New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error instrumenting OWASP's juice-shop #17
Comments
Hi, seems like a bug where njstrace is not handling return statements that uses the comma operator. Since you mentioned you're a student I'll elaborate :) When njstrace inject itself into code it stores the "Return" value in some temporary variable, do the tracing stuff, and return the value stored in the temporary variable. So the above "return" statement is modified by njstrace to:
And as you can see, the first line above, which tries to store the original "return" statement in temp variable, is invalid - BUG. I will need to fix this, test, and release a new version, hopefully will find time for that soon... |
Thank you very much for looking into this and the detailed answer! This is very helpful for me. I tried to workaround by skipping all affected modules this way:
Now, I received following error:
Tomorrow, I try to better understand the second error, but maybe this is already helpful for you. Again, thank you! |
I guess njstrace is modifying the code of |
Yes, I know, but for this project it is crucial to trace even node_modules... I think, those two issues are the only ones for juice-shop's node_modules. FYI: It is about anomaly detection in Node.js applications. I want to compare method calls of benign use and those of intrusions. Therefore, I instrument vulnerable applications :) So this module is a huge ease to master that project. |
Fixed the first issue. |
Hey @ValYouW, thank your very much for the fix and the explanation! |
@christophschw Thank you! it's very kind of you, but that's ok... good luck with your work! |
Hey,
thank you for offering such a nice project! I appreciate the work you do with this module.
Currently, I'm trying to integrate
njstrace
in OWASP'sjuice-shop
for a student project (Novice here – sorry ;)). I wrote a custom logger which works fine when I don't trace the node_modules. But when I do, it get following error:I forked the juice-shop-repo and made a minimal working version of the project:
https://github.com/christophschw/juice-shop
The formatter / chainloader:
https://github.com/christophschw/juice-shop/blob/master/njstrace.js
Comment out line 50 and it works ...
And the npm script is
npm run start:njstrace
Thank you for your help!
The text was updated successfully, but these errors were encountered: