npm - dd-trace - Versions diffs - 2.40.0 → 2.41.0 - Mend

dd-trace 2.40.0 → 2.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/packages/dd-trace/src/appsec/iast/index.js CHANGED Viewed

@@ -13,8 +13,7 @@ const {
   taintTrackingPlugin
 } = require('./taint-tracking')
 const { IAST_ENABLED_TAG_KEY } = require('./tags')
-const telemetryLogs = require('./telemetry/logs')
+const iastTelemetry = require('./telemetry')
 // TODO Change to `apm:http:server:request:[start|close]` when the subscription
 //  order of the callbacks can be enforce
@@ -22,24 +21,24 @@ const requestStart = dc.channel('dd-trace:incomingHttpRequestStart')
 const requestClose = dc.channel('dd-trace:incomingHttpRequestEnd')
 function enable (config, _tracer) {
+  iastTelemetry.configure(config, config.iast && config.iast.telemetryVerbosity)
   enableAllAnalyzers()
-  enableTaintTracking(config.iast)
+  enableTaintTracking(config.iast, iastTelemetry.verbosity)
   requestStart.subscribe(onIncomingHttpRequestStart)
   requestClose.subscribe(onIncomingHttpRequestEnd)
   overheadController.configure(config.iast)
   overheadController.startGlobalContext()
   vulnerabilityReporter.start(config, _tracer)
-  telemetryLogs.start()
 }
 function disable () {
+  iastTelemetry.stop()
   disableAllAnalyzers()
   disableTaintTracking()
   overheadController.finishGlobalContext()
   if (requestStart.hasSubscribers) requestStart.unsubscribe(onIncomingHttpRequestStart)
   if (requestClose.hasSubscribers) requestClose.unsubscribe(onIncomingHttpRequestEnd)
   vulnerabilityReporter.stop()
-  telemetryLogs.stop()
 }
 function onIncomingHttpRequestStart (data) {
@@ -54,6 +53,7 @@ function onIncomingHttpRequestStart (data) {
           const iastContext = iastContextFunctions.saveIastContext(store, topContext, { rootSpan, req: data.req })
           createTransaction(rootSpan.context().toSpanId(), iastContext)
           overheadController.initializeRequestContext(iastContext)
+          iastTelemetry.onRequestStart(iastContext)
           taintTrackingPlugin.taintHeaders(data.req.headers, iastContext)
         }
         if (rootSpan.addTags) {
@@ -76,6 +76,7 @@ function onIncomingHttpRequestEnd (data) {
       const rootSpan = iastContext.rootSpan
       vulnerabilityReporter.sendVulnerabilities(vulnerabilities, rootSpan)
       removeTransaction(iastContext)
+      iastTelemetry.onRequestEnd(iastContext, iastContext.rootSpan)
     }
     // TODO web.getContext(data.req) is required when the request is aborted
     if (iastContextFunctions.cleanIastContext(store, topContext, iastContext)) {

package/packages/dd-trace/src/appsec/iast/tags.js CHANGED Viewed

@@ -2,5 +2,6 @@
 module.exports = {
   IAST_ENABLED_TAG_KEY: '_dd.iast.enabled',
-  IAST_JSON_TAG_KEY: '_dd.iast.json'
+  IAST_JSON_TAG_KEY: '_dd.iast.json',
+  IAST_TRACE_METRIC_PREFIX: '_dd.iast.telemetry'
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/csi-methods.js CHANGED Viewed

@@ -1,15 +1,15 @@
 'use strict'
 const csiMethods = [
+  { src: 'concat' },
   { src: 'plusOperator', operator: true },
+  { src: 'replace' },
+  { src: 'slice' },
+  { src: 'substr' },
+  { src: 'substring' },
   { src: 'trim' },
-  { src: 'trimStart', dst: 'trim' },
   { src: 'trimEnd' },
-  { src: 'concat' },
-  { src: 'substring' },
-  { src: 'substr' },
-  { src: 'slice' },
-  { src: 'replace' }
+  { src: 'trimStart', dst: 'trim' }
 ]
 module.exports = {

package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js CHANGED Viewed

@@ -10,9 +10,9 @@ const { createTransaction,
 const taintTrackingPlugin = require('./plugin')
 module.exports = {
-  enableTaintTracking (config) {
-    enableRewriter()
-    enableTaintOperations()
+  enableTaintTracking (config, telemetryVerbosity) {
+    enableRewriter(telemetryVerbosity)
+    enableTaintOperations(telemetryVerbosity)
     taintTrackingPlugin.enable()
     setMaxTransactions(config.maxConcurrentRequests)
   },

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js CHANGED Viewed

@@ -3,7 +3,10 @@
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
 const iastLog = require('../iast-log')
-const { TaintTracking, TaintTrackingDummy } = require('./taint-tracking-impl')
+const iastTelemetry = require('../telemetry')
+const { REQUEST_TAINTED } = require('../telemetry/iast-metric')
+const { isInfoAllowed } = require('../telemetry/verbosity')
+const { getTaintTrackingImpl, getTaintTrackingNoop } = require('./taint-tracking-impl')
 function createTransaction (id, iastContext) {
   if (id && iastContext) {
@@ -11,9 +14,21 @@ function createTransaction (id, iastContext) {
   }
 }
+let onRemoveTransaction = (transactionId, iastContext) => {}
+function onRemoveTransactionInformationTelemetry (transactionId, iastContext) {
+  const metrics = TaintedUtils.getMetrics(transactionId, iastTelemetry.verbosity)
+  if (metrics && metrics.requestCount) {
+    REQUEST_TAINTED.add(metrics.requestCount, null, iastContext)
+  }
+}
 function removeTransaction (iastContext) {
   if (iastContext && iastContext[IAST_TRANSACTION_ID]) {
     const transactionId = iastContext[IAST_TRANSACTION_ID]
+    onRemoveTransaction(transactionId, iastContext)
     TaintedUtils.removeTransaction(transactionId)
     delete iastContext[IAST_TRANSACTION_ID]
   }
@@ -96,12 +111,16 @@ function getRanges (iastContext, string) {
   return result
 }
-function enableTaintOperations () {
-  global._ddiast = TaintTracking
+function enableTaintOperations (telemetryVerbosity) {
+  if (isInfoAllowed(telemetryVerbosity)) {
+    onRemoveTransaction = onRemoveTransactionInformationTelemetry
+  }
+  global._ddiast = getTaintTrackingImpl(telemetryVerbosity)
 }
 function disableTaintOperations () {
-  global._ddiast = TaintTrackingDummy
+  global._ddiast = getTaintTrackingNoop()
 }
 function setMaxTransactions (transactions) {

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const Plugin = require('../../../plugins/plugin')
+const { SourceIastPlugin } = require('../iast-plugin')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
 const { taintObject } = require('./operations')
@@ -12,15 +12,17 @@ const {
   HTTP_REQUEST_HEADER_NAME,
   HTTP_REQUEST_PARAMETER,
   HTTP_REQUEST_PATH_PARAM
+} = require('./source-types')
-} = require('./origin-types')
-class TaintTrackingPlugin extends Plugin {
+class TaintTrackingPlugin extends SourceIastPlugin {
   constructor () {
     super()
     this._type = 'taint-tracking'
+  }
+  onConfigure () {
     this.addSub(
-      'datadog:body-parser:read:finish',
+      { channelName: 'datadog:body-parser:read:finish', tag: HTTP_REQUEST_BODY },
       ({ req }) => {
         const iastContext = getIastContext(storage.getStore())
         if (iastContext && iastContext['body'] !== req.body) {
@@ -29,31 +31,41 @@ class TaintTrackingPlugin extends Plugin {
         }
       }
     )
     this.addSub(
-      'datadog:qs:parse:finish',
+      { channelName: 'datadog:qs:parse:finish', tag: HTTP_REQUEST_PARAMETER },
       ({ qs }) => this._taintTrackingHandler(HTTP_REQUEST_PARAMETER, qs)
     )
-    this.addSub('apm:express:middleware:next', ({ req }) => {
-      if (req && req.body && typeof req.body === 'object') {
-        const iastContext = getIastContext(storage.getStore())
-        if (iastContext && iastContext['body'] !== req.body) {
-          this._taintTrackingHandler(HTTP_REQUEST_BODY, req, 'body', iastContext)
-          iastContext['body'] = req.body
+    this.addSub(
+      { channelName: 'apm:express:middleware:next', tag: HTTP_REQUEST_BODY },
+      ({ req }) => {
+        if (req && req.body && typeof req.body === 'object') {
+          const iastContext = getIastContext(storage.getStore())
+          if (iastContext && iastContext['body'] !== req.body) {
+            this._taintTrackingHandler(HTTP_REQUEST_BODY, req, 'body', iastContext)
+            iastContext['body'] = req.body
+          }
         }
       }
-    })
+    )
     this.addSub(
-      'datadog:cookie:parse:finish',
+      { channelName: 'datadog:cookie:parse:finish', tag: [HTTP_REQUEST_COOKIE_VALUE, HTTP_REQUEST_COOKIE_NAME] },
       ({ cookies }) => this._cookiesTaintTrackingHandler(cookies)
     )
     this.addSub(
-      'datadog:express:process_params:start',
+      { channelName: 'datadog:express:process_params:start', tag: HTTP_REQUEST_PATH_PARAM },
       ({ req }) => {
         if (req && req.params && typeof req.params === 'object') {
           this._taintTrackingHandler(HTTP_REQUEST_PATH_PARAM, req, 'params')
         }
       }
     )
+    // this is a special case to increment INSTRUMENTED_SOURCE metric for header
+    this.addInstrumentedSource('http', [HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME])
   }
   _taintTrackingHandler (type, target, property, iastContext = getIastContext(storage.getStore())) {
@@ -70,7 +82,11 @@ class TaintTrackingPlugin extends Plugin {
   }
   taintHeaders (headers, iastContext) {
-    taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE, true, HTTP_REQUEST_HEADER_NAME)
+    this.execSource({
+      handler: () => taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE, true, HTTP_REQUEST_HEADER_NAME),
+      tag: [HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME],
+      iastContext
+    })
   }
   enable () {

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter-telemetry.js ADDED Viewed

@@ -0,0 +1,33 @@
+'use strict'
+const iastTelemetry = require('../telemetry')
+const { Verbosity } = require('../telemetry/verbosity')
+const { INSTRUMENTED_PROPAGATION } = require('../telemetry/iast-metric')
+const telemetryRewriter = {
+  off (content, filename, rewriter) {
+    return rewriter.rewrite(content, filename)
+  },
+  information (content, filename, rewriter) {
+    const response = this.off(content, filename, rewriter)
+    const metrics = response.metrics
+    if (metrics && metrics.instrumentedPropagation) {
+      INSTRUMENTED_PROPAGATION.add(metrics.instrumentedPropagation)
+    }
+    return response
+  }
+}
+function getRewriteFunction (rewriter) {
+  switch (iastTelemetry.verbosity) {
+    case Verbosity.OFF:
+      return (content, filename) => telemetryRewriter.off(content, filename, rewriter)
+    default:
+      return (content, filename) => telemetryRewriter.information(content, filename, rewriter)
+  }
+}
+module.exports = { getRewriteFunction }

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -5,20 +5,17 @@ const shimmer = require('../../../../../datadog-shimmer')
 const iastLog = require('../iast-log')
 const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
+const { getName } = require('../telemetry/verbosity')
+const { getRewriteFunction } = require('./rewriter-telemetry')
 let rewriter
 let getPrepareStackTrace
-function getRewriter () {
+function getRewriter (telemetryVerbosity) {
   if (!rewriter) {
-    try {
-      const iastRewriter = require('@datadog/native-iast-rewriter')
-      const Rewriter = iastRewriter.Rewriter
-      getPrepareStackTrace = iastRewriter.getPrepareStackTrace
-      rewriter = new Rewriter({ csiMethods })
-    } catch (e) {
-      iastLog.error('Unable to initialize TaintTracking Rewriter')
-        .errorAndPublish(e)
-    }
+    const iastRewriter = require('@datadog/native-iast-rewriter')
+    const Rewriter = iastRewriter.Rewriter
+    getPrepareStackTrace = iastRewriter.getPrepareStackTrace
+    rewriter = new Rewriter({ csiMethods, telemetryVerbosity: getName(telemetryVerbosity) })
   }
   return rewriter
 }
@@ -27,6 +24,7 @@ let originalPrepareStackTrace = Error.prepareStackTrace
 function getPrepareStackTraceAccessor () {
   let actual = getPrepareStackTrace(originalPrepareStackTrace)
   return {
+    configurable: true,
     get () {
       return actual
     },
@@ -38,10 +36,11 @@ function getPrepareStackTraceAccessor () {
 }
 function getCompileMethodFn (compileMethod) {
+  const rewriteFn = getRewriteFunction(rewriter)
   return function (content, filename) {
     try {
       if (isPrivateModule(filename) && isNotLibraryFile(filename)) {
-        const rewritten = rewriter.rewrite(content, filename)
+        const rewritten = rewriteFn(content, filename)
         if (rewritten && rewritten.content) {
           return compileMethod.apply(this, [rewritten.content, filename])
         }
@@ -54,11 +53,19 @@ function getCompileMethodFn (compileMethod) {
   }
 }
-function enableRewriter () {
-  const rewriter = getRewriter()
-  if (rewriter) {
-    Object.defineProperty(global.Error, 'prepareStackTrace', getPrepareStackTraceAccessor())
-    shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
+function enableRewriter (telemetryVerbosity) {
+  try {
+    const rewriter = getRewriter(telemetryVerbosity)
+    if (rewriter) {
+      const pstDescriptor = Object.getOwnPropertyDescriptor(global.Error, 'prepareStackTrace')
+      if (!pstDescriptor || pstDescriptor.configurable) {
+        Object.defineProperty(global.Error, 'prepareStackTrace', getPrepareStackTraceAccessor())
+      }
+      shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
+    }
+  } catch (e) {
+    iastLog.error('Error enabling TaintTracking Rewriter')
+      .errorAndPublish(e)
   }
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -4,30 +4,45 @@ const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { storage } = require('../../../../../datadog-core')
 const iastContextFunctions = require('../iast-context')
 const iastLog = require('../iast-log')
+const { EXECUTED_PROPAGATION } = require('../telemetry/iast-metric')
+const { isDebugAllowed } = require('../telemetry/verbosity')
 function noop (res) { return res }
-const TaintTrackingDummy = {
+// NOTE: methods of this object must be synchronized with csi-methods.js file definitions!
+// Otherwise you may end up rewriting a method and not providing its rewritten implementation
+const TaintTrackingNoop = {
   plusOperator: noop,
-  trim: noop,
-  trimEnd: noop,
   concat: noop,
-  substring: noop,
-  substr: noop,
+  replace: noop,
   slice: noop,
-  replace: noop
+  substr: noop,
+  substring: noop,
+  trim: noop,
+  trimEnd: noop
 }
-function getTransactionId () {
-  const store = storage.getStore()
-  const iastContext = iastContextFunctions.getIastContext(store)
+function getTransactionId (iastContext) {
   return iastContext && iastContext[iastContextFunctions.IAST_TRANSACTION_ID]
 }
-function getFilteredCsiFn (cb, filter) {
+function getContextDefault () {
+  const store = storage.getStore()
+  return iastContextFunctions.getIastContext(store)
+}
+function getContextDebug () {
+  const iastContext = getContextDefault()
+  EXECUTED_PROPAGATION.inc(null, iastContext)
+  return iastContext
+}
+function getFilteredCsiFn (cb, filter, getContext) {
   return function csiCall (res, fn, target, ...rest) {
     try {
       if (filter(res, fn, target)) { return res }
-      const transactionId = getTransactionId()
+      const context = getContext()
+      const transactionId = getTransactionId(context)
       if (transactionId) {
         return cb(transactionId, res, target, ...rest)
       }
@@ -47,7 +62,7 @@ function isValidCsiMethod (fn, protos) {
   return protos.some(proto => fn === proto)
 }
-function getCsiFn (cb, ...protos) {
+function getCsiFn (cb, getContext, ...protos) {
   let filter
   if (!protos || protos.length === 0) {
     filter = (res, fn, target) => notString(res, target)
@@ -57,49 +72,73 @@ function getCsiFn (cb, ...protos) {
   } else {
     filter = (res, fn, target) => notString(res, target) || !isValidCsiMethod(fn, protos)
   }
-  return getFilteredCsiFn(cb, filter)
+  return getFilteredCsiFn(cb, filter, getContext)
 }
-function csiMethodsDefaults (names, excluded) {
+function csiMethodsDefaults (names, excluded, getContext) {
   const impl = {}
   names.forEach(name => {
     if (excluded.indexOf(name) !== -1) return
     impl[name] = getCsiFn(
       (transactionId, res, target, ...rest) => TaintedUtils[name](transactionId, res, target, ...rest),
+      getContext,
       String.prototype[name]
     )
   })
   return impl
 }
-const csiMethodsOverrides = {
-  plusOperator: function (res, op1, op2) {
-    try {
-      if (notString(res) || (notString(op1) && notString(op2))) { return res }
-      const transactionId = getTransactionId()
-      if (transactionId) {
-        return TaintedUtils.concat(transactionId, res, op1, op2)
+function csiMethodsOverrides (getContext) {
+  return {
+    plusOperator: function (res, op1, op2) {
+      try {
+        if (notString(res) || (notString(op1) && notString(op2))) { return res }
+        const iastContext = getContext()
+        const transactionId = getTransactionId(iastContext)
+        if (transactionId) {
+          return TaintedUtils.concat(transactionId, res, op1, op2)
+        }
+      } catch (e) {
+        iastLog.error(`Error invoking CSI plusOperator`)
+          .errorAndPublish(e)
       }
-    } catch (e) {
-      iastLog.error(`Error invoking CSI plusOperator`)
-        .errorAndPublish(e)
-    }
-    return res
-  },
+      return res
+    },
+    trim: getCsiFn(
+      (transactionId, res, target) => TaintedUtils.trim(transactionId, res, target),
+      getContext,
+      String.prototype.trim,
+      String.prototype.trimStart
+    )
+  }
+}
+function createImplWith (getContext) {
+  const methodNames = Object.keys(TaintTrackingNoop)
+  const overrides = csiMethodsOverrides(getContext)
+  // impls could be cached but at the moment there is only one invocation to getTaintTrackingImpl
+  return {
+    ...csiMethodsDefaults(methodNames, Object.keys(overrides), getContext),
+    ...overrides
+  }
+}
+function getTaintTrackingImpl (telemetryVerbosity, dummy = false) {
+  if (dummy) return TaintTrackingNoop
-  trim: getCsiFn(
-    (transactionId, res, target) => TaintedUtils.trim(transactionId, res, target),
-    String.prototype.trim,
-    String.prototype.trimStart
-  )
+  // with Verbosity.DEBUG every invocation of a TaintedUtils method increases the EXECUTED_PROPAGATION metric
+  return isDebugAllowed(telemetryVerbosity)
+    ? createImplWith(getContextDebug)
+    : createImplWith(getContextDefault)
 }
-const TaintTracking = {
-  ...csiMethodsDefaults(Object.keys(TaintTrackingDummy), Object.keys(csiMethodsOverrides)),
-  ...csiMethodsOverrides
+function getTaintTrackingNoop () {
+  return getTaintTrackingImpl(null, true)
 }
 module.exports = {
-  TaintTracking,
-  TaintTrackingDummy
+  getTaintTrackingImpl,
+  getTaintTrackingNoop
 }

package/packages/dd-trace/src/appsec/iast/telemetry/iast-metric.js ADDED Viewed

@@ -0,0 +1,101 @@
+'use strict'
+const { getNamespaceFromContext, globalNamespace } = require('./namespaces')
+const Scope = {
+  GLOBAL: 'GLOBAL',
+  REQUEST: 'REQUEST'
+}
+const PropagationType = {
+  STRING: 'STRING',
+  JSON: 'JSON',
+  URL: 'URL'
+}
+const TagKey = {
+  VULNERABILITY_TYPE: 'vulnerability_type',
+  SOURCE_TYPE: 'source_type',
+  PROPAGATION_TYPE: 'propagation_type'
+}
+class IastMetric {
+  constructor (name, scope, tagKey) {
+    this.name = name
+    this.scope = scope
+    this.tagKey = tagKey
+  }
+  getNamespace (context) {
+    return getNamespaceFromContext(context) || globalNamespace
+  }
+  getTag (tagValue) {
+    return tagValue ? { [this.tagKey]: tagValue } : undefined
+  }
+  addValue (value, tagValue, context) {
+    this.getNamespace(context)
+      .count(this.name, this.getTag(tagValue))
+      .inc(value)
+  }
+  add (value, tagValue, context) {
+    if (Array.isArray(tagValue)) {
+      tagValue.forEach(tag => this.addValue(value, tag, context))
+    } else {
+      this.addValue(value, tagValue, context)
+    }
+  }
+  inc (tagValue, context) {
+    this.add(1, tagValue, context)
+  }
+}
+function getExecutedMetric (tagKey) {
+  return tagKey === TagKey.VULNERABILITY_TYPE ? EXECUTED_SINK : EXECUTED_SOURCE
+}
+function getInstrumentedMetric (tagKey) {
+  return tagKey === TagKey.VULNERABILITY_TYPE ? INSTRUMENTED_SINK : INSTRUMENTED_SOURCE
+}
+const INSTRUMENTED_PROPAGATION = new IastMetric('instrumented.propagation', Scope.GLOBAL)
+const INSTRUMENTED_SOURCE = new IastMetric('instrumented.source', Scope.GLOBAL, TagKey.SOURCE_TYPE)
+const INSTRUMENTED_SINK = new IastMetric('instrumented.sink', Scope.GLOBAL, TagKey.VULNERABILITY_TYPE)
+const EXECUTED_SOURCE = new IastMetric('executed.source', Scope.REQUEST, TagKey.SOURCE_TYPE)
+const EXECUTED_SINK = new IastMetric('executed.sink', Scope.REQUEST, TagKey.VULNERABILITY_TYPE)
+const REQUEST_TAINTED = new IastMetric('request.tainted', Scope.REQUEST)
+// DEBUG using metrics
+const EXECUTED_PROPAGATION = new IastMetric('executed.propagation', Scope.REQUEST)
+const EXECUTED_TAINTED = new IastMetric('executed.tainted', Scope.REQUEST)
+// DEBUG using distribution endpoint
+const INSTRUMENTATION_TIME = new IastMetric('instrumentation.time', Scope.GLOBAL)
+module.exports = {
+  INSTRUMENTED_PROPAGATION,
+  INSTRUMENTED_SOURCE,
+  INSTRUMENTED_SINK,
+  EXECUTED_PROPAGATION,
+  EXECUTED_SOURCE,
+  EXECUTED_SINK,
+  EXECUTED_TAINTED,
+  REQUEST_TAINTED,
+  INSTRUMENTATION_TIME,
+  PropagationType,
+  TagKey,
+  IastMetric,
+  getExecutedMetric,
+  getInstrumentedMetric
+}

package/packages/dd-trace/src/appsec/iast/telemetry/index.js ADDED Viewed

@@ -0,0 +1,45 @@
+'use strict'
+const telemetryMetrics = require('../../../telemetry/metrics')
+const telemetryLogs = require('./log')
+const { Verbosity, getVerbosity } = require('./verbosity')
+const { initRequestNamespace, finalizeRequestNamespace, globalNamespace } = require('./namespaces')
+class Telemetry {
+  configure (config, verbosity) {
+    // in order to telemetry be enabled, tracer telemetry and metrics collection have to be enabled
+    this.enabled = config && config.telemetry && config.telemetry.enabled && config.telemetry.metrics
+    this.verbosity = this.enabled ? getVerbosity(verbosity) : Verbosity.OFF
+    if (this.enabled) {
+      telemetryMetrics.manager.set('iast', globalNamespace)
+    }
+    telemetryLogs.start()
+  }
+  stop () {
+    this.enabled = false
+    telemetryMetrics.manager.delete('iast')
+    telemetryLogs.stop()
+  }
+  isEnabled () {
+    return this.enabled
+  }
+  onRequestStart (context) {
+    if (this.isEnabled() && this.verbosity !== Verbosity.OFF) {
+      initRequestNamespace(context)
+    }
+  }
+  onRequestEnd (context, rootSpan) {
+    if (this.isEnabled() && this.verbosity !== Verbosity.OFF) {
+      finalizeRequestNamespace(context, rootSpan)
+    }
+  }
+}
+module.exports = new Telemetry()