dd-trace 5.21.0 → 5.23.0

package/packages/datadog-plugin-vitest/src/index.js

@@ -6,10 +6,18 @@ const {
   finishAllTraceSpans,
   getTestSuitePath,
   getTestSuiteCommonTags,
+  getTestSessionName,
+  getIsFaultyEarlyFlakeDetection,
   TEST_SOURCE_FILE,
   TEST_IS_RETRY,
   TEST_CODE_COVERAGE_LINES_PCT,
-  TEST_CODE_OWNERS
+  TEST_CODE_OWNERS,
+  TEST_LEVEL_EVENT_TYPES,
+  TEST_SESSION_NAME,
+  TEST_SOURCE_START,
+  TEST_IS_NEW,
+  TEST_EARLY_FLAKE_ENABLED,
+  TEST_EARLY_FLAKE_ABORT_REASON
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -33,7 +41,26 @@ class VitestPlugin extends CiPlugin {
 
     this.taskToFinishTime = new WeakMap()
 
-    this.addSub('ci:vitest:test:start', ({ testName, testSuiteAbsolutePath, isRetry }) => {
+    this.addSub('ci:vitest:test:is-new', ({ knownTests, testSuiteAbsolutePath, testName, onDone }) => {
+      const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
+      const testsForThisTestSuite = knownTests[testSuite] || []
+      onDone(!testsForThisTestSuite.includes(testName))
+    })
+
+    this.addSub('ci:vitest:is-early-flake-detection-faulty', ({
+      knownTests,
+      testFilepaths,
+      onDone
+    }) => {
+      const isFaulty = getIsFaultyEarlyFlakeDetection(
+        testFilepaths.map(testFilepath => getTestSuitePath(testFilepath, this.repositoryRoot)),
+        knownTests,
+        this.libraryConfig.earlyFlakeDetectionFaultyThreshold
+      )
+      onDone(isFaulty)
+    })
+
+    this.addSub('ci:vitest:test:start', ({ testName, testSuiteAbsolutePath, isRetry, isNew }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const store = storage.getStore()
 
@@ -43,6 +70,9 @@ class VitestPlugin extends CiPlugin {
       if (isRetry) {
         extraTags[TEST_IS_RETRY] = 'true'
       }
+      if (isNew) {
+        extraTags[TEST_IS_NEW] = 'true'
+      }
 
       const span = this.startTestSpan(
         testName,
@@ -110,6 +140,7 @@ class VitestPlugin extends CiPlugin {
         this.testSuiteSpan,
         {
           [TEST_SOURCE_FILE]: testSuite,
+          [TEST_SOURCE_START]: 1, // we can't get the proper start line in vitest
           [TEST_STATUS]: 'skip'
         }
       )
@@ -120,12 +151,25 @@ class VitestPlugin extends CiPlugin {
     })
 
     this.addSub('ci:vitest:test-suite:start', ({ testSuiteAbsolutePath, frameworkVersion }) => {
+      this.command = process.env.DD_CIVISIBILITY_TEST_COMMAND
       this.frameworkVersion = frameworkVersion
       const testSessionSpanContext = this.tracer.extract('text_map', {
         'x-datadog-trace-id': process.env.DD_CIVISIBILITY_TEST_SESSION_ID,
         'x-datadog-parent-id': process.env.DD_CIVISIBILITY_TEST_MODULE_ID
       })
 
+      // test suites run in a different process, so they also need to init the metadata dictionary
+      const testSessionName = getTestSessionName(this.config, this.command, this.testEnvironmentMetadata)
+      const metadataTags = {}
+      for (const testLevel of TEST_LEVEL_EVENT_TYPES) {
+        metadataTags[testLevel] = {
+          [TEST_SESSION_NAME]: testSessionName
+        }
+      }
+      if (this.tracer._exporter.setMetadataTags) {
+        this.tracer._exporter.setMetadataTags(metadataTags)
+      }
+
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const testSuiteMetadata = getTestSuiteCommonTags(
         this.command,
@@ -133,6 +177,14 @@ class VitestPlugin extends CiPlugin {
         testSuite,
         'vitest'
       )
+      testSuiteMetadata[TEST_SOURCE_FILE] = testSuite
+      testSuiteMetadata[TEST_SOURCE_START] = 1
+
+      const codeOwners = this.getCodeOwners(testSuiteMetadata)
+      if (codeOwners) {
+        testSuiteMetadata[TEST_CODE_OWNERS] = codeOwners
+      }
+
       const testSuiteSpan = this.tracer.startSpan('vitest.test_suite', {
         childOf: testSessionSpanContext,
         tags: {
@@ -169,7 +221,14 @@ class VitestPlugin extends CiPlugin {
       }
     })
 
-    this.addSub('ci:vitest:session:finish', ({ status, onFinish, error, testCodeCoverageLinesTotal }) => {
+    this.addSub('ci:vitest:session:finish', ({
+      status,
+      error,
+      testCodeCoverageLinesTotal,
+      isEarlyFlakeDetectionEnabled,
+      isEarlyFlakeDetectionFaulty,
+      onFinish
+    }) => {
       this.testSessionSpan.setTag(TEST_STATUS, status)
       this.testModuleSpan.setTag(TEST_STATUS, status)
       if (error) {
@@ -180,6 +239,12 @@ class VitestPlugin extends CiPlugin {
         this.testModuleSpan.setTag(TEST_CODE_COVERAGE_LINES_PCT, testCodeCoverageLinesTotal)
         this.testSessionSpan.setTag(TEST_CODE_COVERAGE_LINES_PCT, testCodeCoverageLinesTotal)
       }
+      if (isEarlyFlakeDetectionEnabled) {
+        this.testSessionSpan.setTag(TEST_EARLY_FLAKE_ENABLED, 'true')
+      }
+      if (isEarlyFlakeDetectionFaulty) {
+        this.testSessionSpan.setTag(TEST_EARLY_FLAKE_ABORT_REASON, 'faulty')
+      }
       this.testModuleSpan.finish()
       this.telemetry.ciVisEvent(TELEMETRY_EVENT_FINISHED, 'module')
       this.testSessionSpan.finish()

package/packages/datadog-shimmer/src/shimmer.js

@@ -1,5 +1,7 @@
 'use strict'
 
+const log = require('../../dd-trace/src/log')
+
 // Use a weak map to avoid polluting the wrapped function/method.
 const unwrappers = new WeakMap()
 
@@ -18,9 +20,12 @@ function copyProperties (original, wrapped) {
   }
 }
 
-function wrapFn (original, delegate) {
-  assertFunction(delegate)
-  assertNotClass(original) // TODO: support constructors of native classes
+function wrapFunction (original, wrapper) {
+  if (typeof original === 'function') assertNotClass(original)
+  // TODO This needs to be re-done so that this and wrapMethod are distinct.
+  const target = { func: original }
+  wrapMethod(target, 'func', wrapper, typeof original !== 'function')
+  let delegate = target.func
 
   const shim = function shim () {
     return delegate.apply(this, arguments)
@@ -30,17 +35,144 @@ function wrapFn (original, delegate) {
     delegate = original
   })
 
-  copyProperties(original, shim)
+  if (typeof original === 'function') copyProperties(original, shim)
 
   return shim
 }
 
-function wrapMethod (target, name, wrapper) {
-  assertMethod(target, name)
-  assertFunction(wrapper)
+const wrapFn = function (original, delegate) {
+  throw new Error('calling `wrap()` with 2 args is deprecated. Use wrapFunction instead.')
+}
+
+// This is only used in safe mode. It's a simple state machine to track if the
+// original method was called and if it returned. We need this to determine if
+// an error was thrown by the original method, or by us. We'll use one of these
+// per call to a wrapped method.
+class CallState {
+  constructor () {
+    this.called = false
+    this.completed = false
+    this.retVal = undefined
+  }
+
+  startCall () {
+    this.called = true
+  }
+
+  endCall (retVal) {
+    this.completed = true
+    this.retVal = retVal
+  }
+}
+
+function isPromise (obj) {
+  return obj && typeof obj === 'object' && typeof obj.then === 'function'
+}
+
+let safeMode = !!process.env.DD_INEJCTION_ENABLED
+function setSafe (value) {
+  safeMode = value
+}
+
+function wrapMethod (target, name, wrapper, noAssert) {
+  if (!noAssert) {
+    assertMethod(target, name)
+    assertFunction(wrapper)
+  }
 
   const original = target[name]
-  const wrapped = wrapper(original)
+  let wrapped
+
+  if (safeMode && original) {
+    // In this mode, we make a best-effort attempt to handle errors that are thrown
+    // by us, rather than wrapped code. With such errors, we log them, and then attempt
+    // to return the result as if no wrapping was done at all.
+    //
+    // Caveats:
+    //   * If the original function is called in a later iteration of the event loop,
+    //     and we throw _then_, then it won't be caught by this. In practice, we always call
+    //     the original function synchronously, so this is not a problem.
+    //   * While async errors are dealt with here, errors in callbacks are not. This
+    //     is because we don't necessarily know _for sure_ that any function arguments
+    //     are wrapped by us. We could wrap them all anyway and just make that assumption,
+    //     or just assume that the last argument is always a callback set by us if it's a
+    //     function, but those don't seem like things we can rely on. We could add a
+    //     `shimmer.markCallbackAsWrapped()` function that's a no-op outside safe-mode,
+    //     but that means modifying every instrumentation. Even then, the complexity of
+    //     this code increases because then we'd need to effectively do the reverse of
+    //     what we're doing for synchronous functions. This is a TODO.
+
+    // We're going to hold on to current callState in this variable in this scope,
+    // which is fine because any time we reference it, we're referencing it synchronously.
+    // We'll use it in the our wrapper (which, again, is called syncrhonously), and in the
+    // errorHandler, which will already have been bound to this callState.
+    let currentCallState
+
+    // Rather than calling the original function directly from the shim wrapper, we wrap
+    // it again so that we can track if it was called and if it returned. This is because
+    // we need to know if an error was thrown by the original function, or by us.
+    // We could do this inside the `wrapper` function defined below, which would simplify
+    // managing the callState, but then we'd be calling `wrapper` on each invocation, so
+    // instead we do it here, once.
+    const innerWrapped = wrapper(function (...args) {
+      // We need to stash the callState here because of recursion.
+      const callState = currentCallState
+      callState.startCall()
+      const retVal = original.apply(this, args)
+      if (isPromise(retVal)) {
+        retVal.then(callState.endCall.bind(callState))
+      } else {
+        callState.endCall(retVal)
+      }
+      return retVal
+    })
+
+    // This is the crux of what we're doing in safe mode. It handles errors
+    // that _we_ cause, by logging them, and transparently providing results
+    // as if no wrapping was done at all. That means detecting (via callState)
+    // whether the function has already run or not, and if it has, returning
+    // the result, and otherwise calling the original function unwrapped.
+    const handleError = function (args, callState, e) {
+      if (callState.completed) {
+        // error was thrown after original function returned/resolved, so
+        // it was us. log it.
+        log.error(e)
+        // original ran and returned something. return it.
+        return callState.retVal
+      }
+
+      if (!callState.called) {
+        // error was thrown before original function was called, so
+        // it was us. log it.
+        log.error(e)
+        // original never ran. call it unwrapped.
+        return original.apply(this, args)
+      }
+
+      // error was thrown during original function execution, so
+      // it was them. throw.
+      throw e
+    }
+
+    // The wrapped function is the one that will be called by the user.
+    // It calls our version of the original function, which manages the
+    // callState. That way when we use the errorHandler, it can tell where
+    // the error originated.
+    wrapped = function (...args) {
+      currentCallState = new CallState()
+      const errorHandler = handleError.bind(this, args, currentCallState)
+
+      try {
+        const retVal = innerWrapped.apply(this, args)
+        return isPromise(retVal) ? retVal.catch(errorHandler) : retVal
+      } catch (e) {
+        return errorHandler(e)
+      }
+    }
+  } else {
+    // In non-safe mode, we just wrap the original function directly.
+    wrapped = wrapper(original)
+  }
   const descriptor = Object.getOwnPropertyDescriptor(target, name)
 
   const attributes = {
@@ -48,7 +180,7 @@ function wrapMethod (target, name, wrapper) {
     ...descriptor
   }
 
-  copyProperties(original, wrapped)
+  if (typeof original === 'function') copyProperties(original, wrapped)
 
   if (descriptor) {
     unwrappers.set(wrapped, () => Object.defineProperty(target, name, descriptor))
@@ -156,7 +288,9 @@ function assertNotClass (target) {
 
 module.exports = {
   wrap,
+  wrapFunction,
   massWrap,
   unwrap,
-  massUnwrap
+  massUnwrap,
+  setSafe
 }

package/packages/dd-trace/src/appsec/addresses.js

@@ -22,5 +22,7 @@ module.exports = {
   USER_ID: 'usr.id',
   WAF_CONTEXT_PROCESSOR: 'waf.context.processor',
 
-  HTTP_OUTGOING_URL: 'server.io.net.url'
+  HTTP_OUTGOING_URL: 'server.io.net.url',
+  DB_STATEMENT: 'server.db.statement',
+  DB_SYSTEM: 'server.db.system'
 }

package/packages/dd-trace/src/appsec/blocking.js

@@ -9,6 +9,8 @@ let templateHtml = blockedTemplates.html
 let templateJson = blockedTemplates.json
 let templateGraphqlJson = blockedTemplates.graphqlJson
 
+let defaultBlockingActionParameters
+
 const responseBlockedSet = new WeakSet()
 
 const specificBlockingTypes = {
@@ -23,7 +25,7 @@ function addSpecificEndpoint (method, url, type) {
   detectedSpecificEndpoints[getSpecificKey(method, url)] = type
 }
 
-function getBlockWithRedirectData (rootSpan, actionParameters) {
+function getBlockWithRedirectData (actionParameters) {
   let statusCode = actionParameters.status_code
   if (!statusCode || statusCode < 300 || statusCode >= 400) {
     statusCode = 303
@@ -32,10 +34,6 @@ function getBlockWithRedirectData (rootSpan, actionParameters) {
     Location: actionParameters.location
   }
 
-  rootSpan.addTags({
-    'appsec.blocked': 'true'
-  })
-
   return { headers, statusCode }
 }
 
@@ -49,7 +47,7 @@ function getSpecificBlockingData (type) {
   }
 }
 
-function getBlockWithContentData (req, specificType, rootSpan, actionParameters) {
+function getBlockWithContentData (req, specificType, actionParameters) {
   let type
   let body
 
@@ -90,28 +88,28 @@ function getBlockWithContentData (req, specificType, rootSpan, actionParameters)
     'Content-Length': Buffer.byteLength(body)
   }
 
-  rootSpan.addTags({
-    'appsec.blocked': 'true'
-  })
-
   return { body, statusCode, headers }
 }
 
-function getBlockingData (req, specificType, rootSpan, actionParameters) {
+function getBlockingData (req, specificType, actionParameters) {
   if (actionParameters?.location) {
-    return getBlockWithRedirectData(rootSpan, actionParameters)
+    return getBlockWithRedirectData(actionParameters)
   } else {
-    return getBlockWithContentData(req, specificType, rootSpan, actionParameters)
+    return getBlockWithContentData(req, specificType, actionParameters)
   }
 }
 
-function block (req, res, rootSpan, abortController, actionParameters) {
+function block (req, res, rootSpan, abortController, actionParameters = defaultBlockingActionParameters) {
   if (res.headersSent) {
     log.warn('Cannot send blocking response when headers have already been sent')
     return
   }
 
-  const { body, headers, statusCode } = getBlockingData(req, null, rootSpan, actionParameters)
+  const { body, headers, statusCode } = getBlockingData(req, null, actionParameters)
+
+  rootSpan.addTags({
+    'appsec.blocked': 'true'
+  })
 
   for (const headerName of res.getHeaderNames()) {
     res.removeHeader(headerName)
@@ -125,7 +123,8 @@ function block (req, res, rootSpan, abortController, actionParameters) {
 }
 
 function getBlockingAction (actions) {
-  return actions?.block_request || actions?.redirect_request
+  // waf only returns one action, but it prioritizes redirect over block
+  return actions?.redirect_request || actions?.block_request
 }
 
 function setTemplates (config) {
@@ -152,6 +151,12 @@ function isBlocked (res) {
   return responseBlockedSet.has(res)
 }
 
+function setDefaultBlockingActionParameters (actions) {
+  const blockAction = actions?.find(action => action.id === 'block')
+
+  defaultBlockingActionParameters = blockAction?.parameters
+}
+
 module.exports = {
   addSpecificEndpoint,
   block,
@@ -159,5 +164,6 @@ module.exports = {
   getBlockingData,
   getBlockingAction,
   setTemplates,
-  isBlocked
+  isBlocked,
+  setDefaultBlockingActionParameters
 }

package/packages/dd-trace/src/appsec/channels.js

@@ -21,6 +21,8 @@ module.exports = {
   responseWriteHead: dc.channel('apm:http:server:response:writeHead:start'),
   httpClientRequestStart: dc.channel('apm:http:client:request:start'),
   responseSetHeader: dc.channel('datadog:http:server:response:set-header:start'),
-  setUncaughtExceptionCaptureCallbackStart: dc.channel('datadog:process:setUncaughtExceptionCaptureCallback:start')
-
+  setUncaughtExceptionCaptureCallbackStart: dc.channel('datadog:process:setUncaughtExceptionCaptureCallback:start'),
+  pgQueryStart: dc.channel('apm:pg:query:start'),
+  pgPoolQueryStart: dc.channel('datadog:pg:pool:query:start'),
+  wafRunFinished: dc.channel('datadog:waf:run:finish')
 }

package/packages/dd-trace/src/appsec/graphql.js

@@ -94,11 +94,13 @@ function beforeWriteApolloGraphqlResponse ({ abortController, abortData }) {
     const rootSpan = web.root(req)
     if (!rootSpan) return
 
-    const blockingData = getBlockingData(req, specificBlockingTypes.GRAPHQL, rootSpan, requestData.wafAction)
+    const blockingData = getBlockingData(req, specificBlockingTypes.GRAPHQL, requestData.wafAction)
     abortData.statusCode = blockingData.statusCode
     abortData.headers = blockingData.headers
     abortData.message = blockingData.body
 
+    rootSpan.setTag('appsec.blocked', 'true')
+
     abortController?.abort()
   }
 

package/packages/dd-trace/src/appsec/iast/iast-log.js

@@ -78,7 +78,8 @@ const iastLog = {
 
   errorAndPublish (data) {
     this.error(data)
-    return this.publish(data, 'ERROR')
+    // publish is done automatically by log.error()
+    return this
   }
 }
 

package/packages/dd-trace/src/appsec/rasp/index.js

@@ -0,0 +1,103 @@
+'use strict'
+
+const web = require('../../plugins/util/web')
+const { setUncaughtExceptionCaptureCallbackStart } = require('../channels')
+const { block } = require('../blocking')
+const ssrf = require('./ssrf')
+const sqli = require('./sql_injection')
+
+const { DatadogRaspAbortError } = require('./utils')
+
+function removeAllListeners (emitter, event) {
+  const listeners = emitter.listeners(event)
+  emitter.removeAllListeners(event)
+
+  let cleaned = false
+  return function () {
+    if (cleaned === true) {
+      return
+    }
+    cleaned = true
+
+    for (let i = 0; i < listeners.length; ++i) {
+      emitter.on(event, listeners[i])
+    }
+  }
+}
+
+function findDatadogRaspAbortError (err, deep = 10) {
+  if (err instanceof DatadogRaspAbortError) {
+    return err
+  }
+
+  if (err.cause && deep > 0) {
+    return findDatadogRaspAbortError(err.cause, deep - 1)
+  }
+}
+
+function handleUncaughtExceptionMonitor (err) {
+  const abortError = findDatadogRaspAbortError(err)
+  if (!abortError) return
+
+  const { req, res, blockingAction } = abortError
+  block(req, res, web.root(req), null, blockingAction)
+
+  if (!process.hasUncaughtExceptionCaptureCallback()) {
+    const cleanUp = removeAllListeners(process, 'uncaughtException')
+    const handler = () => {
+      process.removeListener('uncaughtException', handler)
+    }
+
+    setTimeout(() => {
+      process.removeListener('uncaughtException', handler)
+      cleanUp()
+    })
+
+    process.on('uncaughtException', handler)
+  } else {
+    // uncaughtException event is not executed when hasUncaughtExceptionCaptureCallback is true
+    let previousCb
+    const cb = ({ currentCallback, abortController }) => {
+      setUncaughtExceptionCaptureCallbackStart.unsubscribe(cb)
+      if (!currentCallback) {
+        abortController.abort()
+        return
+      }
+
+      previousCb = currentCallback
+    }
+
+    setUncaughtExceptionCaptureCallbackStart.subscribe(cb)
+
+    process.setUncaughtExceptionCaptureCallback(null)
+
+    // For some reason, previous callback was defined before the instrumentation
+    // We can not restore it, so we let the app decide
+    if (previousCb) {
+      process.setUncaughtExceptionCaptureCallback(() => {
+        process.setUncaughtExceptionCaptureCallback(null)
+        process.setUncaughtExceptionCaptureCallback(previousCb)
+      })
+    }
+  }
+}
+
+function enable (config) {
+  ssrf.enable(config)
+  sqli.enable(config)
+
+  process.on('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
+}
+
+function disable () {
+  ssrf.disable()
+  sqli.disable()
+
+  process.off('uncaughtExceptionMonitor', handleUncaughtExceptionMonitor)
+}
+
+module.exports = {
+  enable,
+  disable,
+  handleUncaughtExceptionMonitor // exported only for testing purpose
+}

package/packages/dd-trace/src/appsec/rasp/sql_injection.js

@@ -0,0 +1,86 @@
+'use strict'
+
+const { pgQueryStart, pgPoolQueryStart, wafRunFinished } = require('../channels')
+const { storage } = require('../../../../datadog-core')
+const addresses = require('../addresses')
+const waf = require('../waf')
+const { RULE_TYPES, handleResult } = require('./utils')
+
+const DB_SYSTEM_POSTGRES = 'postgresql'
+const reqQueryMap = new WeakMap() // WeakMap<Request, Set<querytext>>
+
+let config
+
+function enable (_config) {
+  config = _config
+
+  pgQueryStart.subscribe(analyzePgSqlInjection)
+  pgPoolQueryStart.subscribe(analyzePgSqlInjection)
+  wafRunFinished.subscribe(clearQuerySet)
+}
+
+function disable () {
+  if (pgQueryStart.hasSubscribers) pgQueryStart.unsubscribe(analyzePgSqlInjection)
+  if (pgPoolQueryStart.hasSubscribers) pgPoolQueryStart.unsubscribe(analyzePgSqlInjection)
+  if (wafRunFinished.hasSubscribers) wafRunFinished.unsubscribe(clearQuerySet)
+}
+
+function analyzePgSqlInjection (ctx) {
+  const query = ctx.query?.text
+  if (!query) return
+
+  const store = storage.getStore()
+  if (!store) return
+
+  const { req, res } = store
+
+  if (!req) return
+
+  let executedQueries = reqQueryMap.get(req)
+  if (executedQueries?.has(query)) return
+
+  // Do not waste time executing same query twice
+  // This also will prevent double calls in pg.Pool internal queries
+  if (!executedQueries) {
+    executedQueries = new Set()
+    reqQueryMap.set(req, executedQueries)
+  }
+  executedQueries.add(query)
+
+  const persistent = {
+    [addresses.DB_STATEMENT]: query,
+    [addresses.DB_SYSTEM]: DB_SYSTEM_POSTGRES
+  }
+
+  const result = waf.run({ persistent }, req, RULE_TYPES.SQL_INJECTION)
+
+  handleResult(result, req, res, ctx.abortController, config)
+}
+
+function hasInputAddress (payload) {
+  return hasAddressesObjectInputAddress(payload.ephemeral) || hasAddressesObjectInputAddress(payload.persistent)
+}
+
+function hasAddressesObjectInputAddress (addressesObject) {
+  return addressesObject && Object.keys(addressesObject)
+    .some(address => address.startsWith('server.request') || address.startsWith('graphql.server'))
+}
+
+function clearQuerySet ({ payload }) {
+  if (!payload) return
+
+  const store = storage.getStore()
+  if (!store) return
+
+  const { req } = store
+  if (!req) return
+
+  const executedQueries = reqQueryMap.get(req)
+  if (!executedQueries) return
+
+  if (hasInputAddress(payload)) {
+    executedQueries.clear()
+  }
+}
+
+module.exports = { enable, disable }