dd-trace 4.11.1 → 4.16.0

package/packages/dd-trace/src/appsec/remote_config/capabilities.js

@@ -8,5 +8,6 @@ module.exports = {
   ASM_REQUEST_BLOCKING: 1n << 5n,
   ASM_USER_BLOCKING: 1n << 7n,
   ASM_CUSTOM_RULES: 1n << 8n,
-  ASM_CUSTOM_BLOCKING_RESPONSE: 1n << 9n
+  ASM_CUSTOM_BLOCKING_RESPONSE: 1n << 9n,
+  ASM_TRUSTED_IPS: 1n << 10n
 }

package/packages/dd-trace/src/appsec/remote_config/index.js

@@ -46,6 +46,7 @@ function enableWafUpdate (appsecConfig) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_REQUEST_BLOCKING, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, true)
 
     rc.on('ASM_DATA', noop)
     rc.on('ASM_DD', noop)
@@ -66,6 +67,7 @@ function disableWafUpdate () {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_REQUEST_BLOCKING, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, false)
 
     rc.off('ASM_DATA', noop)
     rc.off('ASM_DD', noop)

package/packages/dd-trace/src/appsec/reporter.js

@@ -3,6 +3,12 @@
 const Limiter = require('../rate_limiter')
 const { storage } = require('../../../datadog-core')
 const web = require('../plugins/util/web')
+const {
+  incrementWafInitMetric,
+  updateWafRequestsMetricTags,
+  incrementWafUpdatesMetric,
+  incrementWafRequestsMetric
+} = require('./telemetry')
 
 // default limiter, configurable with setRateLimit()
 let limiter = new Limiter(100)
@@ -63,6 +69,20 @@ function formatHeaderName (name) {
     .toLowerCase()
 }
 
+function reportWafInit (wafVersion, rulesVersion, diagnosticsRules = {}) {
+  metricsQueue.set('_dd.appsec.waf.version', wafVersion)
+
+  metricsQueue.set('_dd.appsec.event_rules.loaded', diagnosticsRules.loaded?.length || 0)
+  metricsQueue.set('_dd.appsec.event_rules.error_count', diagnosticsRules.failed?.length || 0)
+  if (diagnosticsRules.failed?.length) {
+    metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(diagnosticsRules.errors))
+  }
+
+  metricsQueue.set('manual.keep', 'true')
+
+  incrementWafInitMetric(wafVersion, rulesVersion)
+}
+
 function reportMetrics (metrics) {
   // TODO: metrics should be incremental, there already is an RFC to report metrics
   const store = storage.getStore()
@@ -80,6 +100,8 @@ function reportMetrics (metrics) {
   if (metrics.rulesVersion) {
     rootSpan.setTag('_dd.appsec.event_rules.version', metrics.rulesVersion)
   }
+
+  updateWafRequestsMetricTags(metrics, store.req)
 }
 
 function reportAttack (attackData) {
@@ -132,6 +154,8 @@ function finishRequest (req, res) {
     metricsQueue.clear()
   }
 
+  incrementWafRequestsMetric(req)
+
   if (!rootSpan.context()._tags['appsec.event']) return
 
   const newTags = filterHeaders(res.getHeaders(), RESPONSE_HEADERS_PASSLIST, 'http.response.headers.')
@@ -151,8 +175,10 @@ module.exports = {
   metricsQueue,
   filterHeaders,
   formatHeaderName,
+  reportWafInit,
   reportMetrics,
   reportAttack,
+  reportWafUpdate: incrementWafUpdatesMetric,
   finishRequest,
   setRateLimit
 }

package/packages/dd-trace/src/appsec/telemetry.js

@@ -0,0 +1,132 @@
+'use strict'
+
+const telemetryMetrics = require('../telemetry/metrics')
+
+const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
+
+const DD_TELEMETRY_WAF_RESULT_TAGS = Symbol('_dd.appsec.telemetry.waf.result.tags')
+
+const tags = {
+  REQUEST_BLOCKED: 'request_blocked',
+  RULE_TRIGGERED: 'rule_triggered',
+  WAF_TIMEOUT: 'waf_timeout',
+  WAF_VERSION: 'waf_version',
+  EVENT_RULES_VERSION: 'event_rules_version'
+}
+
+const metricsStoreMap = new WeakMap()
+
+let enabled = false
+
+function enable (telemetryConfig) {
+  enabled = telemetryConfig?.enabled && telemetryConfig.metrics
+}
+
+function disable () {
+  enabled = false
+}
+
+function getStore (req) {
+  let store = metricsStoreMap.get(req)
+  if (!store) {
+    store = {}
+    metricsStoreMap.set(req, store)
+  }
+  return store
+}
+
+function getVersionsTags (wafVersion, rulesVersion) {
+  return {
+    [tags.WAF_VERSION]: wafVersion,
+    [tags.EVENT_RULES_VERSION]: rulesVersion
+  }
+}
+
+function trackWafDurations (metrics, versionsTags) {
+  if (metrics.duration) {
+    appsecMetrics.distribution('waf.duration', versionsTags).track(metrics.duration)
+  }
+  if (metrics.durationExt) {
+    appsecMetrics.distribution('waf.duration_ext', versionsTags).track(metrics.durationExt)
+  }
+}
+
+function getOrCreateMetricTags (req, versionsTags) {
+  const store = getStore(req)
+
+  let metricTags = store[DD_TELEMETRY_WAF_RESULT_TAGS]
+  if (!metricTags) {
+    metricTags = {
+      [tags.REQUEST_BLOCKED]: false,
+      [tags.RULE_TRIGGERED]: false,
+      [tags.WAF_TIMEOUT]: false,
+
+      ...versionsTags
+    }
+    store[DD_TELEMETRY_WAF_RESULT_TAGS] = metricTags
+  }
+  return metricTags
+}
+
+function updateWafRequestsMetricTags (metrics, req) {
+  if (!req || !enabled) return
+
+  const versionsTags = getVersionsTags(metrics.wafVersion, metrics.rulesVersion)
+
+  trackWafDurations(metrics, versionsTags)
+
+  const metricTags = getOrCreateMetricTags(req, versionsTags)
+
+  const { blockTriggered, ruleTriggered, wafTimeout } = metrics
+
+  if (blockTriggered) {
+    metricTags[tags.REQUEST_BLOCKED] = blockTriggered
+  }
+  if (ruleTriggered) {
+    metricTags[tags.RULE_TRIGGERED] = ruleTriggered
+  }
+  if (wafTimeout) {
+    metricTags[tags.WAF_TIMEOUT] = wafTimeout
+  }
+
+  return metricTags
+}
+
+function incrementWafInitMetric (wafVersion, rulesVersion) {
+  if (!enabled) return
+
+  const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+
+  appsecMetrics.count('waf.init', versionsTags).inc()
+}
+
+function incrementWafUpdatesMetric (wafVersion, rulesVersion) {
+  if (!enabled) return
+
+  const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+
+  appsecMetrics.count('waf.updates', versionsTags).inc()
+}
+
+function incrementWafRequestsMetric (req) {
+  if (!req || !enabled) return
+
+  const store = getStore(req)
+
+  const metricTags = store[DD_TELEMETRY_WAF_RESULT_TAGS]
+  if (metricTags) {
+    appsecMetrics.count('waf.requests', metricTags).inc()
+  }
+
+  metricsStoreMap.delete(req)
+}
+
+module.exports = {
+  enable,
+  disable,
+
+  updateWafRequestsMetricTags,
+  incrementWafInitMetric,
+  incrementWafUpdatesMetric,
+  incrementWafRequestsMetric
+}

package/packages/dd-trace/src/appsec/waf/index.js

@@ -39,7 +39,7 @@ function update (newRules) {
   if (!waf.wafManager) throw new Error('Cannot update disabled WAF')
 
   try {
-    waf.wafManager.ddwaf.update(newRules)
+    waf.wafManager.update(newRules)
   } catch (err) {
     log.error('Could not apply rules from remote config')
     throw err

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -4,11 +4,12 @@ const log = require('../../log')
 const Reporter = require('../reporter')
 
 class WAFContextWrapper {
-  constructor (ddwafContext, requiredAddresses, wafTimeout, rulesInfo) {
+  constructor (ddwafContext, requiredAddresses, wafTimeout, wafVersion, rulesVersion) {
     this.ddwafContext = ddwafContext
     this.requiredAddresses = requiredAddresses
     this.wafTimeout = wafTimeout
-    this.rulesInfo = rulesInfo
+    this.wafVersion = wafVersion
+    this.rulesVersion = rulesVersion
   }
 
   run (params) {
@@ -32,14 +33,21 @@ class WAFContextWrapper {
 
       const end = process.hrtime.bigint()
 
+      const ruleTriggered = !!result.events?.length
+      const blockTriggered = result.actions?.includes('block')
+
       Reporter.reportMetrics({
         duration: result.totalRuntime / 1e3,
         durationExt: parseInt(end - start) / 1e3,
-        rulesVersion: this.rulesInfo.version
+        rulesVersion: this.rulesVersion,
+        ruleTriggered,
+        blockTriggered,
+        wafVersion: this.wafVersion,
+        wafTimeout: result.timeout
       })
 
-      if (result.data && result.data !== '[]') {
-        Reporter.reportAttack(result.data)
+      if (ruleTriggered) {
+        Reporter.reportAttack(JSON.stringify(result.events))
       }
 
       return result.actions

package/packages/dd-trace/src/appsec/waf/waf_manager.js

@@ -11,7 +11,10 @@ class WAFManager {
     this.config = config
     this.wafTimeout = config.wafTimeout
     this.ddwaf = this._loadDDWAF(rules)
-    this._reportMetrics()
+    this.ddwafVersion = this.ddwaf.constructor.version()
+    this.rulesVersion = this.ddwaf.diagnostics.ruleset_version
+
+    Reporter.reportWafInit(this.ddwafVersion, this.rulesVersion, this.ddwaf.diagnostics.rules)
   }
 
   _loadDDWAF (rules) {
@@ -28,18 +31,6 @@ class WAFManager {
     }
   }
 
-  _reportMetrics () {
-    Reporter.metricsQueue.set('_dd.appsec.waf.version', this.ddwaf.constructor.version())
-
-    const { loaded, failed, errors } = this.ddwaf.rulesInfo
-
-    Reporter.metricsQueue.set('_dd.appsec.event_rules.loaded', loaded)
-    Reporter.metricsQueue.set('_dd.appsec.event_rules.error_count', failed)
-    if (failed) Reporter.metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(errors))
-
-    Reporter.metricsQueue.set('manual.keep', 'true')
-  }
-
   getWAFContext (req) {
     let wafContext = contexts.get(req)
 
@@ -48,7 +39,8 @@ class WAFManager {
         this.ddwaf.createContext(),
         this.ddwaf.requiredAddresses,
         this.wafTimeout,
-        this.ddwaf.rulesInfo
+        this.ddwafVersion,
+        this.rulesVersion
       )
       contexts.set(req, wafContext)
     }
@@ -56,6 +48,12 @@ class WAFManager {
     return wafContext
   }
 
+  update (newRules) {
+    this.ddwaf.update(newRules)
+
+    Reporter.reportWafUpdate(this.ddwafVersion, this.rulesVersion)
+  }
+
   destroy () {
     if (this.ddwaf) {
       this.ddwaf.dispose()

package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js

@@ -28,25 +28,12 @@ function getItrConfiguration ({
   if (isEvpProxy) {
     options.path = '/evp_proxy/v2/api/v2/libraries/tests/services/setting'
     options.headers['X-Datadog-EVP-Subdomain'] = 'api'
-    options.headers['X-Datadog-NeedsAppKey'] = 'true'
   } else {
     const apiKey = process.env.DATADOG_API_KEY || process.env.DD_API_KEY
-    const appKey = process.env.DATADOG_APP_KEY ||
-      process.env.DD_APP_KEY ||
-      process.env.DATADOG_APPLICATION_KEY ||
-      process.env.DD_APPLICATION_KEY
-
-    const messagePrefix = 'Request to settings endpoint was not done because Datadog'
-
-    if (!appKey) {
-      return done(new Error(`${messagePrefix} application key is not defined.`))
-    }
     if (!apiKey) {
-      return done(new Error(`${messagePrefix} API key is not defined.`))
+      return done(new Error('Request to settings endpoint was not done because Datadog API key is not defined.'))
     }
-
     options.headers['dd-api-key'] = apiKey
-    options.headers['dd-application-key'] = appKey
   }
 
   const data = JSON.stringify({

package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js

@@ -28,25 +28,13 @@ function getSkippableSuites ({
   if (isEvpProxy) {
     options.path = '/evp_proxy/v2/api/v2/ci/tests/skippable'
     options.headers['X-Datadog-EVP-Subdomain'] = 'api'
-    options.headers['X-Datadog-NeedsAppKey'] = 'true'
   } else {
     const apiKey = process.env.DATADOG_API_KEY || process.env.DD_API_KEY
-    const appKey = process.env.DATADOG_APP_KEY ||
-      process.env.DD_APP_KEY ||
-      process.env.DATADOG_APPLICATION_KEY ||
-      process.env.DD_APPLICATION_KEY
-
-    const messagePrefix = 'Skippable suites were not fetched because Datadog'
-
-    if (!appKey) {
-      return done(new Error(`${messagePrefix} application key is not defined.`))
-    }
     if (!apiKey) {
-      return done(new Error(`${messagePrefix} API key is not defined.`))
+      return done(new Error('Skippable suites were not fetched because Datadog API key is not defined.'))
     }
 
     options.headers['dd-api-key'] = apiKey
-    options.headers['dd-application-key'] = appKey
   }
 
   const data = JSON.stringify({

package/packages/dd-trace/src/datastreams/processor.js

@@ -66,7 +66,9 @@ class DataStreamsProcessor {
     port,
     url,
     env,
-    tags
+    tags,
+    version,
+    service
   } = {}) {
     this.writer = new DataStreamsWriter({
       hostname,
@@ -79,7 +81,8 @@ class DataStreamsProcessor {
     this.enabled = dsmEnabled
     this.env = env
     this.tags = tags || {}
-    this.service = this.tags.service || 'unnamed-nodejs-service'
+    this.service = service || 'unnamed-nodejs-service'
+    this.version = version || ''
     this.sequence = 0
 
     if (this.enabled) {
@@ -96,6 +99,7 @@ class DataStreamsProcessor {
       Service: this.service,
       Stats: serialized,
       TracerVersion: pkg.version,
+      Version: this.version,
       Lang: 'javascript'
     }
     this.writer.flush(payload)

package/packages/dd-trace/src/dogstatsd.js

@@ -5,6 +5,7 @@ const request = require('./exporters/common/request')
 const dgram = require('dgram')
 const isIP = require('net').isIP
 const log = require('./log')
+const { URL, format } = require('url')
 
 const MAX_BUFFER_SIZE = 1024 // limit from the agent
 
@@ -13,9 +14,7 @@ const TYPE_GAUGE = 'g'
 const TYPE_DISTRIBUTION = 'd'
 
 class DogStatsDClient {
-  constructor (options) {
-    options = options || {}
-
+  constructor (options = {}) {
     if (options.metricsProxyUrl) {
       this._httpOptions = {
         url: options.metricsProxyUrl.toString(),
@@ -35,14 +34,14 @@ class DogStatsDClient {
     this._udp6 = this._socket('udp6')
   }
 
-  gauge (stat, value, tags) {
-    this._add(stat, value, TYPE_GAUGE, tags)
-  }
-
   increment (stat, value, tags) {
     this._add(stat, value, TYPE_COUNTER, tags)
   }
 
+  gauge (stat, value, tags) {
+    this._add(stat, value, TYPE_GAUGE, tags)
+  }
+
   distribution (stat, value, tags) {
     this._add(stat, value, TYPE_DISTRIBUTION, tags)
   }
@@ -50,6 +49,8 @@ class DogStatsDClient {
   flush () {
     const queue = this._enqueue()
 
+    log.debug(`Flushing ${queue.length} metrics via ${this._httpOptions ? 'HTTP' : 'UDP'}`)
+
     if (this._queue.length === 0) return
 
     this._queue = []
@@ -141,6 +142,44 @@ class DogStatsDClient {
 
     return socket
   }
+
+  static generateClientConfig (config = {}) {
+    const tags = []
+
+    if (config.tags) {
+      Object.keys(config.tags)
+        .filter(key => typeof config.tags[key] === 'string')
+        .filter(key => {
+          // Skip runtime-id unless enabled as cardinality may be too high
+          if (key !== 'runtime-id') return true
+          return (config.experimental && config.experimental.runtimeId)
+        })
+        .forEach(key => {
+          // https://docs.datadoghq.com/tagging/#defining-tags
+          const value = config.tags[key].replace(/[^a-z0-9_:./-]/ig, '_')
+
+          tags.push(`${key}:${value}`)
+        })
+    }
+
+    const clientConfig = {
+      host: config.dogstatsd.hostname,
+      port: config.dogstatsd.port,
+      tags
+    }
+
+    if (config.url) {
+      clientConfig.metricsProxyUrl = config.url
+    } else if (config.port) {
+      clientConfig.metricsProxyUrl = new URL(format({
+        protocol: 'http:',
+        hostname: config.hostname || 'localhost',
+        port: config.port
+      }))
+    }
+
+    return clientConfig
+  }
 }
 
 class NoopDogStatsDClient {
@@ -153,7 +192,68 @@ class NoopDogStatsDClient {
   flush () { }
 }
 
+// This is a simplified user-facing proxy to the underlying DogStatsDClient instance
+class CustomMetrics {
+  constructor (config) {
+    const clientConfig = DogStatsDClient.generateClientConfig(config)
+    this.dogstatsd = new DogStatsDClient(clientConfig)
+  }
+
+  increment (stat, value = 1, tags) {
+    return this.dogstatsd.increment(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  decrement (stat, value = 1, tags) {
+    return this.dogstatsd.increment(
+      stat,
+      value * -1,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  gauge (stat, value, tags) {
+    return this.dogstatsd.gauge(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  distribution (stat, value, tags) {
+    return this.dogstatsd.distribution(
+      stat,
+      value,
+      CustomMetrics.tagTranslator(tags)
+    )
+  }
+
+  flush () {
+    return this.dogstatsd.flush()
+  }
+
+  /**
+   * Exposing { tagName: 'tagValue' } to the end user
+   * These are translated into [ 'tagName:tagValue' ] for internal use
+   */
+  static tagTranslator (objTags) {
+    const arrTags = []
+
+    if (!objTags) return arrTags
+
+    for (const [key, value] of Object.entries(objTags)) {
+      arrTags.push(`${key}:${value}`)
+    }
+
+    return arrTags
+  }
+}
+
 module.exports = {
   DogStatsDClient,
-  NoopDogStatsDClient
+  NoopDogStatsDClient,
+  CustomMetrics
 }

package/packages/dd-trace/src/exporters/agent/writer.js

@@ -2,7 +2,7 @@
 
 const request = require('../common/request')
 const { startupLog } = require('../../startup-log')
-const metrics = require('../../metrics')
+const runtimeMetrics = require('../../runtime_metrics')
 const log = require('../../log')
 const tracerVersion = require('../../../../../package.json').version
 const BaseWriter = require('../common/writer')
@@ -22,19 +22,19 @@ class Writer extends BaseWriter {
   }
 
   _sendPayload (data, count, done) {
-    metrics.increment(`${METRIC_PREFIX}.requests`, true)
+    runtimeMetrics.increment(`${METRIC_PREFIX}.requests`, true)
 
     const { _headers, _lookup, _protocolVersion, _url } = this
     makeRequest(_protocolVersion, data, count, _url, _headers, _lookup, true, (err, res, status) => {
       if (status) {
-        metrics.increment(`${METRIC_PREFIX}.responses`, true)
-        metrics.increment(`${METRIC_PREFIX}.responses.by.status`, `status:${status}`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.responses`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.responses.by.status`, `status:${status}`, true)
       } else if (err) {
-        metrics.increment(`${METRIC_PREFIX}.errors`, true)
-        metrics.increment(`${METRIC_PREFIX}.errors.by.name`, `name:${err.name}`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.errors`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.errors.by.name`, `name:${err.name}`, true)
 
         if (err.code) {
-          metrics.increment(`${METRIC_PREFIX}.errors.by.code`, `code:${err.code}`, true)
+          runtimeMetrics.increment(`${METRIC_PREFIX}.errors.by.code`, `code:${err.code}`, true)
         }
       }
 
@@ -53,8 +53,8 @@ class Writer extends BaseWriter {
       } catch (e) {
         log.error(e)
 
-        metrics.increment(`${METRIC_PREFIX}.errors`, true)
-        metrics.increment(`${METRIC_PREFIX}.errors.by.name`, `name:${e.name}`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.errors`, true)
+        runtimeMetrics.increment(`${METRIC_PREFIX}.errors.by.name`, `name:${e.name}`, true)
       }
       done()
     })

package/packages/dd-trace/src/exporters/common/request.js

@@ -42,10 +42,19 @@ function urlToOptions (url) {
   return options
 }
 
-function fromUrlString (url) {
-  return typeof urlToHttpOptions === 'function'
-    ? urlToOptions(new URL(url))
-    : urlParse(url)
+function fromUrlString (urlString) {
+  const url = typeof urlToHttpOptions === 'function'
+    ? urlToOptions(new URL(urlString))
+    : urlParse(urlString)
+
+  // Add the 'hostname' back if we're using named pipes
+  if (url.protocol === 'unix:' && url.host === '.') {
+    const udsPath = urlString.replace(/^unix:/, '')
+    url.path = udsPath
+    url.pathname = udsPath
+  }
+
+  return url
 }
 
 function request (data, options, callback) {

package/packages/dd-trace/src/format.js

@@ -13,7 +13,7 @@ const SPAN_SAMPLING_MECHANISM = constants.SPAN_SAMPLING_MECHANISM
 const SPAN_SAMPLING_RULE_RATE = constants.SPAN_SAMPLING_RULE_RATE
 const SPAN_SAMPLING_MAX_PER_SECOND = constants.SPAN_SAMPLING_MAX_PER_SECOND
 const SAMPLING_MECHANISM_SPAN = constants.SAMPLING_MECHANISM_SPAN
-const MEASURED = tags.MEASURED
+const { MEASURED, BASE_SERVICE } = tags
 const ORIGIN_KEY = constants.ORIGIN_KEY
 const HOSTNAME_KEY = constants.HOSTNAME_KEY
 const TOP_LEVEL_KEY = constants.TOP_LEVEL_KEY
@@ -73,6 +73,11 @@ function extractTags (trace, span) {
     addTag({}, trace.metrics, MEASURED, 1)
   }
 
+  const tracerService = span.tracer()._service.toLowerCase()
+  if (tags['service.name']?.toLowerCase() !== tracerService) {
+    span.setTag(BASE_SERVICE, tracerService)
+  }
+
   for (const tag in tags) {
     switch (tag) {
       case 'service.name':

package/packages/dd-trace/src/opentracing/propagation/text_map.js

@@ -343,10 +343,10 @@ class TextMapPropagator {
               spanContext._trace.origin = value
               break
             case 't.dm': {
-              const mechanism = -Math.abs(parseInt(value, 10))
+              const mechanism = Math.abs(parseInt(value, 10))
               if (Number.isInteger(mechanism)) {
                 spanContext._sampling.mechanism = mechanism
-                spanContext._trace.tags['_dd.p.dm'] = String(mechanism)
+                spanContext._trace.tags['_dd.p.dm'] = `-${mechanism}`
               }
               break
             }