dd-trace 4.18.0 → 4.20.0

package/LICENSE-3rdparty.csv

@@ -8,7 +8,7 @@ require,@datadog/sketches-js,Apache license 2.0,Copyright 2020 Datadog Inc.
 require,@opentelemetry/api,Apache license 2.0,Copyright OpenTelemetry Authors
 require,@opentelemetry/core,Apache license 2.0,Copyright OpenTelemetry Authors
 require,crypto-randomuuid,MIT,Copyright 2021 Node.js Foundation and contributors
-require,diagnostics_channel,MIT,Copyright 2021 Simon D.
+require,dc-polyfill,MIT,Copyright 2023 Datadog Inc.
 require,ignore,MIT,Copyright 2013 Kael Zhang and contributors
 require,import-in-the-middle,Apache license 2.0,Copyright 2021 Datadog Inc.
 require,int64-buffer,MIT,Copyright 2015-2016 Yusuke Kawasaki
@@ -28,6 +28,7 @@ require,msgpack-lite,MIT,Copyright 2015 Yusuke Kawasaki
 require,node-abort-controller,MIT,Copyright (c) 2019 Steve Faulkner
 require,opentracing,MIT,Copyright 2016 Resonance Labs Inc
 require,path-to-regexp,MIT,Copyright 2014 Blake Embrey
+require,pprof-format,MIT,Copyright 2022 Stephen Belanger
 require,protobufjs,BSD-3-Clause,Copyright 2016 Daniel Wirtz
 require,retry,MIT,Copyright 2011 Tim Koschützki Felix Geisendörfer
 require,semver,ISC,Copyright Isaac Z. Schlueter and Contributors
@@ -62,7 +63,6 @@ dev,mocha,MIT,Copyright 2011-2018 JS Foundation and contributors https://js.foun
 dev,multer,MIT,Copyright 2014 Hage Yaapa
 dev,nock,MIT,Copyright 2017 Pedro Teixeira and other contributors
 dev,nyc,ISC,Copyright 2015 Contributors
-dev,pprof-format,MIT,Copyright 2022 Stephen Belanger
 dev,proxyquire,MIT,Copyright 2013 Thorsten Lorenz
 dev,rimraf,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,sinon,BSD-3-Clause,Copyright 2010-2017 Christian Johansen

package/README.md

@@ -202,11 +202,11 @@ To get around this, one can treat all third party modules, or at least third par
 
 For these reasons it's necessary to have custom-built bundler plugins. Such plugins are able to instruct the bundler on how to behave, injecting intermediary code and otherwise intercepting the "translated" `require()` calls. The result is that many more packages are then included in the bundled JavaScript file. Some applications can have 100% of modules bundled, however native modules still need to remain external to the bundle.
 
-### Esbuild Support
+### ESBuild Support
 
-This library provides experimental esbuild support in the form of an esbuild plugin, and currently requires at least Node.js v16.17 or v18.7. To use the plugin, make sure you have `dd-trace@3+` installed, and then require the `dd-trace/esbuild` module when building your bundle.
+This library provides experimental ESBuild support in the form of an ESBuild plugin. Require the `dd-trace/esbuild` module when building your bundle to enable the plugin.
 
-Here's an example of how one might use `dd-trace` with esbuild:
+Here's an example of how one might use `dd-trace` with ESBuild:
 
 ```javascript
 const ddPlugin = require('dd-trace/esbuild')

package/ext/kinds.d.ts

@@ -3,6 +3,7 @@ declare const kinds: {
   CLIENT: 'client'
   PRODUCER: 'producer'
   CONSUMER: 'consumer'
+  INTERNAL: 'internal'
 }
 
 export = kinds

package/ext/kinds.js

@@ -4,5 +4,6 @@ module.exports = {
   SERVER: 'server',
   CLIENT: 'client',
   PRODUCER: 'producer',
-  CONSUMER: 'consumer'
+  CONSUMER: 'consumer',
+  INTERNAL: 'internal'
 }

package/ext/tags.d.ts

@@ -17,7 +17,8 @@ declare const tags: {
   HTTP_REQUEST_HEADERS: 'http.request.headers'
   HTTP_RESPONSE_HEADERS: 'http.response.headers'
   HTTP_USERAGENT: 'http.useragent',
-  HTTP_CLIENT_IP: 'http.client_ip'
+  HTTP_CLIENT_IP: 'http.client_ip',
+  PATHWAY_HASH: 'pathway.hash'
 }
 
 export = tags

package/ext/tags.js

@@ -22,7 +22,12 @@ const tags = {
   HTTP_REQUEST_HEADERS: 'http.request.headers',
   HTTP_RESPONSE_HEADERS: 'http.response.headers',
   HTTP_USERAGENT: 'http.useragent',
-  HTTP_CLIENT_IP: 'http.client_ip'
+  HTTP_CLIENT_IP: 'http.client_ip',
+
+  // Messaging
+
+  // DSM Specific
+  PATHWAY_HASH: 'pathway.hash'
 }
 
 // Deprecated

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "4.18.0",
+  "version": "4.20.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -19,7 +19,7 @@
     "test:appsec:ci": "nyc --no-clean --include \"packages/dd-trace/src/appsec/**/*.js\" --exclude \"packages/dd-trace/test/appsec/**/*.plugin.spec.js\" -- npm run test:appsec",
     "test:appsec:plugins": "mocha --colors --exit -r \"packages/dd-trace/test/setup/mocha.js\" \"packages/dd-trace/test/appsec/**/*.@($(echo $PLUGINS)).plugin.spec.js\"",
     "test:appsec:plugins:ci": "yarn services && nyc --no-clean --include \"packages/dd-trace/src/appsec/**/*.js\" -- npm run test:appsec:plugins",
-    "test:trace:core": "tap packages/dd-trace/test/*.spec.js \"packages/dd-trace/test/{ci-visibility,encode,exporters,opentelemetry,opentracing,plugins,service-naming,telemetry}/**/*.spec.js\"",
+    "test:trace:core": "tap packages/dd-trace/test/*.spec.js \"packages/dd-trace/test/{ci-visibility,datastreams,encode,exporters,opentelemetry,opentracing,plugins,service-naming,telemetry}/**/*.spec.js\"",
     "test:trace:core:ci": "npm run test:trace:core -- --coverage --nyc-arg=--include=\"packages/dd-trace/src/**/*.js\"",
     "test:instrumentations": "mocha --colors -r 'packages/dd-trace/test/setup/mocha.js' 'packages/datadog-instrumentations/test/**/*.spec.js'",
     "test:instrumentations:ci": "nyc --no-clean --include 'packages/datadog-instrumentations/src/**/*.js' -- npm run test:instrumentations",
@@ -68,16 +68,16 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@datadog/native-appsec": "^4.0.0",
+    "@datadog/native-appsec": "4.0.0",
     "@datadog/native-iast-rewriter": "2.2.1",
-    "@datadog/native-iast-taint-tracking": "1.6.3",
+    "@datadog/native-iast-taint-tracking": "1.6.4",
     "@datadog/native-metrics": "^2.0.0",
     "@datadog/pprof": "4.0.1",
     "@datadog/sketches-js": "^2.1.0",
     "@opentelemetry/api": "^1.0.0",
     "@opentelemetry/core": "^1.14.0",
     "crypto-randomuuid": "^1.0.0",
-    "diagnostics_channel": "^1.1.0",
+    "dc-polyfill": "^0.1.2",
     "ignore": "^5.2.4",
     "import-in-the-middle": "^1.4.2",
     "int64-buffer": "^0.1.9",
@@ -97,6 +97,7 @@
     "node-abort-controller": "^3.1.1",
     "opentracing": ">=0.12.1",
     "path-to-regexp": "^0.1.2",
+    "pprof-format": "^2.0.7", 
     "protobufjs": "^7.2.4",
     "retry": "^0.13.1",
     "semver": "^7.5.4"
@@ -133,7 +134,6 @@
     "multer": "^1.4.5-lts.1",
     "nock": "^11.3.3",
     "nyc": "^15.1.0",
-    "pprof-format": "^2.0.7",
     "proxyquire": "^1.8.0",
     "rimraf": "^3.0.0",
     "sinon": "^15.2.0",

package/packages/datadog-core/src/storage/async_resource.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const { createHook, executionAsyncResource } = require('async_hooks')
-const { channel } = require('../../../diagnostics_channel')
+const { channel } = require('dc-polyfill')
 
 const beforeCh = channel('dd-trace:storage:before')
 const afterCh = channel('dd-trace:storage:after')

package/packages/datadog-esbuild/index.js

@@ -5,8 +5,6 @@
 const instrumentations = require('../datadog-instrumentations/src/helpers/instrumentations.js')
 const hooks = require('../datadog-instrumentations/src/helpers/hooks.js')
 
-warnIfUnsupported()
-
 for (const hook of Object.values(hooks)) {
   hook()
 }
@@ -144,7 +142,7 @@ module.exports.setup = function (build) {
         ${fileCode}
       })(...arguments);
       {
-        const dc = require('diagnostics_channel');
+        const dc = require('dc-polyfill');
         const ch = dc.channel('${CHANNEL}');
         const mod = module.exports
         const payload = {
@@ -167,23 +165,6 @@ module.exports.setup = function (build) {
   })
 }
 
-// Currently esbuild support requires Node.js >=v16.17 or >=v18.7
-// Better yet it would support Node >=v14.17 or >=v16
-// Of course, the most ideal would be to support all versions of Node that dd-trace supports.
-// Version constraints based on Node's diagnostics_channel support
-function warnIfUnsupported () {
-  const [major, minor] = process.versions.node.split('.').map(Number)
-  if (
-    major < 16 ||
-    (major === 16 && minor < 17) ||
-    (major === 18 && minor < 7)) {
-    console.error('WARNING: Esbuild support isn\'t available for older versions of Node.js.')
-    console.error(`Expected: Node.js >=v16.17 or >=v18.7. Actual: Node.js = ${process.version}.`)
-    console.error('This application may build properly with this version of Node.js, but unless a')
-    console.error('more recent version is used at runtime, third party packages won\'t be instrumented.')
-  }
-}
-
 // @see https://github.com/nodejs/node/issues/47000
 function dotFriendlyResolve (path, directory) {
   if (path === '.') {

package/packages/datadog-instrumentations/src/helpers/bundler-register.js

@@ -1,7 +1,6 @@
 'use strict'
 
-// eslint-disable-next-line n/no-restricted-require
-const dc = require('diagnostics_channel')
+const dc = require('dc-polyfill')
 
 const {
   filename,

package/packages/datadog-instrumentations/src/helpers/instrument.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const dc = require('../../../diagnostics_channel')
+const dc = require('dc-polyfill')
 const semver = require('semver')
 const instrumentations = require('./instrumentations')
 const { AsyncResource } = require('async_hooks')

package/packages/datadog-instrumentations/src/helpers/register.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const { channel } = require('../../../diagnostics_channel')
+const { channel } = require('dc-polyfill')
 const path = require('path')
 const semver = require('semver')
 const Hook = require('./hook')

package/packages/datadog-instrumentations/src/restify.js

@@ -50,7 +50,20 @@ function wrapFn (fn) {
     enterChannel.publish({ req, route })
 
     try {
-      return fn.apply(this, arguments)
+      const result = fn.apply(this, arguments)
+      if (result && typeof result === 'object' && typeof result.then === 'function') {
+        return result.then(function () {
+          nextChannel.publish({ req })
+          finishChannel.publish({ req })
+          return arguments
+        }).catch(function (error) {
+          errorChannel.publish({ req, error })
+          nextChannel.publish({ req })
+          finishChannel.publish({ req })
+          throw error
+        })
+      }
+      return result
     } catch (error) {
       errorChannel.publish({ req, error })
       nextChannel.publish({ req })

package/packages/datadog-plugin-kafkajs/src/consumer.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const { getMessageSize, CONTEXT_PROPAGATION_KEY } = require('../../dd-trace/src/datastreams/processor')
 const ConsumerPlugin = require('../../dd-trace/src/plugins/consumer')
 
 class KafkajsConsumerPlugin extends ConsumerPlugin {
@@ -7,13 +8,8 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
   static get operation () { return 'consume' }
 
   start ({ topic, partition, message, groupId }) {
-    if (this.config.dsmEnabled) {
-      this.tracer.decodeDataStreamsContext(message.headers['dd-pathway-ctx'])
-      this.tracer
-        .setCheckpoint(['direction:in', `group:${groupId}`, `topic:${topic}`, 'type:kafka'])
-    }
     const childOf = extract(this.tracer, message.headers)
-    this.startSpan({
+    const span = this.startSpan({
       childOf,
       resource: topic,
       type: 'worker',
@@ -26,6 +22,12 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
         'kafka.partition': partition
       }
     })
+    if (this.config.dsmEnabled) {
+      const payloadSize = getMessageSize(message)
+      this.tracer.decodeDataStreamsContext(message.headers[CONTEXT_PROPAGATION_KEY])
+      this.tracer
+        .setCheckpoint(['direction:in', `group:${groupId}`, `topic:${topic}`, 'type:kafka'], span, payloadSize)
+    }
   }
 }
 

package/packages/datadog-plugin-kafkajs/src/producer.js

@@ -2,6 +2,8 @@
 
 const ProducerPlugin = require('../../dd-trace/src/plugins/producer')
 const { encodePathwayContext } = require('../../dd-trace/src/datastreams/pathway')
+const { getMessageSize, CONTEXT_PROPAGATION_KEY } = require('../../dd-trace/src/datastreams/processor')
+
 const BOOTSTRAP_SERVERS_KEY = 'messaging.kafka.bootstrap.servers'
 
 class KafkajsProducerPlugin extends ProducerPlugin {
@@ -11,11 +13,6 @@ class KafkajsProducerPlugin extends ProducerPlugin {
 
   start ({ topic, messages, bootstrapServers }) {
     let pathwayCtx
-    if (this.config.dsmEnabled) {
-      const dataStreamsContext = this.tracer
-        .setCheckpoint(['direction:out', `topic:${topic}`, 'type:kafka'])
-      pathwayCtx = encodePathwayContext(dataStreamsContext)
-    }
     const span = this.startSpan({
       resource: topic,
       meta: {
@@ -31,8 +28,14 @@ class KafkajsProducerPlugin extends ProducerPlugin {
     }
     for (const message of messages) {
       if (typeof message === 'object') {
-        if (this.config.dsmEnabled) message.headers['dd-pathway-ctx'] = pathwayCtx
         this.tracer.inject(span, 'text_map', message.headers)
+        if (this.config.dsmEnabled) {
+          const payloadSize = getMessageSize(message)
+          const dataStreamsContext = this.tracer
+            .setCheckpoint(['direction:out', `topic:${topic}`, 'type:kafka'], span, payloadSize)
+          pathwayCtx = encodePathwayContext(dataStreamsContext)
+          message.headers[CONTEXT_PROPAGATION_KEY] = pathwayCtx
+        }
       }
     }
   }

package/packages/dd-trace/src/appsec/channels.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const dc = require('../../../diagnostics_channel')
+const dc = require('dc-polyfill')
 
 // TODO: use TBD naming convention
 module.exports = {

package/packages/dd-trace/src/appsec/iast/iast-log.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const dc = require('../../../../diagnostics_channel')
+const dc = require('dc-polyfill')
 const log = require('../../log')
 const { calculateDDBasePath } = require('../../util')
 

package/packages/dd-trace/src/appsec/iast/iast-plugin.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const { channel } = require('../../../../diagnostics_channel')
+const { channel } = require('dc-polyfill')
 
 const iastLog = require('./iast-log')
 const Plugin = require('../../plugins/plugin')

package/packages/dd-trace/src/appsec/iast/index.js

@@ -3,7 +3,7 @@ const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
 const overheadController = require('./overhead-controller')
-const dc = require('../../../../diagnostics_channel')
+const dc = require('dc-polyfill')
 const iastContextFunctions = require('./iast-context')
 const {
   enableTaintTracking,

package/packages/dd-trace/src/appsec/iast/path-line.js

@@ -13,7 +13,7 @@ const pathLine = {
 }
 
 const EXCLUDED_PATHS = [
-  path.join(path.sep, 'node_modules', 'diagnostics_channel')
+  path.join(path.sep, 'node_modules', 'dc-polyfill')
 ]
 const EXCLUDED_PATH_PREFIXES = [
   'node:diagnostics_channel',

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js

@@ -7,7 +7,7 @@ const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
 const { getRewriteFunction } = require('./rewriter-telemetry')
-const dc = require('../../../../../diagnostics_channel')
+const dc = require('dc-polyfill')
 
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter

package/packages/dd-trace/src/appsec/index.js

@@ -36,7 +36,7 @@ function enable (_config) {
 
     setTemplates(_config)
 
-    RuleManager.applyRules(_config.appsec.rules, _config.appsec)
+    RuleManager.loadRules(_config.appsec)
 
     remoteConfig.enableWafUpdate(_config.appsec)