dd-trace 3.17.1 → 3.19.0

package/packages/datadog-plugin-http/src/server.js

@@ -3,7 +3,7 @@
 const Plugin = require('../../dd-trace/src/plugins/plugin')
 const { storage } = require('../../datadog-core')
 const web = require('../../dd-trace/src/plugins/util/web')
-const { incomingHttpRequestStart, incomingHttpRequestEnd } = require('../../dd-trace/src/appsec/gateway/channels')
+const { incomingHttpRequestStart, incomingHttpRequestEnd } = require('../../dd-trace/src/appsec/channels')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 
 class HttpServerPlugin extends Plugin {
@@ -33,7 +33,7 @@ class HttpServerPlugin extends Plugin {
       }
 
       if (incomingHttpRequestStart.hasSubscribers) {
-        incomingHttpRequestStart.publish({ req, res, abortController })
+        incomingHttpRequestStart.publish({ req, res, abortController }) // TODO: no need to make a new object here
       }
     })
 

package/packages/datadog-plugin-http2/src/server.js

@@ -5,7 +5,6 @@
 const Plugin = require('../../dd-trace/src/plugins/plugin')
 const { storage } = require('../../datadog-core')
 const web = require('../../dd-trace/src/plugins/util/web')
-const { incomingHttpRequestStart } = require('../../dd-trace/src/appsec/gateway/channels')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 
 class Http2ServerPlugin extends Plugin {
@@ -30,10 +29,6 @@ class Http2ServerPlugin extends Plugin {
         context.res.writeHead = web.wrapWriteHead(context)
         context.instrumented = true
       }
-
-      if (incomingHttpRequestStart.hasSubscribers) {
-        incomingHttpRequestStart.publish({ req, res })
-      }
     })
 
     this.addSub('apm:http2:server:request:error', (error) => {

package/packages/datadog-plugin-jest/src/index.js

@@ -9,7 +9,8 @@ const {
   addIntelligentTestRunnerSpanTags,
   TEST_PARAMETERS,
   TEST_COMMAND,
-  TEST_FRAMEWORK_VERSION
+  TEST_FRAMEWORK_VERSION,
+  TEST_SOURCE_START
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const id = require('../../dd-trace/src/id')
@@ -31,8 +32,11 @@ class JestPlugin extends CiPlugin {
       // Used to handle the end of a jest worker to be able to flush
       const handler = ([message]) => {
         if (message === CHILD_MESSAGE_END) {
-          this.testSuiteSpan.finish()
-          finishAllTraceSpans(this.testSuiteSpan)
+          // testSuiteSpan is not defined for older versions of jest, where jest-jasmine2 is still used
+          if (this.testSuiteSpan) {
+            this.testSuiteSpan.finish()
+            finishAllTraceSpans(this.testSuiteSpan)
+          }
           this.tracer._exporter.flush()
           process.removeListener('message', handler)
         }
@@ -187,12 +191,13 @@ class JestPlugin extends CiPlugin {
   }
 
   startTestSpan (test) {
-    const { suite, name, runner, testParameters, frameworkVersion } = test
+    const { suite, name, runner, testParameters, frameworkVersion, testStartLine } = test
 
     const extraTags = {
       [JEST_TEST_RUNNER]: runner,
       [TEST_PARAMETERS]: testParameters,
-      [TEST_FRAMEWORK_VERSION]: frameworkVersion
+      [TEST_FRAMEWORK_VERSION]: frameworkVersion,
+      [TEST_SOURCE_START]: testStartLine
     }
 
     return super.startTestSpan(name, suite, this.testSuiteSpan, extraTags)

package/packages/datadog-plugin-kafkajs/src/consumer.js

@@ -8,12 +8,9 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
 
   start ({ topic, partition, message }) {
     const childOf = extract(this.tracer, message.headers)
-
-    this.startSpan('kafka.consume', {
+    this.startSpan({
       childOf,
-      service: this.config.service || `${this.tracer._service}-kafka`,
       resource: topic,
-      kind: 'consumer',
       type: 'worker',
       meta: {
         'component': 'kafkajs',

package/packages/datadog-plugin-kafkajs/src/producer.js

@@ -7,10 +7,8 @@ class KafkajsProducerPlugin extends ProducerPlugin {
   static get operation () { return 'produce' }
 
   start ({ topic, messages }) {
-    const span = this.startSpan('kafka.produce', {
-      service: this.config.service || `${this.tracer._service}-kafka`,
+    const span = this.startSpan({
       resource: topic,
-      kind: 'producer',
       meta: {
         'component': 'kafkajs',
         'kafka.topic': topic

package/packages/datadog-plugin-mocha/src/index.js

@@ -10,7 +10,8 @@ const {
   getTestSuitePath,
   getTestParametersString,
   getTestSuiteCommonTags,
-  addIntelligentTestRunnerSpanTags
+  addIntelligentTestRunnerSpanTags,
+  TEST_SOURCE_START
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 
@@ -85,9 +86,9 @@ class MochaPlugin extends CiPlugin {
       }
     })
 
-    this.addSub('ci:mocha:test:start', (test) => {
+    this.addSub('ci:mocha:test:start', ({ test, testStartLine }) => {
       const store = storage.getStore()
-      const span = this.startTestSpan(test)
+      const span = this.startTestSpan(test, testStartLine)
 
       this.enter(span, store)
     })
@@ -153,7 +154,7 @@ class MochaPlugin extends CiPlugin {
     })
   }
 
-  startTestSpan (test) {
+  startTestSpan (test, testStartLine) {
     const testName = test.fullTitle()
     const { file: testSuiteAbsolutePath, title } = test
 
@@ -163,6 +164,10 @@ class MochaPlugin extends CiPlugin {
       extraTags[TEST_PARAMETERS] = testParametersString
     }
 
+    if (testStartLine) {
+      extraTags[TEST_SOURCE_START] = testStartLine
+    }
+
     const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.sourceRoot)
     const testSuiteSpan = this._testSuites.get(testSuiteAbsolutePath)
 

package/packages/datadog-plugin-playwright/src/index.js

@@ -7,7 +7,8 @@ const {
   TEST_STATUS,
   finishAllTraceSpans,
   getTestSuitePath,
-  getTestSuiteCommonTags
+  getTestSuiteCommonTags,
+  TEST_SOURCE_START
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT } = require('../../dd-trace/src/constants')
@@ -64,10 +65,10 @@ class PlaywrightPlugin extends CiPlugin {
       span.finish()
     })
 
-    this.addSub('ci:playwright:test:start', ({ testName, testSuiteAbsolutePath }) => {
+    this.addSub('ci:playwright:test:start', ({ testName, testSuiteAbsolutePath, testSourceLine }) => {
       const store = storage.getStore()
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.rootDir)
-      const span = this.startTestSpan(testName, testSuite)
+      const span = this.startTestSpan(testName, testSuite, testSourceLine)
 
       this.enter(span, store)
     })
@@ -104,9 +105,9 @@ class PlaywrightPlugin extends CiPlugin {
     })
   }
 
-  startTestSpan (testName, testSuite) {
+  startTestSpan (testName, testSuite, testSourceLine) {
     const testSuiteSpan = this._testSuites.get(testSuite)
-    return super.startTestSpan(testName, testSuite, testSuiteSpan)
+    return super.startTestSpan(testName, testSuite, testSuiteSpan, { [TEST_SOURCE_START]: testSourceLine })
   }
 }
 

package/packages/datadog-plugin-redis/src/index.js

@@ -9,17 +9,19 @@ class RedisPlugin extends CachePlugin {
   static get system () { return 'redis' }
 
   start ({ db, command, args, connectionOptions = {}, connectionName }) {
-    if (!this.config.filter(command)) return this.skip()
+    const resource = command
+    const normalizedCommand = command.toUpperCase()
+    if (!this.config.filter(normalizedCommand)) return this.skip()
 
     this.startSpan('redis.command', {
       service: getService(this.config, connectionName),
-      resource: command,
+      resource,
       type: 'redis',
       kind: 'client',
       meta: {
         'db.type': 'redis',
         'db.name': db || '0',
-        'redis.raw_command': formatCommand(command, args),
+        'redis.raw_command': formatCommand(normalizedCommand, args),
         'out.host': connectionOptions.host,
         [CLIENT_PORT_KEY]: connectionOptions.port
       }
@@ -42,8 +44,6 @@ function getService (config, connectionName) {
 }
 
 function formatCommand (command, args) {
-  command = command.toUpperCase()
-
   if (!args || command === 'AUTH') return command
 
   for (let i = 0, l = args.length; i < l; i++) {
@@ -76,6 +76,11 @@ function trim (str, maxlen) {
 }
 
 function normalizeConfig (config) {
+  if (config.allowlist) uppercaseAllEntries(config.allowlist)
+  if (config.whitelist) uppercaseAllEntries(config.whitelist)
+  if (config.blocklist) uppercaseAllEntries(config.blocklist)
+  if (config.blacklist) uppercaseAllEntries(config.blacklist)
+
   const filter = urlFilter.getFilter(config)
 
   return Object.assign({}, config, {
@@ -83,4 +88,10 @@ function normalizeConfig (config) {
   })
 }
 
+function uppercaseAllEntries (entries) {
+  for (let i = 0; i < entries.length; i++) {
+    entries[i] = String(entries[i]).toUpperCase()
+  }
+}
+
 module.exports = RedisPlugin

package/packages/datadog-plugin-rhea/src/consumer.js

@@ -19,12 +19,10 @@ class RheaConsumerPlugin extends ConsumerPlugin {
     const name = getResourceNameFromMessage(msgObj)
     const childOf = extractTextMap(msgObj, this.tracer)
 
-    this.startSpan('amqp.receive', {
+    this.startSpan({
       childOf,
-      service: this.config.service,
       resource: name,
       type: 'worker',
-      kind: 'consumer',
       meta: {
         'component': 'rhea',
         'amqp.link.source.address': name,

package/packages/datadog-plugin-rhea/src/producer.js

@@ -9,17 +9,13 @@ class RheaProducerPlugin extends ProducerPlugin {
 
   constructor (...args) {
     super(...args)
-
     this.addTraceSub('encode', this.encode.bind(this))
   }
 
   start ({ targetAddress, host, port }) {
     const name = targetAddress || 'amq.topic'
-
-    this.startSpan('amqp.send', {
-      service: this.config.service || `${this.tracer._service}-amqp-producer`,
+    this.startSpan({
       resource: name,
-      kind: 'producer',
       meta: {
         'component': 'rhea',
         'amqp.link.target.address': name,

package/packages/dd-trace/src/appsec/addresses.js

@@ -7,14 +7,11 @@ module.exports = {
   // TODO: 'server.request.trailers',
   HTTP_INCOMING_URL: 'server.request.uri.raw',
   HTTP_INCOMING_METHOD: 'server.request.method',
-  HTTP_INCOMING_ENDPOINT: 'server.request.framework_endpoint',
   HTTP_INCOMING_PARAMS: 'server.request.path_params',
   HTTP_INCOMING_COOKIES: 'server.request.cookies',
   HTTP_INCOMING_RESPONSE_CODE: 'server.response.status',
   HTTP_INCOMING_RESPONSE_HEADERS: 'server.response.headers.no_cookies',
   // TODO: 'server.response.trailers',
-  HTTP_INCOMING_REMOTE_IP: 'server.request.client_ip',
-  HTTP_INCOMING_REMOTE_PORT: 'server.request.client_port',
 
   HTTP_CLIENT_IP: 'http.client_ip',
 

package/packages/dd-trace/src/appsec/blocked_templates.js

@@ -1,7 +1,7 @@
 /* eslint-disable max-len */
 'use strict'
 
-const html = `<!-- Sorry, you've been blocked -->
+const html = `<!-- Sorry, you’ve been blocked -->
 <!DOCTYPE html>
 <html lang="en">
 
@@ -102,14 +102,7 @@ const html = `<!-- Sorry, you've been blocked -->
 </html>
 `
 
-const json = `{
-  "errors": [
-    {
-      "title": "You've been blocked",
-      "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."
-    }
-  ]
-}`
+const json = `{"errors": [{"title": "You've been blocked", "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}`
 
 module.exports = {
   html,

package/packages/dd-trace/src/appsec/blocking.js

@@ -19,7 +19,7 @@ function block (req, res, rootSpan, abortController) {
   const accept = req.headers.accept && req.headers.accept.split(',').map((str) => str.split(';', 1)[0].trim())
 
   if (accept && accept.includes('text/html') && !accept.includes('application/json')) {
-    type = 'text/html'
+    type = 'text/html; charset=utf-8'
     body = templateHtml
   } else {
     type = 'application/json'

package/packages/dd-trace/src/appsec/{gateway/channels.js → channels.js}

@@ -1,11 +1,11 @@
 'use strict'
 
-const dc = require('diagnostics_channel')
+const dc = require('../../../diagnostics_channel')
 
 // TODO: use TBD naming convention
-//       or directly use http plugin's channels
-//       when it gets converted to new plugin system
 module.exports = {
   incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
-  incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd')
+  incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
+  bodyParser: dc.channel('datadog:body-parser:read:finish'),
+  queryParser: dc.channel('datadog:query:read:finish')
 }

package/packages/dd-trace/src/appsec/iast/index.js

@@ -3,7 +3,7 @@ const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
 const overheadController = require('./overhead-controller')
-const dc = require('diagnostics_channel')
+const dc = require('../../../../diagnostics_channel')
 const iastContextFunctions = require('./iast-context')
 const { enableTaintTracking, disableTaintTracking, createTransaction, removeTransaction } = require('./taint-tracking')
 

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js

@@ -2,6 +2,7 @@
 
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
+const iastLog = require('../iast-log')
 const { TaintTracking, TaintTrackingDummy } = require('./taint-tracking-impl')
 
 function createTransaction (id, iastContext) {
@@ -37,20 +38,27 @@ function taintObject (iastContext, object, type) {
     const visited = new WeakSet()
     while (queue.length > 0) {
       const { parent, property, value } = queue.pop()
-      if (typeof value === 'string') {
-        const tainted = TaintedUtils.newTaintedString(transactionId, value, property, type)
-        if (!parent) {
-          result = tainted
-        } else {
-          parent[property] = tainted
-        }
-      } else if (typeof value === 'object' && !visited.has(value)) {
-        visited.add(value)
-        const keys = Object.keys(value)
-        for (let i = 0; i < keys.length; i++) {
-          const key = keys[i]
-          queue.push({ parent: value, property: property ? `${property}.${key}` : key, value: value[key] })
+      if (value === null) {
+        continue
+      }
+      try {
+        if (typeof value === 'string') {
+          const tainted = TaintedUtils.newTaintedString(transactionId, value, property, type)
+          if (!parent) {
+            result = tainted
+          } else {
+            parent[property] = tainted
+          }
+        } else if (typeof value === 'object' && !visited.has(value)) {
+          visited.add(value)
+          const keys = Object.keys(value)
+          for (let i = 0; i < keys.length; i++) {
+            const key = keys[i]
+            queue.push({ parent: value, property: property ? `${property}.${key}` : key, value: value[key] })
+          }
         }
+      } catch (e) {
+        iastLog.error(`Error visiting property : ${property}`).errorAndPublish(e)
       }
     }
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js

@@ -12,7 +12,7 @@ class TaintTrackingPlugin extends Plugin {
     this._type = 'taint-tracking'
     this.addSub(
       'datadog:body-parser:read:finish',
-      ({ request }) => this._taintTrackingHandler(HTTP_REQUEST_BODY, request, 'body')
+      ({ req }) => this._taintTrackingHandler(HTTP_REQUEST_BODY, req, 'body')
     )
     this.addSub(
       'datadog:qs:parse:finish',

package/packages/dd-trace/src/appsec/iast/telemetry/logs.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const dc = require('diagnostics_channel')
+const dc = require('../../../../../diagnostics_channel')
 const logCollector = require('./log_collector')
 const { sendData } = require('../../../telemetry/send-data')
 const log = require('../../../log')

package/packages/dd-trace/src/appsec/index.js

@@ -3,8 +3,13 @@
 const log = require('../log')
 const RuleManager = require('./rule_manager')
 const remoteConfig = require('./remote_config')
-const { incomingHttpRequestStart, incomingHttpRequestEnd } = require('./gateway/channels')
-const Gateway = require('./gateway/engine')
+const {
+  incomingHttpRequestStart,
+  incomingHttpRequestEnd,
+  bodyParser,
+  queryParser
+} = require('./channels')
+const waf = require('./waf')
 const addresses = require('./addresses')
 const Reporter = require('./reporter')
 const web = require('../plugins/util/web')
@@ -21,39 +26,25 @@ function enable (_config) {
   try {
     setTemplates(_config)
 
-    // TODO: inline this function
-    enableFromRules(_config, _config.appsec.rules)
-  } catch (err) {
-    abortEnable(err)
-  }
-}
+    RuleManager.applyRules(_config.appsec.rules, _config.appsec)
 
-function enableFromRules (_config, rules) {
-  RuleManager.applyRules(rules, _config.appsec)
-  remoteConfig.enableAsmData(_config.appsec)
+    remoteConfig.enableWafUpdate(_config.appsec)
 
-  Reporter.setRateLimit(_config.appsec.rateLimit)
+    Reporter.setRateLimit(_config.appsec.rateLimit)
 
-  incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
-  incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
-
-  // add fields needed for HTTP context reporting
-  Gateway.manager.addresses.add(addresses.HTTP_INCOMING_HEADERS)
-  Gateway.manager.addresses.add(addresses.HTTP_INCOMING_ENDPOINT)
-  Gateway.manager.addresses.add(addresses.HTTP_INCOMING_RESPONSE_HEADERS)
-  Gateway.manager.addresses.add(addresses.HTTP_INCOMING_REMOTE_IP)
-
-  isEnabled = true
-  config = _config
-}
+    incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
+    incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
+    bodyParser.subscribe(onRequestBodyParsed)
+    queryParser.subscribe(onRequestQueryParsed)
 
-function abortEnable (err) {
-  log.error('Unable to start AppSec')
-  log.error(err)
+    isEnabled = true
+    config = _config
+  } catch (err) {
+    log.error('Unable to start AppSec')
+    log.error(err)
 
-  // abort AppSec start
-  RuleManager.clearAllRules()
-  remoteConfig.disableAsmData()
+    disable()
+  }
 }
 
 function incomingHttpStartTranslator ({ req, res, abortController }) {
@@ -68,78 +59,92 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
     [HTTP_CLIENT_IP]: clientIp
   })
 
-  const store = Gateway.startContext()
-
-  store.set('req', req)
-  store.set('res', res)
+  const requestHeaders = Object.assign({}, req.headers)
+  delete requestHeaders.cookie
 
-  const context = store.get('context')
+  const payload = {
+    [addresses.HTTP_INCOMING_URL]: req.url,
+    [addresses.HTTP_INCOMING_HEADERS]: requestHeaders,
+    [addresses.HTTP_INCOMING_METHOD]: req.method
+  }
 
   if (clientIp) {
-    const results = Gateway.propagate({
-      [addresses.HTTP_CLIENT_IP]: clientIp
-    }, context)
-
-    if (!results || !abortController) return
-
-    for (const entry of results) {
-      if (entry && entry.includes('block')) {
-        block(req, res, rootSpan, abortController)
-        break
-      }
-    }
+    payload[addresses.HTTP_CLIENT_IP] = clientIp
   }
-}
 
-function incomingHttpEndTranslator (data) {
-  const context = Gateway.getContext()
-  if (!context) return
+  const actions = waf.run(payload, req)
 
-  const requestHeaders = Object.assign({}, data.req.headers)
-  delete requestHeaders.cookie
+  handleResults(actions, req, res, rootSpan, abortController)
+}
 
+function incomingHttpEndTranslator ({ req, res }) {
   // TODO: this doesn't support headers sent with res.writeHead()
-  const responseHeaders = Object.assign({}, data.res.getHeaders())
+  const responseHeaders = Object.assign({}, res.getHeaders())
   delete responseHeaders['set-cookie']
 
   const payload = {
-    [addresses.HTTP_INCOMING_URL]: data.req.url,
-    [addresses.HTTP_INCOMING_HEADERS]: requestHeaders,
-    [addresses.HTTP_INCOMING_METHOD]: data.req.method,
-    [addresses.HTTP_INCOMING_REMOTE_IP]: data.req.socket.remoteAddress,
-    [addresses.HTTP_INCOMING_REMOTE_PORT]: data.req.socket.remotePort,
-    [addresses.HTTP_INCOMING_RESPONSE_CODE]: data.res.statusCode,
+    [addresses.HTTP_INCOMING_RESPONSE_CODE]: res.statusCode,
     [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders
   }
 
-  // TODO: temporary express instrumentation, will use express plugin later
-  if (data.req.body !== undefined && data.req.body !== null) {
-    payload[addresses.HTTP_INCOMING_BODY] = data.req.body
-  }
-
-  if (data.req.query && typeof data.req.query === 'object') {
-    payload[addresses.HTTP_INCOMING_QUERY] = data.req.query
+  // we need to keep this to support other body parsers
+  // TODO: no need to analyze it if it was already done by the body-parser hook
+  if (req.body !== undefined && req.body !== null) {
+    payload[addresses.HTTP_INCOMING_BODY] = req.body
   }
 
-  if (data.req.route && typeof data.req.route.path === 'string') {
-    payload[addresses.HTTP_INCOMING_ENDPOINT] = data.req.route.path
-  }
-
-  if (data.req.params && typeof data.req.params === 'object') {
-    payload[addresses.HTTP_INCOMING_PARAMS] = data.req.params
+  // TODO: temporary express instrumentation, will use express plugin later
+  if (req.params && typeof req.params === 'object') {
+    payload[addresses.HTTP_INCOMING_PARAMS] = req.params
   }
 
-  if (data.req.cookies && typeof data.req.cookies === 'object') {
+  if (req.cookies && typeof req.cookies === 'object') {
     payload[addresses.HTTP_INCOMING_COOKIES] = {}
 
-    for (const k of Object.keys(data.req.cookies)) {
-      payload[addresses.HTTP_INCOMING_COOKIES][k] = [data.req.cookies[k]]
+    for (const k of Object.keys(req.cookies)) {
+      payload[addresses.HTTP_INCOMING_COOKIES][k] = [req.cookies[k]]
     }
   }
 
-  Gateway.propagate(payload, context)
+  waf.run(payload, req)
+
+  waf.disposeContext(req)
+
+  Reporter.finishRequest(req, res)
+}
+
+function onRequestBodyParsed ({ req, res, abortController }) {
+  const rootSpan = web.root(req)
+  if (!rootSpan) return
+
+  if (req.body === undefined || req.body === null) return
+
+  const results = waf.run({
+    [addresses.HTTP_INCOMING_BODY]: req.body
+  }, req)
 
-  Reporter.finishRequest(data.req, context)
+  handleResults(results, req, res, rootSpan, abortController)
+}
+
+function onRequestQueryParsed ({ req, res, abortController }) {
+  const rootSpan = web.root(req)
+  if (!rootSpan) return
+
+  if (!req.query || typeof req.query !== 'object') return
+
+  const results = waf.run({
+    [addresses.HTTP_INCOMING_QUERY]: req.query
+  }, req)
+
+  handleResults(results, req, res, rootSpan, abortController)
+}
+
+function handleResults (actions, req, res, rootSpan, abortController) {
+  if (!actions || !req || !res || !rootSpan || !abortController) return
+
+  if (actions.includes('block')) {
+    block(req, res, rootSpan, abortController)
+  }
 }
 
 function disable () {
@@ -147,11 +152,14 @@ function disable () {
   config = null
 
   RuleManager.clearAllRules()
-  remoteConfig.disableAsmData()
+
+  remoteConfig.disableWafUpdate()
 
   // Channel#unsubscribe() is undefined for non active channels
   if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(incomingHttpStartTranslator)
   if (incomingHttpRequestEnd.hasSubscribers) incomingHttpRequestEnd.unsubscribe(incomingHttpEndTranslator)
+  if (bodyParser.hasSubscribers) bodyParser.unsubscribe(onRequestBodyParsed)
+  if (queryParser.hasSubscribers) queryParser.unsubscribe(onRequestQueryParsed)
 }
 
 module.exports = {