fix(NODE-5260): AWS Lambda metadata detection logic is too permissive (#3663)

nbbeeken · web-flow · commit d74d3f9a1b71 · 2023-05-10T14:37:35.000-04:00
diff --git a/src/cmap/handshake/client_metadata.ts b/src/cmap/handshake/client_metadata.ts
@@ -176,7 +176,8 @@ export function getFAASEnv(): Map<string, string | Int32> | null {
     VERCEL_REGION = ''
   } = process.env;
 
-  const isAWSFaaS = AWS_EXECUTION_ENV.length > 0 || AWS_LAMBDA_RUNTIME_API.length > 0;
+  const isAWSFaaS =
+    AWS_EXECUTION_ENV.startsWith('AWS_Lambda_') || AWS_LAMBDA_RUNTIME_API.length > 0;
   const isAzureFaaS = FUNCTIONS_WORKER_RUNTIME.length > 0;
   const isGCPFaaS = K_SERVICE.length > 0 || FUNCTION_NAME.length > 0;
   const isVercelFaaS = VERCEL.length > 0;
diff --git a/test/integration/mongodb-handshake/mongodb-handshake.prose.test.ts b/test/integration/mongodb-handshake/mongodb-handshake.prose.test.ts
@@ -70,6 +70,11 @@ describe('Handshake Prose Tests', function () {
         ['AWS_EXECUTION_ENV', 'AWS_Lambda_java8'],
         ['AWS_LAMBDA_FUNCTION_MEMORY_SIZE', 'big']
       ]
+    },
+    {
+      expectedProvider: undefined,
+      context: '8. Invalid - AWS_EXECUTION_ENV does not start with "AWS_Lambda_"',
+      env: [['AWS_EXECUTION_ENV', 'EC2']]
     }
   ];
 
diff --git a/test/unit/cmap/handshake/client_metadata.test.ts b/test/unit/cmap/handshake/client_metadata.test.ts
@@ -38,28 +38,63 @@ describe('client metadata module', () => {
   });
 
   describe('getFAASEnv()', function () {
-    const tests: Array<[string, string]> = [
-      ['AWS_EXECUTION_ENV', 'aws.lambda'],
+    const tests: Array<[envVariable: string, provider: string]> = [
       ['AWS_LAMBDA_RUNTIME_API', 'aws.lambda'],
       ['FUNCTIONS_WORKER_RUNTIME', 'azure.func'],
       ['K_SERVICE', 'gcp.func'],
       ['FUNCTION_NAME', 'gcp.func'],
       ['VERCEL', 'vercel']
     ];
     for (const [envVariable, provider] of tests) {
-      context(`when ${envVariable} is in the environment`, () => {
+      context(`when ${envVariable} is set to a non-empty string`, () => {
         before(() => {
-          process.env[envVariable] = 'non empty string';
+          process.env[envVariable] = 'non_empty_string';
         });
         after(() => {
           delete process.env[envVariable];
         });
         it('determines the correct provider', () => {
           expect(getFAASEnv()?.get('name')).to.equal(provider);
         });
+
+        context(`when ${envVariable} is set to an empty string`, () => {
+          before(() => {
+            process.env[envVariable] = '';
+          });
+          after(() => {
+            delete process.env[envVariable];
+          });
+          it('returns null', () => {
+            expect(getFAASEnv()).to.be.null;
+          });
+        });
       });
     }
 
+    context('when AWS_EXECUTION_ENV starts with "AWS_Lambda_"', () => {
+      before(() => {
+        process.env.AWS_EXECUTION_ENV = 'AWS_Lambda_correctStartString';
+      });
+      after(() => {
+        delete process.env.AWS_EXECUTION_ENV;
+      });
+      it('indicates the runtime is aws lambda', () => {
+        expect(getFAASEnv()?.get('name')).to.equal('aws.lambda');
+      });
+    });
+
+    context('when AWS_EXECUTION_ENV does not start with "AWS_Lambda_"', () => {
+      before(() => {
+        process.env.AWS_EXECUTION_ENV = 'AWS_LambdaIncorrectStartString';
+      });
+      after(() => {
+        delete process.env.AWS_EXECUTION_ENV;
+      });
+      it('returns null', () => {
+        expect(getFAASEnv()).to.be.null;
+      });
+    });
+
     context('when there is no FAAS provider data in the env', () => {
       it('returns null', () => {
         expect(getFAASEnv()).to.be.null;
@@ -70,9 +105,9 @@ describe('client metadata module', () => {
       context('unrelated environments', () => {
         before(() => {
           // aws
-          process.env.AWS_EXECUTION_ENV = 'non-empty-string';
+          process.env.AWS_EXECUTION_ENV = 'AWS_Lambda_non_empty_string';
           // azure
-          process.env.FUNCTIONS_WORKER_RUNTIME = 'non-empty-string';
+          process.env.FUNCTIONS_WORKER_RUNTIME = 'non_empty_string';
         });
         after(() => {
           delete process.env.AWS_EXECUTION_ENV;
@@ -86,10 +121,10 @@ describe('client metadata module', () => {
       context('vercel and aws which share env variables', () => {
         before(() => {
           // vercel
-          process.env.VERCEL = 'non-empty-string';
+          process.env.VERCEL = 'non_empty_string';
           // aws
-          process.env.AWS_EXECUTION_ENV = 'non-empty-string';
-          process.env.AWS_LAMBDA_RUNTIME_API = 'non-empty-string';
+          process.env.AWS_EXECUTION_ENV = 'non_empty_string';
+          process.env.AWS_LAMBDA_RUNTIME_API = 'non_empty_string';
         });
         after(() => {
           delete process.env.VERCEL;
@@ -384,15 +419,15 @@ describe('client metadata module', () => {
       aws: [
         {
           context: 'no additional metadata',
-          env: [['AWS_EXECUTION_ENV', 'non-empty string']],
+          env: [['AWS_EXECUTION_ENV', 'AWS_Lambda_non_empty_string']],
           outcome: {
             name: 'aws.lambda'
           }
         },
         {
           context: 'AWS_REGION provided',
           env: [
-            ['AWS_EXECUTION_ENV', 'non-empty string'],
+            ['AWS_EXECUTION_ENV', 'AWS_Lambda_non_empty_string'],
             ['AWS_REGION', 'non-null']
           ],
           outcome: {
@@ -403,7 +438,7 @@ describe('client metadata module', () => {
         {
           context: 'AWS_LAMBDA_FUNCTION_MEMORY_SIZE provided',
           env: [
-            ['AWS_EXECUTION_ENV', 'non-empty string'],
+            ['AWS_EXECUTION_ENV', 'AWS_Lambda_non_empty_string'],
             ['AWS_LAMBDA_FUNCTION_MEMORY_SIZE', '3']
           ],
           outcome: {
@@ -507,7 +542,7 @@ describe('client metadata module', () => {
 
     context('when a numeric FAAS env variable is not numerically parsable', () => {
       before(() => {
-        process.env.AWS_EXECUTION_ENV = 'non-empty-string';
+        process.env.AWS_EXECUTION_ENV = 'AWS_Lambda_non_empty_string';
         process.env.AWS_LAMBDA_FUNCTION_MEMORY_SIZE = '123not numeric';
       });
 
@@ -526,7 +561,7 @@ describe('client metadata module', () => {
     context('when faas region is too large', () => {
       beforeEach('1. Omit fields from `env` except `env.name`.', () => {
         sinon.stub(process, 'env').get(() => ({
-          AWS_EXECUTION_ENV: 'iLoveJavaScript',
+          AWS_EXECUTION_ENV: 'AWS_Lambda_iLoveJavaScript',
           AWS_REGION: 'a'.repeat(512)
         }));
       });
@@ -543,7 +578,7 @@ describe('client metadata module', () => {
       context('release too large', () => {
         beforeEach('2. Omit fields from `os` except `os.type`.', () => {
           sinon.stub(process, 'env').get(() => ({
-            AWS_EXECUTION_ENV: 'iLoveJavaScript',
+            AWS_EXECUTION_ENV: 'AWS_Lambda_iLoveJavaScript',
             AWS_REGION: 'abc'
           }));
           sinon.stub(os, 'release').returns('a'.repeat(512));

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,11 @@ describe('Handshake Prose Tests', function () {`
`70`	`70`	`['AWS_EXECUTION_ENV', 'AWS_Lambda_java8'],`
`71`	`71`	`['AWS_LAMBDA_FUNCTION_MEMORY_SIZE', 'big']`
`72`	`72`	`]`
	`73`	`+ },`
	`74`	`+ {`
	`75`	`+ expectedProvider: undefined,`
	`76`	`+ context: '8. Invalid - AWS_EXECUTION_ENV does not start with "AWS_Lambda_"',`
	`77`	`+ env: [['AWS_EXECUTION_ENV', 'EC2']]`
`73`	`78`	`}`
`74`	`79`	`];`
`75`	`80`