dd-trace 5.101.0 → 5.103.0

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js

@@ -133,6 +133,7 @@ class SensitiveHandler {
         }
 
         start = i + (nextTainted.end - nextTainted.start)
+        // eslint-disable-next-line sonarjs/updated-loop-counter -- skip ahead; outer `i++` advances to `start`
         i = start - 1
         nextTainted = ranges.shift()
         nextTaintedIndex++
@@ -159,6 +160,7 @@ class SensitiveHandler {
         this.writeRedactedValuePart(valueParts, _length)
 
         start = i + _length
+        // eslint-disable-next-line sonarjs/updated-loop-counter -- skip ahead; outer `i++` advances to `start`
         i = start - 1
         nextSensitive = sensitive.shift()
       }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js

@@ -83,14 +83,12 @@ class VulnerabilityFormatter {
   formatVulnerability (vulnerability, sourcesIndexes, sources) {
     const { type, hash, evidence, location } = vulnerability
 
-    const formattedVulnerability = {
+    return {
       type,
       hash,
       evidence: this.formatEvidence(type, evidence, sourcesIndexes, sources),
       location,
     }
-
-    return formattedVulnerability
   }
 
   toJson (vulnerabilitiesToFormat) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js

@@ -9,8 +9,9 @@ const STRINGIFY_SENSITIVE_KEY = STRINGIFY_RANGE_KEY + 'SENSITIVE'
 const STRINGIFY_SENSITIVE_NOT_STRING_KEY = STRINGIFY_SENSITIVE_KEY + 'NOTSTRING'
 
 // eslint-disable-next-line @stylistic/max-len
-const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(String.raw`(?:"(${STRINGIFY_RANGE_KEY}_\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\d+_(\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\d+_([\s0-9.a-zA-Z]*)")`, 'gm')
-const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(String.raw`"(${STRINGIFY_RANGE_KEY}_\d+_)`, 'gm')
+const REGEX_FOR_STRINGIFY_SENSITIVE_NOT_STRING = new RegExp(String.raw`"${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\d+_([\s\-+0-9.a-zA-Z]*)"`)
+const REGEX_FOR_STRINGIFY_SENSITIVE = new RegExp(String.raw`${STRINGIFY_SENSITIVE_KEY}_\d+_(\d+)_`)
+const REGEX_FOR_STRINGIFY_RANGE = new RegExp(String.raw`(${STRINGIFY_RANGE_KEY}_\d+_)`)
 
 const sensitiveValueRegex = new RegExp(/** @type {string} */ (defaults['iast.redactionValuePattern']), 'gmi')
 
@@ -41,7 +42,6 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
     let counter = 0
     const allRanges = {}
     const sensitiveKeysMapping = {}
-
     iterateObject(obj, (val, levelKeys, parent, key) => {
       let currentLevelClone = cloneObj
       for (let i = 0; i < levelKeys.length - 1; i++) {
@@ -108,55 +108,90 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
     value = JSON.stringify(cloneObj, null, 2)
 
     if (counter > 0) {
-      const keysRegex = loadSensitiveRanges
-        ? KEYS_REGEX_WITH_SENSITIVE_RANGES
-        : KEYS_REGEX_WITHOUT_SENSITIVE_RANGES
-      keysRegex.lastIndex = 0
-
-      let regexRes = keysRegex.exec(value)
-      while (regexRes) {
-        const offset = regexRes.index + 1 // +1 to increase the " char
-
-        if (regexRes[1]) {
-          // is a range
-          const rangesId = regexRes[1]
-          value = value.replace(rangesId, '')
-
-          const updatedRanges = allRanges[rangesId].map(range => {
-            return {
+      const segments = []
+      let outputLength = 0
+      let pos = 0
+      let rangeKeyIndex = value.indexOf(STRINGIFY_RANGE_KEY)
+
+      while (rangeKeyIndex > -1) {
+        let remainingStringValue = value.slice(rangeKeyIndex)
+        let cleanLength = rangeKeyIndex - pos
+
+        if (remainingStringValue.startsWith(STRINGIFY_SENSITIVE_NOT_STRING_KEY)) {
+          // In this case, we want to remove also the previous " char, because the value is not an string
+          rangeKeyIndex--
+          cleanLength--
+          remainingStringValue = value.slice(rangeKeyIndex)
+          const regexRes = REGEX_FOR_STRINGIFY_SENSITIVE_NOT_STRING.exec(remainingStringValue)
+
+          if (regexRes?.index === 0) {
+            const matchValue = regexRes[0]
+            const originalValue = regexRes[1]
+            const start = outputLength + cleanLength
+
+            sensitiveRanges.push({
+              start,
+              end: start + originalValue.length,
+            })
+            segments.push(value.slice(pos, rangeKeyIndex), originalValue)
+            outputLength += cleanLength + originalValue.length
+            pos = rangeKeyIndex + matchValue.length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_SENSITIVE_NOT_STRING_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1))
+            outputLength += cleanLength + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1
+            pos = rangeKeyIndex + STRINGIFY_SENSITIVE_NOT_STRING_KEY.length + 1
+          }
+        } else if (remainingStringValue.startsWith(STRINGIFY_SENSITIVE_KEY)) {
+          const regexRes = REGEX_FOR_STRINGIFY_SENSITIVE.exec(remainingStringValue)
+          if (regexRes?.index === 0) {
+            const start = outputLength + cleanLength
+
+            sensitiveRanges.push({
+              start,
+              end: start + Number.parseInt(regexRes[1]),
+            })
+            segments.push(value.slice(pos, rangeKeyIndex))
+            outputLength += cleanLength
+            pos = rangeKeyIndex + regexRes[0].length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_SENSITIVE_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_SENSITIVE_KEY.length))
+            outputLength += cleanLength + STRINGIFY_SENSITIVE_KEY.length
+            pos = rangeKeyIndex + STRINGIFY_SENSITIVE_KEY.length
+          }
+        } else {
+          const regexRes = REGEX_FOR_STRINGIFY_RANGE.exec(remainingStringValue)
+          if (regexRes?.index === 0) {
+            const start = outputLength + cleanLength
+            const rangesId = regexRes[1]
+
+            const updatedRanges = allRanges[rangesId].map(range => ({
               ...range,
-              start: range.start + offset,
-              end: range.end + offset,
-            }
-          })
-
-          ranges.push(...updatedRanges)
-        } else if (regexRes[2]) {
-          // is a sensitive string literal
-          const sensitiveId = regexRes[2]
-
-          sensitiveRanges.push({
-            start: offset,
-            end: offset + Number.parseInt(regexRes[3]),
-          })
-
-          value = value.replace(sensitiveId, '')
-        } else if (regexRes[4]) {
-          // is a sensitive value (number, null, false, ...)
-          const sensitiveId = regexRes[4]
-          const originalValue = regexRes[5]
-
-          sensitiveRanges.push({
-            start: regexRes.index,
-            end: regexRes.index + originalValue.length,
-          })
-
-          value = value.replace(sensitiveId, originalValue)
+              start: range.start + start,
+              end: range.end + start,
+            }))
+            ranges.push(...updatedRanges)
+
+            segments.push(value.slice(pos, rangeKeyIndex))
+            outputLength += cleanLength
+            pos = rangeKeyIndex + regexRes[0].length
+          } else {
+            // can't happen, the only way to this to happen is
+            // if the JSON has a value starting with the value of STRINGIFY_RANGE_KEY
+            segments.push(value.slice(pos, rangeKeyIndex + STRINGIFY_RANGE_KEY.length))
+            outputLength += cleanLength + STRINGIFY_RANGE_KEY.length
+            pos = rangeKeyIndex + STRINGIFY_RANGE_KEY.length
+          }
         }
 
-        keysRegex.lastIndex = 0
-        regexRes = keysRegex.exec(value)
+        rangeKeyIndex = value.indexOf(STRINGIFY_RANGE_KEY, pos)
       }
+
+      segments.push(value.slice(pos))
+      value = segments.join('')
     }
   } else {
     value = JSON.stringify(obj, null, 2)

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -100,7 +100,7 @@ function clearCache () { // only for test purposes
 
 function startClearCacheTimer () {
   resetVulnerabilityCacheTimer = setInterval(clearCache, RESET_VULNERABILITY_CACHE_INTERVAL)
-  resetVulnerabilityCacheTimer.unref()
+  resetVulnerabilityCacheTimer.unref?.()
 }
 
 function stopClearCacheTimer () {

package/packages/dd-trace/src/appsec/index.js

@@ -5,6 +5,7 @@ const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { IS_SERVERLESS } = require('../serverless')
+const { isEmpty } = require('../util')
 const RuleManager = require('./rule_manager')
 const appsecRemoteConfig = require('./remote_config')
 const {
@@ -128,7 +129,7 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   }
 
   if (typeof body === 'object') {
-    if (isEmptyObject(body)) return
+    if (isEmpty(body)) return
     analyzedBodies.add(body)
   }
 
@@ -149,7 +150,7 @@ function onRequestCookieParser ({ req, res, abortController, cookies }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (isEmptyObject(cookies)) return
+  if (isEmpty(cookies)) return
   analyzedCookies.add(cookies)
 
   const results = waf.run({
@@ -180,12 +181,9 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
     }
   }
 
-  const requestHeaders = { ...req.headers }
-  delete requestHeaders.cookie
-
   const persistent = {
     [addresses.HTTP_INCOMING_URL]: req.url,
-    [addresses.HTTP_INCOMING_HEADERS]: requestHeaders,
+    [addresses.HTTP_INCOMING_HEADERS]: copyHeadersOmitting(req.headers, 'cookie'),
     [addresses.HTTP_INCOMING_METHOD]: req.method,
   }
 
@@ -204,7 +202,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   // we need to keep this to support other body parsers
   if (req.body !== undefined && req.body !== null) {
     if (typeof req.body === 'object') {
-      if (!isEmptyObject(req.body) && !analyzedBodies.has(req.body)) {
+      if (!isEmpty(req.body) && !analyzedBodies.has(req.body)) {
         persistent[addresses.HTTP_INCOMING_BODY] = req.body
       }
     } else {
@@ -216,7 +214,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   if (
     req.cookies !== null &&
     typeof req.cookies === 'object' &&
-    !isEmptyObject(req.cookies) &&
+    !isEmpty(req.cookies) &&
     !analyzedCookies.has(req.cookies)
   ) {
     persistent[addresses.HTTP_INCOMING_COOKIES] = req.cookies
@@ -227,7 +225,7 @@ function incomingHttpEndTranslator ({ req, res }) {
   if (
     query !== null &&
     typeof query === 'object' &&
-    !isEmptyObject(query)
+    !isEmpty(query)
   ) {
     persistent[addresses.HTTP_INCOMING_QUERY] = query
   }
@@ -239,7 +237,7 @@ function incomingHttpEndTranslator ({ req, res }) {
     persistent[addresses.WAF_CONTEXT_PROCESSOR] = { 'extract-schema': true }
   }
 
-  if (!isEmptyObject(persistent)) {
+  if (!isEmpty(persistent)) {
     waf.run({ persistent }, req)
   }
 
@@ -313,7 +311,7 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (isEmptyObject(query)) return
+  if (isEmpty(query)) return
 
   const results = waf.run({
     persistent: {
@@ -328,7 +326,7 @@ function onRequestProcessParams ({ req, res, abortController, params }) {
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  if (!params || typeof params !== 'object' || isEmptyObject(params)) return
+  if (!params || typeof params !== 'object' || isEmpty(params)) return
 
   const results = waf.run({
     persistent: {
@@ -352,7 +350,7 @@ function onResponseBody ({ req, res, body }) {
 }
 
 function onResponseWriteHead ({ req, res, abortController, statusCode, responseHeaders }) {
-  if (!isEmptyObject(responseHeaders)) {
+  if (!isEmpty(responseHeaders)) {
     storedResponseHeaders.set(req, responseHeaders)
   }
 
@@ -375,13 +373,10 @@ function onResponseWriteHead ({ req, res, abortController, statusCode, responseH
   const rootSpan = web.root(req)
   if (!rootSpan) return
 
-  responseHeaders = { ...responseHeaders }
-  delete responseHeaders['set-cookie']
-
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_RESPONSE_CODE]: String(statusCode),
-      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders,
+      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: copyHeadersOmitting(responseHeaders, 'set-cookie'),
     },
   }, req)
 
@@ -540,14 +535,16 @@ function disable () {
   if (stripeConstructEvent.hasSubscribers) stripeConstructEvent.unsubscribe(onStripeConstructEvent)
 }
 
-// this is faster than Object.keys().length === 0
-function isEmptyObject (obj) {
-  // eslint-disable-next-line no-unreachable-loop
-  for (const _ in obj) {
-    return false
+/**
+ * @param {Record<string, unknown>} src
+ * @param {string} omit
+ */
+function copyHeadersOmitting (src, omit) {
+  const filtered = {}
+  for (const key of Object.keys(src)) {
+    if (key !== omit) filtered[key] = src[key]
   }
-
-  return true
+  return filtered
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/reporter.js

@@ -509,7 +509,9 @@ function finishRequest (req, res, storedResponseHeaders, requestBody) {
   if (!rootSpan) return
 
   if (metricsQueue.size) {
-    rootSpan.addTags(Object.fromEntries(metricsQueue))
+    for (const [key, value] of metricsQueue) {
+      rootSpan.setTag(key, value)
+    }
 
     keepTrace(rootSpan, ASM)
 

package/packages/dd-trace/src/appsec/rule_manager.js

@@ -142,12 +142,14 @@ function extractErrors (diagnostics) {
 
   for (const diagnosticKey of DIAGNOSTIC_KEYS) {
     if (diagnostics[diagnosticKey]?.error) {
-      (result[diagnosticKey] ??= {}).error = diagnostics[diagnosticKey]?.error
+      result[diagnosticKey] ??= {}
+      result[diagnosticKey].error = diagnostics[diagnosticKey]?.error
       isResultPopulated = true
     }
 
     if (diagnostics[diagnosticKey]?.errors) {
-      (result[diagnosticKey] ??= {}).errors = diagnostics[diagnosticKey]?.errors
+      result[diagnosticKey] ??= {}
+      result[diagnosticKey].errors = diagnostics[diagnosticKey]?.errors
       isResultPopulated = true
     }
   }

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -20,6 +20,20 @@ class WAFContextWrapper {
     this.knownAddresses = knownAddresses
     this.addressesToSkip = new Set()
     this.cachedUserIdResults = new Map()
+    // Reused across run() calls; Reporter.reportMetrics consumes it synchronously.
+    this.metrics = {
+      rulesVersion,
+      wafVersion,
+      wafTimeout: false,
+      duration: 0,
+      durationExt: 0,
+      blockTriggered: false,
+      ruleTriggered: false,
+      errorCode: null,
+      maxTruncatedString: null,
+      maxTruncatedContainerSize: null,
+      maxTruncatedContainerDepth: null,
+    }
   }
 
   run ({ persistent, ephemeral }, raspRule, req) {
@@ -44,7 +58,8 @@ class WAFContextWrapper {
 
     const payload = {}
     let payloadHasData = false
-    const newAddressesToSkip = new Set(this.addressesToSkip)
+    // Cloned lazily; only the preventDuplicateAddresses branch below adds to it.
+    let newAddressesToSkip
 
     if (persistent !== null && typeof persistent === 'object') {
       const persistentInputs = {}
@@ -55,6 +70,7 @@ class WAFContextWrapper {
           hasPersistentInputs = true
           persistentInputs[key] = persistent[key]
           if (preventDuplicateAddresses.has(key)) {
+            newAddressesToSkip ??= new Set(this.addressesToSkip)
             newAddressesToSkip.add(key)
           }
         }
@@ -85,19 +101,16 @@ class WAFContextWrapper {
 
     if (!payloadHasData) return
 
-    const metrics = {
-      rulesVersion: this.rulesVersion,
-      wafVersion: this.wafVersion,
-      wafTimeout: false,
-      duration: 0,
-      durationExt: 0,
-      blockTriggered: false,
-      ruleTriggered: false,
-      errorCode: null,
-      maxTruncatedString: null,
-      maxTruncatedContainerSize: null,
-      maxTruncatedContainerDepth: null,
-    }
+    const metrics = this.metrics
+    metrics.wafTimeout = false
+    metrics.duration = 0
+    metrics.durationExt = 0
+    metrics.blockTriggered = false
+    metrics.ruleTriggered = false
+    metrics.errorCode = null
+    metrics.maxTruncatedString = null
+    metrics.maxTruncatedContainerSize = null
+    metrics.maxTruncatedContainerDepth = null
 
     try {
       const start = process.hrtime.bigint()
@@ -106,7 +119,7 @@ class WAFContextWrapper {
 
       const end = process.hrtime.bigint()
 
-      metrics.durationExt = Number.parseInt(end - start) / 1e3
+      metrics.durationExt = Number(end - start) / 1e3
 
       if (typeof result.errorCode === 'number' && result.errorCode < 0) {
         const error = new Error('WAF code error')
@@ -123,7 +136,9 @@ class WAFContextWrapper {
         if (maxTruncatedContainerDepth) metrics.maxTruncatedContainerDepth = maxTruncatedContainerDepth
       }
 
-      this.addressesToSkip = newAddressesToSkip
+      if (newAddressesToSkip !== undefined) {
+        this.addressesToSkip = newAddressesToSkip
+      }
 
       const ruleTriggered = !!result.events?.length
 

package/packages/dd-trace/src/azure_metadata.js

@@ -3,10 +3,8 @@
 // Modeled after https://github.com/DataDog/libdatadog/blob/f3994857a59bb5679a65967138c5a3aec418a65f/ddcommon/src/azure_app_services.rs
 
 const os = require('os')
-const {
-  getEnvironmentVariable,
-  getValueFromEnvSources,
-} = require('./config/helper')
+const getConfig = require('./config')
+const { getEnvironmentVariable } = require('./config/helper')
 const { getIsAzureFunction } = require('./serverless')
 
 function extractSubscriptionID (ownerName) {
@@ -19,7 +17,20 @@ function extractSubscriptionID (ownerName) {
 }
 
 function extractResourceGroup (ownerName) {
-  return /.+\+(.+)-.+webspace(-Linux)?/.exec(ownerName)?.[1]
+  // WEBSITE_OWNER_NAME format: `<sub-id>+<rg>-<region>webspace[-Linux]`. Region
+  // names have no `-`; resource groups can. Plain string ops read more directly
+  // than `/.+\+(.+)-.+webspace(-Linux)?/` and avoid the engine backtracking
+  // through three `.+` quantifiers to land on the right `-`.
+  if (typeof ownerName !== 'string') return
+  const plusIdx = ownerName.indexOf('+')
+  if (plusIdx === -1) return
+  let rest = ownerName.slice(plusIdx + 1)
+  if (rest.endsWith('-Linux')) rest = rest.slice(0, -'-Linux'.length)
+  if (!rest.endsWith('webspace')) return
+  rest = rest.slice(0, -'webspace'.length)
+  const lastDash = rest.lastIndexOf('-')
+  if (lastDash === -1) return
+  return rest.slice(0, lastDash)
 }
 
 function buildResourceID (subscriptionID, siteName, resourceGroup) {
@@ -56,7 +67,7 @@ function buildMetadata () {
   const WEBSITE_SITE_NAME = getEnvironmentVariable('WEBSITE_SITE_NAME')
   const WEBSITE_SKU = getEnvironmentVariable('WEBSITE_SKU')
 
-  const DD_AZURE_RESOURCE_GROUP = getValueFromEnvSources('DD_AZURE_RESOURCE_GROUP')
+  const { DD_AZURE_RESOURCE_GROUP } = getConfig()
   const isAzureFunction = FUNCTIONS_EXTENSION_VERSION !== undefined && FUNCTIONS_WORKER_RUNTIME !== undefined
   const isFlexConsumptionAzureFunction = isAzureFunction && WEBSITE_SKU === 'FlexConsumption'
 

package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/index.js

@@ -120,7 +120,7 @@ class TestVisDynamicInstrumentation {
     })
 
     // Allow the parent to exit even if the worker is still running
-    this.worker.unref()
+    this.worker.unref?.()
 
     this.breakpointSetChannel.port2.on('message', (probeId) => {
       const resolve = probeIdToResolveBreakpointSet.get(probeId)
@@ -128,7 +128,7 @@ class TestVisDynamicInstrumentation {
         resolve()
         probeIdToResolveBreakpointSet.delete(probeId)
       }
-    }).unref()
+    }).unref?.()
 
     this.breakpointHitChannel.port2.on('message', ({ snapshot }) => {
       const { probe: { id: probeId } } = snapshot
@@ -138,7 +138,7 @@ class TestVisDynamicInstrumentation {
       } else {
         log.warn('Received a breakpoint hit for an unknown probe')
       }
-    }).unref()
+    }).unref?.()
 
     this.breakpointRemoveChannel.port2.on('message', (probeId) => {
       const resolve = probeIdToResolveBreakpointRemove.get(probeId)
@@ -146,7 +146,7 @@ class TestVisDynamicInstrumentation {
         resolve()
         probeIdToResolveBreakpointRemove.delete(probeId)
       }
-    }).unref()
+    }).unref?.()
   }
 }
 

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js

@@ -48,11 +48,13 @@ class CiVisibilityExporter extends BufferingExporter {
 
     const gitUploadTimeoutId = setTimeout(() => {
       this._resolveGit(new Error('Timeout while uploading git metadata'))
-    }, GIT_UPLOAD_TIMEOUT).unref()
+    }, GIT_UPLOAD_TIMEOUT)
+    gitUploadTimeoutId.unref?.()
 
     const canUseCiVisProtocolTimeoutId = setTimeout(() => {
       this._resolveCanUseCiVisProtocol(false)
-    }, CAN_USE_CI_VIS_PROTOCOL_TIMEOUT).unref()
+    }, CAN_USE_CI_VIS_PROTOCOL_TIMEOUT)
+    canUseCiVisProtocolTimeoutId.unref?.()
 
     this._gitUploadPromise = new Promise(resolve => {
       this._resolveGit = (err) => {

package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js

@@ -11,10 +11,12 @@ const {
   VITEST_WORKER_TRACE_PAYLOAD_CODE,
   VITEST_WORKER_LOGS_PAYLOAD_CODE,
 } = require('../../../plugins/util/test')
-const { getEnvironmentVariable, getValueFromEnvSources } = require('../../../config/helper')
+const getConfig = require('../../../config')
+const { getEnvironmentVariable } = require('../../../config/helper')
 const Writer = require('./writer')
 
 function getInterprocessTraceCode () {
+  const { DD_PLAYWRIGHT_WORKER, DD_VITEST_WORKER } = getConfig()
   if (getEnvironmentVariable('JEST_WORKER_ID')) {
     return JEST_WORKER_TRACE_PAYLOAD_CODE
   }
@@ -24,13 +26,13 @@ function getInterprocessTraceCode () {
   if (getEnvironmentVariable('MOCHA_WORKER_ID')) {
     return MOCHA_WORKER_TRACE_PAYLOAD_CODE
   }
-  if (getValueFromEnvSources('DD_PLAYWRIGHT_WORKER')) {
+  if (DD_PLAYWRIGHT_WORKER) {
     return PLAYWRIGHT_WORKER_TRACE_PAYLOAD_CODE
   }
   if (getEnvironmentVariable('TINYPOOL_WORKER_ID')) {
     return VITEST_WORKER_TRACE_PAYLOAD_CODE
   }
-  if (getValueFromEnvSources('DD_VITEST_WORKER')) {
+  if (DD_VITEST_WORKER) {
     return VITEST_WORKER_TRACE_PAYLOAD_CODE
   }
   return null
@@ -51,7 +53,7 @@ function getInterprocessLogsCode () {
   if (getEnvironmentVariable('TINYPOOL_WORKER_ID')) {
     return VITEST_WORKER_LOGS_PAYLOAD_CODE
   }
-  if (getValueFromEnvSources('DD_VITEST_WORKER')) {
+  if (getConfig().DD_VITEST_WORKER) {
     return VITEST_WORKER_LOGS_PAYLOAD_CODE
   }
   return null

package/packages/dd-trace/src/ci-visibility/requests/fs-cache.js

@@ -149,7 +149,7 @@ function touchLock (cacheKey) {
  */
 function startLockHeartbeat (cacheKey) {
   const interval = setInterval(() => touchLock(cacheKey), CACHE_LOCK_HEARTBEAT_MS)
-  interval.unref()
+  interval.unref?.()
   return () => {
     clearInterval(interval)
     try { fs.unlinkSync(getLockPath(cacheKey)) } catch { /* ignore */ }

package/packages/dd-trace/src/config/defaults.js

@@ -5,29 +5,18 @@ const util = require('util')
 
 const { DD_MAJOR } = require('../../../../version')
 const { parsers, transformers, telemetryTransformers, setWarnInvalidValue } = require('./parsers')
+const applyMajorOverrides = require('./major-overrides')
 const {
   supportedConfigurations,
 } = /** @type {import('./helper').SupportedConfigurationsJson} */ (require('./supported-configurations.json'))
 
+applyMajorOverrides(supportedConfigurations, DD_MAJOR)
+
 let log
 let seqId = 0
 const configWithOrigin = new Map()
 const parseErrors = new Map()
 
-if (DD_MAJOR >= 6) {
-  // Programmatic configuration of DD_IAST_SECURITY_CONTROLS_CONFIGURATION is not supported
-  // in newer major versions. This is special handled here until a better solution is found.
-  // TODO: Remove the programmatic configuration from supported-configurations.json once v5 is not supported anymore.
-  supportedConfigurations.DD_IAST_SECURITY_CONTROLS_CONFIGURATION[0].internalPropertyName =
-    supportedConfigurations.DD_IAST_SECURITY_CONTROLS_CONFIGURATION[0].configurationNames?.[0]
-  delete supportedConfigurations.DD_IAST_SECURITY_CONTROLS_CONFIGURATION[0].configurationNames
-} else {
-  // Default value for DD_TRACE_STARTUP_LOGS is 'false' in older major versions.
-  // This is special handled here until a better solution is found.
-  // TODO: Remove this here once v5 is not supported anymore.
-  supportedConfigurations.DD_TRACE_STARTUP_LOGS[0].default = 'false'
-}
-
 /**
  * Warns about an invalid value for an option and adds the error to the last telemetry entry if it is not already set.
  * Logging happens only if the error is not already set or the option name is different from the last telemetry entry.

package/packages/dd-trace/src/config/generated-config-types.d.ts

@@ -85,11 +85,12 @@ export interface GeneratedConfig {
   DD_CIVISIBILITY_TEST_MODULE_ID: string | undefined;
   DD_CIVISIBILITY_TEST_SESSION_ID: string | undefined;
   DD_CRASHTRACKING_ENABLED: boolean;
+  DD_CUSTOM_PARENT_ID: string | undefined;
   DD_CUSTOM_TRACE_ID: string | undefined;
   DD_ENABLE_LAGE_PACKAGE_NAME: boolean;
   DD_ENABLE_NX_SERVICE_NAME: boolean;
   DD_EXPERIMENTAL_PROPAGATE_PROCESS_TAGS_ENABLED: boolean;
-  DD_EXPERIMENTAL_TEST_OPT_GIT_CACHE_DIR: string;
+  DD_EXPERIMENTAL_TEST_OPT_GIT_CACHE_DIR: string | undefined;
   DD_EXPERIMENTAL_TEST_OPT_GIT_CACHE_ENABLED: boolean;
   DD_EXPERIMENTAL_TEST_OPT_SETTINGS_CACHE: string;
   DD_EXPERIMENTAL_TEST_REQUESTS_FS_CACHE: boolean;
@@ -243,6 +244,7 @@ export interface GeneratedConfig {
   DD_TRACE_ELASTIC_ELASTICSEARCH_ENABLED: boolean;
   DD_TRACE_ELASTIC_TRANSPORT_ENABLED: boolean;
   DD_TRACE_ELASTICSEARCH_ENABLED: boolean;
+  DD_TRACE_ELECTRON_ENABLED: boolean;
   DD_TRACE_ENCODING_DEBUG: boolean;
   DD_TRACE_EXPERIMENTAL_RUNTIME_ID_ENABLED: boolean;
   DD_TRACE_EXPERIMENTAL_SPAN_COUNTS: boolean;