UNPKG

newrelic

Version:

New Relic agent

github.com/newrelic/node-newrelic

newrelic/node-newrelic

111 lines (90 loc) 3.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/* * Copyright 2020 New Relic Corporation. All rights reserved. * SPDX-License-Identifier: Apache-2.0 */ 'use strict' module.exports = obfuscate // All eslint rules in this file that have a comment description of // "¶¶¶" have been determined safe enough for our use cases. These lint rules // are complaining about catastrophic backtracking being possible. While this // may be true, our only other alternative is to write a character by character // analyzer, like the .NET Agent uses, in order to obfuscate SQL statements. // We have opted against that for the follow reasons: // // 1. We have not encountered a case where these expressions have led to // the possible backtracking failure. // 2. Any character-by-character parser is very likely going to be much slower. // 3. If we did use a character-by-character parser, we would need to be sure // to handle multibyte characters, e.g. // `insert into foo (col1) values('sensitive 🍍')` // That statement has ASCII that would be well-supported in a naive // implementation, along with a UTF-8 character that could be mishandled if // not accounted for. // eslint-disable-next-line sonarjs/slow-regex -- ¶¶¶ const singleQuote = /'(?:''|[^'])*?(?:\\'.*|'(?!'))/ // eslint-disable-next-line sonarjs/slow-regex -- ¶¶¶ const doubleQuote = /"(?:[^"]|"")*?(?:\\".*|"(?!"))/ const dollarQuote = /(\$(?!\d)[^$]*?\$).*?(?:\1|$)/ const oracleQuote = /q'\[.*?(?:\]'|$)|q'\{.*?(?:\}'|$)|q'<.*?(?:>'|$)|q'\(.*?(?:\)'|$)/ // eslint-disable-next-line sonarjs/slow-regex -- ¶¶¶ const comment = /(?:#|--).*?(?=\r|\n|$)/ const multilineComment = /\/\*(?:[^/]|\/[^*])*?(?:\*\/|\/\*.*)/ const uuid = /\{?(?:[0-9a-f]-*){32}\}?/ const hex = /0x[0-9a-f]+/ const boolean = /\b(?:true|false|null)\b/ const number = /-?\b(?:\d+\.)?\d+(e[+-]?\d+)?/ const dialects = (obfuscate.dialects = Object.create(null)) dialects.mysql = [ replacer(join([doubleQuote, singleQuote, comment, multilineComment, hex, boolean, number], 'gi')), unmatchedPairs(/'|"|\/\*|\*\//) ] dialects.postgres = [ replacer( join([dollarQuote, singleQuote, comment, multilineComment, uuid, boolean, number], 'gi') ), unmatchedPairs(/'|\/\*|\*\/|\$(?!\?)/) ] dialects.cassandra = [ replacer(join([singleQuote, comment, multilineComment, uuid, hex, boolean, number], 'gi')), unmatchedPairs(/'|\/\*|\*\//) ] dialects.oracle = [ replacer(join([oracleQuote, singleQuote, comment, multilineComment, number], 'gi')), unmatchedPairs(/'|\/\*|\*\//) ] dialects.sqlite = [ replacer(join([singleQuote, comment, multilineComment, hex, boolean, number], 'gi')), unmatchedPairs(/'|\/\*|\*\//) ] dialects.default = dialects.mysql function obfuscate(raw, dialect) { let replacers = dialects[dialect] if (!replacers) { replacers = dialects.default } let obfuscated = raw for (let i = 0, l = replacers.length; i < l; ++i) { obfuscated = replacers[i](obfuscated) } return obfuscated } function join(expressions, flags) { return new RegExp(expressions.map(toPart).join('|'), flags) } function toPart(expressions) { return expressions.toString().slice(1, -1) } function replacer(regex) { function replace(sql) { return sql.replace(regex, '?') } replace.regex = regex return replace } function unmatchedPairs(regex) { function check(sql) { return regex.test(sql) ? '?' : sql } check.regex = regex return check }