Constructor modification for PubSub

+ Fix MySQL2

Author: timokoessler

instrumentation-wasm/src/js_transformer/helpers/insert_code.rs

@@ -3,7 +3,7 @@ use oxc_ast::{
     AstBuilder, NONE,
     ast::{
         Argument, ArrayExpressionElement, AssignmentOperator, AssignmentTarget, Expression,
-        FunctionBody,
+        FunctionBody, Statement,
     },
 };
 use oxc_span::SPAN;
@@ -15,6 +15,7 @@ pub fn insert_inspect_args<'a>(
     identifier: &str,
     pkg_version: &'a str,
     body: &mut Box<'a, FunctionBody<'a>>,
+    is_constructor: bool,
 ) {
     let mut inspect_args: OxcVec<'a, Argument<'a>> = builder.vec_with_capacity(4);
 
@@ -49,7 +50,8 @@ pub fn insert_inspect_args<'a>(
 
     let stmt_expression = builder.statement_expression(SPAN, call_expr);
 
-    body.statements.insert(0, stmt_expression);
+    let insert_pos = get_insert_pos(body, is_constructor);
+    body.statements.insert(insert_pos, stmt_expression);
 }
 
 // Modify the arguments by adding a statement to the beginning of the function
@@ -61,6 +63,7 @@ pub fn insert_modify_args<'a>(
     arg_names: &Vec<String>,
     body: &mut Box<'a, FunctionBody<'a>>,
     modify_arguments_object: bool,
+    is_constructor: bool,
 ) {
     if modify_arguments_object {
         // If we are modifying the arguments object, we need to use the arguments object directly
@@ -129,8 +132,8 @@ pub fn insert_modify_args<'a>(
 
         let stmt_expression = builder.statement_expression(SPAN, obj_assign_call_expr);
 
-        body.statements.insert(0, stmt_expression);
-
+        let insert_pos = get_insert_pos(body, is_constructor);
+        body.statements.insert(insert_pos, stmt_expression);
         return;
     }
 
@@ -199,5 +202,31 @@ pub fn insert_modify_args<'a>(
 
     let stmt_expression = builder.statement_expression(SPAN, arr_assignment_expr);
 
-    body.statements.insert(0, stmt_expression);
+    let insert_pos = get_insert_pos(body, is_constructor);
+    body.statements.insert(insert_pos, stmt_expression);
+}
+
+// Determine the position to insert the code in the function body.
+// If it's a constructor, we look for the first super call and insert after it.
+fn get_insert_pos(body: &FunctionBody, is_constructor: bool) -> usize {
+    if !is_constructor || body.statements.is_empty() {
+        0
+    } else {
+        let mut index = 0;
+        for statement in &body.statements {
+            match statement {
+                Statement::ExpressionStatement(expr_stmt) => {
+                    if let Expression::CallExpression(call_expr) = &expr_stmt.expression {
+                        if let Expression::Super(_) = &call_expr.callee {
+                            // Found a super call, insert after this statement
+                            return index + 1; // Insert after the super call
+                        }
+                    }
+                }
+                _ => {}
+            };
+            index += 1;
+        }
+        0 // No super call found, insert at the beginning
+    }
 }

instrumentation-wasm/src/js_transformer/helpers/insert_instrument_method_calls.rs

@@ -16,6 +16,7 @@ pub fn insert_instrument_method_calls<'a>(
     arg_names: &Vec<String>,
     pkg_version: &'a str,
     body: &mut Box<'a, FunctionBody<'a>>,
+    is_constructor: bool,
 ) {
     if instruction.modify_args && !arg_names.is_empty() {
         insert_modify_args(
@@ -25,6 +26,7 @@ pub fn insert_instrument_method_calls<'a>(
             arg_names,
             body,
             instruction.modify_arguments_object,
+            is_constructor,
         );
     }
 
@@ -35,10 +37,11 @@ pub fn insert_instrument_method_calls<'a>(
             &instruction.identifier,
             pkg_version,
             body,
+            is_constructor,
         );
     }
 
-    if instruction.modify_return_value {
+    if instruction.modify_return_value && !is_constructor {
         transform_return_statements(
             allocator,
             builder,

instrumentation-wasm/src/js_transformer/transformer_impl.rs

@@ -28,8 +28,8 @@ impl<'a> Traverse<'a, TraverseState> for Transformer<'a> {
             return;
         }
 
-        if !node.kind.is_method() {
-            // Ignore constructor, getters and setters for now
+        if !node.kind.is_method() && !node.kind.is_constructor() {
+            // Ignore getters and setters for now
             return;
         }
 
@@ -63,6 +63,7 @@ impl<'a> Traverse<'a, TraverseState> for Transformer<'a> {
             &arg_names,
             self.pkg_version,
             body,
+            node.kind.is_constructor(),
         );
     }
 
@@ -124,6 +125,7 @@ impl<'a> Traverse<'a, TraverseState> for Transformer<'a> {
             &arg_names,
             self.pkg_version,
             body,
+            false,
         );
     }
 
@@ -178,6 +180,7 @@ impl<'a> Traverse<'a, TraverseState> for Transformer<'a> {
             &arg_names,
             self.pkg_version,
             body,
+            false,
         );
     }
 }

library/agent/hooks/instrumentation/codeTransformation.test.ts

@@ -1622,3 +1622,144 @@ t.test("Modify function expression (ESM)", async (t) => {
     }`
   );
 });
+
+t.test("Modify constructor (ESM)", async (t) => {
+  const result = transformCode(
+    "testpkg",
+    "1.0.0",
+    "application.js",
+    `
+      class Test {
+        constructor() {
+          console.log("ignore");
+          const x = 1;
+        }
+      }
+    `,
+    "module",
+    {
+      path: "application.js",
+      versionRange: "^1.0.0",
+      functions: [
+        {
+          nodeType: "MethodDefinition",
+          name: "constructor",
+          identifier:
+            "testpkg.application.js.constructor.MethodDefinition.v1.0.0",
+          inspectArgs: true,
+          modifyArgs: false,
+          modifyReturnValue: false,
+          modifyArgumentsObject: false,
+        },
+      ],
+    }
+  );
+
+  isSameCode(
+    result,
+    `import { __instrumentInspectArgs } from "@aikidosec/firewall/instrument/internals";
+     class Test {
+        constructor() {
+        __instrumentInspectArgs("testpkg.application.js.constructor.MethodDefinition.v1.0.0", arguments, "1.0.0", this);
+          console.log("ignore");
+          const x = 1;
+        }
+      }
+    `
+  );
+});
+
+t.test("Modify constructor with super (ESM)", async (t) => {
+  const result = transformCode(
+    "testpkg",
+    "1.0.0",
+    "application.js",
+    `
+      class Test {
+        constructor() {
+          super();
+          console.log("ignore");
+        }
+      }
+    `,
+    "module",
+    {
+      path: "application.js",
+      versionRange: "^1.0.0",
+      functions: [
+        {
+          nodeType: "MethodDefinition",
+          name: "constructor",
+          identifier:
+            "testpkg.application.js.constructor.MethodDefinition.v1.0.0",
+          inspectArgs: true,
+          modifyArgs: false,
+          modifyReturnValue: false,
+          modifyArgumentsObject: false,
+        },
+      ],
+    }
+  );
+
+  isSameCode(
+    result,
+    `import { __instrumentInspectArgs } from "@aikidosec/firewall/instrument/internals";
+     class Test {
+        constructor() {
+          super();
+          __instrumentInspectArgs("testpkg.application.js.constructor.MethodDefinition.v1.0.0", arguments, "1.0.0", this);
+          console.log("ignore");
+        }
+      }
+    `
+  );
+});
+
+t.test("Modify constructor with super (ESM)", async (t) => {
+  const result = transformCode(
+    "testpkg",
+    "1.0.0",
+    "application.js",
+    `
+      class Test {
+        constructor(arg1) {
+          test();
+          super();
+          console.log("ignore");
+        }
+      }
+    `,
+    "module",
+    {
+      path: "application.js",
+      versionRange: "^1.0.0",
+      functions: [
+        {
+          nodeType: "MethodDefinition",
+          name: "constructor",
+          identifier:
+            "testpkg.application.js.constructor.MethodDefinition.v1.0.0",
+          inspectArgs: true,
+          modifyArgs: true,
+          modifyReturnValue: true,
+          modifyArgumentsObject: false,
+        },
+      ],
+    }
+  );
+
+  isSameCode(
+    result,
+    `import { __instrumentInspectArgs, __instrumentModifyArgs, __instrumentModifyReturnValue } from "@aikidosec/firewall/instrument/internals";
+     class Test {
+        constructor(arg1) {
+          test();
+          super();
+          __instrumentInspectArgs("testpkg.application.js.constructor.MethodDefinition.v1.0.0", arguments, "1.0.0", this);
+          [arg1] = __instrumentModifyArgs("testpkg.application.js.constructor.MethodDefinition.v1.0.0", [arg1], this);
+          console.log("ignore");
+        }
+      }
+    `
+  );
+});

library/sinks/MySQL2.ts

@@ -1,5 +1,6 @@
 import { getContext } from "../agent/Context";
 import { Hooks } from "../agent/hooks/Hooks";
+import { PackageFunctionInstrumentationInstruction } from "../agent/hooks/instrumentation/types";
 import { InterceptorResult } from "../agent/hooks/InterceptorResult";
 import { wrapExport } from "../agent/hooks/wrapExport";
 import { WrapPackageInfo } from "../agent/hooks/WrapPackageInfo";
@@ -72,6 +73,23 @@ export class MySQL2 implements Wrapper {
     return connectionPrototype;
   }
 
+  private getFunctionInstructions(): PackageFunctionInstrumentationInstruction[] {
+    return [
+      {
+        nodeType: "MethodDefinition",
+        name: "query",
+        inspectArgs: (args) => this.inspectQuery("mysql2.query", args),
+        operationKind: "sql_op",
+      },
+      {
+        nodeType: "MethodDefinition",
+        name: "execute",
+        inspectArgs: (args) => this.inspectQuery("mysql2.execute", args),
+        operationKind: "sql_op",
+      },
+    ];
+  }
+
   wrap(hooks: Hooks) {
     const wrapConnection = (
       exports: any,
@@ -103,7 +121,11 @@ export class MySQL2 implements Wrapper {
     // For all versions of mysql2 newer than 3.0.0
     pkg
       .withVersion("^3.0.0")
-      .onRequire((exports, pkgInfo) => wrapConnection(exports, pkgInfo, false));
+      .onRequire((exports, pkgInfo) => wrapConnection(exports, pkgInfo, false))
+      .addFileInstrumentation({
+        path: "lib/connection.js",
+        functions: this.getFunctionInstructions(),
+      });
 
     // For all versions of mysql2 newer than / equal 3.11.5
     // Reason: https://github.com/sidorares/node-mysql2/pull/3081
@@ -114,20 +136,7 @@ export class MySQL2 implements Wrapper {
       })
       .addFileInstrumentation({
         path: "lib/base/connection.js",
-        functions: [
-          {
-            nodeType: "MethodDefinition",
-            name: "query",
-            inspectArgs: (args) => this.inspectQuery("mysql2.query", args),
-            operationKind: "sql_op",
-          },
-          {
-            nodeType: "MethodDefinition",
-            name: "execute",
-            inspectArgs: (args) => this.inspectQuery("mysql2.execute", args),
-            operationKind: "sql_op",
-          },
-        ],
+        functions: this.getFunctionInstructions(),
       });
   }
 }