npm - dd-trace - Versions diffs - 4.51.1 → 4.53.0 - Mend

dd-trace 4.51.1 → 4.53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/packages/datadog-plugin-langchain/src/handlers/language_models/llm.js CHANGED Viewed

@@ -37,7 +37,7 @@ class LangChainLLMHandler extends LangChainLanguageModelHandler {
     this.extractTokenMetrics(ctx.currentStore?.span, result)
-    for (const completionIdx in result.generations) {
+    for (const completionIdx in result?.generations) {
       const completion = result.generations[completionIdx]
       if (this.isPromptCompletionSampled()) {
         tags[`langchain.response.completions.${completionIdx}.text`] = this.normalize(completion[0].text) || ''

package/packages/datadog-plugin-mocha/src/index.js CHANGED Viewed

@@ -30,7 +30,12 @@ const {
   TEST_SUITE,
   MOCHA_IS_PARALLEL,
   TEST_IS_RUM_ACTIVE,
-  TEST_BROWSER_DRIVER
+  TEST_BROWSER_DRIVER,
+  TEST_NAME,
+  DI_ERROR_DEBUG_INFO_CAPTURED,
+  DI_DEBUG_ERROR_SNAPSHOT_ID,
+  DI_DEBUG_ERROR_FILE,
+  DI_DEBUG_ERROR_LINE
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -47,6 +52,8 @@ const {
 const id = require('../../dd-trace/src/id')
 const log = require('../../dd-trace/src/log')
+const debuggerParameterPerTest = new Map()
 function getTestSuiteLevelVisibilityTags (testSuiteSpan) {
   const testSuiteSpanContext = testSuiteSpan.context()
   const suiteTags = {
@@ -185,6 +192,28 @@ class MochaPlugin extends CiPlugin {
       const store = storage.getStore()
       const span = this.startTestSpan(testInfo)
+      const { testName } = testInfo
+      const debuggerParameters = debuggerParameterPerTest.get(testName)
+      if (debuggerParameters) {
+        const spanContext = span.context()
+        // TODO: handle race conditions with this.retriedTestIds
+        this.retriedTestIds = {
+          spanId: spanContext.toSpanId(),
+          traceId: spanContext.toTraceId()
+        }
+        const { snapshotId, file, line } = debuggerParameters
+        // TODO: should these be added on test:end if and only if the probe is hit?
+        // Sync issues: `hitProbePromise` might be resolved after the test ends
+        span.setTag(DI_ERROR_DEBUG_INFO_CAPTURED, 'true')
+        span.setTag(DI_DEBUG_ERROR_SNAPSHOT_ID, snapshotId)
+        span.setTag(DI_DEBUG_ERROR_FILE, file)
+        span.setTag(DI_DEBUG_ERROR_LINE, line)
+      }
       this.enter(span, store)
     })
@@ -242,7 +271,7 @@ class MochaPlugin extends CiPlugin {
       }
     })
-    this.addSub('ci:mocha:test:retry', ({ isFirstAttempt, err }) => {
+    this.addSub('ci:mocha:test:retry', ({ isFirstAttempt, willBeRetried, err }) => {
       const store = storage.getStore()
       const span = store?.span
       if (span) {
@@ -265,6 +294,11 @@ class MochaPlugin extends CiPlugin {
             browserDriver: spanTags[TEST_BROWSER_DRIVER]
           }
         )
+        if (willBeRetried && this.di && this.libraryConfig?.isDiEnabled) {
+          const testName = span.context()._tags[TEST_NAME]
+          const debuggerParameters = this.addDiProbe(err)
+          debuggerParameterPerTest.set(testName, debuggerParameters)
+        }
         span.finish()
         finishAllTraceSpans(span)

package/packages/datadog-plugin-oracledb/src/index.js CHANGED Viewed

@@ -33,7 +33,7 @@ function getUrl (connectString) {
   try {
     return new URL(`http://${connectString}`)
   } catch (e) {
-    log.error(e)
+    log.error('Invalid oracle connection string', e)
     return {}
   }
 }

package/packages/datadog-plugin-vitest/src/index.js CHANGED Viewed

@@ -17,7 +17,12 @@ const {
   TEST_SOURCE_START,
   TEST_IS_NEW,
   TEST_EARLY_FLAKE_ENABLED,
-  TEST_EARLY_FLAKE_ABORT_REASON
+  TEST_EARLY_FLAKE_ABORT_REASON,
+  TEST_NAME,
+  DI_ERROR_DEBUG_INFO_CAPTURED,
+  DI_DEBUG_ERROR_SNAPSHOT_ID,
+  DI_DEBUG_ERROR_FILE,
+  DI_DEBUG_ERROR_LINE
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -31,6 +36,8 @@ const {
 // This is because there's some loss of resolution.
 const MILLISECONDS_TO_SUBTRACT_FROM_FAILED_TEST_DURATION = 5
+const debuggerParameterPerTest = new Map()
 class VitestPlugin extends CiPlugin {
   static get id () {
     return 'vitest'
@@ -81,6 +88,26 @@ class VitestPlugin extends CiPlugin {
         extraTags
       )
+      const debuggerParameters = debuggerParameterPerTest.get(testName)
+      if (debuggerParameters) {
+        const spanContext = span.context()
+        // TODO: handle race conditions with this.retriedTestIds
+        this.retriedTestIds = {
+          spanId: spanContext.toSpanId(),
+          traceId: spanContext.toTraceId()
+        }
+        const { snapshotId, file, line } = debuggerParameters
+        // TODO: should these be added on test:end if and only if the probe is hit?
+        // Sync issues: `hitProbePromise` might be resolved after the test ends
+        span.setTag(DI_ERROR_DEBUG_INFO_CAPTURED, 'true')
+        span.setTag(DI_DEBUG_ERROR_SNAPSHOT_ID, snapshotId)
+        span.setTag(DI_DEBUG_ERROR_FILE, file)
+        span.setTag(DI_DEBUG_ERROR_LINE, line)
+      }
       this.enter(span, store)
     })
@@ -110,11 +137,16 @@ class VitestPlugin extends CiPlugin {
       }
     })
-    this.addSub('ci:vitest:test:error', ({ duration, error }) => {
+    this.addSub('ci:vitest:test:error', ({ duration, error, willBeRetried, probe, isDiEnabled }) => {
       const store = storage.getStore()
       const span = store?.span
       if (span) {
+        if (willBeRetried && this.di && isDiEnabled) {
+          const testName = span.context()._tags[TEST_NAME]
+          const debuggerParameters = this.addDiProbe(error, probe)
+          debuggerParameterPerTest.set(testName, debuggerParameters)
+        }
         this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'test', {
           hasCodeowners: !!span.context()._tags[TEST_CODE_OWNERS]
         })

package/packages/datadog-shimmer/src/shimmer.js CHANGED Viewed

@@ -6,8 +6,12 @@ const log = require('../../dd-trace/src/log')
 const unwrappers = new WeakMap()
 function copyProperties (original, wrapped) {
-  Object.setPrototypeOf(wrapped, original)
+  // TODO getPrototypeOf is not fast. Should we instead do this in specific
+  // instrumentations where needed?
+  const proto = Object.getPrototypeOf(original)
+  if (proto !== Function.prototype) {
+    Object.setPrototypeOf(wrapped, proto)
+  }
   const props = Object.getOwnPropertyDescriptors(original)
   const keys = Reflect.ownKeys(props)
@@ -136,7 +140,7 @@ function wrapMethod (target, name, wrapper, noAssert) {
       if (callState.completed) {
         // error was thrown after original function returned/resolved, so
         // it was us. log it.
-        log.error(e)
+        log.error('Shimmer error was thrown after original function returned/resolved', e)
         // original ran and returned something. return it.
         return callState.retVal
       }
@@ -144,7 +148,7 @@ function wrapMethod (target, name, wrapper, noAssert) {
       if (!callState.called) {
         // error was thrown before original function was called, so
         // it was us. log it.
-        log.error(e)
+        log.error('Shimmer error was thrown before original function was called', e)
         // original never ran. call it unwrapped.
         return original.apply(this, args)
       }

package/packages/dd-trace/src/appsec/addresses.js CHANGED Viewed

@@ -1,5 +1,6 @@
 'use strict'
+// TODO: reorder all this, it's a mess
 module.exports = {
   HTTP_INCOMING_BODY: 'server.request.body',
   HTTP_INCOMING_QUERY: 'server.request.query',
@@ -20,6 +21,8 @@ module.exports = {
   HTTP_CLIENT_IP: 'http.client_ip',
   USER_ID: 'usr.id',
+  USER_LOGIN: 'usr.login',
   WAF_CONTEXT_PROCESSOR: 'waf.context.processor',
   HTTP_OUTGOING_URL: 'server.io.net.url',

package/packages/dd-trace/src/appsec/api_security_sampler.js CHANGED Viewed

@@ -64,7 +64,7 @@ function computeKey (req, res) {
   const status = res.statusCode
   if (!method || !status) {
-    log.warn('Unsupported groupkey for API security')
+    log.warn('[ASM] Unsupported groupkey for API security')
     return null
   }
   return method + route + status

package/packages/dd-trace/src/appsec/blocked_templates.js CHANGED Viewed

@@ -1,4 +1,4 @@
-/* eslint-disable max-len */
+/* eslint-disable @stylistic/js/max-len */
 'use strict'
 const html = `<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}p{display:block}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><p>Sorry, you cannot access this page. Please contact the customer service team.</p></main><footer><p>Security provided by <a href="https://www.datadoghq.com/product/security-platform/application-security-monitoring/" target="_blank">Datadog</a></p></footer></body></html>`

package/packages/dd-trace/src/appsec/blocking.js CHANGED Viewed

@@ -101,7 +101,7 @@ function getBlockingData (req, specificType, actionParameters) {
 function block (req, res, rootSpan, abortController, actionParameters = defaultBlockingActionParameters) {
   if (res.headersSent) {
-    log.warn('Cannot send blocking response when headers have already been sent')
+    log.warn('[ASM] Cannot send blocking response when headers have already been sent')
     return
   }

package/packages/dd-trace/src/appsec/channels.js CHANGED Viewed

@@ -19,6 +19,7 @@ module.exports = {
   nextBodyParsed: dc.channel('apm:next:body-parsed'),
   nextQueryParsed: dc.channel('apm:next:query-parsed'),
   expressProcessParams: dc.channel('datadog:express:process_params:start'),
+  routerParam: dc.channel('datadog:router:param:start'),
   responseBody: dc.channel('datadog:express:response:json:start'),
   responseWriteHead: dc.channel('apm:http:server:response:writeHead:start'),
   httpClientRequestStart: dc.channel('apm:http:client:request:start'),

package/packages/dd-trace/src/appsec/iast/analyzers/code-injection-analyzer.js CHANGED Viewed

@@ -11,6 +11,10 @@ class CodeInjectionAnalyzer extends InjectionAnalyzer {
   onConfigure () {
     this.addSub('datadog:eval:call', ({ script }) => this.analyze(script))
   }
+  _areRangesVulnerable () {
+    return true
+  }
 }
 module.exports = new CodeInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js CHANGED Viewed

@@ -2,7 +2,7 @@
 const Analyzer = require('./vulnerability-analyzer')
 const { getNodeModulesPaths } = require('../path-line')
-const iastLog = require('../iast-log')
+const log = require('../../../log')
 const EXCLUDED_PATHS = getNodeModulesPaths('express/lib/response.js')
@@ -16,7 +16,7 @@ class CookieAnalyzer extends Analyzer {
     try {
       this.cookieFilterRegExp = new RegExp(config.iast.cookieFilterPattern)
     } catch {
-      iastLog.error('Invalid regex in cookieFilterPattern')
+      log.error('[ASM] Invalid regex in cookieFilterPattern')
       this.cookieFilterRegExp = /.{32,}/
     }

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-rules.js CHANGED Viewed

@@ -1,4 +1,4 @@
-/* eslint-disable max-len */
+/* eslint-disable @stylistic/js/max-len */
 'use strict'
 const { NameAndValue } = require('./hardcoded-rule-type')

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-rules.js CHANGED Viewed

@@ -1,4 +1,4 @@
-/* eslint-disable max-len */
+/* eslint-disable @stylistic/js/max-len */
 'use strict'
 const { ValueOnly, NameAndValue } = require('./hardcoded-rule-type')

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secrets-rules.js CHANGED Viewed

@@ -1,4 +1,4 @@
-/* eslint-disable max-len */
+/* eslint-disable @stylistic/js/max-len */
 'use strict'
 const { ValueOnly, NameAndValue } = require('./hardcoded-rule-type')

package/packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js CHANGED Viewed

@@ -1,12 +1,15 @@
 'use strict'
 const Analyzer = require('./vulnerability-analyzer')
-const { isTainted, getRanges } = require('../taint-tracking/operations')
+const { getRanges } = require('../taint-tracking/operations')
+const { SQL_ROW_VALUE } = require('../taint-tracking/source-types')
 class InjectionAnalyzer extends Analyzer {
   _isVulnerable (value, iastContext) {
-    if (value) {
-      return isTainted(iastContext, value)
+    const ranges = value && getRanges(iastContext, value)
+    if (ranges?.length > 0) {
+      return this._areRangesVulnerable(ranges)
     }
     return false
   }
@@ -14,6 +17,10 @@ class InjectionAnalyzer extends Analyzer {
     const ranges = getRanges(iastContext, value)
     return { value, ranges }
   }
+  _areRangesVulnerable (ranges) {
+    return ranges?.some(range => range.iinfo.type !== SQL_ROW_VALUE)
+  }
 }
 module.exports = InjectionAnalyzer

package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js CHANGED Viewed

@@ -82,6 +82,10 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
       return knexDialect.toUpperCase()
     }
   }
+  _areRangesVulnerable () {
+    return true
+  }
 }
 module.exports = new SqlInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/template-injection-analyzer.js CHANGED Viewed

@@ -13,6 +13,10 @@ class TemplateInjectionAnalyzer extends InjectionAnalyzer {
     this.addSub('datadog:handlebars:register-partial:start', ({ partial }) => this.analyze(partial))
     this.addSub('datadog:pug:compile:start', ({ source }) => this.analyze(source))
   }
+  _areRangesVulnerable () {
+    return true
+  }
 }
 module.exports = new TemplateInjectionAnalyzer()

package/packages/dd-trace/src/appsec/iast/iast-plugin.js CHANGED Viewed

@@ -2,7 +2,6 @@
 const { channel } = require('dc-polyfill')
-const iastLog = require('./iast-log')
 const Plugin = require('../../plugins/plugin')
 const iastTelemetry = require('./telemetry')
 const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, formatTags } =
@@ -10,6 +9,7 @@ const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, forma
 const { storage } = require('../../../../datadog-core')
 const { getIastContext } = require('./iast-context')
 const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
+const log = require('../../log')
 /**
  * Used by vulnerability sources and sinks to subscribe diagnostic channel events
@@ -60,24 +60,10 @@ class IastPlugin extends Plugin {
     this.pluginSubs = []
   }
-  _wrapHandler (handler) {
-    return (message, name) => {
-      try {
-        handler(message, name)
-      } catch (e) {
-        iastLog.errorAndPublish(e)
-      }
-    }
-  }
   _getTelemetryHandler (iastSub) {
     return () => {
-      try {
-        const iastContext = getIastContext(storage.getStore())
-        iastSub.increaseExecuted(iastContext)
-      } catch (e) {
-        iastLog.errorAndPublish(e)
-      }
+      const iastContext = getIastContext(storage.getStore())
+      iastSub.increaseExecuted(iastContext)
     }
   }
@@ -93,17 +79,17 @@ class IastPlugin extends Plugin {
       }
       return result
     } catch (e) {
-      iastLog.errorAndPublish(e)
+      log.error('[ASM] Error executing handler or increasing metrics', e)
     }
   }
   addSub (iastSub, handler) {
     if (typeof iastSub === 'string') {
-      super.addSub(iastSub, this._wrapHandler(handler))
+      super.addSub(iastSub, handler)
     } else {
       iastSub = this._getAndRegisterSubscription(iastSub)
       if (iastSub) {
-        super.addSub(iastSub.channelName, this._wrapHandler(handler))
+        super.addSub(iastSub.channelName, handler)
         if (iastTelemetry.isEnabled()) {
           super.addSub(iastSub.channelName, this._getTelemetryHandler(iastSub))
@@ -112,7 +98,8 @@ class IastPlugin extends Plugin {
     }
   }
-  enable () {
+  enable (iastConfig) {
+    this.iastConfig = iastConfig
     this.configure(true)
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js CHANGED Viewed

@@ -18,10 +18,10 @@ module.exports = {
   enableTaintTracking (config, telemetryVerbosity) {
     enableRewriter(telemetryVerbosity)
     enableTaintOperations(telemetryVerbosity)
-    taintTrackingPlugin.enable()
+    taintTrackingPlugin.enable(config)
-    kafkaContextPlugin.enable()
-    kafkaConsumerPlugin.enable()
+    kafkaContextPlugin.enable(config)
+    kafkaConsumerPlugin.enable(config)
     setMaxTransactions(config.maxConcurrentRequests)
   },

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js CHANGED Viewed

@@ -2,7 +2,7 @@
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
-const iastLog = require('../iast-log')
+const log = require('../../../log')
 function taintObject (iastContext, object, type) {
   let result = object
@@ -33,7 +33,7 @@ function taintObject (iastContext, object, type) {
           }
         }
       } catch (e) {
-        iastLog.error(`Error visiting property : ${property}`).errorAndPublish(e)
+        log.error('[ASM] Error in taintObject when visiting property : %s', property, e)
       }
     }
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -12,7 +12,8 @@ const {
   HTTP_REQUEST_HEADER_NAME,
   HTTP_REQUEST_PARAMETER,
   HTTP_REQUEST_PATH_PARAM,
-  HTTP_REQUEST_URI
+  HTTP_REQUEST_URI,
+  SQL_ROW_VALUE
 } = require('./source-types')
 const { EXECUTED_SOURCE } = require('../telemetry/iast-metric')
@@ -26,6 +27,16 @@ class TaintTrackingPlugin extends SourceIastPlugin {
     this._taintedURLs = new WeakMap()
   }
+  configure (config) {
+    super.configure(config)
+    let rowsToTaint = this.iastConfig?.dbRowsToTaint
+    if (typeof rowsToTaint !== 'number') {
+      rowsToTaint = 1
+    }
+    this._rowsToTaint = rowsToTaint
+  }
   onConfigure () {
     const onRequestBody = ({ req }) => {
       const iastContext = getIastContext(storage.getStore())
@@ -46,8 +57,13 @@ class TaintTrackingPlugin extends SourceIastPlugin {
     )
     this.addSub(
-      { channelName: 'datadog:qs:parse:finish', tag: HTTP_REQUEST_PARAMETER },
-      ({ qs }) => this._taintTrackingHandler(HTTP_REQUEST_PARAMETER, qs)
+      { channelName: 'datadog:query:read:finish', tag: HTTP_REQUEST_PARAMETER },
+      ({ query }) => this._taintTrackingHandler(HTTP_REQUEST_PARAMETER, query)
+    )
+    this.addSub(
+      { channelName: 'datadog:express:query:finish', tag: HTTP_REQUEST_PARAMETER },
+      ({ query }) => this._taintTrackingHandler(HTTP_REQUEST_PARAMETER, query)
     )
     this.addSub(
@@ -68,6 +84,16 @@ class TaintTrackingPlugin extends SourceIastPlugin {
       ({ cookies }) => this._cookiesTaintTrackingHandler(cookies)
     )
+    this.addSub(
+      { channelName: 'datadog:sequelize:query:finish', tag: SQL_ROW_VALUE },
+      ({ result }) => this._taintDatabaseResult(result, 'sequelize')
+    )
+    this.addSub(
+      { channelName: 'apm:pg:query:finish', tag: SQL_ROW_VALUE },
+      ({ result }) => this._taintDatabaseResult(result, 'pg')
+    )
     this.addSub(
       { channelName: 'datadog:express:process_params:start', tag: HTTP_REQUEST_PATH_PARAM },
       ({ req }) => {
@@ -77,6 +103,15 @@ class TaintTrackingPlugin extends SourceIastPlugin {
       }
     )
+    this.addSub(
+      { channelName: 'datadog:router:param:start', tag: HTTP_REQUEST_PATH_PARAM },
+      ({ req }) => {
+        if (req && req.params !== null && typeof req.params === 'object') {
+          this._taintTrackingHandler(HTTP_REQUEST_PATH_PARAM, req, 'params')
+        }
+      }
+    )
     this.addSub(
       { channelName: 'apm:graphql:resolve:start', tag: HTTP_REQUEST_BODY },
       (data) => {
@@ -170,6 +205,32 @@ class TaintTrackingPlugin extends SourceIastPlugin {
     this.taintHeaders(req.headers, iastContext)
     this.taintUrl(req, iastContext)
   }
+  _taintDatabaseResult (result, dbOrigin, iastContext = getIastContext(storage.getStore()), name) {
+    if (!iastContext) return result
+    if (this._rowsToTaint === 0) return result
+    if (Array.isArray(result)) {
+      for (let i = 0; i < result.length && i < this._rowsToTaint; i++) {
+        const nextName = name ? `${name}.${i}` : '' + i
+        result[i] = this._taintDatabaseResult(result[i], dbOrigin, iastContext, nextName)
+      }
+    } else if (result && typeof result === 'object') {
+      if (dbOrigin === 'sequelize' && result.dataValues) {
+        result.dataValues = this._taintDatabaseResult(result.dataValues, dbOrigin, iastContext, name)
+      } else {
+        for (const key in result) {
+          const nextName = name ? `${name}.${key}` : key
+          result[key] = this._taintDatabaseResult(result[key], dbOrigin, iastContext, nextName)
+        }
+      }
+    } else if (typeof result === 'string') {
+      result = newTaintedString(iastContext, result, name, SQL_ROW_VALUE)
+    }
+    return result
+  }
 }
 module.exports = new TaintTrackingPlugin()

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -2,12 +2,12 @@
 const Module = require('module')
 const shimmer = require('../../../../../datadog-shimmer')
-const iastLog = require('../iast-log')
 const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
 const { getRewriteFunction } = require('./rewriter-telemetry')
 const dc = require('dc-polyfill')
+const log = require('../../../log')
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter
@@ -60,8 +60,7 @@ function getRewriter (telemetryVerbosity) {
         chainSourceMap
       })
     } catch (e) {
-      iastLog.error('Unable to initialize TaintTracking Rewriter')
-        .errorAndPublish(e)
+      log.error('[ASM] Unable to initialize TaintTracking Rewriter', e)
     }
   }
   return rewriter
@@ -99,8 +98,7 @@ function getCompileMethodFn (compileMethod) {
         }
       }
     } catch (e) {
-      iastLog.error(`Error rewriting ${filename}`)
-        .errorAndPublish(e)
+      log.error('[ASM] Error rewriting file %s', filename, e)
     }
     return compileMethod.apply(this, [content, filename])
   }
@@ -117,8 +115,7 @@ function enableRewriter (telemetryVerbosity) {
       shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
     }
   } catch (e) {
-    iastLog.error('Error enabling TaintTracking Rewriter')
-      .errorAndPublish(e)
+    log.error('[ASM] Error enabling TaintTracking Rewriter', e)
   }
 }
@@ -132,7 +129,7 @@ function disableRewriter () {
     Error.prepareStackTrace = originalPrepareStackTrace
   } catch (e) {
-    iastLog.warn(e)
+    log.warn('[ASM] Error disabling TaintTracking rewriter', e)
   }
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/source-types.js CHANGED Viewed

@@ -11,5 +11,6 @@ module.exports = {
   HTTP_REQUEST_PATH_PARAM: 'http.request.path.parameter',
   HTTP_REQUEST_URI: 'http.request.uri',
   KAFKA_MESSAGE_KEY: 'kafka.message.key',
-  KAFKA_MESSAGE_VALUE: 'kafka.message.value'
+  KAFKA_MESSAGE_VALUE: 'kafka.message.value',
+  SQL_ROW_VALUE: 'sql.row.value'
 }