dd-trace 4.40.0 → 4.42.0

package/packages/dd-trace/src/appsec/telemetry.js

@@ -31,7 +31,10 @@ function newStore () {
   return {
     [DD_TELEMETRY_REQUEST_METRICS]: {
       duration: 0,
-      durationExt: 0
+      durationExt: 0,
+      raspDuration: 0,
+      raspDurationExt: 0,
+      raspEvalCount: 0
     }
   }
 }
@@ -76,6 +79,28 @@ function getOrCreateMetricTags (store, versionsTags) {
   return metricTags
 }
 
+function updateRaspRequestsMetricTags (metrics, req, raspRuleType) {
+  if (!req) return
+
+  const store = getStore(req)
+
+  // it does not depend on whether telemetry is enabled or not
+  addRaspRequestMetrics(store, metrics)
+
+  if (!enabled) return
+
+  const tags = { rule_type: raspRuleType, waf_version: metrics.wafVersion }
+  appsecMetrics.count('appsec.rasp.rule.eval', tags).inc(1)
+
+  if (metrics.wafTimeout) {
+    appsecMetrics.count('appsec.rasp.timeout', tags).inc(1)
+  }
+
+  if (metrics.ruleTriggered) {
+    appsecMetrics.count('appsec.rasp.rule.match', tags).inc(1)
+  }
+}
+
 function updateWafRequestsMetricTags (metrics, req) {
   if (!req) return
 
@@ -141,6 +166,12 @@ function addRequestMetrics (store, { duration, durationExt }) {
   store[DD_TELEMETRY_REQUEST_METRICS].durationExt += durationExt || 0
 }
 
+function addRaspRequestMetrics (store, { duration, durationExt }) {
+  store[DD_TELEMETRY_REQUEST_METRICS].raspDuration += duration || 0
+  store[DD_TELEMETRY_REQUEST_METRICS].raspDurationExt += durationExt || 0
+  store[DD_TELEMETRY_REQUEST_METRICS].raspEvalCount++
+}
+
 function getRequestMetrics (req) {
   if (req) {
     const store = getStore(req)
@@ -153,6 +184,7 @@ module.exports = {
   disable,
 
   updateWafRequestsMetricTags,
+  updateRaspRequestsMetricTags,
   incrementWafInitMetric,
   incrementWafUpdatesMetric,
   incrementWafRequestsMetric,

package/packages/dd-trace/src/appsec/waf/index.js

@@ -46,7 +46,7 @@ function update (newRules) {
   }
 }
 
-function run (data, req) {
+function run (data, req, raspRuleType) {
   if (!req) {
     const store = storage.getStore()
     if (!store || !store.req) {
@@ -59,7 +59,7 @@ function run (data, req) {
 
   const wafContext = waf.wafManager.getWAFContext(req)
 
-  return wafContext.run(data)
+  return wafContext.run(data, raspRuleType)
 }
 
 function disposeContext (req) {

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -19,7 +19,7 @@ class WAFContextWrapper {
     this.addressesToSkip = new Set()
   }
 
-  run ({ persistent, ephemeral }) {
+  run ({ persistent, ephemeral }, raspRuleType) {
     const payload = {}
     let payloadHasData = false
     const inputs = {}
@@ -72,7 +72,7 @@ class WAFContextWrapper {
         blockTriggered,
         wafVersion: this.wafVersion,
         wafTimeout: result.timeout
-      })
+      }, raspRuleType)
 
       if (ruleTriggered) {
         Reporter.reportAttack(JSON.stringify(result.events))

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js

@@ -190,7 +190,8 @@ class CiVisibilityExporter extends AgentInfoExporter {
       requireGit,
       isEarlyFlakeDetectionEnabled,
       earlyFlakeDetectionNumRetries,
-      earlyFlakeDetectionFaultyThreshold
+      earlyFlakeDetectionFaultyThreshold,
+      isFlakyTestRetriesEnabled
     } = remoteConfiguration
     return {
       isCodeCoverageEnabled,
@@ -199,7 +200,8 @@ class CiVisibilityExporter extends AgentInfoExporter {
       requireGit,
       isEarlyFlakeDetectionEnabled: isEarlyFlakeDetectionEnabled && this._config.isEarlyFlakeDetectionEnabled,
       earlyFlakeDetectionNumRetries,
-      earlyFlakeDetectionFaultyThreshold
+      earlyFlakeDetectionFaultyThreshold,
+      isFlakyTestRetriesEnabled
     }
   }
 

package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js

@@ -93,7 +93,8 @@ function getLibraryConfiguration ({
               tests_skipping: isSuitesSkippingEnabled,
               itr_enabled: isItrEnabled,
               require_git: requireGit,
-              early_flake_detection: earlyFlakeDetectionConfig
+              early_flake_detection: earlyFlakeDetectionConfig,
+              flaky_test_retries_enabled: isFlakyTestRetriesEnabled
             }
           }
         } = JSON.parse(res)
@@ -107,7 +108,8 @@ function getLibraryConfiguration ({
           earlyFlakeDetectionNumRetries:
             earlyFlakeDetectionConfig?.slow_test_retries?.['5s'] || DEFAULT_EARLY_FLAKE_DETECTION_NUM_RETRIES,
           earlyFlakeDetectionFaultyThreshold:
-            earlyFlakeDetectionConfig?.faulty_session_threshold ?? DEFAULT_EARLY_FLAKE_DETECTION_ERROR_THRESHOLD
+            earlyFlakeDetectionConfig?.faulty_session_threshold ?? DEFAULT_EARLY_FLAKE_DETECTION_ERROR_THRESHOLD,
+          isFlakyTestRetriesEnabled
         }
 
         log.debug(() => `Remote settings: ${JSON.stringify(settings)}`)

package/packages/dd-trace/src/config.js

@@ -26,50 +26,104 @@ const telemetryCounters = {
   'otel.env.invalid': {}
 }
 
-function getCounter (event, ddVar, otelVar, otelTracesSamplerArg) {
+function getCounter (event, ddVar, otelVar) {
   const counters = telemetryCounters[event]
   const tags = []
+  const ddVarPrefix = 'config.datadog:'
+  const otelVarPrefix = 'config.opentelemetry:'
+  if (ddVar) {
+    ddVar = ddVarPrefix + ddVar
+    tags.push(ddVar)
+  }
+  if (otelVar) {
+    otelVar = otelVarPrefix + otelVar
+    tags.push(otelVar)
+  }
 
-  if (ddVar) tags.push(ddVar)
-  if (otelVar) tags.push(otelVar)
-  if (otelTracesSamplerArg) tags.push(otelTracesSamplerArg)
-
-  if (!(ddVar in counters)) counters[ddVar] = {}
+  if (!(otelVar in counters)) counters[otelVar] = {}
 
   const counter = tracerMetrics.count(event, tags)
-  counters[ddVar][otelVar] = counter
+  counters[otelVar][ddVar] = counter
   return counter
 }
 
 const otelDdEnvMapping = {
-  DD_TRACE_LOG_LEVEL: 'OTEL_LOG_LEVEL',
-  DD_TRACE_PROPAGATION_STYLE: 'OTEL_PROPAGATORS',
-  DD_SERVICE: 'OTEL_SERVICE_NAME',
-  DD_TRACE_SAMPLE_RATE: 'OTEL_TRACES_SAMPLER',
-  DD_TRACE_ENABLED: 'OTEL_TRACES_EXPORTER',
-  DD_RUNTIME_METRICS_ENABLED: 'OTEL_METRICS_EXPORTER',
-  DD_TAGS: 'OTEL_RESOURCE_ATTRIBUTES',
-  DD_TRACE_OTEL_ENABLED: 'OTEL_SDK_DISABLED'
+  OTEL_LOG_LEVEL: 'DD_TRACE_LOG_LEVEL',
+  OTEL_PROPAGATORS: 'DD_TRACE_PROPAGATION_STYLE',
+  OTEL_SERVICE_NAME: 'DD_SERVICE',
+  OTEL_TRACES_SAMPLER: 'DD_TRACE_SAMPLE_RATE',
+  OTEL_TRACES_SAMPLER_ARG: 'DD_TRACE_SAMPLE_RATE',
+  OTEL_TRACES_EXPORTER: 'DD_TRACE_ENABLED',
+  OTEL_METRICS_EXPORTER: 'DD_RUNTIME_METRICS_ENABLED',
+  OTEL_RESOURCE_ATTRIBUTES: 'DD_TAGS',
+  OTEL_SDK_DISABLED: 'DD_TRACE_OTEL_ENABLED',
+  OTEL_LOGS_EXPORTER: undefined
 }
 
-const otelInvalidEnv = ['OTEL_LOGS_EXPORTER']
+const VALID_PROPAGATION_STYLES = new Set(['datadog', 'tracecontext', 'b3', 'b3 single header', 'none'])
 
-function checkIfBothOtelAndDdEnvVarSet () {
-  for (const [ddVar, otelVar] of Object.entries(otelDdEnvMapping)) {
-    if (process.env[ddVar] && process.env[otelVar]) {
-      log.warn(`both ${ddVar} and ${otelVar} environment variables are set`)
-      getCounter('otel.env.hiding', ddVar, otelVar,
-        otelVar === 'OTEL_TRACES_SAMPLER' &&
-        process.env.OTEL_TRACES_SAMPLER_ARG
-          ? 'OTEL_TRACES_SAMPLER_ARG'
-          : undefined).inc()
+const VALID_LOG_LEVELS = new Set(['debug', 'info', 'warn', 'error'])
+
+function getFromOtelSamplerMap (otelTracesSampler, otelTracesSamplerArg) {
+  const OTEL_TRACES_SAMPLER_MAPPING = {
+    always_on: '1.0',
+    always_off: '0.0',
+    traceidratio: otelTracesSamplerArg,
+    parentbased_always_on: '1.0',
+    parentbased_always_off: '0.0',
+    parentbased_traceidratio: otelTracesSamplerArg
+  }
+  return OTEL_TRACES_SAMPLER_MAPPING[otelTracesSampler]
+}
+
+function validateOtelPropagators (propagators) {
+  if (!process.env.PROPAGATION_STYLE_EXTRACT &&
+    !process.env.PROPAGATION_STYLE_INJECT &&
+    !process.env.DD_TRACE_PROPAGATION_STYLE &&
+    process.env.OTEL_PROPAGATORS) {
+    for (const style in propagators) {
+      if (!VALID_PROPAGATION_STYLES.has(style)) {
+        log.warn('unexpected value for OTEL_PROPAGATORS environment variable')
+        getCounter('otel.env.invalid', 'DD_TRACE_PROPAGATION_STYLE', 'OTEL_PROPAGATORS').inc()
+      }
     }
   }
+}
 
-  for (const otelVar of otelInvalidEnv) {
-    if (process.env[otelVar]) {
-      log.warn(`${otelVar} is not supported by the Datadog SDK`)
-      getCounter('otel.env.invalid', otelVar).inc()
+function validateEnvVarType (envVar) {
+  const value = process.env[envVar]
+  switch (envVar) {
+    case 'OTEL_LOG_LEVEL':
+      return VALID_LOG_LEVELS.has(value)
+    case 'OTEL_PROPAGATORS':
+    case 'OTEL_RESOURCE_ATTRIBUTES':
+    case 'OTEL_SERVICE_NAME':
+      return typeof value === 'string'
+    case 'OTEL_TRACES_SAMPLER':
+      return getFromOtelSamplerMap(value, process.env.OTEL_TRACES_SAMPLER_ARG) !== undefined
+    case 'OTEL_TRACES_SAMPLER_ARG':
+      return !isNaN(parseFloat(value))
+    case 'OTEL_SDK_DISABLED':
+      return value.toLowerCase() === 'true' || value.toLowerCase() === 'false'
+    case 'OTEL_TRACES_EXPORTER':
+    case 'OTEL_METRICS_EXPORTER':
+    case 'OTEL_LOGS_EXPORTER':
+      return value.toLowerCase() === 'none'
+    default:
+      return false
+  }
+}
+
+function checkIfBothOtelAndDdEnvVarSet () {
+  for (const [otelEnvVar, ddEnvVar] of Object.entries(otelDdEnvMapping)) {
+    if (ddEnvVar && process.env[ddEnvVar] && process.env[otelEnvVar]) {
+      log.warn(`both ${ddEnvVar} and ${otelEnvVar} environment variables are set`)
+      getCounter('otel.env.hiding', ddEnvVar, otelEnvVar).inc()
+    }
+
+    if (process.env[otelEnvVar] && !validateEnvVarType(otelEnvVar)) {
+      log.warn(`unexpected value for ${otelEnvVar} environment variable`)
+      getCounter('otel.env.invalid', ddEnvVar, otelEnvVar).inc()
     }
   }
 }
@@ -80,9 +134,9 @@ const fromEntries = Object.fromEntries || (entries =>
 // eslint-disable-next-line max-len
 const qsRegex = '(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\\s|%20)*(?:=|%3D)[^&]+|(?:"|%22)(?:\\s|%20)*(?::|%3A)(?:\\s|%20)*(?:"|%22)(?:%2[^2]|%[^2]|[^"%])+(?:"|%22))|bearer(?:\\s|%20)+[a-z0-9\\._\\-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L](?:[\\w=-]|%3D)+\\.ey[I-L](?:[\\w=-]|%3D)+(?:\\.(?:[\\w.+\\/=-]|%3D|%2F|%2B)+)?|[\\-]{5}BEGIN(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY[\\-]{5}[^\\-]+[\\-]{5}END(?:[a-z\\s]|%20)+PRIVATE(?:\\s|%20)KEY|ssh-rsa(?:\\s|%20)*(?:[a-z0-9\\/\\.+]|%2F|%5C|%2B){100,}'
 // eslint-disable-next-line max-len
-const defaultWafObfuscatorKeyRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?)key)|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization'
+const defaultWafObfuscatorKeyRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key)|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)|bearer|authorization|jsessionid|phpsessid|asp\\.net[_-]sessionid|sid|jwt'
 // eslint-disable-next-line max-len
-const defaultWafObfuscatorValueRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:\\s*=[^;]|"\\s*:\\s*"[^"]+")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}'
+const defaultWafObfuscatorValueRegex = '(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\\.net(?:[_-]|-)sessionid|sid|jwt)(?:\\s*=[^;]|"\\s*:\\s*"[^"]+")|bearer\\s+[a-z0-9\\._\\-]+|token:[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(?:\\.[\\w.+\\/=-]+)?|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}'
 const runtimeId = uuid()
 
 function maybeFile (filepath) {
@@ -235,6 +289,9 @@ class Config {
       options.tracePropagationStyle,
       defaultPropagationStyle
     )
+
+    validateOtelPropagators(PROPAGATION_STYLE_INJECT)
+
     const DD_TRACE_PROPAGATION_EXTRACT_FIRST = coalesce(
       process.env.DD_TRACE_PROPAGATION_EXTRACT_FIRST,
       false
@@ -440,6 +497,10 @@ class Config {
     this._setValue(defaults, 'appsec.rateLimit', 100)
     this._setValue(defaults, 'appsec.rules', undefined)
     this._setValue(defaults, 'appsec.sca.enabled', null)
+    this._setValue(defaults, 'appsec.standalone.enabled', undefined)
+    this._setValue(defaults, 'appsec.stackTrace.enabled', true)
+    this._setValue(defaults, 'appsec.stackTrace.maxDepth', 32)
+    this._setValue(defaults, 'appsec.stackTrace.maxStackTraces', 2)
     this._setValue(defaults, 'appsec.wafTimeout', 5e3) // µs
     this._setValue(defaults, 'clientIpEnabled', false)
     this._setValue(defaults, 'clientIpHeader', null)
@@ -524,10 +585,13 @@ class Config {
       DD_APPSEC_ENABLED,
       DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML,
       DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON,
+      DD_APPSEC_MAX_STACK_TRACES,
+      DD_APPSEC_MAX_STACK_TRACE_DEPTH,
       DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP,
       DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP,
       DD_APPSEC_RULES,
       DD_APPSEC_SCA_ENABLED,
+      DD_APPSEC_STACK_TRACE_ENABLED,
       DD_APPSEC_RASP_ENABLED,
       DD_APPSEC_TRACE_RATE_LIMIT,
       DD_APPSEC_WAF_TIMEOUT,
@@ -536,6 +600,7 @@ class Config {
       DD_DOGSTATSD_HOSTNAME,
       DD_DOGSTATSD_PORT,
       DD_ENV,
+      DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED,
       DD_EXPERIMENTAL_PROFILING_ENABLED,
       JEST_WORKER_ID,
       DD_IAST_DEDUPLICATION_ENABLED,
@@ -627,6 +692,12 @@ class Config {
     this._setString(env, 'appsec.rules', DD_APPSEC_RULES)
     // DD_APPSEC_SCA_ENABLED is never used locally, but only sent to the backend
     this._setBoolean(env, 'appsec.sca.enabled', DD_APPSEC_SCA_ENABLED)
+    this._setBoolean(env, 'appsec.standalone.enabled', DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED)
+    this._setBoolean(env, 'appsec.stackTrace.enabled', DD_APPSEC_STACK_TRACE_ENABLED)
+    this._setValue(env, 'appsec.stackTrace.maxDepth', maybeInt(DD_APPSEC_MAX_STACK_TRACE_DEPTH))
+    this._envUnprocessed['appsec.stackTrace.maxDepth'] = DD_APPSEC_MAX_STACK_TRACE_DEPTH
+    this._setValue(env, 'appsec.stackTrace.maxStackTraces', maybeInt(DD_APPSEC_MAX_STACK_TRACES))
+    this._envUnprocessed['appsec.stackTrace.maxStackTraces'] = DD_APPSEC_MAX_STACK_TRACES
     this._setValue(env, 'appsec.wafTimeout', maybeInt(DD_APPSEC_WAF_TIMEOUT))
     this._envUnprocessed['appsec.wafTimeout'] = DD_APPSEC_WAF_TIMEOUT
     this._setBoolean(env, 'clientIpEnabled', DD_TRACE_CLIENT_IP_ENABLED)
@@ -701,15 +772,8 @@ class Config {
       : undefined
     this._setBoolean(env, 'runtimeMetrics', DD_RUNTIME_METRICS_ENABLED ||
     otelSetRuntimeMetrics)
-    const OTEL_TRACES_SAMPLER_MAPPING = {
-      always_on: '1.0',
-      always_off: '0.0',
-      traceidratio: OTEL_TRACES_SAMPLER_ARG,
-      parentbased_always_on: '1.0',
-      parentbased_always_off: '0.0',
-      parentbased_traceidratio: OTEL_TRACES_SAMPLER_ARG
-    }
-    this._setUnit(env, 'sampleRate', DD_TRACE_SAMPLE_RATE || OTEL_TRACES_SAMPLER_MAPPING[OTEL_TRACES_SAMPLER])
+    this._setUnit(env, 'sampleRate', DD_TRACE_SAMPLE_RATE ||
+    getFromOtelSamplerMap(OTEL_TRACES_SAMPLER, OTEL_TRACES_SAMPLER_ARG))
     this._setValue(env, 'sampler.rateLimit', DD_TRACE_RATE_LIMIT)
     this._setSamplingRule(env, 'sampler.rules', safeJsonParse(DD_TRACE_SAMPLING_RULES))
     this._envUnprocessed['sampler.rules'] = DD_TRACE_SAMPLING_RULES
@@ -767,6 +831,12 @@ class Config {
     this._setValue(opts, 'appsec.rateLimit', maybeInt(options.appsec.rateLimit))
     this._optsUnprocessed['appsec.rateLimit'] = options.appsec.rateLimit
     this._setString(opts, 'appsec.rules', options.appsec.rules)
+    this._setBoolean(opts, 'appsec.standalone.enabled', options.experimental?.appsec?.standalone?.enabled)
+    this._setBoolean(opts, 'appsec.stackTrace.enabled', options.appsec.stackTrace?.enabled)
+    this._setValue(opts, 'appsec.stackTrace.maxDepth', maybeInt(options.appsec.stackTrace?.maxDepth))
+    this._optsUnprocessed['appsec.stackTrace.maxDepth'] = options.appsec.stackTrace?.maxDepth
+    this._setValue(opts, 'appsec.stackTrace.maxStackTraces', maybeInt(options.appsec.stackTrace?.maxStackTraces))
+    this._optsUnprocessed['appsec.stackTrace.maxStackTraces'] = options.appsec.stackTrace?.maxStackTraces
     this._setValue(opts, 'appsec.wafTimeout', maybeInt(options.appsec.wafTimeout))
     this._optsUnprocessed['appsec.wafTimeout'] = options.appsec.wafTimeout
     this._setBoolean(opts, 'clientIpEnabled', options.clientIpEnabled)

package/packages/dd-trace/src/constants.js

@@ -32,5 +32,7 @@ module.exports = {
   PEER_SERVICE_SOURCE_KEY: '_dd.peer.service.source',
   PEER_SERVICE_REMAP_KEY: '_dd.peer.service.remapped_from',
   SCI_REPOSITORY_URL: '_dd.git.repository_url',
-  SCI_COMMIT_SHA: '_dd.git.commit.sha'
+  SCI_COMMIT_SHA: '_dd.git.commit.sha',
+  APM_TRACING_ENABLED_KEY: '_dd.apm.enabled',
+  APPSEC_PROPAGATION_KEY: '_dd.p.appsec'
 }

package/packages/dd-trace/src/datastreams/processor.js

@@ -211,7 +211,8 @@ class DataStreamsProcessor {
       Stats,
       TracerVersion: pkg.version,
       Version: this.version,
-      Lang: 'javascript'
+      Lang: 'javascript',
+      Tags: Object.entries(this.tags).map(([key, value]) => `${key}:${value}`)
     }
     this.writer.flush(payload)
   }

package/packages/dd-trace/src/exporters/agent/index.js

@@ -7,7 +7,7 @@ const Writer = require('./writer')
 class AgentExporter {
   constructor (config, prioritySampler) {
     this._config = config
-    const { url, hostname, port, lookup, protocolVersion, stats = {} } = config
+    const { url, hostname, port, lookup, protocolVersion, stats = {}, appsec } = config
     this._url = url || new URL(format({
       protocol: 'http:',
       hostname: hostname || 'localhost',
@@ -15,7 +15,7 @@ class AgentExporter {
     }))
 
     const headers = {}
-    if (stats.enabled) {
+    if (stats.enabled || appsec?.standalone?.enabled) {
       headers['Datadog-Client-Computed-Stats'] = 'yes'
     }
 

package/packages/dd-trace/src/format.js

@@ -34,6 +34,7 @@ function format (span) {
   const formatted = formatSpan(span)
 
   extractSpanLinks(formatted, span)
+  extractSpanEvents(formatted, span)
   extractRootTags(formatted, span)
   extractChunkTags(formatted, span)
   extractTags(formatted, span)
@@ -52,6 +53,7 @@ function formatSpan (span) {
     resource: String(spanContext._name),
     error: 0,
     meta: {},
+    meta_struct: span.meta_struct,
     metrics: {},
     start: Math.round(span._startTime * 1e6),
     duration: Math.round(span._duration * 1e6),
@@ -88,6 +90,22 @@ function extractSpanLinks (trace, span) {
   if (links.length > 0) { trace.meta['_dd.span_links'] = JSON.stringify(links) }
 }
 
+function extractSpanEvents (trace, span) {
+  const events = []
+  if (span._events) {
+    for (const event of span._events) {
+      const formattedEvent = {
+        name: event.name,
+        time_unix_nano: Math.round(event.startTime * 1e6),
+        attributes: event.attributes && Object.keys(event.attributes).length > 0 ? event.attributes : undefined
+      }
+
+      events.push(formattedEvent)
+    }
+  }
+  if (events.length > 0) { trace.meta.events = JSON.stringify(events) }
+}
+
 function extractTags (trace, span) {
   const context = span.context()
   const origin = context._trace.origin
@@ -134,7 +152,10 @@ function extractTags (trace, span) {
       case ERROR_STACK:
         // HACK: remove when implemented in the backend
         if (context._name !== 'fs.operation') {
-          trace.error = 1
+          // HACK: to ensure otel.recordException does not influence trace.error
+          if (tags.setTraceError) {
+            trace.error = 1
+          }
         } else {
           break
         }
@@ -142,7 +163,6 @@ function extractTags (trace, span) {
         addTag(trace.meta, trace.metrics, tag, tags[tag])
     }
   }
-
   setSingleSpanIngestionTags(trace, context._spanSampling)
 
   addTag(trace.meta, trace.metrics, 'language', 'javascript')

package/packages/dd-trace/src/opentelemetry/span.js

@@ -20,6 +20,20 @@ function hrTimeToMilliseconds (time) {
   return time[0] * 1e3 + time[1] / 1e6
 }
 
+function isTimeInput (startTime) {
+  if (typeof startTime === 'number') {
+    return true
+  }
+  if (startTime instanceof Date) {
+    return true
+  }
+  if (Array.isArray(startTime) && startTime.length === 2 &&
+      typeof startTime[0] === 'number' && typeof startTime[1] === 'number') {
+    return true
+  }
+  return false
+}
+
 const spanKindNames = {
   [api.SpanKind.INTERNAL]: kinds.INTERNAL,
   [api.SpanKind.SERVER]: kinds.SERVER,
@@ -196,11 +210,6 @@ class Span {
     return this
   }
 
-  addEvent (name, attributesOrStartTime, startTime) {
-    api.diag.warn('Events not supported')
-    return this
-  }
-
   addLink (context, attributes) {
     // extract dd context
     const ddSpanContext = context._ddContext
@@ -244,12 +253,29 @@ class Span {
     return this.ended === false
   }
 
-  recordException (exception) {
+  addEvent (name, attributesOrStartTime, startTime) {
+    startTime = attributesOrStartTime && isTimeInput(attributesOrStartTime) ? attributesOrStartTime : startTime
+    const hrStartTime = timeInputToHrTime(startTime || (performance.now() + timeOrigin))
+    startTime = hrTimeToMilliseconds(hrStartTime)
+
+    this._ddSpan.addEvent(name, attributesOrStartTime, startTime)
+    return this
+  }
+
+  recordException (exception, timeInput) {
+    // HACK: identifier is added so that trace.error remains unchanged after a call to otel.recordException
     this._ddSpan.addTags({
       [ERROR_TYPE]: exception.name,
       [ERROR_MESSAGE]: exception.message,
-      [ERROR_STACK]: exception.stack
+      [ERROR_STACK]: exception.stack,
+      doNotSetTraceError: true
     })
+    const attributes = {}
+    if (exception.message) attributes['exception.message'] = exception.message
+    if (exception.type) attributes['exception.type'] = exception.type
+    if (exception.escaped) attributes['exception.escaped'] = exception.escaped
+    if (exception.stack) attributes['exception.stacktrace'] = exception.stack
+    this.addEvent(exception.name, attributes, timeInput)
   }
 
   get duration () {

package/packages/dd-trace/src/opentracing/propagation/text_map.js

@@ -6,9 +6,13 @@ const DatadogSpanContext = require('../span_context')
 const log = require('../../log')
 const TraceState = require('./tracestate')
 const tags = require('../../../../../ext/tags')
+const { channel } = require('dc-polyfill')
 
 const { AUTO_KEEP, AUTO_REJECT, USER_KEEP } = require('../../../../../ext/priority')
 
+const injectCh = channel('dd-trace:span:inject')
+const extractCh = channel('dd-trace:span:extract')
+
 const traceKey = 'x-datadog-trace-id'
 const spanKey = 'x-datadog-parent-id'
 const originKey = 'x-datadog-origin'
@@ -54,6 +58,10 @@ class TextMapPropagator {
     this._injectB3SingleHeader(spanContext, carrier)
     this._injectTraceparent(spanContext, carrier)
 
+    if (injectCh.hasSubscribers) {
+      injectCh.publish({ spanContext, carrier })
+    }
+
     log.debug(() => `Inject into carrier: ${JSON.stringify(pick(carrier, logKeys))}.`)
   }
 
@@ -62,6 +70,10 @@ class TextMapPropagator {
 
     if (!spanContext) return spanContext
 
+    if (extractCh.hasSubscribers) {
+      extractCh.publish({ spanContext, carrier })
+    }
+
     log.debug(() => `Extract from carrier: ${JSON.stringify(pick(carrier, logKeys))}.`)
 
     return spanContext

package/packages/dd-trace/src/opentracing/span.js

@@ -67,6 +67,8 @@ class DatadogSpan {
     this._store = storage.getStore()
     this._duration = undefined
 
+    this._events = []
+
     // For internal use only. You probably want `context()._name`.
     // This name property is not updated when the span name changes.
     // This is necessary for span count metrics.
@@ -97,7 +99,10 @@ class DatadogSpan {
       unfinishedRegistry.register(this, operationName, this)
     }
     spanleak.addSpan(this, operationName)
-    startCh.publish(this)
+
+    if (startCh.hasSubscribers) {
+      startCh.publish({ span: this, fields })
+    }
   }
 
   toString () {
@@ -163,6 +168,19 @@ class DatadogSpan {
     })
   }
 
+  addEvent (name, attributesOrStartTime, startTime) {
+    const event = { name }
+    if (attributesOrStartTime) {
+      if (typeof attributesOrStartTime === 'object') {
+        event.attributes = this._sanitizeEventAttributes(attributesOrStartTime)
+      } else {
+        startTime = attributesOrStartTime
+      }
+    }
+    event.startTime = startTime || this._getTime()
+    this._events.push(event)
+  }
+
   finish (finishTime) {
     if (this._duration !== undefined) {
       return
@@ -221,7 +239,30 @@ class DatadogSpan {
       const [key, value] = entry
       addArrayOrScalarAttributes(key, value)
     })
+    return sanitizedAttributes
+  }
+
+  _sanitizeEventAttributes (attributes = {}) {
+    const sanitizedAttributes = {}
 
+    for (const key in attributes) {
+      const value = attributes[key]
+      if (Array.isArray(value)) {
+        const newArray = []
+        for (const subkey in value) {
+          if (ALLOWED.includes(typeof value[subkey])) {
+            newArray.push(value[subkey])
+          } else {
+            log.warn('Dropping span event attribute. It is not of an allowed type')
+          }
+        }
+        sanitizedAttributes[key] = newArray
+      } else if (ALLOWED.includes(typeof value)) {
+        sanitizedAttributes[key] = value
+      } else {
+        log.warn('Dropping span event attribute. It is not of an allowed type')
+      }
+    }
     return sanitizedAttributes
   }
 

package/packages/dd-trace/src/opentracing/tracer.js

@@ -19,7 +19,7 @@ const REFERENCE_CHILD_OF = 'child_of'
 const REFERENCE_FOLLOWS_FROM = 'follows_from'
 
 class DatadogTracer {
-  constructor (config) {
+  constructor (config, prioritySampler) {
     const Exporter = getExporter(config.experimental.exporter)
 
     this._config = config
@@ -28,7 +28,7 @@ class DatadogTracer {
     this._env = config.env
     this._logInjection = config.logInjection
     this._debug = config.debug
-    this._prioritySampler = new PrioritySampler(config.env, config.sampler)
+    this._prioritySampler = prioritySampler ?? new PrioritySampler(config.env, config.sampler)
     this._exporter = new Exporter(config, this._prioritySampler)
     this._processor = new SpanProcessor(this._exporter, this._prioritySampler, config)
     this._url = this._exporter._url

package/packages/dd-trace/src/plugins/ci_plugin.js

@@ -91,6 +91,13 @@ module.exports = class CiPlugin extends Plugin {
           ...testModuleSpanMetadata
         }
       })
+      // only for vitest
+      // These are added for the worker threads to use
+      if (this.constructor.id === 'vitest') {
+        process.env.DD_CIVISIBILITY_TEST_SESSION_ID = this.testSessionSpan.context().toTraceId()
+        process.env.DD_CIVISIBILITY_TEST_MODULE_ID = this.testModuleSpan.context().toSpanId()
+      }
+
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_CREATED, 'module')
     })