npm - dd-trace - Versions diffs - 4.46.0 → 4.47.1 - Mend

dd-trace 4.46.0 → 4.47.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (89) hide show

package/packages/dd-trace/src/profiling/profilers/shared.js CHANGED Viewed

@@ -6,6 +6,9 @@ const END_TIMESTAMP_LABEL = 'end_timestamp_ns'
 const THREAD_NAME_LABEL = 'thread name'
 const OS_THREAD_ID_LABEL = 'os thread id'
 const THREAD_ID_LABEL = 'thread id'
+const SPAN_ID_LABEL = 'span id'
+const LOCAL_ROOT_SPAN_ID_LABEL = 'local root span id'
 const threadNamePrefix = isMainThread ? 'Main' : `Worker #${threadId}`
 const eventLoopThreadName = `${threadNamePrefix} Event Loop`
@@ -38,6 +41,8 @@ module.exports = {
   THREAD_NAME_LABEL,
   THREAD_ID_LABEL,
   OS_THREAD_ID_LABEL,
+  SPAN_ID_LABEL,
+  LOCAL_ROOT_SPAN_ID_LABEL,
   threadNamePrefix,
   eventLoopThreadName,
   getNonJSThreadsLabels,

package/packages/dd-trace/src/profiling/profilers/wall.js CHANGED Viewed

@@ -7,7 +7,13 @@ const { HTTP_METHOD, HTTP_ROUTE, RESOURCE_NAME, SPAN_TYPE } = require('../../../
 const { WEB } = require('../../../../../ext/types')
 const runtimeMetrics = require('../../runtime_metrics')
 const telemetryMetrics = require('../../telemetry/metrics')
-const { END_TIMESTAMP_LABEL, getNonJSThreadsLabels, getThreadLabels } = require('./shared')
+const {
+  END_TIMESTAMP_LABEL,
+  SPAN_ID_LABEL,
+  LOCAL_ROOT_SPAN_ID_LABEL,
+  getNonJSThreadsLabels,
+  getThreadLabels
+} = require('./shared')
 const beforeCh = dc.channel('dd-trace:storage:before')
 const enterCh = dc.channel('dd-trace:storage:enter')
@@ -275,10 +281,10 @@ class NativeWallProfiler {
     }
     if (spanId) {
-      labels['span id'] = spanId
+      labels[SPAN_ID_LABEL] = spanId
     }
     if (rootSpanId) {
-      labels['local root span id'] = rootSpanId
+      labels[LOCAL_ROOT_SPAN_ID_LABEL] = rootSpanId
     }
     if (webTags && Object.keys(webTags).length !== 0) {
       labels['trace endpoint'] = endpointNameFromTags(webTags)

package/packages/dd-trace/src/profiling/ssi-heuristics.js CHANGED Viewed

@@ -3,6 +3,7 @@
 const telemetryMetrics = require('../telemetry/metrics')
 const profilersNamespace = telemetryMetrics.manager.namespace('profilers')
 const dc = require('dc-polyfill')
+const log = require('../log')
 // If the process lives for at least 30 seconds, it's considered long-lived
 const DEFAULT_LONG_LIVED_THRESHOLD = 30000
@@ -40,9 +41,14 @@ class SSIHeuristics {
     const longLivedThreshold = config.profiling.longLivedThreshold || DEFAULT_LONG_LIVED_THRESHOLD
     if (typeof longLivedThreshold !== 'number' || longLivedThreshold <= 0) {
-      throw new Error('Long-lived threshold must be a positive number')
+      this.longLivedThreshold = DEFAULT_LONG_LIVED_THRESHOLD
+      log.warn(
+        `Invalid SSIHeuristics.longLivedThreshold value: ${config.profiling.longLivedThreshold}. ` +
+        `Using default value: ${DEFAULT_LONG_LIVED_THRESHOLD}`
+      )
+    } else {
+      this.longLivedThreshold = longLivedThreshold
     }
-    this.longLivedThreshold = longLivedThreshold
     this.hasSentProfiles = false
     this.noSpan = true
@@ -94,6 +100,8 @@ class SSIHeuristics {
         })
         break
       default:
+        // injection hardening: only usage is internal, one call site with
+        // a function and another with undefined, so we can throw here.
         throw new TypeError('callback must be a function or undefined')
     }
   }

package/packages/dd-trace/src/proxy.js CHANGED Viewed

@@ -5,6 +5,7 @@ const Config = require('./config')
 const runtimeMetrics = require('./runtime_metrics')
 const log = require('./log')
 const { setStartupLogPluginManager } = require('./startup-log')
+const DynamicInstrumentation = require('./debugger')
 const telemetry = require('./telemetry')
 const nomenclature = require('./service-naming')
 const PluginManager = require('./plugin_manager')
@@ -83,7 +84,7 @@ class Tracer extends NoopProxy {
       if (config.remoteConfig.enabled && !config.isCiVisibility) {
         const rc = remoteConfig.enable(config, this._modules.appsec)
-        rc.on('APM_TRACING', (action, conf) => {
+        rc.setProductHandler('APM_TRACING', (action, conf) => {
           if (action === 'unapply') {
             config.configure({}, true)
           } else {
@@ -92,7 +93,7 @@ class Tracer extends NoopProxy {
           this._enableOrDisableTracing(config)
         })
-        rc.on('AGENT_CONFIG', (action, conf) => {
+        rc.setProductHandler('AGENT_CONFIG', (action, conf) => {
           if (!conf?.name?.startsWith('flare-log-level.')) return
           if (action === 'unapply') {
@@ -103,13 +104,17 @@ class Tracer extends NoopProxy {
           }
         })
-        rc.on('AGENT_TASK', (action, conf) => {
+        rc.setProductHandler('AGENT_TASK', (action, conf) => {
           if (action === 'unapply' || !conf) return
           if (conf.task_type !== 'tracer_flare' || !conf.args) return
           this._flare.enable(config)
           this._flare.module.send(conf.args)
         })
+        if (config.dynamicInstrumentationEnabled) {
+          DynamicInstrumentation.start(config, rc)
+        }
       }
       if (config.isGCPFunction || config.isAzureFunction) {
@@ -196,12 +201,14 @@ class Tracer extends NoopProxy {
     if (this._tracingInitialized) {
       this._tracer.configure(config)
       this._pluginManager.configure(config)
+      DynamicInstrumentation.configure(config)
       setStartupLogPluginManager(this._pluginManager)
     }
   }
   profilerStarted () {
     if (!this._profilerStarted) {
+      // injection hardening: this is only ever invoked from tests.
       throw new Error('profilerStarted() must be called after init()')
     }
     return this._profilerStarted

package/packages/dd-trace/src/span_stats.js CHANGED Viewed

@@ -127,7 +127,8 @@ class SpanStatsProcessor {
     url,
     env,
     tags,
-    appsec
+    appsec,
+    version
   } = {}) {
     this.exporter = new SpanStatsExporter({
       hostname,
@@ -143,6 +144,7 @@ class SpanStatsProcessor {
     this.env = env
     this.tags = tags || {}
     this.sequence = 0
+    this.version = version
     if (this.enabled) {
       this.timer = setInterval(this.onInterval.bind(this), interval * 1e3)
@@ -157,7 +159,7 @@ class SpanStatsProcessor {
     this.exporter.export({
       Hostname: this.hostname,
       Env: this.env,
-      Version: version,
+      Version: this.version || version,
       Stats: serialized,
       Lang: 'javascript',
       TracerVersion: pkg.version,

package/packages/dd-trace/src/appsec/rasp.js DELETED Viewed

@@ -1,176 +0,0 @@
-'use strict'
-const { storage } = require('../../../datadog-core')
-const web = require('./../plugins/util/web')
-const addresses = require('./addresses')
-const { httpClientRequestStart, setUncaughtExceptionCaptureCallbackStart } = require('./channels')
-const { reportStackTrace } = require('./stack_trace')
-const waf = require('./waf')
-const { getBlockingAction, block } = require('./blocking')
-const log = require('../log')
-const RULE_TYPES = {
-  SSRF: 'ssrf'
-}
-class DatadogRaspAbortError extends Error {
-  constructor (req, res, blockingAction) {
-    super('DatadogRaspAbortError')
-    this.name = 'DatadogRaspAbortError'
-    this.req = req
-    this.res = res
-    this.blockingAction = blockingAction
-  }
-}
-let config, abortOnUncaughtException
-function removeAllListeners (emitter, event) {
-  const listeners = emitter.listeners(event)
-  emitter.removeAllListeners(event)
-  let cleaned = false
-  return function () {
-    if (cleaned === true) {
-      return
-    }
-    cleaned = true
-    for (let i = 0; i < listeners.length; ++i) {
-      emitter.on(event, listeners[i])
-    }
-  }
-}
-function findDatadogRaspAbortError (err, deep = 10) {
-  if (err instanceof DatadogRaspAbortError) {
-    return err
-  }
-  if (err.cause && deep > 0) {
-    return findDatadogRaspAbortError(err.cause, deep - 1)
-  }
-}
-function handleUncaughtExceptionMonitor (err) {
-  const abortError = findDatadogRaspAbortError(err)
-  if (!abortError) return
-  const { req, res, blockingAction } = abortError
-  block(req, res, web.root(req), null, blockingAction)
-  if (!process.hasUncaughtExceptionCaptureCallback()) {
-    const cleanUp = removeAllListeners(process, 'uncaughtException')
-    const handler = () => {
-      process.removeListener('uncaughtException', handler)
-    }
-    setTimeout(() => {
-      process.removeListener('uncaughtException', handler)
-      cleanUp()
-    })
-    process.on('uncaughtException', handler)
-  } else {
-    // uncaughtException event is not executed when hasUncaughtExceptionCaptureCallback is true
-    let previousCb
-    const cb = ({ currentCallback, abortController }) => {
-      setUncaughtExceptionCaptureCallbackStart.unsubscribe(cb)
-      if (!currentCallback) {
-        abortController.abort()
-        return
-      }
-      previousCb = currentCallback
-    }
-    setUncaughtExceptionCaptureCallbackStart.subscribe(cb)
-    process.setUncaughtExceptionCaptureCallback(null)
-    // For some reason, previous callback was defined before the instrumentation
-    // We can not restore it, so we let the app decide
-    if (previousCb) {
-      process.setUncaughtExceptionCaptureCallback(() => {
-        process.setUncaughtExceptionCaptureCallback(null)
-        process.setUncaughtExceptionCaptureCallback(previousCb)
-      })
-    }
-  }
-}
-function enable (_config) {
-  config = _config
-  httpClientRequestStart.subscribe(analyzeSsrf)
-  process.on('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
-  abortOnUncaughtException = process.execArgv?.includes('--abort-on-uncaught-exception')
-  if (abortOnUncaughtException) {
-    log.warn('The --abort-on-uncaught-exception flag is enabled. The RASP module will not block operations.')
-  }
-}
-function disable () {
-  if (httpClientRequestStart.hasSubscribers) httpClientRequestStart.unsubscribe(analyzeSsrf)
-  process.off('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
-}
-function analyzeSsrf (ctx) {
-  const store = storage.getStore()
-  const req = store?.req
-  const url = ctx.args.uri
-  if (!req || !url) return
-  const persistent = {
-    [addresses.HTTP_OUTGOING_URL]: url
-  }
-  const result = waf.run({ persistent }, req, RULE_TYPES.SSRF)
-  const res = store?.res
-  handleResult(result, req, res, ctx.abortController)
-}
-function getGenerateStackTraceAction (actions) {
-  return actions?.generate_stack
-}
-function handleResult (actions, req, res, abortController) {
-  const generateStackTraceAction = getGenerateStackTraceAction(actions)
-  if (generateStackTraceAction && config.appsec.stackTrace.enabled) {
-    const rootSpan = web.root(req)
-    reportStackTrace(
-      rootSpan,
-      generateStackTraceAction.stack_id,
-      config.appsec.stackTrace.maxDepth,
-      config.appsec.stackTrace.maxStackTraces
-    )
-  }
-  if (!abortController || abortOnUncaughtException) return
-  const blockingAction = getBlockingAction(actions)
-  if (blockingAction) {
-    const rootSpan = web.root(req)
-    // Should block only in express
-    if (rootSpan?.context()._name === 'express.request') {
-      const abortError = new DatadogRaspAbortError(req, res, blockingAction)
-      abortController.abort(abortError)
-      // TODO Delete this when support for node 16 is removed
-      if (!abortController.signal.reason) {
-        abortController.signal.reason = abortError
-      }
-    }
-  }
-}
-module.exports = {
-  enable,
-  disable,
-  handleResult,
-  handleUncaughtExceptionMonitor // exported only for testing purpose
-}