dd-trace 3.41.0 → 3.43.0

package/packages/datadog-plugin-aerospike/src/index.js

@@ -0,0 +1,113 @@
+'use strict'
+
+const { storage } = require('../../datadog-core')
+const DatabasePlugin = require('../../dd-trace/src/plugins/database')
+
+const AEROSPIKE_PEER_SERVICE = 'aerospike.namespace'
+
+class AerospikePlugin extends DatabasePlugin {
+  static get id () { return 'aerospike' }
+  static get operation () { return 'command' }
+  static get system () { return 'aerospike' }
+  static get prefix () {
+    return 'tracing:apm:aerospike:command'
+  }
+
+  static get peerServicePrecursors () {
+    return [AEROSPIKE_PEER_SERVICE]
+  }
+
+  bindStart (ctx) {
+    const { commandName, commandArgs } = ctx
+    const resourceName = commandName.slice(0, commandName.indexOf('Command'))
+    const store = storage.getStore()
+    const childOf = store ? store.span : null
+    const meta = getMeta(resourceName, commandArgs)
+
+    const span = this.startSpan(this.operationName(), {
+      childOf,
+      service: this.serviceName({ pluginConfig: this.config }),
+      type: 'aerospike',
+      kind: 'client',
+      resource: resourceName,
+      meta
+    }, false)
+
+    ctx.parentStore = store
+    ctx.currentStore = { ...store, span }
+
+    return ctx.currentStore
+  }
+
+  bindAsyncStart (ctx) {
+    if (ctx.currentStore) {
+      // have to manually trigger peer service calculation when using tracing channel
+      this.tagPeerService(ctx.currentStore.span)
+      ctx.currentStore.span.finish()
+    }
+    return ctx.parentStore
+  }
+
+  end (ctx) {
+    if (ctx.result) {
+      // have to manually trigger peer service calculation when using tracing channel
+      this.tagPeerService(ctx.currentStore.span)
+      ctx.currentStore.span.finish()
+    }
+  }
+
+  error (ctx) {
+    if (ctx.error) {
+      const error = ctx.error
+      const span = ctx.currentStore.span
+      span.setTag('error', error)
+    }
+  }
+}
+
+function getMeta (resourceName, commandArgs) {
+  let meta = {}
+  if (resourceName.includes('Index')) {
+    const [ns, set, bin, index] = commandArgs
+    meta = getMetaForIndex(ns, set, bin, index)
+  } else if (resourceName === 'Query') {
+    const { ns, set } = commandArgs[2]
+    meta = getMetaForQuery({ ns, set })
+  } else if (isKeyObject(commandArgs[0])) {
+    const { ns, set, key } = commandArgs[0]
+    meta = getMetaForKey(ns, set, key)
+  }
+  return meta
+}
+
+function getMetaForIndex (ns, set, bin, index) {
+  return {
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set,
+    'aerospike.bin': bin,
+    'aerospike.index': index
+  }
+}
+
+function getMetaForKey (ns, set, key) {
+  return {
+    'aerospike.key': `${ns}:${set}:${key}`,
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set,
+    'aerospike.userkey': key
+  }
+}
+
+function getMetaForQuery (queryObj) {
+  const { ns, set } = queryObj
+  return {
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set
+  }
+}
+
+function isKeyObject (obj) {
+  return obj && obj.ns !== undefined && obj.set !== undefined && obj.key !== undefined
+}
+
+module.exports = AerospikePlugin

package/packages/datadog-plugin-graphql/src/resolve.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing')
+const dc = require('dc-polyfill')
 
 const collapsedPathSym = Symbol('collapsedPaths')
 
@@ -14,8 +15,6 @@ class GraphQLResolvePlugin extends TracingPlugin {
     if (!shouldInstrument(this.config, path)) return
     const computedPathString = path.join('.')
 
-    addResolver(context, info, args)
-
     if (this.config.collapse) {
       if (!context[collapsedPathSym]) {
         context[collapsedPathSym] = {}
@@ -55,6 +54,10 @@ class GraphQLResolvePlugin extends TracingPlugin {
           span.setTag(`graphql.variables.${name}`, variables[name])
         })
     }
+
+    if (this.resolverStartCh.hasSubscribers) {
+      this.resolverStartCh.publish({ context, resolverInfo: getResolverInfo(info, args) })
+    }
   }
 
   constructor (...args) {
@@ -69,6 +72,8 @@ class GraphQLResolvePlugin extends TracingPlugin {
       field.finishTime = span._getTime ? span._getTime() : 0
       field.error = field.error || err
     })
+
+    this.resolverStartCh = dc.channel('datadog:graphql:resolver:start')
   }
 
   configure (config) {
@@ -109,28 +114,31 @@ function withCollapse (responsePathAsArray) {
   }
 }
 
-function addResolver (context, info, args) {
-  if (info.rootValue && !info.rootValue[info.fieldName]) {
-    return
-  }
+function getResolverInfo (info, args) {
+  let resolverInfo = null
+  const resolverVars = {}
 
-  if (!context.resolvers) {
-    context.resolvers = {}
+  if (args && Object.keys(args).length) {
+    Object.assign(resolverVars, args)
   }
 
-  const resolvers = context.resolvers
-
-  if (!resolvers[info.fieldName]) {
-    if (args && Object.keys(args).length) {
-      resolvers[info.fieldName] = [args]
-    } else {
-      resolvers[info.fieldName] = []
+  const directives = info.fieldNodes[0].directives
+  for (const directive of directives) {
+    const argList = {}
+    for (const argument of directive['arguments']) {
+      argList[argument.name.value] = argument.value.value
     }
-  } else {
-    if (args && Object.keys(args).length) {
-      resolvers[info.fieldName].push(args)
+
+    if (Object.keys(argList).length) {
+      resolverVars[directive.name.value] = argList
     }
   }
+
+  if (Object.keys(resolverVars).length) {
+    resolverInfo = { [info.fieldName]: resolverVars }
+  }
+
+  return resolverInfo
 }
 
 module.exports = GraphQLResolvePlugin

package/packages/datadog-plugin-http/src/client.js

@@ -58,7 +58,7 @@ class HttpClientPlugin extends ClientPlugin {
       span._spanContext._trace.record = false
     }
 
-    if (!(hasAmazonSignature(options) || !this.config.propagationFilter(uri))) {
+    if (this.shouldInjectTraceHeaders(options, uri)) {
       this.tracer.inject(span, HTTP_HEADERS, options.headers)
     }
 
@@ -71,6 +71,18 @@ class HttpClientPlugin extends ClientPlugin {
     return message.currentStore
   }
 
+  shouldInjectTraceHeaders (options, uri) {
+    if (hasAmazonSignature(options) && !this.config.enablePropagationWithAmazonHeaders) {
+      return false
+    }
+
+    if (!this.config.propagationFilter(uri)) {
+      return false
+    }
+
+    return true
+  }
+
   bindAsyncStart ({ parentStore }) {
     return parentStore
   }
@@ -98,7 +110,7 @@ class HttpClientPlugin extends ClientPlugin {
     span.finish()
   }
 
-  error ({ span, error }) {
+  error ({ span, error, args, customRequestTimeout }) {
     if (!span) return
     if (error) {
       span.addTags({
@@ -107,6 +119,11 @@ class HttpClientPlugin extends ClientPlugin {
         [ERROR_STACK]: error.stack
       })
     } else {
+      // conditions for no error:
+      // 1. not using a custom agent instance with custom timeout specified
+      // 2. no invocation of `req.setTimeout`
+      if (!args.options.agent?.options.timeout && !customRequestTimeout) return
+
       span.setTag('error', 1)
     }
   }

package/packages/datadog-plugin-kafkajs/src/consumer.js

@@ -7,6 +7,57 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
   static get id () { return 'kafkajs' }
   static get operation () { return 'consume' }
 
+  constructor () {
+    super(...arguments)
+    this.addSub('apm:kafkajs:consume:commit', message => this.commit(message))
+  }
+
+  /**
+   * Transform individual commit details sent by kafkajs' event reporter
+   * into actionable backlog items for DSM
+   *
+   * @typedef {object} ConsumerBacklog
+   * @property {number} type
+   * @property {string} consumer_group
+   * @property {string} topic
+   * @property {number} partition
+   * @property {number} offset
+   *
+   * @typedef {object} CommitEventItem
+   * @property {string} groupId
+   * @property {string} topic
+   * @property {number} partition
+   * @property {import('kafkajs/utils/long').Long} offset
+   *
+   * @param {CommitEventItem} commit
+   * @returns {ConsumerBacklog}
+   */
+  transformCommit (commit) {
+    const { groupId, partition, offset, topic } = commit
+    return {
+      partition,
+      topic,
+      type: 'kafka_commit',
+      offset: Number(offset),
+      consumer_group: groupId
+    }
+  }
+
+  commit (commitList) {
+    if (!this.config.dsmEnabled) return
+    const keys = [
+      'consumer_group',
+      'type',
+      'partition',
+      'offset',
+      'topic'
+    ]
+    for (const commit of commitList.map(this.transformCommit)) {
+      if (keys.some(key => !commit.hasOwnProperty(key))) continue
+      this.tracer.setOffset(commit)
+    }
+  }
+
   start ({ topic, partition, message, groupId }) {
     const childOf = extract(this.tracer, message.headers)
     const span = this.startSpan({

package/packages/datadog-plugin-kafkajs/src/producer.js

@@ -11,6 +11,61 @@ class KafkajsProducerPlugin extends ProducerPlugin {
   static get operation () { return 'produce' }
   static get peerServicePrecursors () { return [BOOTSTRAP_SERVERS_KEY] }
 
+  constructor () {
+    super(...arguments)
+    this.addSub('apm:kafkajs:produce:commit', message => this.commit(message))
+  }
+
+  /**
+   * Transform individual commit details sent by kafkajs' event reporter
+   * into actionable backlog items for DSM
+   *
+   * @typedef {object} ProducerBacklog
+   * @property {number} type
+   * @property {string} topic
+   * @property {number} partition
+   * @property {number} offset
+   *
+   * @typedef {object} ProducerResponseItem
+   * @property {string} topic
+   * @property {number} partition
+   * @property {import('kafkajs/utils/long').Long} [offset]
+   * @property {import('kafkajs/utils/long').Long} [baseOffset]
+   *
+   * @param {ProducerResponseItem} response
+   * @returns {ProducerBacklog}
+   */
+  transformProduceResponse (response) {
+    // In produce protocol >=v3, the offset key changes from `offset` to `baseOffset`
+    const { topicName: topic, partition, offset, baseOffset } = response
+    const offsetAsLong = offset || baseOffset
+    return {
+      type: 'kafka_produce',
+      partition,
+      offset: offsetAsLong ? Number(offsetAsLong) : undefined,
+      topic
+    }
+  }
+
+  /**
+   *
+   * @param {ProducerResponseItem[]} commitList
+   * @returns {void}
+   */
+  commit (commitList) {
+    if (!this.config.dsmEnabled) return
+    const keys = [
+      'type',
+      'partition',
+      'offset',
+      'topic'
+    ]
+    for (const commit of commitList.map(this.transformProduceResponse)) {
+      if (keys.some(key => !commit.hasOwnProperty(key))) continue
+      this.tracer.setOffset(commit)
+    }
+  }
+
   start ({ topic, messages, bootstrapServers }) {
     let pathwayCtx
     const span = this.startSpan({

package/packages/datadog-plugin-next/src/index.js

@@ -6,6 +6,8 @@ const analyticsSampler = require('../../dd-trace/src/analytics_sampler')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const web = require('../../dd-trace/src/plugins/util/web')
 
+const errorPages = ['/404', '/500', '/_error', '/_not-found']
+
 class NextPlugin extends ServerPlugin {
   static get id () {
     return 'next'
@@ -40,6 +42,13 @@ class NextPlugin extends ServerPlugin {
   }
 
   error ({ span, error }) {
+    if (!span) {
+      const store = storage.getStore()
+      if (!store) return
+
+      span = store.span
+    }
+
     this.addError(error, span)
   }
 
@@ -50,10 +59,20 @@ class NextPlugin extends ServerPlugin {
 
     const span = store.span
     const error = span.context()._tags['error']
-
-    if (!this.config.validateStatus(res.statusCode) && !error) {
-      span.setTag('error', req.error || nextRequest.error || true)
-      web.addError(req, req.error || nextRequest.error || true)
+    const requestError = req.error || nextRequest.error
+
+    if (requestError) {
+      // prioritize user-set errors from API routes
+      span.setTag('error', requestError)
+      web.addError(req, requestError)
+    } else if (error) {
+      // general error handling
+      span.setTag('error', error)
+      web.addError(req, requestError || error)
+    } else if (!this.config.validateStatus(res.statusCode)) {
+      // where there's no error, we still need to validate status
+      span.setTag('error', true)
+      web.addError(req, true)
     }
 
     span.addTags({
@@ -65,7 +84,7 @@ class NextPlugin extends ServerPlugin {
     span.finish()
   }
 
-  pageLoad ({ page, isAppPath = false }) {
+  pageLoad ({ page, isAppPath = false, isStatic = false }) {
     const store = storage.getStore()
 
     if (!store) return
@@ -73,21 +92,28 @@ class NextPlugin extends ServerPlugin {
     const span = store.span
     const req = this._requests.get(span)
 
+    // safeguard against missing req in complicated timeout scenarios
+    if (!req) return
+
     // Only use error page names if there's not already a name
     const current = span.context()._tags['next.page']
-    if (current && ['/404', '/500', '/_error', '/_not-found'].includes(page)) {
+    const isErrorPage = errorPages.includes(page)
+
+    if (current && isErrorPage) {
       return
     }
 
     // remove ending /route or /page for appDir projects
-    if (isAppPath) page = page.substring(0, page.lastIndexOf('/'))
-
-    // This is for static files whose 'page' includes the whole file path
-    // For normal page matches, like /api/hello/[name] and a req.url like /api/hello/world,
-    // nothing should happen
-    // For page matches like /User/something/public/text.txt and req.url like /text.txt,
-    // it should disregard the extra absolute path Next.js sometimes sets
-    if (page.includes(req.url)) page = req.url
+    // need to check if not an error page too, as those are marked as app directory
+    // in newer versions
+    if (isAppPath && !isErrorPage) page = page.substring(0, page.lastIndexOf('/'))
+
+    // handle static resource
+    if (isStatic) {
+      page = req.url.includes('_next/static')
+        ? '/_next/static/*'
+        : '/public/*'
+    }
 
     span.addTags({
       [COMPONENT]: this.constructor.id,

package/packages/dd-trace/src/appsec/activation.js

@@ -0,0 +1,29 @@
+'use strict'
+
+const Activation = {
+  ONECLICK: 'OneClick',
+  ENABLED: 'Enabled',
+  DISABLED: 'Disabled',
+
+  fromConfig (config) {
+    switch (config.appsec.enabled) {
+      // ASM is activated by an env var DD_APPSEC_ENABLED=true
+      case true:
+        return Activation.ENABLED
+
+      // ASM is disabled by an env var DD_APPSEC_ENABLED=false
+      case false:
+        return Activation.DISABLED
+
+      // ASM is activated by one click remote config
+      case undefined:
+        return Activation.ONECLICK
+
+      // Any other value should never occur
+      default:
+        return Activation.DISABLED
+    }
+  }
+}
+
+module.exports = Activation

package/packages/dd-trace/src/appsec/addresses.js

@@ -13,8 +13,10 @@ module.exports = {
   HTTP_INCOMING_RESPONSE_HEADERS: 'server.response.headers.no_cookies',
   // TODO: 'server.response.trailers',
   HTTP_INCOMING_GRAPHQL_RESOLVERS: 'graphql.server.all_resolvers',
+  HTTP_INCOMING_GRAPHQL_RESOLVER: 'graphql.server.resolver',
 
   HTTP_CLIENT_IP: 'http.client_ip',
 
-  USER_ID: 'usr.id'
+  USER_ID: 'usr.id',
+  WAF_CONTEXT_PROCESSOR: 'waf.context.processor'
 }

package/packages/dd-trace/src/appsec/api_security_sampler.js

@@ -0,0 +1,48 @@
+'use strict'
+
+const log = require('../log')
+
+let enabled
+let requestSampling
+
+function configure ({ apiSecurity }) {
+  enabled = apiSecurity.enabled
+  setRequestSampling(apiSecurity.requestSampling)
+}
+
+function disable () {
+  enabled = false
+}
+
+function setRequestSampling (sampling) {
+  requestSampling = parseRequestSampling(sampling)
+}
+
+function parseRequestSampling (requestSampling) {
+  let parsed = parseFloat(requestSampling)
+
+  if (isNaN(parsed)) {
+    log.warn(`Incorrect API Security request sampling value: ${requestSampling}`)
+
+    parsed = 0
+  } else {
+    parsed = Math.min(1, Math.max(0, parsed))
+  }
+
+  return parsed
+}
+
+function sampleRequest () {
+  if (!enabled || !requestSampling) {
+    return false
+  }
+
+  return Math.random() <= requestSampling
+}
+
+module.exports = {
+  configure,
+  disable,
+  setRequestSampling,
+  sampleRequest
+}

package/packages/dd-trace/src/appsec/blocked_templates.js

@@ -5,7 +5,10 @@ const html = `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta n
 
 const json = `{"errors":[{"title":"You've been blocked","detail":"Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}`
 
+const graphqlJson = `{"errors":[{"message":"You've been blocked","extensions":{"detail":"Sorry, you cannot perform this operation. Please contact the customer service team. Security provided by Datadog."}}]}`
+
 module.exports = {
   html,
-  json
+  json,
+  graphqlJson
 }