npm - dd-trace - Versions diffs - 5.43.0 → 5.45.0 - Mend

dd-trace 5.43.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/packages/datadog-plugin-vitest/src/index.js CHANGED Viewed

@@ -22,8 +22,10 @@ const {
   TEST_MANAGEMENT_ENABLED,
   TEST_MANAGEMENT_IS_QUARANTINED,
   TEST_MANAGEMENT_IS_DISABLED,
-  DD_CAPABILITIES_EARLY_FLAKE_DETECTION,
-  DD_CAPABILITIES_AUTO_TEST_RETRIES
+  TEST_MANAGEMENT_IS_ATTEMPT_TO_FIX,
+  TEST_MANAGEMENT_ATTEMPT_TO_FIX_PASSED,
+  TEST_HAS_FAILED_ALL_RETRIES,
+  getLibraryCapabilitiesTags
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
 const {
@@ -53,18 +55,30 @@ class VitestPlugin extends CiPlugin {
       onDone(!testsForThisTestSuite.includes(testName))
     })
+    this.addSub('ci:vitest:test:is-attempt-to-fix', ({
+      testManagementTests,
+      testSuiteAbsolutePath,
+      testName,
+      onDone
+    }) => {
+      const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
+      const { isAttemptToFix } = this.getTestProperties(testManagementTests, testSuite, testName)
+      onDone(isAttemptToFix ?? false)
+    })
     this.addSub('ci:vitest:test:is-disabled', ({ testManagementTests, testSuiteAbsolutePath, testName, onDone }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const { isDisabled } = this.getTestProperties(testManagementTests, testSuite, testName)
-      onDone(isDisabled ?? false)
+      onDone(isDisabled)
     })
     this.addSub('ci:vitest:test:is-quarantined', ({ testManagementTests, testSuiteAbsolutePath, testName, onDone }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const { isQuarantined } = this.getTestProperties(testManagementTests, testSuite, testName)
-      onDone(isQuarantined ?? false)
+      onDone(isQuarantined)
     })
     this.addSub('ci:vitest:is-early-flake-detection-faulty', ({
@@ -85,9 +99,12 @@ class VitestPlugin extends CiPlugin {
       testSuiteAbsolutePath,
       isRetry,
       isNew,
+      isAttemptToFix,
       isQuarantined,
+      isDisabled,
       mightHitProbe,
-      isRetryReasonEfd
+      isRetryReasonEfd,
+      isRetryReasonAttemptToFix
     }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
       const store = storage('legacy').getStore()
@@ -104,9 +121,18 @@ class VitestPlugin extends CiPlugin {
       if (isRetryReasonEfd) {
         extraTags[TEST_RETRY_REASON] = 'efd'
       }
+      if (isAttemptToFix) {
+        extraTags[TEST_MANAGEMENT_IS_ATTEMPT_TO_FIX] = 'true'
+      }
+      if (isRetryReasonAttemptToFix) {
+        extraTags[TEST_RETRY_REASON] = 'attempt_to_fix'
+      }
       if (isQuarantined) {
         extraTags[TEST_MANAGEMENT_IS_QUARANTINED] = 'true'
       }
+      if (isDisabled) {
+        extraTags[TEST_MANAGEMENT_IS_DISABLED] = 'true'
+      }
       const span = this.startTestSpan(
         testName,
@@ -124,7 +150,7 @@ class VitestPlugin extends CiPlugin {
       }
     })
-    this.addSub('ci:vitest:test:finish-time', ({ status, task }) => {
+    this.addSub('ci:vitest:test:finish-time', ({ status, task, attemptToFixPassed }) => {
       const store = storage('legacy').getStore()
       const span = store?.span
@@ -132,6 +158,11 @@ class VitestPlugin extends CiPlugin {
       // this is because the test might fail at a `afterEach` hook
       if (span) {
         span.setTag(TEST_STATUS, status)
+        if (attemptToFixPassed) {
+          span.setTag(TEST_MANAGEMENT_ATTEMPT_TO_FIX_PASSED, 'true')
+        }
         this.taskToFinishTime.set(task, span._getTime())
       }
     })
@@ -150,7 +181,7 @@ class VitestPlugin extends CiPlugin {
       }
     })
-    this.addSub('ci:vitest:test:error', ({ duration, error, shouldSetProbe, promises }) => {
+    this.addSub('ci:vitest:test:error', ({ duration, error, shouldSetProbe, promises, hasFailedAllRetries }) => {
       const store = storage('legacy').getStore()
       const span = store?.span
@@ -172,6 +203,9 @@ class VitestPlugin extends CiPlugin {
         if (error) {
           span.setTag('error', error)
         }
+        if (hasFailedAllRetries) {
+          span.setTag(TEST_HAS_FAILED_ALL_RETRIES, 'true')
+        }
         if (duration) {
           span.finish(span._startTime + duration - MILLISECONDS_TO_SUBTRACT_FROM_FAILED_TEST_DURATION) // milliseconds
         } else {
@@ -203,9 +237,7 @@ class VitestPlugin extends CiPlugin {
     this.addSub('ci:vitest:test-suite:start', ({
       testSuiteAbsolutePath,
-      frameworkVersion,
-      isFlakyTestRetriesEnabled,
-      isEarlyFlakeDetectionEnabled
+      frameworkVersion
     }) => {
       this.command = process.env.DD_CIVISIBILITY_TEST_COMMAND
       this.frameworkVersion = frameworkVersion
@@ -223,10 +255,10 @@ class VitestPlugin extends CiPlugin {
         }
       }
       if (this.tracer._exporter.addMetadataTags) {
+        const libraryCapabilitiesTags = getLibraryCapabilitiesTags(this.constructor.id)
         metadataTags.test = {
           ...metadataTags.test,
-          [DD_CAPABILITIES_EARLY_FLAKE_DETECTION]: isEarlyFlakeDetectionEnabled ? 'true' : 'false',
-          [DD_CAPABILITIES_AUTO_TEST_RETRIES]: isFlakyTestRetriesEnabled ? 'true' : 'false'
+          ...libraryCapabilitiesTags
         }
         this.tracer._exporter.addMetadataTags(metadataTags)
       }
@@ -327,10 +359,10 @@ class VitestPlugin extends CiPlugin {
   }
   getTestProperties (testManagementTests, testSuite, testName) {
-    const { disabled: isDisabled, quarantined: isQuarantined } =
+    const { attempt_to_fix: isAttemptToFix, disabled: isDisabled, quarantined: isQuarantined } =
       testManagementTests?.vitest?.suites?.[testSuite]?.tests?.[testName]?.properties || {}
-    return { isDisabled, isQuarantined }
+    return { isAttemptToFix, isDisabled, isQuarantined }
   }
 }

package/packages/dd-trace/src/appsec/blocking.js CHANGED Viewed

@@ -2,6 +2,7 @@
 const log = require('../log')
 const blockedTemplates = require('./blocked_templates')
+const { updateBlockFailureMetric } = require('./telemetry')
 const detectedSpecificEndpoints = {}
@@ -128,6 +129,7 @@ function block (req, res, rootSpan, abortController, actionParameters = defaultB
     rootSpan?.setTag('_dd.appsec.block.failed', 1)
     log.error('[ASM] Blocking error', err)
+    updateBlockFailureMetric(req)
     return false
   }
 }

package/packages/dd-trace/src/appsec/graphql.js CHANGED Viewed

@@ -17,6 +17,7 @@ const {
   apolloChannel,
   apolloServerCoreChannel
 } = require('./channels')
+const { updateBlockFailureMetric } = require('./telemetry')
 const graphqlRequestData = new WeakMap()
@@ -106,8 +107,9 @@ function beforeWriteApolloGraphqlResponse ({ abortController, abortData }) {
       abortController?.abort()
     } catch (err) {
       rootSpan.setTag('_dd.appsec.block.failed', 1)
       log.error('[ASM] Blocking error', err)
+      updateBlockFailureMetric(req)
     }
   }

package/packages/dd-trace/src/appsec/reporter.js CHANGED Viewed

@@ -10,7 +10,8 @@ const {
   updateRaspRequestsMetricTags,
   incrementWafUpdatesMetric,
   incrementWafRequestsMetric,
-  getRequestMetrics
+  getRequestMetrics,
+  updateRateLimitedMetric
 } = require('./telemetry')
 const zlib = require('zlib')
 const { keepTrace } = require('../priority_sampler')
@@ -88,16 +89,18 @@ function formatHeaderName (name) {
     .toLowerCase()
 }
-function reportWafInit (wafVersion, rulesVersion, diagnosticsRules = {}) {
-  metricsQueue.set('_dd.appsec.waf.version', wafVersion)
+function reportWafInit (wafVersion, rulesVersion, diagnosticsRules = {}, success = false) {
+  if (success) {
+    metricsQueue.set('_dd.appsec.waf.version', wafVersion)
-  metricsQueue.set('_dd.appsec.event_rules.loaded', diagnosticsRules.loaded?.length || 0)
-  metricsQueue.set('_dd.appsec.event_rules.error_count', diagnosticsRules.failed?.length || 0)
-  if (diagnosticsRules.failed?.length) {
-    metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(diagnosticsRules.errors))
+    metricsQueue.set('_dd.appsec.event_rules.loaded', diagnosticsRules.loaded?.length || 0)
+    metricsQueue.set('_dd.appsec.event_rules.error_count', diagnosticsRules.failed?.length || 0)
+    if (diagnosticsRules.failed?.length) {
+      metricsQueue.set('_dd.appsec.event_rules.errors', JSON.stringify(diagnosticsRules.errors))
+    }
   }
-  incrementWafInitMetric(wafVersion, rulesVersion)
+  incrementWafInitMetric(wafVersion, rulesVersion, success)
 }
 function reportMetrics (metrics, raspRule) {
@@ -147,6 +150,8 @@ function reportAttack (attackData) {
   if (limiter.isAllowed()) {
     keepTrace(rootSpan, ASM)
+  } else {
+    updateRateLimitedMetric(req)
   }
   // TODO: maybe add this to format.js later (to take decision as late as possible)

package/packages/dd-trace/src/appsec/sdk/track_event.js CHANGED Viewed

@@ -7,6 +7,7 @@ const waf = require('../waf')
 const { keepTrace } = require('../../priority_sampler')
 const addresses = require('../addresses')
 const { ASM } = require('../../standalone/product')
+const { incrementSdkEventMetric } = require('../telemetry')
 function trackUserLoginSuccessEvent (tracer, user, metadata) {
   // TODO: better user check here and in _setUser() ?
@@ -15,6 +16,8 @@ function trackUserLoginSuccessEvent (tracer, user, metadata) {
     return
   }
+  incrementSdkEventMetric('login_success')
   const rootSpan = getRootSpan(tracer)
   if (!rootSpan) {
     log.warn('[ASM] Root span not available in trackUserLoginSuccessEvent')
@@ -48,6 +51,8 @@ function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
   trackEvent('users.login.failure', fields, 'trackUserLoginFailureEvent', getRootSpan(tracer))
   runWaf('users.login.failure', { login: userId })
+  incrementSdkEventMetric('login_failure')
 }
 function trackCustomEvent (tracer, eventName, metadata) {
@@ -57,6 +62,8 @@ function trackCustomEvent (tracer, eventName, metadata) {
   }
   trackEvent(eventName, metadata, 'trackCustomEvent', getRootSpan(tracer))
+  incrementSdkEventMetric('custom')
 }
 function trackEvent (eventName, fields, sdkMethodName, rootSpan) {

package/packages/dd-trace/src/appsec/telemetry/common.js CHANGED Viewed

@@ -3,12 +3,15 @@
 const DD_TELEMETRY_REQUEST_METRICS = Symbol('_dd.appsec.telemetry.request.metrics')
 const tags = {
+  BLOCK_FAILURE: 'block_failure',
+  EVENT_RULES_VERSION: 'event_rules_version',
+  INPUT_TRUNCATED: 'input_truncated',
+  RATE_LIMITED: 'rate_limited',
   REQUEST_BLOCKED: 'request_blocked',
   RULE_TRIGGERED: 'rule_triggered',
+  WAF_ERROR: 'waf_error',
   WAF_TIMEOUT: 'waf_timeout',
-  WAF_VERSION: 'waf_version',
-  EVENT_RULES_VERSION: 'event_rules_version',
-  INPUT_TRUNCATED: 'input_truncated'
+  WAF_VERSION: 'waf_version'
 }
 function getVersionsTags (wafVersion, rulesVersion) {

package/packages/dd-trace/src/appsec/telemetry/index.js CHANGED Viewed

@@ -2,7 +2,7 @@
 const { DD_TELEMETRY_REQUEST_METRICS } = require('./common')
 const { addRaspRequestMetrics, trackRaspMetrics } = require('./rasp')
-const { incrementMissingUserId, incrementMissingUserLogin } = require('./user')
+const { incrementMissingUserId, incrementMissingUserLogin, incrementSdkEvent } = require('./user')
 const {
   addWafRequestMetrics,
   trackWafMetrics,
@@ -74,16 +74,30 @@ function updateWafRequestsMetricTags (metrics, req) {
   return trackWafMetrics(store, metrics)
 }
-function incrementWafInitMetric (wafVersion, rulesVersion) {
+function updateRateLimitedMetric (req) {
   if (!enabled) return
-  incrementWafInit(wafVersion, rulesVersion)
+  const store = getStore(req)
+  trackWafMetrics(store, { rateLimited: true })
+}
+function updateBlockFailureMetric (req) {
+  if (!enabled) return
+  const store = getStore(req)
+  trackWafMetrics(store, { blockFailed: true })
+}
+function incrementWafInitMetric (wafVersion, rulesVersion, success) {
+  if (!enabled) return
+  incrementWafInit(wafVersion, rulesVersion, success)
 }
-function incrementWafUpdatesMetric (wafVersion, rulesVersion) {
+function incrementWafUpdatesMetric (wafVersion, rulesVersion, success) {
   if (!enabled) return
-  incrementWafUpdates(wafVersion, rulesVersion)
+  incrementWafUpdates(wafVersion, rulesVersion, success)
 }
 function incrementWafRequestsMetric (req) {
@@ -107,6 +121,12 @@ function incrementMissingUserIdMetric (framework, eventType) {
   incrementMissingUserId(framework, eventType)
 }
+function incrementSdkEventMetric (framework, eventType) {
+  if (!enabled) return
+  incrementSdkEvent(framework, eventType)
+}
 function getRequestMetrics (req) {
   if (req) {
     const store = getStore(req)
@@ -119,12 +139,15 @@ module.exports = {
   disable,
   updateWafRequestsMetricTags,
+  updateRateLimitedMetric,
+  updateBlockFailureMetric,
   updateRaspRequestsMetricTags,
   incrementWafInitMetric,
   incrementWafUpdatesMetric,
   incrementWafRequestsMetric,
   incrementMissingUserLoginMetric,
   incrementMissingUserIdMetric,
+  incrementSdkEventMetric,
   getRequestMetrics
 }

package/packages/dd-trace/src/appsec/telemetry/user.js CHANGED Viewed

@@ -18,7 +18,15 @@ function incrementMissingUserId (framework, eventType) {
   }).inc()
 }
+function incrementSdkEvent (eventType) {
+  appsecMetrics.count('sdk.event', {
+    event_type: eventType,
+    sdk_version: 'v1'
+  }).inc()
+}
 module.exports = {
   incrementMissingUserLogin,
-  incrementMissingUserId
+  incrementMissingUserId,
+  incrementSdkEvent
 }

package/packages/dd-trace/src/appsec/telemetry/waf.js CHANGED Viewed

@@ -50,17 +50,28 @@ function trackWafMetrics (store, metrics) {
   const metricTags = getOrCreateMetricTags(store, versionsTags)
-  const { blockTriggered, ruleTriggered, wafTimeout } = metrics
+  if (metrics.blockFailed) {
+    metricTags[tags.BLOCK_FAILURE] = true
+  }
-  if (blockTriggered) {
+  if (metrics.blockTriggered) {
     metricTags[tags.REQUEST_BLOCKED] = true
   }
-  if (ruleTriggered) {
+  if (metrics.rateLimited) {
+    metricTags[tags.RATE_LIMITED] = true
+  }
+  if (metrics.ruleTriggered) {
     metricTags[tags.RULE_TRIGGERED] = true
   }
-  if (wafTimeout) {
+  if (metrics.errorCode) {
+    metricTags[tags.WAF_ERROR] = true
+    appsecMetrics.count('waf.error', { ...versionsTags, waf_error: metrics.errorCode }).inc()
+  }
+  if (metrics.wafTimeout) {
     metricTags[tags.WAF_TIMEOUT] = true
   }
@@ -78,10 +89,13 @@ function getOrCreateMetricTags (store, versionsTags) {
   if (!metricTags) {
     metricTags = {
+      [tags.BLOCK_FAILURE]: false,
+      [tags.INPUT_TRUNCATED]: false,
+      [tags.RATE_LIMITED]: false,
       [tags.REQUEST_BLOCKED]: false,
       [tags.RULE_TRIGGERED]: false,
+      [tags.WAF_ERROR]: false,
       [tags.WAF_TIMEOUT]: false,
-      [tags.INPUT_TRUNCATED]: false,
       ...versionsTags
     }
@@ -91,16 +105,22 @@ function getOrCreateMetricTags (store, versionsTags) {
   return metricTags
 }
-function incrementWafInit (wafVersion, rulesVersion) {
+function incrementWafInit (wafVersion, rulesVersion, success) {
   const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+  appsecMetrics.count('waf.init', { ...versionsTags, success }).inc()
-  appsecMetrics.count('waf.init', versionsTags).inc()
+  if (!success) {
+    appsecMetrics.count('waf.config_errors', versionsTags).inc()
+  }
 }
-function incrementWafUpdates (wafVersion, rulesVersion) {
+function incrementWafUpdates (wafVersion, rulesVersion, success) {
   const versionsTags = getVersionsTags(wafVersion, rulesVersion)
+  appsecMetrics.count('waf.updates', { ...versionsTags, success }).inc()
-  appsecMetrics.count('waf.updates', versionsTags).inc()
+  if (!success) {
+    appsecMetrics.count('waf.config_errors', versionsTags).inc()
+  }
 }
 function incrementWafRequests (store) {

package/packages/dd-trace/src/appsec/waf/waf_manager.js CHANGED Viewed

@@ -11,20 +11,23 @@ class WAFManager {
     this.config = config
     this.wafTimeout = config.wafTimeout
     this.ddwaf = this._loadDDWAF(rules)
-    this.ddwafVersion = this.ddwaf.constructor.version()
     this.rulesVersion = this.ddwaf.diagnostics.ruleset_version
-    Reporter.reportWafInit(this.ddwafVersion, this.rulesVersion, this.ddwaf.diagnostics.rules)
+    Reporter.reportWafInit(this.ddwafVersion, this.rulesVersion, this.ddwaf.diagnostics.rules, true)
   }
   _loadDDWAF (rules) {
     try {
       // require in `try/catch` because this can throw at require time
       const { DDWAF } = require('@datadog/native-appsec')
+      this.ddwafVersion = DDWAF.version()
       const { obfuscatorKeyRegex, obfuscatorValueRegex } = this.config
       return new DDWAF(rules, { obfuscatorKeyRegex, obfuscatorValueRegex })
     } catch (err) {
+      this.ddwafVersion = this.ddwafVersion || 'unknown'
+      Reporter.reportWafInit(this.ddwafVersion, 'unknown')
       log.error('[ASM] AppSec could not load native package. In-app WAF features will not be available.')
       throw err
@@ -49,13 +52,19 @@ class WAFManager {
   }
   update (newRules) {
-    this.ddwaf.update(newRules)
+    try {
+      this.ddwaf.update(newRules)
-    if (this.ddwaf.diagnostics.ruleset_version) {
-      this.rulesVersion = this.ddwaf.diagnostics.ruleset_version
-    }
+      if (this.ddwaf.diagnostics.ruleset_version) {
+        this.rulesVersion = this.ddwaf.diagnostics.ruleset_version
+      }
-    Reporter.reportWafUpdate(this.ddwafVersion, this.rulesVersion)
+      Reporter.reportWafUpdate(this.ddwafVersion, this.rulesVersion, true)
+    } catch (error) {
+      Reporter.reportWafUpdate(this.ddwafVersion, 'unknown', false)
+      throw error
+    }
   }
   destroy () {

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js CHANGED Viewed

@@ -215,7 +215,8 @@ class CiVisibilityExporter extends AgentInfoExporter {
       isFlakyTestRetriesEnabled,
       isDiEnabled,
       isKnownTestsEnabled,
-      isTestManagementEnabled
+      isTestManagementEnabled,
+      testManagementAttemptToFixRetries
     } = remoteConfiguration
     return {
       isCodeCoverageEnabled,
@@ -229,7 +230,9 @@ class CiVisibilityExporter extends AgentInfoExporter {
       flakyTestRetriesCount: this._config.flakyTestRetriesCount,
       isDiEnabled: isDiEnabled && this._config.isTestDynamicInstrumentationEnabled,
       isKnownTestsEnabled,
-      isTestManagementEnabled: isTestManagementEnabled && this._config.isTestManagementEnabled
+      isTestManagementEnabled: isTestManagementEnabled && this._config.isTestManagementEnabled,
+      testManagementAttemptToFixRetries:
+        testManagementAttemptToFixRetries ?? this._config.testManagementAttemptToFixRetries
     }
   }

package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js CHANGED Viewed

@@ -113,7 +113,9 @@ function getLibraryConfiguration ({
           isFlakyTestRetriesEnabled,
           isDiEnabled: isDiEnabled && isFlakyTestRetriesEnabled,
           isKnownTestsEnabled,
-          isTestManagementEnabled: (testManagementConfig?.enabled ?? false)
+          isTestManagementEnabled: (testManagementConfig?.enabled ?? false),
+          testManagementAttemptToFixRetries:
+            testManagementConfig?.attempt_to_fix_retries
         }
         log.debug(() => `Remote settings: ${JSON.stringify(settings)}`)

package/packages/dd-trace/src/ci-visibility/test-management/get-test-management-tests.js CHANGED Viewed

@@ -6,7 +6,8 @@ function getTestManagementTests ({
   isEvpProxy,
   evpProxyPrefix,
   isGzipCompatible,
-  repositoryUrl
+  repositoryUrl,
+  commitMessage
 }, done) {
   const options = {
     path: '/api/v2/test/libraries/test-management/tests',
@@ -39,7 +40,8 @@ function getTestManagementTests ({
       id: id().toString(10),
       type: 'ci_app_libraries_tests_request',
       attributes: {
-        repository_url: repositoryUrl
+        repository_url: repositoryUrl,
+        commit_message: commitMessage
       }
     }
   })