From 4cd5b668bcb7f43e8401de02df1644ff54c388a0 Mon Sep 17 00:00:00 2001 From: Hans Ott Date: Thu, 29 Feb 2024 11:21:28 +0100 Subject: [PATCH] Test if our own error are still thrown --- library/src/agent/applyHooks.test.ts | 35 ++++++++++++++++++++ library/src/agent/logger/LoggerConsole.ts | 4 ++- library/src/agent/logger/LoggerForTesting.ts | 13 ++++++++ library/src/agent/logger/LoggerNoop.ts | 4 ++- 4 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 library/src/agent/logger/LoggerForTesting.ts diff --git a/library/src/agent/applyHooks.test.ts b/library/src/agent/applyHooks.test.ts index 4557072a5..24383fd74 100644 --- a/library/src/agent/applyHooks.test.ts +++ b/library/src/agent/applyHooks.test.ts @@ -1,6 +1,11 @@ import * as t from "tap"; +import { Agent } from "./Agent"; +import { setInstance } from "./AgentSingleton"; +import { APIForTesting } from "./api/APIForTesting"; import { applyHooks } from "./applyHooks"; import { Hooks } from "./hooks/Hooks"; +import { LoggerForTesting } from "./logger/LoggerForTesting"; +import { LoggerNoop } from "./logger/LoggerNoop"; t.test("it ignores if package is not installed", async (t) => { const hooks = new Hooks(); @@ -56,6 +61,12 @@ t.test("it ignores if version is not supported", async (t) => { }); }); +function removeStackTraceErrorMessage(error: string) { + const [msg] = error.split("\n"); + + return msg; +} + t.test("it adds try/catch around the wrapped method", async (t) => { const hooks = new Hooks(); const connection = hooks @@ -68,6 +79,9 @@ t.test("it adds try/catch around the wrapped method", async (t) => { connection.modifyArguments("execute", () => { throw new Error("THIS SHOULD BE CATCHED"); }); + connection.inspect("ping", () => { + throw new Error("Aikido guard has blocked a SQL injection"); + }); t.same(applyHooks(hooks), { mysql2: { @@ -92,5 +106,26 @@ t.test("it adds try/catch around the wrapped method", async (t) => { const [executeRows] = await actualConnection.execute("SELECT 1 as number"); t.same(executeRows, [{ number: 1 }]); + const logger = new LoggerForTesting(); + setInstance( + new Agent(false, logger, new APIForTesting(), undefined, false, {}) + ); + + const [queryRows2] = await actualConnection.query("SELECT 1 as number"); + t.same(queryRows2, [{ number: 1 }]); + + const [executeRows2] = await actualConnection.execute("SELECT 1 as number"); + t.same(executeRows2, [{ number: 1 }]); + + const error = await t.rejects(() => actualConnection.ping()); + if (error instanceof Error) { + t.equal(error.message, "Aikido guard has blocked a SQL injection"); + } + + t.same(logger.getMessages().map(removeStackTraceErrorMessage), [ + 'Internal error in module "mysql2" in method "query"', + 'Internal error in module "mysql2" in method "execute"', + ]); + await actualConnection.end(); }); diff --git a/library/src/agent/logger/LoggerConsole.ts b/library/src/agent/logger/LoggerConsole.ts index 48c9ebd98..2cb5f7447 100644 --- a/library/src/agent/logger/LoggerConsole.ts +++ b/library/src/agent/logger/LoggerConsole.ts @@ -1,4 +1,6 @@ -export class LoggerConsole { +import { Logger } from "./Logger"; + +export class LoggerConsole implements Logger { /** * Creates a terminal log with the "AIKIDO: " affix. * @param message Message to be logged diff --git a/library/src/agent/logger/LoggerForTesting.ts b/library/src/agent/logger/LoggerForTesting.ts new file mode 100644 index 000000000..ca56de31f --- /dev/null +++ b/library/src/agent/logger/LoggerForTesting.ts @@ -0,0 +1,13 @@ +import { Logger } from "./Logger"; + +export class LoggerForTesting implements Logger { + private readonly messages: string[] = []; + + log(message: string) { + this.messages.push(message); + } + + getMessages() { + return this.messages; + } +} diff --git a/library/src/agent/logger/LoggerNoop.ts b/library/src/agent/logger/LoggerNoop.ts index db37d5aa4..228911f2a 100644 --- a/library/src/agent/logger/LoggerNoop.ts +++ b/library/src/agent/logger/LoggerNoop.ts @@ -1,4 +1,6 @@ -export class LoggerNoop { +import { Logger } from "./Logger"; + +export class LoggerNoop implements Logger { log(message: string) { // noop }