dd-trace 5.16.0 → 5.17.0

package/index.d.ts

@@ -197,6 +197,7 @@ interface Plugins {
   "selenium": tracer.plugins.selenium;
   "sharedb": tracer.plugins.sharedb;
   "tedious": tracer.plugins.tedious;
+  "undici": tracer.plugins.undici;
   "winston": tracer.plugins.winston;
 }
 
@@ -1800,6 +1801,12 @@ declare namespace tracer {
      */
     interface tedious extends Instrumentation {}
 
+    /**
+     * This plugin automatically instruments the
+     * [undici](https://github.com/nodejs/undici) module.
+     */
+    interface undici extends HttpClient {}
+
     /**
      * This plugin patches the [winston](https://github.com/winstonjs/winston)
      * to automatically inject trace identifiers in log records when the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.16.0",
+  "version": "5.17.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",

package/packages/datadog-instrumentations/src/helpers/hooks.js

@@ -109,6 +109,7 @@ module.exports = {
   sequelize: () => require('../sequelize'),
   sharedb: () => require('../sharedb'),
   tedious: () => require('../tedious'),
+  undici: () => require('../undici'),
   when: () => require('../when'),
   winston: () => require('../winston')
 }

package/packages/datadog-instrumentations/src/http/server.js

@@ -10,6 +10,7 @@ const startServerCh = channel('apm:http:server:request:start')
 const exitServerCh = channel('apm:http:server:request:exit')
 const errorServerCh = channel('apm:http:server:request:error')
 const finishServerCh = channel('apm:http:server:request:finish')
+const startWriteHeadCh = channel('apm:http:server:response:writeHead:start')
 const finishSetHeaderCh = channel('datadog:http:server:response:set-header:finish')
 
 const requestFinishedSet = new WeakSet()
@@ -20,6 +21,9 @@ const httpsNames = ['https', 'node:https']
 addHook({ name: httpNames }, http => {
   shimmer.wrap(http.ServerResponse.prototype, 'emit', wrapResponseEmit)
   shimmer.wrap(http.Server.prototype, 'emit', wrapEmit)
+  shimmer.wrap(http.ServerResponse.prototype, 'writeHead', wrapWriteHead)
+  shimmer.wrap(http.ServerResponse.prototype, 'write', wrapWrite)
+  shimmer.wrap(http.ServerResponse.prototype, 'end', wrapEnd)
   return http
 })
 
@@ -86,3 +90,97 @@ function wrapSetHeader (res) {
     }
   })
 }
+
+function wrapWriteHead (writeHead) {
+  return function wrappedWriteHead (statusCode, reason, obj) {
+    if (!startWriteHeadCh.hasSubscribers) {
+      return writeHead.apply(this, arguments)
+    }
+
+    const abortController = new AbortController()
+
+    if (typeof reason !== 'string') {
+      obj ??= reason
+    }
+
+    // support writeHead(200, ['key1', 'val1', 'key2', 'val2'])
+    if (Array.isArray(obj)) {
+      const headers = {}
+
+      for (let i = 0; i < obj.length; i += 2) {
+        headers[obj[i]] = obj[i + 1]
+      }
+
+      obj = headers
+    }
+
+    // this doesn't support explicit duplicate headers, but it's an edge case
+    const responseHeaders = Object.assign(this.getHeaders(), obj)
+
+    startWriteHeadCh.publish({
+      req: this.req,
+      res: this,
+      abortController,
+      statusCode,
+      responseHeaders
+    })
+
+    if (abortController.signal.aborted) {
+      return this
+    }
+
+    return writeHead.apply(this, arguments)
+  }
+}
+
+function wrapWrite (write) {
+  return function wrappedWrite () {
+    if (!startWriteHeadCh.hasSubscribers) {
+      return write.apply(this, arguments)
+    }
+
+    const abortController = new AbortController()
+
+    const responseHeaders = this.getHeaders()
+
+    startWriteHeadCh.publish({
+      req: this.req,
+      res: this,
+      abortController,
+      statusCode: this.statusCode,
+      responseHeaders
+    })
+
+    if (abortController.signal.aborted) {
+      return true
+    }
+
+    return write.apply(this, arguments)
+  }
+}
+
+function wrapEnd (end) {
+  return function wrappedEnd () {
+    if (!startWriteHeadCh.hasSubscribers) {
+      return end.apply(this, arguments)
+    }
+
+    const abortController = new AbortController()
+
+    const responseHeaders = this.getHeaders()
+
+    startWriteHeadCh.publish({
+      req: this.req,
+      res: this,
+      abortController,
+      statusCode: this.statusCode,
+      responseHeaders
+    })
+
+    if (abortController.signal.aborted) {
+      return this
+    }
+
+    return end.apply(this, arguments)
+  }
+}

package/packages/datadog-instrumentations/src/undici.js

@@ -0,0 +1,18 @@
+'use strict'
+
+const {
+  addHook
+} = require('./helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+
+const tracingChannel = require('dc-polyfill').tracingChannel
+const ch = tracingChannel('apm:undici:fetch')
+
+const { createWrapFetch } = require('./helpers/fetch')
+
+addHook({
+  name: 'undici',
+  versions: ['^4.4.1', '5', '>=6.0.0']
+}, undici => {
+  return shimmer.wrap(undici, 'fetch', createWrapFetch(undici.Request, ch))
+})

package/packages/datadog-plugin-undici/src/index.js

@@ -0,0 +1,12 @@
+'use strict'
+
+const FetchPlugin = require('../../datadog-plugin-fetch/src/index.js')
+
+class UndiciPlugin extends FetchPlugin {
+  static get id () { return 'undici' }
+  static get prefix () {
+    return 'tracing:apm:undici:fetch'
+  }
+}
+
+module.exports = UndiciPlugin

package/packages/dd-trace/src/appsec/blocking.js

@@ -111,6 +111,10 @@ function block (req, res, rootSpan, abortController, actionParameters) {
 
   const { body, headers, statusCode } = getBlockingData(req, null, rootSpan, actionParameters)
 
+  for (const headerName of res.getHeaderNames()) {
+    res.removeHeader(headerName)
+  }
+
   res.writeHead(statusCode, headers).end(body)
 
   abortController?.abort()

package/packages/dd-trace/src/appsec/channels.js

@@ -18,5 +18,6 @@ module.exports = {
   nextBodyParsed: dc.channel('apm:next:body-parsed'),
   nextQueryParsed: dc.channel('apm:next:query-parsed'),
   responseBody: dc.channel('datadog:express:response:json:start'),
+  responseWriteHead: dc.channel('apm:http:server:response:writeHead:start'),
   httpClientRequestStart: dc.channel('apm:http:client:request:start')
 }

package/packages/dd-trace/src/appsec/index.js

@@ -12,7 +12,8 @@ const {
   queryParser,
   nextBodyParsed,
   nextQueryParsed,
-  responseBody
+  responseBody,
+  responseWriteHead
 } = require('./channels')
 const waf = require('./waf')
 const addresses = require('./addresses')
@@ -60,6 +61,7 @@ function enable (_config) {
     queryParser.subscribe(onRequestQueryParsed)
     cookieParser.subscribe(onRequestCookieParser)
     responseBody.subscribe(onResponseBody)
+    responseWriteHead.subscribe(onResponseWriteHead)
 
     if (_config.appsec.eventTracking.enabled) {
       passportVerify.subscribe(onPassportVerify)
@@ -110,14 +112,7 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
 }
 
 function incomingHttpEndTranslator ({ req, res }) {
-  // TODO: this doesn't support headers sent with res.writeHead()
-  const responseHeaders = Object.assign({}, res.getHeaders())
-  delete responseHeaders['set-cookie']
-
-  const persistent = {
-    [addresses.HTTP_INCOMING_RESPONSE_CODE]: '' + res.statusCode,
-    [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders
-  }
+  const persistent = {}
 
   // we need to keep this to support other body parsers
   // TODO: no need to analyze it if it was already done by the body-parser hook
@@ -139,7 +134,9 @@ function incomingHttpEndTranslator ({ req, res }) {
     persistent[addresses.HTTP_INCOMING_QUERY] = req.query
   }
 
-  waf.run({ persistent }, req)
+  if (Object.keys(persistent).length) {
+    waf.run({ persistent }, req)
+  }
 
   waf.disposeContext(req)
 
@@ -225,12 +222,48 @@ function onPassportVerify ({ credentials, user }) {
   passportTrackEvent(credentials, user, rootSpan, config.appsec.eventTracking.mode)
 }
 
+const responseAnalyzedSet = new WeakSet()
+const responseBlockedSet = new WeakSet()
+
+function onResponseWriteHead ({ req, res, abortController, statusCode, responseHeaders }) {
+  // avoid "write after end" error
+  if (responseBlockedSet.has(res)) {
+    abortController?.abort()
+    return
+  }
+
+  // avoid double waf call
+  if (responseAnalyzedSet.has(res)) {
+    return
+  }
+
+  const rootSpan = web.root(req)
+  if (!rootSpan) return
+
+  responseHeaders = Object.assign({}, responseHeaders)
+  delete responseHeaders['set-cookie']
+
+  const results = waf.run({
+    persistent: {
+      [addresses.HTTP_INCOMING_RESPONSE_CODE]: '' + statusCode,
+      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders
+    }
+  }, req)
+
+  responseAnalyzedSet.add(res)
+
+  handleResults(results, req, res, rootSpan, abortController)
+}
+
 function handleResults (actions, req, res, rootSpan, abortController) {
   if (!actions || !req || !res || !rootSpan || !abortController) return
 
   const blockingAction = getBlockingAction(actions)
   if (blockingAction) {
     block(req, res, rootSpan, abortController, blockingAction)
+    if (!abortController.signal || abortController.signal.aborted) {
+      responseBlockedSet.add(res)
+    }
   }
 }
 
@@ -256,6 +289,7 @@ function disable () {
   if (cookieParser.hasSubscribers) cookieParser.unsubscribe(onRequestCookieParser)
   if (responseBody.hasSubscribers) responseBody.unsubscribe(onResponseBody)
   if (passportVerify.hasSubscribers) passportVerify.unsubscribe(onPassportVerify)
+  if (responseWriteHead.hasSubscribers) responseWriteHead.unsubscribe(onResponseWriteHead)
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/remote_config/capabilities.js

@@ -6,6 +6,7 @@ module.exports = {
   ASM_DD_RULES: 1n << 3n,
   ASM_EXCLUSIONS: 1n << 4n,
   ASM_REQUEST_BLOCKING: 1n << 5n,
+  ASM_RESPONSE_BLOCKING: 1n << 6n,
   ASM_USER_BLOCKING: 1n << 7n,
   ASM_CUSTOM_RULES: 1n << 8n,
   ASM_CUSTOM_BLOCKING_RESPONSE: 1n << 9n,

package/packages/dd-trace/src/appsec/remote_config/index.js

@@ -71,6 +71,7 @@ function enableWafUpdate (appsecConfig) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_DD_RULES, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_EXCLUSIONS, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_REQUEST_BLOCKING, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_RESPONSE_BLOCKING, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, true)
@@ -92,6 +93,7 @@ function disableWafUpdate () {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_DD_RULES, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_EXCLUSIONS, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_REQUEST_BLOCKING, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_RESPONSE_BLOCKING, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_RULES, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, false)

package/packages/dd-trace/src/format.js

@@ -34,6 +34,7 @@ function format (span) {
   const formatted = formatSpan(span)
 
   extractSpanLinks(formatted, span)
+  extractSpanEvents(formatted, span)
   extractRootTags(formatted, span)
   extractChunkTags(formatted, span)
   extractTags(formatted, span)
@@ -88,6 +89,22 @@ function extractSpanLinks (trace, span) {
   if (links.length > 0) { trace.meta['_dd.span_links'] = JSON.stringify(links) }
 }
 
+function extractSpanEvents (trace, span) {
+  const events = []
+  if (span._events) {
+    for (const event of span._events) {
+      const formattedEvent = {
+        name: event.name,
+        time_unix_nano: Math.round(event.startTime * 1e6),
+        attributes: event.attributes && Object.keys(event.attributes).length > 0 ? event.attributes : undefined
+      }
+
+      events.push(formattedEvent)
+    }
+  }
+  if (events.length > 0) { trace.meta.events = JSON.stringify(events) }
+}
+
 function extractTags (trace, span) {
   const context = span.context()
   const origin = context._trace.origin
@@ -134,7 +151,10 @@ function extractTags (trace, span) {
       case ERROR_STACK:
         // HACK: remove when implemented in the backend
         if (context._name !== 'fs.operation') {
-          trace.error = 1
+          // HACK: to ensure otel.recordException does not influence trace.error
+          if (tags.setTraceError) {
+            trace.error = 1
+          }
         } else {
           break
         }
@@ -142,7 +162,6 @@ function extractTags (trace, span) {
         addTag(trace.meta, trace.metrics, tag, tags[tag])
     }
   }
-
   setSingleSpanIngestionTags(trace, context._spanSampling)
 
   addTag(trace.meta, trace.metrics, 'language', 'javascript')

package/packages/dd-trace/src/opentelemetry/span.js

@@ -20,6 +20,20 @@ function hrTimeToMilliseconds (time) {
   return time[0] * 1e3 + time[1] / 1e6
 }
 
+function isTimeInput (startTime) {
+  if (typeof startTime === 'number') {
+    return true
+  }
+  if (startTime instanceof Date) {
+    return true
+  }
+  if (Array.isArray(startTime) && startTime.length === 2 &&
+      typeof startTime[0] === 'number' && typeof startTime[1] === 'number') {
+    return true
+  }
+  return false
+}
+
 const spanKindNames = {
   [api.SpanKind.INTERNAL]: kinds.INTERNAL,
   [api.SpanKind.SERVER]: kinds.SERVER,
@@ -196,11 +210,6 @@ class Span {
     return this
   }
 
-  addEvent (name, attributesOrStartTime, startTime) {
-    api.diag.warn('Events not supported')
-    return this
-  }
-
   addLink (context, attributes) {
     // extract dd context
     const ddSpanContext = context._ddContext
@@ -244,12 +253,29 @@ class Span {
     return this.ended === false
   }
 
-  recordException (exception) {
+  addEvent (name, attributesOrStartTime, startTime) {
+    startTime = attributesOrStartTime && isTimeInput(attributesOrStartTime) ? attributesOrStartTime : startTime
+    const hrStartTime = timeInputToHrTime(startTime || (performance.now() + timeOrigin))
+    startTime = hrTimeToMilliseconds(hrStartTime)
+
+    this._ddSpan.addEvent(name, attributesOrStartTime, startTime)
+    return this
+  }
+
+  recordException (exception, timeInput) {
+    // HACK: identifier is added so that trace.error remains unchanged after a call to otel.recordException
     this._ddSpan.addTags({
       [ERROR_TYPE]: exception.name,
       [ERROR_MESSAGE]: exception.message,
-      [ERROR_STACK]: exception.stack
+      [ERROR_STACK]: exception.stack,
+      doNotSetTraceError: true
     })
+    const attributes = {}
+    if (exception.message) attributes['exception.message'] = exception.message
+    if (exception.type) attributes['exception.type'] = exception.type
+    if (exception.escaped) attributes['exception.escaped'] = exception.escaped
+    if (exception.stack) attributes['exception.stacktrace'] = exception.stack
+    this.addEvent(exception.name, attributes, timeInput)
   }
 
   get duration () {

package/packages/dd-trace/src/opentracing/span.js

@@ -67,6 +67,8 @@ class DatadogSpan {
     this._store = storage.getStore()
     this._duration = undefined
 
+    this._events = []
+
     // For internal use only. You probably want `context()._name`.
     // This name property is not updated when the span name changes.
     // This is necessary for span count metrics.
@@ -163,6 +165,19 @@ class DatadogSpan {
     })
   }
 
+  addEvent (name, attributesOrStartTime, startTime) {
+    const event = { name }
+    if (attributesOrStartTime) {
+      if (typeof attributesOrStartTime === 'object') {
+        event.attributes = this._sanitizeEventAttributes(attributesOrStartTime)
+      } else {
+        startTime = attributesOrStartTime
+      }
+    }
+    event.startTime = startTime || this._getTime()
+    this._events.push(event)
+  }
+
   finish (finishTime) {
     if (this._duration !== undefined) {
       return
@@ -221,7 +236,30 @@ class DatadogSpan {
       const [key, value] = entry
       addArrayOrScalarAttributes(key, value)
     })
+    return sanitizedAttributes
+  }
+
+  _sanitizeEventAttributes (attributes = {}) {
+    const sanitizedAttributes = {}
 
+    for (const key in attributes) {
+      const value = attributes[key]
+      if (Array.isArray(value)) {
+        const newArray = []
+        for (const subkey in value) {
+          if (ALLOWED.includes(typeof value[subkey])) {
+            newArray.push(value[subkey])
+          } else {
+            log.warn('Dropping span event attribute. It is not of an allowed type')
+          }
+        }
+        sanitizedAttributes[key] = newArray
+      } else if (ALLOWED.includes(typeof value)) {
+        sanitizedAttributes[key] = value
+      } else {
+        log.warn('Dropping span event attribute. It is not of an allowed type')
+      }
+    }
     return sanitizedAttributes
   }
 

package/packages/dd-trace/src/plugins/index.js

@@ -81,5 +81,6 @@ module.exports = {
   get 'selenium-webdriver' () { return require('../../../datadog-plugin-selenium/src') },
   get sharedb () { return require('../../../datadog-plugin-sharedb/src') },
   get tedious () { return require('../../../datadog-plugin-tedious/src') },
+  get undici () { return require('../../../datadog-plugin-undici/src') },
   get winston () { return require('../../../datadog-plugin-winston/src') }
 }

package/packages/dd-trace/src/service-naming/schemas/v0/web.js

@@ -30,6 +30,10 @@ const web = {
     lambda: {
       opName: () => 'aws.request',
       serviceName: awsServiceV0
+    },
+    undici: {
+      opName: () => 'undici.request',
+      serviceName: httpPluginClientService
     }
   },
   server: {

package/packages/dd-trace/src/service-naming/schemas/v1/web.js

@@ -29,6 +29,10 @@ const web = {
     lambda: {
       opName: () => 'aws.lambda.invoke',
       serviceName: identityService
+    },
+    undici: {
+      opName: () => 'undici.request',
+      serviceName: httpPluginClientService
     }
   },
   server: {

package/packages/dd-trace/src/tagger.js

@@ -1,6 +1,10 @@
 'use strict'
 
+const constants = require('./constants')
 const log = require('./log')
+const ERROR_MESSAGE = constants.ERROR_MESSAGE
+const ERROR_STACK = constants.ERROR_STACK
+const ERROR_TYPE = constants.ERROR_TYPE
 
 const otelTagMap = {
   'deployment.environment': 'env',
@@ -14,7 +18,6 @@ function add (carrier, keyValuePairs, parseOtelTags = false) {
   if (Array.isArray(keyValuePairs)) {
     return keyValuePairs.forEach(tags => add(carrier, tags))
   }
-
   try {
     if (typeof keyValuePairs === 'string') {
       const segments = keyValuePairs.split(',')
@@ -32,6 +35,12 @@ function add (carrier, keyValuePairs, parseOtelTags = false) {
         carrier[key.trim()] = value.trim()
       }
     } else {
+      // HACK: to ensure otel.recordException does not influence trace.error
+      if (ERROR_MESSAGE in keyValuePairs || ERROR_STACK in keyValuePairs || ERROR_TYPE in keyValuePairs) {
+        if (!('doNotSetTraceError' in keyValuePairs)) {
+          carrier.setTraceError = true
+        }
+      }
       Object.assign(carrier, keyValuePairs)
     }
   } catch (e) {