Merge branch 'main' of github.com:AikidoSec/node-RASP into block-outbound

* 'main' of github.com:AikidoSec/node-RASP: (245 commits)
  Cleanup Dockerfile and .dockerignore
  Remove duplicate test case in imds.test.ts
  Fix detection of IMDS IPv4 addresses mapped to IPv6
  Update .github/workflows/unit-test.yml
  Fix missing wasm in some tests
  Try to fix npm ci
  Skip build in unit tests if not necessary
  Cleanup devDependencies for linked library dep
  Use specific version for @aws-sdk/client-bedrock-runtime
  Fix was backported to v24
  Fix lock files
  Don't add empty strings to the context
  Remove eslint
  Add React Router SSR ESM sample app
  Update esm docs
  Update comment
  Fix import
  Use path.sep instead of `/`
  Rename function to `extractPathStringsFromUserInputCached`
  Apply suggestion from @hansott
  ...

Author: hansott

.github/workflows/benchmark.yml

@@ -46,6 +46,11 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install -y wrk
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          cargo install wasm-pack
       - run: npm install
       - run: npm run build
       - name: Run NoSQL Injection Benchmark

.github/workflows/build-and-release.yml

@@ -32,6 +32,11 @@ jobs:
           node-version: "22.x"
           registry-url: "https://registry.npmjs.org"
           scope: "@aikidosec"
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          cargo install wasm-pack
       - name: Setup Aikido safe-chain
         run: |
           npm i -g @aikidosec/safe-chain@1.0.24

.github/workflows/end-to-end-tests.yml

@@ -51,7 +51,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [18.x, 22.x]
+        include:
+          - node-version: 20.x
+            mode: "old"
+          - node-version: 22.x
+            mode: "old"
+          - node-version: 24.x
+            mode: "new"
+          - node-version: 25.x
+            mode: "new"
     steps:
       - uses: actions/checkout@v5
       - name: Use Node.js ${{ matrix.node-version }}
@@ -64,12 +72,24 @@ jobs:
         run: |
           npm i -g @aikidosec/safe-chain@1.0.24
           safe-chain setup-ci
+      - name: Downgrade npm for v25
+        # https://github.com/npm/cli/issues/8669
+        if: ${{ matrix.node-version == '25.x' }}
+        run: npm i -g npm@11.6.0
       - name: Add local.aikido.io to /etc/hosts
         run: |
           sudo echo "127.0.0.1 local.aikido.io" | sudo tee -a /etc/hosts
       - name: Build and run server
         run: |
           cd end2end/server && docker build -t server . && docker run -d -p 5874:3000 server
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          cargo install wasm-pack
       - run: npm install
       - run: npm run build
-      - run: npm run end2end
+      - if: matrix.mode == 'old'
+        run: npm run end2end
+      - if: matrix.mode == 'new'
+        run: npm run end2end:new

.github/workflows/lint-code.yml

@@ -17,10 +17,20 @@ jobs:
           node-version: ${{ matrix.node-version }}
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          rustup component add rustfmt clippy
+          cargo install wasm-pack
       - name: Setup Aikido safe-chain
         run: |
           npm i -g @aikidosec/safe-chain@1.0.24
           safe-chain setup-ci
       - run: npm run install-lib-only
       - run: npm run build
       - run: npm run lint
+      - name: Check Rust formatting
+        run: cd instrumentation-wasm && cargo fmt --check
+      - name: Run Rust Linter
+        run: cd instrumentation-wasm && cargo clippy

.github/workflows/qa-tests.yml

@@ -32,6 +32,12 @@ jobs:
           npm i -g @aikidosec/safe-chain@1.0.24
           safe-chain setup-ci
 
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          cargo install wasm-pack
+
       - name: Build firewall-node dev package
         run: |
           cd firewall-node

.github/workflows/unit-test.yml

@@ -10,8 +10,38 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [16.x, 18.x, 20.x, 22.x, 24.x, 25.x]
-    timeout-minutes: 10
+        include:
+          - node-version: 16.x
+            instrumentation: "current"
+            mode: "cjs"
+          - node-version: 18.x
+            new-instrumentation: "current"
+            mode: "cjs"
+          - node-version: 20.x
+            new-instrumentation: "current"
+            mode: "cjs"
+          - node-version: 22.x
+            new-instrumentation: "current"
+            mode: "cjs"
+          - node-version: 24.x
+            new-instrumentation: "current"
+            mode: "cjs"
+          - node-version: 24.x
+            new-instrumentation: "new"
+            mode: "cjs"
+          - node-version: 24.x
+            new-instrumentation: "new"
+            mode: "esm"
+          - node-version: 25.x
+            new-instrumentation: "current"
+            mode: "cjs"
+          - node-version: 25.x
+            new-instrumentation: "new"
+            mode: "cjs"
+          - node-version: 25.x
+            new-instrumentation: "new"
+            mode: "esm"
+    timeout-minutes: 15
     steps:
       - uses: actions/checkout@v5
       - name: Use Node.js ${{ matrix.node-version }}
@@ -24,20 +54,39 @@ jobs:
         run: |
           npm i -g @aikidosec/safe-chain@1.0.24
           safe-chain setup-ci
+      - name: Downgrade npm for v25
+        # https://github.com/npm/cli/issues/8669
+        if: ${{ matrix.node-version == '25.x' }}
+        run: npm i -g npm@11.6.0
       - name: Add local.aikido.io to /etc/hosts
         run: |
           sudo echo "127.0.0.1 local.aikido.io" | sudo tee -a /etc/hosts
+      - name: Set up Rust
+        run: |
+          rustup toolchain install stable
+          rustup default stable
+          cargo install wasm-pack
       - run: npm run install-lib-only
       - name: Start containers
         run: npm run containers
-      - run: npm run build
+      - name: Prepare WASM components
+        # When running tests with tap (CJS), we don't need to build our lib, just need the WASM files
+        run: npm run build -- --only-wasm
+        if: ${{ matrix.mode != 'esm' }}
+      - name: Build complete library
+        run: npm run build
+        if: ${{ matrix.new-instrumentation == 'new' && matrix.mode == 'esm' }}
       - run: npm run test:ci
-        env:
-          GOOGLE_GENERATIVE_AI_API_KEY: ${{ secrets.GOOGLE_GENERATIVE_AI_API_KEY }}
+        if: ${{ matrix.new-instrumentation == 'current' }}
+      - run: npm run test:ci:new
+        if: ${{ matrix.new-instrumentation == 'new' && matrix.mode == 'cjs' }}
+      - name: Run tests in ESM mode
+        run: npm run test:esm
+        if: ${{ matrix.new-instrumentation == 'new' && matrix.mode == 'esm' }}
       - name: "Upload coverage"
         uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5
         with:
-          files: ./library/.tap/report/lcov.info
+          files: ./library/.tap/report/lcov.info,./.esm-tests/tests/lcov.info
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
           slug: AikidoSec/firewall-node

.gitignore

@@ -33,3 +33,6 @@ library/test2.txt
 
 # Rust build files
 instrumentation-wasm/target/
+
+# Temp esm test directory
+.esm-tests/

.nvmrc

@@ -1 +1 @@
-22.12
+24.3.0