@contrast/core 1.32.3 → 1.33.0

package/lib/agent-info.js

@@ -15,10 +15,11 @@
 
 'use strict';
 
+const { randomUUID } = require('crypto');
 const { name: agentName, version: agentVersion } = require('../package.json');
 
 module.exports = function init(core) {
-  // default to version of core
+  // default to name and version of core
   if (!core.agentName) {
     core.agentName = agentName;
   }
@@ -26,5 +27,10 @@ module.exports = function init(core) {
     core.agentVersion = agentVersion;
   }
 
+  // default to a new random UUID
+  if (!core.reportingInstance) {
+    core.reportingInstance = randomUUID();
+  }
+
   return core;
 };

package/lib/app-info.js

@@ -167,7 +167,7 @@ module.exports = function (core) {
 
     for (dir of dirs) {
       try {
-        packageFile = findPackageJsonSync({ cwd: dir });
+        packageFile = process.env.npm_package_json ?? findPackageJsonSync({ cwd: dir });
         packageData = require(packageFile);
         break;
       } catch (err) {} // eslint-disable-line no-empty

package/lib/index.d.ts

@@ -13,7 +13,7 @@
  * way not consistent with the End User License Agreement.
  */
 
-import { AppInfo, Messages } from '@contrast/common';
+import { AppInfo, Messages, SystemInfo } from '@contrast/common';
 
 interface Frame {
   eval: string | undefined;
@@ -32,6 +32,7 @@ interface CreateSnapshotOpts {
 export interface Core {
   agentName: string;
   agentVersion: string;
+  reportingInstance: string;
 
   appInfo: AppInfo;
 
@@ -44,5 +45,5 @@ export interface Core {
 
   sensitiveDataMasking: any;
 
-  getSystemInfo(): any;
+  getSystemInfo(): Promise<SystemInfo>;
 }

package/lib/system-info/cloud-resource-identifier.js

@@ -0,0 +1,102 @@
+/*
+ * Copyright: 2024 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+// @ts-check
+'use strict';
+
+const { default: axios } = require('axios');
+const METADATA_ENDPOINT_ADDRESS = 'http://169.254.169.254';
+
+/** @param {number} ms */
+const abort = (ms) => {
+  const abortController = new AbortController();
+  setTimeout(() => abortController.abort(), ms);
+  return abortController.signal;
+};
+
+const FETCHERS = {
+  /**
+   * @see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
+   * @returns {Promise<string | null>}
+   */
+  async AWS() {
+    try {
+      const { data: token } = await axios({
+        method: 'PUT',
+        url: new URL('/latest/api/token', METADATA_ENDPOINT_ADDRESS).href,
+        headers: {
+          'X-aws-ec2-metadata-token-ttl-seconds': '300'
+        },
+        signal: abort(5000),
+      });
+      const { data } = await axios({
+        method: 'GET',
+        url: new URL('/latest/dynamic/instance-identity/document', METADATA_ENDPOINT_ADDRESS).href,
+        headers: {
+          'X-aws-ec2-metadata-token': token
+        },
+        signal: abort(5000),
+      });
+      if (data) {
+        const { region, accountId, instanceId } = data;
+        return `arn:aws:ec2:${region}:${accountId}:instance/${instanceId}`;
+      }
+    } catch {
+      // ignore, return null
+    }
+
+    return null;
+  },
+  /**
+   * @see https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux
+   * @returns {Promise<string | null>}
+   */
+  async Azure() {
+    try {
+      const { data } = await axios({
+        method: 'GET',
+        url: new URL('/metadata/instance/compute/resourceId?api-version=2021-02-01&format=text', METADATA_ENDPOINT_ADDRESS).href,
+        headers: {
+          Metadata: 'true'
+        },
+        proxy: false, // You *must* bypass proxies when querying IMDS
+        signal: abort(5000),
+      });
+      if (data) return data;
+    } catch {
+      // ignore, return null
+    }
+
+    return null;
+  }
+};
+
+module.exports = {
+  /**
+   * @param {import('@contrast/config').Config['inventory']['gather_metadata_via']} provider
+   * @returns {Promise<string | null>}
+   */
+  async getResourceID(provider) {
+    if (provider && FETCHERS[provider]) return FETCHERS[provider]();
+
+    const results = await Promise.allSettled(Object.values(FETCHERS).map(fn => fn()));
+    for (const result of results) {
+      if (result.status === 'fulfilled' && result.value !== null) {
+        return result.value;
+      }
+    }
+
+    return null;
+  }
+};

package/lib/system-info/index.js

@@ -12,52 +12,45 @@
  * engineered, modified, repackaged, sold, redistributed or otherwise used in a
  * way not consistent with the End User License Agreement.
  */
-
+// @ts-check
 'use strict';
 
-const path = require('path');
-const fs = require('fs');
+const fs = require('fs/promises');
 const os = require('os');
+const { getResourceID } = require('./cloud-resource-identifier');
 
-function isUsingPM2() {
-  const used = !!process.env.pmx;
-  let version;
-
-  for (const pathVar of ['npm_package_json', 'PWD']) {
-    const packagePath = process.env[pathVar];
-    if (packagePath) {
-      try {
-        version = require(path.join(packagePath, 'package.json')).dependencies['pm2'];
-      } catch (err) {
-        //
-      }
-    }
-    if (version) break;
+const MOUNTINFO_REGEX = /\/docker\/containers\/(.*?)\//;
+const CGROUP_REGEX = /:\/docker\/([^/]+)$/;
+
+function isUsingPM2(pkg) {
+  const result = { used: !!process.env.pmx, version: null };
+
+  if (pkg?.dependences?.['pm2']) {
+    result.version = pkg.dependencies['pm2'];
   }
 
-  return { used, ...(version && { version }) };
+  return result;
 }
 
-function isDocker() {
-  const MOUNTINFO_REGEX = /\/docker\/containers\/(.*?)\//;
-  const CGROUP_REGEX = /:\/docker\/([^/]+)$/;
-
+async function isDocker() {
   try {
-    const results = fs.readFileSync('/proc/self/mountinfo', 'utf8').match(MOUNTINFO_REGEX);
-    if (results) return { isDocker: true, containerID: results[1] };
+    const result = await fs.readFile('/proc/self/mountinfo', 'utf8');
+    const matches = result.match(MOUNTINFO_REGEX);
+    if (matches) return { isDocker: true, containerID: matches[1] };
   } catch (err) {
     // else check /proc/self/cgroup
   }
 
   try {
-    const results = fs.readFileSync('/proc/self/cgroup', 'utf8').match(CGROUP_REGEX);
-    if (results) return { isDocker: true, containerID: results[1] };
+    const result = await fs.readFile('/proc/self/cgroup', 'utf8');
+    const matches = result.match(CGROUP_REGEX);
+    if (matches) return { isDocker: true, containerID: matches[1] };
   } catch (err) {
     // else check /.dockerenv
   }
 
   try {
-    const result = fs.statSync('/.dockerenv');
+    const result = await fs.stat('/.dockerenv');
     if (result) return { isDocker: true, containerID: null };
   } catch (err) {
     // if there's not such file we can conclude it's not docker env
@@ -70,12 +63,18 @@ module.exports = function(core) {
   const {
     agentName,
     agentVersion,
-    config
+    config,
+    appInfo,
   } = core;
 
   // have values default to null so all required keys get serialized
-  core.getSystemInfo = function() {
-    const appPath = process.cwd();
+  core.getSystemInfo = async function getSystemInfo() {
+    // memoize for subsequent lookups
+    if (core._systemInfo) return core._systemInfo;
+
+    const cpus = os.cpus();
+    const totalmem = os.totalmem();
+    const freemem = os.freemem();
 
     const info = {
       ReportDate: new Date().toISOString(),
@@ -103,22 +102,26 @@ module.exports = function(core) {
         Version: os.release(),
         KernelVersion: os.version(),
         CPU: {
-          Type: os.cpus()[0].model,
-          Count: os.cpus().length,
+          Type: cpus[0].model,
+          Count: cpus.length,
         }
       },
       Host: {
-        Docker: isDocker(),
-        PM2: isUsingPM2(),
+        Docker: await isDocker(),
+        PM2: isUsingPM2(appInfo.pkg),
         Memory: {
-          Total: (os.totalmem() / 1e6).toFixed(0).concat(' MB'),
-          Free: (os.freemem() / 1e6).toFixed(0).concat(' MB'),
-          Used: ((os.totalmem() - os.freemem()) / 1e6).toFixed(0).concat(' MB'),
+          Total: (totalmem / 1e6).toFixed(0).concat(' MB'),
+          Free: (freemem / 1e6).toFixed(0).concat(' MB'),
+          Used: ((totalmem - freemem) / 1e6).toFixed(0).concat(' MB'),
         }
       },
-      Application: appPath ? require(path.join(appPath, 'package.json')) : null,
+      Application: appInfo.pkg,
     };
 
-    return info;
+    if (config.server.discover_cloud_resource) {
+      info.ResourceID = await getResourceID(config.inventory.gather_metadata_via);
+    }
+
+    return core._systemInfo = info;
   };
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/core",
-  "version": "1.32.3",
+  "version": "1.33.0",
   "description": "Preconfigured Contrast agent core services and models",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -16,8 +16,9 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.21.3",
+    "@contrast/common": "1.22.0",
     "@contrast/find-package-json": "^1.0.0",
-    "@contrast/fn-inspect": "^4.0.0"
+    "@contrast/fn-inspect": "^4.0.0",
+    "axios": "^1.6.8"
   }
 }