dd-trace 5.38.0 → 5.40.0

package/packages/dd-trace/src/proxy.js

@@ -9,14 +9,7 @@ const DynamicInstrumentation = require('./debugger')
 const telemetry = require('./telemetry')
 const nomenclature = require('./service-naming')
 const PluginManager = require('./plugin_manager')
-const remoteConfig = require('./appsec/remote_config')
-const AppsecSdk = require('./appsec/sdk')
-const dogstatsd = require('./dogstatsd')
 const NoopDogStatsDClient = require('./noop/dogstatsd')
-const spanleak = require('./spanleak')
-const { SSIHeuristics } = require('./profiling/ssi-heuristics')
-const appsecStandalone = require('./appsec/standalone')
-const LLMObsSDK = require('./llmobs/sdk')
 
 class LazyModule {
   constructor (provider) {
@@ -33,6 +26,35 @@ class LazyModule {
   }
 }
 
+function lazyProxy (obj, property, config, getClass, ...args) {
+  if (config?._isInServerlessEnvironment?.() === false) {
+    defineEagerly(obj, property, getClass, ...args)
+  } else {
+    defineLazily(obj, property, getClass, ...args)
+  }
+}
+
+function defineEagerly (obj, property, getClass, ...args) {
+  const RealClass = getClass()
+
+  obj[property] = new RealClass(...args)
+}
+
+function defineLazily (obj, property, getClass, ...args) {
+  Reflect.defineProperty(obj, property, {
+    get () {
+      const RealClass = getClass()
+      const value = new RealClass(...args)
+
+      Reflect.defineProperty(obj, property, { value, configurable: true, enumerable: true })
+
+      return value
+    },
+    configurable: true,
+    enumerable: true
+  })
+}
+
 class Tracer extends NoopProxy {
   constructor () {
     super()
@@ -68,18 +90,11 @@ class Tracer extends NoopProxy {
 
       if (config.dogstatsd) {
         // Custom Metrics
-        this.dogstatsd = new dogstatsd.CustomMetrics(config)
-
-        setInterval(() => {
-          this.dogstatsd.flush()
-        }, 10 * 1000).unref()
-
-        process.once('beforeExit', () => {
-          this.dogstatsd.flush()
-        })
+        lazyProxy(this, 'dogstatsd', config, () => require('./dogstatsd').CustomMetrics, config)
       }
 
       if (config.spanLeakDebug > 0) {
+        const spanleak = require('./spanleak')
         if (config.spanLeakDebug === spanleak.MODES.LOG) {
           spanleak.enableLogging()
         } else if (config.spanLeakDebug === spanleak.MODES.GC_AND_LOG) {
@@ -89,7 +104,7 @@ class Tracer extends NoopProxy {
       }
 
       if (config.remoteConfig.enabled && !config.isCiVisibility) {
-        const rc = remoteConfig.enable(config, this._modules.appsec)
+        const rc = require('./remote_config').enable(config, this._modules.appsec)
 
         rc.setProductHandler('APM_TRACING', (action, conf) => {
           if (action === 'unapply') {
@@ -129,6 +144,7 @@ class Tracer extends NoopProxy {
       }
 
       if (config.profiling.enabled !== 'false') {
+        const { SSIHeuristics } = require('./profiling/ssi-heuristics')
         const ssiHeuristics = new SSIHeuristics(config)
         ssiHeuristics.start()
         let mockProfiler = null
@@ -186,8 +202,9 @@ class Tracer extends NoopProxy {
       }
 
       if (config.isTestDynamicInstrumentationEnabled) {
-        const testVisibilityDynamicInstrumentation = require('./ci-visibility/dynamic-instrumentation')
-        testVisibilityDynamicInstrumentation.start(config)
+        const getDynamicInstrumentationClient = require('./ci-visibility/dynamic-instrumentation')
+        // We instantiate the client but do not start the Worker here. The worker is started lazily
+        getDynamicInstrumentationClient(config)
       }
     } catch (e) {
       log.error('Error initialising tracer', e)
@@ -218,11 +235,13 @@ class Tracer extends NoopProxy {
         this._modules.llmobs.enable(config)
       }
       if (!this._tracingInitialized) {
-        const prioritySampler = appsecStandalone.configure(config)
+        const prioritySampler = config.apmTracingEnabled === false
+          ? require('./standalone').configure(config)
+          : undefined
         this._tracer = new DatadogTracer(config, prioritySampler)
         this.dataStreamsCheckpointer = this._tracer.dataStreamsCheckpointer
-        this.appsec = new AppsecSdk(this._tracer, config)
-        this.llmobs = new LLMObsSDK(this._tracer, this._modules.llmobs, config)
+        lazyProxy(this, 'appsec', config, () => require('./appsec/sdk'), this._tracer, config)
+        lazyProxy(this, 'llmobs', config, () => require('./llmobs/sdk'), this._tracer, this._modules.llmobs, config)
         this._tracingInitialized = true
       }
       if (config.iast.enabled) {

package/packages/dd-trace/src/{appsec/remote_config → remote_config}/capabilities.js

@@ -24,6 +24,7 @@ module.exports = {
   APM_TRACING_SAMPLE_RULES: 1n << 29n,
   ASM_AUTO_USER_INSTRUM_MODE: 1n << 31n,
   ASM_ENDPOINT_FINGERPRINT: 1n << 32n,
+  ASM_SESSION_FINGERPRINT: 1n << 33n,
   ASM_NETWORK_FINGERPRINT: 1n << 34n,
   ASM_HEADER_FINGERPRINT: 1n << 35n,
   ASM_RASP_CMDI: 1n << 37n

package/packages/dd-trace/src/{appsec/remote_config → remote_config}/index.js

@@ -1,11 +1,11 @@
 'use strict'
 
-const Activation = require('../activation')
+const Activation = require('../appsec/activation')
 
 const RemoteConfigManager = require('./manager')
 const RemoteConfigCapabilities = require('./capabilities')
-const { setCollectionMode } = require('../user_tracking')
-const log = require('../../log')
+const { setCollectionMode } = require('../appsec/user_tracking')
+const log = require('../log')
 
 let rc
 
@@ -77,10 +77,11 @@ function enableOrDisableAppsec (action, rcConfig, config, appsec) {
   }
 }
 
+// TODO: all appsec specific stuff should be moved back in the appsec folder
 function enableWafUpdate (appsecConfig) {
   if (rc && appsecConfig && !appsecConfig.rules) {
     // dirty require to make startup faster for serverless
-    const RuleManager = require('../rule_manager')
+    const RuleManager = require('../appsec/rule_manager')
 
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, true)
@@ -93,6 +94,7 @@ function enableWafUpdate (appsecConfig) {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, true)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_SESSION_FINGERPRINT, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, true)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, true)
 
@@ -115,7 +117,7 @@ function enableWafUpdate (appsecConfig) {
 
 function disableWafUpdate () {
   if (rc) {
-    const RuleManager = require('../rule_manager')
+    const RuleManager = require('../appsec/rule_manager')
 
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_IP_BLOCKING, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_USER_BLOCKING, false)
@@ -127,6 +129,7 @@ function disableWafUpdate () {
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_CUSTOM_BLOCKING_RESPONSE, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_TRUSTED_IPS, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_ENDPOINT_FINGERPRINT, false)
+    rc.updateCapabilities(RemoteConfigCapabilities.ASM_SESSION_FINGERPRINT, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_NETWORK_FINGERPRINT, false)
     rc.updateCapabilities(RemoteConfigCapabilities.ASM_HEADER_FINGERPRINT, false)
 

package/packages/dd-trace/src/{appsec/remote_config → remote_config}/manager.js

@@ -3,13 +3,13 @@
 const { URL, format } = require('url')
 const uuid = require('crypto-randomuuid')
 const { EventEmitter } = require('events')
-const tracerVersion = require('../../../../../package.json').version
-const request = require('../../exporters/common/request')
-const log = require('../../log')
-const { getExtraServices } = require('../../service-naming/extra-services')
+const tracerVersion = require('../../../../package.json').version
+const request = require('../exporters/common/request')
+const log = require('../log')
+const { getExtraServices } = require('../service-naming/extra-services')
 const { UNACKNOWLEDGED, ACKNOWLEDGED, ERROR } = require('./apply_states')
 const Scheduler = require('./scheduler')
-const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../../plugins/util/tags')
+const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../plugins/util/tags')
 
 const clientId = uuid()
 

package/packages/dd-trace/src/runtime_metrics/index.js

@@ -0,0 +1,34 @@
+'use strict'
+
+let runtimeMetrics
+
+const noop = runtimeMetrics = {
+  stop () {},
+  track () {},
+  boolean () {},
+  histogram () {},
+  count () {},
+  gauge () {},
+  increment () {},
+  decrement () {}
+}
+
+module.exports = {
+  start (config) {
+    if (!config?.runtimeMetrics) return
+
+    runtimeMetrics = require('./runtime_metrics')
+
+    Object.setPrototypeOf(module.exports, runtimeMetrics)
+
+    runtimeMetrics.start(config)
+  },
+
+  stop () {
+    runtimeMetrics.stop()
+
+    Object.setPrototypeOf(module.exports, runtimeMetrics = noop)
+  }
+}
+
+Object.setPrototypeOf(module.exports, noop)

package/packages/dd-trace/src/{runtime_metrics.js → runtime_metrics/runtime_metrics.js}

@@ -4,12 +4,12 @@
 
 const v8 = require('v8')
 const os = require('os')
-const { DogStatsDClient } = require('./dogstatsd')
-const log = require('./log')
-const Histogram = require('./histogram')
+const { DogStatsDClient } = require('../dogstatsd')
+const log = require('../log')
+const Histogram = require('../histogram')
 const { performance, PerformanceObserver } = require('perf_hooks')
 
-const { NODE_MAJOR, NODE_MINOR } = require('../../../version')
+const { NODE_MAJOR, NODE_MINOR } = require('../../../../version')
 const INTERVAL = 10 * 1000
 
 // Node >=16 has PerformanceObserver with `gc` type, but <16.7 had a critical bug.

package/packages/dd-trace/src/serverless.js

@@ -60,9 +60,18 @@ function getIsAzureFunction () {
   return isAzureFunction
 }
 
+function isInServerlessEnvironment () {
+  const inAWSLambda = process.env.AWS_LAMBDA_FUNCTION_NAME !== undefined
+  const isGCPFunction = getIsGCPFunction()
+  const isAzureFunction = getIsAzureFunction()
+
+  return inAWSLambda || isGCPFunction || isAzureFunction
+}
+
 module.exports = {
   maybeStartServerlessMiniAgent,
   getIsGCPFunction,
   getIsAzureFunction,
-  getRustBinaryPath
+  getRustBinaryPath,
+  isInServerlessEnvironment
 }

package/packages/dd-trace/src/service-naming/index.js

@@ -1,9 +1,7 @@
-const { schemaDefinitions } = require('./schemas')
-
 class SchemaManager {
   constructor () {
-    this.schemas = schemaDefinitions
-    this.config = { spanAttributeSchema: 'v0', spanRemoveIntegrationFromService: false }
+    this.schemas = {}
+    this.configure({ spanAttributeSchema: 'v0', spanRemoveIntegrationFromService: false })
   }
 
   get schema () {
@@ -31,6 +29,16 @@ class SchemaManager {
   }
 
   configure (config = {}) {
+    const { spanAttributeSchema, spanRemoveIntegrationFromService } = config
+
+    if (!this.schemas.v0 && spanAttributeSchema === 'v0') {
+      this.schemas.v0 = require('./schemas/v0')
+    }
+
+    if (!this.schemas.v1 && (spanAttributeSchema === 'v1' || spanRemoveIntegrationFromService)) {
+      this.schemas.v1 = require('./schemas/v1')
+    }
+
     this.config = config
   }
 }

package/packages/dd-trace/src/span_processor.js

@@ -5,8 +5,6 @@ const format = require('./format')
 const SpanSampler = require('./span_sampler')
 const GitMetadataTagger = require('./git_metadata_tagger')
 
-const { SpanStatsProcessor } = require('./span_stats')
-
 const startedSpans = new WeakSet()
 const finishedSpans = new WeakSet()
 
@@ -20,7 +18,12 @@ class SpanProcessor {
     this._config = config
     this._killAll = false
 
-    this._stats = new SpanStatsProcessor(config)
+    // TODO: This should already have been calculated in `config.js`.
+    if (config.stats?.enabled && !config.appsec?.standalone?.enabled) {
+      const { SpanStatsProcessor } = require('./span_stats')
+      this._stats = new SpanStatsProcessor(config)
+    }
+
     this._spanSampler = new SpanSampler(config.sampler)
     this._gitMetadataTagger = new GitMetadataTagger(config)
   }
@@ -46,7 +49,7 @@ class SpanProcessor {
       for (const span of started) {
         if (span._duration !== undefined) {
           const formattedSpan = format(span)
-          this._stats.onSpanFinished(formattedSpan)
+          this._stats?.onSpanFinished(formattedSpan)
           formatted.push(formattedSpan)
 
           spanProcessCh.publish({ span })

package/packages/dd-trace/src/span_stats.js

@@ -127,7 +127,6 @@ class SpanStatsProcessor {
     url,
     env,
     tags,
-    appsec,
     version
   } = {}) {
     this.exporter = new SpanStatsExporter({
@@ -140,7 +139,7 @@ class SpanStatsProcessor {
     this.bucketSizeNs = interval * 1e9
     this.buckets = new TimeBuckets()
     this.hostname = os.hostname()
-    this.enabled = enabled && !appsec?.standalone?.enabled
+    this.enabled = enabled
     this.env = env
     this.tags = tags || {}
     this.sequence = 0

package/packages/dd-trace/src/standalone/index.js

@@ -0,0 +1,70 @@
+'use strict'
+
+const { channel } = require('dc-polyfill')
+const TraceSourcePrioritySampler = require('./tracesource_priority_sampler')
+const { USER_KEEP } = require('../../../../ext/priority')
+const TraceState = require('../opentracing/propagation/tracestate')
+const { APM_TRACING_ENABLED_KEY } = require('../constants')
+const { hasTraceSourcePropagationTag } = require('./tracesource')
+
+const startCh = channel('dd-trace:span:start')
+const injectCh = channel('dd-trace:span:inject')
+const extractCh = channel('dd-trace:span:extract')
+
+function configure (config) {
+  if (startCh.hasSubscribers) startCh.unsubscribe(onSpanStart)
+  if (injectCh.hasSubscribers) injectCh.unsubscribe(onSpanInject)
+  if (extractCh.hasSubscribers) extractCh.unsubscribe(onSpanExtract)
+
+  if (config.apmTracingEnabled !== false) return
+
+  startCh.subscribe(onSpanStart)
+  injectCh.subscribe(onSpanInject)
+  extractCh.subscribe(onSpanExtract)
+
+  return new TraceSourcePrioritySampler(config.env)
+}
+
+function onSpanStart ({ span, fields }) {
+  const tags = span.context?.()?._tags
+  if (!tags) return
+
+  const { parent } = fields
+  if (!parent || parent._isRemote) {
+    tags[APM_TRACING_ENABLED_KEY] = 0
+  }
+}
+
+function onSpanInject ({ spanContext, carrier }) {
+  if (!spanContext?._trace?.tags || !carrier) return
+
+  // do not inject trace and sampling if there is no _dd.p.ts
+  if (!hasTraceSourcePropagationTag(spanContext._trace.tags)) {
+    for (const key in carrier) {
+      const lKey = key.toLowerCase()
+      if (lKey.startsWith('x-datadog') || lKey.startsWith('x-b3') || lKey === 'traceparent') {
+        delete carrier[key]
+      } else if (lKey === 'tracestate') {
+        const tracestate = TraceState.fromString(carrier[key])
+        tracestate.forVendor('dd', state => state.clear())
+        carrier[key] = tracestate.toString()
+      }
+    }
+  }
+}
+
+function onSpanExtract ({ spanContext = {} }) {
+  if (!spanContext._trace?.tags || !spanContext._sampling) return
+
+  // reset upstream priority if _dd.p.ts is not found
+  if (!hasTraceSourcePropagationTag(spanContext._trace.tags)) {
+    spanContext._sampling.priority = undefined
+  } else if (spanContext._sampling.priority !== USER_KEEP) {
+    spanContext._sampling.priority = USER_KEEP
+  }
+}
+
+module.exports = {
+  configure,
+  hasTraceSourcePropagationTag
+}

package/packages/dd-trace/src/standalone/product.js

@@ -0,0 +1,24 @@
+'use strict'
+
+const { SAMPLING_MECHANISM_APPSEC } = require('../constants')
+const RateLimiter = require('../rate_limiter')
+
+const dropAll = new RateLimiter(0)
+const onePerMinute = new RateLimiter(1, 'minute')
+
+function getProductRateLimiter (config) {
+  if (config?.appsec?.enabled || config?.iast?.enabled) {
+    return onePerMinute
+  }
+  return dropAll
+}
+
+module.exports = {
+  APM: { id: 1 << 0 },
+  ASM: { id: 1 << 1, mechanism: SAMPLING_MECHANISM_APPSEC },
+  DSM: { id: 1 << 2 },
+  DJM: { id: 1 << 3 },
+  DBM: { id: 1 << 4 },
+
+  getProductRateLimiter
+}

package/packages/dd-trace/src/standalone/tracesource.js

@@ -0,0 +1,22 @@
+'use strict'
+
+const { TRACE_SOURCE_PROPAGATION_KEY } = require('../constants')
+const { hasOwn } = require('../util')
+
+function addTraceSourceTag (tags, product) {
+  if (tags && product) {
+    const actual = tags[TRACE_SOURCE_PROPAGATION_KEY] ? parseInt(tags[TRACE_SOURCE_PROPAGATION_KEY], 16) : 0
+    tags[TRACE_SOURCE_PROPAGATION_KEY] = ((actual | product.id) >>> 0).toString(16).padStart(2, '0')
+  }
+
+  return tags
+}
+
+function hasTraceSourcePropagationTag (tags) {
+  return hasOwn(tags, TRACE_SOURCE_PROPAGATION_KEY)
+}
+
+module.exports = {
+  addTraceSourceTag,
+  hasTraceSourcePropagationTag
+}

package/packages/dd-trace/src/standalone/tracesource_priority_sampler.js

@@ -0,0 +1,47 @@
+'use strict'
+
+const { hasOwn } = require('../util')
+const PrioritySampler = require('../priority_sampler')
+const { MANUAL_KEEP } = require('../../../../ext/tags')
+const { USER_KEEP, AUTO_KEEP, AUTO_REJECT } = require('../../../../ext/priority')
+const { SAMPLING_MECHANISM_DEFAULT } = require('../constants')
+const { addTraceSourceTag, hasTraceSourcePropagationTag } = require('./tracesource')
+const { getProductRateLimiter } = require('./product')
+
+class TraceSourcePrioritySampler extends PrioritySampler {
+  configure (env, sampler, config) {
+    // rules not supported
+    this._env = env
+    this._limiter = getProductRateLimiter(config)
+  }
+
+  _getPriorityFromTags (tags, context) {
+    if (hasOwn(tags, MANUAL_KEEP) &&
+      tags[MANUAL_KEEP] !== false &&
+      hasTraceSourcePropagationTag(context._trace.tags)
+    ) {
+      return USER_KEEP
+    }
+  }
+
+  _getPriorityFromAuto (span) {
+    const context = this._getContext(span)
+
+    context._sampling.mechanism = SAMPLING_MECHANISM_DEFAULT
+
+    if (hasTraceSourcePropagationTag(context._trace.tags)) {
+      return USER_KEEP
+    }
+
+    return this._isSampledByRateLimit(context) ? AUTO_KEEP : AUTO_REJECT
+  }
+
+  setPriority (span, samplingPriority, product) {
+    super.setPriority(span, samplingPriority, product)
+
+    const context = this._getContext(span)
+    addTraceSourceTag(context?._trace?.tags, product)
+  }
+}
+
+module.exports = TraceSourcePrioritySampler