dd-trace 4.25.0 → 4.27.0

package/packages/datadog-plugin-cypress/src/plugin.js

@@ -24,7 +24,8 @@ const {
   TEST_SKIPPED_BY_ITR,
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
-  ITR_CORRELATION_ID
+  ITR_CORRELATION_ID,
+  TEST_SOURCE_FILE
 } = require('../../dd-trace/src/plugins/util/test')
 const { ORIGIN_KEY, COMPONENT } = require('../../dd-trace/src/constants')
 const log = require('../../dd-trace/src/log')
@@ -45,7 +46,8 @@ const {
   GIT_REPOSITORY_URL,
   GIT_COMMIT_SHA,
   GIT_BRANCH,
-  CI_PROVIDER_NAME
+  CI_PROVIDER_NAME,
+  CI_WORKSPACE_PATH
 } = require('../../dd-trace/src/plugins/util/tags')
 const {
   OS_VERSION,
@@ -119,14 +121,14 @@ function getSuiteStatus (suiteStats) {
   return 'pass'
 }
 
-function getItrConfig (tracer, testConfiguration) {
+function getLibraryConfiguration (tracer, testConfiguration) {
   return new Promise(resolve => {
-    if (!tracer._tracer._exporter || !tracer._tracer._exporter.getItrConfiguration) {
+    if (!tracer._tracer._exporter?.getLibraryConfiguration) {
       return resolve({ err: new Error('CI Visibility was not initialized correctly') })
     }
 
-    tracer._tracer._exporter.getItrConfiguration(testConfiguration, (err, itrConfig) => {
-      resolve({ err, itrConfig })
+    tracer._tracer._exporter.getLibraryConfiguration(testConfiguration, (err, libraryConfig) => {
+      resolve({ err, libraryConfig })
     })
   })
 }
@@ -136,7 +138,7 @@ function getSkippableTests (isSuitesSkippingEnabled, tracer, testConfiguration)
     return Promise.resolve({ skippableTests: [] })
   }
   return new Promise(resolve => {
-    if (!tracer._tracer._exporter || !tracer._tracer._exporter.getItrConfiguration) {
+    if (!tracer._tracer._exporter?.getLibraryConfiguration) {
       return resolve({ err: new Error('CI Visibility was not initialized correctly') })
     }
     tracer._tracer._exporter.getSkippableSuites(testConfiguration, (err, skippableTests, correlationId) => {
@@ -186,7 +188,8 @@ module.exports = (on, config) => {
     [RUNTIME_NAME]: runtimeName,
     [RUNTIME_VERSION]: runtimeVersion,
     [GIT_BRANCH]: branch,
-    [CI_PROVIDER_NAME]: ciProviderName
+    [CI_PROVIDER_NAME]: ciProviderName,
+    [CI_WORKSPACE_PATH]: repositoryRoot
   } = testEnvironmentMetadata
 
   const isUnsupportedCIProvider = !ciProviderName
@@ -205,7 +208,7 @@ module.exports = (on, config) => {
     testLevel: 'test'
   }
 
-  const codeOwnersEntries = getCodeOwnersFileEntries()
+  const codeOwnersEntries = getCodeOwnersFileEntries(repositoryRoot)
 
   let activeSpan = null
   let testSessionSpan = null
@@ -284,12 +287,12 @@ module.exports = (on, config) => {
   }
 
   on('before:run', (details) => {
-    return getItrConfig(tracer, testConfiguration).then(({ err, itrConfig }) => {
+    return getLibraryConfiguration(tracer, testConfiguration).then(({ err, libraryConfig }) => {
       if (err) {
         log.error(err)
       } else {
-        isSuitesSkippingEnabled = itrConfig.isSuitesSkippingEnabled
-        isCodeCoverageEnabled = itrConfig.isCodeCoverageEnabled
+        isSuitesSkippingEnabled = libraryConfig.isSuitesSkippingEnabled
+        isCodeCoverageEnabled = libraryConfig.isCodeCoverageEnabled
       }
 
       return getSkippableTests(isSuitesSkippingEnabled, tracer, testConfiguration)
@@ -359,6 +362,11 @@ module.exports = (on, config) => {
         cypressTestName === test.name && spec.relative === test.suite
       )
       const skippedTestSpan = getTestSpan(cypressTestName, spec.relative)
+      if (spec.absolute && repositoryRoot) {
+        skippedTestSpan.setTag(TEST_SOURCE_FILE, getTestSuitePath(spec.absolute, repositoryRoot))
+      } else {
+        skippedTestSpan.setTag(TEST_SOURCE_FILE, spec.relative)
+      }
       skippedTestSpan.setTag(TEST_STATUS, 'skip')
       if (isSkippedByItr) {
         skippedTestSpan.setTag(TEST_SKIPPED_BY_ITR, 'true')
@@ -390,6 +398,11 @@ module.exports = (on, config) => {
       if (itrCorrelationId) {
         finishedTest.testSpan.setTag(ITR_CORRELATION_ID, itrCorrelationId)
       }
+      if (spec.absolute && repositoryRoot) {
+        finishedTest.testSpan.setTag(TEST_SOURCE_FILE, getTestSuitePath(spec.absolute, repositoryRoot))
+      } else {
+        finishedTest.testSpan.setTag(TEST_SOURCE_FILE, spec.relative)
+      }
       finishedTest.testSpan.finish(finishedTest.finishTime)
     })
 

package/packages/datadog-plugin-graphql/src/index.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const pick = require('../../utils/src/pick')
 const CompositePlugin = require('../../dd-trace/src/plugins/composite')
 const log = require('../../dd-trace/src/log')
 const GraphQLExecutePlugin = require('./execute')
@@ -63,10 +64,4 @@ function getHooks (config) {
   return { execute, parse, validate }
 }
 
-// non-lodash pick
-
-function pick (obj, selectors) {
-  return Object.fromEntries(Object.entries(obj).filter(([key]) => selectors.includes(key)))
-}
-
 module.exports = GraphQLPlugin

package/packages/datadog-plugin-grpc/src/client.js

@@ -41,7 +41,6 @@ class GrpcClientPlugin extends ClientPlugin {
         'grpc.status.code': 0
       }
     }, false)
-
     // needed as precursor for peer.service
     if (method.service && method.package) {
       span.setTag('rpc.service', method.package + '.' + method.service)
@@ -68,7 +67,7 @@ class GrpcClientPlugin extends ClientPlugin {
     this.addError(error, span)
   }
 
-  finish ({ span, result }) {
+  finish ({ span, result, peer }) {
     if (!span) return
 
     const { code, metadata } = result || {}
@@ -80,6 +79,21 @@ class GrpcClientPlugin extends ClientPlugin {
       addMetadataTags(span, metadata, metadataFilter, 'response')
     }
 
+    if (peer) {
+      // The only scheme we want to support here is ipv[46]:port, although
+      // more are supported by the library
+      // https://github.com/grpc/grpc/blob/v1.60.0/doc/naming.md
+      const parts = peer.split(':')
+      if (parts[parts.length - 1].match(/^\d+/)) {
+        const port = parts[parts.length - 1]
+        const ip = parts.slice(0, -1).join(':')
+        span.setTag('network.destination.ip', ip)
+        span.setTag('network.destination.port', port)
+      } else {
+        span.setTag('network.destination.ip', peer)
+      }
+    }
+
     this.tagPeerService(span)
     span.finish()
   }

package/packages/datadog-plugin-grpc/src/util.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const pick = require('lodash.pick')
+const pick = require('../../utils/src/pick')
 const log = require('../../dd-trace/src/log')
 
 module.exports = {

package/packages/datadog-plugin-http/src/client.js

@@ -122,7 +122,7 @@ class HttpClientPlugin extends ClientPlugin {
       // conditions for no error:
       // 1. not using a custom agent instance with custom timeout specified
       // 2. no invocation of `req.setTimeout`
-      if (!args.options.agent?.options.timeout && !customRequestTimeout) return
+      if (!args.options.agent?.options?.timeout && !customRequestTimeout) return
 
       span.setTag('error', 1)
     }

package/packages/datadog-plugin-jest/src/index.js

@@ -14,7 +14,12 @@ const {
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
   TEST_CODE_OWNERS,
-  ITR_CORRELATION_ID
+  ITR_CORRELATION_ID,
+  TEST_SOURCE_FILE,
+  getTestSuitePath,
+  TEST_IS_NEW,
+  TEST_EARLY_FLAKE_IS_RETRY,
+  TEST_EARLY_FLAKE_IS_ENABLED
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const id = require('../../dd-trace/src/id')
@@ -81,7 +86,9 @@ class JestPlugin extends CiPlugin {
       numSkippedSuites,
       hasUnskippableSuites,
       hasForcedToRunSuites,
-      error
+      error,
+      isEarlyFlakeDetectionEnabled,
+      onDone
     }) => {
       this.testSessionSpan.setTag(TEST_STATUS, status)
       this.testModuleSpan.setTag(TEST_STATUS, status)
@@ -106,23 +113,34 @@ class JestPlugin extends CiPlugin {
         }
       )
 
+      if (isEarlyFlakeDetectionEnabled) {
+        this.testSessionSpan.setTag(TEST_EARLY_FLAKE_IS_ENABLED, 'true')
+      }
+
       this.testModuleSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'module')
       this.testSessionSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'session')
       finishAllTraceSpans(this.testSessionSpan)
-      this.tracer._exporter.flush()
+
+      this.tracer._exporter.flush(() => {
+        if (onDone) {
+          onDone()
+        }
+      })
     })
 
     // Test suites can be run in a different process from jest's main one.
     // This subscriber changes the configuration objects from jest to inject the trace id
-    // of the test session to the processes that run the test suites.
+    // of the test session to the processes that run the test suites, and other data.
     this.addSub('ci:jest:session:configuration', configs => {
       configs.forEach(config => {
         config._ddTestSessionId = this.testSessionSpan.context().toTraceId()
         config._ddTestModuleId = this.testModuleSpan.context().toSpanId()
         config._ddTestCommand = this.testSessionSpan.context()._tags[TEST_COMMAND]
         config._ddItrCorrelationId = this.itrCorrelationId
+        config._ddIsEarlyFlakeDetectionEnabled = !!this.libraryConfig?.isEarlyFlakeDetectionEnabled
+        config._ddEarlyFlakeDetectionNumRetries = this.libraryConfig?.earlyFlakeDetectionNumRetries ?? 0
       })
     })
 
@@ -223,7 +241,7 @@ class JestPlugin extends CiPlugin {
     })
 
     /**
-     * This can't use `this.itrConfig` like `ci:mocha:test-suite:code-coverage`
+     * This can't use `this.libraryConfig` like `ci:mocha:test-suite:code-coverage`
      * because this subscription happens in a different process from the one
      * fetching the ITR config.
      */
@@ -286,7 +304,17 @@ class JestPlugin extends CiPlugin {
   }
 
   startTestSpan (test) {
-    const { suite, name, runner, testParameters, frameworkVersion, testStartLine } = test
+    const {
+      suite,
+      name,
+      runner,
+      testParameters,
+      frameworkVersion,
+      testStartLine,
+      testFileAbsolutePath,
+      isNew,
+      isEfdRetry
+    } = test
 
     const extraTags = {
       [JEST_TEST_RUNNER]: runner,
@@ -296,6 +324,19 @@ class JestPlugin extends CiPlugin {
     if (testStartLine) {
       extraTags[TEST_SOURCE_START] = testStartLine
     }
+    if (testFileAbsolutePath) {
+      extraTags[TEST_SOURCE_FILE] = getTestSuitePath(testFileAbsolutePath, this.repositoryRoot)
+    } else {
+      // If for whatever we don't have the full path, we'll set the source file to the suite name
+      extraTags[TEST_SOURCE_FILE] = suite
+    }
+
+    if (isNew) {
+      extraTags[TEST_IS_NEW] = 'true'
+      if (isEfdRetry) {
+        extraTags[TEST_EARLY_FLAKE_IS_RETRY] = 'true'
+      }
+    }
 
     return super.startTestSpan(name, suite, this.testSuiteSpan, extraTags)
   }

package/packages/datadog-plugin-mocha/src/index.js

@@ -15,7 +15,8 @@ const {
   TEST_ITR_UNSKIPPABLE,
   TEST_ITR_FORCED_RUN,
   TEST_CODE_OWNERS,
-  ITR_CORRELATION_ID
+  ITR_CORRELATION_ID,
+  TEST_SOURCE_FILE
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -42,7 +43,7 @@ class MochaPlugin extends CiPlugin {
     this.sourceRoot = process.cwd()
 
     this.addSub('ci:mocha:test-suite:code-coverage', ({ coverageFiles, suiteFile }) => {
-      if (!this.itrConfig || !this.itrConfig.isCodeCoverageEnabled) {
+      if (!this.libraryConfig?.isCodeCoverageEnabled) {
         return
       }
       const testSuiteSpan = this._testSuites.get(suiteFile)
@@ -98,7 +99,7 @@ class MochaPlugin extends CiPlugin {
         }
       })
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_CREATED, 'suite')
-      if (this.itrConfig?.isCodeCoverageEnabled) {
+      if (this.libraryConfig?.isCodeCoverageEnabled) {
         this.telemetry.ciVisEvent(TELEMETRY_CODE_COVERAGE_STARTED, 'suite', { library: 'istanbul' })
       }
       if (itrCorrelationId) {
@@ -192,7 +193,7 @@ class MochaPlugin extends CiPlugin {
       error
     }) => {
       if (this.testSessionSpan) {
-        const { isSuitesSkippingEnabled, isCodeCoverageEnabled } = this.itrConfig || {}
+        const { isSuitesSkippingEnabled, isCodeCoverageEnabled } = this.libraryConfig || {}
         this.testSessionSpan.setTag(TEST_STATUS, status)
         this.testModuleSpan.setTag(TEST_STATUS, status)
 
@@ -222,7 +223,7 @@ class MochaPlugin extends CiPlugin {
         this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'session')
         finishAllTraceSpans(this.testSessionSpan)
       }
-      this.itrConfig = null
+      this.libraryConfig = null
       this.tracer._exporter.flush()
     })
   }
@@ -244,6 +245,14 @@ class MochaPlugin extends CiPlugin {
     const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.sourceRoot)
     const testSuiteSpan = this._testSuites.get(testSuiteAbsolutePath)
 
+    const testSourceFile = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
+
+    if (testSourceFile) {
+      extraTags[TEST_SOURCE_FILE] = testSourceFile
+    } else {
+      extraTags[TEST_SOURCE_FILE] = testSuite
+    }
+
     return super.startTestSpan(testName, testSuite, testSuiteSpan, extraTags)
   }
 }

package/packages/datadog-plugin-playwright/src/index.js

@@ -9,7 +9,9 @@ const {
   getTestSuitePath,
   getTestSuiteCommonTags,
   TEST_SOURCE_START,
-  TEST_CODE_OWNERS
+  TEST_CODE_OWNERS,
+  TEST_SOURCE_FILE,
+  TEST_CONFIGURATION_BROWSER_NAME
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT } = require('../../dd-trace/src/constants')
@@ -76,10 +78,11 @@ class PlaywrightPlugin extends CiPlugin {
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'suite')
     })
 
-    this.addSub('ci:playwright:test:start', ({ testName, testSuiteAbsolutePath, testSourceLine }) => {
+    this.addSub('ci:playwright:test:start', ({ testName, testSuiteAbsolutePath, testSourceLine, browserName }) => {
       const store = storage.getStore()
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.rootDir)
-      const span = this.startTestSpan(testName, testSuite, testSourceLine)
+      const testSourceFile = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
+      const span = this.startTestSpan(testName, testSuite, testSourceFile, testSourceLine, browserName)
 
       this.enter(span, store)
     })
@@ -126,9 +129,20 @@ class PlaywrightPlugin extends CiPlugin {
     })
   }
 
-  startTestSpan (testName, testSuite, testSourceLine) {
+  startTestSpan (testName, testSuite, testSourceFile, testSourceLine, browserName) {
     const testSuiteSpan = this._testSuites.get(testSuite)
-    return super.startTestSpan(testName, testSuite, testSuiteSpan, { [TEST_SOURCE_START]: testSourceLine })
+
+    const extraTags = {
+      [TEST_SOURCE_START]: testSourceLine
+    }
+    if (testSourceFile) {
+      extraTags[TEST_SOURCE_FILE] = testSourceFile || testSuite
+    }
+    if (browserName) {
+      extraTags[TEST_CONFIGURATION_BROWSER_NAME] = browserName
+    }
+
+    return super.startTestSpan(testName, testSuite, testSuiteSpan, extraTags)
   }
 }
 

package/packages/datadog-plugin-rhea/src/consumer.js

@@ -2,6 +2,7 @@
 
 const ConsumerPlugin = require('../../dd-trace/src/plugins/consumer')
 const { storage } = require('../../datadog-core')
+const { getAmqpMessageSize, CONTEXT_PROPAGATION_KEY } = require('../../dd-trace/src/datastreams/processor')
 
 class RheaConsumerPlugin extends ConsumerPlugin {
   static get id () { return 'rhea' }
@@ -19,7 +20,7 @@ class RheaConsumerPlugin extends ConsumerPlugin {
     const name = getResourceNameFromMessage(msgObj)
     const childOf = extractTextMap(msgObj, this.tracer)
 
-    this.startSpan({
+    const span = this.startSpan({
       childOf,
       resource: name,
       type: 'worker',
@@ -29,6 +30,15 @@ class RheaConsumerPlugin extends ConsumerPlugin {
         'amqp.link.role': 'receiver'
       }
     })
+
+    if (this.config.dsmEnabled && msgObj.message) {
+      const payloadSize = getAmqpMessageSize(
+        { headers: msgObj.message.delivery_annotations, content: msgObj.message.body }
+      )
+      this.tracer.decodeDataStreamsContext(msgObj.message.delivery_annotations[CONTEXT_PROPAGATION_KEY])
+      this.tracer
+        .setCheckpoint(['direction:in', `topic:${name}`, 'type:rabbitmq'], span, payloadSize)
+    }
   }
 }
 

package/packages/datadog-plugin-rhea/src/producer.js

@@ -2,6 +2,8 @@
 
 const { CLIENT_PORT_KEY } = require('../../dd-trace/src/constants')
 const ProducerPlugin = require('../../dd-trace/src/plugins/producer')
+const { encodePathwayContext } = require('../../dd-trace/src/datastreams/pathway')
+const { getAmqpMessageSize, CONTEXT_PROPAGATION_KEY } = require('../../dd-trace/src/datastreams/processor')
 
 class RheaProducerPlugin extends ProducerPlugin {
   static get id () { return 'rhea' }
@@ -36,6 +38,15 @@ function addDeliveryAnnotations (msg, tracer, span) {
     msg.delivery_annotations = msg.delivery_annotations || {}
 
     tracer.inject(span, 'text_map', msg.delivery_annotations)
+
+    if (tracer._config.dsmEnabled) {
+      const targetName = span.context()._tags['amqp.link.target.address']
+      const payloadSize = getAmqpMessageSize({ content: msg.body, headers: msg.delivery_annotations })
+      const dataStreamsContext = tracer
+        .setCheckpoint(['direction:out', `exchange:${targetName}`, 'type:rabbitmq'], span, payloadSize)
+      const pathwayCtx = encodePathwayContext(dataStreamsContext)
+      msg.delivery_annotations[CONTEXT_PROPAGATION_KEY] = pathwayCtx
+    }
   }
 }
 

package/packages/dd-trace/src/appsec/addresses.js

@@ -15,6 +15,8 @@ module.exports = {
   HTTP_INCOMING_GRAPHQL_RESOLVERS: 'graphql.server.all_resolvers',
   HTTP_INCOMING_GRAPHQL_RESOLVER: 'graphql.server.resolver',
 
+  HTTP_OUTGOING_BODY: 'server.response.body',
+
   HTTP_CLIENT_IP: 'http.client_ip',
 
   USER_ID: 'usr.id',

package/packages/dd-trace/src/appsec/api_security_sampler.js

@@ -5,6 +5,8 @@ const log = require('../log')
 let enabled
 let requestSampling
 
+const sampledRequests = new WeakSet()
+
 function configure ({ apiSecurity }) {
   enabled = apiSecurity.enabled
   setRequestSampling(apiSecurity.requestSampling)
@@ -32,17 +34,28 @@ function parseRequestSampling (requestSampling) {
   return parsed
 }
 
-function sampleRequest () {
+function sampleRequest (req) {
   if (!enabled || !requestSampling) {
     return false
   }
 
-  return Math.random() <= requestSampling
+  const shouldSample = Math.random() <= requestSampling
+
+  if (shouldSample) {
+    sampledRequests.add(req)
+  }
+
+  return shouldSample
+}
+
+function isSampled (req) {
+  return sampledRequests.has(req)
 }
 
 module.exports = {
   configure,
   disable,
   setRequestSampling,
-  sampleRequest
+  sampleRequest,
+  isSampled
 }

package/packages/dd-trace/src/appsec/channels.js

@@ -16,5 +16,6 @@ module.exports = {
   queryParser: dc.channel('datadog:query:read:finish'),
   setCookieChannel: dc.channel('datadog:iast:set-cookie'),
   nextBodyParsed: dc.channel('apm:next:body-parsed'),
-  nextQueryParsed: dc.channel('apm:next:query-parsed')
+  nextQueryParsed: dc.channel('apm:next:query-parsed'),
+  responseBody: dc.channel('datadog:express:response:json:start')
 }

package/packages/dd-trace/src/appsec/iast/analyzers/command-injection-analyzer.js

@@ -8,7 +8,7 @@ class CommandInjectionAnalyzer extends InjectionAnalyzer {
   }
 
   onConfigure () {
-    this.addSub('datadog:child_process:execution:start', ({ command }) => this.analyze(command))
+    this.addSub('tracing:datadog:child_process:execution:start', ({ command }) => this.analyze(command))
   }
 }
 

package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js

@@ -9,7 +9,7 @@ const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
 const { HTTP_REQUEST_PARAMETER, HTTP_REQUEST_BODY } = require('../taint-tracking/source-types')
 
-const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose')
+const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const MONGODB_NOSQL_SECURE_MARK = getNextSecureMark()
 
 function iterateObjectStrings (target, fn, levelKeys = [], depth = 50, visited = new Set()) {
@@ -37,34 +37,39 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
   onConfigure () {
     this.configureSanitizers()
 
-    this.addSub('datadog:mongodb:collection:filter:start', ({ filters }) => {
+    const onStart = ({ filters }) => {
       const store = storage.getStore()
       if (store && !store.nosqlAnalyzed && filters?.length) {
         filters.forEach(filter => {
           this.analyze({ filter }, store)
         })
       }
-    })
 
-    this.addSub('datadog:mongoose:model:filter:start', ({ filters }) => {
-      const store = storage.getStore()
-      if (!store) return
+      return store
+    }
 
-      if (filters?.length) {
-        filters.forEach(filter => {
-          this.analyze({ filter }, store)
-        })
+    const onStartAndEnterWithStore = (message) => {
+      const store = onStart(message || {})
+      if (store) {
+        storage.enterWith({ ...store, nosqlAnalyzed: true, nosqlParentStore: store })
       }
+    }
 
-      storage.enterWith({ ...store, nosqlAnalyzed: true, mongooseParentStore: store })
-    })
-
-    this.addSub('datadog:mongoose:model:filter:finish', () => {
+    const onFinish = () => {
       const store = storage.getStore()
-      if (store?.mongooseParentStore) {
-        storage.enterWith(store.mongooseParentStore)
+      if (store?.nosqlParentStore) {
+        storage.enterWith(store.nosqlParentStore)
       }
-    })
+    }
+
+    this.addSub('datadog:mongodb:collection:filter:start', onStart)
+
+    this.addSub('datadog:mongoose:model:filter:start', onStartAndEnterWithStore)
+    this.addSub('datadog:mongoose:model:filter:finish', onFinish)
+
+    this.addSub('datadog:mquery:filter:prepare', onStart)
+    this.addSub('tracing:datadog:mquery:filter:start', onStartAndEnterWithStore)
+    this.addSub('tracing:datadog:mquery:filter:asyncEnd', onFinish)
   }
 
   configureSanitizers () {

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js

@@ -4,8 +4,6 @@ const InjectionAnalyzer = require('./injection-analyzer')
 const { SQL_INJECTION } = require('../vulnerabilities')
 const { getRanges } = require('../taint-tracking/operations')
 const { storage } = require('../../../../../datadog-core')
-const { getIastContext } = require('../iast-context')
-const { addVulnerability } = require('../vulnerability-reporter')
 const { getNodeModulesPaths } = require('../path-line')
 
 const EXCLUDED_PATHS = getNodeModulesPaths('mysql', 'mysql2', 'sequelize', 'pg-pool', 'knex')
@@ -16,9 +14,9 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
   }
 
   onConfigure () {
-    this.addSub('apm:mysql:query:start', ({ sql }) => this.analyze(sql, 'MYSQL'))
-    this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql, 'MYSQL'))
-    this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text, 'POSTGRES'))
+    this.addSub('apm:mysql:query:start', ({ sql }) => this.analyze(sql, undefined, 'MYSQL'))
+    this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql, undefined, 'MYSQL'))
+    this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text, undefined, 'POSTGRES'))
 
     this.addSub(
       'datadog:sequelize:query:start',
@@ -42,7 +40,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
   getStoreAndAnalyze (query, dialect) {
     const parentStore = storage.getStore()
     if (parentStore) {
-      this.analyze(query, dialect, parentStore)
+      this.analyze(query, parentStore, dialect)
 
       storage.enterWith({ ...parentStore, sqlAnalyzed: true, sqlParentStore: parentStore })
     }
@@ -60,29 +58,10 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
     return { value, ranges, dialect }
   }
 
-  analyze (value, dialect, store = storage.getStore()) {
+  analyze (value, store, dialect) {
+    store = store || storage.getStore()
     if (!(store && store.sqlAnalyzed)) {
-      const iastContext = getIastContext(store)
-      if (this._isInvalidContext(store, iastContext)) return
-      this._reportIfVulnerable(value, iastContext, dialect)
-    }
-  }
-
-  _reportIfVulnerable (value, context, dialect) {
-    if (this._isVulnerable(value, context) && this._checkOCE(context)) {
-      this._report(value, context, dialect)
-      return true
-    }
-    return false
-  }
-
-  _report (value, context, dialect) {
-    const evidence = this._getEvidence(value, context, dialect)
-    const location = this._getLocation()
-    if (!this._isExcluded(location)) {
-      const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
-      const vulnerability = this._createVulnerability(this._type, evidence, spanId, location)
-      addVulnerability(context, vulnerability)
+      super.analyze(value, store, dialect)
     }
   }