Add inspectArgs for Hono

instrumentation-wasm/src/js_transformer/instructions.rs

@@ -4,6 +4,7 @@ use serde::{Deserialize, Serialize};
 #[serde(rename_all = "camelCase")]
 pub struct FileInstructions {
     pub path: String,
+    pub version_range: String,
     pub functions: Vec<FunctionInstructions>,
 }
 
@@ -12,6 +13,8 @@ pub struct FileInstructions {
 pub struct FunctionInstructions {
     pub node_type: String,
     pub name: String,
+    pub identifier: String,
     pub inspect_args: bool,
+    pub modify_args: bool,
     pub modify_return_value: bool,
 }

instrumentation-wasm/src/js_transformer/transformer.rs

@@ -52,10 +52,10 @@ pub fn transform_code_str(
     let t = &mut Transformer {
         allocator: &allocator,
         file_instructions: &file_instructions,
-        current_function_identifier: None,
-        modify_return_value: false,
+        //current_function_identifier: None,
+        //modify_return_value: false,
         module_name,
-        sub_function_counter: 0,
+        //sub_function_counter: 0,
     };
 
     traverse_mut(t, &allocator, program, symbols, scopes);
@@ -90,9 +90,9 @@ pub fn transform_code_str(
 struct Transformer<'a> {
     allocator: &'a Allocator,
     file_instructions: &'a FileInstructions,
-    current_function_identifier: Option<String>, // Only set if we want to instrument the current function
-    sub_function_counter: i32, // Counter to keep track of how many sub functions we are in
-    modify_return_value: bool,
+    //current_function_identifier: Option<String>, // Only set if we want to instrument the current function
+    //sub_function_counter: i32, // Counter to keep track of how many sub functions we are in
+    //modify_return_value: bool,
     module_name: &'a str,
 }
 
@@ -117,23 +117,23 @@ impl<'a> Traverse<'a> for Transformer<'a> {
             .find(|f| f.node_type == "MethodDefinition" && f.name == method_name);
 
         if found_instruction.is_none() {
-            self.current_function_identifier = None;
-            self.modify_return_value = false;
+            //self.current_function_identifier = None;
+            //self.modify_return_value = false;
             return;
         }
 
         let instruction = found_instruction.unwrap();
 
-        let function_identifier = format!("{}.{}", self.module_name, method_name);
+        /*let function_identifier = format!("{}.{}", self.module_name, method_name);
         self.current_function_identifier = Some(function_identifier.clone());
-        self.modify_return_value = instruction.modify_return_value;
+        self.modify_return_value = instruction.modify_return_value;*/
 
         let body = node.value.body.as_mut().unwrap();
 
         if instruction.inspect_args {
             let source_text: &'a str = self.allocator.alloc_str(&format!(
                 "__instrumentInspectArgs('{}', false, arguments);",
-                self.current_function_identifier.as_ref().unwrap()
+                instruction.identifier
             ));
 
             body.statements.insert(
@@ -146,7 +146,7 @@ impl<'a> Traverse<'a> for Transformer<'a> {
         }
     }
 
-    fn exit_method_definition(
+    /*fn exit_method_definition(
         &mut self,
         _node: &mut MethodDefinition<'a>,
         ctx: &mut TraverseCtx<'a>,
@@ -183,5 +183,5 @@ impl<'a> Traverse<'a> for Transformer<'a> {
 
         // Todo support modifying return value
         //AstBuilder::new(self.allocator).return_statement(node.span, argument)
-    }
+    }*/
 }

library/agent/hooks/instrumentation/injectedFunctions.ts

@@ -1,7 +1,25 @@
+import { getInstance } from "../../AgentSingleton";
+import { getPackageCallbacks } from "./instructions";
+
 export function __instrumentInspectArgs(
   id: string,
   isBuiltin: boolean,
   args: unknown[]
 ): void {
-  // Todo do something
+  const agent = getInstance();
+  if (!agent) {
+    return;
+  }
+
+  if (isBuiltin) {
+    // Todo
+    return;
+  }
+
+  const cbFuncs = getPackageCallbacks(id);
+
+  if (typeof cbFuncs.inspectArgs === "function") {
+    // Todo support subject?
+    cbFuncs.inspectArgs(args, agent, undefined);
+  }
 }

library/agent/hooks/instrumentation/instructions.ts

@@ -36,6 +36,12 @@ export function setPackagesToInstrument(_packages: Package[]) {
               functions: file.functions.map((func) => {
                 const identifier = `${pkg.getName()}.${file.path}.${func.name}.${versionedPackage.getRange()}`;
 
+                packageFileCallbacks.set(identifier, {
+                  inspectArgs: func.inspectArgs,
+                  modifyArgs: func.modifyArgs,
+                  modifyReturnValue: func.modifyReturnValue,
+                });
+
                 return {
                   nodeType: func.nodeType,
                   name: func.name,
@@ -51,7 +57,9 @@ export function setPackagesToInstrument(_packages: Package[]) {
       })
       .flat();
 
-    packages.set(pkg.getName(), packageInstructions);
+    if (packageInstructions.length !== 0) {
+      packages.set(pkg.getName(), packageInstructions);
+    }
   }
 }
 
@@ -124,3 +132,9 @@ export function getPackageFileInstrumentationInstructions(
 
   return instructions.find((f) => satisfiesVersion(f.versionRange, version));
 }
+
+export function getPackageCallbacks(
+  identifier: string
+): IntereptorFunctionsObj {
+  return packageFileCallbacks.get(identifier) || {};
+}

library/agent/hooks/instrumentation/types.ts

@@ -94,6 +94,7 @@ export type PackageFileInstrumentationInstructionJSON = {
   functions: {
     nodeType: "MethodDefinition";
     name: string;
+    identifier: string;
     inspectArgs: boolean;
     modifyArgs: boolean;
     modifyReturnValue: boolean;

library/package.json

@@ -14,7 +14,8 @@
     "./context": "./context/index.js",
     "./lambda": "./lambda/index.js",
     "./nopp": "./nopp/index.js",
-    "./cloud-function": "./cloud-function/index.js"
+    "./cloud-function": "./cloud-function/index.js",
+    "./bundler": "./bundler/index.js"
   },
   "homepage": "https://aikido.dev/zen",
   "author": "Aikido Security",

library/sources/Hono.ts

@@ -53,6 +53,18 @@ export class Hono implements Wrapper {
         });
 
         return newExports;
+      })
+      .addFileInstrumentation({
+        path: "lib/hono-base.js",
+        functions: [
+          {
+            nodeType: "MethodDefinition",
+            name: "addRoute",
+            inspectArgs: (args) => {
+              console.log(args);
+            },
+          },
+        ],
       });
   }
 }