dd-trace 3.14.1 → 3.16.0

package/packages/datadog-plugin-paperplane/src/logger.js

@@ -3,7 +3,7 @@
 const LogPlugin = require('../../dd-trace/src/plugins/log_plugin')
 
 class PaperplaneLoggerPlugin extends LogPlugin {
-  static get name () {
+  static get id () {
     return 'paperplane'
   }
 }

package/packages/datadog-plugin-paperplane/src/server.js

@@ -4,7 +4,7 @@ const RouterPlugin = require('../../datadog-plugin-router/src')
 const web = require('../../dd-trace/src/plugins/util/web')
 
 class PaperplaneServerPlugin extends RouterPlugin {
-  static get name () {
+  static get id () {
     return 'paperplane'
   }
 

package/packages/datadog-plugin-pg/src/index.js

@@ -1,9 +1,10 @@
 'use strict'
 
+const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const DatabasePlugin = require('../../dd-trace/src/plugins/database')
 
 class PGPlugin extends DatabasePlugin {
-  static get name () { return 'pg' }
+  static get id () { return 'pg' }
   static get operation () { return 'query' }
   static get system () { return 'postgres' }
 
@@ -22,7 +23,7 @@ class PGPlugin extends DatabasePlugin {
         'db.name': params.database,
         'db.user': params.user,
         'out.host': params.host,
-        'out.port': params.port
+        [CLIENT_PORT_KEY]: params.port
       }
     })
 

package/packages/datadog-plugin-pino/src/index.js

@@ -3,7 +3,7 @@
 const LogPlugin = require('../../dd-trace/src/plugins/log_plugin')
 
 class PinoPlugin extends LogPlugin {
-  static get name () {
+  static get id () {
     return 'pino'
   }
 }

package/packages/datadog-plugin-playwright/src/index.js

@@ -13,7 +13,7 @@ const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 
 class PlaywrightPlugin extends CiPlugin {
-  static get name () {
+  static get id () {
     return 'playwright'
   }
 
@@ -39,13 +39,14 @@ class PlaywrightPlugin extends CiPlugin {
       const testSuiteMetadata = getTestSuiteCommonTags(
         this.command,
         this.frameworkVersion,
-        testSuite
+        testSuite,
+        'playwright'
       )
 
       const testSuiteSpan = this.tracer.startSpan('playwright.test_suite', {
         childOf: this.testModuleSpan,
         tags: {
-          [COMPONENT]: this.constructor.name,
+          [COMPONENT]: this.constructor.id,
           ...this.testEnvironmentMetadata,
           ...testSuiteMetadata
         }
@@ -87,7 +88,7 @@ class PlaywrightPlugin extends CiPlugin {
           childOf: span,
           startTime: stepStartTime,
           tags: {
-            [COMPONENT]: this.constructor.name,
+            [COMPONENT]: this.constructor.id,
             'playwright.step': step.title,
             [RESOURCE_NAME]: step.title
           }

package/packages/datadog-plugin-redis/src/index.js

@@ -1,10 +1,11 @@
 'use strict'
 
+const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const CachePlugin = require('../../dd-trace/src/plugins/cache')
 const urlFilter = require('../../dd-trace/src/plugins/util/urlfilter')
 
 class RedisPlugin extends CachePlugin {
-  static get name () { return 'redis' }
+  static get id () { return 'redis' }
   static get system () { return 'redis' }
 
   start ({ db, command, args, connectionOptions = {}, connectionName }) {
@@ -20,7 +21,7 @@ class RedisPlugin extends CachePlugin {
         'db.name': db || '0',
         'redis.raw_command': formatCommand(command, args),
         'out.host': connectionOptions.host,
-        'out.port': connectionOptions.port
+        [CLIENT_PORT_KEY]: connectionOptions.port
       }
     })
   }

package/packages/datadog-plugin-restify/src/index.js

@@ -4,7 +4,7 @@ const RouterPlugin = require('../../datadog-plugin-router/src')
 const web = require('../../dd-trace/src/plugins/util/web')
 
 class RestifyPlugin extends RouterPlugin {
-  static get name () {
+  static get id () {
     return 'restify'
   }
 

package/packages/datadog-plugin-rhea/src/consumer.js

@@ -4,7 +4,7 @@ const ConsumerPlugin = require('../../dd-trace/src/plugins/consumer')
 const { storage } = require('../../datadog-core')
 
 class RheaConsumerPlugin extends ConsumerPlugin {
-  static get name () { return 'rhea' }
+  static get id () { return 'rhea' }
 
   constructor (...args) {
     super(...args)

package/packages/datadog-plugin-rhea/src/index.js

@@ -5,7 +5,7 @@ const ConsumerPlugin = require('./consumer')
 const CompositePlugin = require('../../dd-trace/src/plugins/composite')
 
 class RheaPlugin extends CompositePlugin {
-  static get name () { return 'rhea' }
+  static get id () { return 'rhea' }
   static get plugins () {
     return {
       producer: ProducerPlugin,

package/packages/datadog-plugin-rhea/src/producer.js

@@ -1,9 +1,10 @@
 'use strict'
 
+const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const ProducerPlugin = require('../../dd-trace/src/plugins/producer')
 
 class RheaProducerPlugin extends ProducerPlugin {
-  static get name () { return 'rhea' }
+  static get id () { return 'rhea' }
   static get operation () { return 'send' }
 
   constructor (...args) {
@@ -24,7 +25,7 @@ class RheaProducerPlugin extends ProducerPlugin {
         'amqp.link.target.address': name,
         'amqp.link.role': 'sender',
         'out.host': host,
-        'out.port': port
+        [CLIENT_PORT_KEY]: port
       }
     })
   }

package/packages/datadog-plugin-router/src/index.js

@@ -7,7 +7,7 @@ const { storage } = require('../../datadog-core')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 
 class RouterPlugin extends WebPlugin {
-  static get name () {
+  static get id () {
     return 'router'
   }
 
@@ -17,7 +17,7 @@ class RouterPlugin extends WebPlugin {
     this._storeStack = []
     this._contexts = new WeakMap()
 
-    this.addSub(`apm:${this.constructor.name}:middleware:enter`, ({ req, name, route }) => {
+    this.addSub(`apm:${this.constructor.id}:middleware:enter`, ({ req, name, route }) => {
       const childOf = this._getActive(req) || this._getStoreSpan()
 
       if (!childOf) return
@@ -37,7 +37,7 @@ class RouterPlugin extends WebPlugin {
       web.setRoute(req, context.route)
     })
 
-    this.addSub(`apm:${this.constructor.name}:middleware:next`, ({ req }) => {
+    this.addSub(`apm:${this.constructor.id}:middleware:next`, ({ req }) => {
       const context = this._contexts.get(req)
 
       if (!context) return
@@ -45,7 +45,7 @@ class RouterPlugin extends WebPlugin {
       context.stack.pop()
     })
 
-    this.addSub(`apm:${this.constructor.name}:middleware:finish`, ({ req }) => {
+    this.addSub(`apm:${this.constructor.id}:middleware:finish`, ({ req }) => {
       const context = this._contexts.get(req)
 
       if (!context || context.middleware.length === 0) return
@@ -53,13 +53,13 @@ class RouterPlugin extends WebPlugin {
       context.middleware.pop().finish()
     })
 
-    this.addSub(`apm:${this.constructor.name}:middleware:exit`, ({ req }) => {
+    this.addSub(`apm:${this.constructor.id}:middleware:exit`, ({ req }) => {
       const savedStore = this._storeStack.pop()
       const span = savedStore && savedStore.span
       this.enter(span, savedStore)
     })
 
-    this.addSub(`apm:${this.constructor.name}:middleware:error`, ({ req, error }) => {
+    this.addSub(`apm:${this.constructor.id}:middleware:error`, ({ req, error }) => {
       web.addError(req, error)
 
       if (!this.config.middleware) return
@@ -104,10 +104,10 @@ class RouterPlugin extends WebPlugin {
       return childOf
     }
 
-    const span = this.tracer.startSpan(`${this.constructor.name}.middleware`, {
+    const span = this.tracer.startSpan(`${this.constructor.id}.middleware`, {
       childOf,
       tags: {
-        [COMPONENT]: this.constructor.name,
+        [COMPONENT]: this.constructor.id,
         'resource.name': name || '<anonymous>'
       }
     })

package/packages/datadog-plugin-sharedb/src/index.js

@@ -3,7 +3,7 @@
 const ServerPlugin = require('../../dd-trace/src/plugins/server')
 
 class SharedbPlugin extends ServerPlugin {
-  static get name () { return 'sharedb' }
+  static get id () { return 'sharedb' }
 
   start ({ actionName, request }) {
     const span = this.startSpan('sharedb.request', {

package/packages/datadog-plugin-tedious/src/index.js

@@ -1,9 +1,10 @@
 'use strict'
 
+const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const DatabasePlugin = require('../../dd-trace/src/plugins/database')
 
 class TediousPlugin extends DatabasePlugin {
-  static get name () { return 'tedious' }
+  static get id () { return 'tedious' }
   static get operation () { return 'request' } // TODO: change to match other database plugins
   static get system () { return 'mssql' }
 
@@ -17,7 +18,7 @@ class TediousPlugin extends DatabasePlugin {
         'db.type': 'mssql',
         'component': 'tedious',
         'out.host': connectionConfig.server,
-        'out.port': connectionConfig.options.port,
+        [CLIENT_PORT_KEY]: connectionConfig.options.port,
         'db.user': connectionConfig.userName || connectionConfig.authentication.options.userName,
         'db.name': connectionConfig.options.database,
         'db.instance': connectionConfig.options.instanceName

package/packages/datadog-plugin-web/src/index.js

@@ -4,7 +4,7 @@ const Plugin = require('../../dd-trace/src/plugins/plugin')
 const web = require('../../dd-trace/src/plugins/util/web')
 
 class WebPlugin extends Plugin {
-  static get name () {
+  static get id () {
     return 'web'
   }
 

package/packages/datadog-plugin-winston/src/index.js

@@ -3,7 +3,7 @@
 const LogPlugin = require('../../dd-trace/src/plugins/log_plugin')
 
 class WinstonPlugin extends LogPlugin {
-  static get name () {
+  static get id () {
     return 'winston'
   }
 }

package/packages/dd-trace/src/appsec/addresses.js

@@ -16,5 +16,7 @@ module.exports = {
   HTTP_INCOMING_REMOTE_IP: 'server.request.client_ip',
   HTTP_INCOMING_REMOTE_PORT: 'server.request.client_port',
 
-  HTTP_CLIENT_IP: 'http.client_ip'
+  HTTP_CLIENT_IP: 'http.client_ip',
+
+  USER_ID: 'usr.id'
 }

package/packages/dd-trace/src/appsec/blocking.js

@@ -1,8 +1,19 @@
 'use strict'
 
+const log = require('../log')
 const fs = require('fs')
-let templateHtml, templateJson
-function block (req, res, topSpan, abortController) {
+
+// TODO: move template loading to a proper spot.
+let templateLoaded = false
+let templateHtml = ''
+let templateJson = ''
+
+function block (req, res, rootSpan, abortController) {
+  if (res.headersSent) {
+    log.warn('Cannot send blocking response when headers have already been sent')
+    return
+  }
+
   let type
   let body
 
@@ -17,7 +28,7 @@ function block (req, res, topSpan, abortController) {
     body = templateJson
   }
 
-  topSpan.addTags({
+  rootSpan.addTags({
     'appsec.blocked': 'true'
   })
 
@@ -26,19 +37,34 @@ function block (req, res, topSpan, abortController) {
   res.setHeader('Content-Length', Buffer.byteLength(body))
   res.end(body)
 
-  abortController.abort()
+  if (abortController) {
+    abortController.abort()
+  }
 }
 
 function loadTemplates (config) {
-  templateHtml = fs.readFileSync(config.appsec.blockedTemplateHtml)
-  templateJson = fs.readFileSync(config.appsec.blockedTemplateJson)
+  if (!templateLoaded) {
+    templateHtml = fs.readFileSync(config.appsec.blockedTemplateHtml)
+    templateJson = fs.readFileSync(config.appsec.blockedTemplateJson)
+    templateLoaded = true
+  }
 }
 
 async function loadTemplatesAsync (config) {
-  templateHtml = await fs.promises.readFile(config.appsec.blockedTemplateHtml)
-  templateJson = await fs.promises.readFile(config.appsec.blockedTemplateJson)
+  if (!templateLoaded) {
+    templateHtml = await fs.promises.readFile(config.appsec.blockedTemplateHtml)
+    templateJson = await fs.promises.readFile(config.appsec.blockedTemplateJson)
+    templateLoaded = true
+  }
+}
+
+function resetTemplates () {
+  templateLoaded = false
 }
 
 module.exports = {
-  block, loadTemplates, loadTemplatesAsync
+  block,
+  loadTemplates,
+  loadTemplatesAsync,
+  resetTemplates
 }

package/packages/dd-trace/src/appsec/gateway/engine/runner.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const als = require('../als')
+const log = require('../../../log')
 
 let lock = false // lock to prevent recursive calls to runSubscriptions
 
@@ -25,7 +26,7 @@ function runSubscriptions (subscriptions, params) {
     try {
       result = subscription.callback.method(params, store)
     } catch (err) {
-      // TODO: log ?
+      log.warn(`Error running subscription ${err}`)
     }
 
     results.push(result)

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js

@@ -1,3 +1,5 @@
+'use strict'
+
 module.exports = {
   'WEAK_CIPHER_ANALYZER': require('./weak-cipher-analyzer'),
   'WEAK_HASH_ANALYZER': require('./weak-hash-analyzer'),

package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js

@@ -2,7 +2,7 @@
 
 const Plugin = require('../../../../src/plugins/plugin')
 const { storage } = require('../../../../../datadog-core')
-const log = require('../../../log')
+const iastLog = require('../iast-log')
 const { getFirstNonDDPathAndLine } = require('../path-line')
 const { createVulnerability, addVulnerability } = require('../vulnerability-reporter')
 const { getIastContext } = require('../iast-context')
@@ -19,7 +19,7 @@ class Analyzer extends Plugin {
       try {
         handler(message, name)
       } catch (e) {
-        log.debug(e)
+        iastLog.errorAndPublish(e)
       }
     }
   }

package/packages/dd-trace/src/appsec/iast/iast-context.js

@@ -1,8 +1,12 @@
 const IAST_CONTEXT_KEY = Symbol('_dd.iast.context')
 const IAST_TRANSACTION_ID = Symbol('_dd.iast.transactionId')
 
-function getIastContext (store) {
-  return store && store[IAST_CONTEXT_KEY]
+function getIastContext (store, topContext) {
+  let iastContext = store && store[IAST_CONTEXT_KEY]
+  if (!iastContext) {
+    iastContext = topContext && topContext[IAST_CONTEXT_KEY]
+  }
+  return iastContext
 }
 
 /* TODO Fix storage problem when the close event is called without

package/packages/dd-trace/src/appsec/iast/iast-log.js

@@ -0,0 +1,111 @@
+'use strict'
+
+const log = require('../../log')
+const telemetryLogs = require('./telemetry/logs')
+const { calculateDDBasePath } = require('../../util')
+
+const ddBasePath = calculateDDBasePath(__dirname)
+const EOL = '\n'
+const STACK_FRAME_LINE_REGEX = /^\s*at\s/gm
+
+function sanitize (logEntry, stack) {
+  if (!stack) return logEntry
+
+  let stackLines = stack.split(EOL)
+
+  const firstIndex = stackLines.findIndex(l => l.match(STACK_FRAME_LINE_REGEX))
+
+  const isDDCode = firstIndex > -1 && stackLines[firstIndex].includes(ddBasePath)
+  stackLines = stackLines
+    .filter((line, index) => (isDDCode && index < firstIndex) || line.includes(ddBasePath))
+    .map(line => line.replace(ddBasePath, ''))
+
+  logEntry.stack_trace = stackLines.join(EOL)
+
+  if (!isDDCode) {
+    logEntry.message = 'omitted'
+  }
+
+  return logEntry
+}
+
+function getTelemetryLog (data, level) {
+  try {
+    data = typeof data === 'function' ? data() : data
+
+    let message
+    if (typeof data !== 'object' || !data) {
+      message = String(data)
+    } else {
+      message = String(data.message || data)
+    }
+
+    let logEntry = {
+      message,
+      level
+    }
+
+    if (data.stack) {
+      logEntry = sanitize(logEntry, data.stack)
+      if (logEntry.stack_trace === '') {
+        return
+      }
+    }
+
+    return logEntry
+  } catch (e) {
+    log.error(e)
+  }
+}
+
+const iastLog = {
+  debug (data) {
+    log.debug(data)
+    return this
+  },
+
+  info (data) {
+    log.info(data)
+    return this
+  },
+
+  warn (data) {
+    log.warn(data)
+    return this
+  },
+
+  error (data) {
+    log.error(data)
+    return this
+  },
+
+  publish (data, level) {
+    if (telemetryLogs.isLevelEnabled(level)) {
+      const telemetryLog = getTelemetryLog(data, level)
+      telemetryLogs.publish(telemetryLog)
+    }
+    return this
+  },
+
+  debugAndPublish (data) {
+    this.debug(data)
+    return this.publish(data, 'DEBUG')
+  },
+
+  infoAndPublish (data) {
+    this.info(data)
+    return this.publish(data, 'DEBUG')
+  },
+
+  warnAndPublish (data) {
+    this.warn(data)
+    return this.publish(data, 'WARN')
+  },
+
+  errorAndPublish (data) {
+    this.error(data)
+    return this.publish(data, 'ERROR')
+  }
+}
+
+module.exports = iastLog

package/packages/dd-trace/src/appsec/iast/index.js

@@ -1,4 +1,4 @@
-const { sendVulnerabilities, setTracer } = require('./vulnerability-reporter')
+const vulnerabilityReporter = require('./vulnerability-reporter')
 const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
@@ -6,7 +6,7 @@ const overheadController = require('./overhead-controller')
 const dc = require('diagnostics_channel')
 const iastContextFunctions = require('./iast-context')
 const { enableTaintTracking, disableTaintTracking, createTransaction, removeTransaction } = require('./taint-tracking')
-
+const telemetryLogs = require('./telemetry/logs')
 const IAST_ENABLED_TAG_KEY = '_dd.iast.enabled'
 
 // TODO Change to `apm:http:server:request:[start|close]` when the subscription
@@ -21,7 +21,8 @@ function enable (config, _tracer) {
   requestClose.subscribe(onIncomingHttpRequestEnd)
   overheadController.configure(config.iast)
   overheadController.startGlobalContext()
-  setTracer(_tracer)
+  vulnerabilityReporter.start(config, _tracer)
+  telemetryLogs.start()
 }
 
 function disable () {
@@ -30,6 +31,8 @@ function disable () {
   overheadController.finishGlobalContext()
   if (requestStart.hasSubscribers) requestStart.unsubscribe(onIncomingHttpRequestStart)
   if (requestClose.hasSubscribers) requestClose.unsubscribe(onIncomingHttpRequestEnd)
+  vulnerabilityReporter.stop()
+  telemetryLogs.stop()
 }
 
 function onIncomingHttpRequestStart (data) {
@@ -58,15 +61,16 @@ function onIncomingHttpRequestStart (data) {
 function onIncomingHttpRequestEnd (data) {
   if (data && data.req) {
     const store = storage.getStore()
-    const iastContext = iastContextFunctions.getIastContext(storage.getStore())
+    const topContext = web.getContext(data.req)
+    const iastContext = iastContextFunctions.getIastContext(store, topContext)
     if (iastContext && iastContext.rootSpan) {
       const vulnerabilities = iastContext.vulnerabilities
       const rootSpan = iastContext.rootSpan
-      sendVulnerabilities(vulnerabilities, rootSpan)
+      vulnerabilityReporter.sendVulnerabilities(vulnerabilities, rootSpan)
       removeTransaction(iastContext)
     }
     // TODO web.getContext(data.req) is required when the request is aborted
-    if (iastContextFunctions.cleanIastContext(store, web.getContext(data.req), iastContext)) {
+    if (iastContextFunctions.cleanIastContext(store, topContext, iastContext)) {
       overheadController.releaseRequest()
     }
   }

package/packages/dd-trace/src/appsec/iast/path-line.js

@@ -1,5 +1,8 @@
+'use strict'
+
 const path = require('path')
 const process = require('process')
+const { calculateDDBasePath } = require('../../util')
 const pathLine = {
   getFirstNonDDPathAndLine,
   getFirstNonDDPathAndLineFromCallsites, // Exported only for test purposes
@@ -19,12 +22,6 @@ const EXCLUDED_PATH_PREFIXES = [
   'async_hooks'
 ]
 
-function calculateDDBasePath (dirname) {
-  const dirSteps = dirname.split(path.sep)
-  const packagesIndex = dirSteps.lastIndexOf('packages')
-  return dirSteps.slice(0, packagesIndex).join(path.sep) + path.sep
-}
-
 function getCallSiteInfo () {
   const previousPrepareStackTrace = Error.prepareStackTrace
   const previousStackTraceLimit = Error.stackTraceLimit

package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js

@@ -1,3 +1,5 @@
+'use strict'
+
 const { enableRewriter, disableRewriter } = require('./rewriter')
 const { createTransaction, removeTransaction, enableTaintOperations, disableTaintOperations } = require('./operations')
 const taintTrackingPlugin = require('./plugin')

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js

@@ -1,3 +1,5 @@
+'use strict'
+
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
 const { TaintTracking, TaintTrackingDummy } = require('./taint-tracking-impl')

package/packages/dd-trace/src/appsec/iast/taint-tracking/origin-types.js

@@ -1,3 +1,5 @@
+'use strict'
+
 module.exports = {
   HTTP_REQUEST_BODY: 'http.request.body',
   HTTP_REQUEST_PARAMETER: 'http.request.parameter'

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js

@@ -1,3 +1,5 @@
+'use strict'
+
 const Plugin = require('../../../plugins/plugin')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')