dd-trace 3.14.0 → 3.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE-3rdparty.csv +1 -0
- package/README.md +5 -5
- package/index.d.ts +30 -1
- package/package.json +5 -4
- package/packages/datadog-instrumentations/src/ldapjs.js +12 -2
- package/packages/datadog-instrumentations/src/mongoose.js +1 -1
- package/packages/datadog-instrumentations/src/next.js +2 -1
- package/packages/datadog-instrumentations/src/playwright.js +40 -11
- package/packages/datadog-plugin-hapi/src/index.js +5 -1
- package/packages/datadog-plugin-http/src/server.js +1 -1
- package/packages/datadog-plugin-http2/src/server.js +1 -1
- package/packages/dd-trace/src/appsec/addresses.js +3 -1
- package/packages/dd-trace/src/appsec/blocking.js +35 -9
- package/packages/dd-trace/src/appsec/iast/iast-context.js +6 -2
- package/packages/dd-trace/src/appsec/iast/index.js +3 -2
- package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +5 -2
- package/packages/dd-trace/src/appsec/index.js +4 -4
- package/packages/dd-trace/src/appsec/recommended.json +76 -75
- package/packages/dd-trace/src/appsec/remote_config/capabilities.js +2 -1
- package/packages/dd-trace/src/appsec/remote_config/index.js +3 -0
- package/packages/dd-trace/src/appsec/sdk/index.js +19 -1
- package/packages/dd-trace/src/appsec/sdk/noop.js +6 -0
- package/packages/dd-trace/src/appsec/sdk/set_user.js +30 -0
- package/packages/dd-trace/src/appsec/sdk/track_event.js +2 -2
- package/packages/dd-trace/src/appsec/sdk/user_blocking.js +73 -0
- package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +15 -0
- package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +7 -1
- package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js +4 -2
- package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +4 -2
- package/packages/dd-trace/src/config.js +1 -1
- package/packages/dd-trace/src/lambda/handler.js +5 -6
- package/packages/dd-trace/src/log/writer.js +32 -24
- package/packages/dd-trace/src/metrics.js +18 -0
- package/packages/dd-trace/src/noop/proxy.js +2 -2
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +2 -0
- package/packages/dd-trace/src/opentracing/span_context.js +5 -3
- package/packages/dd-trace/src/plugins/ci_plugin.js +4 -1
- package/packages/dd-trace/src/plugins/util/exec.js +2 -2
- package/packages/dd-trace/src/plugins/util/git.js +16 -1
- package/packages/dd-trace/src/profiler.js +3 -0
- package/packages/dd-trace/src/profiling/config.js +8 -3
- package/packages/dd-trace/src/profiling/exporters/file.js +13 -2
- package/packages/dd-trace/src/profiling/profiler.js +23 -6
- package/packages/dd-trace/src/profiling/profilers/wall.js +1 -0
- package/packages/dd-trace/src/proxy.js +1 -1
- package/packages/dd-trace/src/span_processor.js +1 -1
- package/packages/dd-trace/src/span_sampler.js +68 -52
- package/packages/dd-trace/src/startup-log.js +3 -6
- package/packages/dd-trace/src/tracer.js +0 -16
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.5.
|
|
4
|
+
"rules_version": "1.5.2"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -199,33 +199,6 @@
|
|
|
199
199
|
"lowercase"
|
|
200
200
|
]
|
|
201
201
|
},
|
|
202
|
-
{
|
|
203
|
-
"id": "crs-921-140",
|
|
204
|
-
"name": "HTTP Header Injection Attack via headers",
|
|
205
|
-
"tags": {
|
|
206
|
-
"type": "http_protocol_violation",
|
|
207
|
-
"crs_id": "921140",
|
|
208
|
-
"category": "attack_attempt"
|
|
209
|
-
},
|
|
210
|
-
"conditions": [
|
|
211
|
-
{
|
|
212
|
-
"parameters": {
|
|
213
|
-
"inputs": [
|
|
214
|
-
{
|
|
215
|
-
"address": "server.request.headers.no_cookies"
|
|
216
|
-
}
|
|
217
|
-
],
|
|
218
|
-
"regex": "[\\n\\r]",
|
|
219
|
-
"options": {
|
|
220
|
-
"case_sensitive": true,
|
|
221
|
-
"min_length": 1
|
|
222
|
-
}
|
|
223
|
-
},
|
|
224
|
-
"operator": "match_regex"
|
|
225
|
-
}
|
|
226
|
-
],
|
|
227
|
-
"transformers": []
|
|
228
|
-
},
|
|
229
202
|
{
|
|
230
203
|
"id": "crs-921-160",
|
|
231
204
|
"name": "HTTP Header Injection Attack via payload (CR/LF and header-name detected)",
|
|
@@ -245,7 +218,7 @@
|
|
|
245
218
|
"address": "server.request.path_params"
|
|
246
219
|
}
|
|
247
220
|
],
|
|
248
|
-
"regex": "[\\n\\r]+(
|
|
221
|
+
"regex": "[\\n\\r]+(?:refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|via|remote-ip|remote-addr|originating-IP))\\s*:",
|
|
249
222
|
"options": {
|
|
250
223
|
"case_sensitive": true,
|
|
251
224
|
"min_length": 3
|
|
@@ -278,7 +251,7 @@
|
|
|
278
251
|
"address": "server.request.headers.no_cookies"
|
|
279
252
|
}
|
|
280
253
|
],
|
|
281
|
-
"regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]
|
|
254
|
+
"regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01])?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
|
|
282
255
|
"options": {
|
|
283
256
|
"min_length": 4
|
|
284
257
|
}
|
|
@@ -1378,16 +1351,11 @@
|
|
|
1378
1351
|
"etc/timezone",
|
|
1379
1352
|
"etc/modules",
|
|
1380
1353
|
"etc/passwd",
|
|
1381
|
-
"etc/passwd~",
|
|
1382
|
-
"etc/passwd-",
|
|
1383
1354
|
"etc/shadow",
|
|
1384
|
-
"etc/shadow~",
|
|
1385
|
-
"etc/shadow-",
|
|
1386
1355
|
"etc/fstab",
|
|
1387
1356
|
"etc/motd",
|
|
1388
1357
|
"etc/hosts",
|
|
1389
1358
|
"etc/group",
|
|
1390
|
-
"etc/group-",
|
|
1391
1359
|
"etc/alias",
|
|
1392
1360
|
"etc/crontab",
|
|
1393
1361
|
"etc/crypttab",
|
|
@@ -1834,7 +1802,7 @@
|
|
|
1834
1802
|
"address": "server.request.path_params"
|
|
1835
1803
|
}
|
|
1836
1804
|
],
|
|
1837
|
-
"regex": "^(?i:file|ftps
|
|
1805
|
+
"regex": "^(?i:file|ftps?)://.*?\\?+$",
|
|
1838
1806
|
"options": {
|
|
1839
1807
|
"case_sensitive": true,
|
|
1840
1808
|
"min_length": 4
|
|
@@ -1898,11 +1866,8 @@
|
|
|
1898
1866
|
"dev/tcp/",
|
|
1899
1867
|
"dev/udp/",
|
|
1900
1868
|
"dev/zero",
|
|
1901
|
-
"etc/group",
|
|
1902
1869
|
"etc/master.passwd",
|
|
1903
|
-
"etc/passwd",
|
|
1904
1870
|
"etc/pwd.db",
|
|
1905
|
-
"etc/shadow",
|
|
1906
1871
|
"etc/shells",
|
|
1907
1872
|
"etc/spwd.db",
|
|
1908
1873
|
"proc/self/",
|
|
@@ -4117,9 +4082,7 @@
|
|
|
4117
4082
|
"java.lang.number",
|
|
4118
4083
|
"java.lang.object",
|
|
4119
4084
|
"java.lang.process",
|
|
4120
|
-
"java.lang.processbuilder",
|
|
4121
4085
|
"java.lang.reflect",
|
|
4122
|
-
"java.lang.runtime",
|
|
4123
4086
|
"java.lang.string",
|
|
4124
4087
|
"java.lang.stringbuilder",
|
|
4125
4088
|
"java.lang.system",
|
|
@@ -4452,6 +4415,74 @@
|
|
|
4452
4415
|
],
|
|
4453
4416
|
"transformers": []
|
|
4454
4417
|
},
|
|
4418
|
+
{
|
|
4419
|
+
"id": "dog-934-001",
|
|
4420
|
+
"name": "XXE - XML file loads external entity",
|
|
4421
|
+
"tags": {
|
|
4422
|
+
"type": "xxe",
|
|
4423
|
+
"category": "attack_attempt",
|
|
4424
|
+
"confidence": "0"
|
|
4425
|
+
},
|
|
4426
|
+
"conditions": [
|
|
4427
|
+
{
|
|
4428
|
+
"parameters": {
|
|
4429
|
+
"inputs": [
|
|
4430
|
+
{
|
|
4431
|
+
"address": "server.request.body"
|
|
4432
|
+
},
|
|
4433
|
+
{
|
|
4434
|
+
"address": "grpc.server.request.message"
|
|
4435
|
+
}
|
|
4436
|
+
],
|
|
4437
|
+
"regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
|
|
4438
|
+
"options": {
|
|
4439
|
+
"case_sensitive": false,
|
|
4440
|
+
"min_length": 24
|
|
4441
|
+
}
|
|
4442
|
+
},
|
|
4443
|
+
"operator": "match_regex"
|
|
4444
|
+
}
|
|
4445
|
+
],
|
|
4446
|
+
"transformers": []
|
|
4447
|
+
},
|
|
4448
|
+
{
|
|
4449
|
+
"id": "dog-942-001",
|
|
4450
|
+
"name": "Blind XSS callback domains",
|
|
4451
|
+
"tags": {
|
|
4452
|
+
"type": "xss",
|
|
4453
|
+
"category": "attack_attempt",
|
|
4454
|
+
"confidence": "1"
|
|
4455
|
+
},
|
|
4456
|
+
"conditions": [
|
|
4457
|
+
{
|
|
4458
|
+
"parameters": {
|
|
4459
|
+
"inputs": [
|
|
4460
|
+
{
|
|
4461
|
+
"address": "server.request.query"
|
|
4462
|
+
},
|
|
4463
|
+
{
|
|
4464
|
+
"address": "server.request.body"
|
|
4465
|
+
},
|
|
4466
|
+
{
|
|
4467
|
+
"address": "server.request.path_params"
|
|
4468
|
+
},
|
|
4469
|
+
{
|
|
4470
|
+
"address": "server.request.headers.no_cookies"
|
|
4471
|
+
},
|
|
4472
|
+
{
|
|
4473
|
+
"address": "grpc.server.request.message"
|
|
4474
|
+
}
|
|
4475
|
+
],
|
|
4476
|
+
"regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
|
|
4477
|
+
"options": {
|
|
4478
|
+
"case_sensitive": false
|
|
4479
|
+
}
|
|
4480
|
+
},
|
|
4481
|
+
"operator": "match_regex"
|
|
4482
|
+
}
|
|
4483
|
+
],
|
|
4484
|
+
"transformers": []
|
|
4485
|
+
},
|
|
4455
4486
|
{
|
|
4456
4487
|
"id": "nfd-000-001",
|
|
4457
4488
|
"name": "Detect common directory discovery scans",
|
|
@@ -5080,36 +5111,6 @@
|
|
|
5080
5111
|
"removeNulls"
|
|
5081
5112
|
]
|
|
5082
5113
|
},
|
|
5083
|
-
{
|
|
5084
|
-
"id": "sqr-000-007",
|
|
5085
|
-
"name": "NoSQL: Detect common exploitation strategy",
|
|
5086
|
-
"tags": {
|
|
5087
|
-
"type": "nosql_injection",
|
|
5088
|
-
"category": "attack_attempt"
|
|
5089
|
-
},
|
|
5090
|
-
"conditions": [
|
|
5091
|
-
{
|
|
5092
|
-
"parameters": {
|
|
5093
|
-
"inputs": [
|
|
5094
|
-
{
|
|
5095
|
-
"address": "server.request.query"
|
|
5096
|
-
},
|
|
5097
|
-
{
|
|
5098
|
-
"address": "server.request.body"
|
|
5099
|
-
},
|
|
5100
|
-
{
|
|
5101
|
-
"address": "server.request.path_params"
|
|
5102
|
-
}
|
|
5103
|
-
],
|
|
5104
|
-
"regex": "^\\$(eq|ne|(l|g)te?|n?in|not|(n|x|)or|and|regex|where|expr|exists)$"
|
|
5105
|
-
},
|
|
5106
|
-
"operator": "match_regex"
|
|
5107
|
-
}
|
|
5108
|
-
],
|
|
5109
|
-
"transformers": [
|
|
5110
|
-
"keys_only"
|
|
5111
|
-
]
|
|
5112
|
-
},
|
|
5113
5114
|
{
|
|
5114
5115
|
"id": "sqr-000-008",
|
|
5115
5116
|
"name": "Windows: Detect attempts to exfiltrate .ini files",
|
|
@@ -5275,7 +5276,7 @@
|
|
|
5275
5276
|
"address": "grpc.server.request.message"
|
|
5276
5277
|
}
|
|
5277
5278
|
],
|
|
5278
|
-
"regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(
|
|
5279
|
+
"regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
|
|
5279
5280
|
},
|
|
5280
5281
|
"operator": "match_regex"
|
|
5281
5282
|
}
|
|
@@ -5309,7 +5310,7 @@
|
|
|
5309
5310
|
"address": "grpc.server.request.message"
|
|
5310
5311
|
}
|
|
5311
5312
|
],
|
|
5312
|
-
"regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(
|
|
5313
|
+
"regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
|
|
5313
5314
|
},
|
|
5314
5315
|
"operator": "match_regex"
|
|
5315
5316
|
}
|
|
@@ -5346,7 +5347,7 @@
|
|
|
5346
5347
|
"address": "grpc.server.request.message"
|
|
5347
5348
|
}
|
|
5348
5349
|
],
|
|
5349
|
-
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click)"
|
|
5350
|
+
"regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com)"
|
|
5350
5351
|
},
|
|
5351
5352
|
"operator": "match_regex"
|
|
5352
5353
|
}
|
|
@@ -6720,4 +6721,4 @@
|
|
|
6720
6721
|
"transformers": []
|
|
6721
6722
|
}
|
|
6722
6723
|
]
|
|
6723
|
-
}
|
|
6724
|
+
}
|
|
@@ -35,12 +35,15 @@ function enable (config) {
|
|
|
35
35
|
function enableAsmData (appsecConfig) {
|
|
36
36
|
if (rc && appsecConfig && appsecConfig.rules === undefined) {
|
|
37
37
|
rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, true)
|
|
38
|
+
rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, true)
|
|
38
39
|
rc.on('ASM_DATA', _asmDataListener)
|
|
39
40
|
}
|
|
40
41
|
}
|
|
41
42
|
|
|
42
43
|
function disableAsmData () {
|
|
43
44
|
if (rc) {
|
|
45
|
+
rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, false)
|
|
46
|
+
rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, false)
|
|
44
47
|
rc.off('ASM_DATA', _asmDataListener)
|
|
45
48
|
}
|
|
46
49
|
}
|
|
@@ -1,10 +1,16 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const { trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent } = require('./track_event')
|
|
4
|
+
const { checkUserAndSetUser, blockRequest } = require('./user_blocking')
|
|
5
|
+
const { loadTemplates } = require('../blocking')
|
|
6
|
+
const { setUser } = require('./set_user')
|
|
4
7
|
|
|
5
8
|
class AppsecSdk {
|
|
6
|
-
constructor (tracer) {
|
|
9
|
+
constructor (tracer, config) {
|
|
7
10
|
this._tracer = tracer
|
|
11
|
+
if (config) {
|
|
12
|
+
loadTemplates(config)
|
|
13
|
+
}
|
|
8
14
|
}
|
|
9
15
|
|
|
10
16
|
trackUserLoginSuccessEvent (user, metadata) {
|
|
@@ -18,6 +24,18 @@ class AppsecSdk {
|
|
|
18
24
|
trackCustomEvent (eventName, metadata) {
|
|
19
25
|
return trackCustomEvent(this._tracer, eventName, metadata)
|
|
20
26
|
}
|
|
27
|
+
|
|
28
|
+
isUserBlocked (user) {
|
|
29
|
+
return checkUserAndSetUser(this._tracer, user)
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
blockRequest (req, res) {
|
|
33
|
+
return blockRequest(this._tracer, req, res)
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
setUser (user) {
|
|
37
|
+
return setUser(this._tracer, user)
|
|
38
|
+
}
|
|
21
39
|
}
|
|
22
40
|
|
|
23
41
|
module.exports = AppsecSdk
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const { getRootSpan } = require('./utils')
|
|
4
|
+
const log = require('../../log')
|
|
5
|
+
|
|
6
|
+
function setUserTags (user, rootSpan) {
|
|
7
|
+
for (const k of Object.keys(user)) {
|
|
8
|
+
rootSpan.setTag(`usr.${k}`, '' + user[k])
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
function setUser (tracer, user) {
|
|
13
|
+
if (!user || !user.id) {
|
|
14
|
+
log.warn('Invalid user provided to setUser')
|
|
15
|
+
return
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
const rootSpan = getRootSpan(tracer)
|
|
19
|
+
if (!rootSpan) {
|
|
20
|
+
log.warn('Root span not available in setUser')
|
|
21
|
+
return
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
setUserTags(user, rootSpan)
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
module.exports = {
|
|
28
|
+
setUserTags,
|
|
29
|
+
setUser
|
|
30
|
+
}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
const log = require('../../log')
|
|
4
4
|
const { getRootSpan } = require('./utils')
|
|
5
5
|
const { MANUAL_KEEP } = require('../../../../../ext/tags')
|
|
6
|
+
const { setUserTags } = require('./set_user')
|
|
6
7
|
|
|
7
8
|
function trackUserLoginSuccessEvent (tracer, user, metadata) {
|
|
8
9
|
// TODO: better user check here and in _setUser() ?
|
|
@@ -17,8 +18,7 @@ function trackUserLoginSuccessEvent (tracer, user, metadata) {
|
|
|
17
18
|
return
|
|
18
19
|
}
|
|
19
20
|
|
|
20
|
-
|
|
21
|
-
tracer.setUser(user)
|
|
21
|
+
setUserTags(user, rootSpan)
|
|
22
22
|
|
|
23
23
|
trackEvent(tracer, 'users.login.success', metadata, 'trackUserLoginSuccessEvent', rootSpan)
|
|
24
24
|
}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const { USER_ID } = require('../addresses')
|
|
4
|
+
const Gateway = require('../gateway/engine')
|
|
5
|
+
const { getRootSpan } = require('./utils')
|
|
6
|
+
const { block } = require('../blocking')
|
|
7
|
+
const { storage } = require('../../../../datadog-core')
|
|
8
|
+
const { setUserTags } = require('./set_user')
|
|
9
|
+
const log = require('../../log')
|
|
10
|
+
|
|
11
|
+
function isUserBlocked (user) {
|
|
12
|
+
const results = Gateway.propagate({ [USER_ID]: user.id })
|
|
13
|
+
|
|
14
|
+
if (!results) {
|
|
15
|
+
return false
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
for (const entry of results) {
|
|
19
|
+
if (entry && entry.includes('block')) {
|
|
20
|
+
return true
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
return false
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
function checkUserAndSetUser (tracer, user) {
|
|
28
|
+
if (!user || !user.id) {
|
|
29
|
+
log.warn('Invalid user provided to isUserBlocked')
|
|
30
|
+
return false
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
const rootSpan = getRootSpan(tracer)
|
|
34
|
+
if (rootSpan) {
|
|
35
|
+
if (!rootSpan.context()._tags['usr.id']) {
|
|
36
|
+
setUserTags(user, rootSpan)
|
|
37
|
+
}
|
|
38
|
+
} else {
|
|
39
|
+
log.warn('Root span not available in isUserBlocked')
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
return isUserBlocked(user)
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
function blockRequest (tracer, req, res) {
|
|
46
|
+
if (!req || !res) {
|
|
47
|
+
const store = storage.getStore()
|
|
48
|
+
if (store) {
|
|
49
|
+
req = req || store.req
|
|
50
|
+
res = res || store.res
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
if (!req || !res) {
|
|
55
|
+
log.warn('Requests or response object not available in blockRequest')
|
|
56
|
+
return false
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
const rootSpan = getRootSpan(tracer)
|
|
60
|
+
if (!rootSpan) {
|
|
61
|
+
log.warn('Root span not available in blockRequest')
|
|
62
|
+
return false
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
block(req, res, rootSpan)
|
|
66
|
+
|
|
67
|
+
return true
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
module.exports = {
|
|
71
|
+
checkUserAndSetUser,
|
|
72
|
+
blockRequest
|
|
73
|
+
}
|
|
@@ -8,6 +8,19 @@ const { getSkippableSuites: getSkippableSuitesRequest } = require('../intelligen
|
|
|
8
8
|
const log = require('../../log')
|
|
9
9
|
const AgentInfoExporter = require('../../exporters/common/agent-info-exporter')
|
|
10
10
|
|
|
11
|
+
function getTestConfigurationTags (tags) {
|
|
12
|
+
if (!tags) {
|
|
13
|
+
return {}
|
|
14
|
+
}
|
|
15
|
+
return Object.keys(tags).reduce((acc, key) => {
|
|
16
|
+
if (key.startsWith('test.configuration.')) {
|
|
17
|
+
const [, configKey] = key.split('test.configuration.')
|
|
18
|
+
acc[configKey] = tags[key]
|
|
19
|
+
}
|
|
20
|
+
return acc
|
|
21
|
+
}, {})
|
|
22
|
+
}
|
|
23
|
+
|
|
11
24
|
function getIsTestSessionTrace (trace) {
|
|
12
25
|
return trace.some(span =>
|
|
13
26
|
span.type === 'test_session_end' || span.type === 'test_suite_end' || span.type === 'test_module_end'
|
|
@@ -95,6 +108,7 @@ class CiVisibilityExporter extends AgentInfoExporter {
|
|
|
95
108
|
env: this._config.env,
|
|
96
109
|
service: this._config.service,
|
|
97
110
|
isEvpProxy: !!this._isUsingEvpProxy,
|
|
111
|
+
custom: getTestConfigurationTags(this._config.tags),
|
|
98
112
|
...testConfiguration
|
|
99
113
|
}
|
|
100
114
|
getSkippableSuitesRequest(configuration, callback)
|
|
@@ -119,6 +133,7 @@ class CiVisibilityExporter extends AgentInfoExporter {
|
|
|
119
133
|
env: this._config.env,
|
|
120
134
|
service: this._config.service,
|
|
121
135
|
isEvpProxy: !!this._isUsingEvpProxy,
|
|
136
|
+
custom: getTestConfigurationTags(this._config.tags),
|
|
122
137
|
...testConfiguration
|
|
123
138
|
}
|
|
124
139
|
getItrConfigurationRequest(configuration, (err, itrConfig) => {
|
|
@@ -10,7 +10,9 @@ const {
|
|
|
10
10
|
getLatestCommits,
|
|
11
11
|
getRepositoryUrl,
|
|
12
12
|
generatePackFilesForCommits,
|
|
13
|
-
getCommitsToUpload
|
|
13
|
+
getCommitsToUpload,
|
|
14
|
+
isShallowRepository,
|
|
15
|
+
unshallowRepository
|
|
14
16
|
} = require('../../../plugins/util/git')
|
|
15
17
|
|
|
16
18
|
const isValidSha = (sha) => /[0-9a-f]{40}/.test(sha)
|
|
@@ -157,6 +159,10 @@ function sendGitMetadata (url, isEvpProxy, callback) {
|
|
|
157
159
|
return callback(new Error('Repository URL is empty'))
|
|
158
160
|
}
|
|
159
161
|
|
|
162
|
+
if (isShallowRepository()) {
|
|
163
|
+
unshallowRepository()
|
|
164
|
+
}
|
|
165
|
+
|
|
160
166
|
getCommitsToExclude({ url, repositoryUrl, isEvpProxy }, (err, commitsToExclude, headCommit) => {
|
|
161
167
|
if (err) {
|
|
162
168
|
return callback(err)
|
package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js
CHANGED
|
@@ -13,7 +13,8 @@ function getItrConfiguration ({
|
|
|
13
13
|
osArchitecture,
|
|
14
14
|
runtimeName,
|
|
15
15
|
runtimeVersion,
|
|
16
|
-
branch
|
|
16
|
+
branch,
|
|
17
|
+
custom
|
|
17
18
|
}, done) {
|
|
18
19
|
const options = {
|
|
19
20
|
path: '/api/v2/libraries/tests/services/setting',
|
|
@@ -53,7 +54,8 @@ function getItrConfiguration ({
|
|
|
53
54
|
'os.version': osVersion,
|
|
54
55
|
'os.architecture': osArchitecture,
|
|
55
56
|
'runtime.name': runtimeName,
|
|
56
|
-
'runtime.version': runtimeVersion
|
|
57
|
+
'runtime.version': runtimeVersion,
|
|
58
|
+
custom
|
|
57
59
|
},
|
|
58
60
|
service,
|
|
59
61
|
env,
|
|
@@ -11,7 +11,8 @@ function getSkippableSuites ({
|
|
|
11
11
|
osPlatform,
|
|
12
12
|
osArchitecture,
|
|
13
13
|
runtimeName,
|
|
14
|
-
runtimeVersion
|
|
14
|
+
runtimeVersion,
|
|
15
|
+
custom
|
|
15
16
|
}, done) {
|
|
16
17
|
const options = {
|
|
17
18
|
path: '/api/v2/ci/tests/skippable',
|
|
@@ -51,7 +52,8 @@ function getSkippableSuites ({
|
|
|
51
52
|
'os.version': osVersion,
|
|
52
53
|
'os.architecture': osArchitecture,
|
|
53
54
|
'runtime.name': runtimeName,
|
|
54
|
-
'runtime.version': runtimeVersion
|
|
55
|
+
'runtime.version': runtimeVersion,
|
|
56
|
+
custom
|
|
55
57
|
},
|
|
56
58
|
service,
|
|
57
59
|
env,
|
|
@@ -376,7 +376,7 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
|
|
|
376
376
|
|
|
377
377
|
const DD_CIVISIBILITY_GIT_UPLOAD_ENABLED = coalesce(
|
|
378
378
|
process.env.DD_CIVISIBILITY_GIT_UPLOAD_ENABLED,
|
|
379
|
-
|
|
379
|
+
true
|
|
380
380
|
)
|
|
381
381
|
|
|
382
382
|
const ingestion = options.ingestion || {}
|
|
@@ -22,15 +22,14 @@ let __lambdaTimeout
|
|
|
22
22
|
* @param {*} context AWS Lambda context object.
|
|
23
23
|
*/
|
|
24
24
|
function checkTimeout (context) {
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
}
|
|
25
|
+
const remainingTimeInMillis = context.getRemainingTimeInMillis()
|
|
26
|
+
|
|
27
|
+
let apmFlushDeadline = parseInt(process.env.DD_APM_FLUSH_DEADLINE_MILLISECONDS) || 100
|
|
28
|
+
apmFlushDeadline = apmFlushDeadline < 0 ? 100 : apmFlushDeadline
|
|
30
29
|
|
|
31
30
|
__lambdaTimeout = setTimeout(() => {
|
|
32
31
|
timeoutChannel.publish(undefined)
|
|
33
|
-
}, remainingTimeInMillis -
|
|
32
|
+
}, remainingTimeInMillis - apmFlushDeadline)
|
|
34
33
|
}
|
|
35
34
|
|
|
36
35
|
/**
|
|
@@ -78,39 +78,47 @@ function reset () {
|
|
|
78
78
|
}
|
|
79
79
|
|
|
80
80
|
function onError (err) {
|
|
81
|
-
if (enabled)
|
|
82
|
-
if (typeof err !== 'object' || !err) {
|
|
83
|
-
err = String(err)
|
|
84
|
-
} else if (!err.stack) {
|
|
85
|
-
err = String(err.message || err)
|
|
86
|
-
}
|
|
87
|
-
|
|
88
|
-
if (typeof err === 'string') {
|
|
89
|
-
err = new Error(err)
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
withNoop(() => logger.error(err))
|
|
93
|
-
}
|
|
81
|
+
if (enabled) error(err)
|
|
94
82
|
}
|
|
95
83
|
|
|
96
84
|
function onWarn (message) {
|
|
97
|
-
if (
|
|
98
|
-
if (enabled) {
|
|
99
|
-
withNoop(() => logger.warn(message))
|
|
100
|
-
}
|
|
85
|
+
if (enabled) warn(message)
|
|
101
86
|
}
|
|
102
87
|
|
|
103
88
|
function onInfo (message) {
|
|
104
|
-
if (
|
|
105
|
-
if (enabled) {
|
|
106
|
-
withNoop(() => logger.info(message))
|
|
107
|
-
}
|
|
89
|
+
if (enabled) info(message)
|
|
108
90
|
}
|
|
109
91
|
|
|
110
92
|
function onDebug (message) {
|
|
111
|
-
if (enabled)
|
|
112
|
-
|
|
93
|
+
if (enabled) debug(message)
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
function error (err) {
|
|
97
|
+
if (typeof err !== 'object' || !err) {
|
|
98
|
+
err = String(err)
|
|
99
|
+
} else if (!err.stack) {
|
|
100
|
+
err = String(err.message || err)
|
|
113
101
|
}
|
|
102
|
+
|
|
103
|
+
if (typeof err === 'string') {
|
|
104
|
+
err = new Error(err)
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
withNoop(() => logger.error(err))
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
function warn (message) {
|
|
111
|
+
if (!logger.warn) return debug(message)
|
|
112
|
+
withNoop(() => logger.warn(message))
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
function info (message) {
|
|
116
|
+
if (!logger.info) return debug(message)
|
|
117
|
+
withNoop(() => logger.info(message))
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
function debug (message) {
|
|
121
|
+
withNoop(() => logger.debug(message))
|
|
114
122
|
}
|
|
115
123
|
|
|
116
|
-
module.exports = { use, toggle, reset }
|
|
124
|
+
module.exports = { use, toggle, reset, error, warn, info, debug }
|