npm - dd-trace - Versions diffs - 5.11.0 → 5.12.0 - Mend

dd-trace 5.11.0 → 5.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.11.0",
+  "version": "5.12.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",

package/packages/datadog-instrumentations/src/helpers/fetch.js CHANGED Viewed

@@ -7,11 +7,16 @@ exports.createWrapFetch = function createWrapFetch (Request, ch) {
     return function (input, init) {
       if (!ch.start.hasSubscribers) return fetch.apply(this, arguments)
-      const req = new Request(input, init)
-      const headers = req.headers
-      const ctx = { req, headers }
+      if (input instanceof Request) {
+        const ctx = { req: input }
-      return ch.tracePromise(() => fetch.call(this, req, { headers: ctx.headers }), ctx)
+        return ch.tracePromise(() => fetch.call(this, input, init), ctx)
+      } else {
+        const req = new Request(input, init)
+        const ctx = { req }
+        return ch.tracePromise(() => fetch.call(this, req), ctx)
+      }
     }
   }
 }

package/packages/datadog-instrumentations/src/openai.js CHANGED Viewed

@@ -10,6 +10,98 @@ const startCh = channel('apm:openai:request:start')
 const finishCh = channel('apm:openai:request:finish')
 const errorCh = channel('apm:openai:request:error')
+const V4_PACKAGE_SHIMS = [
+  {
+    file: 'resources/chat/completions.js',
+    targetClass: 'Completions',
+    baseResource: 'chat.completions',
+    methods: ['create']
+  },
+  {
+    file: 'resources/completions.js',
+    targetClass: 'Completions',
+    baseResource: 'completions',
+    methods: ['create']
+  },
+  {
+    file: 'resources/embeddings.js',
+    targetClass: 'Embeddings',
+    baseResource: 'embeddings',
+    methods: ['create']
+  },
+  {
+    file: 'resources/files.js',
+    targetClass: 'Files',
+    baseResource: 'files',
+    methods: ['create', 'del', 'list', 'retrieve']
+  },
+  {
+    file: 'resources/files.js',
+    targetClass: 'Files',
+    baseResource: 'files',
+    methods: ['retrieveContent'],
+    versions: ['>=4.0.0 <4.17.1']
+  },
+  {
+    file: 'resources/files.js',
+    targetClass: 'Files',
+    baseResource: 'files',
+    methods: ['content'], // replaced `retrieveContent` in v4.17.1
+    versions: ['>=4.17.1']
+  },
+  {
+    file: 'resources/images.js',
+    targetClass: 'Images',
+    baseResource: 'images',
+    methods: ['createVariation', 'edit', 'generate']
+  },
+  {
+    file: 'resources/fine-tuning/jobs/jobs.js',
+    targetClass: 'Jobs',
+    baseResource: 'fine_tuning.jobs',
+    methods: ['cancel', 'create', 'list', 'listEvents', 'retrieve'],
+    versions: ['>=4.34.0'] // file location changed in 4.34.0
+  },
+  {
+    file: 'resources/fine-tuning/jobs.js',
+    targetClass: 'Jobs',
+    baseResource: 'fine_tuning.jobs',
+    methods: ['cancel', 'create', 'list', 'listEvents', 'retrieve'],
+    versions: ['>=4.1.0 <4.34.0']
+  },
+  {
+    file: 'resources/fine-tunes.js', // deprecated after 4.1.0
+    targetClass: 'FineTunes',
+    baseResource: 'fine-tune',
+    methods: ['cancel', 'create', 'list', 'listEvents', 'retrieve'],
+    versions: ['>=4.0.0 <4.1.0']
+  },
+  {
+    file: 'resources/models.js',
+    targetClass: 'Models',
+    baseResource: 'models',
+    methods: ['del', 'list', 'retrieve']
+  },
+  {
+    file: 'resources/moderations.js',
+    targetClass: 'Moderations',
+    baseResource: 'moderations',
+    methods: ['create']
+  },
+  {
+    file: 'resources/audio/transcriptions.js',
+    targetClass: 'Transcriptions',
+    baseResource: 'audio.transcriptions',
+    methods: ['create']
+  },
+  {
+    file: 'resources/audio/translations.js',
+    targetClass: 'Translations',
+    baseResource: 'audio.translations',
+    methods: ['create']
+  }
+]
 addHook({ name: 'openai', file: 'dist/api.js', versions: ['>=3.0.0 <4'] }, exports => {
   const methodNames = Object.getOwnPropertyNames(exports.OpenAIApi.prototype)
   methodNames.shift() // remove leading 'constructor' method
@@ -48,3 +140,60 @@ addHook({ name: 'openai', file: 'dist/api.js', versions: ['>=3.0.0 <4'] }, expor
   return exports
 })
+for (const shim of V4_PACKAGE_SHIMS) {
+  const { file, targetClass, baseResource, methods } = shim
+  addHook({ name: 'openai', file, versions: shim.versions || ['>=4'] }, exports => {
+    const targetPrototype = exports[targetClass].prototype
+    for (const methodName of methods) {
+      shimmer.wrap(targetPrototype, methodName, methodFn => function () {
+        if (!startCh.hasSubscribers) {
+          return methodFn.apply(this, arguments)
+        }
+        const client = this._client || this.client
+        startCh.publish({
+          methodName: `${baseResource}.${methodName}`,
+          args: arguments,
+          basePath: client.baseURL,
+          apiKey: client.apiKey
+        })
+        const apiProm = methodFn.apply(this, arguments)
+        // wrapping `parse` avoids problematic wrapping of `then` when trying to call
+        // `withResponse` in userland code after. This way, we can return the whole `APIPromise`
+        shimmer.wrap(apiProm, 'parse', origApiPromParse => function () {
+          return origApiPromParse.apply(this, arguments)
+            // the original response is wrapped in a promise, so we need to unwrap it
+            .then(body => Promise.all([this.responsePromise, body]))
+            .then(([{ response, options }, body]) => {
+              finishCh.publish({
+                headers: response.headers,
+                body,
+                path: response.url,
+                method: options.method
+              })
+              return body
+            })
+            .catch(err => {
+              errorCh.publish({ err })
+              throw err
+            })
+            .finally(() => {
+              // maybe we don't want to unwrap here in case the promise is re-used?
+              // other hand: we want to avoid resource leakage
+              shimmer.unwrap(apiProm, 'parse')
+            })
+        })
+        return apiProm
+      })
+    }
+    return exports
+  })
+}

package/packages/datadog-plugin-fetch/src/index.js CHANGED Viewed

@@ -17,8 +17,11 @@ class FetchPlugin extends HttpClientPlugin {
     const store = super.bindStart(ctx)
-    ctx.headers = headers
-    ctx.req = new globalThis.Request(req, { headers })
+    for (const name in headers) {
+      if (!req.headers.has(name)) {
+        req.headers.set(name, headers[name])
+      }
+    }
     return store
   }

package/packages/datadog-plugin-openai/src/index.js CHANGED Viewed

@@ -84,7 +84,7 @@ class OpenApiPlugin extends TracingPlugin {
     const tags = {} // The remaining tags are added one at a time
     // createChatCompletion, createCompletion, createImage, createImageEdit, createTranscription, createTranslation
-    if ('prompt' in payload) {
+    if (payload.prompt) {
       const prompt = payload.prompt
       store.prompt = prompt
       if (typeof prompt === 'string' || (Array.isArray(prompt) && typeof prompt[0] === 'number')) {
@@ -99,7 +99,7 @@ class OpenApiPlugin extends TracingPlugin {
     }
     // createEdit, createEmbedding, createModeration
-    if ('input' in payload) {
+    if (payload.input) {
       const normalized = normalizeStringOrTokenArray(payload.input, false)
       tags['openai.request.input'] = truncateText(normalized)
       store.input = normalized
@@ -114,41 +114,60 @@ class OpenApiPlugin extends TracingPlugin {
     switch (methodName) {
       case 'createFineTune':
+      case 'fine_tuning.jobs.create':
+      case 'fine-tune.create':
         createFineTuneRequestExtraction(tags, payload)
         break
       case 'createImage':
+      case 'images.generate':
       case 'createImageEdit':
+      case 'images.edit':
       case 'createImageVariation':
+      case 'images.createVariation':
         commonCreateImageRequestExtraction(tags, payload, store)
         break
       case 'createChatCompletion':
+      case 'chat.completions.create':
         createChatCompletionRequestExtraction(tags, payload, store)
         break
       case 'createFile':
+      case 'files.create':
       case 'retrieveFile':
+      case 'files.retrieve':
         commonFileRequestExtraction(tags, payload)
         break
       case 'createTranscription':
+      case 'audio.transcriptions.create':
       case 'createTranslation':
+      case 'audio.translations.create':
         commonCreateAudioRequestExtraction(tags, payload, store)
         break
       case 'retrieveModel':
+      case 'models.retrieve':
         retrieveModelRequestExtraction(tags, payload)
         break
       case 'listFineTuneEvents':
+      case 'fine_tuning.jobs.listEvents':
+      case 'fine-tune.listEvents':
       case 'retrieveFineTune':
+      case 'fine_tuning.jobs.retrieve':
+      case 'fine-tune.retrieve':
       case 'deleteModel':
+      case 'models.del':
       case 'cancelFineTune':
+      case 'fine_tuning.jobs.cancel':
+      case 'fine-tune.cancel':
         commonLookupFineTuneRequestExtraction(tags, payload)
         break
       case 'createEdit':
+      case 'edits.create':
         createEditRequestExtraction(tags, payload, store)
         break
     }
@@ -157,6 +176,10 @@ class OpenApiPlugin extends TracingPlugin {
   }
   finish ({ headers, body, method, path }) {
+    if (headers.constructor.name === 'Headers') {
+      headers = Object.fromEntries(headers)
+    }
     const span = this.activeSpan
     const methodName = span._spanContext._tags['resource.name']
@@ -165,11 +188,16 @@ class OpenApiPlugin extends TracingPlugin {
     const fullStore = storage.getStore()
     const store = fullStore.openai
+    if (path.startsWith('https://') || path.startsWith('http://')) {
+      // basic checking for if the path was set as a full URL
+      // not using a full regex as it will likely be "https://api.openai.com/..."
+      path = new URL(path).pathname
+    }
     const endpoint = lookupOperationEndpoint(methodName, path)
     const tags = {
       'openai.request.endpoint': endpoint,
-      'openai.request.method': method,
+      'openai.request.method': method.toUpperCase(),
       'openai.organization.id': body.organization_id, // only available in fine-tunes endpoints
       'openai.organization.name': headers['openai-organization'],
@@ -220,7 +248,7 @@ class OpenApiPlugin extends TracingPlugin {
     this.metrics.distribution('openai.request.duration', duration * 1000, tags)
-    if (body && ('usage' in body)) {
+    if (body && body.usage) {
       const promptTokens = body.usage.prompt_tokens
       const completionTokens = body.usage.completion_tokens
       this.metrics.distribution('openai.tokens.prompt', promptTokens, tags)
@@ -228,19 +256,19 @@ class OpenApiPlugin extends TracingPlugin {
       this.metrics.distribution('openai.tokens.total', promptTokens + completionTokens, tags)
     }
-    if ('x-ratelimit-limit-requests' in headers) {
+    if (headers['x-ratelimit-limit-requests']) {
       this.metrics.gauge('openai.ratelimit.requests', Number(headers['x-ratelimit-limit-requests']), tags)
     }
-    if ('x-ratelimit-remaining-requests' in headers) {
+    if (headers['x-ratelimit-remaining-requests']) {
       this.metrics.gauge('openai.ratelimit.remaining.requests', Number(headers['x-ratelimit-remaining-requests']), tags)
     }
-    if ('x-ratelimit-limit-tokens' in headers) {
+    if (headers['x-ratelimit-limit-tokens']) {
       this.metrics.gauge('openai.ratelimit.tokens', Number(headers['x-ratelimit-limit-tokens']), tags)
     }
-    if ('x-ratelimit-remaining-tokens' in headers) {
+    if (headers['x-ratelimit-remaining-tokens']) {
       this.metrics.gauge('openai.ratelimit.remaining.tokens', Number(headers['x-ratelimit-remaining-tokens']), tags)
     }
   }
@@ -275,17 +303,18 @@ function createChatCompletionRequestExtraction (tags, payload, store) {
   store.messages = payload.messages
   for (let i = 0; i < payload.messages.length; i++) {
     const message = payload.messages[i]
-    tags[`openai.request.${i}.content`] = truncateText(message.content)
-    tags[`openai.request.${i}.role`] = message.role
-    tags[`openai.request.${i}.name`] = message.name
-    tags[`openai.request.${i}.finish_reason`] = message.finish_reason
+    tags[`openai.request.messages.${i}.content`] = truncateText(message.content)
+    tags[`openai.request.messages.${i}.role`] = message.role
+    tags[`openai.request.messages.${i}.name`] = message.name
+    tags[`openai.request.messages.${i}.finish_reason`] = message.finish_reason
   }
 }
 function commonCreateImageRequestExtraction (tags, payload, store) {
   // createImageEdit, createImageVariation
-  if (payload.file && typeof payload.file === 'object' && payload.file.path) {
-    const file = path.basename(payload.file.path)
+  const img = payload.file || payload.image
+  if (img && typeof img === 'object' && img.path) {
+    const file = path.basename(img.path)
     tags['openai.request.image'] = file
     store.file = file
   }
@@ -305,60 +334,88 @@ function commonCreateImageRequestExtraction (tags, payload, store) {
 function responseDataExtractionByMethod (methodName, tags, body, store) {
   switch (methodName) {
     case 'createModeration':
+    case 'moderations.create':
       createModerationResponseExtraction(tags, body)
       break
     case 'createCompletion':
+    case 'completions.create':
     case 'createChatCompletion':
+    case 'chat.completions.create':
     case 'createEdit':
+    case 'edits.create':
       commonCreateResponseExtraction(tags, body, store)
       break
     case 'listFiles':
+    case 'files.list':
     case 'listFineTunes':
+    case 'fine_tuning.jobs.list':
+    case 'fine-tune.list':
     case 'listFineTuneEvents':
+    case 'fine_tuning.jobs.listEvents':
+    case 'fine-tune.listEvents':
       commonListCountResponseExtraction(tags, body)
       break
     case 'createEmbedding':
+    case 'embeddings.create':
       createEmbeddingResponseExtraction(tags, body)
       break
     case 'createFile':
+    case 'files.create':
     case 'retrieveFile':
+    case 'files.retrieve':
       createRetrieveFileResponseExtraction(tags, body)
       break
     case 'deleteFile':
+    case 'files.del':
       deleteFileResponseExtraction(tags, body)
       break
     case 'downloadFile':
+    case 'files.retrieveContent':
+    case 'files.content':
       downloadFileResponseExtraction(tags, body)
       break
     case 'createFineTune':
+    case 'fine_tuning.jobs.create':
+    case 'fine-tune.create':
     case 'retrieveFineTune':
+    case 'fine_tuning.jobs.retrieve':
+    case 'fine-tune.retrieve':
     case 'cancelFineTune':
+    case 'fine_tuning.jobs.cancel':
+    case 'fine-tune.cancel':
       commonFineTuneResponseExtraction(tags, body)
       break
     case 'createTranscription':
+    case 'audio.transcriptions.create':
     case 'createTranslation':
+    case 'audio.translations.create':
       createAudioResponseExtraction(tags, body)
       break
     case 'createImage':
+    case 'images.generate':
     case 'createImageEdit':
+    case 'images.edit':
     case 'createImageVariation':
+    case 'images.createVariation':
       commonImageResponseExtraction(tags, body)
       break
     case 'listModels':
+    case 'models.list':
       listModelsResponseExtraction(tags, body)
       break
     case 'retrieveModel':
+    case 'models.retrieve':
       retrieveModelResponseExtraction(tags, body)
       break
   }
@@ -431,15 +488,19 @@ function createFineTuneRequestExtraction (tags, body) {
 function commonFineTuneResponseExtraction (tags, body) {
   tags['openai.response.events_count'] = defensiveArrayLength(body.events)
   tags['openai.response.fine_tuned_model'] = body.fine_tuned_model
-  if (body.hyperparams) {
-    tags['openai.response.hyperparams.n_epochs'] = body.hyperparams.n_epochs
-    tags['openai.response.hyperparams.batch_size'] = body.hyperparams.batch_size
-    tags['openai.response.hyperparams.prompt_loss_weight'] = body.hyperparams.prompt_loss_weight
-    tags['openai.response.hyperparams.learning_rate_multiplier'] = body.hyperparams.learning_rate_multiplier
+  const hyperparams = body.hyperparams || body.hyperparameters
+  const hyperparamsKey = body.hyperparams ? 'hyperparams' : 'hyperparameters'
+  if (hyperparams) {
+    tags[`openai.response.${hyperparamsKey}.n_epochs`] = hyperparams.n_epochs
+    tags[`openai.response.${hyperparamsKey}.batch_size`] = hyperparams.batch_size
+    tags[`openai.response.${hyperparamsKey}.prompt_loss_weight`] = hyperparams.prompt_loss_weight
+    tags[`openai.response.${hyperparamsKey}.learning_rate_multiplier`] = hyperparams.learning_rate_multiplier
   }
-  tags['openai.response.training_files_count'] = defensiveArrayLength(body.training_files)
+  tags['openai.response.training_files_count'] = defensiveArrayLength(body.training_files || body.training_file)
   tags['openai.response.result_files_count'] = defensiveArrayLength(body.result_files)
-  tags['openai.response.validation_files_count'] = defensiveArrayLength(body.validation_files)
+  tags['openai.response.validation_files_count'] = defensiveArrayLength(body.validation_files || body.validation_file)
   tags['openai.response.updated_at'] = body.updated_at
   tags['openai.response.status'] = body.status
 }
@@ -528,18 +589,31 @@ function commonCreateResponseExtraction (tags, body, store) {
   store.choices = body.choices
-  for (let i = 0; i < body.choices.length; i++) {
-    const choice = body.choices[i]
-    tags[`openai.response.choices.${i}.finish_reason`] = choice.finish_reason
-    tags[`openai.response.choices.${i}.logprobs`] = ('logprobs' in choice) ? 'returned' : undefined
-    tags[`openai.response.choices.${i}.text`] = truncateText(choice.text)
+  for (let choiceIdx = 0; choiceIdx < body.choices.length; choiceIdx++) {
+    const choice = body.choices[choiceIdx]
+    // logprobs can be nullm and we still want to tag it as 'returned' even when set to 'null'
+    const specifiesLogProb = Object.keys(choice).indexOf('logprobs') !== -1
+    tags[`openai.response.choices.${choiceIdx}.finish_reason`] = choice.finish_reason
+    tags[`openai.response.choices.${choiceIdx}.logprobs`] = specifiesLogProb ? 'returned' : undefined
+    tags[`openai.response.choices.${choiceIdx}.text`] = truncateText(choice.text)
     // createChatCompletion only
-    if ('message' in choice) {
+    if (choice.message) {
       const message = choice.message
-      tags[`openai.response.choices.${i}.message.role`] = message.role
-      tags[`openai.response.choices.${i}.message.content`] = truncateText(message.content)
-      tags[`openai.response.choices.${i}.message.name`] = truncateText(message.name)
+      tags[`openai.response.choices.${choiceIdx}.message.role`] = message.role
+      tags[`openai.response.choices.${choiceIdx}.message.content`] = truncateText(message.content)
+      tags[`openai.response.choices.${choiceIdx}.message.name`] = truncateText(message.name)
+      if (message.tool_calls) {
+        const toolCalls = message.tool_calls
+        for (let toolIdx = 0; toolIdx < toolCalls.length; toolIdx++) {
+          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.name`] =
+            toolCalls[toolIdx].function.name
+          tags[`openai.response.choices.${choiceIdx}.message.tool_calls.${toolIdx}.arguments`] =
+            toolCalls[toolIdx].function.arguments
+        }
+      }
     }
   }
 }
@@ -577,34 +651,62 @@ function truncateText (text) {
 function coerceResponseBody (body, methodName) {
   switch (methodName) {
     case 'downloadFile':
+    case 'files.retrieveContent':
+    case 'files.content':
       return { file: body }
   }
-  return typeof body === 'object' ? body : {}
+  const type = typeof body
+  if (type === 'string') {
+    try {
+      return JSON.parse(body)
+    } catch {
+      return body
+    }
+  } else if (type === 'object') {
+    return body
+  } else {
+    return {}
+  }
 }
 // This method is used to replace a dynamic URL segment with an asterisk
 function lookupOperationEndpoint (operationId, url) {
   switch (operationId) {
     case 'deleteModel':
+    case 'models.del':
     case 'retrieveModel':
+    case 'models.retrieve':
       return '/v1/models/*'
     case 'deleteFile':
+    case 'files.del':
     case 'retrieveFile':
+    case 'files.retrieve':
       return '/v1/files/*'
     case 'downloadFile':
+    case 'files.retrieveContent':
+    case 'files.content':
       return '/v1/files/*/content'
     case 'retrieveFineTune':
+    case 'fine-tune.retrieve':
       return '/v1/fine-tunes/*'
+    case 'fine_tuning.jobs.retrieve':
+      return '/v1/fine_tuning/jobs/*'
     case 'listFineTuneEvents':
+    case 'fine-tune.listEvents':
       return '/v1/fine-tunes/*/events'
+    case 'fine_tuning.jobs.listEvents':
+      return '/v1/fine_tuning/jobs/*/events'
     case 'cancelFineTune':
+    case 'fine-tune.cancel':
       return '/v1/fine-tunes/*/cancel'
+    case 'fine_tuning.jobs.cancel':
+      return '/v1/fine_tuning/jobs/*/cancel'
   }
   return url
@@ -618,12 +720,17 @@ function lookupOperationEndpoint (operationId, url) {
 function normalizeRequestPayload (methodName, args) {
   switch (methodName) {
     case 'listModels':
+    case 'models.list':
     case 'listFiles':
+    case 'files.list':
     case 'listFineTunes':
+    case 'fine_tuning.jobs.list':
+    case 'fine-tune.list':
       // no argument
       return {}
     case 'retrieveModel':
+    case 'models.retrieve':
       return { id: args[0] }
     case 'createFile':
@@ -633,19 +740,30 @@ function normalizeRequestPayload (methodName, args) {
       }
     case 'deleteFile':
+    case 'files.del':
     case 'retrieveFile':
+    case 'files.retrieve':
     case 'downloadFile':
+    case 'files.retrieveContent':
+    case 'files.content':
       return { file_id: args[0] }
     case 'listFineTuneEvents':
+    case 'fine_tuning.jobs.listEvents':
+    case 'fine-tune.listEvents':
       return {
         fine_tune_id: args[0],
         stream: args[1] // undocumented
       }
     case 'retrieveFineTune':
+    case 'fine_tuning.jobs.retrieve':
+    case 'fine-tune.retrieve':
     case 'deleteModel':
+    case 'models.del':
     case 'cancelFineTune':
+    case 'fine_tuning.jobs.cancel':
+    case 'fine-tune.cancel':
       return { fine_tune_id: args[0] }
     case 'createImageEdit':
@@ -702,7 +820,16 @@ function normalizeStringOrTokenArray (input, truncate) {
 }
 function defensiveArrayLength (maybeArray) {
-  return Array.isArray(maybeArray) ? maybeArray.length : undefined
+  if (maybeArray) {
+    if (Array.isArray(maybeArray)) {
+      return maybeArray.length
+    } else {
+      // case of a singular item (ie body.training_file vs body.training_files)
+      return 1
+    }
+  }
+  return undefined
 }
 module.exports = OpenApiPlugin

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js CHANGED Viewed

@@ -4,7 +4,7 @@ const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
 const iastLog = require('../iast-log')
-function taintObject (iastContext, object, type, keyTainting, keyType) {
+function taintObject (iastContext, object, type) {
   let result = object
   const transactionId = iastContext?.[IAST_TRANSACTION_ID]
   if (transactionId) {
@@ -22,9 +22,6 @@ function taintObject (iastContext, object, type, keyTainting, keyType) {
           const tainted = TaintedUtils.newTaintedString(transactionId, value, property, type)
           if (!parent) {
             result = tainted
-          } else if (keyTainting && key) {
-            const taintedProperty = TaintedUtils.newTaintedString(transactionId, key, property, keyType)
-            parent[taintedProperty] = tainted
           } else {
             parent[key] = tainted
           }
@@ -34,11 +31,6 @@ function taintObject (iastContext, object, type, keyTainting, keyType) {
           for (const key of Object.keys(value)) {
             queue.push({ parent: value, property: property ? `${property}.${key}` : key, value: value[key], key })
           }
-          if (parent && keyTainting && key) {
-            const taintedProperty = TaintedUtils.newTaintedString(transactionId, key, property, keyType)
-            parent[taintedProperty] = value
-          }
         }
       } catch (e) {
         iastLog.error(`Error visiting property : ${property}`).errorAndPublish(e)

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -95,12 +95,14 @@ class TaintTrackingPlugin extends SourceIastPlugin {
   _cookiesTaintTrackingHandler (target) {
     const iastContext = getIastContext(storage.getStore())
-    taintObject(iastContext, target, HTTP_REQUEST_COOKIE_VALUE, true, HTTP_REQUEST_COOKIE_NAME)
+    // Prevent tainting cookie names since it leads to taint literal string with same value.
+    taintObject(iastContext, target, HTTP_REQUEST_COOKIE_VALUE)
   }
   taintHeaders (headers, iastContext) {
+    // Prevent tainting header names since it leads to taint literal string with same value.
     this.execSource({
-      handler: () => taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE, true, HTTP_REQUEST_HEADER_NAME),
+      handler: () => taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE),
       tags: REQ_HEADER_TAGS,
       iastContext
     })

package/packages/dd-trace/src/appsec/remote_config/index.js CHANGED Viewed

@@ -8,7 +8,7 @@ const apiSecuritySampler = require('../api_security_sampler')
 let rc
-function enable (config) {
+function enable (config, appsec) {
   rc = new RemoteConfigManager(config)
   rc.updateCapabilities(RemoteConfigCapabilities.APM_TRACING_CUSTOM_TAGS, true)
   rc.updateCapabilities(RemoteConfigCapabilities.APM_TRACING_HTTP_HEADER_TAGS, true)
@@ -31,7 +31,7 @@ function enable (config) {
       if (!rcConfig) return
       if (activation === Activation.ONECLICK) {
-        enableOrDisableAppsec(action, rcConfig, config)
+        enableOrDisableAppsec(action, rcConfig, config, appsec)
       }
       apiSecuritySampler.setRequestSampling(rcConfig.api_security?.request_sample_rate)
@@ -41,7 +41,7 @@ function enable (config) {
   return rc
 }
-function enableOrDisableAppsec (action, rcConfig, config) {
+function enableOrDisableAppsec (action, rcConfig, config, appsec) {
   if (typeof rcConfig.asm?.enabled === 'boolean') {
     let shouldEnable
@@ -52,9 +52,9 @@ function enableOrDisableAppsec (action, rcConfig, config) {
     }
     if (shouldEnable) {
-      require('..').enable(config)
+      appsec.enable(config)
     } else {
-      require('..').disable()
+      appsec.disable()
     }
   }
 }

package/packages/dd-trace/src/proxy.js CHANGED Viewed

@@ -15,6 +15,21 @@ const NoopDogStatsDClient = require('./noop/dogstatsd')
 const spanleak = require('./spanleak')
 const { SSITelemetry } = require('./profiling/ssi-telemetry')
+class LazyModule {
+  constructor (provider) {
+    this.provider = provider
+  }
+  enable (...args) {
+    this.module = this.provider()
+    this.module.enable(...args)
+  }
+  disable () {
+    this.module?.disable()
+  }
+}
 class Tracer extends NoopProxy {
   constructor () {
     super()
@@ -24,6 +39,12 @@ class Tracer extends NoopProxy {
     this._pluginManager = new PluginManager(this)
     this.dogstatsd = new NoopDogStatsDClient()
     this._tracingInitialized = false
+    // these requires must work with esm bundler
+    this._modules = {
+      appsec: new LazyModule(() => require('./appsec')),
+      iast: new LazyModule(() => require('./appsec/iast'))
+    }
   }
   init (options) {
@@ -58,7 +79,7 @@ class Tracer extends NoopProxy {
       }
       if (config.remoteConfig.enabled && !config.isCiVisibility) {
-        const rc = remoteConfig.enable(config)
+        const rc = remoteConfig.enable(config, this._modules.appsec)
         rc.on('APM_TRACING', (action, conf) => {
           if (action === 'unapply') {
@@ -113,9 +134,8 @@ class Tracer extends NoopProxy {
   _enableOrDisableTracing (config) {
     if (config.tracing !== false) {
-      // dirty require for now so zero appsec code is executed unless explicitly enabled
       if (config.appsec.enabled) {
-        require('./appsec').enable(config)
+        this._modules.appsec.enable(config)
       }
       if (!this._tracingInitialized) {
         this._tracer = new DatadogTracer(config)
@@ -123,11 +143,11 @@ class Tracer extends NoopProxy {
         this._tracingInitialized = true
       }
       if (config.iast.enabled) {
-        require('./appsec/iast').enable(config, this._tracer)
+        this._modules.iast.enable(config, this._tracer)
       }
     } else if (this._tracingInitialized) {
-      require('./appsec').disable()
-      require('./appsec/iast').disable()
+      this._modules.appsec.disable()
+      this._modules.iast.disable()
     }
     if (this._tracingInitialized) {