Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance cross-platform development support #395

Closed
wants to merge 14 commits into from
Closed
Show file tree
Hide file tree
Changes from 9 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,12 @@ Enhancement suggestions are tracked as [GitHub issues](https://github.com/Aikido
### Your First Code Contribution

- clone the repository to your local machine
- run `$ make install` to install dependencies
- run `$ make build` to build the library
- run `$ make watch` to watch for changes and rebuild the library
- run `$ make test` to run tests using tap
- run `$ make end2end` to run end-to-end tests using tap
- run `$ make lint` to run ESLint
- run `$ npm install` to install dependencies
- run `$ npm run build` to build the library
- run `$ npm run watch` to watch for changes and rebuild the library
- run `$ npm run test` to run tests using tap
- run `$ npm run end2end` to run end-to-end tests using tap
- run `$ npm run lint` to run ESLint

## Styleguides

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/benchmark.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
push: {}
workflow_call: {}
jobs:
build:
benchmark:
runs-on: ubuntu-latest
services:
mongodb:
Expand Down Expand Up @@ -33,8 +33,8 @@ jobs:
node-version: ${{ matrix.node-version }}
- name: Install K6
uses: grafana/setup-k6-action@v1
- run: make install
- run: make build
- run: npm install
- run: npm run build
- name: Run NoSQL Injection Benchmark
run: cd benchmarks/nosql-injection && AIKIDO_CI=true node --preserve-symlinks benchmark.js
- name: Run SQL Injection Benchmark
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build-and-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,13 @@ jobs:
node-version: "18.x"
registry-url: "https://registry.npmjs.org"
scope: "@aikidosec"
- run: make install
- run: npm install
- name: Get the version
id: get_version
run: echo ::set-output name=tag::${GITHUB_REF/refs\/tags\//}
- run: cd library && npm --no-git-tag-version version ${{ steps.get_version.outputs.tag }}
- run: make build
- run: make lint
- run: npm run build
- run: npm run lint
- run: cd build && npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
8 changes: 4 additions & 4 deletions .github/workflows/end-to-end-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
push: {}
workflow_call: {}
jobs:
build:
e2etest:
runs-on: ubuntu-latest
services:
mongodb:
Expand Down Expand Up @@ -45,6 +45,6 @@ jobs:
- name: Build and run server
run: |
cd end2end/server && docker build -t server . && docker run -d -p 5874:3000 server
- run: make install
- run: make build
- run: make end2end
- run: npm install
- run: npm run build
- run: npm run end2end
6 changes: 3 additions & 3 deletions .github/workflows/lint-code.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Lint code
on: push
jobs:
build:
lint:
runs-on: ubuntu-latest
strategy:
matrix:
Expand All @@ -12,5 +12,5 @@ jobs:
uses: actions/setup-node@v2
with:
node-version: ${{ matrix.node-version }}
- run: make install
- run: make lint
- run: npm install
- run: npm run lint
25 changes: 25 additions & 0 deletions .github/workflows/unit-test-windows.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Unit tests Windows
on:
push: {}
workflow_call: {}
jobs:
test-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
- name: Add local.aikido.io to hosts file
run: |
Add-Content -Path "C:\Windows\System32\drivers\etc\hosts" -Value "127.0.0.1 local.aikido.io"
- run: npm install
- run: npm run test:ci
- name: "Upload coverage"
uses: codecov/codecov-action@v4.0.1
with:
file: ./library/.tap/report/lcov.info
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
slug: AikidoSec/firewall-node
8 changes: 4 additions & 4 deletions .github/workflows/unit-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
push: {}
workflow_call: {}
jobs:
build:
test:
runs-on: ubuntu-latest
services:
s3:
Expand Down Expand Up @@ -42,14 +42,14 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Add local.aikido.io to /etc/hosts
run: |
sudo echo "127.0.0.1 local.aikido.io" | sudo tee -a /etc/hosts
- run: make install
- run: make test-ci
- run: npm install
- run: npm run test:ci
- name: "Upload coverage"
uses: codecov/codecov-action@v4.0.1
with:
Expand Down
5 changes: 5 additions & 0 deletions .prettierignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Ignore generated files
.tap
.next
build
dist
32 changes: 8 additions & 24 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.PHONY: containers
containers:
cd sample-apps && docker-compose up -d --remove-orphans
npm run containers

.PHONY: express-mongodb
express-mongodb:
Expand Down Expand Up @@ -64,47 +64,31 @@ nestjs-sentry:

.PHONY: install
install:
mkdir -p build
node scripts/copyPackageJSON.js
touch build/index.js
cd build && npm link
npm install
cd library && npm install
cd end2end && npm install
node scripts/install.js

.PHONY: build
build:
mkdir -p build
rm -r build
cd library && npm run build
cp README.md build/README.md
cp LICENSE build/LICENSE
cp library/package.json build/package.json
npm run build

.PHONY: watch
watch: build
cd library && npm run build:watch
npm run watch

.PHONY: test
test:
cd library && npm run test
npm run test

.PHONY: test-ci
test-ci:
cd library && npm run test:ci
npm run test:ci

.PHONY: lint
lint:
cd library && npm run lint
npm run lint

.PHONY: end2end
end2end:
cd end2end && npm run test
npm run end2end

benchmark: build
cd benchmarks/nosql-injection && AIKIDO_CI=true node --preserve-symlinks benchmark.js
cd benchmarks/shell-injection && node --preserve-symlinks benchmark.js
cd benchmarks/sql-injection && node --preserve-symlinks benchmark.js
cd benchmarks/hono-pg && node --preserve-symlinks benchmark.js
cd benchmarks/api-discovery && node --preserve-symlinks benchmark.js
npm run benchmark
2 changes: 1 addition & 1 deletion end2end/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@
"tap": "^18.7.0"
},
"scripts": {
"test": "AIKIDO_CI=true tap tests/*.js --allow-empty-coverage -j 1"
"test": "node run.js"
}
}
9 changes: 9 additions & 0 deletions end2end/run.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
const { execSync } = require("child_process");

// Command to run
const command = "tap tests/*.js --allow-empty-coverage -j 1";

execSync(command, {
stdio: "inherit",
env: { ...process.env, AIKIDO_CI: "true" },
});
102 changes: 56 additions & 46 deletions library/agent/applyHooks.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import { Context, runWithContext } from "./Context";
import { Hooks } from "./hooks/Hooks";
import { LoggerForTesting } from "./logger/LoggerForTesting";
import { isWindows } from "../helpers/isWindows";

const context: Context = {
remoteAddress: "::1",
Expand Down Expand Up @@ -123,58 +124,67 @@
return msg;
}

t.test("it adds try/catch around the wrapped method", async (t) => {
const hooks = new Hooks();
const connection = hooks
.addPackage("mysql2")
.withVersion("^3.0.0")
.addSubject((exports) => exports.Connection.prototype);
connection.inspect("query", () => {
throw new Error("THIS SHOULD BE CATCHED");
});
connection.modifyArguments("execute", () => {
throw new Error("THIS SHOULD BE CATCHED");
});
connection.inspectResult("execute", () => {
throw new Error("THIS SHOULD BE CATCHED");
});
t.test(
"it adds try/catch around the wrapped method",
{
skip:
isWindows && process.env.CI
? "CI on Windows does not support containers"
: false,
},
async (t) => {
const hooks = new Hooks();
const connection = hooks
.addPackage("mysql2")
.withVersion("^3.0.0")
.addSubject((exports) => exports.Connection.prototype);
connection.inspect("query", () => {
throw new Error("THIS SHOULD BE CATCHED");
});
connection.modifyArguments("execute", () => {
throw new Error("THIS SHOULD BE CATCHED");
});
connection.inspectResult("execute", () => {
throw new Error("THIS SHOULD BE CATCHED");
});

const { agent, logger } = createAgent();
t.same(applyHooks(hooks, agent), {
mysql2: {
version: "3.11.0",
supported: true,
},
});
const { agent, logger } = createAgent();
t.same(applyHooks(hooks, agent), {
mysql2: {
version: "3.11.0",
supported: true,
},
});

const mysql = require("mysql2/promise");
const actualConnection = await mysql.createConnection({
host: "localhost",
user: "root",
password: "mypassword",
database: "catsdb",
port: 27015,
multipleStatements: true,
});
const mysql = require("mysql2/promise");
const actualConnection = await mysql.createConnection({
host: "localhost",
user: "root",
Dismissed Show dismissed Hide dismissed
password: "mypassword",
database: "catsdb",
port: 27015,
multipleStatements: true,
});

const [queryRows] = await runWithContext(context, () =>
actualConnection.query("SELECT 1 as number")
);
t.same(queryRows, [{ number: 1 }]);
const [queryRows] = await runWithContext(context, () =>
actualConnection.query("SELECT 1 as number")
);
t.same(queryRows, [{ number: 1 }]);

const [executeRows] = await runWithContext(context, () =>
actualConnection.execute("SELECT 1 as number")
);
t.same(executeRows, [{ number: 1 }]);
const [executeRows] = await runWithContext(context, () =>
actualConnection.execute("SELECT 1 as number")
);
t.same(executeRows, [{ number: 1 }]);

t.same(logger.getMessages().map(removeStackTraceErrorMessage), [
'Internal error in module "mysql2" in method "query"',
'Internal error in module "mysql2" in method "execute"',
'Internal error in module "mysql2" in method "execute"',
]);
t.same(logger.getMessages().map(removeStackTraceErrorMessage), [
'Internal error in module "mysql2" in method "query"',
'Internal error in module "mysql2" in method "execute"',
'Internal error in module "mysql2" in method "execute"',
]);

await actualConnection.end();
});
await actualConnection.end();
}
);

t.test("it hooks into dns module", async (t) => {
const seenDomains: string[] = [];
Expand Down
5 changes: 3 additions & 2 deletions library/agent/applyHooks.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
/* eslint-disable max-lines-per-function */
import { join, resolve } from "path";
import { resolve } from "path";
import { join as posixJoin } from "path/posix";
import { cleanupStackTrace } from "../helpers/cleanupStackTrace";
import { wrap } from "../helpers/wrap";
import { getPackageVersion } from "../helpers/getPackageVersion";
Expand Down Expand Up @@ -111,7 +112,7 @@ export function applyHooks(hooks: Hooks, agent: Agent) {
function wrapFiles(pkg: Package, files: WrappableFile[], agent: Agent) {
files.forEach((file) => {
try {
const exports = require(join(pkg.getName(), file.getRelativePath()));
const exports = require(posixJoin(pkg.getName(), file.getRelativePath()));

file
.getSubjects()
Expand Down
1 change: 1 addition & 0 deletions library/helpers/isWindows.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
export const isWindows = process.platform === "win32";
2 changes: 1 addition & 1 deletion library/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@
},
"scripts": {
"test": "node ../scripts/run-tap.js",
"test:ci": "CI=true node ../scripts/run-tap.js",
"test:ci": "node ../scripts/run-tap.js --ci",
"build": "tsc",
"build:watch": "tsc --watch",
"lint": "npm run lint-eslint && npm run lint-tsc",
Expand Down
Loading
Loading