dd-trace 4.36.0 → 4.37.0

package/packages/datadog-plugin-aws-sdk/src/services/stepfunctions.js

@@ -0,0 +1,64 @@
+'use strict'
+const log = require('../../../dd-trace/src/log')
+const BaseAwsSdkPlugin = require('../base')
+
+class Stepfunctions extends BaseAwsSdkPlugin {
+  static get id () { return 'stepfunctions' }
+
+  // This is the shape of StartExecutionInput, as defined in
+  // https://github.com/aws/aws-sdk-js/blob/master/apis/states-2016-11-23.normal.json
+  // "StartExecutionInput": {
+  //   "type": "structure",
+  //   "required": [
+  //     "stateMachineArn"
+  //   ],
+  //   "members": {
+  //     "stateMachineArn": {
+  //       "shape": "Arn",
+  //     },
+  //     "name": {
+  //       "shape": "Name",
+  //     },
+  //     "input": {
+  //       "shape": "SensitiveData",
+  //     },
+  //     "traceHeader": {
+  //       "shape": "TraceHeader",
+  //     }
+  //   }
+
+  generateTags (params, operation, response) {
+    if (!params) return {}
+    const tags = { 'resource.name': params.name ? `${operation} ${params.name}` : `${operation}` }
+    if (operation === 'startExecution' || operation === 'startSyncExecution') {
+      tags.statemachinearn = `${params.stateMachineArn}`
+    }
+    return tags
+  }
+
+  requestInject (span, request) {
+    const operation = request.operation
+    if (operation === 'startExecution' || operation === 'startSyncExecution') {
+      if (!request.params || !request.params.input) {
+        return
+      }
+
+      const input = request.params.input
+
+      try {
+        const inputObj = JSON.parse(input)
+        if (inputObj && typeof inputObj === 'object') {
+          // We've parsed the input JSON string
+          inputObj._datadog = {}
+          this.tracer.inject(span, 'text_map', inputObj._datadog)
+          const newInput = JSON.stringify(inputObj)
+          request.params.input = newInput
+        }
+      } catch (e) {
+        log.info('Unable to treat input as JSON')
+      }
+    }
+  }
+}
+
+module.exports = Stepfunctions

package/packages/datadog-plugin-cucumber/src/index.js

@@ -18,7 +18,14 @@ const {
   TEST_SOURCE_FILE,
   TEST_EARLY_FLAKE_ENABLED,
   TEST_IS_NEW,
-  TEST_IS_RETRY
+  TEST_IS_RETRY,
+  TEST_SUITE_ID,
+  TEST_SESSION_ID,
+  TEST_COMMAND,
+  TEST_MODULE,
+  TEST_MODULE_ID,
+  TEST_SUITE,
+  CUCUMBER_IS_PARALLEL
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT, ERROR_MESSAGE } = require('../../dd-trace/src/constants')
@@ -32,6 +39,22 @@ const {
   TELEMETRY_ITR_UNSKIPPABLE,
   TELEMETRY_CODE_COVERAGE_NUM_FILES
 } = require('../../dd-trace/src/ci-visibility/telemetry')
+const id = require('../../dd-trace/src/id')
+
+const isCucumberWorker = !!process.env.CUCUMBER_WORKER_ID
+
+function getTestSuiteTags (testSuiteSpan) {
+  const suiteTags = {
+    [TEST_SUITE_ID]: testSuiteSpan.context().toSpanId(),
+    [TEST_SESSION_ID]: testSuiteSpan.context().toTraceId(),
+    [TEST_COMMAND]: testSuiteSpan.context()._tags[TEST_COMMAND],
+    [TEST_MODULE]: 'cucumber'
+  }
+  if (testSuiteSpan.context()._parentId) {
+    suiteTags[TEST_MODULE_ID] = testSuiteSpan.context()._parentId.toString(10)
+  }
+  return suiteTags
+}
 
 class CucumberPlugin extends CiPlugin {
   static get id () {
@@ -43,6 +66,8 @@ class CucumberPlugin extends CiPlugin {
 
     this.sourceRoot = process.cwd()
 
+    this.testSuiteSpanByPath = {}
+
     this.addSub('ci:cucumber:session:finish', ({
       status,
       isSuitesSkipped,
@@ -50,7 +75,8 @@ class CucumberPlugin extends CiPlugin {
       testCodeCoverageLinesTotal,
       hasUnskippableSuites,
       hasForcedToRunSuites,
-      isEarlyFlakeDetectionEnabled
+      isEarlyFlakeDetectionEnabled,
+      isParallel
     }) => {
       const { isSuitesSkippingEnabled, isCodeCoverageEnabled } = this.libraryConfig || {}
       addIntelligentTestRunnerSpanTags(
@@ -70,6 +96,9 @@ class CucumberPlugin extends CiPlugin {
       if (isEarlyFlakeDetectionEnabled) {
         this.testSessionSpan.setTag(TEST_EARLY_FLAKE_ENABLED, 'true')
       }
+      if (isParallel) {
+        this.testSessionSpan.setTag(CUCUMBER_IS_PARALLEL, 'true')
+      }
 
       this.testSessionSpan.setTag(TEST_STATUS, status)
       this.testModuleSpan.setTag(TEST_STATUS, status)
@@ -101,7 +130,7 @@ class CucumberPlugin extends CiPlugin {
       if (itrCorrelationId) {
         testSuiteMetadata[ITR_CORRELATION_ID] = itrCorrelationId
       }
-      this.testSuiteSpan = this.tracer.startSpan('cucumber.test_suite', {
+      const testSuiteSpan = this.tracer.startSpan('cucumber.test_suite', {
         childOf: this.testModuleSpan,
         tags: {
           [COMPONENT]: this.constructor.id,
@@ -109,25 +138,29 @@ class CucumberPlugin extends CiPlugin {
           ...testSuiteMetadata
         }
       })
+      this.testSuiteSpanByPath[testSuitePath] = testSuiteSpan
+
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_CREATED, 'suite')
       if (this.libraryConfig?.isCodeCoverageEnabled) {
         this.telemetry.ciVisEvent(TELEMETRY_CODE_COVERAGE_STARTED, 'suite', { library: 'istanbul' })
       }
     })
 
-    this.addSub('ci:cucumber:test-suite:finish', status => {
-      this.testSuiteSpan.setTag(TEST_STATUS, status)
-      this.testSuiteSpan.finish()
+    this.addSub('ci:cucumber:test-suite:finish', ({ status, testSuitePath }) => {
+      const testSuiteSpan = this.testSuiteSpanByPath[testSuitePath]
+      testSuiteSpan.setTag(TEST_STATUS, status)
+      testSuiteSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'suite')
     })
 
-    this.addSub('ci:cucumber:test-suite:code-coverage', ({ coverageFiles, suiteFile }) => {
+    this.addSub('ci:cucumber:test-suite:code-coverage', ({ coverageFiles, suiteFile, testSuitePath }) => {
       if (!this.libraryConfig?.isCodeCoverageEnabled) {
         return
       }
       if (!coverageFiles.length) {
         this.telemetry.count(TELEMETRY_CODE_COVERAGE_EMPTY)
       }
+      const testSuiteSpan = this.testSuiteSpanByPath[testSuitePath]
 
       const relativeCoverageFiles = [...coverageFiles, suiteFile]
         .map(filename => getTestSuitePath(filename, this.repositoryRoot))
@@ -135,8 +168,8 @@ class CucumberPlugin extends CiPlugin {
       this.telemetry.distribution(TELEMETRY_CODE_COVERAGE_NUM_FILES, {}, relativeCoverageFiles.length)
 
       const formattedCoverage = {
-        sessionId: this.testSuiteSpan.context()._traceId,
-        suiteId: this.testSuiteSpan.context()._spanId,
+        sessionId: testSuiteSpan.context()._traceId,
+        suiteId: testSuiteSpan.context()._spanId,
         files: relativeCoverageFiles
       }
 
@@ -144,7 +177,7 @@ class CucumberPlugin extends CiPlugin {
       this.telemetry.ciVisEvent(TELEMETRY_CODE_COVERAGE_FINISHED, 'suite', { library: 'istanbul' })
     })
 
-    this.addSub('ci:cucumber:test:start', ({ testName, testFileAbsolutePath, testSourceLine }) => {
+    this.addSub('ci:cucumber:test:start', ({ testName, testFileAbsolutePath, testSourceLine, isParallel }) => {
       const store = storage.getStore()
       const testSuite = getTestSuitePath(testFileAbsolutePath, this.sourceRoot)
       const testSourceFile = getTestSuitePath(testFileAbsolutePath, this.repositoryRoot)
@@ -153,6 +186,10 @@ class CucumberPlugin extends CiPlugin {
         [TEST_SOURCE_START]: testSourceLine,
         [TEST_SOURCE_FILE]: testSourceFile
       }
+      if (isParallel) {
+        extraTags[CUCUMBER_IS_PARALLEL] = 'true'
+      }
+
       const testSpan = this.startTestSpan(testName, testSuite, extraTags)
 
       this.enter(testSpan, store)
@@ -172,6 +209,36 @@ class CucumberPlugin extends CiPlugin {
       this.enter(span, store)
     })
 
+    this.addSub('ci:cucumber:worker-report:trace', (traces) => {
+      const formattedTraces = JSON.parse(traces).map(trace =>
+        trace.map(span => ({
+          ...span,
+          span_id: id(span.span_id),
+          trace_id: id(span.trace_id),
+          parent_id: id(span.parent_id)
+        }))
+      )
+
+      // We have to update the test session, test module and test suite ids
+      // before we export them in the main process
+      formattedTraces.forEach(trace => {
+        trace.forEach(span => {
+          if (span.name === 'cucumber.test') {
+            const testSuite = span.meta[TEST_SUITE]
+            const testSuiteSpan = this.testSuiteSpanByPath[testSuite]
+
+            const testSuiteTags = getTestSuiteTags(testSuiteSpan)
+            span.meta = {
+              ...span.meta,
+              ...testSuiteTags
+            }
+          }
+        })
+
+        this.tracer._exporter.export(trace)
+      })
+    })
+
     this.addSub('ci:cucumber:test:finish', ({ isStep, status, skipReason, errorMessage, isNew, isEfdRetry }) => {
       const span = storage.getStore().span
       const statusTag = isStep ? 'step.status' : TEST_STATUS
@@ -201,6 +268,10 @@ class CucumberPlugin extends CiPlugin {
           { hasCodeOwners: !!span.context()._tags[TEST_CODE_OWNERS] }
         )
         finishAllTraceSpans(span)
+        // If it's a worker, flushing is cheap, as it's just sending data to the main process
+        if (isCucumberWorker) {
+          this.tracer._exporter.flush()
+        }
       }
     })
 
@@ -213,10 +284,11 @@ class CucumberPlugin extends CiPlugin {
   }
 
   startTestSpan (testName, testSuite, extraTags) {
+    const testSuiteSpan = this.testSuiteSpanByPath[testSuite]
     return super.startTestSpan(
       testName,
       testSuite,
-      this.testSuiteSpan,
+      testSuiteSpan,
       extraTags
     )
   }

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js

@@ -48,6 +48,7 @@ class HardcodedBaseAnalyzer extends Analyzer {
           file,
           line: match.location.line,
           column: match.location.column,
+          ident: match.location.ident,
           data: match.ruleId
         }))
     }

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-analyzer.js

@@ -9,6 +9,10 @@ class HardcodedPasswordAnalyzer extends HardcodedBaseAnalyzer {
   constructor () {
     super(HARDCODED_PASSWORD, allRules)
   }
+
+  _getEvidence (value) {
+    return { value: `${value.ident}` }
+  }
 }
 
 module.exports = new HardcodedPasswordAnalyzer()

package/packages/dd-trace/src/appsec/iast/taint-tracking/csi-methods.js

@@ -2,6 +2,7 @@
 
 const csiMethods = [
   { src: 'concat' },
+  { src: 'join' },
   { src: 'parse' },
   { src: 'plusOperator', operator: true },
   { src: 'random' },
@@ -9,6 +10,8 @@ const csiMethods = [
   { src: 'slice' },
   { src: 'substr' },
   { src: 'substring' },
+  { src: 'toLowerCase', dst: 'stringCase' },
+  { src: 'toUpperCase', dst: 'stringCase' },
   { src: 'trim' },
   { src: 'trimEnd' },
   { src: 'trimStart', dst: 'trim' }

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js

@@ -1,13 +1,20 @@
 'use strict'
 
+const dc = require('dc-polyfill')
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
 const iastTelemetry = require('../telemetry')
 const { REQUEST_TAINTED } = require('../telemetry/iast-metric')
 const { isInfoAllowed } = require('../telemetry/verbosity')
-const { getTaintTrackingImpl, getTaintTrackingNoop } = require('./taint-tracking-impl')
+const {
+  getTaintTrackingImpl,
+  getTaintTrackingNoop,
+  lodashTaintTrackingHandler
+} = require('./taint-tracking-impl')
 const { taintObject } = require('./operations-taint-object')
 
+const lodashOperationCh = dc.channel('datadog:lodash:operation')
+
 function createTransaction (id, iastContext) {
   if (id && iastContext) {
     iastContext[IAST_TRANSACTION_ID] = TaintedUtils.createTransaction(id)
@@ -92,10 +99,12 @@ function enableTaintOperations (telemetryVerbosity) {
   }
 
   global._ddiast = getTaintTrackingImpl(telemetryVerbosity)
+  lodashOperationCh.subscribe(lodashTaintTrackingHandler)
 }
 
 function disableTaintOperations () {
   global._ddiast = getTaintTrackingNoop()
+  lodashOperationCh.unsubscribe(lodashTaintTrackingHandler)
 }
 
 function setMaxTransactions (transactions) {

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js

@@ -18,6 +18,7 @@ function noop (res) { return res }
 // Otherwise you may end up rewriting a method and not providing its rewritten implementation
 const TaintTrackingNoop = {
   concat: noop,
+  join: noop,
   parse: noop,
   plusOperator: noop,
   random: noop,
@@ -25,6 +26,7 @@ const TaintTrackingNoop = {
   slice: noop,
   substr: noop,
   substring: noop,
+  stringCase: noop,
   trim: noop,
   trimEnd: noop
 }
@@ -113,6 +115,13 @@ function csiMethodsOverrides (getContext) {
       return res
     },
 
+    stringCase: getCsiFn(
+      (transactionId, res, target) => TaintedUtils.stringCase(transactionId, res, target),
+      getContext,
+      String.prototype.toLowerCase,
+      String.prototype.toUpperCase
+    ),
+
     trim: getCsiFn(
       (transactionId, res, target) => TaintedUtils.trim(transactionId, res, target),
       getContext,
@@ -147,6 +156,22 @@ function csiMethodsOverrides (getContext) {
         }
       }
 
+      return res
+    },
+
+    join: function (res, fn, target, separator) {
+      if (fn === Array.prototype.join) {
+        try {
+          const iastContext = getContext()
+          const transactionId = getTransactionId(iastContext)
+          if (transactionId) {
+            res = TaintedUtils.arrayJoin(transactionId, res, target, separator)
+          }
+        } catch (e) {
+          iastLog.error(e)
+        }
+      }
+
       return res
     }
   }
@@ -176,7 +201,36 @@ function getTaintTrackingNoop () {
   return getTaintTrackingImpl(null, true)
 }
 
+const lodashFns = {
+  join: TaintedUtils.arrayJoin,
+  toLower: TaintedUtils.stringCase,
+  toUpper: TaintedUtils.stringCase,
+  trim: TaintedUtils.trim,
+  trimEnd: TaintedUtils.trimEnd,
+  trimStart: TaintedUtils.trim
+
+}
+
+function getLodashTaintedUtilFn (lodashFn) {
+  return lodashFns[lodashFn] || ((transactionId, result) => result)
+}
+
+function lodashTaintTrackingHandler (message) {
+  try {
+    if (!message.result) return
+    const context = getContextDefault()
+    const transactionId = getTransactionId(context)
+    if (transactionId) {
+      message.result = getLodashTaintedUtilFn(message.operation)(transactionId, message.result, ...message.arguments)
+    }
+  } catch (e) {
+    iastLog.error(`Error invoking CSI lodash ${message.operation}`)
+      .errorAndPublish(e)
+  }
+}
+
 module.exports = {
   getTaintTrackingImpl,
-  getTaintTrackingNoop
+  getTaintTrackingNoop,
+  lodashTaintTrackingHandler
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/hardcoded-password-analyzer.js

@@ -0,0 +1,13 @@
+'use strict'
+
+module.exports = function extractSensitiveRanges (evidence, valuePattern) {
+  const { value } = evidence
+  if (valuePattern.test(value)) {
+    return [{
+      start: 0,
+      end: value.length
+    }]
+  }
+
+  return []
+}

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js

@@ -6,6 +6,7 @@ const vulnerabilities = require('../../vulnerabilities')
 const { contains, intersects, remove } = require('./range-utils')
 
 const commandSensitiveAnalyzer = require('./sensitive-analyzers/command-sensitive-analyzer')
+const hardcodedPasswordAnalyzer = require('./sensitive-analyzers/hardcoded-password-analyzer')
 const headerSensitiveAnalyzer = require('./sensitive-analyzers/header-sensitive-analyzer')
 const jsonSensitiveAnalyzer = require('./sensitive-analyzers/json-sensitive-analyzer')
 const ldapSensitiveAnalyzer = require('./sensitive-analyzers/ldap-sensitive-analyzer')
@@ -31,6 +32,9 @@ class SensitiveHandler {
     this._sensitiveAnalyzers.set(vulnerabilities.HEADER_INJECTION, (evidence) => {
       return headerSensitiveAnalyzer(evidence, this._namePattern, this._valuePattern)
     })
+    this._sensitiveAnalyzers.set(vulnerabilities.HARDCODED_PASSWORD, (evidence) => {
+      return hardcodedPasswordAnalyzer(evidence, this._valuePattern)
+    })
   }
 
   isSensibleName (name) {
@@ -51,7 +55,9 @@ class SensitiveHandler {
     const sensitiveAnalyzer = this._sensitiveAnalyzers.get(vulnerabilityType)
     if (sensitiveAnalyzer) {
       const sensitiveRanges = sensitiveAnalyzer(evidence)
-      return this.toRedactedJson(evidence, sensitiveRanges, sourcesIndexes, sources)
+      if (evidence.ranges || sensitiveRanges?.length) {
+        return this.toRedactedJson(evidence, sensitiveRanges, sourcesIndexes, sources)
+      }
     }
     return null
   }
@@ -67,7 +73,7 @@ class SensitiveHandler {
     let nextTaintedIndex = 0
     let sourceIndex
 
-    let nextTainted = ranges.shift()
+    let nextTainted = ranges?.shift()
     let nextSensitive = sensitive.shift()
 
     for (let i = 0; i < value.length; i++) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js

@@ -49,6 +49,10 @@ class VulnerabilityFormatter {
       evidence.ranges = ranges
     }
 
+    if (!evidence.ranges) {
+      return { value: evidence.value }
+    }
+
     evidence.ranges.forEach((range, rangeIndex) => {
       if (fromIndex < range.start) {
         valueParts.push({ value: evidence.value.substring(fromIndex, range.start) })
@@ -65,12 +69,8 @@ class VulnerabilityFormatter {
   }
 
   formatEvidence (type, evidence, sourcesIndexes, sources) {
-    if (!evidence.ranges && !evidence.rangesToApply) {
-      if (typeof evidence.value === 'undefined') {
-        return undefined
-      } else {
-        return { value: evidence.value }
-      }
+    if (typeof evidence.value === 'undefined') {
+      return undefined
     }
 
     return this._redactVulnearbilities

package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js

@@ -0,0 +1,56 @@
+'use strict'
+
+const Writer = require('./writer')
+const {
+  JEST_WORKER_COVERAGE_PAYLOAD_CODE,
+  JEST_WORKER_TRACE_PAYLOAD_CODE,
+  CUCUMBER_WORKER_TRACE_PAYLOAD_CODE
+} = require('../../../plugins/util/test')
+
+function getInterprocessTraceCode () {
+  if (process.env.JEST_WORKER_ID) {
+    return JEST_WORKER_TRACE_PAYLOAD_CODE
+  }
+  if (process.env.CUCUMBER_WORKER_ID) {
+    return CUCUMBER_WORKER_TRACE_PAYLOAD_CODE
+  }
+  return null
+}
+
+// TODO: make it available with cucumber
+function getInterprocessCoverageCode () {
+  if (process.env.JEST_WORKER_ID) {
+    return JEST_WORKER_COVERAGE_PAYLOAD_CODE
+  }
+  return null
+}
+
+/**
+ * Lightweight exporter whose writers only do simple JSON serialization
+ * of trace and coverage payloads, which they send to the test framework's main process.
+ * Currently used by Jest and Cucumber workers.
+ */
+class TestWorkerCiVisibilityExporter {
+  constructor () {
+    const interprocessTraceCode = getInterprocessTraceCode()
+    const interprocessCoverageCode = getInterprocessCoverageCode()
+
+    this._writer = new Writer(interprocessTraceCode)
+    this._coverageWriter = new Writer(interprocessCoverageCode)
+  }
+
+  export (payload) {
+    this._writer.append(payload)
+  }
+
+  exportCoverage (formattedCoverage) {
+    this._coverageWriter.append(formattedCoverage)
+  }
+
+  flush () {
+    this._writer.flush()
+    this._coverageWriter.flush()
+  }
+}
+
+module.exports = TestWorkerCiVisibilityExporter

package/packages/dd-trace/src/ci-visibility/exporters/{jest-worker → test-worker}/writer.js

@@ -23,11 +23,18 @@ class Writer {
   }
 
   _sendPayload (data) {
+    // ## Jest
     // Only available when `child_process` is used for the jest worker.
     // eslint-disable-next-line
     // https://github.com/facebook/jest/blob/bb39cb2c617a3334bf18daeca66bd87b7ccab28b/packages/jest-worker/README.md#experimental-worker
     // If worker_threads is used, this will not work
     // TODO: make it compatible with worker_threads
+
+    // ## Cucumber
+    // This reports to the test's main process the same way test data is reported by Cucumber
+    // See cucumber code:
+    // eslint-disable-next-line
+    // https://github.com/cucumber/cucumber-js/blob/5ce371870b677fe3d1a14915dc535688946f734c/src/runtime/parallel/run_worker.ts#L13
     if (process.send) { // it only works if process.send is available
       process.send([this._interprocessCode, data])
     }

package/packages/dd-trace/src/config.js

@@ -446,6 +446,7 @@ class Config {
     this._setValue(defaults, 'appsec.obfuscatorValueRegex', defaultWafObfuscatorValueRegex)
     this._setValue(defaults, 'appsec.rateLimit', 100)
     this._setValue(defaults, 'appsec.rules', undefined)
+    this._setValue(defaults, 'appsec.sca.enabled', null)
     this._setValue(defaults, 'appsec.wafTimeout', 5e3) // µs
     this._setValue(defaults, 'clientIpEnabled', false)
     this._setValue(defaults, 'clientIpHeader', null)
@@ -516,6 +517,7 @@ class Config {
     this._setValue(defaults, 'tracing', true)
     this._setValue(defaults, 'url', undefined)
     this._setValue(defaults, 'version', pkg.version)
+    this._setValue(defaults, 'instrumentation_config_id', undefined)
   }
 
   _applyEnvironment () {
@@ -528,6 +530,7 @@ class Config {
       DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP,
       DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP,
       DD_APPSEC_RULES,
+      DD_APPSEC_SCA_ENABLED,
       DD_APPSEC_TRACE_RATE_LIMIT,
       DD_APPSEC_WAF_TIMEOUT,
       DD_DATA_STREAMS_ENABLED,
@@ -547,6 +550,7 @@ class Config {
       DD_IAST_REQUEST_SAMPLING,
       DD_IAST_TELEMETRY_VERBOSITY,
       DD_INSTRUMENTATION_TELEMETRY_ENABLED,
+      DD_INSTRUMENTATION_CONFIG_ID,
       DD_LOGS_INJECTION,
       DD_OPENAI_LOGS_ENABLED,
       DD_OPENAI_SPAN_CHAR_LIMIT,
@@ -615,6 +619,8 @@ class Config {
     this._setString(env, 'appsec.obfuscatorValueRegex', DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP)
     this._setValue(env, 'appsec.rateLimit', maybeInt(DD_APPSEC_TRACE_RATE_LIMIT))
     this._setString(env, 'appsec.rules', DD_APPSEC_RULES)
+    // DD_APPSEC_SCA_ENABLED is never used locally, but only sent to the backend
+    this._setBoolean(env, 'appsec.sca.enabled', DD_APPSEC_SCA_ENABLED)
     this._setValue(env, 'appsec.wafTimeout', maybeInt(DD_APPSEC_WAF_TIMEOUT))
     this._setBoolean(env, 'clientIpEnabled', DD_TRACE_CLIENT_IP_ENABLED)
     this._setString(env, 'clientIpHeader', DD_TRACE_CLIENT_IP_HEADER)
@@ -695,6 +701,7 @@ class Config {
       DD_INSTRUMENTATION_TELEMETRY_ENABLED, // to comply with instrumentation telemetry specs
       !(this._isInServerlessEnvironment() || JEST_WORKER_ID)
     ))
+    this._setString(env, 'instrumentation_config_id', DD_INSTRUMENTATION_CONFIG_ID)
     this._setBoolean(env, 'telemetry.debug', DD_TELEMETRY_DEBUG)
     this._setBoolean(env, 'telemetry.dependencyCollection', DD_TELEMETRY_DEPENDENCY_COLLECTION_ENABLED)
     this._setValue(env, 'telemetry.heartbeatInterval', maybeInt(Math.floor(DD_TELEMETRY_HEARTBEAT_INTERVAL * 1000)))

package/packages/dd-trace/src/exporter.js

@@ -18,7 +18,8 @@ module.exports = name => {
     case exporters.AGENT_PROXY:
       return require('./ci-visibility/exporters/agent-proxy')
     case exporters.JEST_WORKER:
-      return require('./ci-visibility/exporters/jest-worker')
+    case exporters.CUCUMBER_WORKER:
+      return require('./ci-visibility/exporters/test-worker')
     default:
       return inAWSLambda && !usingLambdaExtension ? require('./exporters/log') : require('./exporters/agent')
   }