dd-trace 4.47.1 → 4.48.0

package/packages/dd-trace/src/appsec/rasp/index.js

@@ -1,10 +1,11 @@
 'use strict'
 
 const web = require('../../plugins/util/web')
-const { setUncaughtExceptionCaptureCallbackStart } = require('../channels')
-const { block } = require('../blocking')
+const { setUncaughtExceptionCaptureCallbackStart, expressMiddlewareError } = require('../channels')
+const { block, isBlocked } = require('../blocking')
 const ssrf = require('./ssrf')
 const sqli = require('./sql_injection')
+const lfi = require('./lfi')
 
 const { DatadogRaspAbortError } = require('./utils')
 
@@ -30,17 +31,13 @@ function findDatadogRaspAbortError (err, deep = 10) {
     return err
   }
 
-  if (err.cause && deep > 0) {
+  if (err?.cause && deep > 0) {
     return findDatadogRaspAbortError(err.cause, deep - 1)
   }
 }
 
-function handleUncaughtExceptionMonitor (err) {
-  const abortError = findDatadogRaspAbortError(err)
-  if (!abortError) return
-
-  const { req, res, blockingAction } = abortError
-  block(req, res, web.root(req), null, blockingAction)
+function handleUncaughtExceptionMonitor (error) {
+  if (!blockOnDatadogRaspAbortError({ error })) return
 
   if (!process.hasUncaughtExceptionCaptureCallback()) {
     const cleanUp = removeAllListeners(process, 'uncaughtException')
@@ -82,22 +79,39 @@ function handleUncaughtExceptionMonitor (err) {
   }
 }
 
+function blockOnDatadogRaspAbortError ({ error }) {
+  const abortError = findDatadogRaspAbortError(error)
+  if (!abortError) return false
+
+  const { req, res, blockingAction } = abortError
+  if (!isBlocked(res)) {
+    block(req, res, web.root(req), null, blockingAction)
+  }
+
+  return true
+}
+
 function enable (config) {
   ssrf.enable(config)
   sqli.enable(config)
+  lfi.enable(config)
 
   process.on('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
+  expressMiddlewareError.subscribe(blockOnDatadogRaspAbortError)
 }
 
 function disable () {
   ssrf.disable()
   sqli.disable()
+  lfi.disable()
 
   process.off('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
+  if (expressMiddlewareError.hasSubscribers) expressMiddlewareError.unsubscribe(blockOnDatadogRaspAbortError)
 }
 
 module.exports = {
   enable,
   disable,
-  handleUncaughtExceptionMonitor // exported only for testing purpose
+  handleUncaughtExceptionMonitor, // exported only for testing purpose
+  blockOnDatadogRaspAbortError // exported only for testing purpose
 }

package/packages/dd-trace/src/appsec/rasp/lfi.js

@@ -0,0 +1,112 @@
+'use strict'
+
+const { fsOperationStart, incomingHttpRequestStart } = require('../channels')
+const { storage } = require('../../../../datadog-core')
+const { enable: enableFsPlugin, disable: disableFsPlugin, RASP_MODULE } = require('./fs-plugin')
+const { FS_OPERATION_PATH } = require('../addresses')
+const waf = require('../waf')
+const { RULE_TYPES, handleResult } = require('./utils')
+const { isAbsolute } = require('path')
+
+let config
+let enabled
+let analyzeSubscribed
+
+function enable (_config) {
+  config = _config
+
+  if (enabled) return
+
+  enabled = true
+
+  incomingHttpRequestStart.subscribe(onFirstReceivedRequest)
+}
+
+function disable () {
+  if (fsOperationStart.hasSubscribers) fsOperationStart.unsubscribe(analyzeLfi)
+  if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(onFirstReceivedRequest)
+
+  disableFsPlugin(RASP_MODULE)
+
+  enabled = false
+  analyzeSubscribed = false
+}
+
+function onFirstReceivedRequest () {
+  // nodejs unsubscribe during publish bug: https://github.com/nodejs/node/pull/55116
+  process.nextTick(() => {
+    incomingHttpRequestStart.unsubscribe(onFirstReceivedRequest)
+  })
+
+  enableFsPlugin(RASP_MODULE)
+
+  if (!analyzeSubscribed) {
+    fsOperationStart.subscribe(analyzeLfi)
+    analyzeSubscribed = true
+  }
+}
+
+function analyzeLfi (ctx) {
+  const store = storage.getStore()
+  if (!store) return
+
+  const { req, fs, res } = store
+  if (!req || !fs) return
+
+  getPaths(ctx, fs).forEach(path => {
+    const persistent = {
+      [FS_OPERATION_PATH]: path
+    }
+
+    const result = waf.run({ persistent }, req, RULE_TYPES.LFI)
+    handleResult(result, req, res, ctx.abortController, config)
+  })
+}
+
+function getPaths (ctx, fs) {
+  // these properties could have String, Buffer, URL, Integer or FileHandle types
+  const pathArguments = [
+    ctx.dest,
+    ctx.existingPath,
+    ctx.file,
+    ctx.newPath,
+    ctx.oldPath,
+    ctx.path,
+    ctx.prefix,
+    ctx.src,
+    ctx.target
+  ]
+
+  return pathArguments
+    .map(path => pathToStr(path))
+    .filter(path => shouldAnalyze(path, fs))
+}
+
+function pathToStr (path) {
+  if (!path) return
+
+  if (typeof path === 'string' ||
+      path instanceof String ||
+      path instanceof Buffer ||
+      path instanceof URL) {
+    return path.toString()
+  }
+}
+
+function shouldAnalyze (path, fs) {
+  if (!path) return
+
+  const notExcludedRootOp = !fs.opExcluded && fs.root
+  return notExcludedRootOp && (isAbsolute(path) || path.includes('../') || shouldAnalyzeURLFile(path, fs))
+}
+
+function shouldAnalyzeURLFile (path, fs) {
+  if (path.startsWith('file://')) {
+    return shouldAnalyze(path.substring(7), fs)
+  }
+}
+
+module.exports = {
+  enable,
+  disable
+}

package/packages/dd-trace/src/appsec/rasp/sql_injection.js

@@ -1,12 +1,18 @@
 'use strict'
 
-const { pgQueryStart, pgPoolQueryStart, wafRunFinished } = require('../channels')
+const {
+  pgQueryStart,
+  pgPoolQueryStart,
+  wafRunFinished,
+  mysql2OuterQueryStart
+} = require('../channels')
 const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
 const waf = require('../waf')
 const { RULE_TYPES, handleResult } = require('./utils')
 
 const DB_SYSTEM_POSTGRES = 'postgresql'
+const DB_SYSTEM_MYSQL = 'mysql'
 const reqQueryMap = new WeakMap() // WeakMap<Request, Set<querytext>>
 
 let config
@@ -17,18 +23,32 @@ function enable (_config) {
   pgQueryStart.subscribe(analyzePgSqlInjection)
   pgPoolQueryStart.subscribe(analyzePgSqlInjection)
   wafRunFinished.subscribe(clearQuerySet)
+
+  mysql2OuterQueryStart.subscribe(analyzeMysql2SqlInjection)
 }
 
 function disable () {
   if (pgQueryStart.hasSubscribers) pgQueryStart.unsubscribe(analyzePgSqlInjection)
   if (pgPoolQueryStart.hasSubscribers) pgPoolQueryStart.unsubscribe(analyzePgSqlInjection)
   if (wafRunFinished.hasSubscribers) wafRunFinished.unsubscribe(clearQuerySet)
+  if (mysql2OuterQueryStart.hasSubscribers) mysql2OuterQueryStart.unsubscribe(analyzeMysql2SqlInjection)
+}
+
+function analyzeMysql2SqlInjection (ctx) {
+  const query = ctx.sql
+  if (!query) return
+
+  analyzeSqlInjection(query, DB_SYSTEM_MYSQL, ctx.abortController)
 }
 
 function analyzePgSqlInjection (ctx) {
   const query = ctx.query?.text
   if (!query) return
 
+  analyzeSqlInjection(query, DB_SYSTEM_POSTGRES, ctx.abortController)
+}
+
+function analyzeSqlInjection (query, dbSystem, abortController) {
   const store = storage.getStore()
   if (!store) return
 
@@ -39,7 +59,7 @@ function analyzePgSqlInjection (ctx) {
   let executedQueries = reqQueryMap.get(req)
   if (executedQueries?.has(query)) return
 
-  // Do not waste time executing same query twice
+  // Do not waste time checking same query twice
   // This also will prevent double calls in pg.Pool internal queries
   if (!executedQueries) {
     executedQueries = new Set()
@@ -49,12 +69,12 @@ function analyzePgSqlInjection (ctx) {
 
   const persistent = {
     [addresses.DB_STATEMENT]: query,
-    [addresses.DB_SYSTEM]: DB_SYSTEM_POSTGRES
+    [addresses.DB_SYSTEM]: dbSystem
   }
 
   const result = waf.run({ persistent }, req, RULE_TYPES.SQL_INJECTION)
 
-  handleResult(result, req, res, ctx.abortController, config)
+  handleResult(result, req, res, abortController, config)
 }
 
 function hasInputAddress (payload) {

package/packages/dd-trace/src/appsec/rasp/utils.js

@@ -13,7 +13,8 @@ if (abortOnUncaughtException) {
 
 const RULE_TYPES = {
   SSRF: 'ssrf',
-  SQL_INJECTION: 'sql_injection'
+  SQL_INJECTION: 'sql_injection',
+  LFI: 'lfi'
 }
 
 class DatadogRaspAbortError extends Error {

package/packages/dd-trace/src/appsec/recommended.json

@@ -1,7 +1,7 @@
 {
   "version": "2.2",
   "metadata": {
-    "rules_version": "1.13.0"
+    "rules_version": "1.13.1"
   },
   "rules": [
     {
@@ -6239,7 +6239,6 @@
     {
       "id": "rasp-930-100",
       "name": "Local file inclusion exploit",
-      "enabled": false,
       "tags": {
         "type": "lfi",
         "category": "vulnerability_trigger",
@@ -6287,8 +6286,7 @@
     },
     {
       "id": "rasp-932-100",
-      "name": "Shell injection exploit",
-      "enabled": false,
+      "name": "Command injection exploit",
       "tags": {
         "type": "command_injection",
         "category": "vulnerability_trigger",

package/packages/dd-trace/src/appsec/remote_config/capabilities.js

@@ -18,6 +18,10 @@ module.exports = {
   APM_TRACING_CUSTOM_TAGS: 1n << 15n,
   APM_TRACING_ENABLED: 1n << 19n,
   ASM_RASP_SQLI: 1n << 21n,
+  ASM_RASP_LFI: 1n << 22n,
   ASM_RASP_SSRF: 1n << 23n,
-  APM_TRACING_SAMPLE_RULES: 1n << 29n
+  APM_TRACING_SAMPLE_RULES: 1n << 29n,
+  ASM_ENDPOINT_FINGERPRINT: 1n << 32n,
+  ASM_NETWORK_FINGERPRINT: 1n << 34n,
+  ASM_HEADER_FINGERPRINT: 1n << 35n
 }

package/packages/dd-trace/src/appsec/remote_config/index.js

@@ -75,10 +75,14 @@ function enableWafUpdate (appsecConfig) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, true)
 
     if (appsecConfig.rasp?.enabled) {
       rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_SQLI, true)
       rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_SSRF, true)
+      rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_LFI, true)
     }
 
     // TODO: delete noop handlers and kPreUpdate and replace with batched handlers
@@ -103,9 +107,13 @@ function disableWafUpdate () {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, false)
 
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_SQLI, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_SSRF, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_RASP_LFI, false)
 
     rc.removeProductHandler('ASM_DATA')
     rc.removeProductHandler('ASM_DD')

package/packages/dd-trace/src/appsec/reporter.js

@@ -153,7 +153,11 @@ function reportAttack (attackData) {
   rootSpan.addTags(newTags)
 }
 
-function reportSchemas (derivatives) {
+function isFingerprintDerivative (derivative) {
+  return derivative.startsWith('_dd.appsec.fp')
+}
+
+function reportDerivatives (derivatives) {
   if (!derivatives) return
 
   const req = storage.getStore()?.req
@@ -162,9 +166,12 @@ function reportSchemas (derivatives) {
   if (!rootSpan) return
 
   const tags = {}
-  for (const [address, value] of Object.entries(derivatives)) {
-    const gzippedValue = zlib.gzipSync(JSON.stringify(value))
-    tags[address] = gzippedValue.toString('base64')
+  for (let [tag, value] of Object.entries(derivatives)) {
+    if (!isFingerprintDerivative(tag)) {
+      const gzippedValue = zlib.gzipSync(JSON.stringify(value))
+      value = gzippedValue.toString('base64')
+    }
+    tags[tag] = value
   }
 
   rootSpan.addTags(tags)
@@ -248,7 +255,7 @@ module.exports = {
   reportMetrics,
   reportAttack,
   reportWafUpdate: incrementWafUpdatesMetric,
-  reportSchemas,
+  reportDerivatives,
   finishRequest,
   setRateLimit,
   mapHeaderAndTags

package/packages/dd-trace/src/appsec/sdk/track_event.js

@@ -5,6 +5,7 @@ const { getRootSpan } = require('./utils')
 const { MANUAL_KEEP } = require('../../../../../ext/tags')
 const { setUserTags } = require('./set_user')
 const standalone = require('../standalone')
+const waf = require('../waf')
 
 function trackUserLoginSuccessEvent (tracer, user, metadata) {
   // TODO: better user check here and in _setUser() ?
@@ -76,6 +77,10 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan, mode) {
   rootSpan.addTags(tags)
 
   standalone.sample(rootSpan)
+
+  if (['users.login.success', 'users.login.failure'].includes(eventName)) {
+    waf.run({ persistent: { [`server.business_logic.${eventName}`]: null } })
+  }
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -93,7 +93,7 @@ class WAFContextWrapper {
         Reporter.reportAttack(JSON.stringify(result.events))
       }
 
-      Reporter.reportSchemas(result.derivatives)
+      Reporter.reportDerivatives(result.derivatives)
 
       if (wafRunFinished.hasSubscribers) {
         wafRunFinished.publish({ payload })

package/packages/dd-trace/src/ci-visibility/early-flake-detection/get-known-tests.js

@@ -12,19 +12,7 @@ const {
   TELEMETRY_KNOWN_TESTS_RESPONSE_BYTES
 } = require('../../ci-visibility/telemetry')
 
-function getNumTests (knownTests) {
-  let totalNumTests = 0
-
-  for (const testModule of Object.values(knownTests)) {
-    for (const testSuite of Object.values(testModule)) {
-      for (const testList of Object.values(testSuite)) {
-        totalNumTests += testList.length
-      }
-    }
-  }
-
-  return totalNumTests
-}
+const { getNumFromKnownTests } = require('../../plugins/util/test')
 
 function getKnownTests ({
   url,
@@ -102,7 +90,7 @@ function getKnownTests ({
       try {
         const { data: { attributes: { tests: knownTests } } } = JSON.parse(res)
 
-        const numTests = getNumTests(knownTests)
+        const numTests = getNumFromKnownTests(knownTests)
 
         incrementCountMetric(TELEMETRY_KNOWN_TESTS_RESPONSE_TESTS, {}, numTests)
         distributionMetric(TELEMETRY_KNOWN_TESTS_RESPONSE_BYTES, {}, res.length)

package/packages/dd-trace/src/ci-visibility/log-submission/log-submission-plugin.js

@@ -0,0 +1,53 @@
+const Plugin = require('../../plugins/plugin')
+const log = require('../../log')
+
+function getWinstonLogSubmissionParameters (config) {
+  const { site, service } = config
+
+  const defaultParameters = {
+    host: `http-intake.logs.${site}`,
+    path: `/api/v2/logs?ddsource=winston&service=${service}`,
+    ssl: true,
+    headers: {
+      'DD-API-KEY': process.env.DD_API_KEY
+    }
+  }
+
+  if (!process.env.DD_AGENTLESS_LOG_SUBMISSION_URL) {
+    return defaultParameters
+  }
+
+  try {
+    const url = new URL(process.env.DD_AGENTLESS_LOG_SUBMISSION_URL)
+    return {
+      host: url.hostname,
+      port: url.port,
+      ssl: url.protocol === 'https:',
+      path: defaultParameters.path,
+      headers: defaultParameters.headers
+    }
+  } catch (e) {
+    log.error('Could not parse DD_AGENTLESS_LOG_SUBMISSION_URL')
+    return defaultParameters
+  }
+}
+
+class LogSubmissionPlugin extends Plugin {
+  static get id () {
+    return 'log-submission'
+  }
+
+  constructor (...args) {
+    super(...args)
+
+    this.addSub('ci:log-submission:winston:configure', (httpClass) => {
+      this.HttpClass = httpClass
+    })
+
+    this.addSub('ci:log-submission:winston:add-transport', (logger) => {
+      logger.add(new this.HttpClass(getWinstonLogSubmissionParameters(this.config)))
+    })
+  }
+}
+
+module.exports = LogSubmissionPlugin

package/packages/dd-trace/src/config.js

@@ -464,6 +464,7 @@ class Config {
     this._setValue(defaults, 'appsec.wafTimeout', 5e3) // µs
     this._setValue(defaults, 'clientIpEnabled', false)
     this._setValue(defaults, 'clientIpHeader', null)
+    this._setValue(defaults, 'codeOriginForSpans.enabled', false)
     this._setValue(defaults, 'dbmPropagationMode', 'disabled')
     this._setValue(defaults, 'dogstatsd.hostname', '127.0.0.1')
     this._setValue(defaults, 'dogstatsd.port', '8125')
@@ -478,6 +479,7 @@ class Config {
     this._setValue(defaults, 'gitMetadataEnabled', true)
     this._setValue(defaults, 'headerTags', [])
     this._setValue(defaults, 'hostname', '127.0.0.1')
+    this._setValue(defaults, 'iast.cookieFilterPattern', '.{32,}')
     this._setValue(defaults, 'iast.deduplicationEnabled', true)
     this._setValue(defaults, 'iast.enabled', false)
     this._setValue(defaults, 'iast.maxConcurrentRequests', 2)
@@ -498,6 +500,7 @@ class Config {
     this._setValue(defaults, 'isIntelligentTestRunnerEnabled', false)
     this._setValue(defaults, 'isManualApiEnabled', false)
     this._setValue(defaults, 'ciVisibilityTestSessionName', '')
+    this._setValue(defaults, 'ciVisAgentlessLogSubmissionEnabled', false)
     this._setValue(defaults, 'logInjection', false)
     this._setValue(defaults, 'lookup', undefined)
     this._setValue(defaults, 'memcachedCommandEnabled', false)
@@ -571,6 +574,7 @@ class Config {
       DD_APPSEC_RASP_ENABLED,
       DD_APPSEC_TRACE_RATE_LIMIT,
       DD_APPSEC_WAF_TIMEOUT,
+      DD_CODE_ORIGIN_FOR_SPANS_ENABLED,
       DD_DATA_STREAMS_ENABLED,
       DD_DBM_PROPAGATION_MODE,
       DD_DOGSTATSD_HOSTNAME,
@@ -581,6 +585,7 @@ class Config {
       DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED,
       DD_EXPERIMENTAL_PROFILING_ENABLED,
       JEST_WORKER_ID,
+      DD_IAST_COOKIE_FILTER_PATTERN,
       DD_IAST_DEDUPLICATION_ENABLED,
       DD_IAST_ENABLED,
       DD_IAST_MAX_CONCURRENT_REQUESTS,
@@ -701,6 +706,7 @@ class Config {
     this._envUnprocessed['appsec.wafTimeout'] = DD_APPSEC_WAF_TIMEOUT
     this._setBoolean(env, 'clientIpEnabled', DD_TRACE_CLIENT_IP_ENABLED)
     this._setString(env, 'clientIpHeader', DD_TRACE_CLIENT_IP_HEADER)
+    this._setBoolean(env, 'codeOriginForSpans.enabled', DD_CODE_ORIGIN_FOR_SPANS_ENABLED)
     this._setString(env, 'dbmPropagationMode', DD_DBM_PROPAGATION_MODE)
     this._setString(env, 'dogstatsd.hostname', DD_DOGSTATSD_HOSTNAME)
     this._setString(env, 'dogstatsd.port', DD_DOGSTATSD_PORT)
@@ -716,6 +722,7 @@ class Config {
     this._setBoolean(env, 'gitMetadataEnabled', DD_TRACE_GIT_METADATA_ENABLED)
     this._setArray(env, 'headerTags', DD_TRACE_HEADER_TAGS)
     this._setString(env, 'hostname', coalesce(DD_AGENT_HOST, DD_TRACE_AGENT_HOSTNAME))
+    this._setString(env, 'iast.cookieFilterPattern', DD_IAST_COOKIE_FILTER_PATTERN)
     this._setBoolean(env, 'iast.deduplicationEnabled', DD_IAST_DEDUPLICATION_ENABLED)
     this._setBoolean(env, 'iast.enabled', DD_IAST_ENABLED)
     this._setValue(env, 'iast.maxConcurrentRequests', maybeInt(DD_IAST_MAX_CONCURRENT_REQUESTS))
@@ -867,6 +874,7 @@ class Config {
     this._optsUnprocessed['appsec.wafTimeout'] = options.appsec.wafTimeout
     this._setBoolean(opts, 'clientIpEnabled', options.clientIpEnabled)
     this._setString(opts, 'clientIpHeader', options.clientIpHeader)
+    this._setBoolean(opts, 'codeOriginForSpans.enabled', options.codeOriginForSpans?.enabled)
     this._setString(opts, 'dbmPropagationMode', options.dbmPropagationMode)
     if (options.dogstatsd) {
       this._setString(opts, 'dogstatsd.hostname', options.dogstatsd.hostname)
@@ -884,6 +892,7 @@ class Config {
     this._optsUnprocessed.flushMinSpans = options.flushMinSpans
     this._setArray(opts, 'headerTags', options.headerTags)
     this._setString(opts, 'hostname', options.hostname)
+    this._setString(opts, 'iast.cookieFilterPattern', options.iast?.cookieFilterPattern)
     this._setBoolean(opts, 'iast.deduplicationEnabled', options.iast && options.iast.deduplicationEnabled)
     this._setBoolean(opts, 'iast.enabled',
       options.iast && (options.iast === true || options.iast.enabled === true))
@@ -1035,7 +1044,8 @@ class Config {
       DD_CIVISIBILITY_EARLY_FLAKE_DETECTION_ENABLED,
       DD_CIVISIBILITY_FLAKY_RETRY_ENABLED,
       DD_CIVISIBILITY_FLAKY_RETRY_COUNT,
-      DD_TEST_SESSION_NAME
+      DD_TEST_SESSION_NAME,
+      DD_AGENTLESS_LOG_SUBMISSION_ENABLED
     } = process.env
 
     if (DD_CIVISIBILITY_AGENTLESS_URL) {
@@ -1052,6 +1062,7 @@ class Config {
       this._setBoolean(calc, 'isIntelligentTestRunnerEnabled', isTrue(this._isCiVisibilityItrEnabled()))
       this._setBoolean(calc, 'isManualApiEnabled', !isFalse(this._isCiVisibilityManualApiEnabled()))
       this._setString(calc, 'ciVisibilityTestSessionName', DD_TEST_SESSION_NAME)
+      this._setBoolean(calc, 'ciVisAgentlessLogSubmissionEnabled', isTrue(DD_AGENTLESS_LOG_SUBMISSION_ENABLED))
     }
     this._setString(calc, 'dogstatsd.hostname', this._getHostname())
     this._setBoolean(calc, 'isGitUploadEnabled',

package/packages/dd-trace/src/datastreams/schemas/schema_builder.js

@@ -4,13 +4,36 @@ const { Schema } = require('./schema')
 
 const maxDepth = 10
 const maxProperties = 1000
-const CACHE = new LRUCache({ max: 32 })
+const CACHE = new LRUCache({ max: 256 })
 
 class SchemaBuilder {
   constructor (iterator) {
     this.schema = new OpenApiSchema()
     this.iterator = iterator
-    this.proerties = 0
+    this.properties = 0
+  }
+
+  static getCache () {
+    return CACHE
+  }
+
+  static getSchemaDefinition (schema) {
+    const noNones = convertToJsonCompatible(schema)
+    const definition = jsonStringify(noNones)
+    const id = fnv64(Buffer.from(definition, 'utf-8')).toString()
+    return new Schema(definition, id)
+  }
+
+  static getSchema (schemaName, iterator, builder) {
+    if (!CACHE.has(schemaName)) {
+      CACHE.set(schemaName, (builder ?? new SchemaBuilder(iterator)).build())
+    }
+    return CACHE.get(schemaName)
+  }
+
+  build () {
+    this.iterator.iterateOverSchema(this)
+    return this.schema
   }
 
   addProperty (schemaName, fieldName, isArray, type, description, ref, format, enumValues) {
@@ -26,14 +49,6 @@ class SchemaBuilder {
     return true
   }
 
-  build () {
-    this.iterator.iterateOverSchema(this)
-    const noNones = convertToJsonCompatible(this.schema)
-    const definition = jsonStringify(noNones)
-    const id = fnv64(Buffer.from(definition, 'utf-8')).toString()
-    return new Schema(definition, id)
-  }
-
   shouldExtractSchema (schemaName, depth) {
     if (depth > maxDepth) {
       return false
@@ -44,13 +59,6 @@ class SchemaBuilder {
     this.schema.components.schemas[schemaName] = new OpenApiSchema.SCHEMA()
     return true
   }
-
-  static getSchema (schemaName, iterator) {
-    if (!CACHE.has(schemaName)) {
-      CACHE.set(schemaName, new SchemaBuilder(iterator).build())
-    }
-    return CACHE.get(schemaName)
-  }
 }
 
 class OpenApiSchema {

package/packages/dd-trace/src/debugger/devtools_client/config.js

@@ -7,6 +7,8 @@ const log = require('../../log')
 const config = module.exports = {
   runtimeId: parentConfig.tags['runtime-id'],
   service: parentConfig.service,
+  commitSHA: parentConfig.commitSHA,
+  repositoryUrl: parentConfig.repositoryUrl,
   parentThreadId
 }