Add kind to sink stats

To know what kind of operations the sink does

Author: hansott

library/agent/InspectionStatistics.test.ts

@@ -16,11 +16,13 @@ t.test("it resets stats", async () => {
     blocked: false,
     durationInMs: 0.1,
     attackDetected: false,
+    kind: "nosql_op",
   });
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 0,
           blocked: 0,
@@ -89,11 +91,13 @@ t.test("it keeps track of amount of calls", async () => {
     blocked: false,
     durationInMs: 0.1,
     attackDetected: false,
+    kind: "nosql_op",
   });
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 0,
           blocked: 0,
@@ -121,11 +125,13 @@ t.test("it keeps track of amount of calls", async () => {
     blocked: false,
     durationInMs: 0.1,
     attackDetected: false,
+    kind: "nosql_op",
   });
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 0,
           blocked: 0,
@@ -147,11 +153,12 @@ t.test("it keeps track of amount of calls", async () => {
     },
   });
 
-  stats.interceptorThrewError("mongodb");
+  stats.interceptorThrewError("mongodb", "nosql_op");
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 0,
           blocked: 0,
@@ -179,11 +186,13 @@ t.test("it keeps track of amount of calls", async () => {
     blocked: false,
     durationInMs: 0.1,
     attackDetected: true,
+    kind: "nosql_op",
   });
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 1,
           blocked: 0,
@@ -211,11 +220,13 @@ t.test("it keeps track of amount of calls", async () => {
     blocked: true,
     durationInMs: 0.3,
     attackDetected: true,
+    kind: "nosql_op",
   });
 
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 2,
           blocked: 1,
@@ -248,13 +259,15 @@ t.test("it keeps track of amount of calls", async () => {
       blocked: false,
       durationInMs: i * 0.1,
       attackDetected: false,
+      kind: "nosql_op",
     });
   }
 
   t.same(stats.hasCompressedStats(), true);
   t.same(stats.getStats(), {
     sinks: {
       mongodb: {
+        kind: "nosql_op",
         attacksDetected: {
           total: 2,
           blocked: 1,
@@ -302,6 +315,7 @@ t.test("it keeps track of amount of calls", async () => {
       blocked: false,
       durationInMs: i * 0.1,
       attackDetected: false,
+      kind: "nosql_op",
     });
   }
 
@@ -431,6 +445,7 @@ t.test("it force compresses stats", async () => {
     blocked: false,
     durationInMs: 0.1,
     attackDetected: false,
+    kind: "nosql_op",
   });
 
   t.same(stats.hasCompressedStats(), false);

library/agent/InspectionStatistics.ts

@@ -1,4 +1,5 @@
 import { percentiles } from "../helpers/percentiles";
+import { MonitoredSinkStatsKind } from "./api/Event";
 
 type SinkCompressedTimings = {
   averageInMS: number;
@@ -7,6 +8,7 @@ type SinkCompressedTimings = {
 };
 
 type SinkStats = {
+  kind: MonitoredSinkStatsKind | undefined;
   withoutContext: number;
   total: number;
   // array where we accumulate durations for each sink-request (e.g. mysql.query)
@@ -87,6 +89,7 @@ export class InspectionStatistics {
     for (const sink in this.stats) {
       const sinkStats = this.stats[sink];
       sinks[sink] = {
+        kind: sinkStats.kind,
         total: sinkStats.total,
         attacksDetected: {
           total: sinkStats.attacksDetected.total,
@@ -105,10 +108,14 @@ export class InspectionStatistics {
     };
   }
 
-  private ensureSinkStats(sink: string) {
+  private ensureSinkStats(
+    sink: string,
+    kind: MonitoredSinkStatsKind | undefined
+  ) {
     if (!this.stats[sink]) {
       this.stats[sink] = {
         withoutContext: 0,
+        kind: kind,
         total: 0,
         durations: [],
         compressedTimings: [],
@@ -119,6 +126,11 @@ export class InspectionStatistics {
         },
       };
     }
+
+    if (kind && !this.stats[sink].kind) {
+      // if we don't have a kind yet, set it
+      this.stats[sink].kind = kind;
+    }
   }
 
   private compressPerfSamples(sink: string) {
@@ -163,8 +175,11 @@ export class InspectionStatistics {
     this.stats[sink].durations = [];
   }
 
-  interceptorThrewError(sink: string) {
-    this.ensureSinkStats(sink);
+  interceptorThrewError(
+    sink: string,
+    kind: MonitoredSinkStatsKind | undefined
+  ) {
+    this.ensureSinkStats(sink, kind);
     this.stats[sink].total += 1;
     this.stats[sink].interceptorThrewError += 1;
   }
@@ -186,18 +201,20 @@ export class InspectionStatistics {
 
   onInspectedCall({
     sink,
+    kind,
     blocked,
     attackDetected,
     durationInMs,
     withoutContext,
   }: {
     sink: string;
+    kind: MonitoredSinkStatsKind | undefined;
     durationInMs: number;
     attackDetected: boolean;
     blocked: boolean;
     withoutContext: boolean;
   }) {
-    this.ensureSinkStats(sink);
+    this.ensureSinkStats(sink, kind);
 
     this.stats[sink].total += 1;
 

library/agent/api/Event.ts

@@ -64,6 +64,17 @@ export type DetectedAttack = {
   time: number;
 };
 
+export type MonitoredSinkStatsKind =
+  | "sql_op"
+  | "nosql_op"
+  | "outgoing_http_op"
+  | "fs_op"
+  | "path_op"
+  | "exec_op"
+  | "unserialize_op"
+  | "graphql_op"
+  | "eval_op";
+
 type MonitoredSinkStats = {
   attacksDetected: {
     total: number;
@@ -72,6 +83,7 @@ type MonitoredSinkStats = {
   interceptorThrewError: number;
   withoutContext: number;
   total: number;
+  kind: MonitoredSinkStatsKind | undefined;
   compressedTimings: {
     averageInMS: number;
     percentiles: Record<string, number>;

library/agent/applyHooks.test.ts

@@ -35,26 +35,38 @@ t.test(
     const hooks = new Hooks();
 
     let modifyCalled = false;
-    hooks.addGlobal("fetch", {
-      modifyArgs: (args) => {
-        modifyCalled = true;
-        return args;
+    hooks.addGlobal(
+      "fetch",
+      {
+        modifyArgs: (args) => {
+          modifyCalled = true;
+          return args;
+        },
       },
-    });
+      "outgoing_http_op"
+    );
 
     let inspectCalled = false;
-    hooks.addGlobal("atob", {
-      inspectArgs: (args) => {
-        inspectCalled = true;
+    hooks.addGlobal(
+      "atob",
+      {
+        inspectArgs: (args) => {
+          inspectCalled = true;
+        },
       },
-    });
+      "outgoing_http_op"
+    );
 
     // Unknown global
-    hooks.addGlobal("unknown", {
-      inspectArgs: (args) => {
-        return;
+    hooks.addGlobal(
+      "unknown",
+      {
+        inspectArgs: (args) => {
+          return;
+        },
       },
-    });
+      "outgoing_http_op"
+    );
 
     // Without name
     // @ts-expect-error Test with invalid arguments
@@ -90,11 +102,17 @@ t.test("it ignores route if force protection off is on", async (t) => {
 
   const hooks = new Hooks();
   hooks.addBuiltinModule("dns/promises").onRequire((exports, pkgInfo) => {
-    wrapExport(exports, "lookup", pkgInfo, {
-      inspectArgs: (args, agent) => {
-        inspectionCalls.push({ args });
+    wrapExport(
+      exports,
+      "lookup",
+      pkgInfo,
+      {
+        inspectArgs: (args, agent) => {
+          inspectionCalls.push({ args });
+        },
       },
-    });
+      "outgoing_http_op"
+    );
   });
 
   applyHooks(hooks);
@@ -156,18 +174,24 @@ t.test("it ignores route if force protection off is on", async (t) => {
 t.test("it does not report attack if IP is allowed", async (t) => {
   const hooks = new Hooks();
   hooks.addBuiltinModule("os").onRequire((exports, pkgInfo) => {
-    wrapExport(exports, "hostname", pkgInfo, {
-      inspectArgs: (args, agent) => {
-        return {
-          operation: "os.hostname",
-          source: "body",
-          pathsToPayload: ["path"],
-          payload: "payload",
-          metadata: {},
-          kind: "path_traversal",
-        };
+    wrapExport(
+      exports,
+      "hostname",
+      pkgInfo,
+      {
+        inspectArgs: (args, agent) => {
+          return {
+            operation: "os.hostname",
+            source: "body",
+            pathsToPayload: ["path"],
+            payload: "payload",
+            metadata: {},
+            kind: "path_traversal",
+          };
+        },
       },
-    });
+      "path_op"
+    );
   });
 
   applyHooks(hooks);

library/agent/applyHooks.ts

@@ -32,7 +32,8 @@ export function applyHooks(hooks: Hooks) {
         name: name,
         type: "global",
       },
-      g.getInterceptors()
+      g.getInterceptors(),
+      g.getKind()
     );
   });
 }

library/agent/hooks/Global.ts

@@ -1,9 +1,11 @@
+import { MonitoredSinkStatsKind } from "../api/Event";
 import { InterceptorObject } from "./wrapExport";
 
 export class Global {
   constructor(
     private readonly name: string,
-    private readonly interceptors: InterceptorObject
+    private readonly interceptors: InterceptorObject,
+    private readonly kind: MonitoredSinkStatsKind
   ) {
     if (!this.name) {
       throw new Error("Name is required");
@@ -20,4 +22,8 @@ export class Global {
   getInterceptors() {
     return this.interceptors;
   }
+
+  getKind() {
+    return this.kind;
+  }
 }

library/agent/hooks/Hooks.ts

@@ -1,3 +1,4 @@
+import { MonitoredSinkStatsKind } from "../api/Event";
 import { BuiltinModule } from "./BuiltinModule";
 import { Global } from "./Global";
 import { Package } from "./Package";
@@ -15,8 +16,12 @@ export class Hooks {
     return pkg;
   }
 
-  addGlobal(name: string, interceptors: InterceptorObject) {
-    const global = new Global(name, interceptors);
+  addGlobal(
+    name: string,
+    interceptors: InterceptorObject,
+    kind: MonitoredSinkStatsKind
+  ) {
+    const global = new Global(name, interceptors, kind);
     this.globals.push(global);
   }