npm - @contrast/assess - Versions diffs - 1.40.0 → 1.42.0 - Mend

@contrast/assess 1.40.0 → 1.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (167) hide show

package/lib/dataflow/sources/install/express/parsedUrl.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = function init(core) {
@@ -29,10 +28,41 @@ module.exports = function init(core) {
     patcher,
   } = core;
+  function preHook(name, args) {
+    return function(data) {
+      const [req] = args || data.args;
+      const sourceContext = getSourceContext();
+      if (!sourceContext) return;
+      const sourceInfo = {
+        context: 'req._parsedUrl',
+        data: req._parsedUrl,
+        name,
+        sourceContext,
+        stacktraceOpts: {
+          constructorOpt: data.hooked
+        }
+      };
+      sources.handle({
+        ...sourceInfo,
+        inputType: InputType.URI,
+        keys: ['href', 'path', 'pathname'],
+      });
+      sources.handle({
+        ...sourceInfo,
+        inputType: InputType.QUERYSTRING,
+        keys: ['query', 'search'],
+      });
+    };
+  }
   core.assess.dataflow.sources.expressInstrumentation.parsedUrl = {
     install() {
       depHooks.resolve(
-        { name: 'express', version: '>=4.0.0 <5.0.0', file: 'lib/middleware/init.js' },
+        { name: 'express', version: '>=4 <5', file: 'lib/middleware/init.js' },
         /** @param {import('express/lib/middleware/init')} mw */
         (mw) => {
           const name = 'express.middleware.init';
@@ -44,36 +74,10 @@ module.exports = function init(core) {
                 name: 'express.middleware.init.expressInit',
                 patchType,
                 pre(data) {
-                  const { args: [req] } = data;
                   patcher.patch(data.args, '2', {
                     name: 'express.middleware.init.expressInit.next',
                     patchType,
-                    pre(data) {
-                      const sourceContext = getSourceContext(SOURCE);
-                      if (!sourceContext) return;
-                      const sourceInfo = {
-                        context: 'req._parsedUrl',
-                        data: req._parsedUrl,
-                        name,
-                        sourceContext,
-                        stacktraceOpts: {
-                          constructorOpt: data.hooked
-                        }
-                      };
-                      sources.handle({
-                        ...sourceInfo,
-                        inputType: InputType.URI,
-                        keys: ['href', 'path', 'pathname'],
-                      });
-                      sources.handle({
-                        ...sourceInfo,
-                        inputType: InputType.QUERYSTRING,
-                        keys: ['query', 'search'],
-                      });
-                    }
+                    pre: preHook(name, data.args)
                   });
                 }
               });
@@ -81,6 +85,18 @@ module.exports = function init(core) {
           });
         }
       );
+      // Used by Express 5
+      depHooks.resolve(
+        { name: 'router', version: '>=2 <3', file: 'lib/layer.js' },
+        (Layer) => {
+          patcher.patch(Layer.prototype, 'handleRequest', {
+            name: 'Layer.prototype.handleRequest',
+            patchType,
+            pre: preHook('Layer.prototype.handleRequest')
+          });
+        }
+      );
     }
   };

package/lib/dataflow/sources/install/express/parsedUrl.test.js CHANGED Viewed

@@ -5,7 +5,7 @@ const { expect } = require('chai');
 const { initAssessFixture } = require('@contrast/test/fixtures');
 describe('assess dataflow sources express parsedUrl', function () {
-  let core, instrumentation, patcher, simulateRequestScope, middleware, req, res, tracker;
+  let core, instrumentation, patcher, simulateRequestScope, req, res, tracker;
   beforeEach(function () {
     ({ core, simulateRequestScope } = initAssessFixture());
@@ -16,35 +16,81 @@ describe('assess dataflow sources express parsedUrl', function () {
     req = {};
     res = {};
-    middleware = {
-      init() {
-        return function (req, res, next) {
-          req._parsedUrl = {
-            href: '/some/path?asdf=jkl',
-            path: '/some/path?asdf=jkl',
-            pathname: '/some/path',
-            query: 'asdf=jkl',
-            search: '?asdf=jkl;',
+  });
+  describe('express4', function() {
+    let middleware;
+    beforeEach(function() {
+      middleware = {
+        init() {
+          return function (req, res, next) {
+            req._parsedUrl = {
+              href: '/some/path?asdf=jkl',
+              path: '/some/path?asdf=jkl',
+              pathname: '/some/path',
+              query: 'asdf=jkl',
+              search: '?asdf=jkl;',
+            };
+            next();
           };
-          next();
-        };
-      }
-    };
-    core.depHooks
-      .resolve
-      .withArgs({ name: 'express', version: '>=4.0.0 <5.0.0', file: 'lib/middleware/init.js' })
-      .yields(middleware);
+        }
+      };
+      core.depHooks.resolve.withArgs(sinon.match({ name: 'express' })).yields(middleware);
+    });
+    it('hooks init next in order to track req._parsedUrl values', function () {
+      instrumentation.install();
+      expect(patcher.isContrastHooked(middleware.init)).to.be.true;
+      const middlewareFn = middleware.init('text');
+      simulateRequestScope(() => {
+        const cb = sinon.spy(function () {
+          [
+            'href',
+            'path',
+            'pathname',
+            'query',
+            'search',
+          ].forEach((prop) => {
+            const strInfo = tracker.getData(req._parsedUrl[prop]);
+            expect(strInfo).to.be.ok;
+          });
+        });
+        middlewareFn(req, res, cb);
+        expect(cb).to.have.been.called;
+      });
+    });
   });
-  it('hooks init next in order to track req._parsedUrl values', function () {
-    instrumentation.install();
-    expect(patcher.isContrastHooked(middleware.init)).to.be.true;
+  describe('express5', function() {
+    let LayerMock;
+    beforeEach(function() {
+      req = {
+        _parsedUrl: {
+          href: '/some/path?asdf=jkl',
+          path: '/some/path?asdf=jkl',
+          pathname: '/some/path',
+          query: 'asdf=jkl',
+          search: '?asdf=jkl;',
+        }
+      };
-    const middlewareFn = middleware.init('text');
+      LayerMock = sinon.stub();
+      LayerMock.prototype.handleRequest = sinon.stub();
-    simulateRequestScope(() => {
-      const cb = sinon.spy(function () {
+      core.depHooks.resolve.withArgs(sinon.match({ name: 'router' })).yields(LayerMock);
+    });
+    it('hooks handleRequest in order to track req._parsedUrl values', function () {
+      instrumentation.install();
+      simulateRequestScope(() => {
+        LayerMock.prototype.handleRequest(req);
         [
           'href',
           'path',
@@ -56,10 +102,6 @@ describe('assess dataflow sources express parsedUrl', function () {
           expect(strInfo).to.be.ok;
         });
       });
-      middlewareFn(req, res, cb);
-      expect(cb).to.have.been.called;
     });
   });
 });

package/lib/dataflow/sources/install/fastify/fastify.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = function (core) {
@@ -32,7 +31,7 @@ module.exports = function (core) {
   const source = sources.fastifyInstrumentation.fastify = {
     install() {
-      depHooks.resolve({ name: 'fastify', version: '>=3.2.0' }, (fastify) => patcher.patch(fastify, {
+      depHooks.resolve({ name: 'fastify', version: '>=3.2.0 <5' }, (fastify) => patcher.patch(fastify, {
         name: 'fastify.constructor',
         patchType,
         post({ result: server, funcKey }) {
@@ -42,7 +41,7 @@ module.exports = function (core) {
               : typeof request.body == 'object'
                 ? InputType.PARAMETER_VALUE
                 : InputType.BODY;
-            const sourceContext = getSourceContext(SOURCE);
+            const sourceContext = getSourceContext();
             if (!sourceContext) return;

package/lib/dataflow/sources/install/fastify/fastify.test.js CHANGED Viewed

@@ -26,12 +26,9 @@ describe('assess dataflow sources fastify', function () {
       addHook: sinon.stub().yields(reqMock, replyMock, doneMock),
     };
     fastifyServerMock = () => serverMock;
-    core.depHooks
-      .resolve
-      .withArgs({ name: 'fastify', version: '>=3.2.0' })
-      .callsFake((desc, cb) => {
-        fastifyServerMock = cb(fastifyServerMock);
-      });
+    core.depHooks.resolve.callsFake((desc, cb) => {
+      fastifyServerMock = cb(fastifyServerMock);
+    });
     fastifyInstr(core).install();
     core.logger.trace.resetHistory();

package/lib/dataflow/sources/install/formidable1.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../constants');
 const { patchType } = require('../common');
 const inputType = InputType.MULTIPART_VALUE;
@@ -36,13 +35,13 @@ module.exports = (core) => {
   // Patch `formidable`
   function install() {
-    depHooks.resolve({ name: 'formidable' }, (formidable) => {
+    depHooks.resolve({ name: 'formidable', version: '<4' }, (formidable) => {
       formidable.IncomingForm.prototype.parse = patcher.patch(formidable.IncomingForm.prototype.parse, {
         name,
         patchType,
         pre(data) {
           const { funcKey } = data;
-          const sourceContext = getSourceContext(SOURCE);
+          const sourceContext = getSourceContext();
           if (!sourceContext) return;

package/lib/dataflow/sources/install/hapi/hapi.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = function (core) {
@@ -40,7 +39,7 @@ module.exports = function (core) {
             post({ result: server, funcKey, hooked, orig }) {
               server.ext('onRequest', (req, h) => {
-                const sourceContext = getSourceContext(SOURCE);
+                const sourceContext = getSourceContext();
                 if (!sourceContext) return;
                 [

package/lib/dataflow/sources/install/http.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { primordials: { StringPrototypeToLowerCase }, InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../constants');
 const { patchType } = require('../common');
 /**
@@ -47,7 +46,7 @@ module.exports = function (core) {
     try {
       const [, req, res] = data.args;
-      const sourceContext = getSourceContext(SOURCE);
+      const sourceContext = getSourceContext();
       if (!sourceContext?.policy) {
         return next();
@@ -88,7 +87,7 @@ module.exports = function (core) {
             if (
               value &&
               StringPrototypeToLowerCase.call(name) === 'content-type' &&
-              getSourceContext(SOURCE)
+              getSourceContext()
             ) {
               sourceContext.responseData.contentType = value;
             }

package/lib/dataflow/sources/install/http.test.js CHANGED Viewed

@@ -16,7 +16,7 @@ describe('assess dataflow sources http', function () {
     response = mocks.serverResponse();
     class Server extends EventEmitter { }
-    core.depHooks.resolve.withArgs({ name: 'http' }).yields({ Server });
+    core.depHooks.resolve.withArgs(sinon.match({ name: 'http' })).yields({ Server });
     core.logger.child = () => core.logger;
     require('./http')(core).install();
@@ -25,7 +25,7 @@ describe('assess dataflow sources http', function () {
   it('instantiates assess store with appropriate metadata and handles base sources', function (next) {
     simulateRequestScope(() => {
-      core.scopes.sources.getStore().assess.req
+      core.scopes.sources.getStore().assess.req;
       server.on('request', test);
       server.emit('request', request, response);
     });

package/lib/dataflow/sources/install/koa/koa-bodyparsers.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = (core) => {
@@ -30,10 +29,9 @@ module.exports = (core) => {
     },
   } = core;
-  // Patch `koa-body` v4.x.x and `koa-bodyparser` v5.x.x packages
   function install() {
-    ['koa-body', 'koa-bodyparser'].forEach((name) => {
-      depHooks.resolve({ name }, (koaBody) => patcher.patch(koaBody, {
+    [['koa-body', '<7'], ['koa-bodyparser', '<5']].forEach(([name, version]) => {
+      depHooks.resolve({ name, version }, (koaBody) => patcher.patch(koaBody, {
         name,
         patchType,
         post(data) {
@@ -43,7 +41,7 @@ module.exports = (core) => {
             pre(data) {
               const { funcKey } = data;
               const [ctx, origNext] = data.args;
-              const sourceContext = getSourceContext(SOURCE);
+              const sourceContext = getSourceContext();
               if (!sourceContext) return;

package/lib/dataflow/sources/install/koa/koa-multer.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = (core) => {
@@ -31,7 +30,7 @@ module.exports = (core) => {
   } = core;
   function handler(req, constructorOpt) {
-    const sourceContext = getSourceContext(SOURCE);
+    const sourceContext = getSourceContext();
     if (!sourceContext) return;
     function handle(context, data, key) {
@@ -68,9 +67,9 @@ module.exports = (core) => {
   }
   function install() {
-    ['koa-multer', '@koa/multer'].forEach((name) => {
+    [['koa-multer', '<2'], ['@koa/multer', '<4']].forEach(([name, version]) => {
       depHooks.resolve(
-        { name }, (_export) => {
+        { name, version }, (_export) => {
           const origMulter = _export;
           return patcher.patch(_export, {
             name,

package/lib/dataflow/sources/install/koa/koa-multer.test.js CHANGED Viewed

@@ -47,7 +47,7 @@ describe('assess dataflow sources Koa multer', function () {
         koaMulter(core).install();
         [patchedKoaMulter] = core.depHooks.resolve
-          .withArgs({ name })
+          .withArgs(sinon.match({ name }))
           .yield(koaMulterMock);
       });

package/lib/dataflow/sources/install/koa/koa-routers.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = (core) => {
@@ -32,15 +31,15 @@ module.exports = (core) => {
   // Patch `koa-router` and `@koa/router` to handle parsed params
   function install() {
-    ['koa-router', '@koa/router'].forEach(router => {
+    [['koa-router', '<14'], ['@koa/router', '<14']].forEach(([router, version]) => {
       depHooks.resolve(
-        { name: router, file: 'lib/layer.js' },
+        { name: router, version, file: 'lib/layer.js' },
         (layer) => {
           layer.prototype = patcher.patch(layer.prototype, 'params', {
             name: `[${router}].layer.prototype`,
             patchType,
             post({ orig, hooked, result, name, funcKey }) {
-              const sourceContext = getSourceContext(SOURCE);
+              const sourceContext = getSourceContext();
               const inputType = InputType.URL_PARAMETER;
               if (!sourceContext) return;

package/lib/dataflow/sources/install/koa/koa2.js CHANGED Viewed

@@ -16,8 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 const inputType = InputType.QUERYSTRING;
@@ -42,10 +40,10 @@ module.exports = (core) => {
    * registers a depHook for koa module instrumentation
    */
   function install() {
-    depHooks.resolve({ name: 'koa', version: '>=2.3.0' }, (Koa) => {
+    depHooks.resolve({ name: 'koa', version: '>=2.3.0 <3' }, (Koa) => {
       const createMiddleware = ({ name, funcKey }) => {
         const contrastStartMiddleware = function contrastStartMiddleware(ctx, next) {
-          const sourceContext = getSourceContext(SOURCE);
+          const sourceContext = getSourceContext();
           if (!sourceContext) {
             return next();

package/lib/dataflow/sources/install/multer1.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../constants');
 const { patchType } = require('../common');
 module.exports = (core) => {
@@ -32,7 +31,7 @@ module.exports = (core) => {
   } = core;
   function handler(req, constructorOpt) {
-    const sourceContext = getSourceContext(SOURCE);
+    const sourceContext = getSourceContext();
     if (!sourceContext) return;
     function handle(context, data, key) {
@@ -71,7 +70,7 @@ module.exports = (core) => {
   const multer1Instrumentation = (core.assess.dataflow.sources.multer1Instrumentation = {
     install() {
       depHooks.resolve(
-        { name: 'multer', file: 'lib/make-middleware.js' },
+        { name: 'multer', version: '<2', file: 'lib/make-middleware.js' },
         (_export) => patcher.patch(_export, {
           name: 'multer._makeMiddleware',
           patchType,

package/lib/dataflow/sources/install/multer1.test.js CHANGED Viewed

@@ -29,9 +29,7 @@ describe('assess dataflow sources multer', function () {
     multer(core).install();
-    const [patchedFunction] = core.depHooks.resolve
-      .withArgs({ name: 'multer', file: 'lib/make-middleware.js' })
-      .yield(multerMakeMiddlewareMock);
+    const [patchedFunction] = core.depHooks.resolve.yield(multerMakeMiddlewareMock);
     multerMakeMiddlewareMock = patchedFunction;
   });

package/lib/dataflow/sources/install/qs6.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType: { QUERYSTRING: inputType } } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../constants');
 const { patchType } = require('../common');
 module.exports = (core) => {
@@ -33,15 +32,14 @@ module.exports = (core) => {
   // Patch `qs`
   function install() {
     const name = 'qs.parse';
-    depHooks.resolve({ name: 'qs' },
+    depHooks.resolve({ name: 'qs', version: '<7' },
       (qs) => patcher.patch(qs, 'parse', {
         name,
         patchType,
         post({ args, hooked, orig, result, funcKey }) {
-          const sourceContext = getSourceContext(SOURCE);
+          const sourceContext = getSourceContext();
           if (!sourceContext) {
-            logger.error({ inputType, funcKey }, 'unable to handle source. Missing `sourceContext`');
             return;
           }

package/lib/dataflow/sources/install/querystring.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../constants');
 const { patchType } = require('../common');
 module.exports = (core) => {
@@ -30,12 +29,12 @@ module.exports = (core) => {
   core.assess.dataflow.sources.querystringInstrumentation = {
     install() {
       const name = 'querystring.parse';
-      depHooks.resolve({ name: 'querystring' },
+      depHooks.resolve({ name: 'querystring', version: '*' },
         (querystring) => patcher.patch(querystring, 'parse', {
           name,
           patchType,
           post({ args, hooked, orig, result, funcKey }) {
-            const sourceContext = getSourceContext(SOURCE);
+            const sourceContext = getSourceContext();
             const inputType = InputType.QUERYSTRING;
             if (!sourceContext) return;

package/lib/dataflow/sources/install/restify/fieldedTextBodyParser.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType: { BODY } } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = function init(core) {
@@ -33,7 +32,7 @@ module.exports = function init(core) {
   return core.assess.dataflow.sources.restifyInstrumentation.fieldedTextBodyParser = {
     install() {
       depHooks.resolve(
-        { name: 'restify', file: 'lib/plugins/fieldedTextBodyParser.js', version: '>=8' },
+        { name: 'restify', file: 'lib/plugins/fieldedTextBodyParser.js', version: '>=8 <12' },
         (fieldedTextBodyParser) => patcher.patch(fieldedTextBodyParser, {
           name: 'restify.plugins.fieldedTextBodyParser',
           patchType,
@@ -44,7 +43,7 @@ module.exports = function init(core) {
               pre(data) {
                 const { args: [req, , next], name, funcKey } = data;
                 data.args[2] = function contrastNext(...args) {
-                  const sourceContext = getSourceContext(SOURCE);
+                  const sourceContext = getSourceContext();
                   if (!sourceContext) return next(...args);

package/lib/dataflow/sources/install/restify/fieldedTextBodyParser.test.js CHANGED Viewed

@@ -20,7 +20,7 @@ describe('assess dataflow sources restify fieldedTextBodyParser', function () {
     next = sinon.stub();
     core.depHooks.resolve
-      .withArgs({ name: 'restify', file: 'lib/plugins/fieldedTextBodyParser.js', version: '>=8' })
+      .withArgs({ name: 'restify', file: 'lib/plugins/fieldedTextBodyParser.js', version: '>=8 <12' })
       .callsFake((_, cb) => {
         fieldedTextBodyParserStub = cb(fieldedTextBodyParserStub);
       });

package/lib/dataflow/sources/install/restify/jsonBodyParser.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { InputType: { JSON_VALUE } } = require('@contrast/common');
-const { InstrumentationType: { SOURCE } } = require('../../../../constants');
 const { patchType } = require('../../common');
 module.exports = function init(core) {
@@ -33,7 +32,7 @@ module.exports = function init(core) {
   return core.assess.dataflow.sources.restifyInstrumentation.jsonBodyParser = {
     install() {
       depHooks.resolve(
-        { name: 'restify', file: 'lib/plugins/jsonBodyParser.js', version: '>=8' },
+        { name: 'restify', file: 'lib/plugins/jsonBodyParser.js', version: '>=8 <12' },
         (jsonBodyParser) => patcher.patch(jsonBodyParser, {
           name: 'restify.plugins.jsonBodyParser',
           patchType,
@@ -48,7 +47,7 @@ module.exports = function init(core) {
                 const { args: [req, , next], name, funcKey } = data;
                 data.args[2] = function contrastNext(...args) {
-                  const sourceContext = getSourceContext(SOURCE);
+                  const sourceContext = getSourceContext();
                   if (!sourceContext) {
                     return next(...args);

package/lib/dataflow/sources/install/restify/jsonBodyParser.test.js CHANGED Viewed

@@ -23,7 +23,7 @@ describe('assess dataflow sources restify jsonBodyParser', function () {
     next = sinon.stub();
     core.depHooks.resolve
-      .withArgs({ name: 'restify', file: 'lib/plugins/jsonBodyParser.js', version: '>=8' })
+      .withArgs({ name: 'restify', file: 'lib/plugins/jsonBodyParser.js', version: '>=8 <12' })
       .callsFake((_, cb) => {
         jsonBodyParserStub = cb(jsonBodyParserStub);
       });