Unhandled ERR_INVALID_URL causing node.js service to exit

[JustinChristensen]

Someone is running a vulnerability scan on a service I maintain that passes in junk data in various parts of the HTTP request.

When it encounters a bad Host header on the incoming request it passes it through to the Url constructor, which then throws an ERR_INVALID_URL. This uncaught exception causes the node.js process to exit:

https://github.com/elastic/apm-agent-nodejs/blob/6c83984a774033207aa9e8e0c50b409a7a3c508c/lib/instrumentation/transaction.js#L370-L374

https://github.com/elastic/apm-agent-nodejs/blob/6c83984a774033207aa9e8e0c50b409a7a3c508c/lib/instrumentation/express-utils.js#L66-L69

The vulnerability scanner is passing through Host headers with special characters like curly braces, quotes, and spaces (what looks like attempts to pass through shell commands).

The official Node.js recommendation for uncaught exceptions is to let this happen on our side and let Kubernetes restart the service, but in general Elastic APM's instrumentation shouldn't be throwing exceptions that impact the host application.

[trentm]

@JustinChristensen Thanks for the issue. Yes, agreed that the APM agent shouldn't throw an exception here.