Restructure library

AikidoSec · Feb 14, 2024 · 2a0ae10 · 2a0ae10
1 parent 8c26669
commit 2a0ae10
Show file tree

Hide file tree

Showing 19 changed files with 126 additions and 161 deletions.
diff --git a/README.md b/README.md
@@ -118,10 +118,14 @@ We believe that there are legitimate cases of prototype changes, but they should
 ```js
 import { protect, preventPrototypePollution } from '@aikidosec/guard';
 
+// Before main imports
 protect();
 
 import express from 'express';
 
+// After main imports
+preventPrototypePollution();
+
 const app = express();
 
 app.get("/", (req, res) => {
@@ -130,9 +134,6 @@ app.get("/", (req, res) => {
 
 app.listen(3000, () => {
   console.log("Server is running on port 3000");
-
-  // Your app is initialized, now it's time to prevent prototype pollution
-  preventPrototypePollution();
 });
 ```
 

diff --git a/benchmarks/express-mongodb/withGuard.js b/benchmarks/express-mongodb/withGuard.js
@@ -1,9 +1,8 @@
-const { protect, preventPrototypePollution } = require("@aikidosec/guard");
+const { protect } = require("@aikidosec/guard");
 
 protect();
 
 require("./createApp")(4000).then(() => {
-  preventPrototypePollution();
   console.log("Listening on port 4000");
   console.log("Secured with @aikidosec/guard!");
 });
diff --git a/library/package.json b/library/package.json
@@ -50,9 +50,5 @@
     "require-in-the-middle": "^7.2.0",
     "shimmer": "^1.2.1",
     "ulid": "^2.3.0"
-  },
-  "optionalDependencies": {
-    "express": "^4.0.0",
-    "mongodb": "^4.0.0 || ^5.0.0 || ^6.0.0"
   }
 }
diff --git a/library/src/agent/API.test.ts b/library/src/agent/API.test.ts
@@ -36,6 +36,7 @@ function generateAttackEvent(): Event {
         name: "os",
         version: "version",
       },
+      serverless: false,
     },
   };
 }
@@ -85,6 +86,7 @@ function generateStartedEvent(): Event {
         name: "os",
         version: "version",
       },
+      serverless: false,
     },
   };
 }
@@ -131,6 +133,7 @@ function generateHeartbeatEvent(): Event {
         name: "os",
         version: "version",
       },
+      serverless: false,
     },
   };
 }

diff --git a/library/src/agent/API.ts b/library/src/agent/API.ts
@@ -31,6 +31,7 @@ export type AgentInfo = {
     version: string;
   };
   nodeEnv: string;
+  serverless: boolean;
 };
 
 type Started = {
@@ -44,7 +45,7 @@ export type Kind = "nosql_injection";
 type DetectedAttack = {
   type: "detected_attack";
   request: {
-    method: string;
+    method: string | undefined;
     ipAddress: string | undefined;
     userAgent: string | undefined;
     url: string | undefined;

diff --git a/library/src/agent/Agent.test.ts b/library/src/agent/Agent.test.ts
@@ -6,7 +6,7 @@ import { IDGeneratorFixed } from "./IDGenerator";
 import { LoggerNoop } from "./Logger";
 import { address } from "ip";
 
-t.test("it sends install event once", async (t) => {
+t.test("it sends started event", async (t) => {
   const logger = new LoggerNoop();
   const api = new APIForTesting();
   const token = new Token("123");
@@ -15,13 +15,14 @@ t.test("it sends install event once", async (t) => {
     logger,
     api,
     token,
-    [],
     new IDGeneratorFixed("id"),
-    false
+    false,
+    {
+      mongodb: "1.0.0",
+    }
   );
   agent.start();
 
-  await new Promise((resolve) => setImmediate(resolve));
   t.match(api.getEvents(), [
     {
       type: "started",
@@ -31,29 +32,9 @@ t.test("it sends install event once", async (t) => {
         hostname: hostname(),
         version: "1.0.0",
         ipAddress: address(),
-        packages: {},
-        preventedPrototypePollution: false,
-        nodeEnv: "",
-        os: {
-          name: platform(),
-          version: release(),
+        packages: {
+          mongodb: "1.0.0",
         },
-      },
-    },
-  ]);
-
-  agent.start();
-  await new Promise((resolve) => setImmediate(resolve));
-  t.match(api.getEvents(), [
-    {
-      type: "started",
-      agent: {
-        id: "id",
-        dryMode: false,
-        hostname: hostname(),
-        version: "1.0.0",
-        ipAddress: address(),
-        packages: {},
         preventedPrototypePollution: false,
         nodeEnv: "",
         os: {
@@ -64,7 +45,6 @@ t.test("it sends install event once", async (t) => {
     },
   ]);
 
-  // Stop setInterval from heartbeat
   agent.stop();
 });
 
@@ -77,17 +57,19 @@ t.test("when prevent prototype pollution is enabled", async (t) => {
     logger,
     api,
     token,
-    [],
     new IDGeneratorFixed("id"),
-    false
+    true,
+    {}
   );
-  agent.start();
-  // @ts-expect-error Private property
-  t.same(agent.info.preventedPrototypePollution, false);
   agent.onPrototypePollutionPrevented();
-  // @ts-expect-error Private property
-  t.same(agent.info.preventedPrototypePollution, true);
-  agent.stop();
+  agent.start();
+  t.match(api.getEvents(), [
+    {
+      agent: {
+        preventedPrototypePollution: true,
+      },
+    },
+  ]);
 });
 
 t.test("it does not start interval in serverless mode", async () => {
@@ -99,9 +81,9 @@ t.test("it does not start interval in serverless mode", async () => {
     logger,
     api,
     token,
-    [],
     new IDGeneratorFixed("id"),
-    true
+    true,
+    {}
   );
 
   // This would otherwise keep the process running
@@ -117,9 +99,9 @@ t.test("it keeps track of stats", async () => {
     logger,
     api,
     token,
-    [],
     new IDGeneratorFixed("id"),
-    true
+    true,
+    {}
   );
 
   agent.start();
@@ -181,9 +163,9 @@ t.test("it keeps tracks of stats in dry mode", async () => {
     logger,
     api,
     token,
-    [],
     new IDGeneratorFixed("id"),
-    true
+    true,
+    {}
   );
 
   agent.start();