@depup/elastic-apm-node 4.15.0-depup.0

package/lib/instrumentation/modules/graphql.js

@@ -0,0 +1,256 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+var semver = require('semver');
+var clone = require('shallow-clone-shim');
+
+var getPathFromRequest = require('../express-utils').getPathFromRequest;
+
+module.exports = function (graphql, agent, { version, enabled }) {
+  if (!enabled) return graphql;
+  if (
+    !semver.satisfies(version, '>=0.7.0 <17') ||
+    !graphql.Kind ||
+    typeof graphql.Source !== 'function' ||
+    typeof graphql.parse !== 'function' ||
+    typeof graphql.validate !== 'function' ||
+    typeof graphql.execute !== 'function'
+  ) {
+    agent.logger.debug(
+      'graphql version %s not supported - aborting...',
+      version,
+    );
+    return graphql;
+  }
+
+  // Over the many versions the `graphql()` and `execute()` functions have
+  // changed in what arguments they accept:
+  // - Initially they only supported positional arguments:
+  //      function graphql(schema, requestString, rootValue, contextValue, variableValues, operationName)
+  // - Starting in v0.10.0 (in #356), they started accepting a second form where
+  //   all fields were passed in an object as the first argument:
+  //      function graphql(argsOrSchema, source, rootValue, contextValue, variableValues, operationName, fieldResolver)
+  //   and `arguments.length === 1` was used as the test to determine which.
+  // - Starting in v16 (in #2904), they dropped positional arguments:
+  //      function graphql(args)
+  const onlySupportsPositionalArgs = semver.lt(version, '0.10.0');
+  const onlySupportsSingleArg = semver.gte(version, '16.0.0');
+
+  const ins = agent._instrumentation;
+
+  return clone({}, graphql, {
+    graphql(descriptor) {
+      const getter = descriptor.get;
+      if (getter) {
+        descriptor.get = function get() {
+          return wrapGraphql(getter());
+        };
+      }
+      return descriptor;
+    },
+    execute(descriptor) {
+      const getter = descriptor.get;
+      if (getter) {
+        descriptor.get = function get() {
+          return wrapExecute(getter());
+        };
+      }
+      return descriptor;
+    },
+  });
+
+  function wrapGraphql(orig) {
+    return function wrappedGraphql(args) {
+      agent.logger.debug('intercepted call to graphql.graphql');
+      const span = ins.createSpan(
+        'GraphQL: Unknown Query',
+        'db',
+        'graphql',
+        'execute',
+      );
+      if (!span) {
+        return orig.apply(this, arguments);
+      }
+
+      let schema;
+      let source;
+      let operationName;
+      const singleArgForm =
+        onlySupportsSingleArg ||
+        (!onlySupportsPositionalArgs && arguments.length === 1);
+      if (singleArgForm) {
+        schema = args.schema;
+        source = args.source;
+        operationName = args.operationName;
+      } else {
+        schema = arguments[0];
+        source = arguments[1];
+        operationName = arguments[5];
+      }
+
+      const sourceObj =
+        typeof source === 'string'
+          ? new graphql.Source(source || '', 'GraphQL request')
+          : source;
+      if (sourceObj) {
+        var documentAST;
+
+        try {
+          documentAST = graphql.parse(sourceObj);
+        } catch (syntaxError) {
+          agent.logger.debug(
+            'graphql.parse(source) failed - skipping graphql query extraction',
+          );
+        }
+
+        if (documentAST) {
+          var validationErrors = graphql.validate(schema, documentAST);
+          if (validationErrors && validationErrors.length === 0) {
+            var queries = extractDetails(documentAST, operationName).queries;
+            if (queries.length > 0)
+              span.name = 'GraphQL: ' + queries.join(', ');
+          }
+        }
+      } else {
+        agent.logger.debug(
+          'graphql.Source(query) failed - skipping graphql query extraction',
+        );
+      }
+
+      const spanRunContext = ins.currRunContext().enterSpan(span);
+      const p = ins.withRunContext(spanRunContext, orig, this, ...arguments);
+      p.then(function () {
+        span.end();
+      });
+      return p;
+    };
+  }
+
+  function wrapExecute(orig) {
+    return function wrappedExecute(args) {
+      agent.logger.debug('intercepted call to graphql.execute');
+      const span = ins.createSpan(
+        'GraphQL: Unknown Query',
+        'db',
+        'graphql',
+        'execute',
+      );
+      if (!span) {
+        agent.logger.debug(
+          'no active transaction found - skipping graphql tracing',
+        );
+        return orig.apply(this, arguments);
+      }
+
+      let document;
+      let operationName;
+      const singleArgForm =
+        onlySupportsSingleArg ||
+        (!onlySupportsPositionalArgs && arguments.length === 1);
+      if (singleArgForm) {
+        document = args.document;
+        operationName = args.operationName;
+      } else {
+        document = arguments[1];
+        operationName = arguments[5];
+      }
+
+      var details = extractDetails(document, operationName);
+      var queries = details.queries;
+      operationName =
+        operationName ||
+        (details.operation &&
+          details.operation.name &&
+          details.operation.name.value);
+      if (queries.length > 0) {
+        span.name =
+          'GraphQL: ' +
+          (operationName ? operationName + ' ' : '') +
+          queries.join(', ');
+      }
+
+      // `_graphqlRoute` is a boolean, set in instrumentations of other modules
+      // that specify 'graphql' in peerDependencies (e.g. '@apollo/server') to
+      // indicate that this transaction is for a GraphQL request.
+      const trans = span.transaction;
+      if (trans._graphqlRoute) {
+        var name =
+          queries.length > 0 ? queries.join(', ') : 'Unknown GraphQL query';
+        if (trans.req) var path = getPathFromRequest(trans.req, true);
+        var defaultName = name;
+        defaultName = path ? defaultName + ' (' + path + ')' : defaultName;
+        defaultName = operationName
+          ? operationName + ' ' + defaultName
+          : defaultName;
+        trans.setDefaultName(defaultName);
+        trans.type = 'graphql';
+      }
+
+      const spanRunContext = ins.currRunContext().enterSpan(span);
+      const p = ins.withRunContext(spanRunContext, orig, this, ...arguments);
+      if (typeof p.then === 'function') {
+        p.then(function () {
+          span.end();
+        });
+      } else {
+        span.end();
+      }
+      return p;
+    };
+  }
+
+  function extractDetails(document, operationName) {
+    var queries = [];
+    var operation;
+
+    if (document && Array.isArray(document.definitions)) {
+      document.definitions.some(function (definition) {
+        if (
+          !definition ||
+          definition.kind !== graphql.Kind.OPERATION_DEFINITION
+        )
+          return false;
+        if (!operationName && operation) return false;
+        if (
+          !operationName ||
+          (definition.name && definition.name.value === operationName)
+        ) {
+          operation = definition;
+          return true;
+        }
+        return false;
+      });
+
+      var selections =
+        operation &&
+        operation.selectionSet &&
+        operation.selectionSet.selections;
+      if (selections && Array.isArray(selections)) {
+        for (const selection of selections) {
+          const kind = selection.name && selection.name.kind;
+          if (kind === graphql.Kind.NAME) {
+            const queryName = selection.name.value;
+            if (queryName) queries.push(queryName);
+          }
+        }
+
+        queries = queries.sort(function (a, b) {
+          if (a > b) return 1;
+          else if (a < b) return -1;
+          return 0;
+        });
+      }
+    } else {
+      agent.logger.debug(
+        'unexpected document format - skipping graphql query extraction',
+      );
+    }
+
+    return { queries, operation };
+  }
+};

package/lib/instrumentation/modules/handlebars.js

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+var shimmer = require('../shimmer');
+var templateShared = require('../template-shared');
+
+module.exports = function (handlebars, agent, { enabled }) {
+  if (!enabled) return handlebars;
+  agent.logger.debug('shimming handlebars.compile');
+  shimmer.wrap(
+    handlebars,
+    'compile',
+    templateShared.wrapCompile(agent, 'handlebars'),
+  );
+
+  return handlebars;
+};

package/lib/instrumentation/modules/http.js

@@ -0,0 +1,112 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+var httpShared = require('../http-shared');
+var shimmer = require('../shimmer');
+
+function getSafeHeaders(res) {
+  return res.getHeaders ? res.getHeaders() : res._headers;
+}
+
+module.exports = function (modExports, agent, { enabled, isImportMod }) {
+  if (agent._conf.instrumentIncomingHTTPRequests) {
+    agent.logger.debug('shimming http.Server.prototype.emit function');
+    shimmer.wrap(
+      modExports && modExports.Server && modExports.Server.prototype,
+      'emit',
+      httpShared.instrumentRequest(agent, 'http'),
+    );
+
+    agent.logger.debug(
+      'shimming http.ServerResponse.prototype.writeHead function',
+    );
+    shimmer.wrap(
+      modExports &&
+        modExports.ServerResponse &&
+        modExports.ServerResponse.prototype,
+      'writeHead',
+      wrapWriteHead,
+    );
+  }
+
+  if (!enabled) {
+    return modExports;
+  }
+
+  agent.logger.debug('shimming http.request function');
+  let wrapped = shimmer.wrap(
+    modExports,
+    'request',
+    httpShared.traceOutgoingRequest(agent, 'http', 'request'),
+  );
+  if (isImportMod && wrapped) {
+    // With IITM and `import` the above shimmer.wrap handles this usage:
+    //    import { request } from 'http'
+    // To handle this usage:
+    //    import http from 'http'
+    // we need to wrap `modExports.default.request` as well.
+    //
+    // Note that IITM gives us a Proxy *without* a getter, so
+    // `modExports.request !== wrapped`, even though we just set it.
+    modExports.default.request = wrapped;
+  }
+
+  agent.logger.debug('shimming http.get function');
+  wrapped = shimmer.wrap(
+    modExports,
+    'get',
+    httpShared.traceOutgoingRequest(agent, 'http', 'get'),
+  );
+  if (isImportMod && wrapped) {
+    modExports.default.get = wrapped;
+  }
+
+  return modExports;
+
+  function wrapWriteHead(original) {
+    return function wrappedWriteHead() {
+      var headers =
+        arguments.length === 1
+          ? getSafeHeaders(this) // might be because of implicit headers.
+          : arguments[arguments.length - 1];
+
+      var result = original.apply(this, arguments);
+
+      var trans = httpShared.transactionForResponse.get(this);
+      if (trans) {
+        httpShared.transactionForResponse.delete(this);
+
+        // It shouldn't be possible for the statusCode to be falsy, but just in
+        // case we're in a bad state we should avoid throwing
+        trans.result = 'HTTP ' + (this.statusCode || '').toString()[0] + 'xx';
+        trans._setOutcomeFromHttpStatusCode(this.statusCode);
+
+        // End transacton early in case of SSE
+        if (headers && typeof headers === 'object' && !Array.isArray(headers)) {
+          Object.keys(headers).some(function (key) {
+            if (key.toLowerCase() !== 'content-type') return false;
+            if (
+              String(headers[key])
+                .toLowerCase()
+                .indexOf('text/event-stream') !== 0
+            )
+              return false;
+            agent.logger.debug(
+              'detected SSE response - ending transaction %o',
+              { id: trans.id },
+            );
+            agent.endTransaction();
+            return true;
+          });
+        }
+      }
+
+      return result;
+    };
+  }
+};

package/lib/instrumentation/modules/http2.js

@@ -0,0 +1,320 @@
+/*
+ * Copyright Elasticsearch B.V. and other contributors where applicable.
+ * Licensed under the BSD 2-Clause License; you may not use this file except in
+ * compliance with the BSD 2-Clause License.
+ */
+
+'use strict';
+
+var eos = require('end-of-stream');
+
+var shimmer = require('../shimmer');
+var symbols = require('../../symbols');
+var { parseUrl } = require('../../parsers');
+var { getHTTPDestination } = require('../context');
+
+// Return true iff this is an HTTP 1.0 or 1.1 request.
+//
+// @param {http2.Http2ServerRequest} req
+function reqIsHTTP1(req) {
+  return (
+    req &&
+    typeof req.httpVersion === 'string' &&
+    req.httpVersion.startsWith('1.')
+  );
+}
+
+module.exports = function (http2, agent, { enabled }) {
+  if (agent._conf.instrumentIncomingHTTPRequests) {
+    agent.logger.debug('shimming http2.createServer function');
+    shimmer.wrap(http2, 'createServer', wrapCreateServer);
+    shimmer.wrap(http2, 'createSecureServer', wrapCreateServer);
+  }
+
+  if (!enabled) return http2;
+  var ins = agent._instrumentation;
+  agent.logger.debug('shimming http2.connect function');
+  shimmer.wrap(http2, 'connect', wrapConnect);
+
+  return http2;
+
+  // The `createServer` function will unpatch itself after patching
+  // the first server prototype it patches.
+  function wrapCreateServer(original) {
+    return function wrappedCreateServer(options, handler) {
+      var server = original.apply(this, arguments);
+      shimmer.wrap(server.constructor.prototype, 'emit', wrapEmit);
+      wrappedCreateServer[symbols.unwrap]();
+      return server;
+    };
+  }
+
+  function wrapEmit(original) {
+    var patched = false;
+    return function wrappedEmit(event, stream, headers) {
+      if (event === 'stream') {
+        if (!patched) {
+          patched = true;
+          var proto = stream.constructor.prototype;
+          shimmer.wrap(proto, 'pushStream', wrapPushStream);
+          shimmer.wrap(proto, 'respondWithFile', wrapRespondWith);
+          shimmer.wrap(proto, 'respondWithFD', wrapRespondWith);
+          shimmer.wrap(proto, 'respond', wrapHeaders);
+          shimmer.wrap(proto, 'end', wrapEnd);
+        }
+
+        agent.logger.debug(
+          'intercepted stream event call to http2.Server.prototype.emit',
+        );
+
+        const traceparent =
+          headers.traceparent || headers['elastic-apm-traceparent'];
+        const tracestate = headers.tracestate;
+        const trans = agent.startTransaction(null, 'request', {
+          childOf: traceparent,
+          tracestate,
+        });
+        // `trans.req` and `trans.res` are fake representations of Node.js's
+        // core `http.IncomingMessage` and `http.ServerResponse` objects,
+        // sufficient for `parsers.getContextFromRequest()` and
+        // `parsers.getContextFromResponse()`, respectively.
+        // `remoteAddress` is fetched now, rather than at stream end, because
+        // this `stream.session.socket` is a proxy object that can throw
+        // `ERR_HTTP2_SOCKET_UNBOUND` if the Http2Session has been destroyed.
+        trans.req = {
+          headers,
+          socket: {
+            remoteAddress: stream.session.socket.remoteAddress,
+          },
+          method: headers[':method'],
+          url: headers[':path'],
+          httpVersion: '2.0',
+        };
+        trans.res = {
+          statusCode: 200,
+          headersSent: false,
+          finished: false,
+          headers: null,
+        };
+        ins.bindEmitter(stream);
+
+        eos(stream, function () {
+          trans.end();
+        });
+      } else if (event === 'request' && reqIsHTTP1(stream)) {
+        // http2.createSecureServer() supports a `allowHTTP1: true` option.
+        // When true, an incoming client request that supports HTTP/1.x but not
+        // HTTP/2 will be allowed. It will result in a 'request' event being
+        // emitted. We wrap that here.
+        //
+        // Note that, a HTTP/2 request results in a 'stream' event (wrapped
+        // above) *and* a 'request' event. We do not want to wrap the
+        // compatibility 'request' event in this case. Hence the `reqIsHTTP1`
+        // guard.
+        const req = stream;
+        const res = headers;
+
+        agent.logger.debug(
+          'intercepted request event call to http2.Server.prototype.emit for %s',
+          req.url,
+        );
+
+        const traceparent =
+          req.headers.traceparent || req.headers['elastic-apm-traceparent'];
+        const tracestate = req.headers.tracestate;
+        const trans = agent.startTransaction(null, null, {
+          childOf: traceparent,
+          tracestate,
+        });
+        trans.type = 'request';
+        trans.req = req;
+        trans.res = res;
+
+        ins.bindEmitter(req);
+        ins.bindEmitter(res);
+
+        eos(res, function (err) {
+          if (trans.ended) return;
+          if (!err) {
+            trans.end();
+            return;
+          }
+
+          if (agent._conf.errorOnAbortedRequests) {
+            var duration = trans._timer.elapsed();
+            if (duration > agent._conf.abortedErrorThreshold * 1000) {
+              agent.captureError(
+                'Socket closed with active HTTP request (>' +
+                  agent._conf.abortedErrorThreshold +
+                  ' sec)',
+                {
+                  request: req,
+                  extra: { abortTime: duration },
+                },
+              );
+            }
+          }
+
+          // Handle case where res.end is called after an error occurred on the
+          // stream (e.g. if the underlying socket was prematurely closed)
+          const end = res.end;
+          res.end = function () {
+            const result = end.apply(this, arguments);
+            trans.end();
+            return result;
+          };
+        });
+      }
+
+      return original.apply(this, arguments);
+    };
+  }
+
+  function updateHeaders(headers) {
+    var trans = agent._instrumentation.currTransaction();
+    if (trans && !trans.ended) {
+      var status = headers[':status'] || 200;
+      trans.result = 'HTTP ' + status.toString()[0] + 'xx';
+      trans.res.statusCode = status;
+      trans._setOutcomeFromHttpStatusCode(status);
+      trans.res.headers = mergeHeaders(trans.res.headers, headers);
+      trans.res.headersSent = true;
+    }
+  }
+
+  function wrapHeaders(original) {
+    return function (headers) {
+      updateHeaders(headers);
+      return original.apply(this, arguments);
+    };
+  }
+
+  function wrapRespondWith(original) {
+    return function (_, headers) {
+      updateHeaders(headers);
+      return original.apply(this, arguments);
+    };
+  }
+
+  function wrapEnd(original) {
+    return function (headers) {
+      var trans = agent._instrumentation.currTransaction();
+      // `trans.res` might be removed, because before
+      // https://github.com/nodejs/node/pull/20084 (e.g. in node v10.0.0) the
+      // 'end' event could be called multiple times for the same Http2Stream,
+      // and the `trans.res` ref is removed when the Transaction is ended.
+      if (trans && trans.res) {
+        trans.res.finished = true;
+      }
+      return original.apply(this, arguments);
+    };
+  }
+
+  function wrapPushStream(original) {
+    return function wrappedPushStream(...args) {
+      // Note: Break the run context so that the wrapped `stream.respond` et al
+      // for this pushStream do not overwrite outer transaction state.
+      var callback = args.pop();
+      args.push(agent._instrumentation.bindFunctionToEmptyRunContext(callback));
+      return original.apply(this, args);
+    };
+  }
+
+  function mergeHeaders(source, target) {
+    if (source === null) return target;
+    var result = Object.assign({}, target);
+    var keys = Object.keys(source);
+    for (let i = 0; i < keys.length; i++) {
+      var key = keys[i];
+      if (typeof target[key] === 'undefined') {
+        result[key] = source[key];
+      } else if (Array.isArray(target[key])) {
+        result[key].push(source[key]);
+      } else {
+        result[key] = [source[key]].concat(target[key]);
+      }
+    }
+    return result;
+  }
+
+  function wrapConnect(orig) {
+    return function (host) {
+      const ret = orig.apply(this, arguments);
+      shimmer.wrap(ret, 'request', (orig) => wrapRequest(orig, host));
+      return ret;
+    };
+  }
+
+  function wrapRequest(orig, host) {
+    return function (headers) {
+      agent.logger.debug('intercepted call to http2.request');
+      var method = headers[':method'] || 'GET';
+      const span = ins.createSpan(null, 'external', 'http', method, {
+        exitSpan: true,
+      });
+
+      const parentRunContext = ins.currRunContext();
+      var parent =
+        span ||
+        parentRunContext.currSpan() ||
+        parentRunContext.currTransaction();
+      if (parent) {
+        const newHeaders = Object.assign({}, headers);
+        parent.propagateTraceContextHeaders(
+          newHeaders,
+          function (carrier, name, value) {
+            carrier[name] = value;
+          },
+        );
+        arguments[0] = newHeaders;
+      }
+      if (!span) {
+        return orig.apply(this, arguments);
+      }
+
+      const spanRunContext = parentRunContext.enterSpan(span);
+      var req = ins.withRunContext(spanRunContext, orig, this, ...arguments);
+
+      ins.bindEmitterToRunContext(parentRunContext, req);
+
+      var urlObj = parseUrl(headers[':path']);
+      var path = urlObj.pathname;
+      var url = host + path;
+      span.name = method + ' ' + host;
+
+      var statusCode;
+      req.on('response', (headers) => {
+        statusCode = headers[':status'];
+      });
+
+      req.on('end', () => {
+        agent.logger.debug('intercepted http2 client end event');
+
+        span.setHttpContext({
+          method,
+          status_code: statusCode,
+          url,
+        });
+        span._setOutcomeFromHttpStatusCode(statusCode);
+
+        // The `getHTTPDestination` function might throw in case an
+        // invalid URL is given to the `URL()` function. Until we can
+        // be 100% sure this doesn't happen, we better catch it here.
+        // For details, see:
+        // https://github.com/elastic/apm-agent-nodejs/issues/1769
+        try {
+          span._setDestinationContext(getHTTPDestination(url));
+        } catch (e) {
+          agent.logger.error(
+            'Could not set destination context: %s',
+            e.message,
+          );
+        }
+
+        span.end();
+      });
+
+      return req;
+    };
+  }
+};