dd-trace 5.100.0 → 5.102.0

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js

@@ -83,14 +83,12 @@ class VulnerabilityFormatter {
   formatVulnerability (vulnerability, sourcesIndexes, sources) {
     const { type, hash, evidence, location } = vulnerability
 
-    const formattedVulnerability = {
+    return {
       type,
       hash,
       evidence: this.formatEvidence(type, evidence, sourcesIndexes, sources),
       location,
     }
-
-    return formattedVulnerability
   }
 
   toJson (vulnerabilitiesToFormat) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js

@@ -9,8 +9,9 @@ const STRINGIFY_SENSITIVE_KEY = STRINGIFY_RANGE_KEY + 'SENSITIVE'
 const STRINGIFY_SENSITIVE_NOT_STRING_KEY = STRINGIFY_SENSITIVE_KEY + 'NOTSTRING'
 
 // eslint-disable-next-line @stylistic/max-len
-const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(String.raw`(?:"(${STRINGIFY_RANGE_KEY}_\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\d+_(\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\d+_([\s0-9.a-zA-Z]*)")`, 'gm')
-const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(String.raw`"(${STRINGIFY_RANGE_KEY}_\d+_)`, 'gm')
+const REGEX_FOR_STRINGIFY_SENSITIVE_NOT_STRING = new RegExp(String.raw`"${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\d+_([\s\-+0-9.a-zA-Z]*)"`)
+const REGEX_FOR_STRINGIFY_SENSITIVE = new RegExp(String.raw`${STRINGIFY_SENSITIVE_KEY}_\d+_(\d+)_`)
+const REGEX_FOR_STRINGIFY_RANGE = new RegExp(String.raw`(${STRINGIFY_RANGE_KEY}_\d+_)`)
 
 const sensitiveValueRegex = new RegExp(/** @type {string} */ (defaults['iast.redactionValuePattern']), 'gmi')
 
@@ -41,7 +42,6 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
     let counter = 0
     const allRanges = {}
     const sensitiveKeysMapping = {}
-
     iterateObject(obj, (val, levelKeys, parent, key) => {
       let currentLevelClone = cloneObj
       for (let i = 0; i < levelKeys.length - 1; i++) {
@@ -108,55 +108,90 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
     value = JSON.stringify(cloneObj, null, 2)
 
     if (counter > 0) {
-      const keysRegex = loadSensitiveRanges
-        ? KEYS_REGEX_WITH_SENSITIVE_RANGES
-        : KEYS_REGEX_WITHOUT_SENSITIVE_RANGES
-      keysRegex.lastIndex = 0
-
-      let regexRes = keysRegex.exec(value)
-      while (regexRes) {
-        const offset = regexRes.index + 1 // +1 to increase the " char
-
-        if (regexRes[1]) {
-          // is a range
-          const rangesId = regexRes[1]
-          value = value.replace(rangesId, '')
-
-          const updatedRanges = allRanges[rangesId].map(range => {
-            return {
+      const segments = []
+      let outputLength = 0
+      let pos = 0
+      let rangeKeyIndex = value.indexOf(STRINGIFY_RANGE_KEY)
+
+      while (rangeKeyIndex > -1) {
+        let remainingStringValue = value.slice(rangeKeyIndex)
+        let cleanLength = rangeKeyIndex - pos
+
+        if (remainingStringValue.startsWith(STRINGIFY_SENSITIVE_NOT_STRING_KEY)) {
+          // In this case, we want to remove also the previous " char, because the value is not an string
+          rangeKeyIndex--
+          cleanLength--
+          remainingStringValue = value.slice(rangeKeyIndex)
+          const regexRes = REGEX_FOR_STRINGIFY_SENSITIVE_NOT_STRING.exec(remainingStringValue)
+
+          if (regexRes?.index === 0) {
+            const matchValue = regexRes[0]
+            const originalValue = regexRes[1]
+            const start = outputLength + cleanLength
+
+            sensitiveRanges.push({
+              start,
+              end: start + originalValue.length,
+            })
+            segments.push(value.slice(pos, rangeKeyIndex), originalValue)
+            outputLength += cleanLength + originalValue.length
+            pos = rangeKeyIndex + matchValue.length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_SENSITIVE_NOT_STRING_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1))
+            outputLength += cleanLength + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1
+            pos = rangeKeyIndex + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1
+          }
+        } else if (remainingStringValue.startsWith(STRINGIFY_SENSITIVE_KEY)) {
+          const regexRes = REGEX_FOR_STRINGIFY_SENSITIVE.exec(remainingStringValue)
+          if (regexRes?.index === 0) {
+            const start = outputLength + cleanLength
+
+            sensitiveRanges.push({
+              start,
+              end: start + Number.parseInt(regexRes[1]),
+            })
+            segments.push(value.slice(pos, rangeKeyIndex))
+            outputLength += cleanLength
+            pos = rangeKeyIndex + regexRes[0].length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_SENSITIVE_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_SENSITIVE_KEY.length))
+            outputLength += cleanLength + STRINGIFY_SENSITIVE_KEY.length
+            pos = rangeKeyIndex + STRINGIFY_SENSITIVE_KEY.length
+          }
+        } else {
+          const regexRes = REGEX_FOR_STRINGIFY_RANGE.exec(remainingStringValue)
+          if (regexRes?.index === 0) {
+            const start = outputLength + cleanLength
+            const rangesId = regexRes[1]
+
+            const updatedRanges = allRanges[rangesId].map(range => ({
               ...range,
-              start: range.start + offset,
-              end: range.end + offset,
-            }
-          })
-
-          ranges.push(...updatedRanges)
-        } else if (regexRes[2]) {
-          // is a sensitive string literal
-          const sensitiveId = regexRes[2]
-
-          sensitiveRanges.push({
-            start: offset,
-            end: offset + Number.parseInt(regexRes[3]),
-          })
-
-          value = value.replace(sensitiveId, '')
-        } else if (regexRes[4]) {
-          // is a sensitive value (number, null, false, ...)
-          const sensitiveId = regexRes[4]
-          const originalValue = regexRes[5]
-
-          sensitiveRanges.push({
-            start: regexRes.index,
-            end: regexRes.index + originalValue.length,
-          })
-
-          value = value.replace(sensitiveId, originalValue)
+              start: range.start + start,
+              end: range.end + start,
+            }))
+            ranges.push(...updatedRanges)
+
+            segments.push(value.slice(pos, rangeKeyIndex))
+            outputLength += cleanLength
+            pos = rangeKeyIndex + regexRes[0].length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_RANGE_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_RANGE_KEY.length))
+            outputLength += cleanLength + STRINGIFY_RANGE_KEY.length
+            pos = rangeKeyIndex + STRINGIFY_RANGE_KEY.length
+          }
         }
 
-        keysRegex.lastIndex = 0
-        regexRes = keysRegex.exec(value)
+        rangeKeyIndex = value.indexOf(STRINGIFY_RANGE_KEY, pos)
       }
+
+      segments.push(value.slice(pos))
+      value = segments.join('')
     }
   } else {
     value = JSON.stringify(obj, null, 2)

package/packages/dd-trace/src/appsec/index.js

@@ -5,6 +5,7 @@ const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { IS_SERVERLESS } = require('../serverless')
+const { isEmpty } = require('../util')
 const RuleManager = require('./rule_manager')
 const appsecRemoteConfig = require('./remote_config')
 const {
@@ -128,7 +129,7 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   }
 
   if (typeof body === 'object') {
-    if (isEmptyObject(body)) return
+    if (isEmpty(body)) return
     analyzedBodies.add(body)
   }
 
@@ -149,7 +150,7 @@ function onRequestCookieParser ({ req, res, abortController, cookies }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (isEmptyObject(cookies)) return
+  if (isEmpty(cookies)) return
   analyzedCookies.add(cookies)
 
   const results = waf.run({
@@ -180,12 +181,9 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
     }
   }
 
-  const requestHeaders = { ...req.headers }
-  delete requestHeaders.cookie
-
   const persistent = {
     [addresses.HTTP_INCOMING_URL]: req.url,
-    [addresses.HTTP_INCOMING_HEADERS]: requestHeaders,
+    [addresses.HTTP_INCOMING_HEADERS]: copyHeadersOmitting(req.headers, 'cookie'),
     [addresses.HTTP_INCOMING_METHOD]: req.method,
   }
 
@@ -204,7 +202,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   // we need to keep this to support other body parsers
   if (req.body !== undefined && req.body !== null) {
     if (typeof req.body === 'object') {
-      if (!isEmptyObject(req.body) && !analyzedBodies.has(req.body)) {
+      if (!isEmpty(req.body) && !analyzedBodies.has(req.body)) {
         persistent[addresses.HTTP_INCOMING_BODY] = req.body
       }
     } else {
@@ -216,7 +214,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   if (
     req.cookies !== null &&
     typeof req.cookies === 'object' &&
-    !isEmptyObject(req.cookies) &&
+    !isEmpty(req.cookies) &&
     !analyzedCookies.has(req.cookies)
   ) {
     persistent[addresses.HTTP_INCOMING_COOKIES] = req.cookies
@@ -227,7 +225,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   if (
     query !== null &&
     typeof query === 'object' &&
-    !isEmptyObject(query)
+    !isEmpty(query)
   ) {
     persistent[addresses.HTTP_INCOMING_QUERY] = query
   }
@@ -239,7 +237,7 @@ function incomingHttpEndTranslator ({ req, res }) {
     persistent[addresses.WAF_CONTEXT_PROCESSOR] = { 'extract-schema': true }
   }
 
-  if (!isEmptyObject(persistent)) {
+  if (!isEmpty(persistent)) {
     waf.run({ persistent }, req)
   }
 
@@ -313,7 +311,7 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (isEmptyObject(query)) return
+  if (isEmpty(query)) return
 
   const results = waf.run({
     persistent: {
@@ -328,7 +326,7 @@ function onRequestProcessParams ({ req, res, abortController, params }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (!params || typeof params !== 'object' || isEmptyObject(params)) return
+  if (!params || typeof params !== 'object' || isEmpty(params)) return
 
   const results = waf.run({
     persistent: {
@@ -352,7 +350,7 @@ function onResponseBody ({ req, res, body }) {
 }
 
 function onResponseWriteHead ({ req, res, abortController, statusCode, responseHeaders }) {
-  if (!isEmptyObject(responseHeaders)) {
+  if (!isEmpty(responseHeaders)) {
     storedResponseHeaders.set(req, responseHeaders)
   }
 
@@ -375,13 +373,10 @@ function onResponseWriteHead ({ req, res, abortController, statusCode, responseH
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  responseHeaders = { ...responseHeaders }
-  delete responseHeaders['set-cookie']
-
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_RESPONSE_CODE]: String(statusCode),
-      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders,
+      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: copyHeadersOmitting(responseHeaders, 'set-cookie'),
     },
   }, req)
 
@@ -540,14 +535,16 @@ function disable () {
   if (stripeConstructEvent.hasSubscribers) stripeConstructEvent.unsubscribe(onStripeConstructEvent)
 }
 
-// this is faster than Object.keys().length === 0
-function isEmptyObject (obj) {
-  // eslint-disable-next-line no-unreachable-loop
-  for (const _ in obj) {
-    return false
+/**
+ * @param {Record<string, unknown>} src
+ * @param {string} omit
+ */
+function copyHeadersOmitting (src, omit) {
+  const filtered = {}
+  for (const key of Object.keys(src)) {
+    if (key !== omit) filtered[key] = src[key]
   }
-
-  return true
+  return filtered
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/reporter.js

@@ -8,6 +8,7 @@ const web = require('../plugins/util/web')
 const { ipHeaderList } = require('../plugins/util/ip_extractor')
 const { keepTrace } = require('../priority_sampler')
 const { ASM } = require('../standalone/product')
+const { isEmpty } = require('../util')
 const { getActiveRequest } = require('./store')
 const {
   incrementWafInitMetric,
@@ -170,7 +171,9 @@ function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedRespons
   // Basic collection
   if (!shouldCollectEventHeaders) return mandatoryCollectedHeaders
 
-  const responseHeaders = Object.keys(storedResponseHeaders).length === 0
+  // Skip the spread when the stored side is empty -- common during the early
+  // request lifecycle when no upstream response headers have been captured.
+  const responseHeaders = isEmpty(storedResponseHeaders)
     ? res.getHeaders()
     : { ...storedResponseHeaders, ...res.getHeaders() }
 
@@ -506,7 +509,9 @@ function finishRequest (req, res, storedResponseHeaders, requestBody) {
   if (!rootSpan) return
 
   if (metricsQueue.size) {
-    rootSpan.addTags(Object.fromEntries(metricsQueue))
+    for (const [key, value] of metricsQueue) {
+      rootSpan.setTag(key, value)
+    }
 
     keepTrace(rootSpan, ASM)
 

package/packages/dd-trace/src/appsec/rule_manager.js

@@ -142,12 +142,14 @@ function extractErrors (diagnostics) {
 
   for (const diagnosticKey of DIAGNOSTIC_KEYS) {
     if (diagnostics[diagnosticKey]?.error) {
-      (result[diagnosticKey] ??= {}).error = diagnostics[diagnosticKey]?.error
+      result[diagnosticKey] ??= {}
+      result[diagnosticKey].error = diagnostics[diagnosticKey]?.error
       isResultPopulated = true
     }
 
     if (diagnostics[diagnosticKey]?.errors) {
-      (result[diagnosticKey] ??= {}).errors = diagnostics[diagnosticKey]?.errors
+      result[diagnosticKey] ??= {}
+      result[diagnosticKey].errors = diagnostics[diagnosticKey]?.errors
       isResultPopulated = true
     }
   }

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -20,6 +20,20 @@ class WAFContextWrapper {
     this.knownAddresses = knownAddresses
     this.addressesToSkip = new Set()
     this.cachedUserIdResults = new Map()
+    // Reused across run() calls; Reporter.reportMetrics consumes it synchronously.
+    this.metrics = {
+      rulesVersion,
+      wafVersion,
+      wafTimeout: false,
+      duration: 0,
+      durationExt: 0,
+      blockTriggered: false,
+      ruleTriggered: false,
+      errorCode: null,
+      maxTruncatedString: null,
+      maxTruncatedContainerSize: null,
+      maxTruncatedContainerDepth: null,
+    }
   }
 
   run ({ persistent, ephemeral }, raspRule, req) {
@@ -44,7 +58,8 @@ class WAFContextWrapper {
 
     const payload = {}
     let payloadHasData = false
-    const newAddressesToSkip = new Set(this.addressesToSkip)
+    // Cloned lazily; only the preventDuplicateAddresses branch below adds to it.
+    let newAddressesToSkip
 
     if (persistent !== null && typeof persistent === 'object') {
       const persistentInputs = {}
@@ -55,6 +70,7 @@ class WAFContextWrapper {
           hasPersistentInputs = true
           persistentInputs[key] = persistent[key]
           if (preventDuplicateAddresses.has(key)) {
+            newAddressesToSkip ??= new Set(this.addressesToSkip)
             newAddressesToSkip.add(key)
           }
         }
@@ -85,19 +101,16 @@ class WAFContextWrapper {
 
     if (!payloadHasData) return
 
-    const metrics = {
-      rulesVersion: this.rulesVersion,
-      wafVersion: this.wafVersion,
-      wafTimeout: false,
-      duration: 0,
-      durationExt: 0,
-      blockTriggered: false,
-      ruleTriggered: false,
-      errorCode: null,
-      maxTruncatedString: null,
-      maxTruncatedContainerSize: null,
-      maxTruncatedContainerDepth: null,
-    }
+    const metrics = this.metrics
+    metrics.wafTimeout = false
+    metrics.duration = 0
+    metrics.durationExt = 0
+    metrics.blockTriggered = false
+    metrics.ruleTriggered = false
+    metrics.errorCode = null
+    metrics.maxTruncatedString = null
+    metrics.maxTruncatedContainerSize = null
+    metrics.maxTruncatedContainerDepth = null
 
     try {
       const start = process.hrtime.bigint()
@@ -106,7 +119,7 @@ class WAFContextWrapper {
 
       const end = process.hrtime.bigint()
 
-      metrics.durationExt = Number.parseInt(end - start) / 1e3
+      metrics.durationExt = Number(end - start) / 1e3
 
       if (typeof result.errorCode === 'number' && result.errorCode < 0) {
         const error = new Error('WAF code error')
@@ -123,7 +136,9 @@ class WAFContextWrapper {
         if (maxTruncatedContainerDepth) metrics.maxTruncatedContainerDepth = maxTruncatedContainerDepth
       }
 
-      this.addressesToSkip = newAddressesToSkip
+      if (newAddressesToSkip !== undefined) {
+        this.addressesToSkip = newAddressesToSkip
+      }
 
       const ruleTriggered = !!result.events?.length
 

package/packages/dd-trace/src/ci-visibility/lage.js

@@ -2,6 +2,7 @@
 
 const { getEnvironmentVariable } = require('../config/helper')
 const { isTrue } = require('../util')
+const { DD_MAJOR } = require('../../../../version')
 
 /**
  * Returns the current Lage package name if the Lage package name override is enabled.
@@ -9,7 +10,7 @@ const { isTrue } = require('../util')
  * @returns {string|undefined}
  */
 function getLagePackageName () {
-  if (!isTrue(getEnvironmentVariable('DD_ENABLE_LAGE_PACKAGE_NAME'))) {
+  if (DD_MAJOR < 6 && !isTrue(getEnvironmentVariable('DD_ENABLE_LAGE_PACKAGE_NAME'))) {
     return
   }
 

package/packages/dd-trace/src/ci-visibility/requests/request.js

@@ -7,39 +7,13 @@ const zlib = require('zlib')
 const { storage } = require('../../../../datadog-core')
 const log = require('../../log')
 const { httpAgent, httpsAgent } = require('../../exporters/common/agents')
+const {
+  RATE_LIMIT_MAX_WAIT_MS,
+  isRetriableNetworkError,
+  singleJitteredDelay,
+} = require('../../exporters/common/retry')
 const { urlToHttpOptions } = require('../../exporters/common/url-to-http-options-polyfill')
 
-const RATE_LIMIT_MAX_WAIT_MS = 30_000
-const RETRY_BASE_MS = 5000
-const RETRY_JITTER_MS = 2500
-
-/**
- * Calculates retry delay with jitter to prevent thundering herd.
- * Delay is RETRY_BASE_MS + random(0, RETRY_JITTER_MS) (e.g. 5–7.5 seconds).
- *
- * @returns {number} Delay in milliseconds
- */
-function getRetryDelay () {
-  return RETRY_BASE_MS + (Math.random() * RETRY_JITTER_MS)
-}
-
-/**
- * Determines if a network error is retriable (transient failures only).
- * ECONNREFUSED is retried because it can be transient (service starting up,
- * restarts, rolling deploys, k8s pod/readiness transitions). ENOTFOUND is
- * excluded as it indicates DNS failure or wrong host and is usually not transient.
- *
- * @param {Error} err - The error to check
- * @returns {boolean}
- */
-function isRetriableNetworkError (err) {
-  if (!err.code) return false
-  return err.code === 'ECONNREFUSED' ||
-    err.code === 'ECONNRESET' ||
-    err.code === 'ETIMEDOUT' ||
-    err.code === 'EPIPE'
-}
-
 function parseUrl (urlObjOrString) {
   if (urlObjOrString !== null && typeof urlObjOrString === 'object') {
     return urlToHttpOptions(urlObjOrString)
@@ -63,6 +37,10 @@ function parseUrl (urlObjOrString) {
  * Destroys connections on errors to prevent reuse of bad connections. Preserves
  * original status code across retries for telemetry.
  *
+ * Retry timers stay ref'd. Test-runner plugins block the suite via
+ * `delay: true` channels until this callback fires; an unref'd retry would
+ * let the host exit first and the suite would never run.
+ *
  * @param {string} data - Request body (e.g. JSON string)
  * @param {object} options - { url, path?, method?, headers?, timeout? } (may be mutated)
  * @param {Function} callback - (err, res, statusCode) => void
@@ -157,7 +135,7 @@ function request (data, options, callback) {
               // ignore
             }
             hasRetried = true
-            setTimeout(makeRequest, getRetryDelay())
+            setTimeout(makeRequest, singleJitteredDelay())
             return
           }
 
@@ -177,7 +155,7 @@ function request (data, options, callback) {
         // Retry on retriable network errors
         if (!hasRetried && isRetriableNetworkError(err)) {
           hasRetried = true
-          setTimeout(makeRequest, getRetryDelay())
+          setTimeout(makeRequest, singleJitteredDelay())
           return
         }
 

package/packages/dd-trace/src/config/config-types.d.ts

@@ -8,7 +8,6 @@ export interface ConfigProperties extends GeneratedConfig {
     responsesEnabled: boolean
     rules: PayloadTaggingRules
   }
-  commitSHA: string | undefined
   debug: boolean
   instrumentationSource: 'manual' | 'ssi'
   isCiVisibility: boolean
@@ -18,7 +17,6 @@ export interface ConfigProperties extends GeneratedConfig {
   lookup: NonNullable<import('../../../../index').TracerOptions['lookup']>
   readonly parsedDdTags: Record<string, string>
   plugins: boolean
-  repositoryUrl: string | undefined
   sampler: {
     rateLimit: number
     rules: import('../../../../index').SamplingRule[]

package/packages/dd-trace/src/config/git_properties.js

@@ -4,8 +4,8 @@ const fs = require('fs')
 const path = require('path')
 
 const gitPropertiesCommitSHARegex = /git\.commit\.sha=([a-f\d]{40})/
-const gitPropertiesRepositoryUrlRegex = /git\.repository_url=([\w\d:@/.-]+)/
-const repositoryUrlRegex = /^([\w\d:@/.-]+)$/
+const gitPropertiesRepositoryUrlRegex = /git\.repository_url=([\w:@/.-]+)/
+const repositoryUrlRegex = /^([\w:@/.-]+)$/
 const remoteOriginRegex = /^\[remote\s+"origin"\]/i
 const gitHeadRefRegex = /ref:\s+(refs\/[A-Za-z0-9._/-]+)/
 const commitSHARegex = /^[0-9a-f]{40}$/

package/packages/dd-trace/src/config/index.js

@@ -3,7 +3,6 @@
 const fs = require('node:fs')
 const os = require('node:os')
 const { URL } = require('node:url')
-const path = require('node:path')
 
 const rfdc = require('../../../../vendor/dist/rfdc')({ proto: false, circles: false })
 const uuid = require('../../../../vendor/dist/crypto-randomuuid') // we need to keep the old uuid dep because of cypress
@@ -12,7 +11,6 @@ const { DD_MAJOR } = require('../../../../version')
 const log = require('../log')
 const pkg = require('../pkg')
 const { isTrue } = require('../util')
-const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../plugins/util/tags')
 const telemetry = require('../telemetry')
 const telemetryMetrics = require('../telemetry/metrics')
 const {
@@ -22,8 +20,6 @@ const {
 } = require('../serverless')
 const { ORIGIN_KEY, DATADOG_MINI_AGENT_PATH } = require('../constants')
 const { appendRules } = require('../payload-tagging/config')
-const { getGitMetadataFromGitProperties, removeUserSensitiveInfo, getRemoteOriginURL, resolveGitHeadSHA } =
-  require('./git_properties')
 const ConfigBase = require('./config-base')
 const {
   getEnvironmentVariable,
@@ -215,10 +211,6 @@ class Config extends ConfigBase {
 
     warnWrongOtelSettings()
 
-    if (this.DD_TRACE_GIT_METADATA_ENABLED) {
-      this.#loadGitMetadata()
-    }
-
     parseErrors.clear()
   }
 
@@ -513,7 +505,7 @@ class Config extends ConfigBase {
       } else {
         const NX_TASK_TARGET_PROJECT = getEnvironmentVariable('NX_TASK_TARGET_PROJECT')
         if (NX_TASK_TARGET_PROJECT) {
-          if (this.DD_ENABLE_NX_SERVICE_NAME) {
+          if (DD_MAJOR >= 6 || this.DD_ENABLE_NX_SERVICE_NAME) {
             setAndTrack(this, 'service', normalizeService(NX_TASK_TARGET_PROJECT) || 'node')
             isServiceNameInferred = true
           } else if (DD_MAJOR < 6) {
@@ -628,52 +620,6 @@ class Config extends ConfigBase {
 
     telemetry.updateConfig([...configWithOrigin.values()], this)
   }
-
-  // TODO: Move outside of config. This is unrelated to the config system.
-  #loadGitMetadata () {
-    // Try to read Git metadata from the environment variables
-    this.repositoryUrl = removeUserSensitiveInfo(this.DD_GIT_REPOSITORY_URL ?? this.tags[GIT_REPOSITORY_URL])
-    this.commitSHA = this.DD_GIT_COMMIT_SHA ?? this.tags[GIT_COMMIT_SHA]
-
-    // Otherwise, try to read Git metadata from the git.properties file
-    if (!this.repositoryUrl || !this.commitSHA) {
-      const DD_GIT_PROPERTIES_FILE = this.DD_GIT_PROPERTIES_FILE
-      const gitPropertiesFile = DD_GIT_PROPERTIES_FILE ?? `${process.cwd()}/git.properties`
-      try {
-        const gitPropertiesString = fs.readFileSync(gitPropertiesFile, 'utf8')
-        const { commitSHA, repositoryUrl } = getGitMetadataFromGitProperties(gitPropertiesString)
-        this.commitSHA ??= commitSHA
-        this.repositoryUrl ??= repositoryUrl
-      } catch (error) {
-        // Only log error if the user has set a git.properties path
-        if (DD_GIT_PROPERTIES_FILE) {
-          log.error('Error reading DD_GIT_PROPERTIES_FILE: %s', gitPropertiesFile, error)
-        }
-      }
-    }
-
-    // Otherwise, try to read Git metadata from the .git/ folder
-    const DD_GIT_FOLDER_PATH = this.DD_GIT_FOLDER_PATH
-    const gitFolderPath = DD_GIT_FOLDER_PATH ?? path.join(process.cwd(), '.git')
-
-    if (!this.repositoryUrl) {
-      // Try to read git config (repository URL)
-      const gitConfigPath = path.join(gitFolderPath, 'config')
-      try {
-        const gitConfigContent = fs.readFileSync(gitConfigPath, 'utf8')
-        if (gitConfigContent) {
-          this.repositoryUrl = getRemoteOriginURL(gitConfigContent)
-        }
-      } catch (error) {
-        // Only log error if the user has set a .git/ path
-        if (DD_GIT_FOLDER_PATH) {
-          log.error('Error reading git config: %s', gitConfigPath, error)
-        }
-      }
-    }
-    // Try to read git HEAD (commit SHA)
-    this.commitSHA ??= resolveGitHeadSHA(gitFolderPath)
-  }
 }
 
 /**