npm - @contrast/route-coverage - Versions diffs - 1.18.1 → 1.20.0 - Mend

@contrast/route-coverage 1.18.1 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/lib/index.js CHANGED Viewed

@@ -85,6 +85,7 @@ module.exports = function init(core) {
   require('./install/fastify')(core);
   require('./install/hapi')(core);
   require('./install/koa')(core);
+  require('./install/restify')(core);
   return routeCoverage;
 };

package/lib/install/express.js CHANGED Viewed

@@ -25,125 +25,90 @@ const METHODS = [
   'options',
   'head',
 ];
-// eslint-disable-next-line node/no-extraneous-require
 const fnInspect = require('@contrast/fn-inspect');
 const { createSignature, patchType } = require('../utils/route-info');
-const { join, replace, toLowerCase } = require('@contrast/common');
+const { join, toLowerCase, isString } = require('@contrast/common');
-/**
- * @param {import('..').Core & {
- *  routeCoverage: import('..').RouteCoverage & {
- *    express?: import('@contrast/common').Installable
- *  }
- * }} core
- */
 module.exports = function init(core) {
-  const routers = new Map();
-  const signatureMap = new Map();
   const { patcher, depHooks, routeCoverage } = core;
-  function formatUrl(url) {
-    if (Array.isArray(url)) {
-      return `/[${join(url, ', ')}]`;
-    } else if (url instanceof RegExp) {
-      return `/{${replace(url.toString(), /(^\/?)|(\/?$)/g, '')}}`;
-    } else {
-      return url;
-    }
+  const discover = (route) => routeCoverage.discover(route);
+  const observe = (route) => routeCoverage.observe(route);
+  const isRoute = (layer) => !!layer.route;
+  const isRouter = (layer) => layer.name && toLowerCase(layer.name) === 'router';
+  const isValidPath = (path) => isString(path) || Array.isArray(path) || path instanceof RegExp;
+  const regExpToPath = (regex) => regex?.source?.split('/?')[0].replace(/\\/g, '').replace('^', ''); //TODO: replaceAll when v14 deprecated
+  const format = (url) => Array.isArray(url) ? `/[${join(url)}]` : url instanceof RegExp ? `/{${url.toString().slice(1, -1)}}` : url;
+  const getHandleMethod = (layer) => fnInspect.funcInfo(layer.__handle)?.file.includes('express-async-errors') ? '__handle' : 'handle';
+  function parseRoute(route) {
+    const { path } = route;
+    const method = route.methods._all ? 'all' : route.stack[0].method;
+    return { url: format(path), method };
   }
-  function getLastLayer(router) {
-    if (router.stack) {
-      const len = router.stack.length;
-      return router.stack[len - 1];
-    }
-  }
-  function getLayerHandleMethod(layer) {
-    let methodName = 'handle';
-    const __handleData = fnInspect.funcInfo(layer.__handle);
-    if (__handleData && __handleData.file.includes('express-async-errors')) {
-      methodName = '__handle';
-    }
-    return methodName;
+  function createRouteInfo(url, method, obj) {
+    return {
+      signature: createSignature(url, method, obj),
+      url,
+      normalizedUrl: url,
+      method
+    };
   }
-  function patchHandler(layer, route) {
-    if (!layer) return;
-    const handle = getLayerHandleMethod(layer);
+  function patchHandle(layer, routeInfo) {
+    const handle = getHandleMethod(layer);
     patcher.patch(layer, handle, {
-      name: 'express.Router.handle',
+      name: 'express.Route.handle',
       patchType,
-      post(data) {
-        const [req] = data.args;
-        const method = req?.method && toLowerCase(req.method);
-        const url = `${req.baseUrl}${req._parsedUrl.pathname}`;
-        const { path } = req.route;
-        const normalizedUrl = formatUrl(path);
-        const { signature } = signatureMap.get(route.signature);
-        if (method) routeCoverage.observe({ signature, url, method, normalizedUrl });
+      post({ args }) {
+        const [req] = args;
+        const [url] = req.originalUrl.split('?');
+        const { method } = req;
+        if (url && method) {
+          observe({ ...routeInfo, url, method: toLowerCase(method) });
+        }
       }
     });
   }
-  function createRoute(url, method, id) {
-    const signature = createSignature(url, method);
-    const route = { signature, url, method, id: id || signature };
-    signatureMap.set(signature, route);
-    return route;
-  }
-  function discoverRoute({ signature, url, method }) {
-    routeCoverage.discover({ signature, url, method, normalizedUrl: url });
-  }
-  function instrumentRoute(router, route) {
-    if (!router) return;
-    const layer = getLastLayer(router);
-    patchHandler(layer, route);
-  }
-  function updateRoutes(prefix, router, updatedRouter) {
-    const routes = routers.get(router);
-    const updatedLayers = router === updatedRouter
-      ? [] : (routers.get(updatedRouter) || []);
-    if (routes) {
-      routes.forEach((route) => {
-        const { url, method, id } = route;
-        const newRoute = createRoute(`${prefix}${url}`, method, id);
-        updatedLayers.push(newRoute);
-        signatureMap.set(id, newRoute);
-      });
-      routers.set(router, updatedLayers);
-      routers.set(updatedRouter, updatedLayers);
-    }
+  function traverse(path, stack, depth = 0) {
+    path = format(path);
+    stack.forEach((layer) => {
+      if (isRoute(layer)) {
+        const { url, method } = parseRoute(layer.route);
+        const routeInfo = createRouteInfo(path + url, method);
+        discover(routeInfo);
+        patchHandle(layer, routeInfo);
+      } else if (isRouter(layer)) {
+        const regexPath = regExpToPath(layer.regexp);
+        if (depth < 3) traverse(path + regexPath, layer.handle.stack, depth += 1);
+      } else {
+        const regexPath = regExpToPath(layer.regexp);
+        const routeInfo = createRouteInfo(path + regexPath, 'use');
+        discover(routeInfo);
+        patchHandle(layer, routeInfo);
+      }
+    });
   }
   return core.routeCoverage.express = {
     install() {
       depHooks.resolve({ name: 'express' }, (express) => {
-        patcher.patch(express.Router, 'use', {
-          name: 'express.Router.use',
-          patchType,
-          post({ args, result }) {
-            const [prefix, router] = args;
-            if (typeof prefix === 'string' && prefix !== '/') {
-              updateRoutes(prefix, router, result);
-            }
-          }
-        });
         patcher.patch(express.application, 'use', {
           name: 'express.application.use',
           patchType,
-          post({ args }) {
-            const idx = args.length;
-            const router = args[idx - 1];
-            const routes = routers.get(router);
-            if (routes) {
-              routes.forEach((route) => {
-                discoverRoute(route);
-              });
+          post({ args, result }) {
+            const len = args.length;
+            const fn = args[len - 1];
+            const path = len > 1 ? args[0] : '';
+            if (!isValidPath(path)) return;
+            if (isRouter(fn)) {
+              traverse(path, fn.stack);
+            } else {
+              const routeInfo = createRouteInfo(path, 'use', 'App');
+              discover(routeInfo);
+              patchHandle(result._router, routeInfo);
             }
           }
         });
@@ -154,25 +119,10 @@ module.exports = function init(core) {
             patchType,
             post({ args, result }) {
               const [url, fn] = args;
-              if (!url || !fn) return;
-              const route = createRoute(formatUrl(url), method);
-              instrumentRoute(result?._router, route);
-              discoverRoute(route);
-            }
-          });
-          patcher.patch(express.Router, method, {
-            name: `express.Router.${method}`,
-            patchType,
-            post({ args, obj: router }) {
-              const [url, fn] = args;
-              if (!url || !fn) return;
-              const route = createRoute(formatUrl(url), method);
-              const routes = routers.get(router) || [];
-              instrumentRoute(router, route);
-              routes.push(route);
-              routers.set(router, routes);
+              if (!url || !fn || !isValidPath(url)) return;
+              const routeInfo = createRouteInfo(format(url), method, 'App');
+              discover(routeInfo);
+              patchHandle(result._router, routeInfo);
             }
           });
         });

package/lib/install/fastify.js CHANGED Viewed

@@ -34,13 +34,13 @@ module.exports = function init(core) {
   function registerRouteHandler(routeOptions) {
     if (!routeOptions || !routeOptions.method || !routeOptions.url) return;
-    const url = `${routeOptions.prefix || ''}${routeOptions.url}`;
-    if (Array.isArray(routeOptions.method)) {
-      routeOptions.method.forEach((method) => {
+    const { url, method } = routeOptions;
+    if (Array.isArray(method)) {
+      method.forEach((method) => {
         emitRouteCoverage(url, method);
       });
     } else {
-      emitRouteCoverage(url, routeOptions.method);
+      emitRouteCoverage(url, method);
     }
     // TODO

package/lib/install/restify.js ADDED Viewed

@@ -0,0 +1,69 @@
+/*
+ * Copyright: 2024 Contrast Security, Inc
+ * Contact: support@contrastsecurity.com
+ * License: Commercial
+ * NOTICE: This Software and the patented inventions embodied within may only be
+ * used as part of Contrast Security’s commercial offerings. Even though it is
+ * made available through public repositories, use of this Software is subject to
+ * the applicable End User Licensing Agreement found at
+ * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+ * between Contrast Security and the End User. The Software may not be reverse
+ * engineered, modified, repackaged, sold, redistributed or otherwise used in a
+ * way not consistent with the End User License Agreement.
+ */
+'use strict';
+const { toLowerCase, isString } = require('@contrast/common');
+const { createSignature, patchType } = require('../utils/route-info');
+module.exports = function init(core) {
+  const { patcher, depHooks, routeCoverage } = core;
+  const discover = (route) => routeCoverage.discover(route);
+  const observe = (route) => routeCoverage.observe(route);
+  function createRoute(url, method) {
+    method = toLowerCase(method);
+    return {
+      signature: createSignature(url, method, 'Server'),
+      method,
+      url,
+      normalizedUrl: url
+    };
+  }
+  return core.routeCoverage.restify = {
+    install() {
+      depHooks.resolve({ name: 'restify', version: '>= 8.0.0' }, (restify) => {
+        patcher.patch(restify, 'createServer', {
+          name: 'restify.createServer',
+          patchType,
+          post({ result: server }) {
+            patcher.patch(server.router, 'mount', {
+              name: 'restify.router.mount',
+              patchType,
+              post({ result: route }) {
+                const { path, method } = route;
+                if (!path || !method || !isString(path)) return;
+                const routeInfo = createRoute(path, method);
+                discover(routeInfo);
+                const [handler] = route.chain._stack;
+                route.chain._stack[0] = patcher.patch(handler, {
+                  name: 'route.chain._stack[0].handler',
+                  patchType,
+                  post({ args }) {
+                    const [req] = args;
+                    const { url: reqUrl, method } = req;
+                    const [url] = reqUrl.split('?');
+                    observe({ ...routeInfo, method: toLowerCase(method), url });
+                  }
+                });
+              }
+            });
+          }
+        });
+      });
+    }
+  };
+};

package/lib/utils/route-info.js CHANGED Viewed

@@ -22,8 +22,8 @@ const patchType = 'route-coverage';
  * @param {string} method
  * @return {string} formatted signature
  */
-function createSignature(path, method = '') {
-  return `Router.${method}('${path}', [Function])`;
+function createSignature(path, method = '', obj = 'Router') {
+  return `${obj}.${method}('${path}', [Function])`;
 }
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/route-coverage",
-  "version": "1.18.1",
+  "version": "1.20.0",
   "description": "Handles route discovery and observation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -17,7 +17,7 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.20.1",
+    "@contrast/common": "1.21.0",
     "@contrast/fn-inspect": "^4.0.0"
   }
 }