dd-trace 4.19.0 → 4.21.0

package/LICENSE-3rdparty.csv

@@ -30,6 +30,7 @@ require,opentracing,MIT,Copyright 2016 Resonance Labs Inc
 require,path-to-regexp,MIT,Copyright 2014 Blake Embrey
 require,pprof-format,MIT,Copyright 2022 Stephen Belanger
 require,protobufjs,BSD-3-Clause,Copyright 2016 Daniel Wirtz
+require,tlhunter-sorted-set,MIT,Copyright (c) 2023 Datadog Inc.
 require,retry,MIT,Copyright 2011 Tim Koschützki Felix Geisendörfer
 require,semver,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,@types/node,MIT,Copyright Authors

package/index.d.ts

@@ -578,6 +578,22 @@ export declare interface TracerOptions {
        * @default 'safe'
        */
       mode?: 'safe' | 'extended' | 'disabled'
+    },
+
+    /**
+     * Configuration for Api Security sampling
+     */
+    apiSecurity?: {
+      /** Whether to enable Api Security.
+       * @default false
+       */
+      enabled?: boolean,
+
+      /** Controls the request sampling rate (between 0 and 1) in which Api Security is triggered.
+       * The value will be coerced back if it's outside of the 0-1 range.
+       * @default 0.1
+       */
+      requestSampling?: number
     }
   };
 
@@ -927,6 +943,14 @@ declare namespace plugins {
      * @default code => code < 500
      */
     validateStatus?: (code: number) => boolean;
+
+    /**
+     * Enable injection of tracing headers into requests signed with AWS IAM headers.
+     * Disable this if you get AWS signature errors (HTTP 403).
+     *
+     * @default false
+     */
+    enablePropagationWithAmazonHeaders?: boolean;
   }
 
   /** @hidden */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "4.19.0",
+  "version": "4.21.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -68,11 +68,11 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@datadog/native-appsec": "4.0.0",
+    "@datadog/native-appsec": "5.0.0",
     "@datadog/native-iast-rewriter": "2.2.1",
     "@datadog/native-iast-taint-tracking": "1.6.4",
     "@datadog/native-metrics": "^2.0.0",
-    "@datadog/pprof": "4.0.1",
+    "@datadog/pprof": "4.1.0",
     "@datadog/sketches-js": "^2.1.0",
     "@opentelemetry/api": "^1.0.0",
     "@opentelemetry/core": "^1.14.0",
@@ -97,8 +97,9 @@
     "node-abort-controller": "^3.1.1",
     "opentracing": ">=0.12.1",
     "path-to-regexp": "^0.1.2",
-    "pprof-format": "^2.0.7", 
-    "protobufjs": "^7.2.4",
+    "pprof-format": "^2.0.7",
+    "protobufjs": "^7.2.5",
+    "tlhunter-sorted-set": "^0.1.0",
     "retry": "^0.13.1",
     "semver": "^7.5.4"
   },

package/packages/datadog-instrumentations/src/aerospike.js

@@ -0,0 +1,47 @@
+'use strict'
+
+const {
+  addHook
+} = require('./helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+
+const tracingChannel = require('dc-polyfill').tracingChannel
+const ch = tracingChannel('apm:aerospike:command')
+
+function wrapCreateCommand (createCommand) {
+  if (typeof createCommand !== 'function') return createCommand
+
+  return function commandWithTrace () {
+    const CommandClass = createCommand.apply(this, arguments)
+
+    if (!CommandClass) return CommandClass
+
+    shimmer.wrap(CommandClass.prototype, 'process', wrapProcess)
+
+    return CommandClass
+  }
+}
+
+function wrapProcess (process) {
+  return function (...args) {
+    const cb = args[0]
+    if (typeof cb !== 'function') return process.apply(this, args)
+
+    const ctx = {
+      commandName: this.constructor.name,
+      commandArgs: this.args,
+      clientConfig: this.client.config
+    }
+
+    return ch.traceCallback(process, -1, ctx, this, ...args)
+  }
+}
+
+addHook({
+  name: 'aerospike',
+  file: 'lib/commands/command.js',
+  versions: ['^3.16.2', '4', '5']
+},
+commandFactory => {
+  return shimmer.wrap(commandFactory, wrapCreateCommand(commandFactory))
+})

package/packages/datadog-instrumentations/src/helpers/hooks.js

@@ -20,6 +20,7 @@ module.exports = {
   '@opentelemetry/sdk-trace-node': () => require('../otel-sdk-trace'),
   '@redis/client': () => require('../redis'),
   '@smithy/smithy-client': () => require('../aws-sdk'),
+  'aerospike': () => require('../aerospike'),
   'amqp10': () => require('../amqp10'),
   'amqplib': () => require('../amqplib'),
   'aws-sdk': () => require('../aws-sdk'),

package/packages/datadog-instrumentations/src/http/client.js

@@ -58,6 +58,7 @@ function patch (http, methodName) {
         }
 
         const options = args.options
+
         const finish = () => {
           if (!finished) {
             finished = true
@@ -69,8 +70,28 @@ function patch (http, methodName) {
           const req = request.call(this, options, callback)
           const emit = req.emit
 
+          const requestSetTimeout = req.setTimeout
+
           ctx.req = req
 
+          // tracked to accurately discern custom request socket timeout
+          let customRequestTimeout = false
+
+          req.setTimeout = function () {
+            customRequestTimeout = true
+            return requestSetTimeout.apply(this, arguments)
+          }
+
+          req.on('socket', socket => {
+            if (socket) {
+              const socketSetTimeout = socket.setTimeout
+              socket.setTimeout = function () {
+                customRequestTimeout = true
+                return socketSetTimeout.apply(this, arguments)
+              }
+            }
+          })
+
           req.emit = function (eventName, arg) {
             switch (eventName) {
               case 'response': {
@@ -88,6 +109,7 @@ function patch (http, methodName) {
               case 'error':
               case 'timeout':
                 ctx.error = arg
+                ctx.customRequestTimeout = customRequestTimeout
                 errorChannel.publish(ctx)
               case 'abort': // deprecated and replaced by `close` in node 17
               case 'close':

package/packages/datadog-instrumentations/src/jest.js

@@ -44,6 +44,7 @@ const itrSkippedSuitesCh = channel('ci:jest:itr:skipped-suites')
 let skippableSuites = []
 let isCodeCoverageEnabled = false
 let isSuitesSkippingEnabled = false
+let isUserCodeCoverageEnabled = false
 let isSuitesSkipped = false
 let numSkippedSuites = 0
 let hasUnskippableSuites = false
@@ -289,11 +290,14 @@ function cliWrapper (cli, jestVersion) {
     } = result
 
     let testCodeCoverageLinesTotal
-    try {
-      const { pct, total } = coverageMap.getCoverageSummary().lines
-      testCodeCoverageLinesTotal = total !== 0 ? pct : 0
-    } catch (e) {
-      // ignore errors
+
+    if (isUserCodeCoverageEnabled) {
+      try {
+        const { pct, total } = coverageMap.getCoverageSummary().lines
+        testCodeCoverageLinesTotal = total !== 0 ? pct : 0
+      } catch (e) {
+        // ignore errors
+      }
     }
     let status, error
 
@@ -436,6 +440,8 @@ function configureTestEnvironment (readConfigsResult) {
     config.testEnvironmentOptions._ddTestCodeCoverageEnabled = isCodeCoverageEnabled
   })
 
+  isUserCodeCoverageEnabled = !!readConfigsResult.globalConfig.collectCoverage
+
   if (isCodeCoverageEnabled) {
     const globalConfig = {
       ...readConfigsResult.globalConfig,

package/packages/datadog-instrumentations/src/kafkajs.js

@@ -8,13 +8,31 @@ const {
 const shimmer = require('../../datadog-shimmer')
 
 const producerStartCh = channel('apm:kafkajs:produce:start')
+const producerCommitCh = channel('apm:kafkajs:produce:commit')
 const producerFinishCh = channel('apm:kafkajs:produce:finish')
 const producerErrorCh = channel('apm:kafkajs:produce:error')
 
 const consumerStartCh = channel('apm:kafkajs:consume:start')
+const consumerCommitCh = channel('apm:kafkajs:consume:commit')
 const consumerFinishCh = channel('apm:kafkajs:consume:finish')
 const consumerErrorCh = channel('apm:kafkajs:consume:error')
 
+function commitsFromEvent (event) {
+  const { payload: { groupId, topics } } = event
+  const commitList = []
+  for (const { topic, partitions } of topics) {
+    for (const { partition, offset } of partitions) {
+      commitList.push({
+        groupId,
+        partition,
+        offset,
+        topic
+      })
+    }
+  }
+  consumerCommitCh.publish(commitList)
+}
+
 addHook({ name: 'kafkajs', file: 'src/index.js', versions: ['>=1.4'] }, (BaseKafka) => {
   class Kafka extends BaseKafka {
     constructor (options) {
@@ -58,6 +76,12 @@ addHook({ name: 'kafkajs', file: 'src/index.js', versions: ['>=1.4'] }, (BaseKaf
             })
           )
 
+          result.then(res => {
+            if (producerCommitCh.hasSubscribers) {
+              producerCommitCh.publish(res)
+            }
+          })
+
           return result
         } catch (e) {
           producerErrorCh.publish(e)
@@ -75,6 +99,9 @@ addHook({ name: 'kafkajs', file: 'src/index.js', versions: ['>=1.4'] }, (BaseKaf
     }
 
     const consumer = createConsumer.apply(this, arguments)
+
+    consumer.on(consumer.events.COMMIT_OFFSETS, commitsFromEvent)
+
     const run = consumer.run
 
     const groupId = arguments[0].groupId

package/packages/datadog-instrumentations/src/next.js

@@ -144,7 +144,9 @@ function instrument (req, res, handler) {
 function wrapServeStatic (serveStatic) {
   return function (req, res, path) {
     return instrument(req, res, () => {
-      if (pageLoadChannel.hasSubscribers && path) pageLoadChannel.publish({ page: path })
+      if (pageLoadChannel.hasSubscribers && path) {
+        pageLoadChannel.publish({ page: path, isStatic: true })
+      }
 
       return serveStatic.apply(this, arguments)
     })

package/packages/datadog-instrumentations/src/restify.js

@@ -55,7 +55,7 @@ function wrapFn (fn) {
         return result.then(function () {
           nextChannel.publish({ req })
           finishChannel.publish({ req })
-          return arguments
+          return arguments[0]
         }).catch(function (error) {
           errorChannel.publish({ req, error })
           nextChannel.publish({ req })

package/packages/datadog-plugin-aerospike/src/index.js

@@ -0,0 +1,113 @@
+'use strict'
+
+const { storage } = require('../../datadog-core')
+const DatabasePlugin = require('../../dd-trace/src/plugins/database')
+
+const AEROSPIKE_PEER_SERVICE = 'aerospike.namespace'
+
+class AerospikePlugin extends DatabasePlugin {
+  static get id () { return 'aerospike' }
+  static get operation () { return 'command' }
+  static get system () { return 'aerospike' }
+  static get prefix () {
+    return 'tracing:apm:aerospike:command'
+  }
+
+  static get peerServicePrecursors () {
+    return [AEROSPIKE_PEER_SERVICE]
+  }
+
+  bindStart (ctx) {
+    const { commandName, commandArgs } = ctx
+    const resourceName = commandName.slice(0, commandName.indexOf('Command'))
+    const store = storage.getStore()
+    const childOf = store ? store.span : null
+    const meta = getMeta(resourceName, commandArgs)
+
+    const span = this.startSpan(this.operationName(), {
+      childOf,
+      service: this.serviceName({ pluginConfig: this.config }),
+      type: 'aerospike',
+      kind: 'client',
+      resource: resourceName,
+      meta
+    }, false)
+
+    ctx.parentStore = store
+    ctx.currentStore = { ...store, span }
+
+    return ctx.currentStore
+  }
+
+  bindAsyncStart (ctx) {
+    if (ctx.currentStore) {
+      // have to manually trigger peer service calculation when using tracing channel
+      this.tagPeerService(ctx.currentStore.span)
+      ctx.currentStore.span.finish()
+    }
+    return ctx.parentStore
+  }
+
+  end (ctx) {
+    if (ctx.result) {
+      // have to manually trigger peer service calculation when using tracing channel
+      this.tagPeerService(ctx.currentStore.span)
+      ctx.currentStore.span.finish()
+    }
+  }
+
+  error (ctx) {
+    if (ctx.error) {
+      const error = ctx.error
+      const span = ctx.currentStore.span
+      span.setTag('error', error)
+    }
+  }
+}
+
+function getMeta (resourceName, commandArgs) {
+  let meta = {}
+  if (resourceName.includes('Index')) {
+    const [ns, set, bin, index] = commandArgs
+    meta = getMetaForIndex(ns, set, bin, index)
+  } else if (resourceName === 'Query') {
+    const { ns, set } = commandArgs[2]
+    meta = getMetaForQuery({ ns, set })
+  } else if (isKeyObject(commandArgs[0])) {
+    const { ns, set, key } = commandArgs[0]
+    meta = getMetaForKey(ns, set, key)
+  }
+  return meta
+}
+
+function getMetaForIndex (ns, set, bin, index) {
+  return {
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set,
+    'aerospike.bin': bin,
+    'aerospike.index': index
+  }
+}
+
+function getMetaForKey (ns, set, key) {
+  return {
+    'aerospike.key': `${ns}:${set}:${key}`,
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set,
+    'aerospike.userkey': key
+  }
+}
+
+function getMetaForQuery (queryObj) {
+  const { ns, set } = queryObj
+  return {
+    [AEROSPIKE_PEER_SERVICE]: ns,
+    'aerospike.setname': set
+  }
+}
+
+function isKeyObject (obj) {
+  return obj && obj.ns !== undefined && obj.set !== undefined && obj.key !== undefined
+}
+
+module.exports = AerospikePlugin

package/packages/datadog-plugin-http/src/client.js

@@ -58,7 +58,7 @@ class HttpClientPlugin extends ClientPlugin {
       span._spanContext._trace.record = false
     }
 
-    if (!(hasAmazonSignature(options) || !this.config.propagationFilter(uri))) {
+    if (this.shouldInjectTraceHeaders(options, uri)) {
       this.tracer.inject(span, HTTP_HEADERS, options.headers)
     }
 
@@ -71,6 +71,18 @@ class HttpClientPlugin extends ClientPlugin {
     return message.currentStore
   }
 
+  shouldInjectTraceHeaders (options, uri) {
+    if (hasAmazonSignature(options) && !this.config.enablePropagationWithAmazonHeaders) {
+      return false
+    }
+
+    if (!this.config.propagationFilter(uri)) {
+      return false
+    }
+
+    return true
+  }
+
   bindAsyncStart ({ parentStore }) {
     return parentStore
   }
@@ -98,7 +110,7 @@ class HttpClientPlugin extends ClientPlugin {
     span.finish()
   }
 
-  error ({ span, error }) {
+  error ({ span, error, args, customRequestTimeout }) {
     if (!span) return
     if (error) {
       span.addTags({
@@ -107,6 +119,11 @@ class HttpClientPlugin extends ClientPlugin {
         [ERROR_STACK]: error.stack
       })
     } else {
+      // conditions for no error:
+      // 1. not using a custom agent instance with custom timeout specified
+      // 2. no invocation of `req.setTimeout` or `socket.setTimeout`
+      if (!args.options.agent?.options.timeout && !customRequestTimeout) return
+
       span.setTag('error', 1)
     }
   }

package/packages/datadog-plugin-kafkajs/src/consumer.js

@@ -7,6 +7,57 @@ class KafkajsConsumerPlugin extends ConsumerPlugin {
   static get id () { return 'kafkajs' }
   static get operation () { return 'consume' }
 
+  constructor () {
+    super(...arguments)
+    this.addSub('apm:kafkajs:consume:commit', message => this.commit(message))
+  }
+
+  /**
+   * Transform individual commit details sent by kafkajs' event reporter
+   * into actionable backlog items for DSM
+   *
+   * @typedef {object} ConsumerBacklog
+   * @property {number} type
+   * @property {string} consumer_group
+   * @property {string} topic
+   * @property {number} partition
+   * @property {number} offset
+   *
+   * @typedef {object} CommitEventItem
+   * @property {string} groupId
+   * @property {string} topic
+   * @property {number} partition
+   * @property {import('kafkajs/utils/long').Long} offset
+   *
+   * @param {CommitEventItem} commit
+   * @returns {ConsumerBacklog}
+   */
+  transformCommit (commit) {
+    const { groupId, partition, offset, topic } = commit
+    return {
+      partition,
+      topic,
+      type: 'kafka_commit',
+      offset: Number(offset),
+      consumer_group: groupId
+    }
+  }
+
+  commit (commitList) {
+    if (!this.config.dsmEnabled) return
+    const keys = [
+      'consumer_group',
+      'type',
+      'partition',
+      'offset',
+      'topic'
+    ]
+    for (const commit of commitList.map(this.transformCommit)) {
+      if (keys.some(key => !commit.hasOwnProperty(key))) continue
+      this.tracer.setOffset(commit)
+    }
+  }
+
   start ({ topic, partition, message, groupId }) {
     const childOf = extract(this.tracer, message.headers)
     const span = this.startSpan({

package/packages/datadog-plugin-kafkajs/src/producer.js

@@ -11,6 +11,61 @@ class KafkajsProducerPlugin extends ProducerPlugin {
   static get operation () { return 'produce' }
   static get peerServicePrecursors () { return [BOOTSTRAP_SERVERS_KEY] }
 
+  constructor () {
+    super(...arguments)
+    this.addSub('apm:kafkajs:produce:commit', message => this.commit(message))
+  }
+
+  /**
+   * Transform individual commit details sent by kafkajs' event reporter
+   * into actionable backlog items for DSM
+   *
+   * @typedef {object} ProducerBacklog
+   * @property {number} type
+   * @property {string} topic
+   * @property {number} partition
+   * @property {number} offset
+   *
+   * @typedef {object} ProducerResponseItem
+   * @property {string} topic
+   * @property {number} partition
+   * @property {import('kafkajs/utils/long').Long} [offset]
+   * @property {import('kafkajs/utils/long').Long} [baseOffset]
+   *
+   * @param {ProducerResponseItem} response
+   * @returns {ProducerBacklog}
+   */
+  transformProduceResponse (response) {
+    // In produce protocol >=v3, the offset key changes from `offset` to `baseOffset`
+    const { topicName: topic, partition, offset, baseOffset } = response
+    const offsetAsLong = offset || baseOffset
+    return {
+      type: 'kafka_produce',
+      partition,
+      offset: offsetAsLong ? Number(offsetAsLong) : undefined,
+      topic
+    }
+  }
+
+  /**
+   *
+   * @param {ProducerResponseItem[]} commitList
+   * @returns {void}
+   */
+  commit (commitList) {
+    if (!this.config.dsmEnabled) return
+    const keys = [
+      'type',
+      'partition',
+      'offset',
+      'topic'
+    ]
+    for (const commit of commitList.map(this.transformProduceResponse)) {
+      if (keys.some(key => !commit.hasOwnProperty(key))) continue
+      this.tracer.setOffset(commit)
+    }
+  }
+
   start ({ topic, messages, bootstrapServers }) {
     let pathwayCtx
     const span = this.startSpan({

package/packages/datadog-plugin-next/src/index.js

@@ -65,7 +65,7 @@ class NextPlugin extends ServerPlugin {
     span.finish()
   }
 
-  pageLoad ({ page, isAppPath = false }) {
+  pageLoad ({ page, isAppPath = false, isStatic = false }) {
     const store = storage.getStore()
 
     if (!store) return
@@ -82,12 +82,12 @@ class NextPlugin extends ServerPlugin {
     // remove ending /route or /page for appDir projects
     if (isAppPath) page = page.substring(0, page.lastIndexOf('/'))
 
-    // This is for static files whose 'page' includes the whole file path
-    // For normal page matches, like /api/hello/[name] and a req.url like /api/hello/world,
-    // nothing should happen
-    // For page matches like /User/something/public/text.txt and req.url like /text.txt,
-    // it should disregard the extra absolute path Next.js sometimes sets
-    if (page.includes(req.url)) page = req.url
+    // handle static resource
+    if (isStatic) {
+      page = req.url.includes('_next/static')
+        ? '/_next/static/*'
+        : '/public/*'
+    }
 
     span.addTags({
       [COMPONENT]: this.constructor.id,

package/packages/dd-trace/src/appsec/addresses.js

@@ -16,5 +16,6 @@ module.exports = {
 
   HTTP_CLIENT_IP: 'http.client_ip',
 
-  USER_ID: 'usr.id'
+  USER_ID: 'usr.id',
+  WAF_CONTEXT_PROCESSOR: 'waf.context.processor'
 }

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js

@@ -3,6 +3,7 @@
 module.exports = {
   'COMMAND_INJECTION_ANALYZER': require('./command-injection-analyzer'),
   'HARCODED_SECRET_ANALYZER': require('./hardcoded-secret-analyzer'),
+  'HEADER_INJECTION_ANALYZER': require('./header-injection-analyzer'),
   'HSTS_HEADER_MISSING_ANALYZER': require('./hsts-header-missing-analyzer'),
   'INSECURE_COOKIE_ANALYZER': require('./insecure-cookie-analyzer'),
   'LDAP_ANALYZER': require('./ldap-injection-analyzer'),