dd-trace 5.33.1 → 5.35.0

package/LICENSE-3rdparty.csv

@@ -35,6 +35,7 @@ dev,@apollo/server,MIT,Copyright (c) 2016-2020 Apollo Graph, Inc. (Formerly Mete
 dev,@types/node,MIT,Copyright Authors
 dev,@eslint/eslintrc,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
 dev,@eslint/js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
+dev,@msgpack/msgpack,ISC,Copyright 2019 The MessagePack Community
 dev,@stylistic/eslint-plugin-js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
 dev,autocannon,MIT,Copyright 2016 Matteo Collina
 dev,aws-sdk,Apache 2.0,Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
@@ -58,12 +59,10 @@ dev,get-port,MIT,Copyright Sindre Sorhus
 dev,glob,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,globals,MIT,Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 dev,graphql,MIT,Copyright 2015 Facebook Inc.
-dev,int64-buffer,MIT,Copyright 2015-2016 Yusuke Kawasaki
 dev,jszip,MIT,Copyright 2015-2016 Stuart Knightley and contributors
 dev,knex,MIT,Copyright (c) 2013-present Tim Griesser
 dev,mkdirp,MIT,Copyright 2010 James Halliday
 dev,mocha,MIT,Copyright 2011-2018 JS Foundation and contributors https://js.foundation
-dev,msgpack-lite,MIT,Copyright 2015 Yusuke Kawasaki
 dev,multer,MIT,Copyright 2014 Hage Yaapa
 dev,nock,MIT,Copyright 2017 Pedro Teixeira and other contributors
 dev,nyc,ISC,Copyright 2015 Contributors

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.33.1",
+  "version": "5.35.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -118,6 +118,7 @@
     "@apollo/server": "^4.11.0",
     "@eslint/eslintrc": "^3.1.0",
     "@eslint/js": "^9.11.1",
+    "@msgpack/msgpack": "^3.0.0-beta3",
     "@stylistic/eslint-plugin-js": "^2.8.0",
     "@types/node": "^16.0.0",
     "autocannon": "^4.5.2",
@@ -142,12 +143,10 @@
     "glob": "^7.1.6",
     "globals": "^15.10.0",
     "graphql": "0.13.2",
-    "int64-buffer": "^0.1.9",
     "jszip": "^3.5.0",
     "knex": "^2.4.2",
     "mkdirp": "^3.0.1",
     "mocha": "^10",
-    "msgpack-lite": "^0.1.26",
     "multer": "^1.4.5-lts.1",
     "nock": "^11.3.3",
     "nyc": "^15.1.0",

package/packages/datadog-instrumentations/src/aws-sdk.js

@@ -40,6 +40,18 @@ function wrapRequest (send) {
   }
 }
 
+function wrapDeserialize (deserialize, channelSuffix) {
+  const headersCh = channel(`apm:aws:response:deserialize:${channelSuffix}`)
+
+  return function (response) {
+    if (headersCh.hasSubscribers) {
+      headersCh.publish({ headers: response.headers })
+    }
+
+    return deserialize.apply(this, arguments)
+  }
+}
+
 function wrapSmithySend (send) {
   return function (command, ...args) {
     const cb = args[args.length - 1]
@@ -61,6 +73,10 @@ function wrapSmithySend (send) {
     const responseStartChannel = channel(`apm:aws:response:start:${channelSuffix}`)
     const responseFinishChannel = channel(`apm:aws:response:finish:${channelSuffix}`)
 
+    if (typeof command.deserialize === 'function') {
+      shimmer.wrap(command, 'deserialize', deserialize => wrapDeserialize(deserialize, channelSuffix))
+    }
+
     return innerAr.runInAsyncScope(() => {
       startCh.publish({
         serviceIdentifier,

package/packages/datadog-instrumentations/src/helpers/hooks.js

@@ -102,6 +102,7 @@ module.exports = {
   oracledb: () => require('../oracledb'),
   openai: () => require('../openai'),
   paperplane: () => require('../paperplane'),
+  passport: () => require('../passport'),
   'passport-http': () => require('../passport-http'),
   'passport-local': () => require('../passport-local'),
   pg: () => require('../pg'),

package/packages/datadog-instrumentations/src/passport.js

@@ -0,0 +1,45 @@
+'use strict'
+
+const shimmer = require('../../datadog-shimmer')
+const { channel, addHook } = require('./helpers/instrument')
+
+const onPassportDeserializeUserChannel = channel('datadog:passport:deserializeUser:finish')
+
+function wrapDone (done) {
+  return function wrappedDone (err, user) {
+    if (!err && user) {
+      const abortController = new AbortController()
+
+      onPassportDeserializeUserChannel.publish({ user, abortController })
+
+      if (abortController.signal.aborted) return
+    }
+
+    return done.apply(this, arguments)
+  }
+}
+
+function wrapDeserializeUser (deserializeUser) {
+  return function wrappedDeserializeUser (fn, req, done) {
+    if (typeof fn === 'function') return deserializeUser.apply(this, arguments)
+
+    if (typeof req === 'function') {
+      done = req
+      arguments[1] = wrapDone(done)
+    } else {
+      arguments[2] = wrapDone(done)
+    }
+
+    return deserializeUser.apply(this, arguments)
+  }
+}
+
+addHook({
+  name: 'passport',
+  file: 'lib/authenticator.js',
+  versions: ['>=0.3.0']
+}, Authenticator => {
+  shimmer.wrap(Authenticator.prototype, 'deserializeUser', wrapDeserializeUser)
+
+  return Authenticator
+})

package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/utils.js

@@ -24,11 +24,23 @@ const PROVIDER = {
 }
 
 class Generation {
-  constructor ({ message = '', finishReason = '', choiceId = '' } = {}) {
+  constructor ({
+    message = '',
+    finishReason = '',
+    choiceId = '',
+    role,
+    inputTokens,
+    outputTokens
+  } = {}) {
     // stringify message as it could be a single generated message as well as a list of embeddings
     this.message = typeof message === 'string' ? message : JSON.stringify(message) || ''
     this.finishReason = finishReason || ''
     this.choiceId = choiceId || undefined
+    this.role = role
+    this.usage = {
+      inputTokens,
+      outputTokens
+    }
   }
 }
 
@@ -202,9 +214,12 @@ function extractTextAndResponseReason (response, provider, modelName) {
           if (generations.length > 0) {
             const generation = generations[0]
             return new Generation({
-              message: generation.message,
+              message: generation.message.content,
               finishReason: generation.finish_reason,
-              choiceId: shouldSetChoiceIds ? generation.id : undefined
+              choiceId: shouldSetChoiceIds ? generation.id : undefined,
+              role: generation.message.role,
+              inputTokens: body.usage?.prompt_tokens,
+              outputTokens: body.usage?.completion_tokens
             })
           }
         }
@@ -214,7 +229,9 @@ function extractTextAndResponseReason (response, provider, modelName) {
           return new Generation({
             message: completion.data?.text,
             finishReason: completion?.finishReason,
-            choiceId: shouldSetChoiceIds ? completion?.id : undefined
+            choiceId: shouldSetChoiceIds ? completion?.id : undefined,
+            inputTokens: body.usage?.prompt_tokens,
+            outputTokens: body.usage?.completion_tokens
           })
         }
         return new Generation()
@@ -226,7 +243,12 @@ function extractTextAndResponseReason (response, provider, modelName) {
         const results = body.results || []
         if (results.length > 0) {
           const result = results[0]
-          return new Generation({ message: result.outputText, finishReason: result.completionReason })
+          return new Generation({
+            message: result.outputText,
+            finishReason: result.completionReason,
+            inputTokens: body.inputTextTokenCount,
+            outputTokens: result.tokenCount
+          })
         }
         break
       }
@@ -252,7 +274,12 @@ function extractTextAndResponseReason (response, provider, modelName) {
         break
       }
       case PROVIDER.META: {
-        return new Generation({ message: body.generation, finishReason: body.stop_reason })
+        return new Generation({
+          message: body.generation,
+          finishReason: body.stop_reason,
+          inputTokens: body.prompt_token_count,
+          outputTokens: body.generation_token_count
+        })
       }
       case PROVIDER.MISTRAL: {
         const mistralGenerations = body.outputs || []

package/packages/datadog-plugin-dd-trace-api/src/index.js

@@ -0,0 +1,120 @@
+'use strict'
+
+const Plugin = require('../../dd-trace/src/plugins/plugin')
+const telemetryMetrics = require('../../dd-trace/src/telemetry/metrics')
+const apiMetrics = telemetryMetrics.manager.namespace('tracers')
+
+// api ==> here
+const objectMap = new WeakMap()
+
+const injectionEnabledTag =
+  `injection_enabled:${process.env.DD_INJECTION_ENABLED ? 'yes' : 'no'}`
+
+module.exports = class DdTraceApiPlugin extends Plugin {
+  static get id () {
+    return 'dd-trace-api'
+  }
+
+  constructor (...args) {
+    super(...args)
+
+    const tracer = this._tracer
+
+    this.addSub('datadog-api:v1:tracerinit', ({ proxy }) => {
+      const proxyVal = proxy()
+      objectMap.set(proxyVal, tracer)
+      objectMap.set(proxyVal.appsec, tracer.appsec)
+      objectMap.set(proxyVal.dogstatsd, tracer.dogstatsd)
+    })
+
+    const handleEvent = (name) => {
+      const counter = apiMetrics.count('dd_trace_api.called', [
+        `name:${name.replaceAll(':', '.')}`,
+        'api_version:v1',
+        injectionEnabledTag
+      ])
+
+      // For v1, APIs are 1:1 with their internal equivalents, so we can just
+      // call the internal method directly. That's what we do here unless we
+      // want to override. As the API evolves, this may change.
+      this.addSub(`datadog-api:v1:${name}`, ({ self, args, ret, proxy, revProxy }) => {
+        counter.inc()
+
+        if (name.includes(':')) {
+          name = name.split(':').pop()
+        }
+
+        if (objectMap.has(self)) {
+          self = objectMap.get(self)
+        }
+
+        for (let i = 0; i < args.length; i++) {
+          if (objectMap.has(args[i])) {
+            args[i] = objectMap.get(args[i])
+          }
+          if (typeof args[i] === 'function') {
+            const orig = args[i]
+            args[i] = (...fnArgs) => {
+              for (let j = 0; j < fnArgs.length; j++) {
+                if (revProxy && revProxy[j]) {
+                  const proxyVal = revProxy[j]()
+                  objectMap.set(proxyVal, fnArgs[j])
+                  fnArgs[j] = proxyVal
+                }
+              }
+              // TODO do we need to apply(this, ...) here?
+              return orig(...fnArgs)
+            }
+          }
+        }
+
+        try {
+          ret.value = self[name](...args)
+          if (proxy) {
+            const proxyVal = proxy()
+            objectMap.set(proxyVal, ret.value)
+            ret.value = proxyVal
+          } else if (ret.value && typeof ret.value === 'object') {
+            throw new TypeError(`Objects need proxies when returned via API (${name})`)
+          }
+        } catch (e) {
+          ret.error = e
+        }
+      })
+    }
+
+    // handleEvent('configure')
+    handleEvent('startSpan')
+    handleEvent('wrap')
+    handleEvent('trace')
+    handleEvent('inject')
+    handleEvent('extract')
+    handleEvent('getRumData')
+    handleEvent('profilerStarted')
+    handleEvent('context:toTraceId')
+    handleEvent('context:toSpanId')
+    handleEvent('context:toTraceparent')
+    handleEvent('span:context')
+    handleEvent('span:setTag')
+    handleEvent('span:addTags')
+    handleEvent('span:finish')
+    handleEvent('span:addLink')
+    handleEvent('scope')
+    handleEvent('scope:activate')
+    handleEvent('scope:active')
+    handleEvent('scope:bind')
+    handleEvent('appsec:blockRequest')
+    handleEvent('appsec:isUserBlocked')
+    handleEvent('appsec:setUser')
+    handleEvent('appsec:trackCustomEvent')
+    handleEvent('appsec:trackUserLoginFailureEvent')
+    handleEvent('appsec:trackUserLoginSuccessEvent')
+    handleEvent('dogstatsd:decrement')
+    handleEvent('dogstatsd:distribution')
+    handleEvent('dogstatsd:flush')
+    handleEvent('dogstatsd:gauge')
+    handleEvent('dogstatsd:histogram')
+    handleEvent('dogstatsd:increment')
+    handleEvent('use')
+  }
+}

package/packages/datadog-plugin-graphql/src/execute.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing')
+const { extractErrorIntoSpanEvent } = require('./utils')
 
 let tools
 
@@ -34,6 +35,11 @@ class GraphQLExecutePlugin extends TracingPlugin {
   finish ({ res, args }) {
     const span = this.activeSpan
     this.config.hooks.execute(span, args, res)
+    if (res?.errors) {
+      for (const err of res.errors) {
+        extractErrorIntoSpanEvent(this._tracerConfig, span, err)
+      }
+    }
     super.finish()
   }
 }

package/packages/datadog-plugin-graphql/src/utils.js

@@ -0,0 +1,40 @@
+function extractErrorIntoSpanEvent (config, span, exc) {
+  const attributes = {}
+
+  if (exc.name) {
+    attributes.type = exc.name
+  }
+
+  if (exc.stack) {
+    attributes.stacktrace = exc.stack
+  }
+
+  if (exc.locations) {
+    attributes.locations = []
+    for (const location of exc.locations) {
+      attributes.locations.push(`${location.line}:${location.column}`)
+    }
+  }
+
+  if (exc.path) {
+    attributes.path = exc.path.map(String)
+  }
+
+  if (exc.message) {
+    attributes.message = exc.message
+  }
+
+  if (config.graphqlErrorExtensions) {
+    for (const ext of config.graphqlErrorExtensions) {
+      if (exc.extensions?.[ext]) {
+        attributes[`extensions.${ext}`] = exc.extensions[ext].toString()
+      }
+    }
+  }
+
+  span.addEvent('dd.graphql.query.error', attributes, Date.now())
+}
+
+module.exports = {
+  extractErrorIntoSpanEvent
+}

package/packages/datadog-plugin-graphql/src/validate.js

@@ -1,6 +1,7 @@
 'use strict'
 
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing')
+const { extractErrorIntoSpanEvent } = require('./utils')
 
 class GraphQLValidatePlugin extends TracingPlugin {
   static get id () { return 'graphql' }
@@ -21,6 +22,11 @@ class GraphQLValidatePlugin extends TracingPlugin {
   finish ({ document, errors }) {
     const span = this.activeSpan
     this.config.hooks.validate(span, document, errors)
+    if (errors) {
+      for (const err of errors) {
+        extractErrorIntoSpanEvent(this._tracerConfig, span, err)
+      }
+    }
     super.finish()
   }
 }

package/packages/dd-trace/src/appsec/blocking.js

@@ -115,7 +115,10 @@ function block (req, res, rootSpan, abortController, actionParameters = defaultB
     res.removeHeader(headerName)
   }
 
-  res.writeHead(statusCode, headers).end(body)
+  res.writeHead(statusCode, headers)
+
+  // this is needed to call the original end method, since express-session replaces it
+  res.constructor.prototype.end.call(res, body)
 
   responseBlockedSet.add(res)
 

package/packages/dd-trace/src/appsec/channels.js

@@ -14,6 +14,7 @@ module.exports = {
   incomingHttpRequestStart: dc.channel('dd-trace:incomingHttpRequestStart'),
   incomingHttpRequestEnd: dc.channel('dd-trace:incomingHttpRequestEnd'),
   passportVerify: dc.channel('datadog:passport:verify:finish'),
+  passportUser: dc.channel('datadog:passport:deserializeUser:finish'),
   queryParser: dc.channel('datadog:query:read:finish'),
   setCookieChannel: dc.channel('datadog:iast:set-cookie'),
   nextBodyParsed: dc.channel('apm:next:body-parsed'),

package/packages/dd-trace/src/appsec/iast/analyzers/code-injection-analyzer.js

@@ -2,14 +2,32 @@
 
 const InjectionAnalyzer = require('./injection-analyzer')
 const { CODE_INJECTION } = require('../vulnerabilities')
+const { INSTRUMENTED_SINK } = require('../telemetry/iast-metric')
+const { storage } = require('../../../../../datadog-core')
+const { getIastContext } = require('../iast-context')
 
 class CodeInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {
     super(CODE_INJECTION)
+    this.evalInstrumentedInc = false
   }
 
   onConfigure () {
-    this.addSub('datadog:eval:call', ({ script }) => this.analyze(script))
+    this.addSub('datadog:eval:call', ({ script }) => {
+      if (!this.evalInstrumentedInc) {
+        const store = storage.getStore()
+        const iastContext = getIastContext(store)
+        const tags = INSTRUMENTED_SINK.formatTags(CODE_INJECTION)
+
+        for (const tag of tags) {
+          INSTRUMENTED_SINK.inc(iastContext, tag)
+        }
+
+        this.evalInstrumentedInc = true
+      }
+
+      this.analyze(script)
+    })
     this.addSub('datadog:vm:run-script:start', ({ code }) => this.analyze(code))
     this.addSub('datadog:vm:source-text-module:start', ({ code }) => this.analyze(code))
   }

package/packages/dd-trace/src/appsec/iast/analyzers/weak-hash-analyzer.js

@@ -22,7 +22,8 @@ const EXCLUDED_LOCATIONS = getNodeModulesPaths(
   'sqreen/lib/package-reader/index.js',
   'ws/lib/websocket-server.js',
   'google-gax/build/src/grpc.js',
-  'cookie-signature/index.js'
+  'cookie-signature/index.js',
+  'express-session/index.js'
 )
 
 const EXCLUDED_PATHS_FROM_STACK = [

package/packages/dd-trace/src/appsec/index.js

@@ -10,6 +10,7 @@ const {
   incomingHttpRequestStart,
   incomingHttpRequestEnd,
   passportVerify,
+  passportUser,
   queryParser,
   nextBodyParsed,
   nextQueryParsed,
@@ -67,6 +68,7 @@ function enable (_config) {
     incomingHttpRequestStart.subscribe(incomingHttpStartTranslator)
     incomingHttpRequestEnd.subscribe(incomingHttpEndTranslator)
     passportVerify.subscribe(onPassportVerify) // possible optimization: only subscribe if collection mode is enabled
+    passportUser.subscribe(onPassportDeserializeUser)
     queryParser.subscribe(onRequestQueryParsed)
     nextBodyParsed.subscribe(onRequestBodyParsed)
     nextQueryParsed.subscribe(onRequestQueryParsed)
@@ -197,6 +199,20 @@ function onPassportVerify ({ framework, login, user, success, abortController })
   handleResults(results, store.req, store.req.res, rootSpan, abortController)
 }
 
+function onPassportDeserializeUser ({ user, abortController }) {
+  const store = storage.getStore()
+  const rootSpan = store?.req && web.root(store.req)
+
+  if (!rootSpan) {
+    log.warn('[ASM] No rootSpan found in onPassportDeserializeUser')
+    return
+  }
+
+  const results = UserTracking.trackUser(user, rootSpan)
+
+  handleResults(results, store.req, store.req.res, rootSpan, abortController)
+}
+
 function onRequestQueryParsed ({ req, res, query, abortController }) {
   if (!query || typeof query !== 'object') return
 
@@ -310,6 +326,7 @@ function disable () {
   if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(incomingHttpStartTranslator)
   if (incomingHttpRequestEnd.hasSubscribers) incomingHttpRequestEnd.unsubscribe(incomingHttpEndTranslator)
   if (passportVerify.hasSubscribers) passportVerify.unsubscribe(onPassportVerify)
+  if (passportUser.hasSubscribers) passportUser.unsubscribe(onPassportDeserializeUser)
   if (queryParser.hasSubscribers) queryParser.unsubscribe(onRequestQueryParsed)
   if (nextBodyParsed.hasSubscribers) nextBodyParsed.unsubscribe(onRequestBodyParsed)
   if (nextQueryParsed.hasSubscribers) nextQueryParsed.unsubscribe(onRequestQueryParsed)

package/packages/dd-trace/src/appsec/sdk/set_user.js

@@ -2,6 +2,8 @@
 
 const { getRootSpan } = require('./utils')
 const log = require('../../log')
+const waf = require('../waf')
+const addresses = require('../addresses')
 
 function setUserTags (user, rootSpan) {
   for (const k of Object.keys(user)) {
@@ -22,6 +24,13 @@ function setUser (tracer, user) {
   }
 
   setUserTags(user, rootSpan)
+  rootSpan.setTag('_dd.appsec.user.collection_mode', 'sdk')
+
+  waf.run({
+    persistent: {
+      [addresses.USER_ID]: '' + user.id
+    }
+  })
 }
 
 module.exports = {

package/packages/dd-trace/src/appsec/sdk/user_blocking.js

@@ -23,6 +23,7 @@ function checkUserAndSetUser (tracer, user) {
   if (rootSpan) {
     if (!rootSpan.context()._tags['usr.id']) {
       setUserTags(user, rootSpan)
+      rootSpan.setTag('_dd.appsec.user.collection_mode', 'sdk')
     }
   } else {
     log.warn('[ASM] Root span not available in isUserBlocked')

package/packages/dd-trace/src/appsec/telemetry.js

@@ -186,6 +186,15 @@ function incrementMissingUserLoginMetric (framework, eventType) {
   }).inc()
 }
 
+function incrementMissingUserIdMetric (framework, eventType) {
+  if (!enabled) return
+
+  appsecMetrics.count('instrum.user_auth.missing_user_id', {
+    framework,
+    event_type: eventType
+  }).inc()
+}
+
 function getRequestMetrics (req) {
   if (req) {
     const store = getStore(req)
@@ -203,6 +212,7 @@ module.exports = {
   incrementWafUpdatesMetric,
   incrementWafRequestsMetric,
   incrementMissingUserLoginMetric,
+  incrementMissingUserIdMetric,
 
   getRequestMetrics
 }

package/packages/dd-trace/src/appsec/user_tracking.js

@@ -53,6 +53,8 @@ function obfuscateIfNeeded (str) {
 function getUserId (user) {
   if (!user) return
 
+  // should we iterate on user keys instead to be case insensitive ?
+  // but if we iterate over user then we're missing the inherited props ?
   for (const field of USER_ID_FIELDS) {
     let id = user[field]
 
@@ -73,11 +75,6 @@ function getUserId (user) {
 function trackLogin (framework, login, user, success, rootSpan) {
   if (!collectionMode || collectionMode === 'disabled') return
 
-  if (!rootSpan) {
-    log.error('[ASM] No rootSpan found in AppSec trackLogin')
-    return
-  }
-
   if (typeof login !== 'string') {
     log.error('[ASM] Invalid login provided to AppSec trackLogin')
 
@@ -162,7 +159,36 @@ function trackLogin (framework, login, user, success, rootSpan) {
   return waf.run({ persistent })
 }
 
+function trackUser (user, rootSpan) {
+  if (!collectionMode || collectionMode === 'disabled') return
+
+  const userId = getUserId(user)
+  if (!userId) {
+    log.error('[ASM] No valid user ID found in AppSec trackUser')
+    telemetry.incrementMissingUserIdMetric('passport', 'authenticated_request')
+    return
+  }
+
+  rootSpan.setTag('_dd.appsec.usr.id', userId)
+
+  const isSdkCalled = rootSpan.context()._tags['_dd.appsec.user.collection_mode'] === 'sdk'
+  // do not override SDK
+  if (!isSdkCalled) {
+    rootSpan.addTags({
+      'usr.id': userId,
+      '_dd.appsec.user.collection_mode': collectionMode
+    })
+
+    return waf.run({
+      persistent: {
+        [addresses.USER_ID]: userId
+      }
+    })
+  }
+}
+
 module.exports = {
   setCollectionMode,
-  trackLogin
+  trackLogin,
+  trackUser
 }

package/packages/dd-trace/src/config.js

@@ -482,6 +482,7 @@ class Config {
     this._setValue(defaults, 'flushInterval', 2000)
     this._setValue(defaults, 'flushMinSpans', 1000)
     this._setValue(defaults, 'gitMetadataEnabled', true)
+    this._setValue(defaults, 'graphqlErrorExtensions', [])
     this._setValue(defaults, 'grpc.client.error.statuses', GRPC_CLIENT_ERROR_STATUSES)
     this._setValue(defaults, 'grpc.server.error.statuses', GRPC_SERVER_ERROR_STATUSES)
     this._setValue(defaults, 'headerTags', [])
@@ -521,6 +522,7 @@ class Config {
     this._setValue(defaults, 'lookup', undefined)
     this._setValue(defaults, 'inferredProxyServicesEnabled', false)
     this._setValue(defaults, 'memcachedCommandEnabled', false)
+    this._setValue(defaults, 'middlewareTracingEnabled', true)
     this._setValue(defaults, 'openAiLogsEnabled', false)
     this._setValue(defaults, 'openai.spanCharLimit', 128)
     this._setValue(defaults, 'peerServiceMapping', {})
@@ -669,9 +671,11 @@ class Config {
       DD_TRACE_EXPERIMENTAL_RUNTIME_ID_ENABLED,
       DD_TRACE_GIT_METADATA_ENABLED,
       DD_TRACE_GLOBAL_TAGS,
+      DD_TRACE_GRAPHQL_ERROR_EXTENSIONS,
       DD_TRACE_HEADER_TAGS,
       DD_TRACE_LEGACY_BAGGAGE_ENABLED,
       DD_TRACE_MEMCACHED_COMMAND_ENABLED,
+      DD_TRACE_MIDDLEWARE_TRACING_ENABLED,
       DD_TRACE_OBFUSCATION_QUERY_STRING_REGEXP,
       DD_TRACE_PARTIAL_FLUSH_MIN_SPANS,
       DD_TRACE_PEER_SERVICE_MAPPING,
@@ -804,6 +808,7 @@ class Config {
     this._setBoolean(env, 'logInjection', DD_LOGS_INJECTION)
     // Requires an accompanying DD_APM_OBFUSCATION_MEMCACHED_KEEP_COMMAND=true in the agent
     this._setBoolean(env, 'memcachedCommandEnabled', DD_TRACE_MEMCACHED_COMMAND_ENABLED)
+    this._setBoolean(env, 'middlewareTracingEnabled', DD_TRACE_MIDDLEWARE_TRACING_ENABLED)
     this._setBoolean(env, 'openAiLogsEnabled', DD_OPENAI_LOGS_ENABLED)
     this._setValue(env, 'openai.spanCharLimit', maybeInt(DD_OPENAI_SPAN_CHAR_LIMIT))
     this._envUnprocessed.openaiSpanCharLimit = DD_OPENAI_SPAN_CHAR_LIMIT
@@ -895,6 +900,7 @@ class Config {
     this._setString(env, 'version', DD_VERSION || tags.version)
     this._setBoolean(env, 'inferredProxyServicesEnabled', DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED)
     this._setString(env, 'aws.dynamoDb.tablePrimaryKeys', DD_AWS_SDK_DYNAMODB_TABLE_PRIMARY_KEYS)
+    this._setArray(env, 'graphqlErrorExtensions', DD_TRACE_GRAPHQL_ERROR_EXTENSIONS)
   }
 
   _applyOptions (options) {
@@ -986,6 +992,7 @@ class Config {
     this._setString(opts, 'llmobs.mlApp', options.llmobs?.mlApp)
     this._setBoolean(opts, 'logInjection', options.logInjection)
     this._setString(opts, 'lookup', options.lookup)
+    this._setBoolean(opts, 'middlewareTracingEnabled', options.middlewareTracingEnabled)
     this._setBoolean(opts, 'openAiLogsEnabled', options.openAiLogsEnabled)
     this._setValue(opts, 'peerServiceMapping', options.peerServiceMapping)
     this._setBoolean(opts, 'plugins', options.plugins)
@@ -1020,6 +1027,7 @@ class Config {
     this._setBoolean(opts, 'traceId128BitLoggingEnabled', options.traceId128BitLoggingEnabled)
     this._setString(opts, 'version', options.version || tags.version)
     this._setBoolean(opts, 'inferredProxyServicesEnabled', options.inferredProxyServicesEnabled)
+    this._setBoolean(opts, 'graphqlErrorExtensions', options.graphqlErrorExtensions)
 
     // For LLMObs, we want the environment variable to take precedence over the options.
     // This is reliant on environment config being set before options.

package/packages/dd-trace/src/debugger/devtools_client/state.js

@@ -2,6 +2,8 @@
 
 const session = require('./session')
 
+const WINDOWS_DRIVE_LETTER_REGEX = /[a-zA-Z]/
+
 const scriptIds = []
 const scriptUrls = new Map()
 
@@ -10,26 +12,79 @@ module.exports = {
   breakpoints: new Map(),
 
   /**
-   * Find the matching script that can be inspected based on a partial path.
-   *
-   * Algorithm: Find the sortest url that ends in the requested path.
-   *
-   * Will identify the correct script as long as Node.js doesn't load a module from a `node_modules` folder outside the
-   * project root. If so, there's a risk that this path is shorter than the expected path inside the project root.
-   * Example of mismatch where path = `index.js`:
-   *
-   * Expected match:       /www/code/my-projects/demo-project1/index.js
-   * Actual shorter match: /www/node_modules/dd-trace/index.js
-   *
-   * To fix this, specify a more unique file path, e.g `demo-project1/index.js` instead of `index.js`
+   * Find the script to inspect based on a partial or absolute path. Handles both Windows and POSIX paths.
    *
-   * @param {string} path
-   * @returns {[string, string] | undefined}
+   * @param {string} path - Partial or absolute path to match against loaded scripts
+   * @returns {[string, string, string | undefined] | null} - Array containing [url, scriptId, sourceMapURL]
+   *   or null if no match
    */
   findScriptFromPartialPath (path) {
-    return scriptIds
-      .filter(([url]) => url.endsWith(path))
-      .sort(([a], [b]) => a.length - b.length)[0]
+    if (!path) return null // This shouldn't happen, but better safe than sorry
+
+    path = path.toLowerCase()
+
+    const bestMatch = new Array(3)
+    let maxMatchLength = -1
+
+    for (const [url, scriptId, sourceMapURL] of scriptIds) {
+      let i = url.length - 1
+      let j = path.length - 1
+      let matchLength = 0
+      let lastBoundaryPos = -1
+      let atBoundary = false
+
+      // Compare characters from the end
+      while (i >= 0 && j >= 0) {
+        const urlChar = url[i].toLowerCase()
+        const pathChar = path[j]
+
+        // Check if both characters is a path boundary
+        const isBoundary = (urlChar === '/' || urlChar === '\\') && (pathChar === '/' || pathChar === '\\' ||
+          (j === 1 && pathChar === ':' && WINDOWS_DRIVE_LETTER_REGEX.test(path[0])))
+
+        // If both are boundaries, or if characters match exactly
+        if (isBoundary || urlChar === pathChar) {
+          if (isBoundary) {
+            atBoundary = true
+            lastBoundaryPos = matchLength
+          } else {
+            atBoundary = false
+          }
+          matchLength++
+          i--
+          j--
+        } else {
+          break
+        }
+      }
+
+      // If we've matched the entire path pattern, ensure it starts at a path boundary
+      if (j === -1) {
+        if (i >= 0) {
+          // If there are more characters in the URL, the next one must be a slash
+          if (url[i] === '/' || url[i] === '\\') {
+            atBoundary = true
+            lastBoundaryPos = matchLength
+          }
+        } else {
+          atBoundary = true
+          lastBoundaryPos = matchLength
+        }
+      }
+
+      // If we found a valid match and it's better than our previous best
+      if (atBoundary && (
+        lastBoundaryPos > maxMatchLength ||
+        (lastBoundaryPos === maxMatchLength && url.length < bestMatch[0].length) // Prefer shorter paths
+      )) {
+        maxMatchLength = lastBoundaryPos
+        bestMatch[0] = url
+        bestMatch[1] = scriptId
+        bestMatch[2] = sourceMapURL
+      }
+    }
+
+    return maxMatchLength > -1 ? bestMatch : null
   },
 
   getStackFromCallFrames (callFrames) {

package/packages/dd-trace/src/id.js

@@ -15,7 +15,6 @@ let batch = 0
 // Internal representation of a trace or span ID.
 class Identifier {
   constructor (value, radix = 16) {
-    this._isUint64BE = true // msgpack-lite compatibility
     this._buffer = radix === 16
       ? createBuffer(value)
       : fromString(value, radix)
@@ -31,7 +30,6 @@ class Identifier {
     return this._buffer
   }
 
-  // msgpack-lite compatibility
   toArray () {
     if (this._buffer.length === 8) {
       return this._buffer

package/packages/dd-trace/src/llmobs/plugins/bedrockruntime.js

@@ -8,7 +8,9 @@ const {
   parseModelId
 } = require('../../../../datadog-plugin-aws-sdk/src/services/bedrockruntime/utils')
 
-const enabledOperations = ['invokeModel']
+const ENABLED_OPERATIONS = ['invokeModel']
+
+const requestIdsToTokens = {}
 
 class BedrockRuntimeLLMObsPlugin extends BaseLLMObsPlugin {
   constructor () {
@@ -18,7 +20,7 @@ class BedrockRuntimeLLMObsPlugin extends BaseLLMObsPlugin {
       const request = response.request
       const operation = request.operation
       // avoids instrumenting other non supported runtime operations
-      if (!enabledOperations.includes(operation)) {
+      if (!ENABLED_OPERATIONS.includes(operation)) {
         return
       }
       const { modelProvider, modelName } = parseModelId(request.params.modelId)
@@ -30,6 +32,17 @@ class BedrockRuntimeLLMObsPlugin extends BaseLLMObsPlugin {
       const span = storage.getStore()?.span
       this.setLLMObsTags({ request, span, response, modelProvider, modelName })
     })
+
+    this.addSub('apm:aws:response:deserialize:bedrockruntime', ({ headers }) => {
+      const requestId = headers['x-amzn-requestid']
+      const inputTokenCount = headers['x-amzn-bedrock-input-token-count']
+      const outputTokenCount = headers['x-amzn-bedrock-output-token-count']
+
+      requestIdsToTokens[requestId] = {
+        inputTokensFromHeaders: inputTokenCount && parseInt(inputTokenCount),
+        outputTokensFromHeaders: outputTokenCount && parseInt(outputTokenCount)
+      }
+    })
   }
 
   setLLMObsTags ({ request, span, response, modelProvider, modelName }) {
@@ -52,7 +65,39 @@ class BedrockRuntimeLLMObsPlugin extends BaseLLMObsPlugin {
     })
 
     // add I/O tags
-    this._tagger.tagLLMIO(span, requestParams.prompt, textAndResponseReason.message)
+    this._tagger.tagLLMIO(
+      span,
+      requestParams.prompt,
+      [{ content: textAndResponseReason.message, role: textAndResponseReason.role }]
+    )
+
+    // add token metrics
+    const { inputTokens, outputTokens, totalTokens } = extractTokens({
+      requestId: response.$metadata.requestId,
+      usage: textAndResponseReason.usage
+    })
+    this._tagger.tagMetrics(span, {
+      inputTokens,
+      outputTokens,
+      totalTokens
+    })
+  }
+}
+
+function extractTokens ({ requestId, usage }) {
+  const {
+    inputTokensFromHeaders,
+    outputTokensFromHeaders
+  } = requestIdsToTokens[requestId] || {}
+  delete requestIdsToTokens[requestId]
+
+  const inputTokens = usage.inputTokens || inputTokensFromHeaders || 0
+  const outputTokens = usage.outputTokens || outputTokensFromHeaders || 0
+
+  return {
+    inputTokens,
+    outputTokens,
+    totalTokens: inputTokens + outputTokens
   }
 }
 

package/packages/dd-trace/src/plugin_manager.js

@@ -31,6 +31,9 @@ loadChannel.subscribe(({ name }) => {
 // Globals
 maybeEnable(require('../../datadog-plugin-fetch/src'))
 
+// Always enabled
+maybeEnable(require('../../datadog-plugin-dd-trace-api/src'))
+
 function maybeEnable (Plugin) {
   if (!Plugin || typeof Plugin !== 'function') return
   if (!pluginClasses[Plugin.id]) {
@@ -139,7 +142,8 @@ module.exports = class PluginManager {
       memcachedCommandEnabled,
       ciVisibilityTestSessionName,
       ciVisAgentlessLogSubmissionEnabled,
-      isTestDynamicInstrumentationEnabled
+      isTestDynamicInstrumentationEnabled,
+      middlewareTracingEnabled
     } = this._tracerConfig
 
     const sharedConfig = {
@@ -170,6 +174,13 @@ module.exports = class PluginManager {
       sharedConfig.clientIpEnabled = clientIpEnabled
     }
 
+    // For the global setting, we use the name `middlewareTracingEnabled`, but
+    // for the plugin-specific setting, we use `middleware`. They mean the same
+    // to an individual plugin, so we normalize them here.
+    if (middlewareTracingEnabled !== undefined) {
+      sharedConfig.middleware = middlewareTracingEnabled
+    }
+
     return sharedConfig
   }
 }

package/packages/dd-trace/src/plugins/index.js

@@ -34,6 +34,7 @@ module.exports = {
   get couchbase () { return require('../../../datadog-plugin-couchbase/src') },
   get cypress () { return require('../../../datadog-plugin-cypress/src') },
   get dns () { return require('../../../datadog-plugin-dns/src') },
+  get 'dd-trace-api' () { return require('../../../datadog-plugin-dd-trace-api/src') },
   get elasticsearch () { return require('../../../datadog-plugin-elasticsearch/src') },
   get express () { return require('../../../datadog-plugin-express/src') },
   get fastify () { return require('../../../datadog-plugin-fastify/src') },