npm - dd-trace - Versions diffs - 5.41.1 → 5.43.0 - Mend

dd-trace 5.41.1 → 5.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/packages/dd-trace/src/appsec/reporter.js CHANGED Viewed

@@ -103,16 +103,34 @@ function reportWafInit (wafVersion, rulesVersion, diagnosticsRules = {}) {
 function reportMetrics (metrics, raspRule) {
   const store = storage('legacy').getStore()
   const rootSpan = store?.req && web.root(store.req)
   if (!rootSpan) return
   if (metrics.rulesVersion) {
     rootSpan.setTag('_dd.appsec.event_rules.version', metrics.rulesVersion)
   }
   if (raspRule) {
     updateRaspRequestsMetricTags(metrics, store.req, raspRule)
   } else {
     updateWafRequestsMetricTags(metrics, store.req)
   }
+  reportTruncationMetrics(rootSpan, metrics)
+}
+function reportTruncationMetrics (rootSpan, metrics) {
+  if (metrics.maxTruncatedString) {
+    rootSpan.setTag('_dd.appsec.truncated.string_length', metrics.maxTruncatedString)
+  }
+  if (metrics.maxTruncatedContainerSize) {
+    rootSpan.setTag('_dd.appsec.truncated.container_size', metrics.maxTruncatedContainerSize)
+  }
+  if (metrics.maxTruncatedContainerDepth) {
+    rootSpan.setTag('_dd.appsec.truncated.container_depth', metrics.maxTruncatedContainerDepth)
+  }
 }
 function reportAttack (attackData) {
@@ -189,6 +207,7 @@ function finishRequest (req, res) {
   }
   const metrics = getRequestMetrics(req)
   if (metrics?.duration) {
     rootSpan.setTag('_dd.appsec.waf.duration', metrics.duration)
   }
@@ -197,6 +216,14 @@ function finishRequest (req, res) {
     rootSpan.setTag('_dd.appsec.waf.duration_ext', metrics.durationExt)
   }
+  if (metrics?.wafErrorCode) {
+    rootSpan.setTag('_dd.appsec.waf.error', metrics.wafErrorCode)
+  }
+  if (metrics?.wafTimeouts) {
+    rootSpan.setTag('_dd.appsec.waf.timeouts', metrics.wafTimeouts)
+  }
   if (metrics?.raspDuration) {
     rootSpan.setTag('_dd.appsec.rasp.duration', metrics.raspDuration)
   }
@@ -205,6 +232,14 @@ function finishRequest (req, res) {
     rootSpan.setTag('_dd.appsec.rasp.duration_ext', metrics.raspDurationExt)
   }
+  if (metrics?.raspErrorCode) {
+    rootSpan.setTag('_dd.appsec.rasp.error', metrics.raspErrorCode)
+  }
+  if (metrics?.raspTimeouts) {
+    rootSpan.setTag('_dd.appsec.rasp.timeout', metrics.raspTimeouts)
+  }
   if (metrics?.raspEvalCount) {
     rootSpan.setTag('_dd.appsec.rasp.rule.eval', metrics.raspEvalCount)
   }

package/packages/dd-trace/src/appsec/sdk/user_blocking.js CHANGED Viewed

@@ -52,9 +52,7 @@ function blockRequest (tracer, req, res) {
     return false
   }
-  block(req, res, rootSpan)
-  return true
+  return block(req, res, rootSpan)
 }
 module.exports = {

package/packages/dd-trace/src/appsec/telemetry/common.js CHANGED Viewed

@@ -7,7 +7,8 @@ const tags = {
   RULE_TRIGGERED: 'rule_triggered',
   WAF_TIMEOUT: 'waf_timeout',
   WAF_VERSION: 'waf_version',
-  EVENT_RULES_VERSION: 'event_rules_version'
+  EVENT_RULES_VERSION: 'event_rules_version',
+  INPUT_TRUNCATED: 'input_truncated'
 }
 function getVersionsTags (wafVersion, rulesVersion) {

package/packages/dd-trace/src/appsec/telemetry/index.js CHANGED Viewed

@@ -30,7 +30,11 @@ function newStore () {
       durationExt: 0,
       raspDuration: 0,
       raspDurationExt: 0,
-      raspEvalCount: 0
+      raspEvalCount: 0,
+      wafTimeouts: 0,
+      raspTimeouts: 0,
+      wafErrorCode: null,
+      raspErrorCode: null
     }
   }
 }

package/packages/dd-trace/src/appsec/telemetry/rasp.js CHANGED Viewed

@@ -5,10 +5,25 @@ const { DD_TELEMETRY_REQUEST_METRICS } = require('./common')
 const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
-function addRaspRequestMetrics (store, { duration, durationExt }) {
+function addRaspRequestMetrics (store, { duration, durationExt, wafTimeout, errorCode }) {
   store[DD_TELEMETRY_REQUEST_METRICS].raspDuration += duration || 0
   store[DD_TELEMETRY_REQUEST_METRICS].raspDurationExt += durationExt || 0
   store[DD_TELEMETRY_REQUEST_METRICS].raspEvalCount++
+  if (wafTimeout) {
+    store[DD_TELEMETRY_REQUEST_METRICS].raspTimeouts++
+  }
+  if (errorCode) {
+    if (store[DD_TELEMETRY_REQUEST_METRICS].raspErrorCode) {
+      store[DD_TELEMETRY_REQUEST_METRICS].raspErrorCode = Math.max(
+        errorCode,
+        store[DD_TELEMETRY_REQUEST_METRICS].raspErrorCode
+      )
+    } else {
+      store[DD_TELEMETRY_REQUEST_METRICS].raspErrorCode = errorCode
+    }
+  }
 }
 function trackRaspMetrics (metrics, raspRule) {

package/packages/dd-trace/src/appsec/telemetry/waf.js CHANGED Viewed

@@ -7,9 +7,30 @@ const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
 const DD_TELEMETRY_WAF_RESULT_TAGS = Symbol('_dd.appsec.telemetry.waf.result.tags')
-function addWafRequestMetrics (store, { duration, durationExt }) {
+const TRUNCATION_FLAGS = {
+  STRING: 1,
+  CONTAINER_SIZE: 2,
+  CONTAINER_DEPTH: 4
+}
+function addWafRequestMetrics (store, { duration, durationExt, wafTimeout, errorCode }) {
   store[DD_TELEMETRY_REQUEST_METRICS].duration += duration || 0
   store[DD_TELEMETRY_REQUEST_METRICS].durationExt += durationExt || 0
+  if (wafTimeout) {
+    store[DD_TELEMETRY_REQUEST_METRICS].wafTimeouts++
+  }
+  if (errorCode) {
+    if (store[DD_TELEMETRY_REQUEST_METRICS].wafErrorCode) {
+      store[DD_TELEMETRY_REQUEST_METRICS].wafErrorCode = Math.max(
+        errorCode,
+        store[DD_TELEMETRY_REQUEST_METRICS].wafErrorCode
+      )
+    } else {
+      store[DD_TELEMETRY_REQUEST_METRICS].wafErrorCode = errorCode
+    }
+  }
 }
 function trackWafDurations ({ duration, durationExt }, versionsTags) {
@@ -43,6 +64,12 @@ function trackWafMetrics (store, metrics) {
     metricTags[tags.WAF_TIMEOUT] = true
   }
+  const truncationReason = getTruncationReason(metrics)
+  if (truncationReason > 0) {
+    metricTags[tags.INPUT_TRUNCATED] = true
+    incrementTruncatedMetrics(metrics, truncationReason)
+  }
   return metricTags
 }
@@ -54,6 +81,7 @@ function getOrCreateMetricTags (store, versionsTags) {
       [tags.REQUEST_BLOCKED]: false,
       [tags.RULE_TRIGGERED]: false,
       [tags.WAF_TIMEOUT]: false,
+      [tags.INPUT_TRUNCATED]: false,
       ...versionsTags
     }
@@ -83,6 +111,39 @@ function incrementWafRequests (store) {
   }
 }
+function incrementTruncatedMetrics (metrics, truncationReason) {
+  const truncationTags = { truncation_reason: truncationReason }
+  appsecMetrics.count('waf.input_truncated', truncationTags).inc(1)
+  if (metrics?.maxTruncatedString) {
+    appsecMetrics.distribution('waf.truncated_value_size', {
+      truncation_reason: TRUNCATION_FLAGS.STRING
+    }).track(metrics.maxTruncatedString)
+  }
+  if (metrics?.maxTruncatedContainerSize) {
+    appsecMetrics.distribution('waf.truncated_value_size', {
+      truncation_reason: TRUNCATION_FLAGS.CONTAINER_SIZE
+    }).track(metrics.maxTruncatedContainerSize)
+  }
+  if (metrics?.maxTruncatedContainerDepth) {
+    appsecMetrics.distribution('waf.truncated_value_size', {
+      truncation_reason: TRUNCATION_FLAGS.CONTAINER_DEPTH
+    }).track(metrics.maxTruncatedContainerDepth)
+  }
+}
+function getTruncationReason ({ maxTruncatedString, maxTruncatedContainerSize, maxTruncatedContainerDepth }) {
+  let reason = 0
+  if (maxTruncatedString) reason |= TRUNCATION_FLAGS.STRING
+  if (maxTruncatedContainerSize) reason |= TRUNCATION_FLAGS.CONTAINER_SIZE
+  if (maxTruncatedContainerDepth) reason |= TRUNCATION_FLAGS.CONTAINER_DEPTH
+  return reason
+}
 module.exports = {
   addWafRequestMetrics,
   trackWafMetrics,

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js CHANGED Viewed

@@ -17,8 +17,8 @@ class WAFContextWrapper {
     this.wafTimeout = wafTimeout
     this.wafVersion = wafVersion
     this.rulesVersion = rulesVersion
-    this.addressesToSkip = new Set()
     this.knownAddresses = knownAddresses
+    this.addressesToSkip = new Set()
     this.cachedUserIdActions = new Map()
   }
@@ -77,6 +77,20 @@ class WAFContextWrapper {
     if (!payloadHasData) return
+    const metrics = {
+      rulesVersion: this.rulesVersion,
+      wafVersion: this.wafVersion,
+      wafTimeout: false,
+      duration: 0,
+      durationExt: 0,
+      blockTriggered: false,
+      ruleTriggered: false,
+      errorCode: null,
+      maxTruncatedString: null,
+      maxTruncatedContainerSize: null,
+      maxTruncatedContainerDepth: null
+    }
     try {
       const start = process.hrtime.bigint()
@@ -84,6 +98,23 @@ class WAFContextWrapper {
       const end = process.hrtime.bigint()
+      metrics.durationExt = parseInt(end - start) / 1e3
+      if (typeof result.errorCode === 'number' && result.errorCode < 0) {
+        const error = new Error('WAF code error')
+        error.errorCode = result.errorCode
+        throw error
+      }
+      if (result.metrics) {
+        const { maxTruncatedString, maxTruncatedContainerSize, maxTruncatedContainerDepth } = result.metrics
+        if (maxTruncatedString) metrics.maxTruncatedString = maxTruncatedString
+        if (maxTruncatedContainerSize) metrics.maxTruncatedContainerSize = maxTruncatedContainerSize
+        if (maxTruncatedContainerDepth) metrics.maxTruncatedContainerDepth = maxTruncatedContainerDepth
+      }
       this.addressesToSkip = newAddressesToSkip
       const ruleTriggered = !!result.events?.length
@@ -96,15 +127,10 @@ class WAFContextWrapper {
         this.setUserIdCache(userId, result)
       }
-      Reporter.reportMetrics({
-        duration: result.totalRuntime / 1e3,
-        durationExt: parseInt(end - start) / 1e3,
-        rulesVersion: this.rulesVersion,
-        ruleTriggered,
-        blockTriggered,
-        wafVersion: this.wafVersion,
-        wafTimeout: result.timeout
-      }, raspRule)
+      metrics.duration = result.totalRuntime / 1e3
+      metrics.blockTriggered = blockTriggered
+      metrics.ruleTriggered = ruleTriggered
+      metrics.wafTimeout = result.timeout
       if (ruleTriggered) {
         Reporter.reportAttack(JSON.stringify(result.events))
@@ -112,13 +138,17 @@ class WAFContextWrapper {
       Reporter.reportDerivatives(result.derivatives)
+      return result.actions
+    } catch (err) {
+      log.error('[ASM] Error while running the AppSec WAF', err)
+      metrics.errorCode = err.errorCode ?? -127
+    } finally {
       if (wafRunFinished.hasSubscribers) {
         wafRunFinished.publish({ payload })
       }
-      return result.actions
-    } catch (err) {
-      log.error('[ASM] Error while running the AppSec WAF', err)
+      Reporter.reportMetrics(metrics, raspRule)
     }
   }

package/packages/dd-trace/src/ci-visibility/exporters/agentless/writer.js CHANGED Viewed

@@ -73,8 +73,8 @@ class Writer extends BaseWriter {
     })
   }
-  setMetadataTags (tags) {
-    this._encoder.setMetadataTags(tags)
+  addMetadataTags (tags) {
+    this._encoder.addMetadataTags(tags)
   }
 }

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js CHANGED Viewed

@@ -6,7 +6,8 @@ const { sendGitMetadata: sendGitMetadataRequest } = require('./git/git_metadata'
 const { getLibraryConfiguration: getLibraryConfigurationRequest } = require('../requests/get-library-configuration')
 const { getSkippableSuites: getSkippableSuitesRequest } = require('../intelligent-test-runner/get-skippable-suites')
 const { getKnownTests: getKnownTestsRequest } = require('../early-flake-detection/get-known-tests')
-const { getQuarantinedTests: getQuarantinedTestsRequest } = require('../quarantined-tests/get-quarantined-tests')
+const { getTestManagementTests: getTestManagementTestsRequest } =
+  require('../test-management/get-test-management-tests')
 const log = require('../../log')
 const AgentInfoExporter = require('../../exporters/common/agent-info-exporter')
 const { GIT_REPOSITORY_URL, GIT_COMMIT_SHA } = require('../../plugins/util/tags')
@@ -93,11 +94,11 @@ class CiVisibilityExporter extends AgentInfoExporter {
     )
   }
-  shouldRequestQuarantinedTests () {
+  shouldRequestTestManagementTests () {
     return !!(
       this._canUseCiVisProtocol &&
       this._config.isTestManagementEnabled &&
-      this._libraryConfig?.isQuarantinedTestsEnabled
+      this._libraryConfig?.isTestManagementEnabled
     )
   }
@@ -147,11 +148,11 @@ class CiVisibilityExporter extends AgentInfoExporter {
     getKnownTestsRequest(this.getRequestConfiguration(testConfiguration), callback)
   }
-  getQuarantinedTests (testConfiguration, callback) {
-    if (!this.shouldRequestQuarantinedTests()) {
+  getTestManagementTests (testConfiguration, callback) {
+    if (!this.shouldRequestTestManagementTests()) {
       return callback(null)
     }
-    getQuarantinedTestsRequest(this.getRequestConfiguration(testConfiguration), callback)
+    getTestManagementTestsRequest(this.getRequestConfiguration(testConfiguration), callback)
   }
   /**
@@ -214,7 +215,7 @@ class CiVisibilityExporter extends AgentInfoExporter {
       isFlakyTestRetriesEnabled,
       isDiEnabled,
       isKnownTestsEnabled,
-      isQuarantinedTestsEnabled
+      isTestManagementEnabled
     } = remoteConfiguration
     return {
       isCodeCoverageEnabled,
@@ -228,7 +229,7 @@ class CiVisibilityExporter extends AgentInfoExporter {
       flakyTestRetriesCount: this._config.flakyTestRetriesCount,
       isDiEnabled: isDiEnabled && this._config.isTestDynamicInstrumentationEnabled,
       isKnownTestsEnabled,
-      isQuarantinedTestsEnabled: isQuarantinedTestsEnabled && this._config.isTestManagementEnabled
+      isTestManagementEnabled: isTestManagementEnabled && this._config.isTestManagementEnabled
     }
   }
@@ -374,14 +375,14 @@ class CiVisibilityExporter extends AgentInfoExporter {
     return this._url
   }
-  // By the time setMetadataTags is called, the agent info request might not have finished
-  setMetadataTags (tags) {
-    if (this._writer?.setMetadataTags) {
-      this._writer.setMetadataTags(tags)
+  // By the time addMetadataTags is called, the agent info request might not have finished
+  addMetadataTags (tags) {
+    if (this._writer?.addMetadataTags) {
+      this._writer.addMetadataTags(tags)
     } else {
       this._canUseCiVisProtocolPromise.then(() => {
-        if (this._writer?.setMetadataTags) {
-          this._writer.setMetadataTags(tags)
+        if (this._writer?.addMetadataTags) {
+          this._writer.addMetadataTags(tags)
         }
       })
     }

package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js CHANGED Viewed

@@ -113,8 +113,7 @@ function getLibraryConfiguration ({
           isFlakyTestRetriesEnabled,
           isDiEnabled: isDiEnabled && isFlakyTestRetriesEnabled,
           isKnownTestsEnabled,
-          // TODO: should it be test management?
-          isQuarantinedTestsEnabled: (testManagementConfig?.enabled ?? false)
+          isTestManagementEnabled: (testManagementConfig?.enabled ?? false)
         }
         log.debug(() => `Remote settings: ${JSON.stringify(settings)}`)

package/packages/dd-trace/src/ci-visibility/telemetry.js CHANGED Viewed

@@ -13,7 +13,8 @@ const formattedTags = {
   isUnsupportedCIProvider: 'is_unsupported_ci',
   isNew: 'is_new',
   isRum: 'is_rum',
-  browserDriver: 'browser_driver'
+  browserDriver: 'browser_driver',
+  autoInjected: 'auto_injected'
 }
 // Transform tags dictionary to array of strings.

package/packages/dd-trace/src/ci-visibility/{quarantined-tests/get-quarantined-tests.js → test-management/get-test-management-tests.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 const request = require('../../exporters/common/request')
 const id = require('../../id')
-function getQuarantinedTests ({
+function getTestManagementTests ({
   url,
   isEvpProxy,
   evpProxyPrefix,
@@ -28,7 +28,7 @@ function getQuarantinedTests ({
   } else {
     const apiKey = process.env.DATADOG_API_KEY || process.env.DD_API_KEY
     if (!apiKey) {
-      return done(new Error('Quarantined tests were not fetched because Datadog API key is not defined.'))
+      return done(new Error('Test management tests were not fetched because Datadog API key is not defined.'))
     }
     options.headers['dd-api-key'] = apiKey
@@ -49,9 +49,9 @@ function getQuarantinedTests ({
       done(err)
     } else {
       try {
-        const { data: { attributes: { modules: quarantinedTests } } } = JSON.parse(res)
+        const { data: { attributes: { modules: testManagementTests } } } = JSON.parse(res)
-        done(null, quarantinedTests)
+        done(null, testManagementTests)
       } catch (err) {
         done(err)
       }
@@ -59,4 +59,4 @@ function getQuarantinedTests ({
   })
 }
-module.exports = { getQuarantinedTests }
+module.exports = { getTestManagementTests }

package/packages/dd-trace/src/config.js CHANGED Viewed

@@ -591,8 +591,11 @@ class Config {
     this._setValue(defaults, 'url', undefined)
     this._setValue(defaults, 'version', pkg.version)
     this._setValue(defaults, 'instrumentation_config_id', undefined)
+    this._setValue(defaults, 'aws.dynamoDb.tablePrimaryKeys', undefined)
+    this._setValue(defaults, 'vertexai.spanCharLimit', 128)
+    this._setValue(defaults, 'vertexai.spanPromptCompletionSampleRate', 1.0)
     this._setValue(defaults, 'trace.aws.addSpanPointers', true)
-    this._setValue(defaults, 'trace.dynamoDb.tablePrimaryKeys', undefined)
+    this._setValue(defaults, 'trace.nativeSpanEvents', false)
   }
   _applyLocalStableConfig () {
@@ -760,7 +763,10 @@ class Config {
       DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH,
       DD_TRACING_ENABLED,
       DD_VERSION,
+      DD_VERTEXAI_SPAN_PROMPT_COMPLETION_SAMPLE_RATE,
+      DD_VERTEXAI_SPAN_CHAR_LIMIT,
       DD_TRACE_INFERRED_PROXY_SERVICES_ENABLED,
+      DD_TRACE_NATIVE_SPAN_EVENTS,
       OTEL_METRICS_EXPORTER,
       OTEL_PROPAGATORS,
       OTEL_RESOURCE_ATTRIBUTES,
@@ -973,6 +979,13 @@ class Config {
     this._setBoolean(env, 'trace.aws.addSpanPointers', DD_TRACE_AWS_ADD_SPAN_POINTERS)
     this._setString(env, 'trace.dynamoDb.tablePrimaryKeys', DD_TRACE_DYNAMODB_TABLE_PRIMARY_KEYS)
     this._setArray(env, 'graphqlErrorExtensions', DD_TRACE_GRAPHQL_ERROR_EXTENSIONS)
+    this._setBoolean(env, 'trace.nativeSpanEvents', DD_TRACE_NATIVE_SPAN_EVENTS)
+    this._setValue(
+      env,
+      'vertexai.spanPromptCompletionSampleRate',
+      maybeFloat(DD_VERTEXAI_SPAN_PROMPT_COMPLETION_SAMPLE_RATE)
+    )
+    this._setValue(env, 'vertexai.spanCharLimit', maybeInt(DD_VERTEXAI_SPAN_CHAR_LIMIT))
   }
   _applyOptions (options) {
@@ -1104,6 +1117,7 @@ class Config {
     this._setString(opts, 'version', options.version || tags.version)
     this._setBoolean(opts, 'inferredProxyServicesEnabled', options.inferredProxyServicesEnabled)
     this._setBoolean(opts, 'graphqlErrorExtensions', options.graphqlErrorExtensions)
+    this._setBoolean(opts, 'trace.nativeSpanEvents', options.trace?.nativeSpanEvents)
     // For LLMObs, we want the environment variable to take precedence over the options.
     // This is reliant on environment config being set before options.

package/packages/dd-trace/src/dogstatsd.js CHANGED Viewed

@@ -234,7 +234,7 @@ class MetricsAggregationClient {
     this._histograms[name].get(tag).record(value)
   }
-  count (name, count, tag, monotonic = false) {
+  count (name, count, tag, monotonic = true) {
     if (typeof tag === 'boolean') {
       monotonic = tag
       tag = undefined
@@ -254,8 +254,8 @@ class MetricsAggregationClient {
     this._gauges[name].set(tag, value)
   }
-  increment (name, count = 1, tag, monotonic) {
-    this.count(name, count, tag, monotonic)
+  increment (name, count = 1, tag) {
+    this.count(name, count, tag)
   }
   decrement (name, count = 1, tag) {