dd-trace 4.38.1 → 4.40.0

package/packages/datadog-plugin-openai/src/index.js

@@ -15,6 +15,14 @@ const RE_TAB = /\t/g
 // TODO: In the future we should refactor config.js to make it requirable
 let MAX_TEXT_LEN = 128
 
+let encodingForModel
+try {
+  // eslint-disable-next-line import/no-extraneous-dependencies
+  encodingForModel = require('tiktoken').encoding_for_model
+} catch {
+  // we will use token count estimations in this case
+}
+
 class OpenApiPlugin extends TracingPlugin {
   static get id () { return 'openai' }
   static get operation () { return 'request' }
@@ -112,6 +120,10 @@ class OpenApiPlugin extends TracingPlugin {
       }
     }
 
+    if (payload.stream) {
+      tags['openai.request.stream'] = payload.stream
+    }
+
     switch (methodName) {
       case 'createFineTune':
       case 'fine_tuning.jobs.create':
@@ -175,12 +187,21 @@ class OpenApiPlugin extends TracingPlugin {
     span.addTags(tags)
   }
 
-  finish ({ headers, body, method, path }) {
-    if (headers.constructor.name === 'Headers') {
-      headers = Object.fromEntries(headers)
+  finish (response) {
+    const span = this.activeSpan
+    const error = !!span.context()._tags.error
+
+    let headers, body, method, path
+    if (!error) {
+      headers = response.headers
+      body = response.body
+      method = response.method
+      path = response.path
     }
 
-    const span = this.activeSpan
+    if (!error && headers?.constructor.name === 'Headers') {
+      headers = Object.fromEntries(headers)
+    }
     const methodName = span._spanContext._tags['resource.name']
 
     body = coerceResponseBody(body, methodName)
@@ -188,88 +209,98 @@ class OpenApiPlugin extends TracingPlugin {
     const fullStore = storage.getStore()
     const store = fullStore.openai
 
-    if (path.startsWith('https://') || path.startsWith('http://')) {
+    if (!error && (path.startsWith('https://') || path.startsWith('http://'))) {
       // basic checking for if the path was set as a full URL
       // not using a full regex as it will likely be "https://api.openai.com/..."
       path = new URL(path).pathname
     }
     const endpoint = lookupOperationEndpoint(methodName, path)
 
-    const tags = {
-      'openai.request.endpoint': endpoint,
-      'openai.request.method': method.toUpperCase(),
+    const tags = error
+      ? {}
+      : {
+          'openai.request.endpoint': endpoint,
+          'openai.request.method': method.toUpperCase(),
 
-      'openai.organization.id': body.organization_id, // only available in fine-tunes endpoints
-      'openai.organization.name': headers['openai-organization'],
+          'openai.organization.id': body.organization_id, // only available in fine-tunes endpoints
+          'openai.organization.name': headers['openai-organization'],
 
-      'openai.response.model': headers['openai-model'] || body.model, // specific model, often undefined
-      'openai.response.id': body.id, // common creation value, numeric epoch
-      'openai.response.deleted': body.deleted, // common boolean field in delete responses
+          'openai.response.model': headers['openai-model'] || body.model, // specific model, often undefined
+          'openai.response.id': body.id, // common creation value, numeric epoch
+          'openai.response.deleted': body.deleted, // common boolean field in delete responses
 
-      // The OpenAI API appears to use both created and created_at in different places
-      // Here we're conciously choosing to surface this inconsistency instead of normalizing
-      'openai.response.created': body.created,
-      'openai.response.created_at': body.created_at
-    }
+          // The OpenAI API appears to use both created and created_at in different places
+          // Here we're conciously choosing to surface this inconsistency instead of normalizing
+          'openai.response.created': body.created,
+          'openai.response.created_at': body.created_at
+        }
 
     responseDataExtractionByMethod(methodName, tags, body, store)
     span.addTags(tags)
 
     super.finish()
-    this.sendLog(methodName, span, tags, store, false)
-    this.sendMetrics(headers, body, endpoint, span._duration)
+    this.sendLog(methodName, span, tags, store, error)
+    this.sendMetrics(headers, body, endpoint, span._duration, error, tags)
   }
 
-  error (...args) {
-    super.error(...args)
-
-    const span = this.activeSpan
-    const methodName = span._spanContext._tags['resource.name']
-
-    const fullStore = storage.getStore()
-    const store = fullStore.openai
-
-    // We don't know most information about the request when it fails
+  sendMetrics (headers, body, endpoint, duration, error, spanTags) {
+    const tags = [`error:${Number(!!error)}`]
+    if (error) {
+      this.metrics.increment('openai.request.error', 1, tags)
+    } else {
+      tags.push(`org:${headers['openai-organization']}`)
+      tags.push(`endpoint:${endpoint}`) // just "/v1/models", no method
+      tags.push(`model:${headers['openai-model'] || body.model}`)
+    }
 
-    const tags = ['error:1']
-    this.metrics.distribution('openai.request.duration', span._duration * 1000, tags)
-    this.metrics.increment('openai.request.error', 1, tags)
+    this.metrics.distribution('openai.request.duration', duration * 1000, tags)
 
-    this.sendLog(methodName, span, {}, store, true)
-  }
+    const promptTokens = spanTags['openai.response.usage.prompt_tokens']
+    const promptTokensEstimated = spanTags['openai.response.usage.prompt_tokens_estimated']
 
-  sendMetrics (headers, body, endpoint, duration) {
-    const tags = [
-      `org:${headers['openai-organization']}`,
-      `endpoint:${endpoint}`, // just "/v1/models", no method
-      `model:${headers['openai-model']}`,
-      'error:0'
-    ]
+    const completionTokens = spanTags['openai.response.usage.completion_tokens']
+    const completionTokensEstimated = spanTags['openai.response.usage.completion_tokens_estimated']
 
-    this.metrics.distribution('openai.request.duration', duration * 1000, tags)
+    if (!error) {
+      if (promptTokensEstimated) {
+        this.metrics.distribution(
+          'openai.tokens.prompt', promptTokens, [...tags, 'openai.estimated:true'])
+      } else {
+        this.metrics.distribution('openai.tokens.prompt', promptTokens, tags)
+      }
+      if (completionTokensEstimated) {
+        this.metrics.distribution(
+          'openai.tokens.completion', completionTokens, [...tags, 'openai.estimated:true'])
+      } else {
+        this.metrics.distribution('openai.tokens.completion', completionTokens, tags)
+      }
 
-    if (body && body.usage) {
-      const promptTokens = body.usage.prompt_tokens
-      const completionTokens = body.usage.completion_tokens
-      this.metrics.distribution('openai.tokens.prompt', promptTokens, tags)
-      this.metrics.distribution('openai.tokens.completion', completionTokens, tags)
-      this.metrics.distribution('openai.tokens.total', promptTokens + completionTokens, tags)
+      if (promptTokensEstimated || completionTokensEstimated) {
+        this.metrics.distribution(
+          'openai.tokens.total', promptTokens + completionTokens, [...tags, 'openai.estimated:true'])
+      } else {
+        this.metrics.distribution('openai.tokens.total', promptTokens + completionTokens, tags)
+      }
     }
 
-    if (headers['x-ratelimit-limit-requests']) {
-      this.metrics.gauge('openai.ratelimit.requests', Number(headers['x-ratelimit-limit-requests']), tags)
-    }
+    if (headers) {
+      if (headers['x-ratelimit-limit-requests']) {
+        this.metrics.gauge('openai.ratelimit.requests', Number(headers['x-ratelimit-limit-requests']), tags)
+      }
 
-    if (headers['x-ratelimit-remaining-requests']) {
-      this.metrics.gauge('openai.ratelimit.remaining.requests', Number(headers['x-ratelimit-remaining-requests']), tags)
-    }
+      if (headers['x-ratelimit-remaining-requests']) {
+        this.metrics.gauge(
+          'openai.ratelimit.remaining.requests', Number(headers['x-ratelimit-remaining-requests']), tags
+        )
+      }
 
-    if (headers['x-ratelimit-limit-tokens']) {
-      this.metrics.gauge('openai.ratelimit.tokens', Number(headers['x-ratelimit-limit-tokens']), tags)
-    }
+      if (headers['x-ratelimit-limit-tokens']) {
+        this.metrics.gauge('openai.ratelimit.tokens', Number(headers['x-ratelimit-limit-tokens']), tags)
+      }
 
-    if (headers['x-ratelimit-remaining-tokens']) {
-      this.metrics.gauge('openai.ratelimit.remaining.tokens', Number(headers['x-ratelimit-remaining-tokens']), tags)
+      if (headers['x-ratelimit-remaining-tokens']) {
+        this.metrics.gauge('openai.ratelimit.remaining.tokens', Number(headers['x-ratelimit-remaining-tokens']), tags)
+      }
     }
   }
 
@@ -287,6 +318,89 @@ class OpenApiPlugin extends TracingPlugin {
   }
 }
 
+function countPromptTokens (methodName, payload, model) {
+  let promptTokens = 0
+  let promptEstimated = false
+  if (methodName === 'chat.completions.create') {
+    const messages = payload.messages
+    for (const message of messages) {
+      const content = message.content
+      const { tokens, estimated } = countTokens(content, model)
+      promptTokens += tokens
+      promptEstimated = estimated
+    }
+  } else if (methodName === 'completions.create') {
+    let prompt = payload.prompt
+    if (!Array.isArray(prompt)) prompt = [prompt]
+
+    for (const p of prompt) {
+      const { tokens, estimated } = countTokens(p, model)
+      promptTokens += tokens
+      promptEstimated = estimated
+    }
+  }
+
+  return { promptTokens, promptEstimated }
+}
+
+function countCompletionTokens (body, model) {
+  let completionTokens = 0
+  let completionEstimated = false
+  if (body?.choices) {
+    for (const choice of body.choices) {
+      const message = choice.message || choice.delta // delta for streamed responses
+      const text = choice.text
+      const content = text || message?.content
+
+      const { tokens, estimated } = countTokens(content, model)
+      completionTokens += tokens
+      completionEstimated = estimated
+    }
+  }
+
+  return { completionTokens, completionEstimated }
+}
+
+function countTokens (content, model) {
+  if (encodingForModel) {
+    try {
+      // try using tiktoken if it was available
+      const encoder = encodingForModel(model)
+      const tokens = encoder.encode(content).length
+      encoder.free()
+      return { tokens, estimated: false }
+    } catch {
+      // possible errors from tiktoken:
+      // * model not available for token counts
+      // * issue encoding content
+    }
+  }
+
+  return {
+    tokens: estimateTokens(content),
+    estimated: true
+  }
+}
+
+// If model is unavailable or tiktoken is not imported, then provide a very rough estimate of the number of tokens
+// Approximate using the following assumptions:
+//    * English text
+//    * 1 token ~= 4 chars
+//    * 1 token ~= ¾ words
+function estimateTokens (content) {
+  let estimatedTokens = 0
+  if (typeof content === 'string') {
+    const estimation1 = content.length / 4
+
+    const matches = content.match(/[\w']+|[.,!?;~@#$%^&*()+/-]/g)
+    const estimation2 = matches ? matches.length * 0.75 : 0 // in the case of an empty string
+    estimatedTokens = Math.round((1.5 * estimation1 + 0.5 * estimation2) / 2)
+  } else if (Array.isArray(content) && typeof content[0] === 'number') {
+    estimatedTokens = content.length
+  }
+  return estimatedTokens
+}
+
 function createEditRequestExtraction (tags, payload, store) {
   const instruction = payload.instruction
   tags['openai.request.instruction'] = instruction
@@ -298,7 +412,8 @@ function retrieveModelRequestExtraction (tags, payload) {
 }
 
 function createChatCompletionRequestExtraction (tags, payload, store) {
-  if (!defensiveArrayLength(payload.messages)) return
+  const messages = payload.messages
+  if (!defensiveArrayLength(messages)) return
 
   store.messages = payload.messages
   for (let i = 0; i < payload.messages.length; i++) {
@@ -344,7 +459,7 @@ function responseDataExtractionByMethod (methodName, tags, body, store) {
     case 'chat.completions.create':
     case 'createEdit':
     case 'edits.create':
-      commonCreateResponseExtraction(tags, body, store)
+      commonCreateResponseExtraction(tags, body, store, methodName)
       break
 
     case 'listFiles':
@@ -580,8 +695,8 @@ function createModerationResponseExtraction (tags, body) {
 }
 
 // createCompletion, createChatCompletion, createEdit
-function commonCreateResponseExtraction (tags, body, store) {
-  usageExtraction(tags, body)
+function commonCreateResponseExtraction (tags, body, store, methodName) {
+  usageExtraction(tags, body, methodName)
 
   if (!body.choices) return
 
@@ -600,18 +715,20 @@ function commonCreateResponseExtraction (tags, body, store) {
     tags[`openai.response.choices.${choiceIdx}.text`] = truncateText(choice.text)
 
     // createChatCompletion only
-    if (choice.message) {
-      const message = choice.message
+    const message = choice.message || choice.delta // delta for streamed responses
+    if (message) {
       tags[`openai.response.choices.${choiceIdx}.message.role`] = message.role
       tags[`openai.response.choices.${choiceIdx}.message.content`] = truncateText(message.content)
       tags[`openai.response.choices.${choiceIdx}.message.name`] = truncateText(message.name)
       if (message.tool_calls) {
         const toolCalls = message.tool_calls
         for (let toolIdx = 0; toolIdx < toolCalls.length; toolIdx++) {
-          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.name`] =
+          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.function.name`] =
             toolCalls[toolIdx].function.name
-          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.arguments`] =
+          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.function.arguments`] =
             toolCalls[toolIdx].function.arguments
+          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.id`] =
+            toolCalls[toolIdx].id
         }
       }
     }
@@ -619,11 +736,40 @@ function commonCreateResponseExtraction (tags, body, store) {
 }
 
 // createCompletion, createChatCompletion, createEdit, createEmbedding
-function usageExtraction (tags, body) {
-  if (typeof body.usage !== 'object' || !body.usage) return
-  tags['openai.response.usage.prompt_tokens'] = body.usage.prompt_tokens
-  tags['openai.response.usage.completion_tokens'] = body.usage.completion_tokens
-  tags['openai.response.usage.total_tokens'] = body.usage.total_tokens
+function usageExtraction (tags, body, methodName) {
+  let promptTokens = 0
+  let completionTokens = 0
+  let totalTokens = 0
+  if (body && body.usage) {
+    promptTokens = body.usage.prompt_tokens
+    completionTokens = body.usage.completion_tokens
+    totalTokens = body.usage.total_tokens
+  } else if (['chat.completions.create', 'completions.create'].includes(methodName)) {
+    // estimate tokens based on method name for completions and chat completions
+    const { model } = body
+    let promptEstimated = false
+    let completionEstimated = false
+
+    // prompt tokens
+    const payload = storage.getStore().openai
+    const promptTokensCount = countPromptTokens(methodName, payload, model)
+    promptTokens = promptTokensCount.promptTokens
+    promptEstimated = promptTokensCount.promptEstimated
+
+    // completion tokens
+    const completionTokensCount = countCompletionTokens(body, model)
+    completionTokens = completionTokensCount.completionTokens
+    completionEstimated = completionTokensCount.completionEstimated
+
+    // total tokens
+    totalTokens = promptTokens + completionTokens
+    if (promptEstimated) tags['openai.response.usage.prompt_tokens_estimated'] = true
+    if (completionEstimated) tags['openai.response.usage.completion_tokens_estimated'] = true
+  }
+
+  if (promptTokens) tags['openai.response.usage.prompt_tokens'] = promptTokens
+  if (completionTokens) tags['openai.response.usage.completion_tokens'] = completionTokens
+  if (totalTokens) tags['openai.response.usage.total_tokens'] = totalTokens
 }
 
 function truncateApiKey (apiKey) {

package/packages/dd-trace/src/appsec/addresses.js

@@ -15,10 +15,12 @@ module.exports = {
   HTTP_INCOMING_GRAPHQL_RESOLVERS: 'graphql.server.all_resolvers',
   HTTP_INCOMING_GRAPHQL_RESOLVER: 'graphql.server.resolver',
 
-  HTTP_OUTGOING_BODY: 'server.response.body',
+  HTTP_INCOMING_RESPONSE_BODY: 'server.response.body',
 
   HTTP_CLIENT_IP: 'http.client_ip',
 
   USER_ID: 'usr.id',
-  WAF_CONTEXT_PROCESSOR: 'waf.context.processor'
+  WAF_CONTEXT_PROCESSOR: 'waf.context.processor',
+
+  HTTP_OUTGOING_URL: 'server.io.net.url'
 }

package/packages/dd-trace/src/appsec/blocking.js

@@ -8,7 +8,6 @@ const detectedSpecificEndpoints = {}
 let templateHtml = blockedTemplates.html
 let templateJson = blockedTemplates.json
 let templateGraphqlJson = blockedTemplates.graphqlJson
-let blockingConfiguration
 
 const specificBlockingTypes = {
   GRAPHQL: 'graphql'
@@ -22,13 +21,13 @@ function addSpecificEndpoint (method, url, type) {
   detectedSpecificEndpoints[getSpecificKey(method, url)] = type
 }
 
-function getBlockWithRedirectData (rootSpan) {
-  let statusCode = blockingConfiguration.parameters.status_code
+function getBlockWithRedirectData (rootSpan, actionParameters) {
+  let statusCode = actionParameters.status_code
   if (!statusCode || statusCode < 300 || statusCode >= 400) {
     statusCode = 303
   }
   const headers = {
-    Location: blockingConfiguration.parameters.location
+    Location: actionParameters.location
   }
 
   rootSpan.addTags({
@@ -48,10 +47,9 @@ function getSpecificBlockingData (type) {
   }
 }
 
-function getBlockWithContentData (req, specificType, rootSpan) {
+function getBlockWithContentData (req, specificType, rootSpan, actionParameters) {
   let type
   let body
-  let statusCode
 
   const specificBlockingType = specificType || detectedSpecificEndpoints[getSpecificKey(req.method, req.url)]
   if (specificBlockingType) {
@@ -64,7 +62,7 @@ function getBlockWithContentData (req, specificType, rootSpan) {
     // parse the Accept header, ex: Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
     const accept = req.headers.accept?.split(',').map((str) => str.split(';', 1)[0].trim())
 
-    if (!blockingConfiguration || blockingConfiguration.parameters.type === 'auto') {
+    if (!actionParameters || actionParameters.type === 'auto') {
       if (accept?.includes('text/html') && !accept.includes('application/json')) {
         type = 'text/html; charset=utf-8'
         body = templateHtml
@@ -73,7 +71,7 @@ function getBlockWithContentData (req, specificType, rootSpan) {
         body = templateJson
       }
     } else {
-      if (blockingConfiguration.parameters.type === 'html') {
+      if (actionParameters.type === 'html') {
         type = 'text/html; charset=utf-8'
         body = templateHtml
       } else {
@@ -83,11 +81,7 @@ function getBlockWithContentData (req, specificType, rootSpan) {
     }
   }
 
-  if (blockingConfiguration?.type === 'block_request' && blockingConfiguration.parameters.status_code) {
-    statusCode = blockingConfiguration.parameters.status_code
-  } else {
-    statusCode = 403
-  }
+  const statusCode = actionParameters?.status_code || 403
 
   const headers = {
     'Content-Type': type,
@@ -101,27 +95,31 @@ function getBlockWithContentData (req, specificType, rootSpan) {
   return { body, statusCode, headers }
 }
 
-function getBlockingData (req, specificType, rootSpan) {
-  if (blockingConfiguration?.type === 'redirect_request' && blockingConfiguration.parameters.location) {
-    return getBlockWithRedirectData(rootSpan)
+function getBlockingData (req, specificType, rootSpan, actionParameters) {
+  if (actionParameters?.location) {
+    return getBlockWithRedirectData(rootSpan, actionParameters)
   } else {
-    return getBlockWithContentData(req, specificType, rootSpan)
+    return getBlockWithContentData(req, specificType, rootSpan, actionParameters)
   }
 }
 
-function block (req, res, rootSpan, abortController, type) {
+function block (req, res, rootSpan, abortController, actionParameters) {
   if (res.headersSent) {
     log.warn('Cannot send blocking response when headers have already been sent')
     return
   }
 
-  const { body, headers, statusCode } = getBlockingData(req, type, rootSpan)
+  const { body, headers, statusCode } = getBlockingData(req, null, rootSpan, actionParameters)
 
   res.writeHead(statusCode, headers).end(body)
 
   abortController?.abort()
 }
 
+function getBlockingAction (actions) {
+  return actions?.block_request || actions?.redirect_request
+}
+
 function setTemplates (config) {
   if (config.appsec.blockedTemplateHtml) {
     templateHtml = config.appsec.blockedTemplateHtml
@@ -142,15 +140,11 @@ function setTemplates (config) {
   }
 }
 
-function updateBlockingConfiguration (newBlockingConfiguration) {
-  blockingConfiguration = newBlockingConfiguration
-}
-
 module.exports = {
   addSpecificEndpoint,
   block,
   specificBlockingTypes,
   getBlockingData,
-  setTemplates,
-  updateBlockingConfiguration
+  getBlockingAction,
+  setTemplates
 }

package/packages/dd-trace/src/appsec/channels.js

@@ -17,5 +17,6 @@ module.exports = {
   setCookieChannel: dc.channel('datadog:iast:set-cookie'),
   nextBodyParsed: dc.channel('apm:next:body-parsed'),
   nextQueryParsed: dc.channel('apm:next:query-parsed'),
-  responseBody: dc.channel('datadog:express:response:json:start')
+  responseBody: dc.channel('datadog:express:response:json:start'),
+  httpClientRequestStart: dc.channel('apm:http:client:request:start')
 }

package/packages/dd-trace/src/appsec/graphql.js

@@ -1,7 +1,12 @@
 'use strict'
 
 const { storage } = require('../../../datadog-core')
-const { addSpecificEndpoint, specificBlockingTypes, getBlockingData } = require('./blocking')
+const {
+  addSpecificEndpoint,
+  specificBlockingTypes,
+  getBlockingData,
+  getBlockingAction
+} = require('./blocking')
 const waf = require('./waf')
 const addresses = require('./addresses')
 const web = require('../plugins/util/web')
@@ -32,10 +37,12 @@ function onGraphqlStartResolve ({ context, resolverInfo }) {
   if (!resolverInfo || typeof resolverInfo !== 'object') return
 
   const actions = waf.run({ ephemeral: { [addresses.HTTP_INCOMING_GRAPHQL_RESOLVER]: resolverInfo } }, req)
-  if (actions?.includes('block')) {
+  const blockingAction = getBlockingAction(actions)
+  if (blockingAction) {
     const requestData = graphqlRequestData.get(req)
     if (requestData?.isInGraphqlRequest) {
       requestData.blocked = true
+      requestData.wafAction = blockingAction
       context?.abortController?.abort()
     }
   }
@@ -87,7 +94,7 @@ function beforeWriteApolloGraphqlResponse ({ abortController, abortData }) {
     const rootSpan = web.root(req)
     if (!rootSpan) return
 
-    const blockingData = getBlockingData(req, specificBlockingTypes.GRAPHQL, rootSpan)
+    const blockingData = getBlockingData(req, specificBlockingTypes.GRAPHQL, rootSpan, requestData.wafAction)
     abortData.statusCode = blockingData.statusCode
     abortData.headers = blockingData.headers
     abortData.message = blockingData.body

package/packages/dd-trace/src/appsec/index.js

@@ -22,10 +22,11 @@ const apiSecuritySampler = require('./api_security_sampler')
 const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
-const { block, setTemplates } = require('./blocking')
+const { block, setTemplates, getBlockingAction } = require('./blocking')
 const { passportTrackEvent } = require('./passport')
 const { storage } = require('../../../datadog-core')
 const graphql = require('./graphql')
+const rasp = require('./rasp')
 
 let isEnabled = false
 let config
@@ -37,6 +38,10 @@ function enable (_config) {
     appsecTelemetry.enable(_config.telemetry)
     graphql.enable()
 
+    if (_config.appsec.rasp.enabled) {
+      rasp.enable()
+    }
+
     setTemplates(_config)
 
     RuleManager.loadRules(_config.appsec)
@@ -203,7 +208,7 @@ function onResponseBody ({ req, body }) {
   // we don't support blocking at this point, so no results needed
   waf.run({
     persistent: {
-      [addresses.HTTP_OUTGOING_BODY]: body
+      [addresses.HTTP_INCOMING_RESPONSE_BODY]: body
     }
   }, req)
 }
@@ -223,8 +228,9 @@ function onPassportVerify ({ credentials, user }) {
 function handleResults (actions, req, res, rootSpan, abortController) {
   if (!actions || !req || !res || !rootSpan || !abortController) return
 
-  if (actions.includes('block')) {
-    block(req, res, rootSpan, abortController)
+  const blockingAction = getBlockingAction(actions)
+  if (blockingAction) {
+    block(req, res, rootSpan, abortController, blockingAction)
   }
 }
 
@@ -236,6 +242,7 @@ function disable () {
 
   appsecTelemetry.disable()
   graphql.disable()
+  rasp.disable()
 
   remoteConfig.disableWafUpdate()
 

package/packages/dd-trace/src/appsec/rasp.js

@@ -0,0 +1,35 @@
+'use strict'
+
+const { storage } = require('../../../datadog-core')
+const addresses = require('./addresses')
+const { httpClientRequestStart } = require('./channels')
+const waf = require('./waf')
+
+function enable () {
+  httpClientRequestStart.subscribe(analyzeSsrf)
+}
+
+function disable () {
+  if (httpClientRequestStart.hasSubscribers) httpClientRequestStart.unsubscribe(analyzeSsrf)
+}
+
+function analyzeSsrf (ctx) {
+  const store = storage.getStore()
+  const req = store?.req
+  const url = ctx.args.uri
+
+  if (!req || !url) return
+
+  const persistent = {
+    [addresses.HTTP_OUTGOING_URL]: url
+  }
+  // TODO: Currently this is only monitoring, we should
+  //     block the request if SSRF attempt and
+  //     generate stack traces
+  waf.run({ persistent }, req)
+}
+
+module.exports = {
+  enable,
+  disable
+}