Security agent causing application to crash

[bizob2828]

Note: This original description has been edited to provide specific information to the security agent team. I'm logging this on behalf of a community member. The original issue was here

Description

Running this application with the security agent causes Node.js to crash. It does not crash when using v10 of the agent.

Steps to Reproduce

1. Clone repo
2. Run npm install
3. Fill out newrelic.js with app_name and license_key
4. Run npm start
5. Run:

   curl -X POST http://localhost:3004/api/v1/logs -H 'Content-Type: application/json' -d '{
   "id": 1,
   "data": "Sample log data"
   }'

Expected Result

fuzzing occurs, no crashes

Actual Results

Application eventually crashes with:

#
# Fatal error in , line 0
# Check failed: isolate_->has_pending_exception().
#
#
#
#FailureMessage Object: 0x16bc49328
----- Native stack trace -----

 1: 0x1042e5260 node::NodePlatform::GetStackTracePrinter()::$_3::__invoke() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 2: 0x1053669ac V8_Fatal(char const*, ...) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 3: 0x1046e4380 v8::internal::JsonStringifier::JsonStringifier(v8::internal::Isolate*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 4: 0x1046e4230 v8::internal::JsonStringify(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 5: 0x104494b04 v8::internal::Builtin_JsonStringify(int, unsigned long*, v8::internal::Isolate*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 6: 0x104cfcb24 Builtins_CEntry_Return1_ArgvOnStack_BuiltinExit [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
 7: 0x10a51df44
 8: 0x10a251a08
 9: 0x10a2f08fc
10: 0x10a2faca0
11: 0x10a4fb700
12: 0x10a4f6650
13: 0x10a4f52f4
14: 0x10a3d57fc
15: 0x10a38a9ac
16: 0x10a411944
17: 0x10a4a0d1c
18: 0x10a362474
19: 0x10a1a00d0
20: 0x10a1d0ddc
21: 0x10a411a54
22: 0x10a4a0d1c
23: 0x10a4e9460
24: 0x10a4ab804
25: 0x10a2ca77c
26: 0x10a278dbc
27: 0x10a50f6bc
28: 0x10a1b4568
29: 0x10a2d35e8
30: 0x10a54d180
31: 0x104c7250c Builtins_JSEntryTrampoline [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
32: 0x104c721f4 Builtins_JSEntry [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
33: 0x104548260 v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
34: 0x1045476ac v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
35: 0x104421f7c v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
36: 0x1041b0d3c node::InternalCallbackScope::Close() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
37: 0x1041b101c node::InternalMakeCallback(node::Environment*, v8::Local<v8::Object>, v8::Local<v8::Object>, v8::Local<v8::Function>, int, v8::Local<v8::Value>*, node::async_context) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
38: 0x1041c74b8 node::AsyncWrap::MakeCallback(v8::Local<v8::Function>, int, v8::Local<v8::Value>*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
39: 0x10434c4c0 node::StreamBase::CallJSOnreadMethod(long, v8::Local<v8::ArrayBuffer>, unsigned long, node::StreamBase::StreamBaseJSChecks) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
40: 0x10434db54 node::EmitToJSStreamListener::OnStreamRead(long, uv_buf_t const&) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
41: 0x104351e48 node::LibuvStreamWrap::OnUvRead(long, uv_buf_t const*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
42: 0x1043525cc node::LibuvStreamWrap::ReadStart()::$_1::__invoke(uv_stream_s*, long, uv_buf_t const*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
43: 0x104c5c334 uv__stream_io [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
44: 0x104c63c38 uv__io_poll [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
45: 0x104c52124 uv_run [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
46: 0x1041b1754 node::SpinEventLoopInternal(node::Environment*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
47: 0x1042c1b8c node::NodeMainInstance::Run(node::ExitCode*, node::Environment*) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
48: 0x1042c1928 node::NodeMainInstance::Run() [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
49: 0x10424b6b8 node::Start(int, char**) [/Users/revans/.nvm/versions/node/v20.11.0/bin/node]
50: 0x18c80d0e0 start [/usr/lib/dyld]
Trace/BPT trap: 5

[sumitsuthar]

@bizob2828 Although IAST agent is designed is such a way which can expose unhandled exceptions. We will take a look into it.

[bizob2828]

@shashank34 I confirmed with the security agent team that the reason your application is crashing is because you have a no-sql injection. The offending code is here. I'll let @sumitsuthar and team follow up with any more details.

[shashank34]

how come in v11 , on previous v10 its working fine , no malformed request made

[sumitsuthar]

Hi, @shashank34 could you please provide us more details about the system configuration (CPU and memory). Is the crash happening with standalone node.js process or running with pm2? is process crashes with heap out of memory? it would be great if you can provide your run command. Also need to confirm are you limiting memory/CPU to node.js process?

[sumitsuthar]

We explored the application and got some interesting results. IAST exposed a nosql injection vulnerability in the application. This is serious and should be taken care. I am including the result. The crashing of the application is equally serious vulnerability as IAST has shown that a malicious attacker can easily crash the application and cause DOS attack. We need some more analysis to track which data is not correctly handled by the user application.