npm - dd-trace - Versions diffs - 5.10.0 → 5.11.0 - Mend

dd-trace 5.10.0 → 5.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/packages/datadog-plugin-selenium/src/index.js ADDED Viewed

@@ -0,0 +1,71 @@
+const CiPlugin = require('../../dd-trace/src/plugins/ci_plugin')
+const { storage } = require('../../datadog-core')
+const {
+  TEST_IS_RUM_ACTIVE,
+  TEST_BROWSER_DRIVER,
+  TEST_BROWSER_DRIVER_VERSION,
+  TEST_BROWSER_NAME,
+  TEST_BROWSER_VERSION,
+  TEST_TYPE
+} = require('../../dd-trace/src/plugins/util/test')
+const { SPAN_TYPE } = require('../../../ext/tags')
+function isTestSpan (span) {
+  return span.context()._tags[SPAN_TYPE] === 'test'
+}
+function getTestSpanFromTrace (trace) {
+  for (const span of trace.started) {
+    if (isTestSpan(span)) {
+      return span
+    }
+  }
+  return null
+}
+class SeleniumPlugin extends CiPlugin {
+  static get id () {
+    return 'selenium'
+  }
+  constructor (...args) {
+    super(...args)
+    this.addSub('ci:selenium:driver:get', ({
+      setTraceId,
+      seleniumVersion,
+      browserName,
+      browserVersion,
+      isRumActive
+    }) => {
+      const store = storage.getStore()
+      const span = store?.span
+      if (!span) {
+        return
+      }
+      let testSpan
+      if (isTestSpan(span)) {
+        testSpan = span
+      } else {
+        testSpan = getTestSpanFromTrace(span.context()._trace)
+      }
+      if (!testSpan) {
+        return
+      }
+      if (setTraceId) {
+        setTraceId(testSpan.context().toTraceId())
+      }
+      if (isRumActive) {
+        testSpan.setTag(TEST_IS_RUM_ACTIVE, 'true')
+      }
+      testSpan.setTag(TEST_BROWSER_DRIVER, 'selenium')
+      testSpan.setTag(TEST_BROWSER_DRIVER_VERSION, seleniumVersion)
+      testSpan.setTag(TEST_BROWSER_NAME, browserName)
+      testSpan.setTag(TEST_BROWSER_VERSION, browserVersion)
+      testSpan.setTag(TEST_TYPE, 'browser')
+    })
+  }
+}
+module.exports = SeleniumPlugin

package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js CHANGED Viewed

@@ -2,6 +2,7 @@
 module.exports = {
   COMMAND_INJECTION_ANALYZER: require('./command-injection-analyzer'),
+  HARCODED_PASSWORD_ANALYZER: require('./hardcoded-password-analyzer'),
   HARCODED_SECRET_ANALYZER: require('./hardcoded-secret-analyzer'),
   HEADER_INJECTION_ANALYZER: require('./header-injection-analyzer'),
   HSTS_HEADER_MISSING_ANALYZER: require('./hsts-header-missing-analyzer'),

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js ADDED Viewed

@@ -0,0 +1,70 @@
+'use strict'
+const Analyzer = require('./vulnerability-analyzer')
+const { getRelativePath } = require('../path-line')
+class HardcodedBaseAnalyzer extends Analyzer {
+  constructor (type, allRules = [], valueOnlyRules = []) {
+    super(type)
+    this.allRules = allRules
+    this.valueOnlyRules = valueOnlyRules
+  }
+  onConfigure () {
+    this.addSub('datadog:secrets:result', (secrets) => { this.analyze(secrets) })
+  }
+  analyze (secrets) {
+    if (!secrets?.file || !secrets.literals) return
+    const { allRules, valueOnlyRules } = this
+    const matches = []
+    for (const literal of secrets.literals) {
+      const { value, locations } = literal
+      if (!value || !locations) continue
+      for (const location of locations) {
+        let match
+        if (location.ident) {
+          const fullValue = `${location.ident}=${value}`
+          match = allRules.find(rule => fullValue.match(rule.regex))
+        } else {
+          match = valueOnlyRules.find(rule => value.match(rule.regex))
+        }
+        if (match) {
+          matches.push({ location, ruleId: match.id })
+        }
+      }
+    }
+    if (matches.length) {
+      const file = getRelativePath(secrets.file)
+      matches
+        .forEach(match => this._report({
+          file,
+          line: match.location.line,
+          column: match.location.column,
+          data: match.ruleId
+        }))
+    }
+  }
+  _getEvidence (value) {
+    return { value: `${value.data}` }
+  }
+  _getLocation (value) {
+    return {
+      path: value.file,
+      line: value.line,
+      column: value.column,
+      isInternal: false
+    }
+  }
+}
+module.exports = HardcodedBaseAnalyzer

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-analyzer.js ADDED Viewed

@@ -0,0 +1,14 @@
+'use strict'
+const { HARDCODED_PASSWORD } = require('../vulnerabilities')
+const HardcodedBaseAnalyzer = require('./hardcoded-base-analyzer')
+const allRules = require('./hardcoded-password-rules')
+class HardcodedPasswordAnalyzer extends HardcodedBaseAnalyzer {
+  constructor () {
+    super(HARDCODED_PASSWORD, allRules)
+  }
+}
+module.exports = new HardcodedPasswordAnalyzer()

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-rules.js ADDED Viewed

@@ -0,0 +1,12 @@
+/* eslint-disable max-len */
+'use strict'
+const { NameAndValue } = require('./hardcoded-rule-type')
+module.exports = [
+  {
+    id: 'hardcoded-password',
+    regex: /(?:pwd|pswd|pass|secret)(?:[0-9a-z\-_\t.]{0,20})(?:[\s|']|[\s|""]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|""|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['"\s\x60;]|$)/i,
+    type: NameAndValue
+  }
+]

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-rule-type.js ADDED Viewed

@@ -0,0 +1,6 @@
+'use strict'
+module.exports = {
+  ValueOnly: 'ValueOnly',
+  NameAndValue: 'NameAndValue'
+}

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-analyzer.js CHANGED Viewed

@@ -1,59 +1,14 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { HARDCODED_SECRET } = require('../vulnerabilities')
-const { getRelativePath } = require('../path-line')
+const HardcodedBaseAnalyzer = require('./hardcoded-base-analyzer')
+const { ValueOnly } = require('./hardcoded-rule-type')
-const secretRules = require('./hardcoded-secrets-rules')
+const allRules = require('./hardcoded-secret-rules')
-class HardcodedSecretAnalyzer extends Analyzer {
+class HardcodedSecretAnalyzer extends HardcodedBaseAnalyzer {
   constructor () {
-    super(HARDCODED_SECRET)
-  }
-  onConfigure () {
-    this.addSub('datadog:secrets:result', (secrets) => { this.analyze(secrets) })
-  }
-  analyze (secrets) {
-    if (!secrets?.file || !secrets.literals) return
-    const matches = secrets.literals
-      .filter(literal => literal.value && literal.locations?.length)
-      .map(literal => {
-        const match = secretRules.find(rule => literal.value.match(rule.regex))
-        return match ? { locations: literal.locations, ruleId: match.id } : undefined
-      })
-      .filter(match => !!match)
-    if (matches.length) {
-      const file = getRelativePath(secrets.file)
-      matches.forEach(match => {
-        match.locations
-          .filter(location => location.line)
-          .forEach(location => this._report({
-            file,
-            line: location.line,
-            column: location.column,
-            data: match.ruleId
-          }))
-      })
-    }
-  }
-  _getEvidence (value) {
-    return { value: `${value.data}` }
-  }
-  _getLocation (value) {
-    return {
-      path: value.file,
-      line: value.line,
-      column: value.column,
-      isInternal: false
-    }
+    super(HARDCODED_SECRET, allRules, allRules.filter(rule => rule.type === ValueOnly))
   }
 }