@depup/elastic-apm-node 4.15.0-depup.0

package/lib/constants.js

@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+/**
+ * Central location for shared constants
+ */
+
+module.exports = {
+  // The default span or transaction `type`.
+  DEFAULT_SPAN_TYPE: 'custom',
+
+  REDACTED: '[REDACTED]',
+  OUTCOME_FAILURE: 'failure',
+  OUTCOME_SUCCESS: 'success',
+  OUTCOME_UNKNOWN: 'unknown',
+  RESULT_SUCCESS: 'success',
+  RESULT_FAILURE: 'failure',
+
+  // https://github.com/elastic/apm/blob/main/specs/agents/tracing-instrumentation-messaging.md#receiving-trace-context
+  MAX_MESSAGES_PROCESSED_FOR_TRACE_CONTEXT: 1000,
+
+  // Config constants
+  INTAKE_STRING_MAX_SIZE: 1024,
+  CAPTURE_ERROR_LOG_STACK_TRACES_NEVER: 'never',
+  CAPTURE_ERROR_LOG_STACK_TRACES_MESSAGES: 'messages',
+  CAPTURE_ERROR_LOG_STACK_TRACES_ALWAYS: 'always',
+  CONTEXT_MANAGER_ASYNCHOOKS: 'asynchooks',
+  CONTEXT_MANAGER_ASYNCLOCALSTORAGE: 'asynclocalstorage',
+  TRACE_CONTINUATION_STRATEGY_CONTINUE: 'continue',
+  TRACE_CONTINUATION_STRATEGY_RESTART: 'restart',
+  TRACE_CONTINUATION_STRATEGY_RESTART_EXTERNAL: 'restart_external',
+};

package/lib/errors.js

@@ -0,0 +1,303 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+// Handle creating error event objects to be sent to APM server.
+// https://github.com/elastic/apm-server/blob/master/docs/spec/v2/error.json
+
+const crypto = require('crypto');
+var path = require('path');
+const util = require('util');
+
+const { gatherStackTrace } = require('./stacktraces');
+
+const MYSQL_ERROR_MSG_RE = /(ER_[A-Z_]+): /;
+
+// ---- internal support functions
+
+// Default `culprit` to the top of the stack or the highest non `library_frame`
+// frame if such exists
+function culpritFromStacktrace(frames) {
+  if (frames.length === 0) return;
+
+  var filename = frames[0].filename;
+  var fnName = frames[0].function;
+  for (var n = 0; n < frames.length; n++) {
+    if (!frames[n].library_frame) {
+      filename = frames[n].filename;
+      fnName = frames[n].function;
+      break;
+    }
+  }
+
+  return filename ? fnName + ' (' + filename + ')' : fnName;
+}
+
+// Infer the node.js module name from the top frame filename, if possible.
+// Here `frames` is a data structure as returned by `parseStackTrace`.
+//
+// Examples:
+//    node_modules/mymodule/index.js
+//                 ^^^^^^^^
+//    node_modules/@myorg/mymodule/index.js
+//                 ^^^^^^^^^^^^^^^
+// or on Windows:
+//    node_modules\@myorg\mymodule\lib\subpath\index.js
+//                 ^^^^^^^^^^^^^^^
+function _moduleNameFromFrames(frames) {
+  if (frames.length === 0) {
+    return null;
+  }
+  var frame = frames[0];
+  if (!frame.library_frame) {
+    return null;
+  }
+  var idx = frame.filename.lastIndexOf('node_modules' + path.sep);
+  if (idx === -1) {
+    return null;
+  }
+  var parts = frame.filename.slice(idx).split(path.sep);
+  if (!parts[1]) {
+    return null;
+  } else if (parts[1].startsWith('@')) {
+    if (!parts[2]) {
+      // node_modules/@foo
+      return null;
+    } else {
+      // Normalize the module name separator to '/', even on Windows.
+      return parts[1] + '/' + parts[2];
+    }
+  } else {
+    return parts[1];
+  }
+}
+
+// Gather properties from `err` to be used for `error.exception.attributes`.
+// If there are no properties to include, then it returns undefined.
+function attributesFromErr(err) {
+  let n = 0;
+  const attrs = {};
+  const keys = Object.keys(err);
+  for (let i = 0; i < keys.length; i++) {
+    const key = keys[i];
+    if (key === 'stack') {
+      continue; // 'stack' seems to be enumerable in Node 0.11
+    }
+    if (key === 'code') {
+      continue; // 'code' is already used for `error.exception.code`
+    }
+
+    let val = err[key];
+    if (val === null) {
+      continue; // null is typeof object and well break the switch below
+    }
+    switch (typeof val) {
+      case 'function':
+        continue;
+      case 'object':
+        // Ignore all objects except Dates.
+        if (
+          typeof val.toISOString !== 'function' ||
+          typeof val.getTime !== 'function'
+        ) {
+          continue;
+        } else if (Number.isNaN(val.getTime())) {
+          val = 'Invalid Date'; // calling toISOString() on invalid dates throws
+        } else {
+          val = val.toISOString();
+        }
+    }
+    attrs[key] = val;
+    n++;
+  }
+  return n ? attrs : undefined;
+}
+
+// ---- exports
+
+function generateErrorId() {
+  return crypto.randomBytes(16).toString('hex');
+}
+
+// Create an "error" APM event object to be sent to APM server.
+//
+// Required args:
+// - Exactly one of `args.exception` or `args.logMessage` must be set.
+//   `args.exception` is an Error instance. `args.logMessage` is a log message
+//   string, or an object of the form `{ message: 'template', params: [ ... ]}`
+//   which will be formated with `util.format()`.
+// - `args.id` - An ID for the error. It should be created with
+//   `errors.generateErrorId()`.
+// - `args.log` {Logger}
+// - `args.shouldCaptureAttributes` {Boolean}
+// - `args.timestampUs` {Integer} - Timestamp of the error in microseconds.
+// - `args.handled` {Boolean}
+// - `args.sourceLinesAppFrames` {Integer} - Number of lines of source context
+//   to include in stack traces.
+// - `args.sourceLinesLibraryFrames` {Integer} - Number of lines of source
+//   context to include in stack traces. This and the previous arg are typically
+//   select from the agent `sourceLines{Error,Span}{App,Library}Frames` config
+//   vars.
+//
+// Optional args:
+// - `args.callSiteLoc` - A `Error.captureStackTrace`d object with a stack to
+//   include as `error.log.stacktrace`.
+// - `args.traceContext` - The current TraceContext, if any.
+// - `args.trans` - The current transaction, if any.
+// - `args.errorContext` - An object to be included as `error.context`.
+// - `args.message` - A message string that will be included as `error.log.message`
+//   if `args.exception` is given. Ignored if `args.logMessage` is given.
+// - `args.exceptionType` - A string to use for `error.exception.type`. By
+//   default `args.exception.name` is used. This argument is only relevant if
+//   `args.exception` was provided.
+//
+// This always calls back with `cb(null, apmError)`, i.e. it doesn't fail.
+function createAPMError(args, cb) {
+  let numAsyncStepsRemaining = 0; // finish() will call cb() only when this is 0.
+
+  const error = {
+    id: args.id,
+    timestamp: args.timestampUs,
+  };
+  if (args.traceContext) {
+    error.parent_id = args.traceContext.traceparent.id;
+    error.trace_id = args.traceContext.traceparent.traceId;
+  }
+  if (args.trans) {
+    error.transaction_id = args.trans.id;
+    error.transaction = {
+      name: args.trans.name,
+      type: args.trans.type,
+      sampled: args.trans.sampled,
+    };
+  }
+  if (args.errorContext) {
+    error.context = args.errorContext;
+  }
+
+  if (args.exception) {
+    // Handle an exception, i.e. `captureError(<an Error instance>, ...)`.
+    const err = args.exception;
+    const errMsg = String(err.message);
+    error.exception = {
+      message: errMsg,
+      type: args.exceptionType || String(err.name),
+      handled: args.handled,
+    };
+
+    if ('code' in err) {
+      error.exception.code = String(err.code);
+    } else {
+      // To provide better grouping of mysql errors that happens after the async
+      // boundery, we modify to exception type to include the custom mysql error
+      // type (e.g. ER_PARSE_ERROR)
+      var match = errMsg.match(MYSQL_ERROR_MSG_RE);
+      if (match) {
+        error.exception.code = match[1];
+      }
+    }
+
+    // Optional add an alternative error message as well as the exception message.
+    if (args.message && typeof args.message === 'string') {
+      error.log = { message: args.message };
+    }
+
+    if (args.shouldCaptureAttributes) {
+      const attrs = attributesFromErr(err);
+      if (attrs) {
+        error.exception.attributes = attrs;
+      }
+    }
+
+    numAsyncStepsRemaining++;
+    gatherStackTrace(
+      args.log,
+      args.exception,
+      args.sourceLinesAppFrames,
+      args.sourceLinesLibraryFrames,
+      null, // filterCallSite
+      function (_err, stacktrace) {
+        // _err from gatherStackTrace is always null.
+
+        const culprit = culpritFromStacktrace(stacktrace);
+        if (culprit) {
+          error.culprit = culprit;
+        }
+        const moduleName = _moduleNameFromFrames(stacktrace);
+        if (moduleName) {
+          // TODO: consider if we should include this as it's not originally what module was intended for
+          error.exception.module = moduleName;
+        }
+        error.exception.stacktrace = stacktrace;
+        finish();
+      },
+    );
+  } else {
+    // Handle a logMessage, i.e. `captureError(<not an Error instance>, ...)`.
+    error.log = {};
+    const msg = args.logMessage;
+    if (typeof msg === 'string') {
+      error.log.message = msg;
+    } else if (typeof msg === 'object' && msg !== null) {
+      if (msg.message) {
+        error.log.message = util.format.apply(
+          this,
+          [msg.message].concat(msg.params),
+        );
+        error.log.param_message = msg.message;
+      } else {
+        error.log.message = util.inspect(msg);
+      }
+    } else {
+      error.log.message = String(msg);
+    }
+  }
+
+  if (args.callSiteLoc) {
+    numAsyncStepsRemaining++;
+    gatherStackTrace(
+      args.log,
+      args.callSiteLoc,
+      args.sourceLinesAppFrames,
+      args.sourceLinesLibraryFrames,
+      null, // filterCallSite
+      function (_err, stacktrace) {
+        // _err from gatherStackTrace is always null.
+
+        if (stacktrace) {
+          // In case there isn't any log object, we'll make a dummy message
+          // as the APM Server requires a message to be present if a
+          // stacktrace also present
+          if (!error.log) {
+            error.log = { message: error.exception.message };
+          }
+          error.log.stacktrace = stacktrace;
+          finish();
+        }
+      },
+    );
+  } else {
+    numAsyncStepsRemaining++;
+    setImmediate(finish);
+  }
+
+  function finish() {
+    numAsyncStepsRemaining--;
+    if (numAsyncStepsRemaining === 0) {
+      cb(null, error);
+    }
+  }
+}
+
+module.exports = {
+  generateErrorId,
+  createAPMError,
+
+  // Exported for testing.
+  attributesFromErr,
+  _moduleNameFromFrames,
+};

package/lib/filters/sanitize-field-names.js

@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+const querystring = require('querystring');
+
+const HEADER_FORM_URLENCODED = 'application/x-www-form-urlencoded';
+const REDACTED = require('../constants').REDACTED;
+
+/**
+ * Handles req.body as object or string
+ *
+ * Express provides multiple body parser middlewares with x-www-form-urlencoded
+ * handling.  See http://expressjs.com/en/resources/middleware/body-parser.html
+ *
+ * @param {Object | String} body
+ * @param {Object} requestHeaders
+ * @param {Array<RegExp>} regexes
+ * @returns {Object | String} a copy of the body with the redacted fields
+ */
+function redactKeysFromPostedFormVariables(body, requestHeaders, regexes) {
+  // only redact from application/x-www-form-urlencoded
+  if (HEADER_FORM_URLENCODED !== requestHeaders['content-type']) {
+    return body;
+  }
+
+  // if body is a plain object, use redactKeysFromObject
+  if (body !== null && !Buffer.isBuffer(body) && typeof body === 'object') {
+    return redactKeysFromObject(body, regexes);
+  }
+
+  // if body is a string, use querystring to create object,
+  // pass to redactKeysFromObject, and reserialize as string
+  if (typeof body === 'string') {
+    const objBody = redactKeysFromObject(querystring.parse(body), regexes);
+    return querystring.stringify(objBody);
+  }
+
+  return body;
+}
+
+/**
+ * Returns a copy of the provided object. Each entry of the copy will have
+ * its value REDACTEd if the key matches any of the regexes
+ *
+ * @param {Object} obj The source object be copied with redacted fields
+ * @param {Array<RegExp>} regexes RegExps to check if the entry value needd to be redacted
+ * @param {String} redactedStr The string to use for redacted values. Defaults to '[REDACTED]'.
+ * @returns {Object} Copy of the source object with REDACTED entries or the original if falsy or regexes is not an array
+ */
+function redactKeysFromObject(obj, regexes, redactedStr = REDACTED) {
+  if (!obj || !Array.isArray(regexes)) {
+    return obj;
+  }
+  const result = {};
+  for (const key of Object.keys(obj)) {
+    const shouldRedact = regexes.some((regex) => regex.test(key));
+    result[key] = shouldRedact ? redactedStr : obj[key];
+  }
+  return result;
+}
+
+module.exports = {
+  redactKeysFromObject,
+  redactKeysFromPostedFormVariables,
+};

package/lib/http-request.js

@@ -0,0 +1,249 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+// A lib that provides a slightly enhanced method for making an HTTP request.
+
+const { URL } = require('url');
+
+// Getting handles on these `.request()` functions at the top-level ensures
+// that we have *un*instrumented functions for internal HTTP request usage.
+const coreHttpRequest = require('http').request;
+const coreHttpsRequest = require('https').request;
+
+// From https://github.com/nodejs/node/blob/v14.15.4/lib/internal/url.js#L1267-L1289
+// for node v8 support.
+//
+// Utility function that converts a URL object into an ordinary
+// options object as expected by the http.request and https.request
+// APIs.
+function urlToOptions(url) {
+  const options = {
+    protocol: url.protocol,
+    hostname:
+      typeof url.hostname === 'string' && url.hostname.startsWith('[')
+        ? url.hostname.slice(1, -1)
+        : url.hostname,
+    hash: url.hash,
+    search: url.search,
+    pathname: url.pathname,
+    path: `${url.pathname || ''}${url.search || ''}`,
+    href: url.href,
+  };
+  if (url.port !== '') {
+    options.port = Number(url.port);
+  }
+  if (url.username || url.password) {
+    options.auth = `${url.username}:${url.password}`;
+  }
+  return options;
+}
+
+// A wrapper around `{http|https}.request()` that adds support for a connection
+// timeout separate from the existing `options.timeout`.
+//
+// The existing `options.timeout` to `http.request()` sets `socket.setTimeout()`
+// which will emit the 'timeout' event if there is an period of socket idleness
+// that is this long. In practice for short-lived requests, it is a timeout on
+// getting the start of response data back from the server.
+//
+// The new `opts.connectTimeout` is a number of milliseconds count from socket
+// creation to socket 'connect'. If this time is reached a 'connectTimeout'
+// event will be emitted on the request object. As with 'timeout', it is up
+// to the caller to handle destroying the request. See "Usage" below.
+// In pratice this allows for a shorter timeout to see if the remote server
+// is handling connections in a timely manner. To be useful, a `connectTimeout`
+// is typically shorter than a given `timeout`.
+//
+// Usage:
+//    const { httpRequest } = require('./http-request')
+//
+//    var req = httpRequest(url, {
+//        connectTimeout: connectTimeout,
+//        // Any {http|https}.request options ...
+//        timeout: timeout
+//    }, function onRes(res) {
+//        // Handling of the response ...
+//    })
+//
+//    // For both 'timeout' and 'connectTimeout', it is the responsibility
+//    // of the caller to abort the request to clean up.
+//    //
+//    // This `req.destroy()` has the side-effect of self-induced
+//    // "socket hang up" error event, so typically an 'error' event handler
+//    // is also required. One technique is to pass a specific error to
+//    // `req.destroy(...)` that can be inspected in the 'error' event handler.
+//    req.on('timeout', function () {
+//        // ...
+//        req.destroy(new Error('got timeout'))
+//    });
+//
+//    req.on('connectTimeout', function () {
+//        // ...
+//        req.destroy(new Error('got connectTimeout'))
+//    });
+//
+//    req.on('error', function (err) {
+//        // ...
+//    })
+//
+//    req.end()
+//
+function httpRequest(url, opts, cb) {
+  // Handle call signature:
+  //    httpRequest(url: String, opts?: Object, cb?: Function)
+  if (typeof url !== 'string') {
+    throw new TypeError(
+      '"url" argument is not a string, this does not support the "httpRequest(opts, cb)" call signature',
+    );
+  }
+  if (typeof opts === 'function') {
+    cb = opts;
+    opts = {};
+  }
+
+  // Pull out the 'connectTimeout' option that is handled here.
+  const { connectTimeout, ...otherOpts } = opts;
+
+  // While node v8.x is still supported, we need to merge options from the url
+  // and opts to call `http.request(opts, cb)`.
+  const u = new URL(url);
+  const mergedOpts = Object.assign(urlToOptions(u), otherOpts);
+
+  // http or https
+  let requestFn;
+  if (mergedOpts.protocol === 'http:') {
+    requestFn = coreHttpRequest;
+  } else if (mergedOpts.protocol === 'https:') {
+    requestFn = coreHttpsRequest;
+  } else {
+    throw new Error(`unsupported protocol: "${mergedOpts.protocol}"`);
+  }
+
+  const req = requestFn(mergedOpts, cb);
+
+  if (connectTimeout) {
+    // Handle a connection timeout with a timer starting when the request
+    // socket is *created* ("socket" event) and ending when the socket
+    // is connected.
+    req.on('socket', function (socket) {
+      // log.trace({url: url}, 'start connectTimeout')
+      var connectTimer = setTimeout(function onConnectTimeout() {
+        // log.trace({url: url}, 'connectTimeout')
+        req.emit('connectTimeout');
+      }, connectTimeout);
+
+      socket.on('connect', function () {
+        // log.trace({url: url}, 'socket connected, clear connectTimeout')
+        clearTimeout(connectTimer);
+        connectTimer = null;
+      });
+      socket.on('close', function () {
+        if (connectTimer) {
+          // log.trace({url: url}, 'socket close with active connectTimer, clear connectTimeout')
+          clearTimeout(connectTimer);
+        }
+      });
+    });
+  }
+
+  return req;
+}
+
+module.exports = {
+  httpRequest,
+};
+
+// ---- mainline
+
+// This main is only intended to demonstrate usage of this lib; not to be a
+// useful tool.
+//
+// Example:
+//      node http-request.js https://www.elastic.co 100 1000 > elastic.html
+//
+// Example: download a ~1GB file, requiring a 30ms connect time, 2s idle timeout
+//      node http-request.js http://mirror.uoregon.edu/ubuntu-releases/20.04/ubuntu-20.04.1-live-server-amd64.iso 30 2000 > ubuntu.iso
+//
+// Example: connect timeout because google port 81 drops TCP SYN packets:
+//      node http-request.js http://www.google.com:81/foo 1000 10000
+//
+// Example: use `NODE_DEBUG=*` to see internal node debugging details
+//      NODE_DEBUG=* node http-request.js $url 30 1000
+//
+// Example: quick connection, slow response
+//      % cat server.js
+//      var http = require('http');
+//      http.createServer(function (req, res) {
+//          console.log('SERVER: got request')
+//          setTimeout((function() {
+//              res.writeHead(200, {'Content-Type': 'text/plain'});
+//              res.write('line one\n')
+//              setTimeout((function() {
+//                  res.write('line two\n')
+//                  setTimeout((function() {
+//                      res.write('line three\n')
+//                      res.end()
+//                      console.log('SERVER: responded')
+//                  }), 500);
+//              }), 500);
+//          }), 500);
+//      }).listen(8080);
+//      % node server.js &
+//      % node http-request.js http://127.0.0.1:8080/ 10 1000
+function main(argv) {
+  if (argv.length !== 5) {
+    process.stderr.write('http-request: error: incorrect number of args\n');
+    process.stderr.write(
+      'usage: http-request $url $connectTimeoutMs $timeoutMs\n',
+    );
+    process.exitCode = 1;
+    return;
+  }
+  const url = argv[2];
+  const connectTimeout = Number(argv[3]);
+  const timeout = Number(argv[4]);
+
+  var req = httpRequest(
+    url,
+    {
+      timeout,
+      connectTimeout,
+      // TODO: log support
+    },
+    function onRes(res) {
+      res.pipe(process.stdout);
+    },
+  );
+
+  req.on('timeout', function () {
+    console.warn(
+      `http-request: response timeout (${timeout}ms): destroying request`,
+    );
+    req.destroy(new Error('got timeout event'));
+    process.exitCode = 28; // using cURL's errno for a timeout
+  });
+
+  req.on('connectTimeout', function () {
+    console.warn(
+      `http-request: connect timeout (${connectTimeout}ms): destroying request`,
+    );
+    req.destroy(new Error('got connectTimeout event'));
+    process.exitCode = 28; // using cURL's errno for a timeout
+  });
+
+  req.on('error', function (err) {
+    console.warn('http-request: request error:', err);
+    process.exitCode = 1;
+  });
+
+  req.end();
+}
+
+if (require.main === module) {
+  main(process.argv);
+}