npm - dd-trace - Versions diffs - 2.33.0 → 2.35.0 - Mend

dd-trace 2.33.0 → 2.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

package/packages/datadog-plugin-kafkajs/src/consumer.js CHANGED Viewed

@@ -8,12 +8,9 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
   start ({ topic, partition, message }) {
     const childOf = extract(this.tracer, message.headers)
-    this.startSpan('kafka.consume', {
+    this.startSpan({
       childOf,
-      service: this.config.service || `${this.tracer._service}-kafka`,
       resource: topic,
-      kind: 'consumer',
       type: 'worker',
       meta: {
         'component': 'kafkajs',

package/packages/datadog-plugin-kafkajs/src/producer.js CHANGED Viewed

@@ -7,10 +7,8 @@ class KafkajsProducerPlugin extends ProducerPlugin {
   static get operation () { return 'produce' }
   start ({ topic, messages }) {
-    const span = this.startSpan('kafka.produce', {
-      service: this.config.service || `${this.tracer._service}-kafka`,
+    const span = this.startSpan({
       resource: topic,
-      kind: 'producer',
       meta: {
         'component': 'kafkajs',
         'kafka.topic': topic

package/packages/datadog-plugin-memcached/src/index.js CHANGED Viewed

@@ -9,11 +9,10 @@ class MemcachedPlugin extends CachePlugin {
   start ({ client, server, query }) {
     const address = getAddress(client, server, query)
-    this.startSpan('memcached.command', {
-      service: this.config.service,
+    this.startSpan({
+      service: this.serviceName(this.config, this.system),
       resource: query.type,
       type: 'memcached',
-      kind: 'client',
       meta: {
         'memcached.command': query.command,
         'out.host': address[0],

package/packages/datadog-plugin-mocha/src/index.js CHANGED Viewed

@@ -36,9 +36,11 @@ class MochaPlugin extends CiPlugin {
       const relativeCoverageFiles = [...coverageFiles, suiteFile]
         .map(filename => getTestSuitePath(filename, this.sourceRoot))
+      const { _traceId, _spanId } = testSuiteSpan.context()
       const formattedCoverage = {
-        traceId: testSuiteSpan.context()._traceId,
-        spanId: testSuiteSpan.context()._spanId,
+        sessionId: _traceId,
+        suiteId: _spanId,
         files: relativeCoverageFiles
       }

package/packages/datadog-plugin-pg/src/index.js CHANGED Viewed

@@ -27,7 +27,7 @@ class PGPlugin extends DatabasePlugin {
       }
     })
-    query.text = this.injectDbmQuery(query.text, service)
+    query.text = this.injectDbmQuery(query.text, service, !!query.name)
   }
 }

package/packages/datadog-plugin-redis/src/index.js CHANGED Viewed

@@ -13,11 +13,10 @@ class RedisPlugin extends CachePlugin {
     const normalizedCommand = command.toUpperCase()
     if (!this.config.filter(normalizedCommand)) return this.skip()
-    this.startSpan('redis.command', {
-      service: getService(this.config, connectionName),
+    this.startSpan({
       resource,
+      service: this.serviceName(this.config, this.system, connectionName),
       type: 'redis',
-      kind: 'client',
       meta: {
         'db.type': 'redis',
         'db.name': db || '0',
@@ -33,16 +32,6 @@ class RedisPlugin extends CachePlugin {
   }
 }
-function getService (config, connectionName) {
-  if (config.splitByInstance && connectionName) {
-    return config.service
-      ? `${config.service}-${connectionName}`
-      : connectionName
-  }
-  return config.service
-}
 function formatCommand (command, args) {
   if (!args || command === 'AUTH') return command

package/packages/datadog-plugin-rhea/src/consumer.js CHANGED Viewed

@@ -19,12 +19,10 @@ class RheaConsumerPlugin extends ConsumerPlugin {
     const name = getResourceNameFromMessage(msgObj)
     const childOf = extractTextMap(msgObj, this.tracer)
-    this.startSpan('amqp.receive', {
+    this.startSpan({
       childOf,
-      service: this.config.service,
       resource: name,
       type: 'worker',
-      kind: 'consumer',
       meta: {
         'component': 'rhea',
         'amqp.link.source.address': name,

package/packages/datadog-plugin-rhea/src/producer.js CHANGED Viewed

@@ -9,17 +9,13 @@ class RheaProducerPlugin extends ProducerPlugin {
   constructor (...args) {
     super(...args)
     this.addTraceSub('encode', this.encode.bind(this))
   }
   start ({ targetAddress, host, port }) {
     const name = targetAddress || 'amq.topic'
-    this.startSpan('amqp.send', {
-      service: this.config.service || `${this.tracer._service}-amqp-producer`,
+    this.startSpan({
       resource: name,
-      kind: 'producer',
       meta: {
         'component': 'rhea',
         'amqp.link.target.address': name,

package/packages/dd-trace/src/appsec/blocked_templates.js CHANGED Viewed

@@ -1,108 +1,9 @@
 /* eslint-disable max-len */
 'use strict'
-const html = `<!-- Sorry, you’ve been blocked -->
-<!DOCTYPE html>
-<html lang="en">
+const html = `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}p{display:block}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><p>Sorry, you cannot access this page. Please contact the customer service team.</p></main><footer><p>Security provided by <a href="https://www.datadoghq.com/product/security-platform/application-security-monitoring/" target="_blank">Datadog</a></p></footer></body></html>`
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width,initial-scale=1">
-    <title>You've been blocked</title>
-    <style>
-        a,
-        body,
-        div,
-        html,
-        span {
-            margin: 0;
-            padding: 0;
-            border: 0;
-            font-size: 100%;
-            font: inherit;
-            vertical-align: baseline
-        }
-        body {
-            background: -webkit-radial-gradient(26% 19%, circle, #fff, #f4f7f9);
-            background: radial-gradient(circle at 26% 19%, #fff, #f4f7f9);
-            display: -webkit-box;
-            display: -ms-flexbox;
-            display: flex;
-            -webkit-box-pack: center;
-            -ms-flex-pack: center;
-            justify-content: center;
-            -webkit-box-align: center;
-            -ms-flex-align: center;
-            align-items: center;
-            -ms-flex-line-pack: center;
-            align-content: center;
-            width: 100%;
-            min-height: 100vh;
-            line-height: 1;
-            flex-direction: column
-        }
-        p {
-            display: block
-        }
-        main {
-            text-align: center;
-            flex: 1;
-            display: -webkit-box;
-            display: -ms-flexbox;
-            display: flex;
-            -webkit-box-pack: center;
-            -ms-flex-pack: center;
-            justify-content: center;
-            -webkit-box-align: center;
-            -ms-flex-align: center;
-            align-items: center;
-            -ms-flex-line-pack: center;
-            align-content: center;
-            flex-direction: column
-        }
-        p {
-            font-size: 18px;
-            line-height: normal;
-            color: #646464;
-            font-family: sans-serif;
-            font-weight: 400
-        }
-        a {
-            color: #4842b7
-        }
-        footer {
-            width: 100%;
-            text-align: center
-        }
-        footer p {
-            font-size: 16px
-        }
-    </style>
-</head>
-<body>
-    <main>
-        <p>Sorry, you cannot access this page. Please contact the customer service team.</p>
-    </main>
-    <footer>
-        <p>Security provided by <a
-                href="https://www.datadoghq.com/product/security-platform/application-security-monitoring/"
-                target="_blank">Datadog</a></p>
-    </footer>
-</body>
-</html>
-`
-const json = `{"errors": [{"title": "You've been blocked", "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}`
+const json = `{"errors":[{"title":"You've been blocked","detail":"Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}`
 module.exports = {
   html,

package/packages/dd-trace/src/appsec/blocking.js CHANGED Viewed

@@ -5,32 +5,62 @@ const blockedTemplates = require('./blocked_templates')
 let templateHtml = blockedTemplates.html
 let templateJson = blockedTemplates.json
+let blockingConfiguration
-function block (req, res, rootSpan, abortController) {
-  if (res.headersSent) {
-    log.warn('Cannot send blocking response when headers have already been sent')
-    return
+function blockWithRedirect (res, rootSpan, abortController) {
+  rootSpan.addTags({
+    'appsec.blocked': 'true'
+  })
+  let statusCode = blockingConfiguration.parameters.status_code
+  if (!statusCode || statusCode < 300 || statusCode >= 400) {
+    statusCode = 303
   }
+  res.writeHead(statusCode, {
+    'Location': blockingConfiguration.parameters.location
+  }).end()
+  if (abortController) {
+    abortController.abort()
+  }
+}
+function blockWithContent (req, res, rootSpan, abortController) {
   let type
   let body
   // parse the Accept header, ex: Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
   const accept = req.headers.accept && req.headers.accept.split(',').map((str) => str.split(';', 1)[0].trim())
-  if (accept && accept.includes('text/html') && !accept.includes('application/json')) {
-    type = 'text/html; charset=utf-8'
-    body = templateHtml
+  if (!blockingConfiguration || blockingConfiguration.parameters.type === 'auto') {
+    if (accept && accept.includes('text/html') && !accept.includes('application/json')) {
+      type = 'text/html; charset=utf-8'
+      body = templateHtml
+    } else {
+      type = 'application/json'
+      body = templateJson
+    }
   } else {
-    type = 'application/json'
-    body = templateJson
+    if (blockingConfiguration.parameters.type === 'html') {
+      type = 'text/html; charset=utf-8'
+      body = templateHtml
+    } else {
+      type = 'application/json'
+      body = templateJson
+    }
   }
   rootSpan.addTags({
     'appsec.blocked': 'true'
   })
-  res.statusCode = 403
+  if (blockingConfiguration && blockingConfiguration.type === 'block_request' &&
+    blockingConfiguration.parameters.status_code) {
+    res.statusCode = blockingConfiguration.parameters.status_code
+  } else {
+    res.statusCode = 403
+  }
   res.setHeader('Content-Type', type)
   res.setHeader('Content-Length', Buffer.byteLength(body))
   res.end(body)
@@ -40,6 +70,20 @@ function block (req, res, rootSpan, abortController) {
   }
 }
+function block (req, res, rootSpan, abortController) {
+  if (res.headersSent) {
+    log.warn('Cannot send blocking response when headers have already been sent')
+    return
+  }
+  if (blockingConfiguration && blockingConfiguration.type === 'redirect_request' &&
+      blockingConfiguration.parameters.location) {
+    blockWithRedirect(res, rootSpan, abortController)
+  } else {
+    blockWithContent(req, res, rootSpan, abortController)
+  }
+}
 function setTemplates (config) {
   if (config.appsec.blockedTemplateHtml) {
     templateHtml = config.appsec.blockedTemplateHtml
@@ -49,7 +93,12 @@ function setTemplates (config) {
   }
 }
+function updateBlockingConfiguration (newBlockingConfiguration) {
+  blockingConfiguration = newBlockingConfiguration
+}
 module.exports = {
   block,
-  setTemplates
+  setTemplates,
+  updateBlockingConfiguration
 }

package/packages/dd-trace/src/appsec/channels.js CHANGED Viewed

@@ -4,8 +4,9 @@ const dc = require('../../../diagnostics_channel')
 // TODO: use TBD naming convention
 module.exports = {
+  bodyParser: dc.channel('datadog:body-parser:read:finish'),
   incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
   incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
-  bodyParser: dc.channel('datadog:body-parser:read:finish'),
-  queryParser: dc.channel('datadog:query:read:finish')
+  queryParser: dc.channel('datadog:query:read:finish'),
+  setCookieChannel: dc.channel('datadog:iast:set-cookie')
 }

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js CHANGED Viewed

@@ -1,10 +1,12 @@
 'use strict'
 module.exports = {
-  'WEAK_CIPHER_ANALYZER': require('./weak-cipher-analyzer'),
-  'WEAK_HASH_ANALYZER': require('./weak-hash-analyzer'),
-  'SQL_INJECTION_ANALYZER': require('./sql-injection-analyzer'),
-  'PATH_TRAVERSAL_ANALYZER': require('./path-traversal-analyzer'),
   'COMMAND_INJECTION_ANALYZER': require('./command-injection-analyzer'),
-  'LDAP_ANALYZER': require('./ldap-injection-analyzer')
+  'INSECURE_COOKIE_ANALYZER': require('./insecure-cookie-analyzer'),
+  'LDAP_ANALYZER': require('./ldap-injection-analyzer'),
+  'PATH_TRAVERSAL_ANALYZER': require('./path-traversal-analyzer'),
+  'SQL_INJECTION_ANALYZER': require('./sql-injection-analyzer'),
+  'SSRF': require('./ssrf-analyzer'),
+  'WEAK_CIPHER_ANALYZER': require('./weak-cipher-analyzer'),
+  'WEAK_HASH_ANALYZER': require('./weak-hash-analyzer')
 }

package/packages/dd-trace/src/appsec/iast/analyzers/command-injection-analyzer.js CHANGED Viewed

@@ -1,9 +1,10 @@
 'use strict'
 const InjectionAnalyzer = require('./injection-analyzer')
+const { COMMAND_INJECTION } = require('../vulnerabilities')
 class CommandInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
-    super('COMMAND_INJECTION')
+    super(COMMAND_INJECTION)
     this.addSub('datadog:child_process:execution:start', ({ command }) => this.analyze(command))
   }
 }

package/packages/dd-trace/src/appsec/iast/analyzers/index.js CHANGED Viewed

@@ -1,14 +1,17 @@
 'use strict'
 const analyzers = require('./analyzers')
+const setCookiesHeaderInterceptor = require('./set-cookies-header-interceptor')
 function enableAllAnalyzers () {
+  setCookiesHeaderInterceptor.configure(true)
   for (const analyzer in analyzers) {
     analyzers[analyzer].configure(true)
   }
 }
 function disableAllAnalyzers () {
+  setCookiesHeaderInterceptor.configure(false)
   for (const analyzer in analyzers) {
     analyzers[analyzer].configure(false)
   }

package/packages/dd-trace/src/appsec/iast/analyzers/insecure-cookie-analyzer.js ADDED Viewed

@@ -0,0 +1,31 @@
+'use strict'
+const Analyzer = require('./vulnerability-analyzer')
+const { INSECURE_COOKIE } = require('../vulnerabilities')
+const EXCLUDED_PATHS = ['node_modules/express/lib/response.js', 'node_modules\\express\\lib\\response.js']
+class InsecureCookieAnalyzer extends Analyzer {
+  constructor () {
+    super(INSECURE_COOKIE)
+    this.addSub('datadog:iast:set-cookie', (cookieInfo) => this.analyze(cookieInfo))
+  }
+  _isVulnerable ({ cookieProperties, cookieValue }) {
+    return cookieValue && !(cookieProperties && cookieProperties.map(x => x.toLowerCase().trim()).includes('secure'))
+  }
+  _getEvidence ({ cookieName }) {
+    return { value: cookieName }
+  }
+  _createHashSource (type, evidence, location) {
+    return `${type}:${evidence.value}`
+  }
+  _getExcludedPaths () {
+    return EXCLUDED_PATHS
+  }
+}
+module.exports = new InsecureCookieAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/ldap-injection-analyzer.js CHANGED Viewed

@@ -1,9 +1,10 @@
 'use strict'
 const InjectionAnalyzer = require('./injection-analyzer')
+const { LDAP_INJECTION } = require('../vulnerabilities')
 class LdapInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
-    super('LDAP_INJECTION')
+    super(LDAP_INJECTION)
     this.addSub('datadog:ldapjs:client:search', ({ base, filter }) => this.analyzeAll(base, filter))
   }
 }

package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js CHANGED Viewed

@@ -4,11 +4,16 @@ const path = require('path')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
 const InjectionAnalyzer = require('./injection-analyzer')
+const { PATH_TRAVERSAL } = require('../vulnerabilities')
+const ignoredOperations = ['dir.close', 'close']
 class PathTraversalAnalyzer extends InjectionAnalyzer {
   constructor () {
-    super('PATH_TRAVERSAL')
+    super(PATH_TRAVERSAL)
     this.addSub('apm:fs:operation:start', obj => {
+      if (ignoredOperations.includes(obj.operation)) return
       const pathArguments = []
       if (obj.dest) {
         pathArguments.push(obj.dest)
@@ -40,13 +45,29 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
       this.analyze(pathArguments)
     })
-    this.exclusionList = [ path.join('node_modules', 'send') + path.sep ]
+    this.exclusionList = [
+      path.join('node_modules', 'send') + path.sep
+    ]
+    this.internalExclusionList = [
+      'node:fs',
+      'node:internal/fs',
+      'node:internal\\fs',
+      'fs.js',
+      'internal/fs',
+      'internal\\fs'
+    ]
   }
   _isExcluded (location) {
-    let ret = false
+    let ret = true
     if (location && location.path) {
-      ret = this.exclusionList.some(elem => location.path.includes(elem))
+      // Exclude from reporting those vulnerabilities which location is from an internal fs call
+      if (location.isInternal) {
+        ret = this.internalExclusionList.some(elem => location.path.includes(elem))
+      } else {
+        ret = this.exclusionList.some(elem => location.path.includes(elem))
+      }
     }
     return ret
   }
@@ -59,7 +80,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
     if (value && value.constructor === Array) {
       for (const val of value) {
-        if (this._isVulnerable(val, iastContext)) {
+        if (this._isVulnerable(val, iastContext) && this._checkOCE(iastContext)) {
           this._report(val, iastContext)
           // no support several evidences in the same vulnerability, just report the 1st one
           break

package/packages/dd-trace/src/appsec/iast/analyzers/set-cookies-header-interceptor.js ADDED Viewed

@@ -0,0 +1,47 @@
+'use strict'
+const Plugin = require('../../../plugins/plugin')
+const { setCookieChannel } = require('../../channels')
+class SetCookiesHeaderInterceptor extends Plugin {
+  constructor () {
+    super()
+    this.cookiesInRequest = new WeakMap()
+    this.addSub('datadog:http:server:response:set-header:finish', ({ name, value, res }) => {
+      if (name.toLowerCase() === 'set-cookie') {
+        let allCookies = value
+        if (typeof value === 'string') {
+          allCookies = [value]
+        }
+        const alreadyCheckedCookies = this._getAlreadyCheckedCookiesInResponse(res)
+        allCookies.forEach(cookieString => {
+          if (!alreadyCheckedCookies.includes(cookieString)) {
+            alreadyCheckedCookies.push(cookieString)
+            setCookieChannel.publish(this._parseCookie(cookieString))
+          }
+        })
+      }
+    })
+  }
+  _parseCookie (cookieString) {
+    const cookieParts = cookieString.split(';')
+    const nameValueParts = cookieParts[0].split('=')
+    const cookieName = nameValueParts[0]
+    const cookieValue = nameValueParts.slice(1).join('=')
+    const cookieProperties = cookieParts.slice(1).map(part => part.trim())
+    return { cookieName, cookieValue, cookieProperties, cookieString }
+  }
+  _getAlreadyCheckedCookiesInResponse (res) {
+    let alreadyCheckedCookies = this.cookiesInRequest.get(res)
+    if (!alreadyCheckedCookies) {
+      alreadyCheckedCookies = []
+      this.cookiesInRequest.set(res, alreadyCheckedCookies)
+    }
+    return alreadyCheckedCookies
+  }
+}
+module.exports = new SetCookiesHeaderInterceptor()

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js CHANGED Viewed

@@ -1,12 +1,73 @@
 'use strict'
 const InjectionAnalyzer = require('./injection-analyzer')
+const { SQL_INJECTION } = require('../vulnerabilities')
+const { getRanges } = require('../taint-tracking/operations')
+const { storage } = require('../../../../../datadog-core')
+const { getIastContext } = require('../iast-context')
+const { addVulnerability } = require('../vulnerability-reporter')
+const EXCLUDED_PATHS = ['node_modules/mysql2', 'node_modules/sequelize', 'node_modules\\mysql2',
+  'node_modules\\sequelize']
 class SqlInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
-    super('SQL_INJECTION')
-    this.addSub('apm:mysql:query:start', ({ sql }) => this.analyze(sql))
-    this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql))
-    this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text))
+    super(SQL_INJECTION)
+    this.addSub('apm:mysql:query:start', ({ sql }) => this.analyze(sql, 'MYSQL'))
+    this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql, 'MYSQL'))
+    this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text, 'POSTGRES'))
+    this.addSub('datadog:sequelize:query:start', ({ sql, dialect }) => {
+      const parentStore = storage.getStore()
+      if (parentStore) {
+        this.analyze(sql, dialect.toUpperCase())
+        storage.enterWith({ ...parentStore, sqlAnalyzed: true, sequelizeParentStore: parentStore })
+      }
+    })
+    this.addSub('datadog:sequelize:query:finish', () => {
+      const store = storage.getStore()
+      if (store.sequelizeParentStore) {
+        storage.enterWith(store.sequelizeParentStore)
+      }
+    })
+  }
+  _getEvidence (value, iastContext, dialect) {
+    const ranges = getRanges(iastContext, value)
+    return { value, ranges, dialect }
+  }
+  analyze (value, dialect) {
+    const store = storage.getStore()
+    if (!(store && store.sqlAnalyzed)) {
+      const iastContext = getIastContext(store)
+      if (store && !iastContext) return
+      this._reportIfVulnerable(value, iastContext, dialect)
+    }
+  }
+  _reportIfVulnerable (value, context, dialect) {
+    if (this._isVulnerable(value, context) && this._checkOCE(context)) {
+      this._report(value, context, dialect)
+      return true
+    }
+    return false
+  }
+  _report (value, context, dialect) {
+    const evidence = this._getEvidence(value, context, dialect)
+    const location = this._getLocation()
+    if (!this._isExcluded(location)) {
+      const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
+      const vulnerability = this._createVulnerability(this._type, evidence, spanId, location)
+      addVulnerability(context, vulnerability)
+    }
+  }
+  _getExcludedPaths () {
+    return EXCLUDED_PATHS
   }
 }