npm - dd-trace - Versions diffs - 3.14.1 → 3.16.0 - Mend

dd-trace 3.14.1 → 3.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -2,7 +2,7 @@
 const Module = require('module')
 const shimmer = require('../../../../../datadog-shimmer')
-const log = require('../../../log')
+const iastLog = require('../iast-log')
 const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
@@ -16,7 +16,8 @@ function getRewriter () {
       getPrepareStackTrace = iastRewriter.getPrepareStackTrace
       rewriter = new Rewriter({ csiMethods })
     } catch (e) {
-      log.warn(`Unable to initialize TaintTracking Rewriter: ${e.message}`)
+      iastLog.error('Unable to initialize TaintTracking Rewriter')
+        .errorAndPublish(e)
     }
   }
   return rewriter
@@ -40,10 +41,14 @@ function getCompileMethodFn (compileMethod) {
   return function (content, filename) {
     try {
       if (isPrivateModule(filename) && isNotLibraryFile(filename)) {
-        content = rewriter.rewrite(content, filename)
+        const rewritten = rewriter.rewrite(content, filename)
+        if (rewritten && rewritten.content) {
+          return compileMethod.apply(this, [rewritten.content, filename])
+        }
       }
     } catch (e) {
-      log.debug(e)
+      iastLog.error(`Error rewriting ${filename}`)
+        .errorAndPublish(e)
     }
     return compileMethod.apply(this, [content, filename])
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -3,7 +3,7 @@
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { storage } = require('../../../../../datadog-core')
 const iastContextFunctions = require('../iast-context')
-const log = require('../../../log')
+const iastLog = require('../iast-log')
 function noop (res) { return res }
 const TaintTrackingDummy = {
@@ -32,7 +32,8 @@ function getFilteredCsiFn (cb, filter) {
         return cb(transactionId, res, target, ...rest)
       }
     } catch (e) {
-      log.debug(e)
+      iastLog.error(`Error invoking CSI ${target}`)
+        .errorAndPublish(e)
     }
     return res
   }
@@ -80,7 +81,8 @@ const csiMethodsOverrides = {
         return TaintedUtils.concat(transactionId, res, op1, op2)
       }
     } catch (e) {
-      log.debug(e)
+      iastLog.error(`Error invoking CSI plusOperator`)
+        .errorAndPublish(e)
     }
     return res
   },

package/packages/dd-trace/src/appsec/iast/telemetry/log_collector.js ADDED Viewed

@@ -0,0 +1,96 @@
+'use strict'
+const log = require('../../../log')
+const logs = new Map()
+// NOTE: Is this a reasonable number?
+let maxEntries = 10000
+let overflowedCount = 0
+function hashCode (hashSource) {
+  let hash = 0
+  const size = hashSource.length
+  for (let offset = 0; offset < size; offset++) {
+    hash = (((hash * 31) | 0) + hashSource.charCodeAt(offset)) | 0
+  }
+  return hash
+}
+function createHash (logEntry) {
+  if (!logEntry) return 0
+  const prime = 31
+  let result = ((!logEntry.level) ? 0 : hashCode(logEntry.level))
+  result = (((prime * result) | 0) + ((!logEntry.message) ? 0 : hashCode(logEntry.message))) | 0
+  // NOTE: tags are not used at the moment
+  // result = (((prime * result) | 0) + ((!logEntry.tags) ? 0 : hashCode(logEntry.tags))) | 0
+  result = (((prime * result) | 0) + ((!logEntry.stack_trace) ? 0 : hashCode(logEntry.stack_trace))) | 0
+  return result
+}
+function newLogEntry (message, level, tags) {
+  return {
+    message,
+    level,
+    tags
+  }
+}
+function isValid (logEntry) {
+  return logEntry && logEntry.level && logEntry.message
+}
+const logCollector = {
+  add (logEntry) {
+    try {
+      if (!isValid(logEntry)) {
+        log.info('IAST log collector discarding invalid log')
+        return
+      }
+      // NOTE: should errors have higher priority? and discard log entries with lower priority?
+      if (logs.size >= maxEntries) {
+        overflowedCount++
+        return
+      }
+      const hash = createHash(logEntry)
+      if (!logs.has(hash)) {
+        logs.set(hash, logEntry)
+        return true
+      }
+    } catch (e) {
+      log.error(`Unable to add log to logCollector: ${e.message}`)
+    }
+    return false
+  },
+  drain () {
+    if (logs.size === 0) return
+    const drained = []
+    drained.push(...logs.values())
+    if (overflowedCount > 0) {
+      drained.push(newLogEntry(`Omitted ${overflowedCount} entries due to overflowing`, 'ERROR'))
+    }
+    this.reset()
+    return drained
+  },
+  reset (max) {
+    logs.clear()
+    overflowedCount = 0
+    if (max) {
+      maxEntries = max
+    }
+  }
+}
+logCollector.reset()
+module.exports = logCollector

package/packages/dd-trace/src/appsec/iast/telemetry/logs.js ADDED Viewed

@@ -0,0 +1,87 @@
+'use strict'
+const dc = require('diagnostics_channel')
+const logCollector = require('./log_collector')
+const { sendData } = require('../../../telemetry/send-data')
+const log = require('../../../log')
+const telemetryStartChannel = dc.channel('datadog:telemetry:start')
+const telemetryStopChannel = dc.channel('datadog:telemetry:stop')
+let config, application, host, interval
+function publish (log) {
+  if (log && isLevelEnabled(log.level)) {
+    logCollector.add(log)
+  }
+}
+function sendLogs () {
+  try {
+    const logs = logCollector.drain()
+    if (logs) {
+      sendData(config, application, host, 'logs', logs)
+    }
+  } catch (e) {
+    log.error(e)
+  }
+}
+function isLevelEnabled (level) {
+  return isLogCollectionEnabled(config) && (level !== 'DEBUG' || config.telemetry.debug)
+}
+function isLogCollectionEnabled (config) {
+  return config && config.telemetry && config.telemetry.logCollection
+}
+function onTelemetryStart (msg) {
+  if (!msg || !isLogCollectionEnabled(msg.config)) {
+    log.info('IAST telemetry logs start received but log collection is not enabled or configuration is incorrect')
+    return false
+  }
+  log.info('IAST telemetry logs starting')
+  config = msg.config
+  application = msg.application
+  host = msg.host
+  if (msg.heartbeatInterval) {
+    interval = setInterval(sendLogs, msg.heartbeatInterval)
+    interval.unref()
+  }
+  return true
+}
+function onTelemetryStop () {
+  stop()
+}
+function start () {
+  telemetryStartChannel.subscribe(onTelemetryStart)
+  telemetryStopChannel.subscribe(onTelemetryStop)
+}
+function stop () {
+  if (!isLogCollectionEnabled(config)) return
+  log.info('IAST telemetry logs stopping')
+  config = null
+  application = null
+  host = null
+  if (telemetryStartChannel.hasSubscribers) {
+    telemetryStartChannel.unsubscribe(onTelemetryStart)
+  }
+  if (telemetryStopChannel.hasSubscribers) {
+    telemetryStopChannel.unsubscribe(onTelemetryStop)
+  }
+  clearInterval(interval)
+}
+module.exports = { start, stop, publish, isLevelEnabled }

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED Viewed

@@ -4,8 +4,11 @@ const VULNERABILITIES_KEY = 'vulnerabilities'
 const IAST_JSON_TAG_KEY = '_dd.iast.json'
 const VULNERABILITY_HASHES_MAX_SIZE = 1000
 const VULNERABILITY_HASHES = new LRU({ max: VULNERABILITY_HASHES_MAX_SIZE })
+const RESET_VULNERABILITY_CACHE_INTERVAL = 60 * 60 * 1000 // 1 hour
 let tracer
+let resetVulnerabilityCacheTimer
+let deduplicationEnabled = true
 function createVulnerability (type, evidence, spanId, location) {
   if (type && evidence) {
@@ -164,7 +167,20 @@ function clearCache () { // only for test purposes
   VULNERABILITY_HASHES.clear()
 }
+function startClearCacheTimer () {
+  resetVulnerabilityCacheTimer = setInterval(clearCache, RESET_VULNERABILITY_CACHE_INTERVAL)
+  resetVulnerabilityCacheTimer.unref()
+}
+function stopClearCacheTimer () {
+  if (resetVulnerabilityCacheTimer) {
+    clearInterval(resetVulnerabilityCacheTimer)
+    resetVulnerabilityCacheTimer = null
+  }
+}
 function deduplicateVulnerabilities (vulnerabilities) {
+  if (!deduplicationEnabled) return vulnerabilities
   const deduplicated = vulnerabilities.filter((vulnerability) => {
     const key = `${vulnerability.type}${vulnerability.hash}`
     if (!VULNERABILITY_HASHES.get(key)) {
@@ -176,14 +192,23 @@ function deduplicateVulnerabilities (vulnerabilities) {
   return deduplicated
 }
-function setTracer (_tracer) {
+function start (config, _tracer) {
+  deduplicationEnabled = config.iast.deduplicationEnabled
+  if (deduplicationEnabled) {
+    startClearCacheTimer()
+  }
   tracer = _tracer
 }
+function stop () {
+  stopClearCacheTimer()
+}
 module.exports = {
   createVulnerability,
   addVulnerability,
   sendVulnerabilities,
   clearCache,
-  setTracer
+  start,
+  stop
 }

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -70,12 +70,12 @@ function abortEnable (err) {
 }
 function incomingHttpStartTranslator ({ req, res, abortController }) {
-  const topSpan = web.root(req)
-  if (!topSpan) return
+  const rootSpan = web.root(req)
+  if (!rootSpan) return
   const clientIp = extractIp(config, req)
-  topSpan.addTags({
+  rootSpan.addTags({
     '_dd.appsec.enabled': 1,
     '_dd.runtime_family': 'nodejs',
     [HTTP_CLIENT_IP]: clientIp
@@ -97,7 +97,7 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
     for (const entry of results) {
       if (entry && entry.includes('block')) {
-        block(req, res, topSpan, abortController)
+        block(req, res, rootSpan, abortController)
         break
       }
     }

package/packages/dd-trace/src/appsec/recommended.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": "2.2",
   "metadata": {
-    "rules_version": "1.5.0"
+    "rules_version": "1.5.2"
   },
   "rules": [
     {
@@ -199,33 +199,6 @@
         "lowercase"
       ]
     },
-    {
-      "id": "crs-921-140",
-      "name": "HTTP Header Injection Attack via headers",
-      "tags": {
-        "type": "http_protocol_violation",
-        "crs_id": "921140",
-        "category": "attack_attempt"
-      },
-      "conditions": [
-        {
-          "parameters": {
-            "inputs": [
-              {
-                "address": "server.request.headers.no_cookies"
-              }
-            ],
-            "regex": "[\\n\\r]",
-            "options": {
-              "case_sensitive": true,
-              "min_length": 1
-            }
-          },
-          "operator": "match_regex"
-        }
-      ],
-      "transformers": []
-    },
     {
       "id": "crs-921-160",
       "name": "HTTP Header Injection Attack via payload (CR/LF and header-name detected)",
@@ -245,7 +218,7 @@
                 "address": "server.request.path_params"
               }
             ],
-            "regex": "[\\n\\r]+(?:\\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\\s*:",
+            "regex": "[\\n\\r]+(?:refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|via|remote-ip|remote-addr|originating-IP))\\s*:",
             "options": {
               "case_sensitive": true,
               "min_length": 3
@@ -278,7 +251,7 @@
                 "address": "server.request.headers.no_cookies"
               }
             ],
-            "regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01]|\\?)?|\\?\\.?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
+            "regex": "(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\\.))|\\.(?:%0[01])?|0x2e){2,3}(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\/|\\x5c)",
             "options": {
               "min_length": 4
             }
@@ -1378,16 +1351,11 @@
               "etc/timezone",
               "etc/modules",
               "etc/passwd",
-              "etc/passwd~",
-              "etc/passwd-",
               "etc/shadow",
-              "etc/shadow~",
-              "etc/shadow-",
               "etc/fstab",
               "etc/motd",
               "etc/hosts",
               "etc/group",
-              "etc/group-",
               "etc/alias",
               "etc/crontab",
               "etc/crypttab",
@@ -1834,7 +1802,7 @@
                 "address": "server.request.path_params"
               }
             ],
-            "regex": "^(?i:file|ftps?|http)://.*?\\?+$",
+            "regex": "^(?i:file|ftps?)://.*?\\?+$",
             "options": {
               "case_sensitive": true,
               "min_length": 4
@@ -1898,11 +1866,8 @@
               "dev/tcp/",
               "dev/udp/",
               "dev/zero",
-              "etc/group",
               "etc/master.passwd",
-              "etc/passwd",
               "etc/pwd.db",
-              "etc/shadow",
               "etc/shells",
               "etc/spwd.db",
               "proc/self/",
@@ -4117,9 +4082,7 @@
               "java.lang.number",
               "java.lang.object",
               "java.lang.process",
-              "java.lang.processbuilder",
               "java.lang.reflect",
-              "java.lang.runtime",
               "java.lang.string",
               "java.lang.stringbuilder",
               "java.lang.system",
@@ -4452,6 +4415,74 @@
       ],
       "transformers": []
     },
+    {
+      "id": "dog-934-001",
+      "name": "XXE - XML file loads external entity",
+      "tags": {
+        "type": "xxe",
+        "category": "attack_attempt",
+        "confidence": "0"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
+            "options": {
+              "case_sensitive": false,
+              "min_length": 24
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
+    {
+      "id": "dog-942-001",
+      "name": "Blind XSS callback domains",
+      "tags": {
+        "type": "xss",
+        "category": "attack_attempt",
+        "confidence": "1"
+      },
+      "conditions": [
+        {
+          "parameters": {
+            "inputs": [
+              {
+                "address": "server.request.query"
+              },
+              {
+                "address": "server.request.body"
+              },
+              {
+                "address": "server.request.path_params"
+              },
+              {
+                "address": "server.request.headers.no_cookies"
+              },
+              {
+                "address": "grpc.server.request.message"
+              }
+            ],
+            "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
+            "options": {
+              "case_sensitive": false
+            }
+          },
+          "operator": "match_regex"
+        }
+      ],
+      "transformers": []
+    },
     {
       "id": "nfd-000-001",
       "name": "Detect common directory discovery scans",
@@ -5080,36 +5111,6 @@
         "removeNulls"
       ]
     },
-    {
-      "id": "sqr-000-007",
-      "name": "NoSQL: Detect common exploitation strategy",
-      "tags": {
-        "type": "nosql_injection",
-        "category": "attack_attempt"
-      },
-      "conditions": [
-        {
-          "parameters": {
-            "inputs": [
-              {
-                "address": "server.request.query"
-              },
-              {
-                "address": "server.request.body"
-              },
-              {
-                "address": "server.request.path_params"
-              }
-            ],
-            "regex": "^\\$(eq|ne|(l|g)te?|n?in|not|(n|x|)or|and|regex|where|expr|exists)$"
-          },
-          "operator": "match_regex"
-        }
-      ],
-      "transformers": [
-        "keys_only"
-      ]
-    },
     {
       "id": "sqr-000-008",
       "name": "Windows: Detect attempts to exfiltrate .ini files",
@@ -5275,7 +5276,7 @@
                 "address": "grpc.server.request.message"
               }
             ],
-            "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/.*|)$"
+            "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
           },
           "operator": "match_regex"
         }
@@ -5309,7 +5310,7 @@
                 "address": "grpc.server.request.message"
               }
             ],
-            "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/.*)?$"
+            "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
           },
           "operator": "match_regex"
         }
@@ -5346,7 +5347,7 @@
                 "address": "grpc.server.request.message"
               }
             ],
-            "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click)"
+            "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com)"
           },
           "operator": "match_regex"
         }
@@ -6720,4 +6721,4 @@
       "transformers": []
     }
   ]
-}
+}

package/packages/dd-trace/src/appsec/remote_config/capabilities.js CHANGED Viewed

@@ -3,5 +3,6 @@
 module.exports = {
   ASM_ACTIVATION: 1n << 1n,
   ASM_IP_BLOCKING: 1n << 2n,
-  ASM_DD_RULES: 1n << 3n
+  ASM_DD_RULES: 1n << 3n,
+  ASM_USER_BLOCKING: 1n << 7n
 }

package/packages/dd-trace/src/appsec/remote_config/index.js CHANGED Viewed

@@ -35,12 +35,15 @@ function enable (config) {
 function enableAsmData (appsecConfig) {
   if (rc && appsecConfig && appsecConfig.rules === undefined) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, true)
     rc.on('ASM_DATA', _asmDataListener)
   }
 }
 function disableAsmData () {
   if (rc) {
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, false)
     rc.off('ASM_DATA', _asmDataListener)
   }
 }

package/packages/dd-trace/src/appsec/sdk/index.js CHANGED Viewed

@@ -1,10 +1,16 @@
 'use strict'
 const { trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent } = require('./track_event')
+const { checkUserAndSetUser, blockRequest } = require('./user_blocking')
+const { loadTemplates } = require('../blocking')
+const { setUser } = require('./set_user')
 class AppsecSdk {
-  constructor (tracer) {
+  constructor (tracer, config) {
     this._tracer = tracer
+    if (config) {
+      loadTemplates(config)
+    }
   }
   trackUserLoginSuccessEvent (user, metadata) {
@@ -18,6 +24,18 @@ class AppsecSdk {
   trackCustomEvent (eventName, metadata) {
     return trackCustomEvent(this._tracer, eventName, metadata)
   }
+  isUserBlocked (user) {
+    return checkUserAndSetUser(this._tracer, user)
+  }
+  blockRequest (req, res) {
+    return blockRequest(this._tracer, req, res)
+  }
+  setUser (user) {
+    return setUser(this._tracer, user)
+  }
 }
 module.exports = AppsecSdk

package/packages/dd-trace/src/appsec/sdk/noop.js CHANGED Viewed

@@ -6,6 +6,12 @@ class NoopAppsecSdk {
   trackUserLoginFailureEvent () {}
   trackCustomEvent () {}
+  isUserBlocked () {}
+  blockRequest () {}
+  setUser () {}
 }
 module.exports = NoopAppsecSdk

package/packages/dd-trace/src/appsec/sdk/set_user.js ADDED Viewed

@@ -0,0 +1,30 @@
+'use strict'
+const { getRootSpan } = require('./utils')
+const log = require('../../log')
+function setUserTags (user, rootSpan) {
+  for (const k of Object.keys(user)) {
+    rootSpan.setTag(`usr.${k}`, '' + user[k])
+  }
+}
+function setUser (tracer, user) {
+  if (!user || !user.id) {
+    log.warn('Invalid user provided to setUser')
+    return
+  }
+  const rootSpan = getRootSpan(tracer)
+  if (!rootSpan) {
+    log.warn('Root span not available in setUser')
+    return
+  }
+  setUserTags(user, rootSpan)
+}
+module.exports = {
+  setUserTags,
+  setUser
+}