add sendPayloadChecksums config option and implement Bugsnag-Integrity header

[djskinner]

Goal

Add Bugsnag-Integrity request header (where required APIs are available) and implement the sendPayloadChecksums core config option to allow opting out of this behavior.

Bugsnag-Integrity headers are set by default unless the endpoints configuration option is set, in which case they are disabled. This behavior can be overriden with the new sendPayloadChecksums config option.

Design

• Bugsnag-Integrity headers are set where the environment supports it (requires native promises, subtle crypto, and a secure context)
• The behaviour of sendPayloadChecksums was chosen to avoid possible CORS issues where custom endpoints are being used and they are not configured to accept the new Bugsnag-Integrity in requests.

Changeset

• Add sendPayloadChecksums core config option
• Set Bugsnag-Integrity in delivery-fetch, which is used in @bugsnag/web-worker.
• Set Bugsnag-Integrity in delivery-xml-http-request, which is used in @bugsnag/browser.

Testing

• unit tests on delivery-fetch and delivery-xml-http-request
• manually tested using the web-worker example: event appears when integrity header is correct, event does not appear in the dashboard when the integrity header is wrong
• integration tests for browser and web worker
• e2e tests for browser and web worker

[djskinner]

More info: https://mswjs.io/docs/migrations/1.x-to-2.x/#requestresponsetextencoder-is-not-defined-jest

We could also use https://github.com/mswjs/jest-fixed-jsdom but would still need to manually add the crypto APIs

I think this is fairly simple and clear

[djskinner]

For future reference, when we come to upgrade jest, it will need rewriting like this:

const { TextDecoder, TextEncoder } = require('node:util')
const crypto = require('crypto')

const JSDOMEnvironment = require('jest-environment-jsdom').default

function FixJSDOMEnvironment (...args) {
  var _this = Reflect.construct(JSDOMEnvironment, args)

  _this.global.TextEncoder = TextEncoder
  _this.global.TextDecoder = TextDecoder

  Object.defineProperty(_this.global, 'crypto', {
    value: {
      subtle: crypto.webcrypto.subtle
    }
  })

  return _this
}

FixJSDOMEnvironment.prototype = Object.create(JSDOMEnvironment.prototype)
FixJSDOMEnvironment.prototype.constructor = FixJSDOMEnvironment

module.exports = FixJSDOMEnvironment

This is because JSDOMEnvironment is an ES6 class but we transpile classes in our code down to es5. This is how I managed to get it to work having an es5 class extend from an es6 class

[github-actions]

@bugsnag/browser bundle size diff

	Minified	Minfied + Gzipped
Before	45.89 kB	13.78 kB
After	46.96 kB	14.02 kB
±	⚠️ +1,073 bytes	⚠️ +242 bytes

code coverage diff

<temporarily disabled>

Generated by 🚫 dangerJS against d38cc52

[djskinner]

see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto and https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

[djskinner]

See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string

[djskinner]

Same way the global self is passed to plugin, see above, e.g. pluginWindowUnhandledRejection(self)

[djskinner]

I reworked the mocking in this test suite to get a callback on the xhr send where I could call done. The existing mocking wasn't able to handle the awaiting of the getIntegrity promise.

[djskinner]

I spent a lot of time here trying to mock out cuid to get a stable value but for reasons I don't understand jest.mock('@bugsnag/cuid') was just not doing anything. It does work if I update jest to v29 but that causes a load of other problems elsewhere and it was too much work to upgrade for this, hence the expect.any(String).

Note for when we upgrade jest, a stable value can be obtained with:

jest.mock('@bugsnag/cuid', () => () => 'abc123')
jest.useFakeTimers()
jest.setSystemTime(new Date(...))

[djskinner]

See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#converting_a_digest_to_a_hex_string

[djskinner]

this doesn't seem ideal but I'm not sure there is a better way to get the "default value" behaviour of sendPayloadChecksums without actually setting its value when the client is created, i.e. this part:

    // sendPayloadChecksums is false by default unless custom endpoints are not specified
    if (!opts.endpoints) {
      opts.sendPayloadChecksums = 'sendPayloadChecksums' in opts ? opts.sendPayloadChecksums : true
    }

I think it would be better if the defaultValue part of config could produce its value based on the rest of the config but that seemed way out of scope here,

[djskinner]

the sendPayloadChecksums is added to core so the behaviour is the same for all clients i.e. browser and web worker. It doesn't apply to react native as that uses native delivery so they would need separate support and configuration in the native notifiers (which I believe they already have)

[djskinner]

see https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto and https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts

[gingerbenw]

Do we also need to set this in the delivery-x-domain-request package? I suppose IE8 and 9 won't support an integrity header?

[gingerbenw]

can this code be shared between tests?

[gingerbenw]

could we name the html something closer to what the test actually does? otherwise we have to reference between the feature and the fixture to figure out what a.html does

[djskinner]

I was following the precedent of the majority of other fixtures here. I suppose it can be sometimes difficult to come up with a suitable description in a filename format. how about sendpayloadchecksums-true.html and sendpayloadchecksums-false.html?

[gingerbenw]

yeah, that sounds good

[djskinner]

Do we also need to set this in the delivery-x-domain-request package? I suppose IE8 and 9 won't support an integrity header?

No, XDomainRequest is only available on ie8 and ie9 neither which support the necessary APIs for calculating and setting the integrity header. even ie11 is excluded because it doesn't have full native promise support, hence the typeof Promise !== 'undefined' && Promise.toString().indexOf('[native code]') !== -1 check.