@contrast/agentify 1.24.1 → 1.25.0

package/lib/index.js

@@ -16,11 +16,12 @@
 'use strict';
 
 const Module = require('module');
-const { IntentionalError } = require('@contrast/common');
 const {
   assertValidOpts,
-  preStartupValidation
+  preStartupValidation,
+  postConfigValidation,
 } = require('./utils');
+const { IntentionalError } = require('@contrast/common');
 
 const ERROR_MESSAGE = 'An error prevented the Contrast agent from installing. The application will be run without instrumentation.';
 /**
@@ -136,16 +137,12 @@ module.exports = function init(core = {}) {
 
     require('@contrast/core/lib/messages')(core);
     require('@contrast/config')(core);
-    if (core.config._errors?.length) {
-      throw core.config._errors[0];
-    }
-    if (!core.config.enable) {
-      const errorMessage = 'Contrast agent disabled by configuration (enable: false)';
-      console.info(errorMessage);
-      throw new IntentionalError(errorMessage);
-    }
 
     require('@contrast/logger').default(core);
+
+    // validate the config now that the logger has been installed
+    postConfigValidation(core);
+
     require('@contrast/core/lib/agent-info')(core);
     require('@contrast/core/lib/system-info')(core);
     require('@contrast/core/lib/app-info')(core);
@@ -177,7 +174,6 @@ module.exports = function init(core = {}) {
       return core;
     };
 
-    // ignore intentional errors
     if (!(err instanceof IntentionalError)) {
       if (core.logger) {
         core.logger.error({ err }, ERROR_MESSAGE);

package/lib/rewrite-is-deadzoned.js

@@ -26,26 +26,38 @@ const DEADZONED_PATHS = [
   'bcrypt',
   'bcrypt-nodejs',
   'bcryptjs', // node_modules/bcryptjs/index.js, node_modules/bcryptjs/dist/bcrypt.js
+  '@babel', // this should handle all namespaced packages
   'babel',
   'babel-cli',
   'babel-core',
+  'babel-traverse',
+  'babel-generator',
+  'babylon',
+  'bn.js',
   'browserify',
+  'bson',
   'bunyan',
-  'coffee-script',
+  '@cyclonedx/cyclonedx-library',
+  'coffeescript',
   'compression',
-  // 'cookie', // todo: verify this doesn't break sources/propagation
-  // 'cookie-signature', // ditto
-  'gzippo',
-  // 'handlebars', // ditto
+  'etag',
+  // 'cookie', // todo: verify this doesn't break sources/propagation (*)
+  // 'cookie-signature', // (*)
+  'gzippo', //  149 weekly downloads
+  // 'handlebars', // (*)
   'handlebars-precompiler',
   // 'hbs', // ditto
   'html-webpack-plugin',
+  'iconv-lite',
   'jquery',
   'jsrsasign',
-  'iconv-lite',
   'less',
-  'logger-console',
+  // 'dustjs-linkedin', // todo
+  'logger-console', // 2 weekly downloads
   'loopback-datasource-juggler',
+  'moment',
+  'moment-timezone',
+  'node-forge',
   'node-webpack',
   'react',
   'react-dom',
@@ -53,11 +65,8 @@ const DEADZONED_PATHS = [
   'requirejs',
   'semver',
   'strong-remoting',
+  'type-is',
   'uglify-js',
-  'bn.js',
-  'node-forge',
-  'moment',
-  'moment-timezone'
 ].map((pkgName) => ['node_modules', pkgName, ''].join(sep));
 
 module.exports = function rewriteIsDeadzoned(filename) {

package/lib/utils.js

@@ -18,6 +18,7 @@
 const path = require('path');
 const process = require('process');
 const semver = require('semver');
+const { IntentionalError } = require('@contrast/common');
 const { findPackageJsonSync } = require('@contrast/find-package-json');
 const {
   engines: {
@@ -128,6 +129,79 @@ function isLoader(arg) {
   return arg == '--import' || arg == '--loader' || arg == '--experimental-loader';
 }
 
+/**
+ * Check that the config contains the minimum required settings. Issue appropriate
+ * error messages.
+ * @throws IntentionalError
+ */
+function postConfigValidation(core) {
+  // find out if any required settings are missing.
+  const missingRequiredSettings = [];
+  // these are only required if the API is enabled. if api.enable is false, it
+  // had to be set by the user because it defaults to true.
+  if (core.config.getEffectiveValue('api.enable')) {
+    for (const setting of ['api.api_key', 'api.service_key', 'api.user_name']) {
+      if (!core.config.getEffectiveValue(setting)) {
+        missingRequiredSettings.push(setting);
+      }
+    }
+  }
+
+  // v4 accepted `-c` or `--configFile` option in argv, but v5 does not. so if
+  // something that looks like a config flag is present on the command line, we
+  // log it. the worst case is that it's a false positive; if that's a problem
+  // we can make it an info level, but the goal here is for the user to see it
+  // without having to contact customer support and rerun their test at a more
+  // verbose log level.
+  const configFlag = getConfigFlag(process.argv);
+  if (configFlag) {
+    const msg = `Command line config flag present: ${configFlag[0]} ${configFlag[1]}`;
+
+    if (core.logger) {
+      core.logger.warn(msg);
+    } else {
+      console.warn(msg);
+    }
+  }
+
+  if (missingRequiredSettings.length) {
+    const reason = `Missing required settings: ${missingRequiredSettings.join(', ')}`;
+    const finalMsg = 'A configuration error prevents the Contrast agent from starting.';
+    if (core.logger) {
+      core.logger.error({ reason }, finalMsg);
+    } else {
+      console.error(reason, finalMsg);
+    }
+    throw new IntentionalError(finalMsg);
+  }
+
+  // now check for serious errors, like file not readable, file format is wrong, etc.
+  // that were captured when building the config.
+  if (core.config._errors?.length) {
+    throw core.config._errors[0];
+  }
+  // finally, was it disabled?
+  if (!core.config.enable) {
+    const errorMessage = 'Contrast agent disabled by configuration (enable: false)';
+    throw new IntentionalError(errorMessage);
+  }
+}
+
+function getConfigFlag(argv) {
+  for (let i = 0; i < argv.length - 1; i++) {
+    if (argv[i] === '-c' || argv[i] === '--configFile') {
+      // should this check to see if the name looks like a contrast config file?
+      // let's not because that seems false-negative prone.
+
+      // if the next arg is another flag, then this isn't a contrast config flag
+      if (!argv[i + 1].startsWith('-') && argv[i + 1].toLowerCase().includes('contrast')) {
+        return argv.slice(i, i + 2);
+      }
+    }
+  }
+  return undefined;
+}
+
 /**
  * Validates custom `installOrder` options. We currently need the reporter component
  * to install first in order to onboard and get effective settings and mode values.
@@ -150,4 +224,6 @@ module.exports = {
   assertSupportedNodeVersion,
   assertSupportedPreloadUsage,
   preStartupValidation,
+  postConfigValidation,
+  getConfigFlag,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agentify",
-  "version": "1.24.1",
+  "version": "1.25.0",
   "description": "Configures Contrast agent services and instrumentation within an application",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,19 +17,19 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.20.1",
-    "@contrast/config": "1.27.1",
-    "@contrast/core": "1.31.1",
-    "@contrast/deadzones": "1.1.3",
+    "@contrast/common": "1.21.0",
+    "@contrast/config": "1.28.0",
+    "@contrast/core": "1.32.0",
+    "@contrast/deadzones": "1.2.0",
     "@contrast/dep-hooks": "1.3.2",
-    "@contrast/esm-hooks": "2.5.1",
+    "@contrast/esm-hooks": "2.6.0",
     "@contrast/find-package-json": "^1.1.0",
-    "@contrast/instrumentation": "1.7.1",
+    "@contrast/instrumentation": "1.8.0",
     "@contrast/logger": "1.8.1",
-    "@contrast/metrics": "1.7.1",
+    "@contrast/metrics": "1.8.0",
     "@contrast/patcher": "1.7.2",
-    "@contrast/reporter": "1.26.1",
-    "@contrast/rewriter": "1.7.1",
+    "@contrast/reporter": "1.27.0",
+    "@contrast/rewriter": "1.8.0",
     "@contrast/scopes": "1.4.1",
     "semver": "^7.6.0"
   }