Support express instrumentation

- Allow modifying arguments object directly
- Add sample app

Author: timokoessler

instrumentation-wasm/src/js_transformer/helpers/get_name_str_for_member_expr.rs

@@ -5,8 +5,8 @@ pub fn get_name_str_for_member_expr<'a>(
     allocator: &'a Allocator,
     member_expr: &MemberExpression,
 ) -> Option<&'a str> {
-    let mut obj_name_str: &str = "";
-    let mut prop_name_str: &str = "";
+    let obj_name_str: &str;
+    let prop_name_str: &str;
 
     match member_expr {
         MemberExpression::StaticMemberExpression(static_member_expr) => {

instrumentation-wasm/src/js_transformer/helpers/insert_code.rs

@@ -42,7 +42,24 @@ pub fn insert_modify_args<'a>(
     identifier: &str,
     arg_names_str: &str,
     body: &mut Box<'a, FunctionBody<'a>>,
+    modify_arguments_object: bool,
 ) {
+    if modify_arguments_object {
+        // If we are modifying the arguments object, we need to use the arguments object directly
+        // instead of the individual arguments
+        let source_text: &'a str = allocator.alloc_str(&format!(
+            "Object.assign(arguments, __instrumentModifyArgs('{}', Array.from(arguments)));",
+            identifier
+        ));
+        insert_single_statement_into_func(allocator, body, 0, source_text);
+        return;
+    }
+
+    if arg_names_str.is_empty() {
+        // If there are no arguments to modify, we can skip this step
+        return;
+    }
+
     let source_text: &'a str = allocator.alloc_str(&format!(
         "[{}] = __instrumentModifyArgs('{}', [{}]);",
         arg_names_str, identifier, arg_names_str

instrumentation-wasm/src/js_transformer/instructions.rs

@@ -17,4 +17,5 @@ pub struct FunctionInstructions {
     pub inspect_args: bool,
     pub modify_args: bool,
     pub modify_return_value: bool,
+    pub modify_arguments_object: bool,
 }

instrumentation-wasm/src/js_transformer/transformer.rs

@@ -1,6 +1,6 @@
 use oxc_allocator::Allocator;
 use oxc_codegen::{Codegen, CodegenOptions};
-use oxc_parser::{ParseOptions, Parser};
+use oxc_parser::Parser;
 use oxc_semantic::SemanticBuilder;
 use oxc_span::SourceType;
 use oxc_traverse::traverse_mut;

instrumentation-wasm/src/js_transformer/transformer_impl.rs

@@ -62,6 +62,7 @@ impl<'a> Traverse<'a> for Transformer<'a> {
                 &instruction.identifier,
                 &arg_names_str,
                 body,
+                instruction.modify_arguments_object,
             );
         }
 
@@ -130,13 +131,14 @@ impl<'a> Traverse<'a> for Transformer<'a> {
 
         let body = function_expression.body.as_mut().unwrap();
 
-        if instruction.modify_args && !arg_names.is_empty() {
+        if instruction.modify_args {
             let arg_names_str = arg_names.join(", ");
             insert_modify_args(
                 self.allocator,
                 &instruction.identifier,
                 &arg_names_str,
                 body,
+                instruction.modify_arguments_object,
             );
         }
 

library/agent/hooks/instrumentation/codeTransformation.test.ts

@@ -36,6 +36,7 @@ t.test("add inspectArgs to method definition (ESM)", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -93,6 +94,7 @@ t.test("add inspectArgs to method definition (CJS)", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -150,6 +152,7 @@ t.test("wrong function name", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -206,6 +209,7 @@ t.test("typescript code", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -263,6 +267,7 @@ t.test("typescript code in a js file", async (t) => {
             inspectArgs: true,
             modifyArgs: false,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -292,6 +297,7 @@ t.test("empty code", async (t) => {
         inspectArgs: true,
         modifyArgs: false,
         modifyReturnValue: false,
+        modifyArgumentsObject: false,
       },
     ],
   });
@@ -336,6 +342,7 @@ t.test("add modifyArgs to method definition (ESM)", async (t) => {
           inspectArgs: false,
           modifyArgs: true,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -395,6 +402,7 @@ t.test(
             inspectArgs: true,
             modifyArgs: true,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -449,6 +457,7 @@ t.test("modify rest parameter args", async (t) => {
           inspectArgs: false,
           modifyArgs: true,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -494,6 +503,7 @@ t.test("modify rest parameter args", async (t) => {
           inspectArgs: false,
           modifyArgs: true,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -548,6 +558,7 @@ t.test("add inspectArgs to method definition (unambiguous)", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -603,6 +614,7 @@ t.test("add inspectArgs to method definition (unambiguous)", async (t) => {
           inspectArgs: true,
           modifyArgs: false,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }
@@ -654,6 +666,7 @@ t.test(
             inspectArgs: true,
             modifyArgs: false,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -699,6 +712,7 @@ t.test(
             inspectArgs: false,
             modifyArgs: true,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -745,6 +759,7 @@ t.test(
             inspectArgs: true,
             modifyArgs: false,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -792,6 +807,7 @@ t.test(
             inspectArgs: false,
             modifyArgs: true,
             modifyReturnValue: false,
+            modifyArgumentsObject: false,
           },
         ],
       }
@@ -813,6 +829,54 @@ t.test(
   }
 );
 
+t.test(
+  "add modifyArgs to dynamic function assignment expression with arguments object (CJS)",
+  async (t) => {
+    const result = transformCode(
+      "express",
+      "1.0.0",
+      "application.js",
+      `
+        const app = require("example");
+        const key = "get";
+        app[key] = function (fn) {
+            console.log("test");
+        };
+        `,
+      "commonjs",
+      {
+        path: "application.js",
+        versionRange: "^1.0.0",
+        functions: [
+          {
+            nodeType: "FunctionAssignment",
+            name: "app[key]",
+            identifier: "express.application.js.app[key].v1.0.0",
+            inspectArgs: false,
+            modifyArgs: true,
+            modifyReturnValue: false,
+            modifyArgumentsObject: true,
+          },
+        ],
+      }
+    );
+
+    t.same(
+      compareCodeStrings(
+        result,
+        `const { __instrumentInspectArgs, __instrumentModifyArgs } = require("@aikidosec/firewall/instrument/internals");
+        const app = require("example");
+        const key = "get";
+        app[key] = function (fn) {
+          Object.assign(arguments, __instrumentModifyArgs("express.application.js.app[key].v1.0.0", Array.from(arguments)));
+          console.log("test");
+        };`
+      ),
+      true
+    );
+  }
+);
+
 t.test("does not modify code if function name is not found", async (t) => {
   const result = transformCode(
     "express",
@@ -837,6 +901,7 @@ t.test("does not modify code if function name is not found", async (t) => {
           inspectArgs: false,
           modifyArgs: true,
           modifyReturnValue: false,
+          modifyArgumentsObject: false,
         },
       ],
     }

library/agent/hooks/instrumentation/instructions.test.ts

@@ -58,6 +58,7 @@ t.test("it works", async (t) => {
         inspectArgs: true,
         modifyArgs: false,
         modifyReturnValue: false,
+        modifyArgumentsObject: false,
       },
     ],
   });

library/agent/hooks/instrumentation/instructions.ts

@@ -48,6 +48,7 @@ export function setPackagesToInstrument(_packages: Package[]) {
                   inspectArgs: !!func.inspectArgs,
                   modifyArgs: !!func.modifyArgs,
                   modifyReturnValue: !!func.modifyReturnValue,
+                  modifyArgumentsObject: func.modifyArgumentsObject ?? false,
                 };
               }),
             };

library/agent/hooks/instrumentation/types.ts

@@ -60,11 +60,22 @@ export type IntereptorFunctionsObj = {
 };
 
 export type PackageFunctionInstrumentationInstruction = {
-  nodeType: "MethodDefinition";
+  nodeType: "MethodDefinition" | "FunctionAssignment";
   name: string;
   inspectArgs?: InspectArgsInterceptor;
   modifyArgs?: ModifyArgsInterceptor;
   modifyReturnValue?: ModifyReturnValueInterceptor;
+  /**
+   * If true, the arguments object will be modified by modifyArgs instead modifying the named arguments.
+   *
+   * Why is this needed?
+   * If the library object uses the arguments object instead of named function arguments and no named arguments are defined in the function / method definition
+   * or not all arguments are defined, we need to modify the arguments object instead of the named arguments.
+   *
+   * Important to know:
+   * In strict mode, the arguments object and the named arguments are not synced, so changing the arguments object will not change the named arguments and vice versa.
+   */
+  modifyArgumentsObject?: boolean;
 };
 
 export type PackageFileInstrumentationInstruction = {
@@ -76,11 +87,12 @@ export type PackageFileInstrumentationInstructionJSON = {
   path: string; // Relative path to required file inside the package folder
   versionRange: string;
   functions: {
-    nodeType: "MethodDefinition" | "FunctionAssignment";
+    nodeType: PackageFunctionInstrumentationInstruction["nodeType"];
     name: string;
     identifier: string;
     inspectArgs: boolean;
     modifyArgs: boolean;
     modifyReturnValue: boolean;
+    modifyArgumentsObject: boolean;
   }[];
 };

library/sources/Express.ts

@@ -48,6 +48,23 @@ export class Express implements Wrapper {
         wrapExport(exports.application, "use", pkgInfo, {
           modifyArgs: (args) => this.wrapArgs(args),
         });
+      })
+      .addFileInstrumentation({
+        path: "lib/application.js",
+        functions: [
+          {
+            nodeType: "FunctionAssignment",
+            name: "app.use",
+            modifyArgumentsObject: true,
+            modifyArgs: (args) => this.wrapArgs(args),
+          },
+          {
+            nodeType: "FunctionAssignment",
+            name: "app[method]",
+            modifyArgumentsObject: true,
+            modifyArgs: (args) => this.wrapArgs(args),
+          },
+        ],
       });
   }
 }