Merge pull request #562 from AikidoSec/feature/add-context-warning-to-shouldBlockRequest

feat: add context warning to shouldBlockRequest function

Author: hansott

library/agent/context/markUnsafe.test.ts

@@ -109,7 +109,7 @@ t.test("it works", async () => {
   });
   markUnsafe("id = 1");
   t.same(logs, [
-    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen.",
+    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
   ]);
 
   // Warning logged only once
@@ -124,15 +124,15 @@ t.test("it works", async () => {
     markUnsafe(obj);
   });
   t.same(logs, [
-    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen.",
+    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
     "markUnsafe(...) failed to serialize the data",
   ]);
 
   runWithContext(createContext(), () => {
     markUnsafe();
   });
   t.same(logs, [
-    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen.",
+    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
     "markUnsafe(...) failed to serialize the data",
     "markUnsafe(...) was called without any data.",
   ]);
@@ -141,7 +141,7 @@ t.test("it works", async () => {
     markUnsafe(1, true, null, undefined, () => {}, Symbol("test"));
   });
   t.same(logs, [
-    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen.",
+    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
     "markUnsafe(...) failed to serialize the data",
     "markUnsafe(...) was called without any data.",
     "markUnsafe(...) expects an object, array, or string. Received: number",

library/agent/context/markUnsafe.ts

@@ -72,7 +72,7 @@ function logWarningMarkUnsafeWithoutContext() {
 
   // eslint-disable-next-line no-console
   console.warn(
-    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen."
+    "markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."
   );
 
   loggedWarningMarkUnsafeWithoutContext = true;

library/agent/context/user.test.ts

@@ -42,7 +42,7 @@ t.test("usage outside of context", async (t) => {
   setUser({ id: "id" });
 
   t.same(logs, [
-    "setUser(...) was called without a context. The user will not be tracked. Make sure to call setUser(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen.",
+    "setUser(...) was called without a context. The user will not be tracked. Make sure to call setUser(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
   ]);
 
   // Should not log again

library/agent/context/user.ts

@@ -89,7 +89,7 @@ function logWarningSetUserCalledWithoutContext() {
 
   // eslint-disable-next-line no-console
   console.warn(
-    "setUser(...) was called without a context. The user will not be tracked. Make sure to call setUser(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen."
+    "setUser(...) was called without a context. The user will not be tracked. Make sure to call setUser(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."
   );
 
   loggedWarningSetUserCalledWithoutContext = true;

library/middleware/shouldBlockRequest.test.ts

@@ -2,6 +2,7 @@ import * as t from "tap";
 import { shouldBlockRequest } from "./shouldBlockRequest";
 import { runWithContext, type Context } from "../agent/Context";
 import { createTestAgent } from "../helpers/createTestAgent";
+import { wrap } from "../helpers/wrap";
 
 const sampleContext: Context = {
   remoteAddress: "::1",
@@ -19,7 +20,19 @@ const sampleContext: Context = {
 };
 
 t.test("without context", async (t) => {
-  t.same(shouldBlockRequest(), { block: false });
+  const logs: string[] = [];
+  wrap(console, "warn", function warn() {
+    return function warn(message: string) {
+      logs.push(message);
+    };
+  });
+
+  const result = shouldBlockRequest();
+  shouldBlockRequest();
+  t.same(result, { block: false });
+  t.same(logs, [
+    "shouldBlockRequest() was called without a context. The request will not be blocked. Make sure to call shouldBlockRequest() within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports).",
+  ]);
 });
 
 t.test("without agent", async (t) => {

library/middleware/shouldBlockRequest.ts

@@ -12,6 +12,7 @@ type Result = {
 export function shouldBlockRequest(): Result {
   const context = getContext();
   if (!context) {
+    logWarningShouldBlockRequestCalledWithoutContext();
     return { block: false };
   }
 
@@ -39,3 +40,18 @@ export function shouldBlockRequest(): Result {
 
   return { block: false };
 }
+
+let loggedWarningShouldBlockRequestCalledWithoutContext = false;
+
+function logWarningShouldBlockRequestCalledWithoutContext() {
+  if (loggedWarningShouldBlockRequestCalledWithoutContext) {
+    return;
+  }
+
+  // eslint-disable-next-line no-console
+  console.warn(
+    "shouldBlockRequest() was called without a context. The request will not be blocked. Make sure to call shouldBlockRequest() within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."
+  );
+
+  loggedWarningShouldBlockRequestCalledWithoutContext = true;
+}