Support argument modification

timokoessler · timokoessler · commit d1643ce2ca3a · 2025-03-04T12:53:22.000+01:00
diff --git a/instrumentation-wasm/src/js_transformer/helpers/get_import_code_str.rs b/instrumentation-wasm/src/js_transformer/helpers/get_import_code_str.rs
@@ -0,0 +1,10 @@
+use oxc_span::SourceType;
+
+pub fn get_import_code_str(source_type: &SourceType, has_module_syntax: bool) -> &'static str {
+    // Todo maybe import only needed functions, not sure if it is worth it
+    if source_type.is_script() || source_type.is_unambiguous() && !has_module_syntax {
+        return "const { __instrumentInspectArgs, __instrumentModifyArgs } = require('@aikidosec/firewall/instrument/internals');";
+    }
+
+    "import { __instrumentInspectArgs, __instrumentModifyArgs } from '@aikidosec/firewall/instrument/internals';"
+}
diff --git a/instrumentation-wasm/src/js_transformer/helpers/get_method_arg_names.rs b/instrumentation-wasm/src/js_transformer/helpers/get_method_arg_names.rs
@@ -0,0 +1,18 @@
+use oxc_ast::ast::MethodDefinition;
+
+pub fn get_method_arg_names(method_definition: &MethodDefinition) -> Vec<String> {
+    let mut arg_names = Vec::new();
+
+    // Todo check whats appens if rest parameter is used
+
+    method_definition
+        .value
+        .params
+        .items
+        .iter()
+        .for_each(|param| {
+            arg_names.push(param.pattern.get_identifier_name().unwrap().to_string());
+        });
+
+    arg_names
+}
diff --git a/instrumentation-wasm/src/js_transformer/helpers/mod.rs b/instrumentation-wasm/src/js_transformer/helpers/mod.rs
@@ -1,2 +1,4 @@
+pub mod get_import_code_str;
+pub mod get_method_arg_names;
 pub mod parse_js_code_to_statements;
 pub mod select_sourcetype_based_on_enum;
diff --git a/instrumentation-wasm/src/js_transformer/transformer.rs b/instrumentation-wasm/src/js_transformer/transformer.rs
@@ -8,6 +8,7 @@ use oxc_traverse::{traverse_mut, Traverse, TraverseCtx};
 
 use super::{
     helpers::{
+        get_import_code_str::get_import_code_str, get_method_arg_names::get_method_arg_names,
         parse_js_code_to_statements::parse_js_code_to_statements,
         select_sourcetype_based_on_enum::select_sourcetype_based_on_enum,
     },
@@ -54,33 +55,17 @@ pub fn transform_code_str(code: &str, instructions_json: &str, src_type: i32) ->
 
     traverse_mut(t, &allocator, program, symbols, scopes);
 
-    if source_type.is_script()
-        || source_type.is_unambiguous() && parser_result.module_record.has_module_syntax == false
-    {
-        // Add require statement
-        program.body.insert(
-            0,
-            parse_js_code_to_statements(
-                &allocator,
-                "const { __instrumentInspectArgs } = require('@aikidosec/firewall/instrument/internals');",
-                SourceType::cjs(),
-            )
-            .pop()
-            .unwrap(),
-        );
-    } else {
-        // Add import statement
-        program.body.insert(
-                    0,
-                    parse_js_code_to_statements(
-                        &allocator,
-                        "import { __instrumentInspectArgs } from '@aikidosec/firewall/instrument/internals';",
-                        SourceType::mjs(),
-                    )
-                    .pop()
-                    .unwrap(),
-                );
-    }
+    // Add import / require statement
+    program.body.insert(
+        0,
+        parse_js_code_to_statements(
+            &allocator,
+            get_import_code_str(&source_type, parser_result.module_record.has_module_syntax),
+            SourceType::cjs(),
+        )
+        .pop()
+        .unwrap(),
+    );
 
     // Todo: Update source map?
     let js = Codegen::new()
@@ -116,6 +101,11 @@ impl<'a> Traverse<'a> for Transformer<'a> {
             return;
         }
 
+        if !node.kind.is_method() {
+            // Ignore constructor, getters and setters for now
+            return;
+        }
+
         // Todo implement submethod counting for nested functions for supporting modifications of return value
 
         let method_name = node.key.name().unwrap().to_string();
@@ -138,9 +128,38 @@ impl<'a> Traverse<'a> for Transformer<'a> {
         self.current_function_identifier = Some(function_identifier.clone());
         self.modify_return_value = instruction.modify_return_value;*/
 
+        // We need to collect the arg names before we make the body mutable
+        let arg_names = if instruction.modify_args {
+            // Todo check whats appens if rest parameter is used
+
+            get_method_arg_names(node)
+        } else {
+            Vec::new()
+        };
+
         let body = node.value.body.as_mut().unwrap();
 
+        if instruction.modify_args {
+            // Modify the arguments by adding a statement to the beginning of the function
+            // [arg1, arg2, ...] = __instrumentModifyArgs('function_identifier', [arg1, arg2, ...]);
+
+            let arg_names_str = arg_names.join(", ");
+            let source_text: &'a str = self.allocator.alloc_str(&format!(
+                "[{}] = __instrumentModifyArgs('{}', [{}]);",
+                arg_names_str, instruction.identifier, arg_names_str
+            ));
+
+            body.statements.insert(
+                0,
+                parse_js_code_to_statements(self.allocator, &source_text, SourceType::mjs())
+                    .into_iter()
+                    .next()
+                    .unwrap(),
+            );
+        }
+
         if instruction.inspect_args {
+            // Add a statement to the beginning of the function: __instrumentInspectArgs('function_identifier', arguments);
             let source_text: &'a str = self.allocator.alloc_str(&format!(
                 "__instrumentInspectArgs('{}', arguments);",
                 instruction.identifier
diff --git a/library/agent/hooks/instrumentation/codeTransformation.test.ts b/library/agent/hooks/instrumentation/codeTransformation.test.ts
@@ -42,7 +42,7 @@ t.test("add inspectArgs to method definition (ESM)", async (t) => {
   t.same(
     compareCodeStrings(
       result,
-      `import { __instrumentInspectArgs } from "@aikidosec/firewall/instrument/internals";
+      `import { __instrumentInspectArgs, __instrumentModifyArgs } from "@aikidosec/firewall/instrument/internals";
     import { test } from "test";
     class Test {
         private testValue = 42;
@@ -97,7 +97,7 @@ t.test("add inspectArgs to method definition (CJS)", async (t) => {
   t.same(
     compareCodeStrings(
       result,
-      `const { __instrumentInspectArgs } = require("@aikidosec/firewall/instrument/internals");
+      `const { __instrumentInspectArgs, __instrumentModifyArgs } = require("@aikidosec/firewall/instrument/internals");
       import { test } from "test";
       class Test {
           private testValue = 42;
@@ -152,7 +152,7 @@ t.test("wrong function name", async (t) => {
   t.same(
     compareCodeStrings(
       result,
-      `const { __instrumentInspectArgs } = require("@aikidosec/firewall/instrument/internals");
+      `const { __instrumentInspectArgs, __instrumentModifyArgs } = require("@aikidosec/firewall/instrument/internals");
         import { test } from "test";
         class Test {
             private testValue = 42;
@@ -206,7 +206,7 @@ t.test("typescript code", async (t) => {
   t.same(
     compareCodeStrings(
       result,
-      `import { __instrumentInspectArgs } from "@aikidosec/firewall/instrument/internals";
+      `import { __instrumentInspectArgs, __instrumentModifyArgs } from "@aikidosec/firewall/instrument/internals";
           import { test } from "test";
           class Test {
               private testValue: number = 42;
@@ -289,8 +289,122 @@ t.test("empty code", async (t) => {
   t.same(
     compareCodeStrings(
       result,
-      `import { __instrumentInspectArgs } from "@aikidosec/firewall/instrument/internals";`
+      `import { __instrumentInspectArgs, __instrumentModifyArgs } from "@aikidosec/firewall/instrument/internals";`
     ),
     true
   );
 });
+
+t.test("add modifyArgs to method definition (ESM)", async (t) => {
+  const result = transformCode(
+    "test.js",
+    `
+          import { test } from "test";
+          class Test {
+  
+              private testValue = 42;
+  
+              constructor() {
+                  this.testFunction(testValue);
+              }
+              testFunction(arg1) {
+                  console.log("test");
+              }
+          }
+          `,
+    true,
+    {
+      path: "test.js",
+      versionRange: "^1.0.0",
+      functions: [
+        {
+          nodeType: "MethodDefinition",
+          name: "testFunction",
+          identifier: "testmodule.test.js.testFunction.v1.0.0",
+          inspectArgs: false,
+          modifyArgs: true,
+          modifyReturnValue: false,
+        },
+      ],
+    }
+  );
+
+  t.same(
+    compareCodeStrings(
+      result,
+      `import { __instrumentInspectArgs, __instrumentModifyArgs } from "@aikidosec/firewall/instrument/internals";
+      import { test } from "test";
+      class Test {
+          private testValue = 42;
+  
+          constructor() {
+              this.testFunction(testValue);
+          }
+          testFunction(arg1) {
+              [arg1] = __instrumentModifyArgs("testmodule.test.js.testFunction.v1.0.0", [arg1]);
+              console.log("test");
+          }
+      }`
+    ),
+    true
+  );
+});
+
+t.test(
+  "add modifyArgs and inspectArgs to method definition (ESM)",
+  async (t) => {
+    const result = transformCode(
+      "test.js",
+      `
+            import { test } from "test";
+            class Test {
+    
+                private testValue = 42;
+    
+                constructor() {
+                    this.testFunction(testValue);
+                }
+                testFunction(arg1) {
+                    console.log("test");
+                }
+            }
+            `,
+      true,
+      {
+        path: "test.js",
+        versionRange: "^1.0.0",
+        functions: [
+          {
+            nodeType: "MethodDefinition",
+            name: "testFunction",
+            identifier: "testmodule.test.js.testFunction.v1.0.0",
+            inspectArgs: true,
+            modifyArgs: true,
+            modifyReturnValue: false,
+          },
+        ],
+      }
+    );
+
+    t.same(
+      compareCodeStrings(
+        result,
+        `import { __instrumentInspectArgs, __instrumentModifyArgs } from "@aikidosec/firewall/instrument/internals";
+        import { test } from "test";
+        class Test {
+            private testValue = 42;
+    
+            constructor() {
+                this.testFunction(testValue);
+            }
+            testFunction(arg1) {
+                __instrumentInspectArgs("testmodule.test.js.testFunction.v1.0.0", arguments);
+                [arg1] = __instrumentModifyArgs("testmodule.test.js.testFunction.v1.0.0", [arg1]);
+                console.log("test");
+            }
+        }`
+      ),
+      true
+    );
+  }
+);
diff --git a/library/agent/hooks/instrumentation/codeTransformation.ts b/library/agent/hooks/instrumentation/codeTransformation.ts
@@ -3,8 +3,6 @@ import type { PackageFileInstrumentationInstructionJSON } from "./types";
 import { wasm_transform_code_str } from "./wasm/node_code_instrumentation";
 import { getSourceType } from "./getSourceType";
 
-// Todo check if caching is done by Node or if we need to cache the result
-
 export function transformCode(
   path: string,
   code: string,
diff --git a/library/agent/hooks/instrumentation/injectedFunctions.ts b/library/agent/hooks/instrumentation/injectedFunctions.ts
@@ -7,12 +7,16 @@ export function __instrumentInspectArgs(id: string, args: unknown[]): void {
   if (!agent) {
     return;
   }
+  try {
+    const cbFuncs = getPackageCallbacks(id);
 
-  const cbFuncs = getPackageCallbacks(id);
-
-  if (typeof cbFuncs.inspectArgs === "function") {
-    // Todo support subject?
-    cbFuncs.inspectArgs(args, agent, undefined);
+    if (typeof cbFuncs.inspectArgs === "function") {
+      // Todo support subject?
+      cbFuncs.inspectArgs(args, agent, undefined);
+    }
+  } catch (error) {
+    // Do not crash the application if an error occurs
+    console.error(error); // We don't have a logger yet :(
   }
 }
 
@@ -50,3 +54,27 @@ export function __wrapBuiltinExports(id: string, exports: unknown): unknown {
 
   return exports;
 }
+
+export function __instrumentModifyArgs(id: string, args: unknown[]): unknown[] {
+  const agent = getInstance();
+  if (!agent) {
+    return args;
+  }
+
+  try {
+    const cbFuncs = getPackageCallbacks(id);
+
+    if (typeof cbFuncs.modifyArgs === "function") {
+      const newArgs = cbFuncs.modifyArgs(args, agent);
+      // Only return the new arguments if they are an array
+      if (Array.isArray(newArgs)) {
+        return newArgs;
+      }
+    }
+  } catch (error) {
+    // Do not crash the application if an error occurs
+    console.error(error); // We don't have a logger yet :(
+  }
+
+  return args;
+}
diff --git a/library/agent/hooks/instrumentation/loadHook.test.mts b/library/agent/hooks/instrumentation/loadHook.test.mts
diff --git a/library/agent/hooks/instrumentation/loadHook.ts b/library/agent/hooks/instrumentation/loadHook.ts
diff --git a/library/sources/Hono.ts b/library/sources/Hono.ts
