dd-trace 4.21.0 → 4.22.0

package/index.d.ts

@@ -567,6 +567,11 @@ export declare interface TracerOptions {
      */
     blockedTemplateJson?: string,
 
+    /**
+     * Specifies a path to a custom blocking template json file for graphql requests
+     */
+    blockedTemplateGraphql?: string,
+
     /**
      * Controls the automated user event tracking configuration
      */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "4.21.0",
+  "version": "4.22.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -68,8 +68,8 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@datadog/native-appsec": "5.0.0",
-    "@datadog/native-iast-rewriter": "2.2.1",
+    "@datadog/native-appsec": "6.0.0",
+    "@datadog/native-iast-rewriter": "2.2.2",
     "@datadog/native-iast-taint-tracking": "1.6.4",
     "@datadog/native-metrics": "^2.0.0",
     "@datadog/pprof": "4.1.0",
@@ -99,9 +99,9 @@
     "path-to-regexp": "^0.1.2",
     "pprof-format": "^2.0.7",
     "protobufjs": "^7.2.5",
-    "tlhunter-sorted-set": "^0.1.0",
     "retry": "^0.13.1",
-    "semver": "^7.5.4"
+    "semver": "^7.5.4",
+    "tlhunter-sorted-set": "^0.1.0"
   },
   "devDependencies": {
     "@types/node": ">=16",

package/packages/datadog-instrumentations/src/apollo-server-core.js

@@ -0,0 +1,41 @@
+'use strict'
+
+const { AbortController } = require('node-abort-controller')
+const { addHook } = require('./helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+const dc = require('dc-polyfill')
+
+const requestChannel = dc.tracingChannel('datadog:apollo-server-core:request')
+
+addHook({ name: 'apollo-server-core', file: 'dist/runHttpQuery.js', versions: ['>3.0.0'] }, runHttpQueryModule => {
+  const HttpQueryError = runHttpQueryModule.HttpQueryError
+
+  shimmer.wrap(runHttpQueryModule, 'runHttpQuery', function wrapRunHttpQuery (originalRunHttpQuery) {
+    return async function runHttpQuery () {
+      if (!requestChannel.start.hasSubscribers) {
+        return originalRunHttpQuery.apply(this, arguments)
+      }
+
+      const abortController = new AbortController()
+      const abortData = {}
+
+      const runHttpQueryResult = requestChannel.tracePromise(
+        originalRunHttpQuery,
+        { abortController, abortData },
+        this,
+        ...arguments)
+
+      const abortPromise = new Promise((resolve, reject) => {
+        abortController.signal.addEventListener('abort', (event) => {
+          // runHttpQuery callbacks are writing the response on resolve/reject.
+          // We should return blocking data in the apollo-server-core HttpQueryError object
+          reject(new HttpQueryError(abortData.statusCode, abortData.message, true, abortData.headers))
+        }, { once: true })
+      })
+
+      return Promise.race([runHttpQueryResult, abortPromise])
+    }
+  })
+
+  return runHttpQueryModule
+})

package/packages/datadog-instrumentations/src/apollo-server.js

@@ -0,0 +1,83 @@
+'use strict'
+
+const { AbortController } = require('node-abort-controller')
+const dc = require('dc-polyfill')
+
+const { addHook } = require('./helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+
+const graphqlMiddlewareChannel = dc.tracingChannel('datadog:apollo:middleware')
+
+const requestChannel = dc.tracingChannel('datadog:apollo:request')
+
+let HeaderMap
+
+function wrapExecuteHTTPGraphQLRequest (originalExecuteHTTPGraphQLRequest) {
+  return async function executeHTTPGraphQLRequest () {
+    if (!HeaderMap || !requestChannel.start.hasSubscribers) {
+      return originalExecuteHTTPGraphQLRequest.apply(this, arguments)
+    }
+
+    const abortController = new AbortController()
+    const abortData = {}
+
+    const graphqlResponseData = requestChannel.tracePromise(
+      originalExecuteHTTPGraphQLRequest,
+      { abortController, abortData },
+      this,
+      ...arguments)
+
+    const abortPromise = new Promise((resolve, reject) => {
+      abortController.signal.addEventListener('abort', (event) => {
+        // This method is expected to return response data
+        // with headers, status and body
+        const headers = new HeaderMap()
+        Object.keys(abortData.headers).forEach(key => {
+          headers.set(key, abortData.headers[key])
+        })
+
+        resolve({
+          headers: headers,
+          status: abortData.statusCode,
+          body: {
+            kind: 'complete',
+            string: abortData.message
+          }
+        })
+      }, { once: true })
+    })
+
+    return Promise.race([abortPromise, graphqlResponseData])
+  }
+}
+
+function apolloExpress4Hook (express4) {
+  shimmer.wrap(express4, 'expressMiddleware', function wrapExpressMiddleware (originalExpressMiddleware) {
+    return function expressMiddleware (server, options) {
+      const originalMiddleware = originalExpressMiddleware.apply(this, arguments)
+
+      return shimmer.wrap(originalMiddleware, function (req, res, next) {
+        if (!graphqlMiddlewareChannel.start.hasSubscribers) {
+          return originalMiddleware.apply(this, arguments)
+        }
+
+        return graphqlMiddlewareChannel.traceSync(originalMiddleware, { req }, this, ...arguments)
+      })
+    }
+  })
+  return express4
+}
+
+function apolloHeaderMapHook (headerMap) {
+  HeaderMap = headerMap.HeaderMap
+  return headerMap
+}
+
+function apolloServerHook (apolloServer) {
+  shimmer.wrap(apolloServer.ApolloServer.prototype, 'executeHTTPGraphQLRequest', wrapExecuteHTTPGraphQLRequest)
+  return apolloServer
+}
+
+addHook({ name: '@apollo/server', file: 'dist/cjs/ApolloServer.js', versions: ['>=4.0.0'] }, apolloServerHook)
+addHook({ name: '@apollo/server', file: 'dist/cjs/express4/index.js', versions: ['>=4.0.0'] }, apolloExpress4Hook)
+addHook({ name: '@apollo/server', file: 'dist/cjs/utils/HeaderMap.js', versions: ['>=4.0.0'] }, apolloHeaderMapHook)

package/packages/datadog-instrumentations/src/graphql.js

@@ -1,5 +1,7 @@
 'use strict'
 
+const { AbortController } = require('node-abort-controller')
+
 const {
   addHook,
   channel,
@@ -37,6 +39,13 @@ const validateStartCh = channel('apm:graphql:validate:start')
 const validateFinishCh = channel('apm:graphql:validate:finish')
 const validateErrorCh = channel('apm:graphql:validate:error')
 
+class AbortError extends Error {
+  constructor (message) {
+    super(message)
+    this.name = 'AbortError'
+  }
+}
+
 function getOperation (document, operationName) {
   if (!document || !Array.isArray(document.definitions)) {
     return
@@ -175,11 +184,11 @@ function wrapExecute (execute) {
           docSource: documentSources.get(document)
         })
 
-        const context = { source, asyncResource, fields: {} }
+        const context = { source, asyncResource, fields: {}, abortController: new AbortController() }
 
         contexts.set(contextValue, context)
 
-        return callInAsyncScope(exe, asyncResource, this, arguments, (err, res) => {
+        return callInAsyncScope(exe, asyncResource, this, arguments, context.abortController, (err, res) => {
           if (finishResolveCh.hasSubscribers) finishResolvers(context)
 
           const error = err || (res && res.errors && res.errors[0])
@@ -207,7 +216,7 @@ function wrapResolve (resolve) {
 
     const field = assertField(context, info, args)
 
-    return callInAsyncScope(resolve, field.asyncResource, this, arguments, (err) => {
+    return callInAsyncScope(resolve, field.asyncResource, this, arguments, context.abortController, (err) => {
       updateFieldCh.publish({ field, info, err })
     })
   }
@@ -217,10 +226,15 @@ function wrapResolve (resolve) {
   return resolveAsync
 }
 
-function callInAsyncScope (fn, aR, thisArg, args, cb) {
+function callInAsyncScope (fn, aR, thisArg, args, abortController, cb) {
   cb = cb || (() => {})
 
   return aR.runInAsyncScope(() => {
+    if (abortController?.signal.aborted) {
+      cb(null, null)
+      throw new AbortError('Aborted')
+    }
+
     try {
       const result = fn.apply(thisArg, args)
       if (result && typeof result.then === 'function') {

package/packages/datadog-instrumentations/src/helpers/hooks.js

@@ -1,6 +1,8 @@
 'use strict'
 
 module.exports = {
+  '@apollo/server': () => require('../apollo-server'),
+  'apollo-server-core': () => require('../apollo-server-core'),
   '@aws-sdk/smithy-client': () => require('../aws-sdk'),
   '@cucumber/cucumber': () => require('../cucumber'),
   '@playwright/test': () => require('../playwright'),

package/packages/datadog-instrumentations/src/http/client.js

@@ -69,29 +69,17 @@ function patch (http, methodName) {
         try {
           const req = request.call(this, options, callback)
           const emit = req.emit
-
-          const requestSetTimeout = req.setTimeout
+          const setTimeout = req.setTimeout
 
           ctx.req = req
 
           // tracked to accurately discern custom request socket timeout
           let customRequestTimeout = false
-
           req.setTimeout = function () {
             customRequestTimeout = true
-            return requestSetTimeout.apply(this, arguments)
+            return setTimeout.apply(this, arguments)
           }
 
-          req.on('socket', socket => {
-            if (socket) {
-              const socketSetTimeout = socket.setTimeout
-              socket.setTimeout = function () {
-                customRequestTimeout = true
-                return socketSetTimeout.apply(this, arguments)
-              }
-            }
-          })
-
           req.emit = function (eventName, arg) {
             switch (eventName) {
               case 'response': {

package/packages/datadog-instrumentations/src/next.js

@@ -65,7 +65,7 @@ function wrapRenderToHTML (renderToHTML) {
 
 function wrapRenderErrorToHTML (renderErrorToHTML) {
   return function (err, req, res, pathname, query) {
-    return instrument(req, res, () => renderErrorToHTML.apply(this, arguments))
+    return instrument(req, res, err, () => renderErrorToHTML.apply(this, arguments))
   }
 }
 
@@ -76,8 +76,8 @@ function wrapRenderToResponse (renderToResponse) {
 }
 
 function wrapRenderErrorToResponse (renderErrorToResponse) {
-  return function (ctx) {
-    return instrument(ctx.req, ctx.res, () => renderErrorToResponse.apply(this, arguments))
+  return function (ctx, err) {
+    return instrument(ctx.req, ctx.res, err, () => renderErrorToResponse.apply(this, arguments))
   }
 }
 
@@ -111,13 +111,23 @@ function getPageFromPath (page, dynamicRoutes = []) {
   return getPagePath(page)
 }
 
-function instrument (req, res, handler) {
+function instrument (req, res, error, handler) {
+  if (typeof error === 'function') {
+    handler = error
+    error = null
+  }
+
   req = req.originalRequest || req
   res = res.originalResponse || res
 
   // TODO support middleware properly in the future?
   const isMiddleware = req.headers[MIDDLEWARE_HEADER]
-  if (isMiddleware || requests.has(req)) return handler()
+  if (isMiddleware || requests.has(req)) {
+    if (error) {
+      errorChannel.publish({ error })
+    }
+    return handler()
+  }
 
   requests.add(req)
 

package/packages/datadog-instrumentations/src/rhea.js

@@ -22,7 +22,7 @@ const dispatchReceiveCh = channel('apm:rhea:receive:dispatch')
 const errorReceiveCh = channel('apm:rhea:receive:error')
 const finishReceiveCh = channel('apm:rhea:receive:finish')
 
-const contexts = new WeakMap()
+const contexts = new WeakMap() // key: delivery Fn, val: context
 
 addHook({ name: 'rhea', versions: ['>=1'] }, rhea => {
   shimmer.wrap(rhea.message, 'encode', encode => function (msg) {
@@ -52,7 +52,8 @@ addHook({ name: 'rhea', versions: ['>=1'], file: 'lib/link.js' }, obj => {
       startSendCh.publish({ targetAddress, host, port, msg })
       const delivery = send.apply(this, arguments)
       const context = {
-        asyncResource
+        asyncResource,
+        connection: this.connection
       }
       contexts.set(delivery, context)
 
@@ -80,7 +81,8 @@ addHook({ name: 'rhea', versions: ['>=1'], file: 'lib/link.js' }, obj => {
 
         if (msgObj.delivery) {
           const context = {
-            asyncResource
+            asyncResource,
+            connection: this.connection
           }
           contexts.set(msgObj.delivery, context)
           msgObj.delivery.update = wrapDeliveryUpdate(msgObj.delivery, msgObj.delivery.update)
@@ -114,7 +116,7 @@ addHook({ name: 'rhea', versions: ['>=1'], file: 'lib/connection.js' }, Connecti
 
           asyncResource.runInAsyncScope(() => {
             errorReceiveCh.publish(error)
-            beforeFinish(delivery, null)
+            exports.beforeFinish(delivery, null)
             finishReceiveCh.publish()
           })
         })
@@ -187,7 +189,7 @@ function patchCircularBuffer (proto, Session) {
                 const state = remoteState && remoteState.constructor
                   ? entry.remote_state.constructor.composite_type : undefined
                 asyncResource.runInAsyncScope(() => {
-                  beforeFinish(entry, state)
+                  exports.beforeFinish(entry, state)
                   finishSendCh.publish()
                 })
               }
@@ -217,13 +219,13 @@ function addToInFlightDeliveries (connection, delivery) {
 }
 
 function beforeFinish (delivery, state) {
-  const obj = contexts.get(delivery)
-  if (obj) {
+  const context = contexts.get(delivery)
+  if (context) {
     if (state) {
       dispatchReceiveCh.publish({ state })
     }
-    if (obj.connection && obj.connection[inFlightDeliveries]) {
-      obj.connection[inFlightDeliveries].delete(delivery)
+    if (context.connection && context.connection[inFlightDeliveries]) {
+      context.connection[inFlightDeliveries].delete(delivery)
     }
   }
 }
@@ -238,3 +240,7 @@ function getStateFromData (stateData) {
     }
   }
 }
+
+module.exports.inFlightDeliveries = inFlightDeliveries
+module.exports.beforeFinish = beforeFinish
+module.exports.contexts = contexts

package/packages/datadog-plugin-graphql/src/resolve.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing')
+const dc = require('dc-polyfill')
 
 const collapsedPathSym = Symbol('collapsedPaths')
 
@@ -14,8 +15,6 @@ class GraphQLResolvePlugin extends TracingPlugin {
     if (!shouldInstrument(this.config, path)) return
     const computedPathString = path.join('.')
 
-    addResolver(context, info, args)
-
     if (this.config.collapse) {
       if (!context[collapsedPathSym]) {
         context[collapsedPathSym] = {}
@@ -55,6 +54,10 @@ class GraphQLResolvePlugin extends TracingPlugin {
           span.setTag(`graphql.variables.${name}`, variables[name])
         })
     }
+
+    if (this.resolverStartCh.hasSubscribers) {
+      this.resolverStartCh.publish({ context, resolverInfo: getResolverInfo(info, args) })
+    }
   }
 
   constructor (...args) {
@@ -69,6 +72,8 @@ class GraphQLResolvePlugin extends TracingPlugin {
       field.finishTime = span._getTime ? span._getTime() : 0
       field.error = field.error || err
     })
+
+    this.resolverStartCh = dc.channel('datadog:graphql:resolver:start')
   }
 
   configure (config) {
@@ -109,28 +114,31 @@ function withCollapse (responsePathAsArray) {
   }
 }
 
-function addResolver (context, info, args) {
-  if (info.rootValue && !info.rootValue[info.fieldName]) {
-    return
-  }
+function getResolverInfo (info, args) {
+  let resolverInfo = null
+  const resolverVars = {}
 
-  if (!context.resolvers) {
-    context.resolvers = {}
+  if (args && Object.keys(args).length) {
+    Object.assign(resolverVars, args)
   }
 
-  const resolvers = context.resolvers
-
-  if (!resolvers[info.fieldName]) {
-    if (args && Object.keys(args).length) {
-      resolvers[info.fieldName] = [args]
-    } else {
-      resolvers[info.fieldName] = []
+  const directives = info.fieldNodes[0].directives
+  for (const directive of directives) {
+    const argList = {}
+    for (const argument of directive['arguments']) {
+      argList[argument.name.value] = argument.value.value
     }
-  } else {
-    if (args && Object.keys(args).length) {
-      resolvers[info.fieldName].push(args)
+
+    if (Object.keys(argList).length) {
+      resolverVars[directive.name.value] = argList
     }
   }
+
+  if (Object.keys(resolverVars).length) {
+    resolverInfo = { [info.fieldName]: resolverVars }
+  }
+
+  return resolverInfo
 }
 
 module.exports = GraphQLResolvePlugin

package/packages/datadog-plugin-http/src/client.js

@@ -121,7 +121,7 @@ class HttpClientPlugin extends ClientPlugin {
     } else {
       // conditions for no error:
       // 1. not using a custom agent instance with custom timeout specified
-      // 2. no invocation of `req.setTimeout` or `socket.setTimeout`
+      // 2. no invocation of `req.setTimeout`
       if (!args.options.agent?.options.timeout && !customRequestTimeout) return
 
       span.setTag('error', 1)

package/packages/datadog-plugin-next/src/index.js

@@ -6,6 +6,8 @@ const analyticsSampler = require('../../dd-trace/src/analytics_sampler')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const web = require('../../dd-trace/src/plugins/util/web')
 
+const errorPages = ['/404', '/500', '/_error', '/_not-found']
+
 class NextPlugin extends ServerPlugin {
   static get id () {
     return 'next'
@@ -40,6 +42,13 @@ class NextPlugin extends ServerPlugin {
   }
 
   error ({ span, error }) {
+    if (!span) {
+      const store = storage.getStore()
+      if (!store) return
+
+      span = store.span
+    }
+
     this.addError(error, span)
   }
 
@@ -50,10 +59,20 @@ class NextPlugin extends ServerPlugin {
 
     const span = store.span
     const error = span.context()._tags['error']
-
-    if (!this.config.validateStatus(res.statusCode) && !error) {
-      span.setTag('error', req.error || nextRequest.error || true)
-      web.addError(req, req.error || nextRequest.error || true)
+    const requestError = req.error || nextRequest.error
+
+    if (requestError) {
+      // prioritize user-set errors from API routes
+      span.setTag('error', requestError)
+      web.addError(req, requestError)
+    } else if (error) {
+      // general error handling
+      span.setTag('error', error)
+      web.addError(req, requestError || error)
+    } else if (!this.config.validateStatus(res.statusCode)) {
+      // where there's no error, we still need to validate status
+      span.setTag('error', true)
+      web.addError(req, true)
     }
 
     span.addTags({
@@ -73,14 +92,21 @@ class NextPlugin extends ServerPlugin {
     const span = store.span
     const req = this._requests.get(span)
 
+    // safeguard against missing req in complicated timeout scenarios
+    if (!req) return
+
     // Only use error page names if there's not already a name
     const current = span.context()._tags['next.page']
-    if (current && ['/404', '/500', '/_error', '/_not-found'].includes(page)) {
+    const isErrorPage = errorPages.includes(page)
+
+    if (current && isErrorPage) {
       return
     }
 
     // remove ending /route or /page for appDir projects
-    if (isAppPath) page = page.substring(0, page.lastIndexOf('/'))
+    // need to check if not an error page too, as those are marked as app directory
+    // in newer versions
+    if (isAppPath && !isErrorPage) page = page.substring(0, page.lastIndexOf('/'))
 
     // handle static resource
     if (isStatic) {

package/packages/dd-trace/src/appsec/activation.js

@@ -0,0 +1,29 @@
+'use strict'
+
+const Activation = {
+  ONECLICK: 'OneClick',
+  ENABLED: 'Enabled',
+  DISABLED: 'Disabled',
+
+  fromConfig (config) {
+    switch (config.appsec.enabled) {
+      // ASM is activated by an env var DD_APPSEC_ENABLED=true
+      case true:
+        return Activation.ENABLED
+
+      // ASM is disabled by an env var DD_APPSEC_ENABLED=false
+      case false:
+        return Activation.DISABLED
+
+      // ASM is activated by one click remote config
+      case undefined:
+        return Activation.ONECLICK
+
+      // Any other value should never occur
+      default:
+        return Activation.DISABLED
+    }
+  }
+}
+
+module.exports = Activation

package/packages/dd-trace/src/appsec/addresses.js

@@ -13,6 +13,7 @@ module.exports = {
   HTTP_INCOMING_RESPONSE_HEADERS: 'server.response.headers.no_cookies',
   // TODO: 'server.response.trailers',
   HTTP_INCOMING_GRAPHQL_RESOLVERS: 'graphql.server.all_resolvers',
+  HTTP_INCOMING_GRAPHQL_RESOLVER: 'graphql.server.resolver',
 
   HTTP_CLIENT_IP: 'http.client_ip',
 

package/packages/dd-trace/src/appsec/api_security_sampler.js

@@ -0,0 +1,48 @@
+'use strict'
+
+const log = require('../log')
+
+let enabled
+let requestSampling
+
+function configure ({ apiSecurity }) {
+  enabled = apiSecurity.enabled
+  setRequestSampling(apiSecurity.requestSampling)
+}
+
+function disable () {
+  enabled = false
+}
+
+function setRequestSampling (sampling) {
+  requestSampling = parseRequestSampling(sampling)
+}
+
+function parseRequestSampling (requestSampling) {
+  let parsed = parseFloat(requestSampling)
+
+  if (isNaN(parsed)) {
+    log.warn(`Incorrect API Security request sampling value: ${requestSampling}`)
+
+    parsed = 0
+  } else {
+    parsed = Math.min(1, Math.max(0, parsed))
+  }
+
+  return parsed
+}
+
+function sampleRequest () {
+  if (!enabled || !requestSampling) {
+    return false
+  }
+
+  return Math.random() <= requestSampling
+}
+
+module.exports = {
+  configure,
+  disable,
+  setRequestSampling,
+  sampleRequest
+}

package/packages/dd-trace/src/appsec/blocked_templates.js

@@ -5,7 +5,10 @@ const html = `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta n
 
 const json = `{"errors":[{"title":"You've been blocked","detail":"Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."}]}`
 
+const graphqlJson = `{"errors":[{"message":"You've been blocked","extensions":{"detail":"Sorry, you cannot perform this operation. Please contact the customer service team. Security provided by Datadog."}}]}`
+
 module.exports = {
   html,
-  json
+  json,
+  graphqlJson
 }