@hclsoftware/secagent/src/Hooks/RequireDelegator.js

IAST agent

//IASTIGNORE

/*
 * ****************************************************
 * Licensed Materials - Property of HCL.
 * (c) Copyright HCL Technologies Ltd. 2017, 2025.
 * Note to U.S. Government Users *Restricted Rights.
 * ****************************************************
 */


'use strict'
const Module = require('module')

const IastLogger = require('../Logger/IastLogger')
const hookParser = require('./HookParser')
const ComponentDiscovery = require('../ComponentDiscovery')
const expressHooks = require('./ExpressHooks')
const Globals = require("../Globals");

const originalRequire = Module.prototype.require;

const requireCache = new Set()
module.exports.expressVersion = ""

Module.prototype.require = function () {
  arguments[0] = arguments[0].toString()
  const modulePath = Module._resolveFilename(arguments[0], this)
  ComponentDiscovery.reportLibraryData(modulePath)

  const origModule = originalRequire.apply(this, arguments)
  if (Globals.ScaProductionMode) {
    return origModule
  }
  const path = this.path == null ? this.filename == null ? this.id :
      this.filename.substring(0, this.filename.lastIndexOf("/")) : this.path
  const filename = `${path} ${arguments[0]}` // based more or less on the algorithm used by loader.js
  //console.log('require module name: ' + filename)
  if (!requireCache.has(filename)) {
    if (arguments[0] === 'express') {
      // require 'express' returns a function that returns an app
      // Proxy for functions trap the function call
      // in our case, we call the original function, get the returned app, and add a middleware before we return it
      IastLogger.eventLog.info('working on express require()')
      return new Proxy(origModule, expressHooks.expressHooksHandler)
    } else {
      hookParser.setRequireHook(origModule, arguments[0])
    }
    requireCache.add(filename)
  } //else {
    //console.log('skipping module name: ' + filename)
  //}


  return origModule
}