Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security agent causing application to crash #180

Open
bizob2828 opened this issue Feb 20, 2024 · 5 comments
Open

Security agent causing application to crash #180

bizob2828 opened this issue Feb 20, 2024 · 5 comments
Assignees
@sumitsuthar
Labels
bug Something isn't working

Comments

@bizob2828
Copy link
Member

bizob2828 commented Feb 20, 2024
edited
Loading

Note: This original description has been edited to provide specific information to the security agent team. I'm logging this on behalf of a community member. The original issue was here

Description

Running this application with the security agent causes Node.js to crash. It does not crash when using v10 of the agent.

Steps to Reproduce

  1. Clone repo
  2. Run npm install
  3. Fill out newrelic.js with app_name and license_key
  4. Run npm start
  5. Run:
curl -X POST http://localhost:3004/api/v1/logs -H 'Content-Type: application/json' -d '{
"id": 1,
"data": "Sample log data"
}'

Expected Result

fuzzing occurs, no crashes

Actual Results

Application eventually crashes with:

#
# Fatal error in , line 0
# Check failed: isolate_->has_pending_exception().
#
#
#
#FailureMessage Object: 0x16bc49328
----- Native stack trace -----

 1: 0x1042e5260 node::NodePlatform::GetStackTracePrinter()::$_3::__invoke() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 2: 0x1053669ac V8_Fatal(char const*, ...) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 3: 0x1046e4380 v8::internal::JsonStringifier::JsonStringifier(v8::internal::Isolate*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 4: 0x1046e4230 v8::internal::JsonStringify(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 5: 0x104494b04 v8::internal::Builtin_JsonStringify(int, unsigned long*, v8::internal::Isolate*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 6: 0x104cfcb24 Builtins_CEntry_Return1_ArgvOnStack_BuiltinExit [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 7: 0x10a51df44
 8: 0x10a251a08
 9: 0x10a2f08fc
10: 0x10a2faca0
11: 0x10a4fb700
12: 0x10a4f6650
13: 0x10a4f52f4
14: 0x10a3d57fc
15: 0x10a38a9ac
16: 0x10a411944
17: 0x10a4a0d1c
18: 0x10a362474
19: 0x10a1a00d0
20: 0x10a1d0ddc
21: 0x10a411a54
22: 0x10a4a0d1c
23: 0x10a4e9460
24: 0x10a4ab804
25: 0x10a2ca77c
26: 0x10a278dbc
27: 0x10a50f6bc
28: 0x10a1b4568
29: 0x10a2d35e8
30: 0x10a54d180
31: 0x104c7250c Builtins_JSEntryTrampoline [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
32: 0x104c721f4 Builtins_JSEntry [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
33: 0x104548260 v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
34: 0x1045476ac v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
35: 0x104421f7c v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
36: 0x1041b0d3c node::InternalCallbackScope::Close() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
37: 0x1041b101c node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
38: 0x1041c74b8 node::AsyncWrap::MakeCallback(v8::Local<v8::Function>, int, v8::Local<v8::Value>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
39: 0x10434c4c0 node::StreamBase::CallJSOnreadMethod(long, v8::Local<v8::ArrayBuffer>, unsigned long, node::StreamBase::StreamBaseJSChecks) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
40: 0x10434db54 node::EmitToJSStreamListener::OnStreamRead(long, uv_buf_t const&) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
41: 0x104351e48 node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
42: 0x1043525cc node::LibuvStreamWrap::ReadStart()::$_1::__invoke(uv_stream_s*, long, uv_buf_t const*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
43: 0x104c5c334 uv__stream_io [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
44: 0x104c63c38 uv__io_poll [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
45: 0x104c52124 uv_run [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
46: 0x1041b1754 node::SpinEventLoopInternal(node::Environment*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
47: 0x1042c1b8c node::NodeMainInstance::Run(node::ExitCode*, node::Environment*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
48: 0x1042c1928 node::NodeMainInstance::Run() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
49: 0x10424b6b8 node::Start(int, char**) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
50: 0x18c80d0e0 start [/usr/lib/dyld]
Trace/BPT trap: 5
@bizob2828 bizob2828 added the bug Something isn't working label Feb 20, 2024
@bizob2828 bizob2828 mentioned this issue Feb 20, 2024
Closed
@sumitsuthar sumitsuthar self-assigned this Feb 22, 2024
@sumitsuthar
Copy link
Contributor

@bizob2828 Although IAST agent is designed is such a way which can expose unhandled exceptions. We will take a look into it.

@bizob2828
Copy link
Member Author

@shashank34 I confirmed with the security agent team that the reason your application is crashing is because you have a no-sql injection. The offending code is here. I'll let @sumitsuthar and team follow up with any more details.

@shashank34
Copy link

shashank34 commented Feb 26, 2024
edited
Loading

how come in v11 , on previous v10 its working fine , no malformed request made

@sumitsuthar
Copy link
Contributor

Hi, @shashank34 could you please provide us more details about the system configuration (CPU and memory). Is the crash happening with standalone node.js process or running with pm2?
is process crashes with heap out of memory?
it would be great if you can provide your run command. Also need to confirm are you limiting memory/CPU to node.js process?

@sumitsuthar
Copy link
Contributor

sumitsuthar commented Feb 27, 2024
edited
Loading

We explored the application and got some interesting results.
IAST exposed a nosql injection vulnerability in the application. This is serious and should be taken care. I am including the result.
The crashing of the application is equally serious vulnerability as IAST has shown that a malicious attacker can easily crash the application and cause DOS attack. We need some more analysis to track which data is not correctly handled by the user application.
Screenshot 2024-02-21 at 11 04 16 AM
Screenshot 2024-02-21 at 11 04 27 AM
Screenshot 2024-02-21 at 11 13 22 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sumitsuthar sumitsuthar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bizob2828 @shashank34 @sumitsuthar