npm - dd-trace - Versions diffs - 5.35.0 → 5.37.0 - Mend

dd-trace 5.35.0 → 5.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (125) hide show

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -1,18 +1,23 @@
 'use strict'
 const Module = require('module')
+const { pathToFileURL } = require('url')
+const { MessageChannel } = require('worker_threads')
 const shimmer = require('../../../../../datadog-shimmer')
 const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
-const { getRewriteFunction } = require('./rewriter-telemetry')
+const { getRewriteFunction, incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
 const dc = require('dc-polyfill')
 const log = require('../../../log')
+const { isMainThread } = require('worker_threads')
+const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter
-let getPrepareStackTrace
+let getPrepareStackTrace, cacheRewrittenSourceMap
 let kSymbolPrepareStackTrace
+let esmRewriterEnabled = false
 let getRewriterOriginalPathAndLineFromSourceMap = function (path, line, column) {
   return { path, line, column }
@@ -46,6 +51,7 @@ function getRewriter (telemetryVerbosity) {
       const Rewriter = iastRewriter.Rewriter
       getPrepareStackTrace = iastRewriter.getPrepareStackTrace
       kSymbolPrepareStackTrace = iastRewriter.kSymbolPrepareStackTrace
+      cacheRewrittenSourceMap = iastRewriter.cacheRewrittenSourceMap
       const chainSourceMap = isFlagPresent('--enable-source-maps')
       const getOriginalPathAndLineFromSourceMap = iastRewriter.getOriginalPathAndLineFromSourceMap
@@ -104,6 +110,24 @@ function getCompileMethodFn (compileMethod) {
   }
 }
+function esmRewritePostProcess (rewritten, filename) {
+  const { literalsResult, metrics } = rewritten
+  if (metrics?.status === 'modified') {
+    if (filename.startsWith('file://')) {
+      filename = filename.substring(7)
+    }
+    cacheRewrittenSourceMap(filename, rewritten.content)
+  }
+  incrementTelemetryIfNeeded(metrics)
+  if (literalsResult && hardcodedSecretCh.hasSubscribers) {
+    hardcodedSecretCh.publish(literalsResult)
+  }
+}
 function enableRewriter (telemetryVerbosity) {
   try {
     const rewriter = getRewriter(telemetryVerbosity)
@@ -114,11 +138,65 @@ function enableRewriter (telemetryVerbosity) {
       }
       shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
     }
+    enableEsmRewriter(telemetryVerbosity)
   } catch (e) {
     log.error('[ASM] Error enabling TaintTracking Rewriter', e)
   }
 }
+function isEsmConfigured () {
+  const hasLoaderArg = isFlagPresent('--loader') || isFlagPresent('--experimental-loader')
+  if (hasLoaderArg) return true
+  const initializeLoaded = Object.keys(require.cache).find(file => file.includes('import-in-the-middle/hook.js'))
+  return !!initializeLoaded
+}
+function enableEsmRewriter (telemetryVerbosity) {
+  if (isMainThread && Module.register && !esmRewriterEnabled && isEsmConfigured()) {
+    esmRewriterEnabled = true
+    const { port1, port2 } = new MessageChannel()
+    port1.on('message', (message) => {
+      const { type, data } = message
+      switch (type) {
+        case LOG_MESSAGE:
+          log[data.level]?.(...data.messages)
+          break
+        case REWRITTEN_MESSAGE:
+          esmRewritePostProcess(data.rewritten, data.url)
+          break
+      }
+    })
+    port1.unref()
+    port2.unref()
+    const chainSourceMap = isFlagPresent('--enable-source-maps')
+    const data = {
+      port: port2,
+      csiMethods,
+      telemetryVerbosity,
+      chainSourceMap
+    }
+    try {
+      Module.register('./rewriter-esm.mjs', {
+        parentURL: pathToFileURL(__filename),
+        transferList: [port2],
+        data
+      })
+    } catch (e) {
+      log.error('[ASM] Error enabling ESM Rewriter', e)
+      port1.close()
+      port2.close()
+    }
+  }
+}
 function disableRewriter () {
   shimmer.unwrap(Module.prototype, '_compile')

package/packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks-generator.js CHANGED Viewed

@@ -3,7 +3,7 @@
 let next = 0
 function getNextSecureMark () {
-  return 1 << next++
+  return (1 << next++) >>> 0
 }
 function reset () {

package/packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks.js ADDED Viewed

@@ -0,0 +1,28 @@
+'use strict'
+const vulnerabilities = require('../vulnerabilities')
+const { getNextSecureMark } = require('./secure-marks-generator')
+const marks = {}
+Object.keys(vulnerabilities).forEach(vulnerability => {
+  marks[vulnerability + '_MARK'] = getNextSecureMark()
+})
+let asterisk = 0x0
+Object.values(marks).forEach(mark => { asterisk |= mark })
+marks.ASTERISK_MARK = asterisk
+marks.CUSTOM_SECURE_MARK = getNextSecureMark()
+function getMarkFromVulnerabilityType (vulnerabilityType) {
+  vulnerabilityType = vulnerabilityType?.trim()
+  const mark = vulnerabilityType === '*' ? 'ASTERISK_MARK' : vulnerabilityType + '_MARK'
+  return marks[mark]
+}
+module.exports = {
+  ...marks,
+  getMarkFromVulnerabilityType,
+  ALL: marks
+}

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -39,7 +39,7 @@ function getTransactionId (iastContext) {
 }
 function getContextDefault () {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   return iastContextFunctions.getIastContext(store)
 }

package/packages/dd-trace/src/appsec/iast/telemetry/iast-metric.js CHANGED Viewed

@@ -83,6 +83,9 @@ const REQUEST_TAINTED = new NoTaggedIastMetric('request.tainted', Scope.REQUEST)
 const EXECUTED_PROPAGATION = new NoTaggedIastMetric('executed.propagation', Scope.REQUEST)
 const EXECUTED_TAINTED = new NoTaggedIastMetric('executed.tainted', Scope.REQUEST)
+const SUPPRESSED_VULNERABILITIES = new IastMetric('suppressed.vulnerabilities', Scope.REQUEST,
+  TagKey.VULNERABILITY_TYPE)
 module.exports = {
   INSTRUMENTED_PROPAGATION,
   INSTRUMENTED_SOURCE,
@@ -95,6 +98,8 @@ module.exports = {
   REQUEST_TAINTED,
+  SUPPRESSED_VULNERABILITIES,
   PropagationType,
   TagKey,

package/packages/dd-trace/src/appsec/iast/utils.js ADDED Viewed

@@ -0,0 +1,24 @@
+'use strict'
+function iterateObjectStrings (target, fn, levelKeys = [], depth = 20, visited = new Set()) {
+  if (target !== null && typeof target === 'object') {
+    if (visited.has(target)) return
+    visited.add(target)
+    Object.keys(target).forEach((key) => {
+      const nextLevelKeys = [...levelKeys, key]
+      const val = target[key]
+      if (typeof val === 'string') {
+        fn(val, nextLevelKeys, target, key)
+      } else if (depth > 0) {
+        iterateObjectStrings(val, fn, nextLevelKeys, depth - 1, visited)
+      }
+    })
+  }
+}
+module.exports = {
+  iterateObjectStrings
+}

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js CHANGED Viewed

@@ -81,21 +81,16 @@ class VulnerabilityFormatter {
   }
   formatVulnerability (vulnerability, sourcesIndexes, sources) {
+    const { type, hash, stackId, evidence, location } = vulnerability
     const formattedVulnerability = {
-      type: vulnerability.type,
-      hash: vulnerability.hash,
-      stackId: vulnerability.stackId,
-      evidence: this.formatEvidence(vulnerability.type, vulnerability.evidence, sourcesIndexes, sources),
-      location: {
-        spanId: vulnerability.location.spanId
-      }
-    }
-    if (vulnerability.location.path) {
-      formattedVulnerability.location.path = vulnerability.location.path
-    }
-    if (vulnerability.location.line) {
-      formattedVulnerability.location.line = vulnerability.location.line
+      type,
+      hash,
+      stackId,
+      evidence: this.formatEvidence(type, evidence, sourcesIndexes, sources),
+      location
     }
     return formattedVulnerability
   }

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED Viewed

@@ -131,6 +131,7 @@ function replaceCallSiteFromSourceMap (callsite) {
     if (line) {
       callsite.line = line
     }
+    // We send the column in the stack trace but not in the vulnerability location
     if (column) {
       callsite.column = column
     }

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -91,7 +91,7 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   if (body === undefined || body === null) return
   if (!req) {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     req = store?.req
   }
@@ -186,7 +186,7 @@ function incomingHttpEndTranslator ({ req, res }) {
 }
 function onPassportVerify ({ framework, login, user, success, abortController }) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const rootSpan = store?.req && web.root(store.req)
   if (!rootSpan) {
@@ -200,7 +200,7 @@ function onPassportVerify ({ framework, login, user, success, abortController })
 }
 function onPassportDeserializeUser ({ user, abortController }) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const rootSpan = store?.req && web.root(store.req)
   if (!rootSpan) {
@@ -217,7 +217,7 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   if (!query || typeof query !== 'object') return
   if (!req) {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     req = store?.req
   }

package/packages/dd-trace/src/appsec/rasp/command_injection.js CHANGED Viewed

@@ -27,24 +27,24 @@ function disable () {
 function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
   if (!file) return
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const req = store?.req
   if (!req) return
-  const persistent = {}
+  const ephemeral = {}
   const raspRule = { type: RULE_TYPES.COMMAND_INJECTION }
   const params = fileArgs ? [file, ...fileArgs] : file
   if (shell) {
-    persistent[addresses.SHELL_COMMAND] = params
+    ephemeral[addresses.SHELL_COMMAND] = params
     raspRule.variant = 'shell'
   } else {
     const commandParams = Array.isArray(params) ? params : [params]
-    persistent[addresses.EXEC_COMMAND] = commandParams
+    ephemeral[addresses.EXEC_COMMAND] = commandParams
     raspRule.variant = 'exec'
   }
-  const result = waf.run({ persistent }, req, raspRule)
+  const result = waf.run({ ephemeral }, req, raspRule)
   const res = store?.res
   handleResult(result, req, res, abortController, config)

package/packages/dd-trace/src/appsec/rasp/fs-plugin.js CHANGED Viewed

@@ -14,9 +14,9 @@ const enabledFor = {
 let fsPlugin
-function enterWith (fsProps, store = storage.getStore()) {
+function enterWith (fsProps, store = storage('legacy').getStore()) {
   if (store && !store.fs?.opExcluded) {
-    storage.enterWith({
+    storage('legacy').enterWith({
       ...store,
       fs: {
         ...store.fs,
@@ -42,7 +42,7 @@ class AppsecFsPlugin extends Plugin {
   }
   _onFsOperationStart () {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     if (store) {
       enterWith({ root: store.fs?.root === undefined }, store)
     }
@@ -53,9 +53,9 @@ class AppsecFsPlugin extends Plugin {
   }
   _onFsOperationFinishOrRenderEnd () {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     if (store?.fs?.parentStore) {
-      storage.enterWith(store.fs.parentStore)
+      storage('legacy').enterWith(store.fs.parentStore)
     }
   }
 }

package/packages/dd-trace/src/appsec/rasp/lfi.js CHANGED Viewed

@@ -47,20 +47,20 @@ function onFirstReceivedRequest () {
 }
 function analyzeLfi (ctx) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   if (!store) return
   const { req, fs, res } = store
   if (!req || !fs) return
   getPaths(ctx, fs).forEach(path => {
-    const persistent = {
+    const ephemeral = {
       [FS_OPERATION_PATH]: path
     }
     const raspRule = { type: RULE_TYPES.LFI }
-    const result = waf.run({ persistent }, req, raspRule)
+    const result = waf.run({ ephemeral }, req, raspRule)
     handleResult(result, req, res, ctx.abortController, config)
   })
 }

package/packages/dd-trace/src/appsec/rasp/sql_injection.js CHANGED Viewed

@@ -49,7 +49,7 @@ function analyzePgSqlInjection (ctx) {
 }
 function analyzeSqlInjection (query, dbSystem, abortController) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   if (!store) return
   const { req, res } = store
@@ -67,14 +67,14 @@ function analyzeSqlInjection (query, dbSystem, abortController) {
   }
   executedQueries.add(query)
-  const persistent = {
+  const ephemeral = {
     [addresses.DB_STATEMENT]: query,
     [addresses.DB_SYSTEM]: dbSystem
   }
   const raspRule = { type: RULE_TYPES.SQL_INJECTION }
-  const result = waf.run({ persistent }, req, raspRule)
+  const result = waf.run({ ephemeral }, req, raspRule)
   handleResult(result, req, res, abortController, config)
 }
@@ -91,7 +91,7 @@ function hasAddressesObjectInputAddress (addressesObject) {
 function clearQuerySet ({ payload }) {
   if (!payload) return
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   if (!store) return
   const { req } = store

package/packages/dd-trace/src/appsec/rasp/ssrf.js CHANGED Viewed

@@ -19,19 +19,19 @@ function disable () {
 }
 function analyzeSsrf (ctx) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const req = store?.req
   const outgoingUrl = (ctx.args.options?.uri && format(ctx.args.options.uri)) ?? ctx.args.uri
   if (!req || !outgoingUrl) return
-  const persistent = {
+  const ephemeral = {
     [addresses.HTTP_OUTGOING_URL]: outgoingUrl
   }
   const raspRule = { type: RULE_TYPES.SSRF }
-  const result = waf.run({ persistent }, req, raspRule)
+  const result = waf.run({ ephemeral }, req, raspRule)
   const res = store?.res
   handleResult(result, req, res, ctx.abortController, config)

package/packages/dd-trace/src/appsec/reporter.js CHANGED Viewed

@@ -102,7 +102,7 @@ function reportWafInit (wafVersion, rulesVersion, diagnosticsRules = {}) {
 }
 function reportMetrics (metrics, raspRule) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const rootSpan = store?.req && web.root(store.req)
   if (!rootSpan) return
@@ -117,7 +117,7 @@ function reportMetrics (metrics, raspRule) {
 }
 function reportAttack (attackData) {
-  const store = storage.getStore()
+  const store = storage('legacy').getStore()
   const req = store?.req
   const rootSpan = web.root(req)
   if (!rootSpan) return
@@ -162,7 +162,7 @@ function isFingerprintDerivative (derivative) {
 function reportDerivatives (derivatives) {
   if (!derivatives) return
-  const req = storage.getStore()?.req
+  const req = storage('legacy').getStore()?.req
   const rootSpan = web.root(req)
   if (!rootSpan) return

package/packages/dd-trace/src/appsec/sdk/user_blocking.js CHANGED Viewed

@@ -34,7 +34,7 @@ function checkUserAndSetUser (tracer, user) {
 function blockRequest (tracer, req, res) {
   if (!req || !res) {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     if (store) {
       req = req || store.req
       res = res || store.res

package/packages/dd-trace/src/appsec/waf/index.js CHANGED Viewed

@@ -48,7 +48,7 @@ function update (newRules) {
 function run (data, req, raspRule) {
   if (!req) {
-    const store = storage.getStore()
+    const store = storage('legacy').getStore()
     if (!store || !store.req) {
       log.warn('[ASM] Request object not available in waf.run')
       return

package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/index.js CHANGED Viewed

@@ -119,6 +119,8 @@ class TestVisDynamicInstrumentation {
       const onHit = this.onHitBreakpointByProbeId.get(probeId)
       if (onHit) {
         onHit({ snapshot })
+      } else {
+        log.warn('Received a breakpoint hit for an unknown probe')
       }
     }).unref()

package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/worker/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 'use strict'
-const path = require('path')
 const {
   workerData: {
     breakpointSetChannel,
@@ -8,10 +8,11 @@ const {
   }
 } = require('worker_threads')
 const { randomUUID } = require('crypto')
-const sourceMap = require('source-map')
 // TODO: move debugger/devtools_client/session to common place
 const session = require('../../../debugger/devtools_client/session')
+// TODO: move debugger/devtools_client/source-maps to common place
+const { getGeneratedPosition } = require('../../../debugger/devtools_client/source-maps')
 // TODO: move debugger/devtools_client/snapshot to common place
 const { getLocalStateForCallFrame } = require('../../../debugger/devtools_client/snapshot')
 // TODO: move debugger/devtools_client/state to common place
@@ -93,74 +94,48 @@ async function addBreakpoint (probe) {
   probe.location = { file, lines: [String(line)] }
   const script = findScriptFromPartialPath(file)
-  if (!script) throw new Error(`No loaded script found for ${file}`)
+  if (!script) {
+    log.error(`No loaded script found for ${file}`)
+    throw new Error(`No loaded script found for ${file}`)
+  }
-  const [path, scriptId, sourceMapURL] = script
+  const { url, scriptId, sourceMapURL, source } = script
-  log.debug(`Adding breakpoint at ${path}:${line}`)
+  log.warn(`Adding breakpoint at ${url}:${line}`)
   let lineNumber = line
+  let columnNumber = 0
-  if (sourceMapURL && sourceMapURL.startsWith('data:')) {
+  if (sourceMapURL) {
     try {
-      lineNumber = await processScriptWithInlineSourceMap({ file, line, sourceMapURL })
+      ({ line: lineNumber, column: columnNumber } = await getGeneratedPosition(url, source, line, sourceMapURL))
     } catch (err) {
-      log.error('Error processing script with inline source map', err)
+      log.error('Error processing script with source map', err)
+    }
+    if (lineNumber === null) {
+      log.error('Could not find generated position for %s:%s', url, line)
+      lineNumber = line
+      columnNumber = 0
     }
   }
-  const { breakpointId } = await session.post('Debugger.setBreakpoint', {
-    location: {
-      scriptId,
-      lineNumber: lineNumber - 1
-    }
-  })
+  try {
+    const { breakpointId } = await session.post('Debugger.setBreakpoint', {
+      location: {
+        scriptId,
+        lineNumber: lineNumber - 1,
+        columnNumber
+      }
+    })
-  breakpointIdToProbe.set(breakpointId, probe)
-  probeIdToBreakpointId.set(probe.id, breakpointId)
+    breakpointIdToProbe.set(breakpointId, probe)
+    probeIdToBreakpointId.set(probe.id, breakpointId)
+  } catch (e) {
+    log.error('Error setting breakpoint at %s:%s', url, line, e)
+  }
 }
 function start () {
   sessionStarted = true
   return session.post('Debugger.enable') // return instead of await to reduce number of promises created
 }
-async function processScriptWithInlineSourceMap (params) {
-  const { file, line, sourceMapURL } = params
-  // Extract the base64-encoded source map
-  const base64SourceMap = sourceMapURL.split('base64,')[1]
-  // Decode the base64 source map
-  const decodedSourceMap = Buffer.from(base64SourceMap, 'base64').toString('utf8')
-  // Parse the source map
-  const consumer = await new sourceMap.SourceMapConsumer(decodedSourceMap)
-  let generatedPosition
-  // Map to the generated position. We'll attempt with the full file path first, then with the basename.
-  // TODO: figure out why sometimes the full path doesn't work
-  generatedPosition = consumer.generatedPositionFor({
-    source: file,
-    line,
-    column: 0
-  })
-  if (generatedPosition.line === null) {
-    generatedPosition = consumer.generatedPositionFor({
-      source: path.basename(file),
-      line,
-      column: 0
-    })
-  }
-  consumer.destroy()
-  // If we can't find the line, just return the original line
-  if (generatedPosition.line === null) {
-    log.error(`Could not find generated position for ${file}:${line}`)
-    return line
-  }
-  return generatedPosition.line
-}

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js CHANGED Viewed

@@ -6,6 +6,7 @@ const { sendGitMetadata: sendGitMetadataRequest } = require('./git/git_metadata'
 const { getLibraryConfiguration: getLibraryConfigurationRequest } = require('../requests/get-library-configuration')
 const { getSkippableSuites: getSkippableSuitesRequest } = require('../intelligent-test-runner/get-skippable-suites')
 const { getKnownTests: getKnownTestsRequest } = require('../early-flake-detection/get-known-tests')
+const { getQuarantinedTests: getQuarantinedTestsRequest } = require('../quarantined-tests/get-quarantined-tests')
 const log = require('../../log')
 const AgentInfoExporter = require('../../exporters/common/agent-info-exporter')
 const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../../plugins/util/tags')
@@ -92,6 +93,14 @@ class CiVisibilityExporter extends AgentInfoExporter {
     )
   }
+  shouldRequestQuarantinedTests () {
+    return !!(
+      this._canUseCiVisProtocol &&
+      this._config.isTestManagementEnabled &&
+      this._libraryConfig?.isQuarantinedTestsEnabled
+    )
+  }
   shouldRequestLibraryConfiguration () {
     return this._config.isIntelligentTestRunnerEnabled
   }
@@ -138,6 +147,13 @@ class CiVisibilityExporter extends AgentInfoExporter {
     getKnownTestsRequest(this.getRequestConfiguration(testConfiguration), callback)
   }
+  getQuarantinedTests (testConfiguration, callback) {
+    if (!this.shouldRequestQuarantinedTests()) {
+      return callback(null)
+    }
+    getQuarantinedTestsRequest(this.getRequestConfiguration(testConfiguration), callback)
+  }
   /**
    * We can't request library configuration until we know whether we can use the
    * CI Visibility Protocol, hence the this._canUseCiVisProtocol promise.
@@ -197,7 +213,8 @@ class CiVisibilityExporter extends AgentInfoExporter {
       earlyFlakeDetectionFaultyThreshold,
       isFlakyTestRetriesEnabled,
       isDiEnabled,
-      isKnownTestsEnabled
+      isKnownTestsEnabled,
+      isQuarantinedTestsEnabled
     } = remoteConfiguration
     return {
       isCodeCoverageEnabled,
@@ -210,7 +227,8 @@ class CiVisibilityExporter extends AgentInfoExporter {
       isFlakyTestRetriesEnabled: isFlakyTestRetriesEnabled && this._config.isFlakyTestRetriesEnabled,
       flakyTestRetriesCount: this._config.flakyTestRetriesCount,
       isDiEnabled: isDiEnabled && this._config.isTestDynamicInstrumentationEnabled,
-      isKnownTestsEnabled
+      isKnownTestsEnabled,
+      isQuarantinedTestsEnabled: isQuarantinedTestsEnabled && this._config.isTestManagementEnabled
     }
   }