npm - @contrast/route-coverage - Versions diffs - 1.35.1 → 1.36.0 - Mend

@contrast/route-coverage 1.35.1 → 1.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +11 -8
package/lib/index.test.js +0 -136
package/lib/install/express/express4.test.js +0 -418
package/lib/install/express/express5.test.js +0 -813
package/lib/install/fastify.test.js +0 -218
package/lib/install/graphql.test.js +0 -175
package/lib/install/hapi.test.js +0 -127
package/lib/install/koa.test.js +0 -152
package/lib/install/restify.test.js +0 -92
package/lib/normalized-url-mapper.test.js +0 -50

package/package.json CHANGED Viewed

@@ -1,11 +1,14 @@
 {
   "name": "@contrast/route-coverage",
-  "version": "1.35.1",
+  "version": "1.36.0",
   "description": "Handles route discovery and observation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
   "files": [
-    "lib/"
+    "lib/",
+    "!*.test.*",
+    "!tsconfig.*",
+    "!*.map"
   ],
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
@@ -17,13 +20,13 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.29.1",
-    "@contrast/config": "1.40.1",
-    "@contrast/dep-hooks": "1.14.1",
+    "@contrast/common": "1.30.0",
+    "@contrast/config": "1.41.0",
+    "@contrast/dep-hooks": "1.15.0",
     "@contrast/fn-inspect": "^4.3.0",
-    "@contrast/logger": "1.18.1",
-    "@contrast/patcher": "1.17.1",
-    "@contrast/scopes": "1.15.1",
+    "@contrast/logger": "1.19.0",
+    "@contrast/patcher": "1.18.0",
+    "@contrast/scopes": "1.16.0",
     "semver": "^7.6.0",
     "path-to-regexp": "^8.2.0"
   }

package/lib/index.test.js DELETED Viewed

@@ -1,136 +0,0 @@
-'use strict';
-const { expect } = require('chai');
-const sinon = require('sinon');
-const proxyquire = require('proxyquire');
-const { Event } = require('@contrast/common');
-const mocks = require('@contrast/test/mocks');
-const { initAssessFixture } = require('@contrast/test/fixtures');
-const { installsComponents } = require('@contrast/test/utils');
-const MODULES = ['express', 'fastify', 'hapi', 'koa'];
-describe('route coverage', function () {
-  let core, simulateRequestScope, routeCoverage, clock;
-  beforeEach(function () {
-    ({ core, simulateRequestScope } = initAssessFixture());
-    clock = sinon.useFakeTimers();
-    sinon.spy(core.messages, 'emit');
-    const moduleMock = (moduleName) => (deps) => {
-      deps.routeCoverage[moduleName] = mocks.installable();
-    };
-    routeCoverage = proxyquire('.', {
-      './install/express': moduleMock('express'),
-      './install/fastify': moduleMock('fastify'),
-      './install/hapi': moduleMock('hapi'),
-      './install/koa': moduleMock('koa'),
-    });
-  });
-  it('installs its components', function () {
-    routeCoverage(core).install();
-    installsComponents(core.routeCoverage, MODULES);
-  });
-  it('does not install when not enabled', function () {
-    core.config.agent.route_coverage.enable = false;
-    routeCoverage(core);
-    expect(core).not.to.have.property('routeCoverage');
-  });
-  describe('.discoveryFinished()', function () {
-    beforeEach(function () {
-      routeCoverage(core).install();
-    });
-    it('emits an event when discovery is finished', function () {
-      const eventA = { signature: 'url.get', url: 'url', method: 'get' };
-      const eventB = { signature: 'url.post', url: 'url', method: 'post' };
-      core.routeCoverage.discover(eventA);
-      core.routeCoverage.discover(eventA); // check that we dedupe discovery.
-      core.routeCoverage.discover(eventB);
-      core.routeCoverage.discoveryFinished();
-      expect(core.messages.emit).to.have.been.calledWith(
-        Event.ROUTE_COVERAGE_DISCOVERY_FINISHED,
-        [eventA, eventB],
-      );
-    });
-    it('queues new events after initial discovery is finished', function () {
-      const eventA = { signature: 'url.get', url: 'url', method: 'get' };
-      core.routeCoverage.discover(eventA);
-      core.routeCoverage.discoveryFinished();
-      expect(core.messages.emit).to.have.been.calledWith(
-        Event.ROUTE_COVERAGE_DISCOVERY_FINISHED,
-        [eventA],
-      );
-      const eventB = { signature: 'url.post', url: 'url', method: 'post' };
-      core.routeCoverage.discover(eventA); // check that we dedupe routes discoverd on startup
-      core.routeCoverage.discover(eventB);
-      core.routeCoverage.discover(eventB); // check that we dedupe routes defined lazily
-      clock.tick(10000); //queuingFinished
-      expect(core.messages.emit).to.have.been.calledWith(
-        Event.ROUTE_COVERAGE_DISCOVERY_FINISHED,
-        [eventB],
-      );
-    });
-  });
-  describe('.observe()', function () {
-    beforeEach(function () {
-      routeCoverage(core).install();
-    });
-    it('logs debug messages when a route is missing on observation', function () {
-      const info = { url: 'url', method: 'get' };
-      core.routeCoverage.observe(info);
-      expect(core.logger.debug).to.have.been.calledOnceWithExactly(
-        info,
-        'unable to observe undiscovered route',
-      );
-    });
-    it('emits an event on route observation', function () {
-      const event = {
-        signature: 'hello',
-        url: 'url',
-        method: 'get',
-        sourceInfo: undefined
-      };
-      core.routeCoverage.discover(event);
-      core.routeCoverage.observe(event);
-      expect(core.messages.emit).to.have.been.calledWith(
-        Event.ROUTE_COVERAGE_OBSERVATION,
-        event,
-      );
-    });
-    it('emits an event on route observation and appends sourceInfo when in request scope', function () {
-      const event = {
-        signature: 'hello',
-        url: 'url',
-        method: 'get',
-      };
-      core.routeCoverage.discover(event);
-      simulateRequestScope(() => {
-        core.routeCoverage.observe(event);
-        const { sourceInfo, route } = core.scopes.sources.getStore();
-        expect(sourceInfo).to.be.ok;
-        expect(route).to.eql({ method: 'get', signature: 'hello', url: 'url' });
-        expect(core.messages.emit).to.have.been.calledWith(
-          Event.ROUTE_COVERAGE_OBSERVATION,
-          sinon.match({ ...event, sourceInfo })
-        );
-      });
-    });
-  });
-});

package/lib/install/express/express4.test.js DELETED Viewed

@@ -1,418 +0,0 @@
-'use strict';
-const { expect } = require('chai');
-const sinon = require('sinon');
-const scopes = require('@contrast/scopes');
-const patcher = require('@contrast/patcher');
-const mocks = require('@contrast/test/mocks');
-const METHODS = [
-  'all',
-  'get',
-  'post',
-  'put',
-  'delete',
-  'patch',
-  'options',
-  'head',
-];
-describe('route-coverage express', function () {
-  let core, http, Server, application, Router, Layer, express, fn, framework;
-  beforeEach(function () {
-    core = mocks.core();
-    core.logger = mocks.logger();
-    core.routeCoverage = mocks.routeCoverage();
-    core.scopes = scopes(core);
-    core.depHooks = mocks.depHooks();
-    core.patcher = patcher(core);
-    application = () => application;
-    Router = () => Router;
-    Layer = () => Layer;
-    Layer.handle = sinon.stub();
-    express = () => application;
-    framework = 'express';
-    Router.stack = [];
-    Router.handle = sinon.stub();
-    Router.use = (prefix, router) => {
-      Router.stack.push({ handle: router, name: 'router', regexp: { source: `\\${prefix}` } });
-    };
-    express.application = application;
-    express.application.use = (prefix, router) => {
-      if (router?.use) router.use(prefix, router);
-      return { _router: Router };
-    };
-    express.application._router = Router;
-    express.Router = Router;
-    METHODS.forEach((method) => {
-      application[method] = () => {
-        Router.stack.push(Layer);
-        return { _router: Router };
-      };
-      Router[method] = (path, fn) => {
-        Layer.regexp = { source: `\\${path}` };
-        Layer.route = {
-          path,
-          stack: [
-            {
-              method
-            }
-          ],
-          methods: {
-            _all: false
-          }
-        };
-        if (fn) Router.stack.push(Layer);
-        return Router;
-      };
-    });
-    Server = function () { };
-    Server.prototype.listen = sinon.stub();
-    http = {
-      Server,
-      createServer() {
-        return new Server();
-      }
-    };
-    fn = sinon.stub();
-    core.depHooks.resolve.withArgs({ name: 'express', version: '>=4 <5' }).yields(express);
-    core.depHooks.resolve.withArgs({ name: 'http' }).yields(http);
-    require('./express4')(core).install();
-  });
-  describe('app', function () {
-    METHODS.forEach((method) => {
-      describe(`${method}`, function () {
-        it('does not report a non-existent route', function () {
-          const app = express();
-          app[method]();
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('does not report an invalid route', function () {
-          const app = express();
-          app[method](42);
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('does not report a route missing a method', function () {
-          const app = express();
-          app[method]('/test/route');
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('discovers a route', function () {
-          const app = express();
-          app[method]('/test/route', fn);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `App.${method}('/test/route', [Function])`,
-            url: '/test/route',
-            normalizedUrl: '/test/route',
-            method,
-            framework
-          });
-        });
-        it('discovers an array route', function () {
-          const app = express();
-          app[method](['/test/foo', '/test/bar'], fn);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `App.${method}('/[/test/foo,/test/bar]', [Function])`,
-            url: '/[/test/foo,/test/bar]',
-            normalizedUrl: '/[/test/foo,/test/bar]',
-            method,
-            framework
-          });
-        });
-        it('discovers a regEx route', function () {
-          const app = express();
-          app[method](/f*o/, fn);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `App.${method}('/{f*o}', [Function])`,
-            url: '/{f*o}',
-            normalizedUrl: '/{f*o}',
-            method,
-            framework
-          });
-        });
-      });
-    });
-    it('does not discover and App.use route with no path and no router', function () {
-      const app = express();
-      app.use(fn);
-      expect(core.routeCoverage.discover).not.have.been.called;
-    });
-    it('discovers an App.use route', function () {
-      const app = express();
-      app.use('/foo', fn);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: 'App.use(\'/foo\', [Function])',
-        url: '/foo',
-        normalizedUrl: '/foo',
-        method: 'use',
-        framework
-      });
-    });
-    it('discovers an App.use route with a non-string url', function () {
-      const app = express();
-      app.use(['/foo'], fn);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: 'App.use(\'/[/foo]\', [Function])',
-        url: '/[/foo]',
-        normalizedUrl: '/[/foo]',
-        method: 'use',
-        framework
-      });
-    });
-    it('discovers a route with middleware defined in an array', function() {
-      const app = express();
-      app.use('/foo', [fn]);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: 'App.use(\'/foo\', [Function])',
-        url: '/foo',
-        normalizedUrl: '/foo',
-        method: 'use',
-        framework
-      });
-    });
-    it('does not observe a route with an undefined method', function () {
-      const app = express();
-      app.get('/path/to/foo', fn);
-      express.Router.handle({
-        originalUrl: '/path/to/foo',
-        route: { path: '/path/to/foo' }
-      });
-      expect(core.routeCoverage.observe).to.not.have.been.called;
-    });
-    it('observes a route when a route handler is exercised', function () {
-      const app = express();
-      app.get('/path/to/foo', fn);
-      express.Router.stack[0].handle({
-        method: 'GET',
-        originalUrl: '/path/to/foo',
-        route: { path: '/path/to/foo' }
-      });
-      expect(core.routeCoverage.observe).to.have.been.calledWith({
-        signature: "App.get('/path/to/foo', [Function])",
-        url: '/path/to/foo',
-        normalizedUrl: '/path/to/foo',
-        method: 'get',
-        framework
-      });
-    });
-    it('observes a route with a regExp path', function () {
-      const app = express();
-      app.get(/.*/, fn);
-      express.Router.stack[0].handle({
-        method: 'GET',
-        originalUrl: '/path',
-        route: { path: /.*/ }
-      });
-      expect(core.routeCoverage.observe).to.have.been.calledWith({
-        signature: "App.get('/{.*}', [Function])",
-        url: '/path',
-        normalizedUrl: '/{.*}',
-        method: 'get',
-        framework
-      });
-    });
-    it('observes a route with an Array path', function () {
-      const app = express();
-      app.get(['/test/foo', '/test/bar'], fn);
-      express.Router.stack[0].handle({
-        method: 'GET',
-        originalUrl: '/[/test/foo,/test/bar]',
-        route: { path: ['/test/foo', '/test/bar'] }
-      });
-      expect(core.routeCoverage.observe).to.have.been.calledWith({
-        signature: "App.get('/[/test/foo,/test/bar]', [Function])",
-        url: '/[/test/foo,/test/bar]',
-        normalizedUrl: '/[/test/foo,/test/bar]',
-        method: 'get',
-        framework
-      });
-    });
-    it('updates route prefixes', function () {
-      const app = express();
-      const router = express.Router();
-      router.get('/foo', fn);
-      app.use('/prefix', router);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: "Router.get('/prefix/foo', [Function])",
-        url: '/prefix/foo',
-        normalizedUrl: '/prefix/foo',
-        method: 'get',
-        framework
-      });
-    });
-  });
-  describe('router', function () {
-    METHODS.forEach((method) => {
-      describe(`${method}`, function () {
-        it('does not report a non-existent route', function () {
-          const app = express();
-          const router = express.Router();
-          router[method]();
-          app.use(router);
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('does not report an invalid route', function () {
-          const app = express();
-          const router = express.Router();
-          router[method](42);
-          app.use(router);
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('does not report a route missing a handler', function () {
-          const app = express();
-          const router = express.Router();
-          router[method]('/test/route');
-          app.use(router);
-          expect(core.routeCoverage.discover).not.to.have.been.called;
-        });
-        it('discovers a route', function () {
-          const app = express();
-          const router = express.Router();
-          router[method]('/test/route', fn);
-          app.use(router);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `Router.${method}('/test/route', [Function])`,
-            url: '/test/route',
-            normalizedUrl: '/test/route',
-            method,
-            framework
-          });
-        });
-        it('discovers an array route', function () {
-          const app = express();
-          const router = express.Router();
-          router[method](['/test/foo', '/test/bar'], fn);
-          app.use(router);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `Router.${method}('/[/test/foo,/test/bar]', [Function])`,
-            url: '/[/test/foo,/test/bar]',
-            normalizedUrl: '/[/test/foo,/test/bar]',
-            method,
-            framework
-          });
-        });
-        it('discovers a regEx route', function () {
-          const app = express();
-          const router = express.Router();
-          router[method](/f*o/, fn);
-          app.use(router);
-          expect(core.routeCoverage.discover).to.have.been.calledWith({
-            signature: `Router.${method}('/{f*o}', [Function])`,
-            url: '/{f*o}',
-            normalizedUrl: '/{f*o}',
-            method,
-            framework
-          });
-        });
-      });
-    });
-    it('does not observe a route with an undefined method', function () {
-      const app = express();
-      const router = express.Router();
-      router.get('/path/to/foo', fn);
-      app.use(router);
-      express.Router.handle({
-        originalUrl: '/path/to/foo',
-        route: { path: '/path/to/foo' }
-      });
-      expect(core.routeCoverage.observe).to.not.have.been.called;
-    });
-    it('observes a route when a route handler is exercised', function () {
-      const app = express();
-      const router = express.Router();
-      router.get('/path/to/foo', fn);
-      app.use(router);
-      express.Router.stack[0].handle({
-        method: 'GET',
-        originalUrl: '/path/to/foo',
-        route: { path: '/path/to/foo' }
-      });
-      expect(core.routeCoverage.observe).to.have.been.calledWith({
-        signature: "Router.get('/path/to/foo', [Function])",
-        url: '/path/to/foo',
-        normalizedUrl: '/path/to/foo',
-        method: 'get',
-        framework
-      });
-    });
-    it('updates route prefixes on nested router', function () {
-      const app = express();
-      const router = express.Router();
-      router.get('/foo', fn);
-      router.use('/prefix', router);
-      app.use(router);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: "Router.get('/prefix/foo', [Function])",
-        url: '/prefix/foo',
-        normalizedUrl: '/prefix/foo',
-        method: 'get',
-        framework
-      });
-    });
-    it('updates route prefixes on a non-nested router', function () {
-      const app = express();
-      const router = express.Router();
-      const router2 = express.Router();
-      router.get('/foo', fn);
-      router2.use('/prefix', router);
-      app.use(router);
-      expect(core.routeCoverage.discover).to.have.been.calledWith({
-        signature: "Router.get('/prefix/foo', [Function])",
-        url: '/prefix/foo',
-        normalizedUrl: '/prefix/foo',
-        method: 'get',
-        framework
-      });
-    });
-  });
-});