npm - dd-trace - Versions diffs - 4.51.1 → 4.53.0 - Mend

dd-trace 4.51.1 → 4.53.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (172) hide show

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -4,10 +4,10 @@ const dc = require('dc-polyfill')
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { storage } = require('../../../../../datadog-core')
 const iastContextFunctions = require('../iast-context')
-const iastLog = require('../iast-log')
 const { EXECUTED_PROPAGATION } = require('../telemetry/iast-metric')
 const { isDebugAllowed } = require('../telemetry/verbosity')
 const { taintObject } = require('./operations-taint-object')
+const log = require('../../../log')
 const mathRandomCallCh = dc.channel('datadog:random:call')
 const evalCallCh = dc.channel('datadog:eval:call')
@@ -60,8 +60,7 @@ function getFilteredCsiFn (cb, filter, getContext) {
         return cb(transactionId, res, target, ...rest)
       }
     } catch (e) {
-      iastLog.error(`Error invoking CSI ${target}`)
-        .errorAndPublish(e)
+      log.error('[ASM] Error invoking CSI %s', target, e)
     }
     return res
   }
@@ -112,8 +111,7 @@ function csiMethodsOverrides (getContext) {
           return TaintedUtils.concat(transactionId, res, op1, op2)
         }
       } catch (e) {
-        iastLog.error('Error invoking CSI plusOperator')
-          .errorAndPublish(e)
+        log.error('[ASM] Error invoking CSI plusOperator', e)
       }
       return res
     },
@@ -126,8 +124,7 @@ function csiMethodsOverrides (getContext) {
           return TaintedUtils.concat(transactionId, res, ...rest)
         }
       } catch (e) {
-        iastLog.error('Error invoking CSI tplOperator')
-          .errorAndPublish(e)
+        log.error('[ASM] Error invoking CSI tplOperator', e)
       }
       return res
     },
@@ -178,7 +175,7 @@ function csiMethodsOverrides (getContext) {
             }
           }
         } catch (e) {
-          iastLog.error(e)
+          log.error('[ASM] Error invoking CSI JSON.parse', e)
         }
       }
@@ -194,7 +191,7 @@ function csiMethodsOverrides (getContext) {
             res = TaintedUtils.arrayJoin(transactionId, res, target, separator)
           }
         } catch (e) {
-          iastLog.error(e)
+          log.error('[ASM] Error invoking CSI join', e)
         }
       }
@@ -250,8 +247,7 @@ function lodashTaintTrackingHandler (message) {
       message.result = getLodashTaintedUtilFn(message.operation)(transactionId, message.result, ...message.arguments)
     }
   } catch (e) {
-    iastLog.error(`Error invoking CSI lodash ${message.operation}`)
-      .errorAndPublish(e)
+    log.error('[ASM] Error invoking CSI lodash %s', message.operation, e)
   }
 }

package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js CHANGED Viewed

@@ -4,7 +4,6 @@ const log = require('../../../log')
 const { Namespace } = require('../../../telemetry/metrics')
 const { addMetricsToSpan } = require('./span-tags')
 const { IAST_TRACE_METRIC_PREFIX } = require('../tags')
-const iastLog = require('../iast-log')
 const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')
@@ -31,7 +30,7 @@ function finalizeRequestNamespace (context, rootSpan) {
     namespace.clear()
   } catch (e) {
-    log.error(e)
+    log.error('[ASM] Error merging request metrics', e)
   } finally {
     if (context) {
       delete context[DD_IAST_METRICS_NAMESPACE]
@@ -79,7 +78,7 @@ class IastNamespace extends Namespace {
       if (metrics.size === this.maxMetricTagsSize) {
         metrics.clear()
-        iastLog.warnAndPublish(`Tags cache max size reached for metric ${name}`)
+        log.error('[ASM] Tags cache max size reached for metric %s', name)
       }
       metrics.set(tags, metric)

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 const COMMAND_PATTERN = '^(?:\\s*(?:sudo|doas)\\s+)?\\b\\S+\\b\\s(.*)'
 const pattern = new RegExp(COMMAND_PATTERN, 'gmi')
@@ -16,7 +16,7 @@ module.exports = function extractSensitiveRanges (evidence) {
       return [{ start, end }]
     }
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 const LDAP_PATTERN = '\\(.*?(?:~=|=|<=|>=)(?<LITERAL>[^)]+)\\)'
 const pattern = new RegExp(LDAP_PATTERN, 'gmi')
@@ -22,7 +22,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     }
     return tokens
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 const STRING_LITERAL = '\'(?:\'\'|[^\'])*\''
 const POSTGRESQL_ESCAPED_LITERAL = '\\$([^$]*)\\$.*?\\$\\1\\$'
@@ -106,7 +106,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     }
     return tokens
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/url-sensitive-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 const AUTHORITY = '^(?:[^:]+:)?//([^@]+)@'
 const QUERY_FRAGMENT = '[?#&]([^=&;]+)=([^?#&]+)'
@@ -33,7 +33,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     return ranges
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const iastLog = require('../../iast-log')
+const log = require('../../../../log')
 const vulnerabilities = require('../../vulnerabilities')
 const { contains, intersects, remove } = require('./range-utils')
@@ -282,7 +282,7 @@ class SensitiveHandler {
       try {
         this._namePattern = new RegExp(redactionNamePattern, 'gmi')
       } catch (e) {
-        iastLog.warn('Redaction name pattern is not valid')
+        log.warn('[ASM] Redaction name pattern is not valid')
       }
     }
@@ -290,7 +290,7 @@ class SensitiveHandler {
       try {
         this._valuePattern = new RegExp(redactionValuePattern, 'gmi')
       } catch (e) {
-        iastLog.warn('Redaction value pattern is not valid')
+        log.warn('[ASM] Redaction value pattern is not valid')
       }
     }
   }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js CHANGED Viewed

@@ -1,6 +1,6 @@
-// eslint-disable-next-line max-len
+// eslint-disable-next-line @stylistic/js/max-len
 const DEFAULT_IAST_REDACTION_NAME_PATTERN = '(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|(?:sur|last)name|user(?:name)?|address|e?mail)'
-// eslint-disable-next-line max-len
+// eslint-disable-next-line @stylistic/js/max-len
 const DEFAULT_IAST_REDACTION_VALUE_PATTERN = '(?:bearer\\s+[a-z0-9\\._\\-]+|glpat-[\\w\\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=\\-]+\\.ey[I-L][\\w=\\-]+(?:\\.[\\w.+/=\\-]+)?|(?:[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY[\\-]{5}|ssh-rsa\\s*[a-z0-9/\\.+]{100,})|[\\w\\.-]+@[a-zA-Z\\d\\.-]+\\.[a-zA-Z]{2,})'
 module.exports = {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js CHANGED Viewed

@@ -7,7 +7,7 @@ const STRINGIFY_RANGE_KEY = 'DD_' + crypto.randomBytes(20).toString('hex')
 const STRINGIFY_SENSITIVE_KEY = STRINGIFY_RANGE_KEY + 'SENSITIVE'
 const STRINGIFY_SENSITIVE_NOT_STRING_KEY = STRINGIFY_SENSITIVE_KEY + 'NOTSTRING'
-// eslint-disable-next-line max-len
+// eslint-disable-next-line @stylistic/js/max-len
 const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(`(?:"(${STRINGIFY_RANGE_KEY}_\\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\\d+_(\\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\\d+_([\\s0-9.a-zA-Z]*)")`, 'gm')
 const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(`"(${STRINGIFY_RANGE_KEY}_\\d+_)`, 'gm')

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED Viewed

@@ -17,13 +17,36 @@ let resetVulnerabilityCacheTimer
 let deduplicationEnabled = true
 function addVulnerability (iastContext, vulnerability) {
-  if (vulnerability && vulnerability.evidence && vulnerability.type &&
-    vulnerability.location) {
-    if (iastContext && iastContext.rootSpan) {
+  if (vulnerability?.evidence && vulnerability?.type && vulnerability?.location) {
+    if (deduplicationEnabled && isDuplicatedVulnerability(vulnerability)) return
+    VULNERABILITY_HASHES.set(`${vulnerability.type}${vulnerability.hash}`, true)
+    let span = iastContext?.rootSpan
+    if (!span && tracer) {
+      span = tracer.startSpan('vulnerability', {
+        type: 'vulnerability'
+      })
+      vulnerability.location.spanId = span.context().toSpanId()
+      span.addTags({
+        [IAST_ENABLED_TAG_KEY]: 1
+      })
+    }
+    if (!span) return
+    keepTrace(span, SAMPLING_MECHANISM_APPSEC)
+    standalone.sample(span)
+    if (iastContext?.rootSpan) {
       iastContext[VULNERABILITIES_KEY] = iastContext[VULNERABILITIES_KEY] || []
       iastContext[VULNERABILITIES_KEY].push(vulnerability)
     } else {
-      sendVulnerabilities([vulnerability])
+      sendVulnerabilities([vulnerability], span)
+      span.finish()
     }
   }
 }
@@ -34,36 +57,17 @@ function isValidVulnerability (vulnerability) {
     vulnerability.location && vulnerability.location.spanId
 }
-function sendVulnerabilities (vulnerabilities, rootSpan) {
+function sendVulnerabilities (vulnerabilities, span) {
   if (vulnerabilities && vulnerabilities.length) {
-    let span = rootSpan
-    if (!span && tracer) {
-      span = tracer.startSpan('vulnerability', {
-        type: 'vulnerability'
-      })
-      vulnerabilities.forEach((vulnerability) => {
-        vulnerability.location.spanId = span.context().toSpanId()
-      })
-      span.addTags({
-        [IAST_ENABLED_TAG_KEY]: 1
-      })
-    }
     if (span && span.addTags) {
-      const validAndDedupVulnerabilities = deduplicateVulnerabilities(vulnerabilities).filter(isValidVulnerability)
-      const jsonToSend = vulnerabilitiesFormatter.toJson(validAndDedupVulnerabilities)
+      const validatedVulnerabilities = vulnerabilities.filter(isValidVulnerability)
+      const jsonToSend = vulnerabilitiesFormatter.toJson(validatedVulnerabilities)
       if (jsonToSend.vulnerabilities.length > 0) {
         const tags = {}
         // TODO: Store this outside of the span and set the tag in the exporter.
         tags[IAST_JSON_TAG_KEY] = JSON.stringify(jsonToSend)
         span.addTags(tags)
-        keepTrace(span, SAMPLING_MECHANISM_APPSEC)
-        standalone.sample(span)
-        if (!rootSpan) span.finish()
       }
     }
   }
@@ -86,17 +90,8 @@ function stopClearCacheTimer () {
   }
 }
-function deduplicateVulnerabilities (vulnerabilities) {
-  if (!deduplicationEnabled) return vulnerabilities
-  const deduplicated = vulnerabilities.filter((vulnerability) => {
-    const key = `${vulnerability.type}${vulnerability.hash}`
-    if (!VULNERABILITY_HASHES.get(key)) {
-      VULNERABILITY_HASHES.set(key, true)
-      return true
-    }
-    return false
-  })
-  return deduplicated
+function isDuplicatedVulnerability (vulnerability) {
+  return VULNERABILITY_HASHES.get(`${vulnerability.type}${vulnerability.hash}`)
 }
 function start (config, _tracer) {

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -16,7 +16,8 @@ const {
   expressProcessParams,
   responseBody,
   responseWriteHead,
-  responseSetHeader
+  responseSetHeader,
+  routerParam
 } = require('./channels')
 const waf = require('./waf')
 const addresses = require('./addresses')
@@ -27,7 +28,7 @@ const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { isBlocked, block, setTemplates, getBlockingAction } = require('./blocking')
-const { passportTrackEvent } = require('./passport')
+const UserTracking = require('./user_tracking')
 const { storage } = require('../../../datadog-core')
 const graphql = require('./graphql')
 const rasp = require('./rasp')
@@ -58,28 +59,27 @@ function enable (_config) {
     apiSecuritySampler.configure(_config.appsec)
+    UserTracking.setCollectionMode(_config.appsec.eventTracking.mode, false)
     bodyParser.subscribe(onRequestBodyParsed)
     multerParser.subscribe(onRequestBodyParsed)
     cookieParser.subscribe(onRequestCookieParser)
     incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
     incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
+    passportVerify.subscribe(onPassportVerify) // possible optimization: only subscribe if collection mode is enabled
     queryParser.subscribe(onRequestQueryParsed)
     nextBodyParsed.subscribe(onRequestBodyParsed)
     nextQueryParsed.subscribe(onRequestQueryParsed)
     expressProcessParams.subscribe(onRequestProcessParams)
+    routerParam.subscribe(onRequestProcessParams)
     responseBody.subscribe(onResponseBody)
     responseWriteHead.subscribe(onResponseWriteHead)
     responseSetHeader.subscribe(onResponseSetHeader)
-    if (_config.appsec.eventTracking.enabled) {
-      passportVerify.subscribe(onPassportVerify)
-    }
     isEnabled = true
     config = _config
   } catch (err) {
-    log.error('Unable to start AppSec')
-    log.error(err)
+    log.error('[ASM] Unable to start AppSec', err)
     disable()
   }
@@ -164,8 +164,10 @@ function incomingHttpEndTranslator ({ req, res }) {
     persistent[addresses.HTTP_INCOMING_COOKIES] = req.cookies
   }
-  if (req.query !== null && typeof req.query === 'object') {
-    persistent[addresses.HTTP_INCOMING_QUERY] = req.query
+  // we need to keep this to support nextjs
+  const query = req.query
+  if (query !== null && typeof query === 'object') {
+    persistent[addresses.HTTP_INCOMING_QUERY] = query
   }
   if (apiSecuritySampler.sampleRequest(req, res, true)) {
@@ -181,16 +183,18 @@ function incomingHttpEndTranslator ({ req, res }) {
   Reporter.finishRequest(req, res)
 }
-function onPassportVerify ({ credentials, user }) {
+function onPassportVerify ({ framework, login, user, success, abortController }) {
   const store = storage.getStore()
   const rootSpan = store?.req && web.root(store.req)
   if (!rootSpan) {
-    log.warn('No rootSpan found in onPassportVerify')
+    log.warn('[ASM] No rootSpan found in onPassportVerify')
     return
   }
-  passportTrackEvent(credentials, user, rootSpan, config.appsec.eventTracking.mode)
+  const results = UserTracking.trackLogin(framework, login, user, success, rootSpan)
+  handleResults(results, store.req, store.req.res, rootSpan, abortController)
 }
 function onRequestQueryParsed ({ req, res, query, abortController }) {
@@ -310,6 +314,7 @@ function disable () {
   if (nextBodyParsed.hasSubscribers) nextBodyParsed.unsubscribe(onRequestBodyParsed)
   if (nextQueryParsed.hasSubscribers) nextQueryParsed.unsubscribe(onRequestQueryParsed)
   if (expressProcessParams.hasSubscribers) expressProcessParams.unsubscribe(onRequestProcessParams)
+  if (routerParam.hasSubscribers) routerParam.unsubscribe(onRequestProcessParams)
   if (responseBody.hasSubscribers) responseBody.unsubscribe(onResponseBody)
   if (responseWriteHead.hasSubscribers) responseWriteHead.unsubscribe(onResponseWriteHead)
   if (responseSetHeader.hasSubscribers) responseSetHeader.unsubscribe(onResponseSetHeader)

package/packages/dd-trace/src/appsec/rasp/fs-plugin.js CHANGED Viewed

@@ -70,7 +70,7 @@ function enable (mod) {
     fsPlugin.enable()
   }
-  log.info(`Enabled AppsecFsPlugin for ${mod}`)
+  log.info('[ASM] Enabled AppsecFsPlugin for %s', mod)
 }
 function disable (mod) {
@@ -85,7 +85,7 @@ function disable (mod) {
     fsPlugin = undefined
   }
-  log.info(`Disabled AppsecFsPlugin for ${mod}`)
+  log.info('[ASM] Disabled AppsecFsPlugin for %s', mod)
 }
 module.exports = {

package/packages/dd-trace/src/appsec/rasp/utils.js CHANGED Viewed

@@ -8,7 +8,7 @@ const log = require('../../log')
 const abortOnUncaughtException = process.execArgv?.includes('--abort-on-uncaught-exception')
 if (abortOnUncaughtException) {
-  log.warn('The --abort-on-uncaught-exception flag is enabled. The RASP module will not block operations.')
+  log.warn('[ASM] The --abort-on-uncaught-exception flag is enabled. The RASP module will not block operations.')
 }
 const RULE_TYPES = {

package/packages/dd-trace/src/appsec/remote_config/capabilities.js CHANGED Viewed

@@ -22,6 +22,7 @@ module.exports = {
   ASM_RASP_SSRF: 1n << 23n,
   ASM_RASP_SHI: 1n << 24n,
   APM_TRACING_SAMPLE_RULES: 1n << 29n,
+  ASM_AUTO_USER_INSTRUM_MODE: 1n << 31n,
   ASM_ENDPOINT_FINGERPRINT: 1n << 32n,
   ASM_NETWORK_FINGERPRINT: 1n << 34n,
   ASM_HEADER_FINGERPRINT: 1n << 35n

package/packages/dd-trace/src/appsec/remote_config/index.js CHANGED Viewed

@@ -4,6 +4,8 @@ const Activation = require('../activation')
 const RemoteConfigManager = require('./manager')
 const RemoteConfigCapabilities = require('./capabilities')
+const { setCollectionMode } = require('../user_tracking')
+const log = require('../../log')
 let rc
@@ -23,9 +25,31 @@ function enable (config, appsec) {
       rc.updateCapabilities(RemoteConfigCapabilities.ASM_ACTIVATION, true)
     }
-    rc.setProductHandler('ASM_FEATURES', (action, rcConfig) => {
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_AUTO_USER_INSTRUM_MODE, true)
+    let autoUserInstrumModeId
+    rc.setProductHandler('ASM_FEATURES', (action, rcConfig, configId) => {
       if (!rcConfig) return
+      // this is put before other handlers because it can reject the config
+      if (typeof rcConfig.auto_user_instrum?.mode === 'string') {
+        if (action === 'apply' || action === 'modify') {
+          // check if there is already a config applied with this field
+          if (autoUserInstrumModeId && configId !== autoUserInstrumModeId) {
+            log.error('[RC] Multiple auto_user_instrum received in ASM_FEATURES. Discarding config')
+            // eslint-disable-next-line no-throw-literal
+            throw 'Multiple auto_user_instrum.mode received in ASM_FEATURES'
+          }
+          setCollectionMode(rcConfig.auto_user_instrum.mode)
+          autoUserInstrumModeId = configId
+        } else if (configId === autoUserInstrumModeId) {
+          setCollectionMode(config.appsec.eventTracking.mode)
+          autoUserInstrumModeId = null
+        }
+      }
       if (activation === Activation.ONECLICK) {
         enableOrDisableAppsec(action, rcConfig, config, appsec)
       }

package/packages/dd-trace/src/appsec/remote_config/manager.js CHANGED Viewed

@@ -134,7 +134,7 @@ class RemoteConfigManager extends EventEmitter {
       if (statusCode === 404) return cb()
       if (err) {
-        log.error(err)
+        log.error('[RC] Error in request', err)
         return cb()
       }
@@ -148,7 +148,7 @@ class RemoteConfigManager extends EventEmitter {
         try {
           this.parseConfig(JSON.parse(data))
         } catch (err) {
-          log.error(`Could not parse remote config response: ${err}`)
+          log.error('[RC] Could not parse remote config response', err)
           this.state.client.state.has_error = true
           this.state.client.state.error = err.toString()

package/packages/dd-trace/src/appsec/reporter.js CHANGED Viewed

@@ -148,7 +148,9 @@ function reportAttack (attackData) {
     newTags['_dd.appsec.json'] = '{"triggers":' + attackData + '}'
   }
-  newTags['network.client.ip'] = req.socket.remoteAddress
+  if (req.socket) {
+    newTags['network.client.ip'] = req.socket.remoteAddress
+  }
   rootSpan.addTags(newTags)
 }

package/packages/dd-trace/src/appsec/sdk/set_user.js CHANGED Viewed

@@ -11,13 +11,13 @@ function setUserTags (user, rootSpan) {
 function setUser (tracer, user) {
   if (!user || !user.id) {
-    log.warn('Invalid user provided to setUser')
+    log.warn('[ASM] Invalid user provided to setUser')
     return
   }
   const rootSpan = getRootSpan(tracer)
   if (!rootSpan) {
-    log.warn('Root span not available in setUser')
+    log.warn('[ASM] Root span not available in setUser')
     return
   }

package/packages/dd-trace/src/appsec/sdk/track_event.js CHANGED Viewed

@@ -7,67 +7,68 @@ const standalone = require('../standalone')
 const waf = require('../waf')
 const { SAMPLING_MECHANISM_APPSEC } = require('../../constants')
 const { keepTrace } = require('../../priority_sampler')
+const addresses = require('../addresses')
 function trackUserLoginSuccessEvent (tracer, user, metadata) {
   // TODO: better user check here and in _setUser() ?
   if (!user || !user.id) {
-    log.warn('Invalid user provided to trackUserLoginSuccessEvent')
+    log.warn('[ASM] Invalid user provided to trackUserLoginSuccessEvent')
     return
   }
   const rootSpan = getRootSpan(tracer)
   if (!rootSpan) {
-    log.warn('Root span not available in trackUserLoginSuccessEvent')
+    log.warn('[ASM] Root span not available in trackUserLoginSuccessEvent')
     return
   }
   setUserTags(user, rootSpan)
-  trackEvent('users.login.success', metadata, 'trackUserLoginSuccessEvent', rootSpan, 'sdk')
+  const login = user.login ?? user.id
+  metadata = { 'usr.login': login, ...metadata }
+  trackEvent('users.login.success', metadata, 'trackUserLoginSuccessEvent', rootSpan)
+  runWaf('users.login.success', { id: user.id, login })
 }
 function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
   if (!userId || typeof userId !== 'string') {
-    log.warn('Invalid userId provided to trackUserLoginFailureEvent')
+    log.warn('[ASM] Invalid userId provided to trackUserLoginFailureEvent')
     return
   }
   const fields = {
     'usr.id': userId,
+    'usr.login': userId,
     'usr.exists': exists ? 'true' : 'false',
     ...metadata
   }
-  trackEvent('users.login.failure', fields, 'trackUserLoginFailureEvent', getRootSpan(tracer), 'sdk')
+  trackEvent('users.login.failure', fields, 'trackUserLoginFailureEvent', getRootSpan(tracer))
+  runWaf('users.login.failure', { login: userId })
 }
 function trackCustomEvent (tracer, eventName, metadata) {
   if (!eventName || typeof eventName !== 'string') {
-    log.warn('Invalid eventName provided to trackCustomEvent')
+    log.warn('[ASM] Invalid eventName provided to trackCustomEvent')
     return
   }
-  trackEvent(eventName, metadata, 'trackCustomEvent', getRootSpan(tracer), 'sdk')
+  trackEvent(eventName, metadata, 'trackCustomEvent', getRootSpan(tracer))
 }
-function trackEvent (eventName, fields, sdkMethodName, rootSpan, mode) {
+function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
   if (!rootSpan) {
-    log.warn(`Root span not available in ${sdkMethodName}`)
+    log.warn('[ASM] Root span not available in %s', sdkMethodName)
     return
   }
-  keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
   const tags = {
-    [`appsec.events.${eventName}.track`]: 'true'
-  }
-  if (mode === 'sdk') {
-    tags[`_dd.appsec.events.${eventName}.sdk`] = 'true'
-  }
-  if (mode === 'safe' || mode === 'extended') {
-    tags[`_dd.appsec.events.${eventName}.auto.mode`] = mode
+    [`appsec.events.${eventName}.track`]: 'true',
+    [`_dd.appsec.events.${eventName}.sdk`]: 'true'
   }
   if (fields) {
@@ -78,16 +79,28 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan, mode) {
   rootSpan.addTags(tags)
+  keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
   standalone.sample(rootSpan)
+}
+function runWaf (eventName, user) {
+  const persistent = {
+    [`server.business_logic.${eventName}`]: null
+  }
+  if (user.id) {
+    persistent[addresses.USER_ID] = '' + user.id
+  }
-  if (['users.login.success', 'users.login.failure'].includes(eventName)) {
-    waf.run({ persistent: { [`server.business_logic.${eventName}`]: null } })
+  if (user.login) {
+    persistent[addresses.USER_LOGIN] = '' + user.login
   }
+  waf.run({ persistent })
 }
 module.exports = {
   trackUserLoginSuccessEvent,
   trackUserLoginFailureEvent,
-  trackCustomEvent,
-  trackEvent
+  trackCustomEvent
 }