@contrast/agentify 1.17.0 → 1.18.0

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright: 2023 Contrast Security, Inc
+Copyright: 2024 Contrast Security, Inc
 Contact: support@contrastsecurity.com
 License: Commercial
 

package/lib/function-hooks.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/heap-snapshots.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/index.d.ts

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -42,6 +42,7 @@ export interface Core {
   readonly depHooks: RequireHook;
   readonly logger: Logger;
   readonly rewriter: Rewriter;
+  readonly threadInfo: any;
 }
 
 export interface AgentifyOptions {

package/lib/index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -52,13 +52,13 @@ module.exports = function init(core = {}) {
     require('@contrast/core/lib/app-info')(core);
     require('@contrast/core/lib/sensitive-data-masking')(core);
     require('@contrast/core/lib/is-agent-path')(core);
+    require('@contrast/dep-hooks')(core);
+    require('@contrast/patcher')(core);
     require('@contrast/core/lib/capture-stacktrace')(core);
 
-    require('@contrast/patcher')(core);
     require('@contrast/rewriter')(core); // merge contrast-methods?
     require('@contrast/core/lib/contrast-methods')(core); // can we remove dependency on patcher?
 
-    require('@contrast/dep-hooks')(core);
     require('@contrast/scopes')(core);
     require('@contrast/deadzones')(core);
     require('@contrast/reporter').default(core);

package/lib/initialize.mjs

@@ -0,0 +1,136 @@
+/*
+ * Copyright: 2024 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+
+import Module from 'node:module';
+// want to only initialize some of the agent if main thread. not sure that's really
+// possible. based on logging, it looks like all of the low-level hooks (rewrite-injection,
+// assess-dataflow-propagators, assess-dataflow-sink ContrastMethods, and function-hooks)
+// are added in both the main thread and the loader thread. But all other modules are loaded
+// in the main thread. presumably, this is because the assess module was loaded in both
+// threads, registered the appropriate patchers in each, so both convert 'import' (statement
+// or function) to 'require'.
+//
+import { isMainThread, threadId } from 'node:worker_threads';
+
+const ERROR_MESSAGE = 'A fatal agent installation error has occurred. The application will be run without instrumentation.';
+const DEFAULT_INSTALL_ORDER = [
+  'reporter',
+  'contrastMethods',
+  'deadzones',
+  'scopes',
+  'sources',
+  'architectureComponents',
+  'assess',
+  'protect',
+  'depHooks',
+  'esmHooks',
+  'routeCoverage',
+  'libraryAnalysis',
+  'heapSnapshots',
+  'rewriteHooks',
+  'functionHooks',
+  'metrics',
+];
+
+const require = Module.createRequire(import.meta.url);
+
+/**
+ * @param {object} { core = {}, options = {} }
+ */
+async function loadModules({ core = {}, options = {} }) {
+  try {
+    require('@contrast/core/lib/messages')(core);
+    require('@contrast/config')(core);
+    require('@contrast/logger').default(core);
+    const thread = isMainThread ? 'main' : 'loader';
+    core.logger.trace({ tid: threadId }, 'initializing core modules in %s thread', thread);
+
+    // @contrast/info ?
+    require('@contrast/core/lib/agent-info')(core);
+    require('@contrast/core/lib/system-info')(core);
+    require('@contrast/core/lib/app-info')(core);
+    require('@contrast/core/lib/sensitive-data-masking')(core);
+    require('@contrast/core/lib/is-agent-path')(core);
+    require('@contrast/dep-hooks')(core);
+    const { default: install } = await import('@contrast/esm-hooks');
+    const esmHooks = await install(core);
+    core.esmHooks = esmHooks;
+    require('@contrast/patcher')(core);
+    require('@contrast/core/lib/capture-stacktrace')(core);
+
+    require('@contrast/rewriter')(core); // merge contrast-methods?
+    require('@contrast/core/lib/contrast-methods')(core); // can we remove dependency on patcher?
+
+    require('@contrast/scopes')(core);
+    require('@contrast/deadzones')(core);
+    require('@contrast/reporter').default(core);
+    require('@contrast/instrumentation')(core);
+    require('@contrast/metrics')(core);
+
+    require('./heap-snapshots')(core);
+    require('./sources')(core);
+    require('./function-hooks')(core);
+    require('./log-diagnostic-files')(core); // this doesn't really belong in agentify
+    require('./rewrite-hooks')(core);
+
+  } catch (err) {
+    // TODO: Consider proper UNINSTALLATION and normal startup w/o agent
+    if (core.logger) {
+      core.logger.error({ err, threadId }, ERROR_MESSAGE);
+    } else {
+      console.error(new Error(ERROR_MESSAGE, { cause: err }));
+    }
+
+  }
+
+  return core;
+}
+
+async function startAgent({ core, options = {} }) {
+  const { executor, installOrder = DEFAULT_INSTALL_ORDER } = options;
+  const { config, logger } = core;
+
+  // this should be moved into config because errors are handled here now.
+  for (const error of config._errors) {
+    throw error;
+  }
+
+  logger.info({ tid: threadId }, 'Starting %s v%s', core.agentName, core.agentVersion);
+  logger.info({ config }, 'Agent configuration');
+
+  let plugin;
+  if (typeof executor === 'function') {
+    plugin = await executor(core);
+  }
+
+  for (const svcName of installOrder ?? []) {
+    const svc = core[svcName];
+    if (svc?.install) {
+      logger.trace({ tid: threadId }, 'installing service: %s', svcName);
+      await svc.install();
+    }
+  }
+
+  if (plugin?.install) {
+    await plugin.install();
+  }
+
+  // should this be moved into a separate install side-effect?
+  core.logDiagnosticFiles();
+
+  return core;
+}
+
+export { loadModules, startAgent };

package/lib/log-diagnostic-files.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/rewrite-hooks.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -38,12 +38,16 @@ module.exports = function init(core) {
        */
       Module.prototype._compile = function (content, filename) {
         let result;
-        const { code } = core.rewriter.rewrite(content, {
+        const options = {
           filename,
           isModule: false,
           inject: true,
           wrap: true,
-        });
+        };
+        // if threadInfo is present, this is running with --loader or --import
+        core.threadInfo?.post('rewrite', options);
+
+        const { code } = core.rewriter.rewrite(content, options);
 
         try {
           result = _compile.call(this, code, filename);

package/lib/sources.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2023 Contrast Security, Inc
+ * Copyright: 2024 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agentify",
-  "version": "1.17.0",
+  "version": "1.18.0",
   "description": "Configures Contrast agent services and instrumentation within an application",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -18,11 +18,12 @@
   },
   "dependencies": {
     "@contrast/common": "1.16.0",
-    "@contrast/config": "1.22.0",
-    "@contrast/core": "1.27.0",
+    "@contrast/config": "1.23.0",
+    "@contrast/core": "1.27.1",
     "@contrast/deadzones": "1.1.1",
-    "@contrast/dep-hooks": "1.3.0",
-    "@contrast/instrumentation": "1.3.0",
+    "@contrast/dep-hooks": "^1.3.0",
+    "@contrast/esm-hooks": "2.0.1",
+    "@contrast/instrumentation": "^1.3.0",
     "@contrast/logger": "1.7.0",
     "@contrast/metrics": "1.2.0",
     "@contrast/patcher": "1.7.1",