dd-trace 2.12.2 → 2.15.0

package/packages/datadog-plugin-fs/src/index.js

@@ -1,10 +1,18 @@
 'use strict'
 
+// The `fs` plugin is an old style plugin that has not been updated for the new
+// plugin system and was hacked in for backward compatibility with 2.x.
+
 const { storage } = require('../../datadog-core')
+const { channel } = require('../../datadog-instrumentations/src/helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+const Plugin = require('../../dd-trace/src/plugins/plugin')
 
 let kDirReadPromisified
 let kDirClosePromisified
 let kHandle
+let fsConfig
+let fsInstance
 
 const ddFhSym = Symbol('ddFileHandle')
 
@@ -144,8 +152,8 @@ function createWrapDirAsyncIterator (config, tracer, instrumenter) {
           }
         }
       }
-      instrumenter.wrap(this, kDirReadPromisified, createWrapDirRead(config, tracer))
-      instrumenter.wrap(this, kDirClosePromisified, createWrapKDirClose(config, tracer, instrumenter))
+      shimmer.wrap(this, kDirReadPromisified, createWrapDirRead(config, tracer))
+      shimmer.wrap(this, kDirClosePromisified, createWrapKDirClose(config, tracer, instrumenter))
       return asyncIterator.apply(this, arguments)
     }
   }
@@ -158,8 +166,8 @@ function createWrapKDirClose (config, tracer, instrumenter) {
       return tracer.trace('fs.operation', { tags, orphanable }, (span) => {
         const p = kDirClose.apply(this, arguments)
         const unwrapBoth = () => {
-          instrumenter.unwrap(this, kDirReadPromisified)
-          instrumenter.unwrap(this, kDirClosePromisified)
+          shimmer.unwrap(this, kDirReadPromisified)
+          shimmer.unwrap(this, kDirClosePromisified)
         }
         p.then(unwrapBoth, unwrapBoth)
         return p
@@ -339,7 +347,7 @@ function makeFSTags (resourceName, path, options, config, tracer) {
     'component': 'fs',
     'span.kind': 'internal',
     'resource.name': resourceName,
-    'service.name': config.service || tracer._service
+    'service.name': fsConfig.service || tracer._service
   }
 
   switch (typeof path) {
@@ -399,9 +407,9 @@ function patchClassicFunctions (fs, tracer, config) {
     if (tagMakerName in tagMakers) {
       const tagMaker = tagMakers[tagMakerName]
       if (name.endsWith('Sync')) {
-        this.wrap(fs, name, createWrap(tracer, config, name, tagMaker))
+        shimmer.wrap(fs, name, createWrap(tracer, config, name, tagMaker))
       } else {
-        this.wrap(fs, name, createWrapCb(tracer, config, name, tagMaker))
+        shimmer.wrap(fs, name, createWrapCb(tracer, config, name, tagMaker))
       }
       if (name in promisifiable) {
         copySymbols(original, fs[name])
@@ -424,8 +432,6 @@ function patchFileHandle (fs, tracer, config) {
         tagMaker = createFDTags
       }
 
-      const instrumenter = this
-
       const desc = Reflect.getOwnPropertyDescriptor(fileHandlePrototype, kHandle)
       if (!desc || !desc.get) {
         Reflect.defineProperty(fileHandlePrototype, kHandle, {
@@ -434,13 +440,13 @@ function patchFileHandle (fs, tracer, config) {
           },
           set (h) {
             this[ddFhSym] = h
-            instrumenter.wrap(this, 'close', createWrap(tracer, config, 'filehandle.close', tagMakers.close))
+            shimmer.wrap(this, 'close', createWrap(tracer, config, 'filehandle.close', tagMakers.close))
           },
           configurable: true
         })
       }
 
-      this.wrap(fileHandlePrototype, name, createWrap(tracer, config, 'filehandle.' + name, tagMaker))
+      shimmer.wrap(fileHandlePrototype, name, createWrap(tracer, config, 'filehandle.' + name, tagMaker))
     }
   })
 }
@@ -449,17 +455,17 @@ function patchPromiseFunctions (fs, tracer, config) {
   for (const name in fs.promises) {
     if (name in tagMakers) {
       const tagMaker = tagMakers[name]
-      this.wrap(fs.promises, name, createWrap(tracer, config, 'promises.' + name, tagMaker))
+      shimmer.wrap(fs.promises, name, createWrap(tracer, config, 'promises.' + name, tagMaker))
     }
   }
 }
 
 function patchDirFunctions (fs, tracer, config) {
-  this.wrap(fs.Dir.prototype, 'close', createWrapDirClose(config, tracer))
-  this.wrap(fs.Dir.prototype, 'closeSync', createWrapDirClose(config, tracer, true))
-  this.wrap(fs.Dir.prototype, 'read', createWrapDirRead(config, tracer))
-  this.wrap(fs.Dir.prototype, 'readSync', createWrapDirRead(config, tracer, true))
-  this.wrap(fs.Dir.prototype, Symbol.asyncIterator, createWrapDirAsyncIterator(config, tracer, this))
+  shimmer.wrap(fs.Dir.prototype, 'close', createWrapDirClose(config, tracer))
+  shimmer.wrap(fs.Dir.prototype, 'closeSync', createWrapDirClose(config, tracer, true))
+  shimmer.wrap(fs.Dir.prototype, 'read', createWrapDirRead(config, tracer))
+  shimmer.wrap(fs.Dir.prototype, 'readSync', createWrapDirRead(config, tracer, true))
+  shimmer.wrap(fs.Dir.prototype, Symbol.asyncIterator, createWrapDirAsyncIterator(config, tracer, this))
 }
 
 function unpatchClassicFunctions (fs) {
@@ -467,7 +473,7 @@ function unpatchClassicFunctions (fs) {
     if (!fs[name]) continue
     const tagMakerName = name.endsWith('Sync') ? name.substr(0, name.length - 4) : name
     if (tagMakerName in tagMakers) {
-      this.unwrap(fs, name)
+      shimmer.unwrap(fs, name)
     }
   }
 }
@@ -478,7 +484,7 @@ function unpatchFileHandle (fs) {
       if (typeof name !== 'string' || name === 'constructor' || name === 'fd' || name === 'getAsyncId') {
         continue
       }
-      this.unwrap(fileHandlePrototype, name)
+      shimmer.unwrap(fileHandlePrototype, name)
     }
     delete fileHandlePrototype[kHandle]
   })
@@ -487,22 +493,46 @@ function unpatchFileHandle (fs) {
 function unpatchPromiseFunctions (fs) {
   for (const name in fs.promises) {
     if (name in tagMakers) {
-      this.unwrap(fs.promises, name)
+      shimmer.unwrap(fs.promises, name)
     }
   }
 }
 
 function unpatchDirFunctions (fs) {
-  this.unwrap(fs.Dir.prototype, 'close')
-  this.unwrap(fs.Dir.prototype, 'closeSync')
-  this.unwrap(fs.Dir.prototype, 'read')
-  this.unwrap(fs.Dir.prototype, 'readSync')
-  this.unwrap(fs.Dir.prototype, Symbol.asyncIterator)
+  shimmer.unwrap(fs.Dir.prototype, 'close')
+  shimmer.unwrap(fs.Dir.prototype, 'closeSync')
+  shimmer.unwrap(fs.Dir.prototype, 'read')
+  shimmer.unwrap(fs.Dir.prototype, 'readSync')
+  shimmer.unwrap(fs.Dir.prototype, Symbol.asyncIterator)
 }
 
-module.exports = {
-  name: 'fs',
-  patch (fs, tracer, config) {
+const hookChannel = channel('apm:fs:hook')
+
+hookChannel.subscribe(fs => {
+  fsInstance = fs
+})
+
+class FsPlugin extends Plugin {
+  static get name () {
+    return 'fs'
+  }
+
+  configure (config) {
+    fsConfig = config
+
+    super.configure(config)
+
+    this._unpatch()
+
+    if (this._enabled) {
+      this._patch()
+    }
+  }
+
+  _patch () {
+    const fs = fsInstance
+    const tracer = this.tracer
+    const config = this.config
     const realpathNative = fs.realpath.native
     const realpathSyncNative = fs.realpathSync.native
     patchClassicFunctions.call(this, fs, tracer, config)
@@ -513,18 +543,20 @@ module.exports = {
     if (fs.Dir) {
       patchDirFunctions.call(this, fs, tracer, config)
     }
-    this.wrap(fs, 'createReadStream', createWrapCreateReadStream(config, tracer))
-    this.wrap(fs, 'createWriteStream', createWrapCreateWriteStream(config, tracer))
-    this.wrap(fs, 'existsSync', createWrap(tracer, config, 'existsSync', createPathTags))
-    this.wrap(fs, 'exists', createWrapExists(config, tracer))
+    shimmer.wrap(fs, 'createReadStream', createWrapCreateReadStream(config, tracer))
+    shimmer.wrap(fs, 'createWriteStream', createWrapCreateWriteStream(config, tracer))
+    shimmer.wrap(fs, 'existsSync', createWrap(tracer, config, 'existsSync', createPathTags))
+    shimmer.wrap(fs, 'exists', createWrapExists(config, tracer))
     if (realpathNative) {
       fs.realpath.native = createWrapCb(tracer, config, 'realpath.native', createPathTags)(realpathNative)
     }
     if (realpathSyncNative) {
       fs.realpathSync.native = createWrap(tracer, config, 'realpath.native', createPathTags)(realpathSyncNative)
     }
-  },
-  unpatch (fs) {
+  }
+
+  _unpatch () {
+    const fs = fsInstance
     unpatchClassicFunctions.call(this, fs)
     if (fs.promises) {
       unpatchFileHandle.call(this, fs)
@@ -533,13 +565,15 @@ module.exports = {
     if (fs.Dir) {
       unpatchDirFunctions.call(this, fs)
     }
-    this.unwrap(fs, 'createReadStream')
-    this.unwrap(fs, 'createWriteStream')
-    this.unwrap(fs, 'existsSync')
-    this.unwrap(fs, 'exists')
+    shimmer.unwrap(fs, 'createReadStream')
+    shimmer.unwrap(fs, 'createWriteStream')
+    shimmer.unwrap(fs, 'existsSync')
+    shimmer.unwrap(fs, 'exists')
   }
 }
 
+module.exports = FsPlugin
+
 /** TODO fs functions:
 
 unwatchFile

package/packages/datadog-plugin-jest/src/index.js

@@ -15,6 +15,9 @@ const {
   TEST_CODE_OWNERS
 } = require('../../dd-trace/src/plugins/util/test')
 
+// https://github.com/facebook/jest/blob/d6ad15b0f88a05816c2fe034dd6900d28315d570/packages/jest-worker/src/types.ts#L38
+const CHILD_MESSAGE_END = 2
+
 function getTestSpanMetadata (tracer, test) {
   const childOf = getTestParentSpan(tracer)
 
@@ -38,9 +41,31 @@ class JestPlugin extends Plugin {
   constructor (...args) {
     super(...args)
 
+    // Used to handle the end of a jest worker to be able to flush
+    const handler = ([message]) => {
+      if (message === CHILD_MESSAGE_END) {
+        this.tracer._exporter._writer.flush(() => {
+          // eslint-disable-next-line
+          // https://github.com/facebook/jest/blob/24ed3b5ecb419c023ee6fdbc838f07cc028fc007/packages/jest-worker/src/workers/processChild.ts#L118-L133
+          // Only after the flush is done we clean up open handles
+          // so the worker process can hopefully exit gracefully
+          process.removeListener('message', handler)
+        })
+      }
+    }
+    process.on('message', handler)
+
     this.testEnvironmentMetadata = getTestEnvironmentMetadata('jest', this.config)
     this.codeOwnersEntries = getCodeOwnersFileEntries()
 
+    this.addSub('ci:jest:test:code-coverage', (coverageFiles) => {
+      if (!this.config.isAgentlessEnabled || !this.config.isIntelligentTestRunnerEnabled) {
+        return
+      }
+      const testSpan = storage.getStore().span
+      this.tracer._exporter.exportCoverage({ testSpan, coverageFiles })
+    })
+
     this.addSub('ci:jest:test:start', (test) => {
       const store = storage.getStore()
       const span = this.startTestSpan(test)
@@ -55,10 +80,6 @@ class JestPlugin extends Plugin {
       finishAllTraceSpans(span)
     })
 
-    this.addSub('ci:jest:test-suite:finish', () => {
-      this.tracer._exporter._writer.flush()
-    })
-
     this.addSub('ci:jest:test:err', (error) => {
       if (error) {
         const span = storage.getStore().span

package/packages/datadog-plugin-mocha/src/index.js

@@ -161,12 +161,12 @@ class MochaPlugin extends Plugin {
     const testSuiteSpan = this._testSuites.get(test.parent)
 
     if (testSuiteSpan) {
-      const testSuiteId = testSuiteSpan.context()._spanId.toString('hex')
+      const testSuiteId = testSuiteSpan.context()._spanId.toString(16)
       testSuiteTags[TEST_SUITE_ID] = testSuiteId
     }
 
     if (this.testSessionSpan) {
-      const testSessionId = this.testSessionSpan.context()._traceId.toString('hex')
+      const testSessionId = this.testSessionSpan.context()._traceId.toString(16)
       testSuiteTags[TEST_SESSION_ID] = testSessionId
       testSuiteTags[TEST_COMMAND] = this.command
     }

package/packages/datadog-plugin-mongodb-core/src/index.js

@@ -14,7 +14,7 @@ class MongodbCorePlugin extends Plugin {
 
     this.addSub(`apm:mongodb:query:start`, ({ ns, ops, options, name }) => {
       const query = getQuery(ops)
-      const resource = getResource(ns, query, name)
+      const resource = truncate(getResource(ns, query, name))
       const store = storage.getStore()
       const childOf = store ? store.span : store
       const span = this.tracer.startSpan('mongodb.query', {
@@ -55,8 +55,8 @@ class MongodbCorePlugin extends Plugin {
 
 function getQuery (cmd) {
   if (!cmd || typeof cmd !== 'object' || Array.isArray(cmd)) return
-  if (cmd.query) return JSON.stringify(sanitize(cmd.query))
-  if (cmd.filter) return JSON.stringify(sanitize(cmd.filter))
+  if (cmd.query) return JSON.stringify(limitDepth(cmd.query))
+  if (cmd.filter) return JSON.stringify(limitDepth(cmd.filter))
 }
 
 function getResource (ns, query, operationName) {
@@ -69,12 +69,25 @@ function getResource (ns, query, operationName) {
   return parts.join(' ')
 }
 
+function truncate (input) {
+  return input.slice(0, Math.min(input.length, 10000))
+}
+
+function shouldSimplify (input) {
+  return !isObject(input)
+}
+
 function shouldHide (input) {
-  return !isObject(input) || Buffer.isBuffer(input) || isBSON(input)
+  return Buffer.isBuffer(input) || typeof input === 'function' || isBinary(input)
 }
 
-function sanitize (input) {
+function limitDepth (input) {
+  if (isBSON(input)) {
+    input = input.toJSON()
+  }
+
   if (shouldHide(input)) return '?'
+  if (shouldSimplify(input)) return input
 
   const output = {}
   const queue = [{
@@ -91,9 +104,16 @@ function sanitize (input) {
     for (const key in input) {
       if (typeof input[key] === 'function') continue
 
-      const child = input[key]
-      if (depth >= 20 || shouldHide(child)) {
+      let child = input[key]
+
+      if (isBSON(child)) {
+        child = child.toJSON()
+      }
+
+      if (depth >= 10 || shouldHide(child)) {
         output[key] = '?'
+      } else if (shouldSimplify(child)) {
+        output[key] = child
       } else {
         queue.push({
           input: child,
@@ -112,7 +132,11 @@ function isObject (val) {
 }
 
 function isBSON (val) {
-  return val && val._bsontype
+  return val && val._bsontype && !isBinary(val)
+}
+
+function isBinary (val) {
+  return val && val._bsontype === 'Binary'
 }
 
 module.exports = MongodbCorePlugin

package/packages/datadog-plugin-oracledb/src/index.js

@@ -3,6 +3,7 @@
 const Plugin = require('../../dd-trace/src/plugins/plugin')
 const { storage } = require('../../datadog-core')
 const analyticsSampler = require('../../dd-trace/src/analytics_sampler')
+const log = require('../../dd-trace/src/log')
 
 class OracledbPlugin extends Plugin {
   static get name () {
@@ -14,18 +15,25 @@ class OracledbPlugin extends Plugin {
 
     this.addSub('apm:oracledb:execute:start', ({ query, connAttrs }) => {
       const service = getServiceName(this.tracer, this.config, connAttrs)
-      const connectStringObj = new URL('http://' + connAttrs.connectString)
+      let connectStringObj
+      try {
+        connectStringObj = new URL(`http://${connAttrs.connectString}`)
+      } catch (e) {
+        log.error(e)
+      }
       const tags = {
         'span.kind': 'client',
         'span.type': 'sql',
         'sql.query': query,
-        'db.instance': connectStringObj.pathname.substring(1),
-        'db.hostname': connectStringObj.hostname,
         'db.user': this.config.user,
-        'db.port': connectStringObj.port,
         'resource.name': query,
         'service.name': service
       }
+      if (typeof connectStringObj !== 'undefined') {
+        tags['db.instance'] = connectStringObj.pathname.substring(1)
+        tags['db.hostname'] = connectStringObj.hostname
+        tags['db.port'] = connectStringObj.port
+      }
       const store = storage.getStore()
       const childOf = store ? store.span : store
       const span = this.tracer.startSpan('oracle.query', {

package/packages/dd-trace/index.js

@@ -1,7 +1,7 @@
 'use strict'
 
 if (!global._ddtrace) {
-  const TracerProxy = require('./src/proxy')
+  const TracerProxy = require('./src')
 
   Object.defineProperty(global, '_ddtrace', {
     value: new TracerProxy(),

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js

@@ -0,0 +1,3 @@
+module.exports = {
+  'WEAK_HASH_ANALYZER': require('./weak-hash-analyzer')
+}

package/packages/dd-trace/src/appsec/iast/analyzers/index.js

@@ -0,0 +1,20 @@
+'use strict'
+
+const analyzers = require('./analyzers')
+
+function enableAllAnalyzers () {
+  for (const analyzer in analyzers) {
+    analyzers[analyzer].configure(true)
+  }
+}
+
+function disableAllAnalyzers () {
+  for (const analyzer in analyzers) {
+    analyzers[analyzer].configure(false)
+  }
+}
+
+module.exports = {
+  enableAllAnalyzers,
+  disableAllAnalyzers
+}

package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js

@@ -0,0 +1,48 @@
+'use strict'
+
+const Plugin = require('../../../../src/plugins/plugin')
+const { storage } = require('../../../../../datadog-core')
+const { getFirstNonDDPathAndLine } = require('./../path-line')
+const { createVulnerability, addVulnerability } = require('../vulnerability-reporter')
+const { getIastContext } = require('../iast-context')
+const overheadController = require('../overhead-controller')
+
+class Analyzer extends Plugin {
+  constructor (type) {
+    super()
+    this._type = type
+  }
+
+  _isVulnerable (value, context) {
+    return false
+  }
+
+  _report (value, context) {
+    const evidence = this._getEvidence(value)
+    const location = this._getLocation()
+    const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
+    const vulnerability = createVulnerability(this._type, evidence, spanId, location)
+    addVulnerability(context, vulnerability)
+  }
+
+  _getEvidence (value) {
+    return { value }
+  }
+
+  _getLocation () {
+    return getFirstNonDDPathAndLine()
+  }
+
+  analyze (value) {
+    const iastContext = getIastContext(storage.getStore())
+    if (iastContext && this._isVulnerable(value, iastContext) && this._checkOCE(iastContext)) {
+      this._report(value, iastContext)
+    }
+  }
+
+  _checkOCE (context) {
+    return overheadController.hasQuota(overheadController.OPERATIONS.REPORT_VULNERABILITY, context)
+  }
+}
+
+module.exports = Analyzer

package/packages/dd-trace/src/appsec/iast/analyzers/weak-hash-analyzer.js

@@ -0,0 +1,24 @@
+'use strict'
+const Analyzer = require('./vulnerability-analyzer')
+
+const INSECURE_HASH_ALGORITHMS = new Set([
+  'md4', 'md4WithRSAEncryption', 'RSA-MD4',
+  'RSA-MD5', 'md5', 'md5-sha1', 'ssl3-md5', 'md5WithRSAEncryption',
+  'RSA-SHA1', 'RSA-SHA1-2', 'sha1', 'md5-sha1', 'sha1WithRSAEncryption', 'ssl3-sha1'
+].map(algorithm => algorithm.toLowerCase()))
+
+class WeakHashAnalyzer extends Analyzer {
+  constructor () {
+    super('WEAK_HASH')
+    this.addSub('datadog:crypto:hashing:start', ({ algorithm }) => this.analyze(algorithm))
+  }
+
+  _isVulnerable (algorithm) {
+    if (typeof algorithm === 'string') {
+      return INSECURE_HASH_ALGORITHMS.has(algorithm.toLowerCase())
+    }
+    return false
+  }
+}
+
+module.exports = new WeakHashAnalyzer()

package/packages/dd-trace/src/appsec/iast/iast-context.js

@@ -0,0 +1,50 @@
+const IAST_CONTEXT_KEY = Symbol('_dd.iast.context')
+
+function getIastContext (store) {
+  return store && store[IAST_CONTEXT_KEY]
+}
+
+/* TODO Fix storage problem when the close event is called without
+        finish event to remove `topContext` references
+  We have to save the context in two places, because
+  clean can be called when the storage store is not available
+ */
+function saveIastContext (store, topContext, context) {
+  if (store && topContext) {
+    store[IAST_CONTEXT_KEY] = context
+    topContext[IAST_CONTEXT_KEY] = context
+    return store[IAST_CONTEXT_KEY]
+  }
+}
+
+/* TODO Fix storage problem when the close event is called without
+        finish event to remove `topContext` references
+  iastContext is currently saved in store and request rootContext
+  to fix problems with `close` without `finish` events
+*/
+function cleanIastContext (store, context, iastContext) {
+  if (store) {
+    if (!iastContext) {
+      iastContext = store[IAST_CONTEXT_KEY]
+    }
+    store[IAST_CONTEXT_KEY] = null
+  }
+  if (context) {
+    if (!iastContext) {
+      iastContext = context[IAST_CONTEXT_KEY]
+    }
+    context[IAST_CONTEXT_KEY] = null
+  }
+  if (iastContext) {
+    Object.keys(iastContext).forEach(key => delete iastContext[key])
+    return true
+  }
+  return false
+}
+
+module.exports = {
+  getIastContext,
+  saveIastContext,
+  cleanIastContext,
+  IAST_CONTEXT_KEY
+}

package/packages/dd-trace/src/appsec/iast/index.js

@@ -0,0 +1,59 @@
+const { sendVulnerabilities } = require('./vulnerability-reporter')
+const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
+const web = require('../../plugins/util/web')
+const { storage } = require('../../../../datadog-core')
+const overheadController = require('./overhead-controller')
+const dc = require('diagnostics_channel')
+const { saveIastContext, getIastContext, cleanIastContext } = require('./iast-context')
+
+// TODO Change to `apm:http:server:request:[start|close]` when the subscription
+//  order of the callbacks can be enforce
+const requestStart = dc.channel('dd-trace:incomingHttpRequestStart')
+const requestClose = dc.channel('dd-trace:incomingHttpRequestEnd')
+
+function enable (config) {
+  enableAllAnalyzers()
+  requestStart.subscribe(onIncomingHttpRequestStart)
+  requestClose.subscribe(onIncomingHttpRequestEnd)
+  overheadController.configure(config.iast)
+}
+
+function disable () {
+  disableAllAnalyzers()
+  if (requestStart.hasSubscribers) requestStart.unsubscribe(onIncomingHttpRequestStart)
+  if (requestClose.hasSubscribers) requestClose.unsubscribe(onIncomingHttpRequestEnd)
+}
+
+function onIncomingHttpRequestStart (data) {
+  if (data && data.req) {
+    const store = storage.getStore()
+    if (store) {
+      const topContext = web.getContext(data.req)
+      if (topContext) {
+        const rootSpan = topContext.span
+        const isRequestAcquired = overheadController.acquireRequest(rootSpan)
+        if (isRequestAcquired) {
+          const iastContext = saveIastContext(store, topContext, { rootSpan, req: data.req })
+          overheadController.initializeRequestContext(iastContext)
+        }
+      }
+    }
+  }
+}
+
+function onIncomingHttpRequestEnd (data) {
+  if (data && data.req) {
+    const store = storage.getStore()
+    const iastContext = getIastContext(storage.getStore())
+    if (iastContext && iastContext.rootSpan) {
+      overheadController.releaseRequest()
+      sendVulnerabilities(iastContext, iastContext.rootSpan)
+    }
+    // TODO web.getContext(data.req) is required when the request is aborted
+    if (cleanIastContext(store, web.getContext(data.req), iastContext)) {
+      overheadController.releaseRequest()
+    }
+  }
+}
+
+module.exports = { enable, disable, onIncomingHttpRequestEnd, onIncomingHttpRequestStart }