UNPKG

@newrelic/security-agent

Version:

New Relic Security Agent for Node.js

github.com/newrelic/csec-node-agent

newrelic/csec-node-agent

129 lines (119 loc) 3.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/* * Copyright 2023 New Relic Corporation. All rights reserved. * SPDX-License-Identifier: New Relic Software License v1.0 */ const requestMap = new Map(); const API = require("../../nr-security-api"); const NRAgent = API.getNRAgent(); const logger = API.getLogger(); const regexPatterns = NRAgent && NRAgent.config.security.exclude_from_iast_scan.api /** * Utility to get request by transaction Id * @param {*} id * @returns */ function getRequestFromId(id) { return requestMap.get(id); } /** * Utility function to set request data corresponding to transacation Id * @param {*} id * @param {*} requestData */ function setRequest(id, requestData) { requestMap.set(id, requestData); try { const stringToMatch = requestData.url; // const filteredString = stringToMatch.split('?')[0]; const filteredString = stringToMatch; let isRegexMatchestoURL = false; for (let index = 0; index < regexPatterns.length; index++) { const regex = new RegExp(regexPatterns[index], 'gm'); const matchResult = filteredString.match(regex); if (matchResult && matchResult.length > 0) { const data = matchResult[0]; if (filteredString === data) { isRegexMatchestoURL = true; } } } if (isRegexMatchestoURL) { requestMap.delete(id); if (API.getSecAgent().status.getStatus() !== 'disabled') { logger.debug("Excluding URL %s from IAST processing due to ignore API setting", filteredString); } } } catch (error) { logger.debug("Error while processing API regex for restriction", error); } } /** * Utility to get request using shim * @param {*} shim * @returns */ function getRequest(shim) { const transaction = shim.tracer.getTransaction(); if (transaction) { const transactionId = transaction.id; return getRequestFromId(transactionId); } else if (shim.agent.getLinkingMetadata()) { let linkingMetadata = shim.agent.getLinkingMetadata(); if (linkingMetadata['trace.id']) { let traceId = linkingMetadata['trace.id']; return getRequestFromId(traceId); } } } /** * Utility to update request body * @param {*} shim * @param {*} data */ function updateRequestBody(shim, data, isTruncated) { const transaction = shim.tracer.getTransaction(); if (transaction) { const transactionId = transaction.id; const requestData = getRequestFromId(transactionId); if (requestData) { requestData.body = data; requestData.dataTruncated = isTruncated; setRequest(transactionId, requestData); } } if (shim.agent.getLinkingMetadata()) { let linkingMetadata = shim.agent.getLinkingMetadata(); if (linkingMetadata['trace.id']) { let traceId = linkingMetadata['trace.id']; const requestData = getRequestFromId(traceId); if (requestData) { requestData.body = data; requestData.dataTruncated = isTruncated; setRequest(traceId, requestData) } } } } /** * Utility to clear data based on transaction Id * @param {*} transactionId */ function gcRequestMap(transaction) { let transactionId = transaction.id; let traceId = transaction._traceId; if (requestMap.has(transactionId)) { requestMap.delete(transactionId); } if (requestMap.has(traceId)) { requestMap.delete(traceId); } } module.exports = { getRequestFromId, getRequest, setRequest, updateRequestBody, gcRequestMap, requestMap }