dd-trace 4.11.1 → 4.13.0

package/packages/datadog-instrumentations/src/pg.js

@@ -11,8 +11,12 @@ const startCh = channel('apm:pg:query:start')
 const finishCh = channel('apm:pg:query:finish')
 const errorCh = channel('apm:pg:query:error')
 
+const startPoolQueryCh = channel('datadog:pg:pool:query:start')
+const finishPoolQueryCh = channel('datadog:pg:pool:query:finish')
+
 addHook({ name: 'pg', versions: ['>=8.0.3'] }, pg => {
   shimmer.wrap(pg.Client.prototype, 'query', query => wrapQuery(query))
+  shimmer.wrap(pg.Pool.prototype, 'query', query => wrapPoolQuery(query))
   return pg
 })
 
@@ -97,3 +101,45 @@ function wrapQuery (query) {
     })
   }
 }
+
+function wrapPoolQuery (query) {
+  return function () {
+    if (!startPoolQueryCh.hasSubscribers) {
+      return query.apply(this, arguments)
+    }
+
+    const asyncResource = new AsyncResource('bound-anonymous-fn')
+
+    const pgQuery = arguments[0] && typeof arguments[0] === 'object' ? arguments[0] : { text: arguments[0] }
+
+    return asyncResource.runInAsyncScope(() => {
+      startPoolQueryCh.publish({
+        query: pgQuery
+      })
+
+      const finish = asyncResource.bind(function () {
+        finishPoolQueryCh.publish()
+      })
+
+      const cb = arguments[arguments.length - 1]
+      if (typeof cb === 'function') {
+        arguments[arguments.length - 1] = shimmer.wrap(cb, function () {
+          finish()
+          return cb.apply(this, arguments)
+        })
+      }
+
+      const retval = query.apply(this, arguments)
+
+      if (retval && retval.then) {
+        retval.then(() => {
+          finish()
+        }).catch(() => {
+          finish()
+        })
+      }
+
+      return retval
+    })
+  }
+}

package/packages/datadog-plugin-cucumber/src/index.js

@@ -25,12 +25,24 @@ class CucumberPlugin extends CiPlugin {
 
     this.sourceRoot = process.cwd()
 
-    this.addSub('ci:cucumber:session:finish', ({ status, isSuitesSkipped, testCodeCoverageLinesTotal }) => {
+    this.addSub('ci:cucumber:session:finish', ({
+      status,
+      isSuitesSkipped,
+      numSkippedSuites,
+      testCodeCoverageLinesTotal
+    }) => {
       const { isSuitesSkippingEnabled, isCodeCoverageEnabled } = this.itrConfig || {}
       addIntelligentTestRunnerSpanTags(
         this.testSessionSpan,
         this.testModuleSpan,
-        { isSuitesSkipped, isSuitesSkippingEnabled, isCodeCoverageEnabled, testCodeCoverageLinesTotal }
+        {
+          isSuitesSkipped,
+          isSuitesSkippingEnabled,
+          isCodeCoverageEnabled,
+          testCodeCoverageLinesTotal,
+          skippingCount: numSkippedSuites,
+          skippingType: 'suite'
+        }
       )
 
       this.testSessionSpan.setTag(TEST_STATUS, status)

package/packages/datadog-plugin-cypress/src/plugin.js

@@ -20,7 +20,8 @@ const {
   finishAllTraceSpans,
   getCoveredFilenamesFromCoverage,
   getTestSuitePath,
-  addIntelligentTestRunnerSpanTags
+  addIntelligentTestRunnerSpanTags,
+  TEST_SKIPPED_BY_ITR
 } = require('../../dd-trace/src/plugins/util/test')
 const { ORIGIN_KEY, COMPONENT } = require('../../dd-trace/src/constants')
 const log = require('../../dd-trace/src/log')
@@ -120,6 +121,7 @@ function getSkippableTests (isSuitesSkippingEnabled, tracer, testConfiguration)
 
 module.exports = (on, config) => {
   let isTestsSkipped = false
+  const skippedTests = []
   const tracer = require('../../dd-trace')
   const testEnvironmentMetadata = getTestEnvironmentMetadata(TEST_FRAMEWORK_NAME)
 
@@ -248,19 +250,23 @@ module.exports = (on, config) => {
     const cypressTests = tests || []
     const finishedTests = finishedTestsByFile[spec.relative] || []
 
-    // Get tests that didn't go through `dd:afterEach` and haven't been skipped by ITR
+    // Get tests that didn't go through `dd:afterEach`
     // and create a skipped test span for each of them
     cypressTests.filter(({ title }) => {
       const cypressTestName = title.join(' ')
-      const isSkippedByItr = testsToSkip.find(test =>
-        cypressTestName === test.name && spec.relative === test.suite
-      )
       const isTestFinished = finishedTests.find(({ testName }) => cypressTestName === testName)
 
-      return !isSkippedByItr && !isTestFinished
+      return !isTestFinished
     }).forEach(({ title }) => {
-      const skippedTestSpan = getTestSpan(title.join(' '), spec.relative)
+      const cypressTestName = title.join(' ')
+      const isSkippedByItr = testsToSkip.find(test =>
+        cypressTestName === test.name && spec.relative === test.suite
+      )
+      const skippedTestSpan = getTestSpan(cypressTestName, spec.relative)
       skippedTestSpan.setTag(TEST_STATUS, 'skip')
+      if (isSkippedByItr) {
+        skippedTestSpan.setTag(TEST_SKIPPED_BY_ITR, 'true')
+      }
       skippedTestSpan.finish()
     })
 
@@ -309,7 +315,9 @@ module.exports = (on, config) => {
         {
           isSuitesSkipped: isTestsSkipped,
           isSuitesSkippingEnabled,
-          isCodeCoverageEnabled
+          isCodeCoverageEnabled,
+          skippingType: 'test',
+          skippingCount: skippedTests.length
         }
       )
 
@@ -353,6 +361,7 @@ module.exports = (on, config) => {
       if (testsToSkip.find(test => {
         return testName === test.name && testSuite === test.suite
       })) {
+        skippedTests.push(test)
         isTestsSkipped = true
         return { shouldSkip: true }
       }

package/packages/datadog-plugin-graphql/src/index.js

@@ -56,9 +56,9 @@ function getVariablesFilter (config) {
 
 function getHooks (config) {
   const noop = () => { }
-  const execute = (config.hooks && config.hooks.execute) || noop
-  const parse = (config.hooks && config.hooks.parse) || noop
-  const validate = (config.hooks && config.hooks.validate) || noop
+  const execute = config.hooks?.execute || noop
+  const parse = config.hooks?.parse || noop
+  const validate = config.hooks?.validate || noop
 
   return { execute, parse, validate }
 }

package/packages/datadog-plugin-jest/src/index.js

@@ -49,7 +49,8 @@ class JestPlugin extends CiPlugin {
       isSuitesSkipped,
       isSuitesSkippingEnabled,
       isCodeCoverageEnabled,
-      testCodeCoverageLinesTotal
+      testCodeCoverageLinesTotal,
+      numSkippedSuites
     }) => {
       this.testSessionSpan.setTag(TEST_STATUS, status)
       this.testModuleSpan.setTag(TEST_STATUS, status)
@@ -57,7 +58,14 @@ class JestPlugin extends CiPlugin {
       addIntelligentTestRunnerSpanTags(
         this.testSessionSpan,
         this.testModuleSpan,
-        { isSuitesSkipped, isSuitesSkippingEnabled, isCodeCoverageEnabled, testCodeCoverageLinesTotal }
+        {
+          isSuitesSkipped,
+          isSuitesSkippingEnabled,
+          isCodeCoverageEnabled,
+          testCodeCoverageLinesTotal,
+          skippingType: 'suite',
+          skippingCount: numSkippedSuites
+        }
       )
 
       this.testModuleSpan.finish()

package/packages/datadog-plugin-jest/src/util.js

@@ -48,10 +48,16 @@ function getJestTestName (test) {
 }
 
 function getJestSuitesToRun (skippableSuites, originalTests, rootDir) {
-  return originalTests.filter(({ path: testPath }) => {
-    const relativePath = getTestSuitePath(testPath, rootDir)
-    return !skippableSuites.includes(relativePath)
-  })
+  return originalTests.reduce((acc, test) => {
+    const relativePath = getTestSuitePath(test.path, rootDir)
+    const shouldBeSkipped = skippableSuites.includes(relativePath)
+    if (shouldBeSkipped) {
+      acc.skippedSuites.push(relativePath)
+    } else {
+      acc.suitesToRun.push(test)
+    }
+    return acc
+  }, { skippedSuites: [], suitesToRun: [] })
 }
 
 module.exports = { getFormattedJestTestParameters, getJestTestName, getJestSuitesToRun }

package/packages/datadog-plugin-mocha/src/index.js

@@ -135,7 +135,12 @@ class MochaPlugin extends CiPlugin {
       this._testNameToParams[name] = params
     })
 
-    this.addSub('ci:mocha:session:finish', ({ status, isSuitesSkipped, testCodeCoverageLinesTotal }) => {
+    this.addSub('ci:mocha:session:finish', ({
+      status,
+      isSuitesSkipped,
+      testCodeCoverageLinesTotal,
+      numSkippedSuites
+    }) => {
       if (this.testSessionSpan) {
         const { isSuitesSkippingEnabled, isCodeCoverageEnabled } = this.itrConfig || {}
         this.testSessionSpan.setTag(TEST_STATUS, status)
@@ -144,7 +149,14 @@ class MochaPlugin extends CiPlugin {
         addIntelligentTestRunnerSpanTags(
           this.testSessionSpan,
           this.testModuleSpan,
-          { isSuitesSkipped, isSuitesSkippingEnabled, isCodeCoverageEnabled, testCodeCoverageLinesTotal }
+          {
+            isSuitesSkipped,
+            isSuitesSkippingEnabled,
+            isCodeCoverageEnabled,
+            testCodeCoverageLinesTotal,
+            skippingCount: numSkippedSuites,
+            skippingType: 'suite'
+          }
         )
 
         this.testModuleSpan.finish()

package/packages/datadog-plugin-next/src/index.js

@@ -4,6 +4,7 @@ const ServerPlugin = require('../../dd-trace/src/plugins/server')
 const { storage } = require('../../datadog-core')
 const analyticsSampler = require('../../dd-trace/src/analytics_sampler')
 const { COMPONENT } = require('../../dd-trace/src/constants')
+const web = require('../../dd-trace/src/plugins/util/web')
 
 class NextPlugin extends ServerPlugin {
   static get id () {
@@ -16,7 +17,7 @@ class NextPlugin extends ServerPlugin {
     this.addSub('apm:next:page:load', message => this.pageLoad(message))
   }
 
-  start ({ req, res }) {
+  bindStart ({ req, res }) {
     const store = storage.getStore()
     const childOf = store ? store.span : store
     const span = this.tracer.startSpan(this.operationName(), {
@@ -33,9 +34,13 @@ class NextPlugin extends ServerPlugin {
 
     analyticsSampler.sample(span, this.config.measured, true)
 
-    this.enter(span, store)
-
     this._requests.set(span, req)
+
+    return { ...store, span }
+  }
+
+  error ({ span, error }) {
+    this.addError(error, span)
   }
 
   finish ({ req, res }) {
@@ -45,6 +50,7 @@ class NextPlugin extends ServerPlugin {
 
     const span = store.span
     const error = span.context()._tags['error']
+    const page = span.context()._tags['next.page']
 
     if (!this.config.validateStatus(res.statusCode) && !error) {
       span.setTag('error', true)
@@ -54,6 +60,8 @@ class NextPlugin extends ServerPlugin {
       'http.status_code': res.statusCode
     })
 
+    if (page) web.setRoute(req, page)
+
     this.config.hooks.request(span, req, res)
 
     span.finish()

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js

@@ -8,7 +8,7 @@ const { getIastContext } = require('../iast-context')
 const { addVulnerability } = require('../vulnerability-reporter')
 const { getNodeModulesPaths } = require('../path-line')
 
-const EXCLUDED_PATHS = getNodeModulesPaths('mysql2', 'sequelize')
+const EXCLUDED_PATHS = getNodeModulesPaths('mysql2', 'sequelize', 'pg-pool')
 
 class SqlInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
@@ -23,7 +23,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
     this.addSub('datadog:sequelize:query:start', ({ sql, dialect }) => {
       const parentStore = storage.getStore()
       if (parentStore) {
-        this.analyze(sql, dialect.toUpperCase())
+        this.analyze(sql, dialect.toUpperCase(), parentStore)
 
         storage.enterWith({ ...parentStore, sqlAnalyzed: true, sequelizeParentStore: parentStore })
       }
@@ -35,6 +35,22 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
         storage.enterWith(store.sequelizeParentStore)
       }
     })
+
+    this.addSub('datadog:pg:pool:query:start', ({ query }) => {
+      const parentStore = storage.getStore()
+      if (parentStore) {
+        this.analyze(query.text, 'POSTGRES', parentStore)
+
+        storage.enterWith({ ...parentStore, sqlAnalyzed: true, pgPoolParentStore: parentStore })
+      }
+    })
+
+    this.addSub('datadog:pg:pool:query:finish', () => {
+      const store = storage.getStore()
+      if (store && store.pgPoolParentStore) {
+        storage.enterWith(store.pgPoolParentStore)
+      }
+    })
   }
 
   _getEvidence (value, iastContext, dialect) {
@@ -42,8 +58,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
     return { value, ranges, dialect }
   }
 
-  analyze (value, dialect) {
-    const store = storage.getStore()
+  analyze (value, dialect, store = storage.getStore()) {
     if (!(store && store.sqlAnalyzed)) {
       const iastContext = getIastContext(store)
       if (this._isInvalidContext(store, iastContext)) return

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js

@@ -66,7 +66,7 @@ function taintObject (iastContext, object, type, keyTainting, keyType) {
               const taintedProperty = TaintedUtils.newTaintedString(transactionId, key, property, keyType)
               parent[taintedProperty] = tainted
             } else {
-              parent[property] = tainted
+              parent[key] = tainted
             }
           }
         } else if (typeof value === 'object' && !visited.has(value)) {

package/packages/dd-trace/src/appsec/iast/telemetry/index.js

@@ -5,11 +5,20 @@ const telemetryLogs = require('./log')
 const { Verbosity, getVerbosity } = require('./verbosity')
 const { initRequestNamespace, finalizeRequestNamespace, globalNamespace } = require('./namespaces')
 
+function isIastMetricsEnabled (metrics) {
+  // TODO: let DD_TELEMETRY_METRICS_ENABLED as undefined in config.js to avoid read here the env property
+  return process.env.DD_TELEMETRY_METRICS_ENABLED !== undefined ? metrics : true
+}
+
 class Telemetry {
   configure (config, verbosity) {
-    // in order to telemetry be enabled, tracer telemetry and metrics collection have to be enabled
-    this.enabled = config && config.telemetry && config.telemetry.enabled && config.telemetry.metrics
-    this.verbosity = this.enabled ? getVerbosity(verbosity) : Verbosity.OFF
+    const telemetryAndMetricsEnabled = config &&
+      config.telemetry &&
+      config.telemetry.enabled &&
+      isIastMetricsEnabled(config.telemetry.metrics)
+
+    this.verbosity = telemetryAndMetricsEnabled ? getVerbosity(verbosity) : Verbosity.OFF
+    this.enabled = this.verbosity !== Verbosity.OFF
 
     if (this.enabled) {
       telemetryMetrics.manager.set('iast', globalNamespace)
@@ -30,13 +39,13 @@ class Telemetry {
   }
 
   onRequestStart (context) {
-    if (this.isEnabled() && this.verbosity !== Verbosity.OFF) {
+    if (this.isEnabled()) {
       initRequestNamespace(context)
     }
   }
 
   onRequestEnd (context, rootSpan) {
-    if (this.isEnabled() && this.verbosity !== Verbosity.OFF) {
+    if (this.isEnabled()) {
       finalizeRequestNamespace(context, rootSpan)
     }
   }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js

@@ -14,6 +14,8 @@ const DEFAULT_IAST_REDACTION_NAME_PATTERN = '(?:p(?:ass)?w(?:or)?d|pass(?:_?phra
 // eslint-disable-next-line max-len
 const DEFAULT_IAST_REDACTION_VALUE_PATTERN = '(?:bearer\\s+[a-z0-9\\._\\-]+|glpat-[\\w\\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=\\-]+\\.ey[I-L][\\w=\\-]+(?:\\.[\\w.+/=\\-]+)?|(?:[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY[\\-]{5}|ssh-rsa\\s*[a-z0-9/\\.+]{100,}))'
 
+const REDACTED_SOURCE_BUFFER = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
 class SensitiveHandler {
   constructor () {
     this._namePattern = new RegExp(DEFAULT_IAST_REDACTION_NAME_PATTERN, 'gmi')
@@ -54,6 +56,7 @@ class SensitiveHandler {
   toRedactedJson (evidence, sensitive, sourcesIndexes, sources) {
     const valueParts = []
     const redactedSources = []
+    const redactedSourcesContext = []
 
     const { value, ranges } = evidence
 
@@ -71,21 +74,41 @@ class SensitiveHandler {
         sourceIndex = sourcesIndexes[nextTaintedIndex]
 
         while (nextSensitive != null && contains(nextTainted, nextSensitive)) {
-          sourceIndex != null && redactedSources.push(sourceIndex)
+          const redactionStart = nextSensitive.start - nextTainted.start
+          const redactionEnd = nextSensitive.end - nextTainted.start
+          this.redactSource(sources, redactedSources, redactedSourcesContext, sourceIndex, redactionStart, redactionEnd)
           nextSensitive = sensitive.shift()
         }
 
         if (nextSensitive != null && intersects(nextSensitive, nextTainted)) {
-          sourceIndex != null && redactedSources.push(sourceIndex)
+          const redactionStart = nextSensitive.start - nextTainted.start
+          const redactionEnd = nextSensitive.end - nextTainted.start
+          this.redactSource(sources, redactedSources, redactedSourcesContext, sourceIndex, redactionStart, redactionEnd)
 
           const entries = remove(nextSensitive, nextTainted)
           nextSensitive = entries.length > 0 ? entries[0] : null
         }
 
-        this.isSensibleSource(sources[sourceIndex]) && redactedSources.push(sourceIndex)
+        if (this.isSensibleSource(sources[sourceIndex])) {
+          if (!sources[sourceIndex].redacted) {
+            redactedSources.push(sourceIndex)
+            sources[sourceIndex].pattern = ''.padEnd(sources[sourceIndex].value.length, REDACTED_SOURCE_BUFFER)
+            sources[sourceIndex].redacted = true
+          }
+        }
 
         if (redactedSources.indexOf(sourceIndex) > -1) {
-          this.writeRedactedValuePart(valueParts, sourceIndex)
+          const partValue = value.substring(i, i + (nextTainted.end - nextTainted.start))
+          this.writeRedactedValuePart(
+            valueParts,
+            partValue.length,
+            sourceIndex,
+            partValue,
+            sources[sourceIndex],
+            redactedSourcesContext[sourceIndex],
+            this.isSensibleSource(sources[sourceIndex])
+          )
+          redactedSourcesContext[sourceIndex] = []
         } else {
           const substringEnd = Math.min(nextTainted.end, value.length)
           this.writeValuePart(valueParts, value.substring(nextTainted.start, substringEnd), sourceIndex)
@@ -100,7 +123,10 @@ class SensitiveHandler {
         this.writeValuePart(valueParts, value.substring(start, i), sourceIndex)
         if (nextTainted != null && intersects(nextSensitive, nextTainted)) {
           sourceIndex = sourcesIndexes[nextTaintedIndex]
-          sourceIndex != null && redactedSources.push(sourceIndex)
+
+          const redactionStart = nextSensitive.start - nextTainted.start
+          const redactionEnd = nextSensitive.end - nextTainted.start
+          this.redactSource(sources, redactedSources, redactedSourcesContext, sourceIndex, redactionStart, redactionEnd)
 
           for (const entry of remove(nextSensitive, nextTainted)) {
             if (entry.start === i) {
@@ -111,9 +137,10 @@ class SensitiveHandler {
           }
         }
 
-        this.writeRedactedValuePart(valueParts)
+        const _length = nextSensitive.end - nextSensitive.start
+        this.writeRedactedValuePart(valueParts, _length)
 
-        start = i + (nextSensitive.end - nextSensitive.start)
+        start = i + _length
         i = start - 1
         nextSensitive = sensitive.shift()
       }
@@ -126,6 +153,24 @@ class SensitiveHandler {
     return { redactedValueParts: valueParts, redactedSources }
   }
 
+  redactSource (sources, redactedSources, redactedSourcesContext, sourceIndex, start, end) {
+    if (sourceIndex != null) {
+      if (!sources[sourceIndex].redacted) {
+        redactedSources.push(sourceIndex)
+        sources[sourceIndex].pattern = ''.padEnd(sources[sourceIndex].value.length, REDACTED_SOURCE_BUFFER)
+        sources[sourceIndex].redacted = true
+      }
+
+      if (!redactedSourcesContext[sourceIndex]) {
+        redactedSourcesContext[sourceIndex] = []
+      }
+      redactedSourcesContext[sourceIndex].push({
+        start,
+        end
+      })
+    }
+  }
+
   writeValuePart (valueParts, value, source) {
     if (value.length > 0) {
       if (source != null) {
@@ -136,9 +181,74 @@ class SensitiveHandler {
     }
   }
 
-  writeRedactedValuePart (valueParts, source) {
-    if (source != null) {
-      valueParts.push({ redacted: true, source })
+  writeRedactedValuePart (
+    valueParts,
+    length,
+    sourceIndex,
+    partValue,
+    source,
+    sourceRedactionContext,
+    isSensibleSource
+  ) {
+    if (sourceIndex != null) {
+      const placeholder = source.value.includes(partValue)
+        ? source.pattern
+        : '*'.repeat(length)
+
+      if (isSensibleSource) {
+        valueParts.push({ redacted: true, source: sourceIndex, pattern: placeholder })
+      } else {
+        let _value = partValue
+        const dedupedSourceRedactionContexts = []
+
+        sourceRedactionContext.forEach(_sourceRedactionContext => {
+          const isPresentInDeduped = dedupedSourceRedactionContexts.some(_dedupedSourceRedactionContext =>
+            _dedupedSourceRedactionContext.start === _sourceRedactionContext.start &&
+            _dedupedSourceRedactionContext.end === _sourceRedactionContext.end
+          )
+
+          if (!isPresentInDeduped) {
+            dedupedSourceRedactionContexts.push(_sourceRedactionContext)
+          }
+        })
+
+        let offset = 0
+        dedupedSourceRedactionContexts.forEach((_sourceRedactionContext) => {
+          if (_sourceRedactionContext.start > 0) {
+            valueParts.push({
+              source: sourceIndex,
+              value: _value.substring(0, _sourceRedactionContext.start - offset)
+            })
+
+            _value = _value.substring(_sourceRedactionContext.start - offset)
+            offset = _sourceRedactionContext.start
+          }
+
+          const sensitive =
+            _value.substring(_sourceRedactionContext.start - offset, _sourceRedactionContext.end - offset)
+          const indexOfPartValueInPattern = source.value.indexOf(sensitive)
+
+          const pattern = indexOfPartValueInPattern > -1
+            ? placeholder.substring(indexOfPartValueInPattern, indexOfPartValueInPattern + sensitive.length)
+            : placeholder.substring(_sourceRedactionContext.start, _sourceRedactionContext.end)
+
+          valueParts.push({
+            redacted: true,
+            source: sourceIndex,
+            pattern
+          })
+
+          _value = _value.substring(pattern.length)
+          offset += pattern.length
+        })
+
+        if (_value.length) {
+          valueParts.push({
+            source: sourceIndex,
+            value: _value
+          })
+        }
+      }
     } else {
       valueParts.push({ redacted: true })
     }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js

@@ -28,7 +28,6 @@ class VulnerabilityFormatter {
       const { redactedValueParts, redactedSources } = scrubbingResult
       redactedSources.forEach(i => {
         delete sources[i].value
-        sources[i].redacted = true
       })
       return { valueParts: redactedValueParts }
     }

package/packages/dd-trace/src/dogstatsd.js

@@ -35,14 +35,14 @@ class DogStatsDClient {
     this._udp6 = this._socket('udp6')
   }
 
-  gauge (stat, value, tags) {
-    this._add(stat, value, TYPE_GAUGE, tags)
-  }
-
   increment (stat, value, tags) {
     this._add(stat, value, TYPE_COUNTER, tags)
   }
 
+  gauge (stat, value, tags) {
+    this._add(stat, value, TYPE_GAUGE, tags)
+  }
+
   distribution (stat, value, tags) {
     this._add(stat, value, TYPE_DISTRIBUTION, tags)
   }
@@ -153,7 +153,67 @@ class NoopDogStatsDClient {
   flush () { }
 }
 
+// This is a simplified user-facing proxy to the underlying DogStatsDClient instance
+class CustomMetrics {
+  constructor (options) {
+    this.dogstatsd = new DogStatsDClient(options)
+  }
+
+  increment (stat, value = 1, tags) {
+    return this.dogstatsd.increment(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  decrement (stat, value = 1, tags) {
+    return this.dogstatsd.increment(
+      stat,
+      value * -1,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  gauge (stat, value, tags) {
+    return this.dogstatsd.gauge(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  distribution (stat, value, tags) {
+    return this.dogstatsd.distribution(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  flush () {
+    return this.dogstatsd.flush()
+  }
+
+  /**
+   * Exposing { tagName: 'tagValue' } to the end user
+   * These are translated into [ 'tagName:tagValue' ] for internal use
+   */
+  static tagTranslator (objTags) {
+    const arrTags = []
+
+    if (!objTags) return arrTags
+
+    for (const [key, value] of Object.entries(objTags)) {
+      arrTags.push(`${key}:${value}`)
+    }
+
+    return arrTags
+  }
+}
+
 module.exports = {
   DogStatsDClient,
-  NoopDogStatsDClient
+  NoopDogStatsDClient,
+  CustomMetrics
 }