npm - @contrast/route-coverage - Versions diffs - 1.45.2 → 1.46.0 - Mend

@contrast/route-coverage 1.45.2 → 1.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/index.js +1 -9
package/lib/install/express/express5.js +17 -19
package/package.json +8 -8
package/lib/normalized-url-mapper.js +0 -174

package/lib/index.js CHANGED Viewed

@@ -16,7 +16,6 @@
 'use strict';
 const { callChildComponentMethodsSync, Event } = require('@contrast/common');
-const NormalizedUrlMapper = require('./normalized-url-mapper');
 /**
  * @param {import('.').Core & {
@@ -36,21 +35,14 @@ module.exports = function init(core) {
   const routeQueue = new Map();
   const routeIdentifier = (method, signature) => `${method}.${signature}`;
-  const routeCoverage = core.routeCoverage = {
-    _normalizedUrlMapper: new NormalizedUrlMapper(),
-    uriPathToNormalizedUrl(uriPath) {
-      return this._normalizedUrlMapper.map(uriPath);
-    },
+  const routeCoverage = core.routeCoverage = {
     discover(info) {
       const id = routeIdentifier(info.method, info.signature);
       if (routeInfo.get(id)) return;
       logger.trace({ info }, 'Discovered new route:');
       routeInfo.set(id, info);
-      this._normalizedUrlMapper.handleDiscover(info);
     },
     discoveryFinished() {

package/lib/install/express/express5.js CHANGED Viewed

@@ -386,10 +386,14 @@ class ExpressInstrumentation {
         // `value` is a terminal Layer with observable signatures.
         // emit discovery after appending metadata.
         if (value[kMetaKey]) {
-          if (!value[kMetaKey].observables) {
-            value[kMetaKey].observables = {};
+          const observables = this.generateObservables(metas, value.handle);
+          if (observables) {
+            if (!value[kMetaKey].observables) {
+              value[kMetaKey].observables = observables;
+            } else {
+              Object.assign(value[kMetaKey].observables, observables);
+            }
           }
-          Object.assign(value[kMetaKey].observables, this.generateObservables(metas, value.handle));
           self.discover(value[kMetaKey]);
         }
       }
@@ -411,31 +415,28 @@ class ExpressInstrumentation {
         maybeLayer?.constructor?.name == 'Layer' &&
         !maybeLayer?.stack?.length
       ) {
-        //
         let _data = data.get(maybeLayer);
         if (!_data) {
-          _data = { path: [...path] };
+          _data = { paths: [] };
           data.set(maybeLayer, _data);
         }
         // you can mount a router on itself
         // prevent infinitely recursing into self-mounted routers
-        if (path.length > _data.path.length) {
-          let isNested = true;
-          loopPaths: for (let idx = 0; idx < _data.path.length; idx++) {
-            if (path[idx] != _data.path[idx]) {
-              isNested = false;
-              break loopPaths;
-            }
-          }
-          if (isNested) {
-            // todo: we don't support recursive router discovery/observation case atm
-            // stop to avoid infinite traversal
+        for (const visitedPath of _data.paths) {
+          // these conditions indicate recursive nesting at particular path
+          if (
+            path.length > visitedPath.length &&
+            visitedPath.every((el, i) => path[i] == el)
+          ) {
             path.pop();
             continue loopKeys;
           }
         }
+        _data.paths.push([...path]); // copy because path argument mutates
         const halt = cb(path, key, maybeLayer, target) === false;
         if (halt) return;
       }
@@ -500,9 +501,6 @@ class ExpressInstrumentation {
     // build signature lookup based on each template (normalizeUri)
     const map = templates.reduce((acc, routeTemplate) => {
       if (!routeTemplate) routeTemplate = '/';
-      if (routeTemplate?.includes?.('typecheck')) {
-        // console.dir({ info, template });
-      }
       acc[routeTemplate] = `${type}.${method}('${routeTemplate}', ${formattedHandler})`;
       return acc;
     }, {});

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/route-coverage",
-  "version": "1.45.2",
+  "version": "1.46.0",
   "description": "Handles route discovery and observation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,14 +20,14 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.34.2",
-    "@contrast/config": "1.49.2",
-    "@contrast/core": "1.54.2",
-    "@contrast/dep-hooks": "1.23.2",
+    "@contrast/common": "1.35.0",
+    "@contrast/config": "1.50.0",
+    "@contrast/core": "1.55.0",
+    "@contrast/dep-hooks": "1.24.0",
     "@contrast/fn-inspect": "^4.3.0",
-    "@contrast/logger": "1.27.2",
-    "@contrast/patcher": "1.26.2",
-    "@contrast/scopes": "1.24.2",
+    "@contrast/logger": "1.28.0",
+    "@contrast/patcher": "1.27.0",
+    "@contrast/scopes": "1.25.0",
     "semver": "^7.6.0"
   }
 }

package/lib/normalized-url-mapper.js DELETED Viewed

@@ -1,174 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const {
-  get,
-  set,
-  primordials: { StringPrototypeSubstr, StringPrototypeSplit }
-} = require('@contrast/common');
-class NormalizedUrlMapper {
-  constructor() {
-    this._db = {
-      // index by static routes e.g.
-      // '/' => {}
-      // '/home' => {}
-      static: new Map(),
-      // or segment-count for parameterized routes
-      // '2' => { '/users/:id', '/profile/:id' }
-      // '3' => { '/users/:id/orders', '/profile/:id/address' }
-      parameterized: {},
-      // regex is used instead of string path
-      regex: new Map(),
-      // dynamic beyond parameterization e.g. regex syntax, '/abc+', '/abc*', '/[v1|v1.1]/users'.
-      // we could key off of segment length here like we do above.
-      dynamic: {},
-    };
-    this._defaultDynamicRe = /\(|\?|\||\[|\*|\+|\{/;
-    this._hapiDynamicRe = /\(|\?|\||\[|\*|\+/;
-  }
-  _getPathSegments(uriPath) {
-    if (!uriPath?.length) return null;
-    return StringPrototypeSplit.call(StringPrototypeSubstr.call(uriPath, 1), '/');
-  }
-  _looksDynamic(segment, framework) {
-    if (framework == 'hapi') {
-      return this._hapiDynamicRe.test(segment);
-    }
-    // app.get('/::fiddle') will handle requests to '/:fiddle'
-    if (segment.includes('::')) return true;
-    return this._defaultDynamicRe.test(segment);
-  }
-  _looksParamaterized(segment, framework) {
-    if (framework == 'hapi') {
-      return segment.startsWith('{');
-    }
-    // no point iterating last character
-    for (let idx = 0; idx < segment.length - 1; idx++) {
-      // '/foo::bar' is not parameterized (fastify) - maps to '/foo:bar'
-      // make sure ':' appears by itself
-      if (
-        segment[idx] == ':' &&
-        segment[idx - 1] != ':' &&
-        segment[idx + 1] != ':'
-      ) {
-        return true;
-      }
-    }
-    return false;
-  }
-  /**
-   * Tries to map a raw URL path to the "normalized" value used to declare the route.
-   * Aims to be as performant as possible.
-   * @param {string} uriPath path without queries
-   * @returns {}
-   */
-  _query(uriPath) {
-    // check if static first
-    if (this._db.static.has(uriPath)) return this._db.static.get(uriPath);
-    // else check dynamic routes by segment count
-    const _segments = this._getPathSegments(uriPath);
-    const entriesToCheck = this._db.parameterized[_segments.length];
-    if (entriesToCheck) {
-      for (const [, route] of entriesToCheck.entries()) {
-        const { segments } = route;
-        if (segments.every((seg, idx) => !seg || seg == _segments[idx])) {
-          return route;
-        }
-      }
-    }
-    return null;
-  }
-  /**
-   * Registers route discovery meta into _db.
-   * @param {import('@contrast/common').RouteInfo} routeInfo
-   */
-  handleDiscover(routeInfo) {
-    if (!routeInfo.normalizedUrl) {
-      // todo should log but don't have core
-      return;
-    }
-    let segments;
-    let dbIndex;
-    let isParameterized = false;
-    let isDynamic = false;
-    const isRegExp = routeInfo.normalizedUrl?.constructor?.name == 'RegExp';
-    if (!isRegExp) {
-      segments = this._getPathSegments(routeInfo.normalizedUrl);
-      for (let i = 0; i < segments.length; i++) {
-        const segment = segments[i];
-        // these heuristic checks may not scale for all frameworks. we may want to dispatch to
-        // a framework-specific strategy that can specialize in mapping to the _db entry index.
-        if (this._looksDynamic(segment, routeInfo.framework)) {
-          isDynamic = true;
-        } else if (this._looksParamaterized(segment, routeInfo.framework)) {
-          isParameterized = true;
-          // replace segments to check with undefined if parameterized
-          segments[i] = undefined;
-        }
-      }
-    }
-    const meta = {
-      normalizedUrl: routeInfo.normalizedUrl,
-      signature: routeInfo.signature,
-    };
-    if (isDynamic) {
-      dbIndex = `dynamic.${segments.length}`;
-    } else if (isParameterized) {
-      // can be both dynamic and parameterized, e.g. '/:file{.:ext}', '/api/(v1|v2)/:user'
-      // but that's not what we want in this case
-      dbIndex = `parameterized.${segments.length}`;
-      meta.segments = segments;
-    } else if (isRegExp) {
-      dbIndex = 'regex';
-    } else {
-      dbIndex = 'static';
-    }
-    // ensure appropriate collection is there
-    if (!get(this._db, dbIndex)) set(this._db, dbIndex, new Map());
-    get(this._db, dbIndex).set(routeInfo.normalizedUrl, meta);
-  }
-  /**
-   * Returns the normalizedUrl associated with raw uriPath. If the
-   * value can't be determined from internal _db, this return null.
-   * @param {string} uriPath
-   * @returns {string}
-   */
-  map(uriPath) {
-    /** @type import('@contrast/common').RouteInfo */
-    const record = this._query(uriPath);
-    return record ? record.normalizedUrl : null;
-  }
-}
-module.exports = NormalizedUrlMapper;