dd-trace 4.34.0 → 4.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +15 -0
- package/package.json +2 -1
- package/packages/datadog-instrumentations/src/fetch.js +6 -45
- package/packages/datadog-instrumentations/src/helpers/fetch.js +22 -0
- package/packages/datadog-instrumentations/src/helpers/hooks.js +3 -1
- package/packages/datadog-instrumentations/src/jest.js +77 -10
- package/packages/datadog-instrumentations/src/mongoose.js +2 -1
- package/packages/datadog-instrumentations/src/openai.js +149 -0
- package/packages/datadog-instrumentations/src/otel-sdk-trace.js +6 -1
- package/packages/datadog-instrumentations/src/selenium.js +69 -0
- package/packages/datadog-plugin-cucumber/src/index.js +2 -2
- package/packages/datadog-plugin-cypress/src/cypress-plugin.js +2 -2
- package/packages/datadog-plugin-cypress/src/support.js +19 -3
- package/packages/datadog-plugin-fetch/src/index.js +20 -11
- package/packages/datadog-plugin-jest/src/index.js +7 -2
- package/packages/datadog-plugin-mocha/src/index.js +4 -5
- package/packages/datadog-plugin-openai/src/index.js +159 -32
- package/packages/datadog-plugin-openai/src/services.js +2 -1
- package/packages/datadog-plugin-playwright/src/index.js +2 -2
- package/packages/datadog-plugin-selenium/src/index.js +71 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +1 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js +70 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-analyzer.js +14 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-rules.js +12 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-rule-type.js +6 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-analyzer.js +5 -50
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-rules.js +742 -0
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secrets-rules.js +539 -66
- package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js +1 -9
- package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +4 -2
- package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +1 -0
- package/packages/dd-trace/src/appsec/remote_config/index.js +5 -5
- package/packages/dd-trace/src/appsec/reporter.js +11 -10
- package/packages/dd-trace/src/appsec/telemetry.js +36 -7
- package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +4 -2
- package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js +4 -1
- package/packages/dd-trace/src/config.js +94 -9
- package/packages/dd-trace/src/dogstatsd.js +13 -11
- package/packages/dd-trace/src/index.js +5 -1
- package/packages/dd-trace/src/noop/dogstatsd.js +11 -0
- package/packages/dd-trace/src/noop/proxy.js +3 -0
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +10 -4
- package/packages/dd-trace/src/opentracing/span.js +2 -0
- package/packages/dd-trace/src/plugins/index.js +2 -0
- package/packages/dd-trace/src/plugins/util/test.js +34 -3
- package/packages/dd-trace/src/profiling/config.js +8 -4
- package/packages/dd-trace/src/profiling/exporters/agent.js +5 -3
- package/packages/dd-trace/src/profiling/profiler.js +4 -0
- package/packages/dd-trace/src/profiling/ssi-telemetry-mock-profiler.js +33 -0
- package/packages/dd-trace/src/profiling/ssi-telemetry.js +167 -0
- package/packages/dd-trace/src/proxy.js +33 -7
- package/packages/dd-trace/src/tagger.js +13 -3
- package/packages/dd-trace/src/telemetry/index.js +5 -4
- package/packages/dd-trace/src/telemetry/metrics.js +2 -2
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const Analyzer = require('./vulnerability-analyzer')
|
|
4
|
+
const { getRelativePath } = require('../path-line')
|
|
5
|
+
|
|
6
|
+
class HardcodedBaseAnalyzer extends Analyzer {
|
|
7
|
+
constructor (type, allRules = [], valueOnlyRules = []) {
|
|
8
|
+
super(type)
|
|
9
|
+
|
|
10
|
+
this.allRules = allRules
|
|
11
|
+
this.valueOnlyRules = valueOnlyRules
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
onConfigure () {
|
|
15
|
+
this.addSub('datadog:secrets:result', (secrets) => { this.analyze(secrets) })
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
analyze (secrets) {
|
|
19
|
+
if (!secrets?.file || !secrets.literals) return
|
|
20
|
+
|
|
21
|
+
const { allRules, valueOnlyRules } = this
|
|
22
|
+
|
|
23
|
+
const matches = []
|
|
24
|
+
for (const literal of secrets.literals) {
|
|
25
|
+
const { value, locations } = literal
|
|
26
|
+
if (!value || !locations) continue
|
|
27
|
+
|
|
28
|
+
for (const location of locations) {
|
|
29
|
+
let match
|
|
30
|
+
if (location.ident) {
|
|
31
|
+
const fullValue = `${location.ident}=${value}`
|
|
32
|
+
match = allRules.find(rule => fullValue.match(rule.regex))
|
|
33
|
+
} else {
|
|
34
|
+
match = valueOnlyRules.find(rule => value.match(rule.regex))
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
if (match) {
|
|
38
|
+
matches.push({ location, ruleId: match.id })
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
if (matches.length) {
|
|
44
|
+
const file = getRelativePath(secrets.file)
|
|
45
|
+
|
|
46
|
+
matches
|
|
47
|
+
.forEach(match => this._report({
|
|
48
|
+
file,
|
|
49
|
+
line: match.location.line,
|
|
50
|
+
column: match.location.column,
|
|
51
|
+
data: match.ruleId
|
|
52
|
+
}))
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
_getEvidence (value) {
|
|
57
|
+
return { value: `${value.data}` }
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
_getLocation (value) {
|
|
61
|
+
return {
|
|
62
|
+
path: value.file,
|
|
63
|
+
line: value.line,
|
|
64
|
+
column: value.column,
|
|
65
|
+
isInternal: false
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
module.exports = HardcodedBaseAnalyzer
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
'use strict'
|
|
2
|
+
|
|
3
|
+
const { HARDCODED_PASSWORD } = require('../vulnerabilities')
|
|
4
|
+
const HardcodedBaseAnalyzer = require('./hardcoded-base-analyzer')
|
|
5
|
+
|
|
6
|
+
const allRules = require('./hardcoded-password-rules')
|
|
7
|
+
|
|
8
|
+
class HardcodedPasswordAnalyzer extends HardcodedBaseAnalyzer {
|
|
9
|
+
constructor () {
|
|
10
|
+
super(HARDCODED_PASSWORD, allRules)
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
module.exports = new HardcodedPasswordAnalyzer()
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/* eslint-disable max-len */
|
|
2
|
+
'use strict'
|
|
3
|
+
|
|
4
|
+
const { NameAndValue } = require('./hardcoded-rule-type')
|
|
5
|
+
|
|
6
|
+
module.exports = [
|
|
7
|
+
{
|
|
8
|
+
id: 'hardcoded-password',
|
|
9
|
+
regex: /(?:pwd|pswd|pass|secret)(?:[0-9a-z\-_\t.]{0,20})(?:[\s|']|[\s|""]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|""|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['"\s\x60;]|$)/i,
|
|
10
|
+
type: NameAndValue
|
|
11
|
+
}
|
|
12
|
+
]
|
|
@@ -1,59 +1,14 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
|
-
const Analyzer = require('./vulnerability-analyzer')
|
|
4
3
|
const { HARDCODED_SECRET } = require('../vulnerabilities')
|
|
5
|
-
const
|
|
4
|
+
const HardcodedBaseAnalyzer = require('./hardcoded-base-analyzer')
|
|
5
|
+
const { ValueOnly } = require('./hardcoded-rule-type')
|
|
6
6
|
|
|
7
|
-
const
|
|
7
|
+
const allRules = require('./hardcoded-secret-rules')
|
|
8
8
|
|
|
9
|
-
class HardcodedSecretAnalyzer extends
|
|
9
|
+
class HardcodedSecretAnalyzer extends HardcodedBaseAnalyzer {
|
|
10
10
|
constructor () {
|
|
11
|
-
super(HARDCODED_SECRET)
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
onConfigure () {
|
|
15
|
-
this.addSub('datadog:secrets:result', (secrets) => { this.analyze(secrets) })
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
analyze (secrets) {
|
|
19
|
-
if (!secrets?.file || !secrets.literals) return
|
|
20
|
-
|
|
21
|
-
const matches = secrets.literals
|
|
22
|
-
.filter(literal => literal.value && literal.locations?.length)
|
|
23
|
-
.map(literal => {
|
|
24
|
-
const match = secretRules.find(rule => literal.value.match(rule.regex))
|
|
25
|
-
|
|
26
|
-
return match ? { locations: literal.locations, ruleId: match.id } : undefined
|
|
27
|
-
})
|
|
28
|
-
.filter(match => !!match)
|
|
29
|
-
|
|
30
|
-
if (matches.length) {
|
|
31
|
-
const file = getRelativePath(secrets.file)
|
|
32
|
-
|
|
33
|
-
matches.forEach(match => {
|
|
34
|
-
match.locations
|
|
35
|
-
.filter(location => location.line)
|
|
36
|
-
.forEach(location => this._report({
|
|
37
|
-
file,
|
|
38
|
-
line: location.line,
|
|
39
|
-
column: location.column,
|
|
40
|
-
data: match.ruleId
|
|
41
|
-
}))
|
|
42
|
-
})
|
|
43
|
-
}
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
_getEvidence (value) {
|
|
47
|
-
return { value: `${value.data}` }
|
|
48
|
-
}
|
|
49
|
-
|
|
50
|
-
_getLocation (value) {
|
|
51
|
-
return {
|
|
52
|
-
path: value.file,
|
|
53
|
-
line: value.line,
|
|
54
|
-
column: value.column,
|
|
55
|
-
isInternal: false
|
|
56
|
-
}
|
|
11
|
+
super(HARDCODED_SECRET, allRules, allRules.filter(rule => rule.type === ValueOnly))
|
|
57
12
|
}
|
|
58
13
|
}
|
|
59
14
|
|