npm - dd-trace - Versions diffs - 3.52.0 → 3.54.0 - Mend

dd-trace 3.52.0 → 3.54.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secrets-rules.js CHANGED Viewed

@@ -3,267 +3,267 @@
 module.exports = [
   {
-    'id': 'adobe-client-secret',
-    'regex': /\b((p8e-)[a-z0-9]{32})(?:['"\s\x60;]|$)/i
+    id: 'adobe-client-secret',
+    regex: /\b((p8e-)[a-z0-9]{32})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'age-secret-key',
-    'regex': /AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}/
+    id: 'age-secret-key',
+    regex: /AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}/
   },
   {
-    'id': 'alibaba-access-key-id',
-    'regex': /\b((LTAI)[a-z0-9]{20})(?:['"\s\x60;]|$)/i
+    id: 'alibaba-access-key-id',
+    regex: /\b((LTAI)[a-z0-9]{20})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'authress-service-client-access-key',
-    'regex': /\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['"\s\x60;]|$)/i
+    id: 'authress-service-client-access-key',
+    regex: /\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'aws-access-token',
-    'regex': /\b((A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})(?:['"\s\x60;]|$)/
+    id: 'aws-access-token',
+    regex: /\b((A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})(?:['"\s\x60;]|$)/
   },
   {
-    'id': 'clojars-api-token',
-    'regex': /(CLOJARS_)[a-z0-9]{60}/i
+    id: 'clojars-api-token',
+    regex: /(CLOJARS_)[a-z0-9]{60}/i
   },
   {
-    'id': 'databricks-api-token',
-    'regex': /\b(dapi[a-h0-9]{32})(?:['"\s\x60;]|$)/i
+    id: 'databricks-api-token',
+    regex: /\b(dapi[a-h0-9]{32})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'digitalocean-access-token',
-    'regex': /\b(doo_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
+    id: 'digitalocean-access-token',
+    regex: /\b(doo_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'digitalocean-pat',
-    'regex': /\b(dop_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
+    id: 'digitalocean-pat',
+    regex: /\b(dop_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'digitalocean-refresh-token',
-    'regex': /\b(dor_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
+    id: 'digitalocean-refresh-token',
+    regex: /\b(dor_v1_[a-f0-9]{64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'doppler-api-token',
-    'regex': /(dp\.pt\.)[a-z0-9]{43}/i
+    id: 'doppler-api-token',
+    regex: /(dp\.pt\.)[a-z0-9]{43}/i
   },
   {
-    'id': 'duffel-api-token',
-    'regex': /duffel_(test|live)_[a-z0-9_\-=]{43}/i
+    id: 'duffel-api-token',
+    regex: /duffel_(test|live)_[a-z0-9_\-=]{43}/i
   },
   {
-    'id': 'dynatrace-api-token',
-    'regex': /dt0c01\.[a-z0-9]{24}\.[a-z0-9]{64}/i
+    id: 'dynatrace-api-token',
+    regex: /dt0c01\.[a-z0-9]{24}\.[a-z0-9]{64}/i
   },
   {
-    'id': 'easypost-api-token',
-    'regex': /\bEZAK[a-z0-9]{54}/i
+    id: 'easypost-api-token',
+    regex: /\bEZAK[a-z0-9]{54}/i
   },
   {
-    'id': 'flutterwave-public-key',
-    'regex': /FLWPUBK_TEST-[a-h0-9]{32}-X/i
+    id: 'flutterwave-public-key',
+    regex: /FLWPUBK_TEST-[a-h0-9]{32}-X/i
   },
   {
-    'id': 'frameio-api-token',
-    'regex': /fio-u-[a-z0-9\-_=]{64}/i
+    id: 'frameio-api-token',
+    regex: /fio-u-[a-z0-9\-_=]{64}/i
   },
   {
-    'id': 'gcp-api-key',
-    'regex': /\b(AIza[0-9a-z\-_]{35})(?:['"\s\x60;]|$)/i
+    id: 'gcp-api-key',
+    regex: /\b(AIza[0-9a-z\-_]{35})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'github-app-token',
-    'regex': /(ghu|ghs)_[0-9a-zA-Z]{36}/
+    id: 'github-app-token',
+    regex: /(ghu|ghs)_[0-9a-zA-Z]{36}/
   },
   {
-    'id': 'github-fine-grained-pat',
-    'regex': /github_pat_[0-9a-zA-Z_]{82}/
+    id: 'github-fine-grained-pat',
+    regex: /github_pat_[0-9a-zA-Z_]{82}/
   },
   {
-    'id': 'github-oauth',
-    'regex': /gho_[0-9a-zA-Z]{36}/
+    id: 'github-oauth',
+    regex: /gho_[0-9a-zA-Z]{36}/
   },
   {
-    'id': 'github-pat',
-    'regex': /ghp_[0-9a-zA-Z]{36}/
+    id: 'github-pat',
+    regex: /ghp_[0-9a-zA-Z]{36}/
   },
   {
-    'id': 'gitlab-pat',
-    'regex': /glpat-[0-9a-zA-Z\-_]{20}/
+    id: 'gitlab-pat',
+    regex: /glpat-[0-9a-zA-Z\-_]{20}/
   },
   {
-    'id': 'gitlab-ptt',
-    'regex': /glptt-[0-9a-f]{40}/
+    id: 'gitlab-ptt',
+    regex: /glptt-[0-9a-f]{40}/
   },
   {
-    'id': 'gitlab-rrt',
-    'regex': /GR1348941[0-9a-zA-Z\-_]{20}/
+    id: 'gitlab-rrt',
+    regex: /GR1348941[0-9a-zA-Z\-_]{20}/
   },
   {
-    'id': 'grafana-api-key',
-    'regex': /\b(eyJrIjoi[a-z0-9]{70,400}={0,2})(?:['"\s\x60;]|$)/i
+    id: 'grafana-api-key',
+    regex: /\b(eyJrIjoi[a-z0-9]{70,400}={0,2})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'grafana-cloud-api-token',
-    'regex': /\b(glc_[a-z0-9+/]{32,400}={0,2})(?:['"\s\x60;]|$)/i
+    id: 'grafana-cloud-api-token',
+    regex: /\b(glc_[a-z0-9+/]{32,400}={0,2})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'grafana-service-account-token',
-    'regex': /\b(glsa_[a-z0-9]{32}_[a-f0-9]{8})(?:['"\s\x60;]|$)/i
+    id: 'grafana-service-account-token',
+    regex: /\b(glsa_[a-z0-9]{32}_[a-f0-9]{8})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'hashicorp-tf-api-token',
-    'regex': /[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}/i
+    id: 'hashicorp-tf-api-token',
+    regex: /[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}/i
   },
   {
-    'id': 'jwt',
-    'regex': /\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/_-]{17,}\.(?:[a-zA-Z0-9/_-]{10,}={0,2})?)(?:['"\s\x60;]|$)/
+    id: 'jwt',
+    regex: /\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/_-]{17,}\.(?:[a-zA-Z0-9/_-]{10,}={0,2})?)(?:['"\s\x60;]|$)/
   },
   {
-    'id': 'linear-api-key',
-    'regex': /lin_api_[a-z0-9]{40}/i
+    id: 'linear-api-key',
+    regex: /lin_api_[a-z0-9]{40}/i
   },
   {
-    'id': 'npm-access-token',
-    'regex': /\b(npm_[a-z0-9]{36})(?:['"\s\x60;]|$)/i
+    id: 'npm-access-token',
+    regex: /\b(npm_[a-z0-9]{36})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'openai-api-key',
-    'regex': /\b(sk-[a-z0-9]{20}T3BlbkFJ[a-z0-9]{20})(?:['"\s\x60;]|$)/i
+    id: 'openai-api-key',
+    regex: /\b(sk-[a-z0-9]{20}T3BlbkFJ[a-z0-9]{20})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'planetscale-api-token',
-    'regex': /\b(pscale_tkn_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
+    id: 'planetscale-api-token',
+    regex: /\b(pscale_tkn_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'planetscale-oauth-token',
-    'regex': /\b(pscale_oauth_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
+    id: 'planetscale-oauth-token',
+    regex: /\b(pscale_oauth_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'planetscale-password',
-    'regex': /\b(pscale_pw_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
+    id: 'planetscale-password',
+    regex: /\b(pscale_pw_[a-z0-9=\-_.]{32,64})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'postman-api-token',
-    'regex': /\b(PMAK-[a-f0-9]{24}-[a-f0-9]{34})(?:['"\s\x60;]|$)/i
+    id: 'postman-api-token',
+    regex: /\b(PMAK-[a-f0-9]{24}-[a-f0-9]{34})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'prefect-api-token',
-    'regex': /\b(pnu_[a-z0-9]{36})(?:['"\s\x60;]|$)/i
+    id: 'prefect-api-token',
+    regex: /\b(pnu_[a-z0-9]{36})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'private-key',
-    'regex': /-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S]*KEY( BLOCK)?----/i
+    id: 'private-key',
+    regex: /-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S]*KEY( BLOCK)?----/i
   },
   {
-    'id': 'pulumi-api-token',
-    'regex': /\b(pul-[a-f0-9]{40})(?:['"\s\x60;]|$)/i
+    id: 'pulumi-api-token',
+    regex: /\b(pul-[a-f0-9]{40})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'pypi-upload-token',
-    'regex': /pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}/
+    id: 'pypi-upload-token',
+    regex: /pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}/
   },
   {
-    'id': 'readme-api-token',
-    'regex': /\b(rdme_[a-z0-9]{70})(?:['"\s\x60;]|$)/i
+    id: 'readme-api-token',
+    regex: /\b(rdme_[a-z0-9]{70})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'rubygems-api-token',
-    'regex': /\b(rubygems_[a-f0-9]{48})(?:['"\s\x60;]|$)/i
+    id: 'rubygems-api-token',
+    regex: /\b(rubygems_[a-f0-9]{48})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'scalingo-api-token',
-    'regex': /tk-us-[a-zA-Z0-9-_]{48}/
+    id: 'scalingo-api-token',
+    regex: /tk-us-[a-zA-Z0-9-_]{48}/
   },
   {
-    'id': 'sendgrid-api-token',
-    'regex': /\b(SG\.[a-z0-9=_\-.]{66})(?:['"\s\x60;]|$)/i
+    id: 'sendgrid-api-token',
+    regex: /\b(SG\.[a-z0-9=_\-.]{66})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'sendinblue-api-token',
-    'regex': /\b(xkeysib-[a-f0-9]{64}-[a-z0-9]{16})(?:['"\s\x60;]|$)/i
+    id: 'sendinblue-api-token',
+    regex: /\b(xkeysib-[a-f0-9]{64}-[a-z0-9]{16})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'shippo-api-token',
-    'regex': /\b(shippo_(live|test)_[a-f0-9]{40})(?:['"\s\x60;]|$)/i
+    id: 'shippo-api-token',
+    regex: /\b(shippo_(live|test)_[a-f0-9]{40})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'shopify-access-token',
-    'regex': /shpat_[a-fA-F0-9]{32}/
+    id: 'shopify-access-token',
+    regex: /shpat_[a-fA-F0-9]{32}/
   },
   {
-    'id': 'shopify-custom-access-token',
-    'regex': /shpca_[a-fA-F0-9]{32}/
+    id: 'shopify-custom-access-token',
+    regex: /shpca_[a-fA-F0-9]{32}/
   },
   {
-    'id': 'shopify-private-app-access-token',
-    'regex': /shppa_[a-fA-F0-9]{32}/
+    id: 'shopify-private-app-access-token',
+    regex: /shppa_[a-fA-F0-9]{32}/
   },
   {
-    'id': 'shopify-shared-secret',
-    'regex': /shpss_[a-fA-F0-9]{32}/
+    id: 'shopify-shared-secret',
+    regex: /shpss_[a-fA-F0-9]{32}/
   },
   {
-    'id': 'slack-app-token',
-    'regex': /(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)/i
+    id: 'slack-app-token',
+    regex: /(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)/i
   },
   {
-    'id': 'slack-bot-token',
-    'regex': /(xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*)/
+    id: 'slack-bot-token',
+    regex: /(xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*)/
   },
   {
-    'id': 'slack-config-access-token',
-    'regex': /(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})/i
+    id: 'slack-config-access-token',
+    regex: /(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})/i
   },
   {
-    'id': 'slack-config-refresh-token',
-    'regex': /(xoxe-\d-[A-Z0-9]{146})/i
+    id: 'slack-config-refresh-token',
+    regex: /(xoxe-\d-[A-Z0-9]{146})/i
   },
   {
-    'id': 'slack-legacy-bot-token',
-    'regex': /(xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26})/
+    id: 'slack-legacy-bot-token',
+    regex: /(xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26})/
   },
   {
-    'id': 'slack-legacy-token',
-    'regex': /(xox[os]-\d+-\d+-\d+-[a-fA-F\d]+)/
+    id: 'slack-legacy-token',
+    regex: /(xox[os]-\d+-\d+-\d+-[a-fA-F\d]+)/
   },
   {
-    'id': 'slack-legacy-workspace-token',
-    'regex': /(xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48})/
+    id: 'slack-legacy-workspace-token',
+    regex: /(xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48})/
   },
   {
-    'id': 'slack-user-token',
-    'regex': /(xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34})/
+    id: 'slack-user-token',
+    regex: /(xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34})/
   },
   {
-    'id': 'slack-webhook-url',
-    'regex': /(https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+/]{43,46}/
+    id: 'slack-webhook-url',
+    regex: /(https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+/]{43,46}/
   },
   {
-    'id': 'square-access-token',
-    'regex': /\b(sq0atp-[0-9a-z\-_]{22})(?:['"\s\x60;]|$)/i
+    id: 'square-access-token',
+    regex: /\b(sq0atp-[0-9a-z\-_]{22})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'square-secret',
-    'regex': /\b(sq0csp-[0-9a-z\-_]{43})(?:['"\s\x60;]|$)/i
+    id: 'square-secret',
+    regex: /\b(sq0csp-[0-9a-z\-_]{43})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'stripe-access-token',
-    'regex': /(sk|pk)_(test|live)_[0-9a-z]{10,32}/i
+    id: 'stripe-access-token',
+    regex: /(sk|pk)_(test|live)_[0-9a-z]{10,32}/i
   },
   {
-    'id': 'telegram-bot-api-token',
-    'regex': /(?:^|[^0-9])([0-9]{5,16}:A[a-z0-9_-]{34})(?:$|[^a-z0-9_-])/i
+    id: 'telegram-bot-api-token',
+    regex: /(?:^|[^0-9])([0-9]{5,16}:A[a-z0-9_-]{34})(?:$|[^a-z0-9_-])/i
   },
   {
-    'id': 'twilio-api-key',
-    'regex': /SK[0-9a-fA-F]{32}/
+    id: 'twilio-api-key',
+    regex: /SK[0-9a-fA-F]{32}/
   },
   {
-    'id': 'vault-batch-token',
-    'regex': /\b(hvb\.[a-z0-9_-]{138,212})(?:['"\s\x60;]|$)/i
+    id: 'vault-batch-token',
+    regex: /\b(hvb\.[a-z0-9_-]{138,212})(?:['"\s\x60;]|$)/i
   },
   {
-    'id': 'vault-service-token',
-    'regex': /\b(hvs\.[a-z0-9_-]{90,100})(?:['"\s\x60;]|$)/i
+    id: 'vault-service-token',
+    regex: /\b(hvs\.[a-z0-9_-]{90,100})(?:['"\s\x60;]|$)/i
   }
 ]

package/packages/dd-trace/src/appsec/iast/analyzers/hsts-header-missing-analyzer.js CHANGED Viewed

@@ -9,6 +9,7 @@ class HstsHeaderMissingAnalyzer extends MissingHeaderAnalyzer {
   constructor () {
     super(HSTS_HEADER_MISSING, HSTS_HEADER_NAME)
   }
   _isVulnerableFromRequestAndResponse (req, res) {
     const headerValues = this._getHeaderValues(res, HSTS_HEADER_NAME)
     return this._isHttpsProtocol(req) && (

package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js CHANGED Viewed

@@ -12,7 +12,7 @@ const { HTTP_REQUEST_PARAMETER, HTTP_REQUEST_BODY } = require('../taint-tracking
 const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const MONGODB_NOSQL_SECURE_MARK = getNextSecureMark()
-function iterateObjectStrings (target, fn, levelKeys = [], depth = 50, visited = new Set()) {
+function iterateObjectStrings (target, fn, levelKeys = [], depth = 20, visited = new Set()) {
   if (target && typeof target === 'object') {
     Object.keys(target).forEach((key) => {
       const nextLevelKeys = [...levelKeys, key]

package/packages/dd-trace/src/appsec/iast/overhead-controller.js CHANGED Viewed

@@ -54,7 +54,8 @@ function _resetGlobalContext () {
 function acquireRequest (rootSpan) {
   if (availableRequest > 0 && rootSpan) {
     const sampling = config && typeof config.requestSampling === 'number'
-      ? config.requestSampling : 30
+      ? config.requestSampling
+      : 30
     if (rootSpan.context().toSpanId().slice(-2) <= sampling) {
       availableRequest--
       return true

package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js CHANGED Viewed

@@ -33,8 +33,8 @@ module.exports = {
     kafkaContextPlugin.disable()
     kafkaConsumerPlugin.disable()
   },
-  setMaxTransactions: setMaxTransactions,
-  createTransaction: createTransaction,
-  removeTransaction: removeTransaction,
+  setMaxTransactions,
+  createTransaction,
+  removeTransaction,
   taintTrackingPlugin
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -30,9 +30,9 @@ class TaintTrackingPlugin extends SourceIastPlugin {
       { channelName: 'datadog:body-parser:read:finish', tag: HTTP_REQUEST_BODY },
       ({ req }) => {
         const iastContext = getIastContext(storage.getStore())
-        if (iastContext && iastContext['body'] !== req.body) {
+        if (iastContext && iastContext.body !== req.body) {
           this._taintTrackingHandler(HTTP_REQUEST_BODY, req, 'body', iastContext)
-          iastContext['body'] = req.body
+          iastContext.body = req.body
         }
       }
     )
@@ -47,9 +47,9 @@ class TaintTrackingPlugin extends SourceIastPlugin {
       ({ req }) => {
         if (req && req.body && typeof req.body === 'object') {
           const iastContext = getIastContext(storage.getStore())
-          if (iastContext && iastContext['body'] !== req.body) {
+          if (iastContext && iastContext.body !== req.body) {
             this._taintTrackingHandler(HTTP_REQUEST_BODY, req, 'body', iastContext)
-            iastContext['body'] = req.body
+            iastContext.body = req.body
           }
         }
       }

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -107,7 +107,7 @@ function csiMethodsOverrides (getContext) {
           return TaintedUtils.concat(transactionId, res, op1, op2)
         }
       } catch (e) {
-        iastLog.error(`Error invoking CSI plusOperator`)
+        iastLog.error('Error invoking CSI plusOperator')
           .errorAndPublish(e)
       }
       return res

package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js CHANGED Viewed

@@ -2,8 +2,9 @@
 const log = require('../../../log')
 const { Namespace } = require('../../../telemetry/metrics')
-const { addMetricsToSpan, filterTags } = require('./span-tags')
+const { addMetricsToSpan } = require('./span-tags')
 const { IAST_TRACE_METRIC_PREFIX } = require('../tags')
+const iastLog = require('../iast-log')
 const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')
@@ -24,12 +25,11 @@ function finalizeRequestNamespace (context, rootSpan) {
     const namespace = getNamespaceFromContext(context)
     if (!namespace) return
-    const metrics = [...namespace.metrics.values()]
-    namespace.metrics.clear()
+    addMetricsToSpan(rootSpan, [...namespace.metrics.values()], IAST_TRACE_METRIC_PREFIX)
-    addMetricsToSpan(rootSpan, metrics, IAST_TRACE_METRIC_PREFIX)
+    merge(namespace)
-    merge(metrics)
+    namespace.clear()
   } catch (e) {
     log.error(e)
   } finally {
@@ -39,27 +39,24 @@ function finalizeRequestNamespace (context, rootSpan) {
   }
 }
-function merge (metrics) {
-  metrics.forEach(metric => {
-    const { metric: metricName, type, tags, points } = metric
+function merge (namespace) {
+  for (const [metricName, metricsByTagMap] of namespace.iastMetrics) {
+    for (const [tags, metric] of metricsByTagMap) {
+      const { type, points } = metric
-    if (points?.length && type === 'count') {
-      const gMetric = globalNamespace.count(metricName, getTagsObject(tags))
-      points.forEach(point => gMetric.inc(point[1]))
+      if (points?.length && type === 'count') {
+        const gMetric = globalNamespace.getMetric(metricName, tags)
+        points.forEach(point => gMetric.inc(point[1]))
+      }
     }
-  })
-}
-function getTagsObject (tags) {
-  if (tags && tags.length > 0) {
-    return filterTags(tags)
   }
 }
 class IastNamespace extends Namespace {
-  constructor () {
+  constructor (maxMetricTagsSize = 100) {
     super('iast')
+    this.maxMetricTagsSize = maxMetricTagsSize
     this.iastMetrics = new Map()
   }
@@ -79,6 +76,12 @@ class IastNamespace extends Namespace {
     let metric = metrics.get(tags)
     if (!metric) {
       metric = super[type](name, Array.isArray(tags) ? [...tags] : tags)
+      if (metrics.size === this.maxMetricTagsSize) {
+        metrics.clear()
+        iastLog.warnAndPublish(`Tags cache max size reached for metric ${name}`)
+      }
       metrics.set(tags, metric)
     }
@@ -88,6 +91,12 @@ class IastNamespace extends Namespace {
   count (name, tags) {
     return this.getMetric(name, tags, 'count')
   }
+  clear () {
+    this.iastMetrics.clear()
+    this.distributions.clear()
+    this.metrics.clear()
+  }
 }
 const globalNamespace = new IastNamespace()

package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js CHANGED Viewed

@@ -40,7 +40,7 @@ function taggedMetricName (data) {
 }
 function filterTags (tags) {
-  return tags?.filter(tag => !tag.startsWith('lib_language') && !tag.startsWith('version'))
+  return tags?.filter(tag => !tag.startsWith('version'))
 }
 function processTagValue (tags) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js CHANGED Viewed

@@ -68,7 +68,7 @@ module.exports = function extractSensitiveRanges (evidence) {
   try {
     let pattern = patterns[evidence.dialect]
     if (!pattern) {
-      pattern = patterns['ANSI']
+      pattern = patterns.ANSI
     }
     pattern.lastIndex = 0
     const tokens = []

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js CHANGED Viewed

@@ -13,15 +13,18 @@ const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(`"(${STRINGIFY_RANGE_KEY}
 const sensitiveValueRegex = new RegExp(DEFAULT_IAST_REDACTION_VALUE_PATTERN, 'gmi')
-function iterateObject (target, fn, levelKeys = [], depth = 50) {
+function iterateObject (target, fn, levelKeys = [], depth = 10, visited = new Set()) {
   Object.keys(target).forEach((key) => {
     const nextLevelKeys = [...levelKeys, key]
     const val = target[key]
-    fn(val, nextLevelKeys, target, key)
+    if (typeof val !== 'object' || !visited.has(val)) {
+      visited.add(val)
+      fn(val, nextLevelKeys, target, key)
-    if (val !== null && typeof val === 'object' && depth > 0) {
-      iterateObject(val, fn, nextLevelKeys, depth - 1)
+      if (val !== null && typeof val === 'object' && depth > 0) {
+        iterateObject(val, fn, nextLevelKeys, depth - 1, visited)
+      }
     }
   })
 }

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js CHANGED Viewed

@@ -39,12 +39,12 @@ class WAFContextWrapper {
     }
     if (Object.keys(inputs).length) {
-      payload['persistent'] = inputs
+      payload.persistent = inputs
       payloadHasData = true
     }
     if (ephemeral && Object.keys(ephemeral).length) {
-      payload['ephemeral'] = ephemeral
+      payload.ephemeral = ephemeral
       payloadHasData = true
     }

package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js CHANGED Viewed

@@ -1,4 +1,3 @@
 const fs = require('fs')
 const path = require('path')

package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js CHANGED Viewed

@@ -102,7 +102,8 @@ function getSkippableSuites ({
         const { meta: { correlation_id: correlationId } } = parsedResponse
         incrementCountMetric(
           testLevel === 'test'
-            ? TELEMETRY_ITR_SKIPPABLE_TESTS_RESPONSE_TESTS : TELEMETRY_ITR_SKIPPABLE_TESTS_RESPONSE_SUITES,
+            ? TELEMETRY_ITR_SKIPPABLE_TESTS_RESPONSE_TESTS
+            : TELEMETRY_ITR_SKIPPABLE_TESTS_RESPONSE_SUITES,
           {},
           skippableSuites.length
         )

package/packages/dd-trace/src/ci-visibility/test-api-manual/test-api-manual-plugin.js CHANGED Viewed

@@ -10,6 +10,7 @@ class TestApiManualPlugin extends CiPlugin {
   static get id () {
     return 'test-api-manual'
   }
   constructor (...args) {
     super(...args)
     this.sourceRoot = process.cwd()