog.enable':
-      tsValue = tsData.defend.syslog.enabled;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.enabled;
       break;
     case 'agent.security_logger.syslog.ip':
-      tsValue = tsData.defend.syslog.ipAddress;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.ipAddress;
       break;
     case 'agent.security_logger.syslog.port':
-      tsValue = tsData.defend.syslog.port;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.port;
       break;
     case 'agent.security_logger.syslog.fascility':
-      tsValue = tsData.defend.syslog.fascilityCode;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.fascilityCode;
       break;
     case 'agent.security_logger.syslog.severity_exploited':
-      tsValue = tsData.defend.syslog.severityExploited;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.severityExploited;
       break;
     case 'agent.security_logger.syslog.severity_blocked':
-      tsValue = tsData.defend.syslog.severityBlocked;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.severityBlocked;
       break;
     case 'agent.security_logger.syslog.severity_probed':
-      tsValue = tsData.defend.syslog.severityProbed;
+      tsValue = tsData.defend.syslog && tsData.defend.syslog.severityProbed;
       break;
     default:
       break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.27.2",
+  "version": "4.28.1",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -55,7 +55,8 @@
     "node-contrast": "cli.js",
     "perf-logs": "perf-logs.js",
     "contrast-transpile": "cli-rewriter.js",
-    "read-contrast-config": "config-diagnostics.js"
+    "config-diagnostics": "config-diagnostics.js",
+    "system-diagnostics": "system-diagnostics.js"
   },
   "files": [
     "bin/**",
@@ -66,7 +67,8 @@
     "esm.mjs",
     "perf-logs.js",
     "cli-rewriter.js",
-    "config-diagnostics.js"
+    "config-diagnostics.js",
+    "system-diagnostics.js"
   ],
   "repository": {
     "type": "git"
@@ -119,7 +121,7 @@
     "@bmacnaughton/string-generator": "^1.0.0",
     "@contrast/eslint-config": "^3.0.2",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
-    "@contrast/screener-service": "^1.12.9",
+    "@contrast/screener-service": "^1.12.12",
     "@hapi/boom": "file:test/mock/boom",
     "@hapi/hapi": "file:test/mock/hapi",
     "@ls-lint/ls-lint": "^1.11.2",

package/system-diagnostics.js

@@ -0,0 +1,183 @@
+#!/usr/bin/env node
+/**
+Copyright: 2022 Contrast Security, Inc
+  Contact: support@contrastsecurity.com
+  License: Commercial
+
+  NOTICE: This Software and the patented inventions embodied within may only be
+  used as part of Contrast Security’s commercial offerings. Even though it is
+  made available through public repositories, use of this Software is subject to
+  the applicable End User Licensing Agreement found at
+  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+  between Contrast Security and the End User. The Software may not be reverse
+  engineered, modified, repackaged, sold, redistributed or otherwise used in a
+  way not consistent with the End User License Agreement.
+*/
+'use strict';
+
+const path = require('path');
+const fs = require('fs');
+const os = require('os');
+const pkg = require('./package');
+const { setup } = require('./lib/core/config/util');
+const logger = require('./lib/core/logger')('contrast:system-diagnostics');
+
+const HELP_MESSAGE = `
+Description:
+  The system-diagnostics utility returns the system info for the server/container the agent is running on.
+
+Usage:
+  npx -p @contrast/agent system-diagnostics --help
+  npx -p @contrast/agent system-diagnostics [options]
+
+Options:
+  --quiet      -q     Prevents output of the report to the console.
+  --output     -o     The directory to write the report in. Defaults to the current directory.
+`;
+
+function isContainer() {
+  try {
+    fs.statSync('/.dockerenv');
+    return true;
+  } catch (err) {
+    // if no docker env, check /proc/self/cgroup
+  }
+
+  try {
+    return fs.readFileSync('/proc/self/cgroup', 'utf8').includes('docker');
+  } catch (err) {
+    return false;
+  }
+}
+
+function isUsingPM2() {
+  const used = !!process.env.pmx;
+  let version = null;
+
+  for (const pathVar of ['npm_package_json', 'PWD']) {
+    let packagePath;
+    if (packagePath = process.env[pathVar]) {
+      try {
+        version = require(path.join(packagePath, 'package.json'));
+      } catch(err) {
+        //
+      }
+    }
+    if (version) break;
+  }
+
+  return { used, version };
+}
+
+const diagnostics = {
+  parseArgv(argv) {
+    const args = {
+      help: false,
+      output: 'contrast_system_info.json',
+      quiet: false,
+    };
+
+    for (let i = 0; i < argv.length; i++) {
+      const arg = argv[i];
+
+      switch (arg) {
+        case '--help':
+          args.help = true;
+          return args;
+        case '--output':
+        case '-o': {
+          // grab the next value and skip in the next loop
+          const output = argv[++i];
+          if (!output) {
+            throw new Error('Expected a value to be provided after --output');
+          }
+          args.output = output;
+          break;
+        }
+        case '--quiet':
+        case '-q':
+          args.quiet = true;
+          break;
+        default:
+          if (!arg.startsWith('-')) {
+            args.entry = arg;
+          }
+          break;
+      }
+    }
+
+    return args;
+  },
+
+  outputSystemInfo(args, info) {
+    try {
+      fs.accessSync(path.join(args.output, '..'), fs.constants.RDWD_OK);
+      fs.writeFileSync(args.output, JSON.stringify(info, null, 2), 'utf-8');
+    } catch (err) {
+      console.log(`Couldn't create system info file: ${err}`);
+    }
+
+    if (!args.quiet) {
+      console.log(JSON.stringify(info, null, 2));
+    }
+  },
+
+  fetchSystemInfo() {
+    const yaml = setup({}, logger);
+
+    const info = {
+      ReportDate: new Date(),
+      MachineName: os.hostname(),
+      Contrast: {
+        Url: yaml.api.url,
+        Proxy: yaml.api.proxy,
+        Server: {
+          Name: yaml._flat['server.name'],
+        },
+        Agent: {
+          Name: '@contrast/agent',
+          Version: pkg.version,
+        },
+      },
+      Node: {
+        Version: process.version
+      },
+      PM2: isUsingPM2(),
+      OperatingSystem: {
+        Architecture: os.arch(),
+        Name: os.type(),
+        Version: os.release(),
+        KernelVersion: os.version(),
+        CPU: {
+          type: os.cpus()[0].model,
+          count: os.cpus().length,
+        }
+      },
+      Host: {
+        isDocker: isContainer(),
+        Memory: {
+          Total: (os.totalmem() / 1e6).toFixed(0).concat(' MB'),
+          Free: (os.freemem() / 1e6).toFixed(0).concat(' MB'),
+          Used: ((os.totalmem() - os.freemem()) / 1e6).toFixed(0).concat(' MB'),
+        }
+      },
+    };
+
+    return info;
+  }
+};
+module.exports = diagnostics;
+
+// only run if this file is being executed as an entry script
+// istanbul ignore next
+
+if (require.main === module) {
+  const args = diagnostics.parseArgv(process.argv.slice(2));
+
+  if (args.help) {
+    console.log(HELP_MESSAGE);
+  } else {
+    const info = diagnostics.fetchSystemInfo();
+    diagnostics.outputSystemInfo(args, info);
+  }
+}