dd-trace 5.30.0 → 5.32.0

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js

@@ -25,19 +25,20 @@ class SensitiveHandler {
 
     this._sensitiveAnalyzers = new Map()
     this._sensitiveAnalyzers.set(vulnerabilities.CODE_INJECTION, taintedRangeBasedSensitiveAnalyzer)
-    this._sensitiveAnalyzers.set(vulnerabilities.TEMPLATE_INJECTION, taintedRangeBasedSensitiveAnalyzer)
     this._sensitiveAnalyzers.set(vulnerabilities.COMMAND_INJECTION, commandSensitiveAnalyzer)
-    this._sensitiveAnalyzers.set(vulnerabilities.NOSQL_MONGODB_INJECTION, jsonSensitiveAnalyzer)
+    this._sensitiveAnalyzers.set(vulnerabilities.HARDCODED_PASSWORD, (evidence) => {
+      return hardcodedPasswordAnalyzer(evidence, this._valuePattern)
+    })
+    this._sensitiveAnalyzers.set(vulnerabilities.HEADER_INJECTION, (evidence) => {
+      return headerSensitiveAnalyzer(evidence, this._namePattern, this._valuePattern)
+    })
     this._sensitiveAnalyzers.set(vulnerabilities.LDAP_INJECTION, ldapSensitiveAnalyzer)
+    this._sensitiveAnalyzers.set(vulnerabilities.NOSQL_MONGODB_INJECTION, jsonSensitiveAnalyzer)
     this._sensitiveAnalyzers.set(vulnerabilities.SQL_INJECTION, sqlSensitiveAnalyzer)
     this._sensitiveAnalyzers.set(vulnerabilities.SSRF, urlSensitiveAnalyzer)
+    this._sensitiveAnalyzers.set(vulnerabilities.TEMPLATE_INJECTION, taintedRangeBasedSensitiveAnalyzer)
+    this._sensitiveAnalyzers.set(vulnerabilities.UNTRUSTED_DESERIALIZATION, taintedRangeBasedSensitiveAnalyzer)
     this._sensitiveAnalyzers.set(vulnerabilities.UNVALIDATED_REDIRECT, urlSensitiveAnalyzer)
-    this._sensitiveAnalyzers.set(vulnerabilities.HEADER_INJECTION, (evidence) => {
-      return headerSensitiveAnalyzer(evidence, this._namePattern, this._valuePattern)
-    })
-    this._sensitiveAnalyzers.set(vulnerabilities.HARDCODED_PASSWORD, (evidence) => {
-      return hardcodedPasswordAnalyzer(evidence, this._valuePattern)
-    })
   }
 
   isSensibleName (name) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities.js

@@ -15,6 +15,7 @@ module.exports = {
   SSRF: 'SSRF',
   TEMPLATE_INJECTION: 'TEMPLATE_INJECTION',
   UNVALIDATED_REDIRECT: 'UNVALIDATED_REDIRECT',
+  UNTRUSTED_DESERIALIZATION: 'UNTRUSTED_DESERIALIZATION',
   WEAK_CIPHER: 'WEAK_CIPHER',
   WEAK_HASH: 'WEAK_HASH',
   WEAK_RANDOMNESS: 'WEAK_RANDOMNESS',

package/packages/dd-trace/src/appsec/remote_config/manager.js

@@ -9,6 +9,7 @@ const log = require('../../log')
 const { getExtraServices } = require('../../service-naming/extra-services')
 const { UNACKNOWLEDGED, ACKNOWLEDGED, ERROR } = require('./apply_states')
 const Scheduler = require('./scheduler')
+const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../../plugins/util/tags')
 
 const clientId = uuid()
 
@@ -33,6 +34,14 @@ class RemoteConfigManager extends EventEmitter {
       port: config.port
     }))
 
+    const tags = config.repositoryUrl
+      ? {
+          ...config.tags,
+          [GIT_REPOSITORY_URL]: config.repositoryUrl,
+          [GIT_COMMIT_SHA]: config.commitSHA
+        }
+      : config.tags
+
     this._handlers = new Map()
     const appliedConfigs = this.appliedConfigs = new Map()
 
@@ -67,7 +76,8 @@ class RemoteConfigManager extends EventEmitter {
           service: config.service,
           env: config.env,
           app_version: config.version,
-          extra_services: []
+          extra_services: [],
+          tags: Object.entries(tags).map((pair) => pair.join(':'))
         },
         capabilities: DEFAULT_CAPABILITY // updated by `updateCapabilities()`
       },

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -19,6 +19,7 @@ class WAFContextWrapper {
     this.rulesVersion = rulesVersion
     this.addressesToSkip = new Set()
     this.knownAddresses = knownAddresses
+    this.cachedUserIdActions = new Map()
   }
 
   run ({ persistent, ephemeral }, raspRule) {
@@ -27,6 +28,16 @@ class WAFContextWrapper {
       return
     }
 
+    // SPECIAL CASE FOR USER_ID
+    // TODO: make this universal
+    const userId = persistent?.[addresses.USER_ID] || ephemeral?.[addresses.USER_ID]
+    if (userId) {
+      const cachedAction = this.cachedUserIdActions.get(userId)
+      if (cachedAction) {
+        return cachedAction
+      }
+    }
+
     const payload = {}
     let payloadHasData = false
     const newAddressesToSkip = new Set(this.addressesToSkip)
@@ -79,6 +90,12 @@ class WAFContextWrapper {
 
       const blockTriggered = !!getBlockingAction(result.actions)
 
+      // SPECIAL CASE FOR USER_ID
+      // TODO: make this universal
+      if (userId && ruleTriggered && blockTriggered) {
+        this.setUserIdCache(userId, result)
+      }
+
       Reporter.reportMetrics({
         duration: result.totalRuntime / 1e3,
         durationExt: parseInt(end - start) / 1e3,
@@ -105,6 +122,26 @@ class WAFContextWrapper {
     }
   }
 
+  setUserIdCache (userId, result) {
+    // using old loops for speed
+    for (let i = 0; i < result.events.length; i++) {
+      const event = result.events[i]
+
+      for (let j = 0; j < event?.rule_matches?.length; j++) {
+        const match = event.rule_matches[j]
+
+        for (let k = 0; k < match?.parameters?.length; k++) {
+          const parameter = match.parameters[k]
+
+          if (parameter?.address === addresses.USER_ID) {
+            this.cachedUserIdActions.set(userId, result.actions)
+            return
+          }
+        }
+      }
+    }
+  }
+
   dispose () {
     this.ddwafContext.dispose()
   }

package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/index.js

@@ -1,12 +1,12 @@
 'use strict'
 
 const { join } = require('path')
-const { Worker } = require('worker_threads')
+const { Worker, threadId: parentThreadId } = require('worker_threads')
 const { randomUUID } = require('crypto')
 const log = require('../../log')
 
 const probeIdToResolveBreakpointSet = new Map()
-const probeIdToResolveBreakpointHit = new Map()
+const probeIdToResolveBreakpointRemove = new Map()
 
 class TestVisDynamicInstrumentation {
   constructor () {
@@ -16,28 +16,34 @@ class TestVisDynamicInstrumentation {
     })
     this.breakpointSetChannel = new MessageChannel()
     this.breakpointHitChannel = new MessageChannel()
+    this.breakpointRemoveChannel = new MessageChannel()
+    this.onHitBreakpointByProbeId = new Map()
   }
 
-  // Return 3 elements:
-  // 1. Snapshot ID
+  removeProbe (probeId) {
+    return new Promise(resolve => {
+      this.breakpointRemoveChannel.port2.postMessage(probeId)
+
+      probeIdToResolveBreakpointRemove.set(probeId, resolve)
+    })
+  }
+
+  // Return 2 elements:
+  // 1. Probe ID
   // 2. Promise that's resolved when the breakpoint is set
-  // 3. Promise that's resolved when the breakpoint is hit
-  addLineProbe ({ file, line }) {
-    const snapshotId = randomUUID()
+  addLineProbe ({ file, line }, onHitBreakpoint) {
     const probeId = randomUUID()
 
-    this.breakpointSetChannel.port2.postMessage({
-      snapshotId,
-      probe: { id: probeId, file, line }
-    })
+    this.breakpointSetChannel.port2.postMessage(
+      { id: probeId, file, line }
+    )
+
+    this.onHitBreakpointByProbeId.set(probeId, onHitBreakpoint)
 
     return [
-      snapshotId,
+      probeId,
       new Promise(resolve => {
         probeIdToResolveBreakpointSet.set(probeId, resolve)
-      }),
-      new Promise(resolve => {
-        probeIdToResolveBreakpointHit.set(probeId, resolve)
       })
     ]
   }
@@ -46,23 +52,42 @@ class TestVisDynamicInstrumentation {
     return this._readyPromise
   }
 
-  start () {
+  start (config) {
     if (this.worker) return
 
-    const { NODE_OPTIONS, ...envWithoutNodeOptions } = process.env
-
     log.debug('Starting Test Visibility - Dynamic Instrumentation client...')
 
+    const rcChannel = new MessageChannel() // mock channel
+    const configChannel = new MessageChannel() // mock channel
+
     this.worker = new Worker(
       join(__dirname, 'worker', 'index.js'),
       {
         execArgv: [],
-        env: envWithoutNodeOptions,
+        // Not passing `NODE_OPTIONS` results in issues with yarn, which relies on NODE_OPTIONS
+        // for PnP support, hence why we deviate from the DI pattern here.
+        // To avoid infinite initialization loops, we're disabling DI and tracing in the worker.
+        env: {
+          ...process.env,
+          DD_TRACE_ENABLED: 0,
+          DD_TEST_DYNAMIC_INSTRUMENTATION_ENABLED: 0
+        },
         workerData: {
+          config: config.serialize(),
+          parentThreadId,
+          rcPort: rcChannel.port1,
+          configPort: configChannel.port1,
           breakpointSetChannel: this.breakpointSetChannel.port1,
-          breakpointHitChannel: this.breakpointHitChannel.port1
+          breakpointHitChannel: this.breakpointHitChannel.port1,
+          breakpointRemoveChannel: this.breakpointRemoveChannel.port1
         },
-        transferList: [this.breakpointSetChannel.port1, this.breakpointHitChannel.port1]
+        transferList: [
+          rcChannel.port1,
+          configChannel.port1,
+          this.breakpointSetChannel.port1,
+          this.breakpointHitChannel.port1,
+          this.breakpointRemoveChannel.port1
+        ]
       }
     )
     this.worker.on('online', () => {
@@ -70,10 +95,18 @@ class TestVisDynamicInstrumentation {
       this._onReady()
     })
 
+    this.worker.on('error', (err) => {
+      log.error('Test Visibility - Dynamic Instrumentation worker error', err)
+    })
+
+    this.worker.on('messageerror', (err) => {
+      log.error('Test Visibility - Dynamic Instrumentation worker messageerror', err)
+    })
+
     // Allow the parent to exit even if the worker is still running
     this.worker.unref()
 
-    this.breakpointSetChannel.port2.on('message', ({ probeId }) => {
+    this.breakpointSetChannel.port2.on('message', (probeId) => {
       const resolve = probeIdToResolveBreakpointSet.get(probeId)
       if (resolve) {
         resolve()
@@ -83,15 +116,19 @@ class TestVisDynamicInstrumentation {
 
     this.breakpointHitChannel.port2.on('message', ({ snapshot }) => {
       const { probe: { id: probeId } } = snapshot
-      const resolve = probeIdToResolveBreakpointHit.get(probeId)
-      if (resolve) {
-        resolve({ snapshot })
-        probeIdToResolveBreakpointHit.delete(probeId)
+      const onHit = this.onHitBreakpointByProbeId.get(probeId)
+      if (onHit) {
+        onHit({ snapshot })
       }
     }).unref()
 
-    this.worker.on('error', (err) => log.error('ci-visibility DI worker error', err))
-    this.worker.on('messageerror', (err) => log.error('ci-visibility DI worker messageerror', err))
+    this.breakpointRemoveChannel.port2.on('message', (probeId) => {
+      const resolve = probeIdToResolveBreakpointRemove.get(probeId)
+      if (resolve) {
+        resolve()
+        probeIdToResolveBreakpointRemove.delete(probeId)
+      }
+    }).unref()
   }
 }
 

package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/worker/index.js

@@ -1,7 +1,14 @@
 'use strict'
-const sourceMap = require('source-map')
 const path = require('path')
-const { workerData: { breakpointSetChannel, breakpointHitChannel } } = require('worker_threads')
+const {
+  workerData: {
+    breakpointSetChannel,
+    breakpointHitChannel,
+    breakpointRemoveChannel
+  }
+} = require('worker_threads')
+const { randomUUID } = require('crypto')
+const sourceMap = require('source-map')
 
 // TODO: move debugger/devtools_client/session to common place
 const session = require('../../../debugger/devtools_client/session')
@@ -16,8 +23,8 @@ const log = require('../../../log')
 
 let sessionStarted = false
 
-const breakpointIdToSnapshotId = new Map()
 const breakpointIdToProbe = new Map()
+const probeIdToBreakpointId = new Map()
 
 session.on('Debugger.paused', async ({ params: { hitBreakpoints: [hitBreakpoint], callFrames } }) => {
   const probe = breakpointIdToProbe.get(hitBreakpoint)
@@ -32,13 +39,11 @@ session.on('Debugger.paused', async ({ params: { hitBreakpoints: [hitBreakpoint]
 
   await session.post('Debugger.resume')
 
-  const snapshotId = breakpointIdToSnapshotId.get(hitBreakpoint)
-
   const snapshot = {
-    id: snapshotId,
+    id: randomUUID(),
     timestamp: Date.now(),
     probe: {
-      id: probe.probeId,
+      id: probe.id,
       version: '0',
       location: probe.location
     },
@@ -56,13 +61,32 @@ session.on('Debugger.paused', async ({ params: { hitBreakpoints: [hitBreakpoint]
   breakpointHitChannel.postMessage({ snapshot })
 })
 
-// TODO: add option to remove breakpoint
-breakpointSetChannel.on('message', async ({ snapshotId, probe: { id: probeId, file, line } }) => {
-  await addBreakpoint(snapshotId, { probeId, file, line })
-  breakpointSetChannel.postMessage({ probeId })
+breakpointRemoveChannel.on('message', async (probeId) => {
+  await removeBreakpoint(probeId)
+  breakpointRemoveChannel.postMessage(probeId)
+})
+
+breakpointSetChannel.on('message', async (probe) => {
+  await addBreakpoint(probe)
+  breakpointSetChannel.postMessage(probe.id)
 })
 
-async function addBreakpoint (snapshotId, probe) {
+async function removeBreakpoint (probeId) {
+  if (!sessionStarted) {
+    // We should not get in this state, but abort if we do, so the code doesn't fail unexpected
+    throw Error(`Cannot remove probe ${probeId}: Debugger not started`)
+  }
+
+  const breakpointId = probeIdToBreakpointId.get(probeId)
+  if (!breakpointId) {
+    throw Error(`Unknown probe id: ${probeId}`)
+  }
+  await session.post('Debugger.removeBreakpoint', { breakpointId })
+  probeIdToBreakpointId.delete(probeId)
+  breakpointIdToProbe.delete(breakpointId)
+}
+
+async function addBreakpoint (probe) {
   if (!sessionStarted) await start()
   const { file, line } = probe
 
@@ -81,7 +105,7 @@ async function addBreakpoint (snapshotId, probe) {
     try {
       lineNumber = await processScriptWithInlineSourceMap({ file, line, sourceMapURL })
     } catch (err) {
-      log.error(err)
+      log.error('Error processing script with inline source map', err)
     }
   }
 
@@ -93,7 +117,7 @@ async function addBreakpoint (snapshotId, probe) {
   })
 
   breakpointIdToProbe.set(breakpointId, probe)
-  breakpointIdToSnapshotId.set(breakpointId, snapshotId)
+  probeIdToBreakpointId.set(probe.id, breakpointId)
 }
 
 function start () {
@@ -113,14 +137,30 @@ async function processScriptWithInlineSourceMap (params) {
   // Parse the source map
   const consumer = await new sourceMap.SourceMapConsumer(decodedSourceMap)
 
-  // Map to the generated position
-  const generatedPosition = consumer.generatedPositionFor({
-    source: path.basename(file), // this needs to be the file, not the filepath
+  let generatedPosition
+
+  // Map to the generated position. We'll attempt with the full file path first, then with the basename.
+  // TODO: figure out why sometimes the full path doesn't work
+  generatedPosition = consumer.generatedPositionFor({
+    source: file,
     line,
     column: 0
   })
+  if (generatedPosition.line === null) {
+    generatedPosition = consumer.generatedPositionFor({
+      source: path.basename(file),
+      line,
+      column: 0
+    })
+  }
 
   consumer.destroy()
 
+  // If we can't find the line, just return the original line
+  if (generatedPosition.line === null) {
+    log.error(`Could not find generated position for ${file}:${line}`)
+    return line
+  }
+
   return generatedPosition.line
 }

package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js

@@ -5,7 +5,8 @@ const {
   JEST_WORKER_COVERAGE_PAYLOAD_CODE,
   JEST_WORKER_TRACE_PAYLOAD_CODE,
   CUCUMBER_WORKER_TRACE_PAYLOAD_CODE,
-  MOCHA_WORKER_TRACE_PAYLOAD_CODE
+  MOCHA_WORKER_TRACE_PAYLOAD_CODE,
+  JEST_WORKER_LOGS_PAYLOAD_CODE
 } = require('../../../plugins/util/test')
 
 function getInterprocessTraceCode () {
@@ -29,18 +30,27 @@ function getInterprocessCoverageCode () {
   return null
 }
 
+function getInterprocessLogsCode () {
+  if (process.env.JEST_WORKER_ID) {
+    return JEST_WORKER_LOGS_PAYLOAD_CODE
+  }
+  return null
+}
+
 /**
  * Lightweight exporter whose writers only do simple JSON serialization
- * of trace and coverage payloads, which they send to the test framework's main process.
- * Currently used by Jest and Cucumber workers.
+ * of trace, coverage and logs payloads, which they send to the test framework's main process.
+ * Currently used by Jest, Cucumber and Mocha workers.
  */
 class TestWorkerCiVisibilityExporter {
   constructor () {
     const interprocessTraceCode = getInterprocessTraceCode()
     const interprocessCoverageCode = getInterprocessCoverageCode()
+    const interprocessLogsCode = getInterprocessLogsCode()
 
     this._writer = new Writer(interprocessTraceCode)
     this._coverageWriter = new Writer(interprocessCoverageCode)
+    this._logsWriter = new Writer(interprocessLogsCode)
   }
 
   export (payload) {
@@ -51,9 +61,14 @@ class TestWorkerCiVisibilityExporter {
     this._coverageWriter.append(formattedCoverage)
   }
 
+  exportDiLogs (testConfiguration, logMessage) {
+    this._logsWriter.append({ testConfiguration, logMessage })
+  }
+
   flush () {
     this._writer.flush()
     this._coverageWriter.flush()
+    this._logsWriter.flush()
   }
 }
 

package/packages/dd-trace/src/ci-visibility/test-api-manual/test-api-manual-plugin.js

@@ -13,15 +13,16 @@ class TestApiManualPlugin extends CiPlugin {
 
   constructor (...args) {
     super(...args)
+    this._isEnvDataCalcualted = false
     this.sourceRoot = process.cwd()
 
-    this.addSub('dd-trace:ci:manual:test:start', ({ testName, testSuite }) => {
+    this.unconfiguredAddSub('dd-trace:ci:manual:test:start', ({ testName, testSuite }) => {
       const store = storage.getStore()
       const testSuiteRelative = getTestSuitePath(testSuite, this.sourceRoot)
       const testSpan = this.startTestSpan(testName, testSuiteRelative)
       this.enter(testSpan, store)
     })
-    this.addSub('dd-trace:ci:manual:test:finish', ({ status, error }) => {
+    this.unconfiguredAddSub('dd-trace:ci:manual:test:finish', ({ status, error }) => {
       const store = storage.getStore()
       const testSpan = store && store.span
       if (testSpan) {
@@ -33,7 +34,7 @@ class TestApiManualPlugin extends CiPlugin {
         finishAllTraceSpans(testSpan)
       }
     })
-    this.addSub('dd-trace:ci:manual:test:addTags', (tags) => {
+    this.unconfiguredAddSub('dd-trace:ci:manual:test:addTags', (tags) => {
       const store = storage.getStore()
       const testSpan = store && store.span
       if (testSpan) {
@@ -41,6 +42,22 @@ class TestApiManualPlugin extends CiPlugin {
       }
     })
   }
+
+  // To lazily calculate env data.
+  unconfiguredAddSub (channelName, handler) {
+    this.addSub(channelName, (...args) => {
+      if (!this._isEnvDataCalcualted) {
+        this._isEnvDataCalcualted = true
+        this.configure(this._config, true)
+      }
+      return handler(...args)
+    })
+  }
+
+  configure (config, shouldGetEnvironmentData) {
+    this._config = config
+    super.configure(config, shouldGetEnvironmentData)
+  }
 }
 
 module.exports = TestApiManualPlugin

package/packages/dd-trace/src/config.js

@@ -472,7 +472,9 @@ class Config {
     this._setValue(defaults, 'dogstatsd.hostname', '127.0.0.1')
     this._setValue(defaults, 'dogstatsd.port', '8125')
     this._setValue(defaults, 'dsmEnabled', false)
-    this._setValue(defaults, 'dynamicInstrumentationEnabled', false)
+    this._setValue(defaults, 'dynamicInstrumentation.enabled', false)
+    this._setValue(defaults, 'dynamicInstrumentation.redactedIdentifiers', [])
+    this._setValue(defaults, 'dynamicInstrumentation.redactionExcludedIdentifiers', [])
     this._setValue(defaults, 'env', undefined)
     this._setValue(defaults, 'experimental.enableGetRumData', false)
     this._setValue(defaults, 'experimental.exporter', undefined)
@@ -600,6 +602,8 @@ class Config {
       DD_DOGSTATSD_HOST,
       DD_DOGSTATSD_PORT,
       DD_DYNAMIC_INSTRUMENTATION_ENABLED,
+      DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS,
+      DD_DYNAMIC_INSTRUMENTATION_REDACTION_EXCLUDED_IDENTIFIERS,
       DD_ENV,
       DD_EXPERIMENTAL_API_SECURITY_ENABLED,
       DD_EXPERIMENTAL_APPSEC_STANDALONE_ENABLED,
@@ -746,7 +750,13 @@ class Config {
     this._setString(env, 'dogstatsd.hostname', DD_DOGSTATSD_HOST || DD_DOGSTATSD_HOSTNAME)
     this._setString(env, 'dogstatsd.port', DD_DOGSTATSD_PORT)
     this._setBoolean(env, 'dsmEnabled', DD_DATA_STREAMS_ENABLED)
-    this._setBoolean(env, 'dynamicInstrumentationEnabled', DD_DYNAMIC_INSTRUMENTATION_ENABLED)
+    this._setBoolean(env, 'dynamicInstrumentation.enabled', DD_DYNAMIC_INSTRUMENTATION_ENABLED)
+    this._setArray(env, 'dynamicInstrumentation.redactedIdentifiers', DD_DYNAMIC_INSTRUMENTATION_REDACTED_IDENTIFIERS)
+    this._setArray(
+      env,
+      'dynamicInstrumentation.redactionExcludedIdentifiers',
+      DD_DYNAMIC_INSTRUMENTATION_REDACTION_EXCLUDED_IDENTIFIERS
+    )
     this._setString(env, 'env', DD_ENV || tags.env)
     this._setBoolean(env, 'traceEnabled', DD_TRACE_ENABLED)
     this._setBoolean(env, 'experimental.enableGetRumData', DD_TRACE_EXPERIMENTAL_GET_RUM_DATA_ENABLED)
@@ -926,7 +936,17 @@ class Config {
       this._setString(opts, 'dogstatsd.port', options.dogstatsd.port)
     }
     this._setBoolean(opts, 'dsmEnabled', options.dsmEnabled)
-    this._setBoolean(opts, 'dynamicInstrumentationEnabled', options.experimental?.dynamicInstrumentationEnabled)
+    this._setBoolean(opts, 'dynamicInstrumentation.enabled', options.dynamicInstrumentation?.enabled)
+    this._setArray(
+      opts,
+      'dynamicInstrumentation.redactedIdentifiers',
+      options.dynamicInstrumentation?.redactedIdentifiers
+    )
+    this._setArray(
+      opts,
+      'dynamicInstrumentation.redactionExcludedIdentifiers',
+      options.dynamicInstrumentation?.redactionExcludedIdentifiers
+    )
     this._setString(opts, 'env', options.env || tags.env)
     this._setBoolean(opts, 'experimental.enableGetRumData', options.experimental?.enableGetRumData)
     this._setString(opts, 'experimental.exporter', options.experimental?.exporter)
@@ -1312,6 +1332,22 @@ class Config {
     this.sampler.sampleRate = this.sampleRate
     updateConfig(changes, this)
   }
+
+  // TODO: Refactor the Config class so it never produces any config objects that are incompatible with MessageChannel
+  /**
+   * Serializes the config object so it can be passed over a Worker Thread MessageChannel.
+   * @returns {Object} The serialized config object.
+   */
+  serialize () {
+    // URL objects cannot be serialized over the MessageChannel, so we need to convert them to strings first
+    if (this.url instanceof URL) {
+      const config = { ...this }
+      config.url = this.url.toString()
+      return config
+    }
+
+    return this
+  }
 }
 
 function maybeInt (number) {

package/packages/dd-trace/src/crashtracking/crashtracker.js

@@ -40,6 +40,15 @@ class Crashtracker {
     }
   }
 
+  withProfilerSerializing (f) {
+    binding.beginProfilerSerializing()
+    try {
+      return f()
+    } finally {
+      binding.endProfilerSerializing()
+    }
+  }
+
   // TODO: Send only configured values when defaults are fixed.
   _getConfig (config) {
     const { hostname = '127.0.0.1', port = 8126 } = config

package/packages/dd-trace/src/crashtracking/noop.js

@@ -3,6 +3,9 @@
 class NoopCrashtracker {
   configure () {}
   start () {}
+  withProfilerSerializing (f) {
+    return f()
+  }
 }
 
 module.exports = new NoopCrashtracker()

package/packages/dd-trace/src/datastreams/fnv.js

@@ -15,7 +15,7 @@ function fnv64 (data) {
     data = Buffer.from(data, 'utf-8')
   }
   const byteArray = new Uint8Array(data)
-  return fnv(byteArray, FNV1_64_INIT, FNV_64_PRIME, BigInt(2) ** BigInt(64))
+  return fnv(byteArray, FNV1_64_INIT, FNV_64_PRIME, 2n ** 64n)
 }
 
 module.exports = {

package/packages/dd-trace/src/debugger/devtools_client/breakpoints.js

@@ -23,10 +23,10 @@ async function addBreakpoint (probe) {
   delete probe.where
 
   // Optimize for fast calculations when probe is hit
-  const snapshotsPerSecond = probe.sampling.snapshotsPerSecond ?? (probe.captureSnapshot
+  const snapshotsPerSecond = probe.sampling?.snapshotsPerSecond ?? (probe.captureSnapshot
     ? MAX_SNAPSHOTS_PER_SECOND_PER_PROBE
     : MAX_NON_SNAPSHOTS_PER_SECOND_PER_PROBE)
-  probe.sampling.nsBetweenSampling = BigInt(1 / snapshotsPerSecond * 1e9)
+  probe.nsBetweenSampling = BigInt(1 / snapshotsPerSecond * 1e9)
   probe.lastCaptureNs = 0n
 
   // TODO: Inbetween `await session.post('Debugger.enable')` and here, the scripts are parsed and cached.

package/packages/dd-trace/src/debugger/devtools_client/config.js

@@ -5,11 +5,13 @@ const { format } = require('node:url')
 const log = require('../../log')
 
 const config = module.exports = {
+  dynamicInstrumentation: parentConfig.dynamicInstrumentation,
   runtimeId: parentConfig.tags['runtime-id'],
   service: parentConfig.service,
   commitSHA: parentConfig.commitSHA,
   repositoryUrl: parentConfig.repositoryUrl,
-  parentThreadId
+  parentThreadId,
+  maxTotalPayloadSize: 5 * 1024 * 1024 // 5MB
 }
 
 updateUrl(parentConfig)