dd-trace 5.46.0 → 5.48.0

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js

@@ -4,44 +4,48 @@ const Module = require('module')
 const { pathToFileURL } = require('url')
 const { MessageChannel } = require('worker_threads')
 const shimmer = require('../../../../../datadog-shimmer')
-const { isPrivateModule, isNotLibraryFile } = require('./filter')
+const { isPrivateModule, isDdTrace } = require('./filter')
 const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
-const { getRewriteFunction, incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
+const telemetry = require('../telemetry')
+const { incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
 const dc = require('dc-polyfill')
 const log = require('../../../log')
 const { isMainThread } = require('worker_threads')
 const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
+const orchestrionConfig = require('../../../../../datadog-instrumentations/src/orchestrion-config')
 
+let config
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter
+let unwrapCompile = () => {}
 let getPrepareStackTrace, cacheRewrittenSourceMap
 let kSymbolPrepareStackTrace
 let esmRewriterEnabled = false
 
-let getRewriterOriginalPathAndLineFromSourceMap = function (path, line, column) {
-  return { path, line, column }
-}
-
 function isFlagPresent (flag) {
   return process.env.NODE_OPTIONS?.includes(flag) ||
     process.execArgv?.some(arg => arg.includes(flag))
 }
 
-function getGetOriginalPathAndLineFromSourceMapFunction (chainSourceMap, getOriginalPathAndLineFromSourceMap) {
-  if (chainSourceMap) {
-    return function (path, line, column) {
+let getRewriterOriginalPathAndLineFromSourceMap = function (path, line, column) {
+  return { path, line, column }
+}
+
+function setGetOriginalPathAndLineFromSourceMapFunction (chainSourceMap, { getOriginalPathAndLineFromSourceMap }) {
+  if (!getOriginalPathAndLineFromSourceMap) return
+
+  getRewriterOriginalPathAndLineFromSourceMap = chainSourceMap
+    ? (path, line, column) => {
       // if --enable-source-maps is present stacktraces of the rewritten files contain the original path, file and
       // column because the sourcemap chaining is done during the rewriting process so we can skip it
-      if (isPrivateModule(path) && isNotLibraryFile(path)) {
-        return { path, line, column }
-      } else {
-        return getOriginalPathAndLineFromSourceMap(path, line, column)
+        if (isPrivateModule(path) && !isDdTrace(path)) {
+          return { path, line, column }
+        } else {
+          return getOriginalPathAndLineFromSourceMap(path, line, column)
+        }
       }
-    }
-  } else {
-    return getOriginalPathAndLineFromSourceMap
-  }
+    : getOriginalPathAndLineFromSourceMap
 }
 
 function getRewriter (telemetryVerbosity) {
@@ -54,19 +58,16 @@ function getRewriter (telemetryVerbosity) {
       cacheRewrittenSourceMap = iastRewriter.cacheRewrittenSourceMap
 
       const chainSourceMap = isFlagPresent('--enable-source-maps')
-      const getOriginalPathAndLineFromSourceMap = iastRewriter.getOriginalPathAndLineFromSourceMap
-      if (getOriginalPathAndLineFromSourceMap) {
-        getRewriterOriginalPathAndLineFromSourceMap =
-          getGetOriginalPathAndLineFromSourceMapFunction(chainSourceMap, getOriginalPathAndLineFromSourceMap)
-      }
+      setGetOriginalPathAndLineFromSourceMapFunction(chainSourceMap, iastRewriter)
 
       rewriter = new Rewriter({
         csiMethods,
         telemetryVerbosity: getName(telemetryVerbosity),
-        chainSourceMap
+        chainSourceMap,
+        orchestrion: orchestrionConfig
       })
     } catch (e) {
-      log.error('[ASM] Unable to initialize TaintTracking Rewriter', e)
+      log.error('Unable to initialize Rewriter', e)
     }
   }
   return rewriter
@@ -74,6 +75,9 @@ function getRewriter (telemetryVerbosity) {
 
 let originalPrepareStackTrace
 function getPrepareStackTraceAccessor () {
+  if (!getPrepareStackTrace) {
+    getPrepareStackTrace = require('@datadog/wasm-js-rewriter/js/stack-trace').getPrepareStackTrace
+  }
   originalPrepareStackTrace = Error.prepareStackTrace
   let actual = getPrepareStackTrace(originalPrepareStackTrace)
   return {
@@ -89,25 +93,42 @@ function getPrepareStackTraceAccessor () {
 }
 
 function getCompileMethodFn (compileMethod) {
-  const rewriteFn = getRewriteFunction(rewriter)
-  return function (content, filename) {
+  let delegate = function (content, filename) {
     try {
-      if (isPrivateModule(filename) && isNotLibraryFile(filename)) {
-        const rewritten = rewriteFn(content, filename)
+      if (isDdTrace(filename)) {
+        return compileMethod.apply(this, [content, filename])
+      }
+      if (!isPrivateModule(filename) || !config.iast?.enabled) {
+        return compileMethod.apply(this, [content, filename])
+      }
+      // TODO when we have CJS support for orchestrion and taint-tracking, add
+      // them here as appropriate
+      const rewritten = rewriter.rewrite(content, filename, ['iast'])
 
-        if (rewritten?.literalsResult && hardcodedSecretCh.hasSubscribers) {
-          hardcodedSecretCh.publish(rewritten.literalsResult)
-        }
+      incrementTelemetryIfNeeded(rewritten.metrics)
 
-        if (rewritten?.content) {
-          return compileMethod.apply(this, [rewritten.content, filename])
-        }
+      if (rewritten?.literalsResult && hardcodedSecretCh.hasSubscribers) {
+        hardcodedSecretCh.publish(rewritten.literalsResult)
+      }
+
+      if (rewritten?.content) {
+        return compileMethod.apply(this, [rewritten.content, filename])
       }
     } catch (e) {
-      log.error('[ASM] Error rewriting file %s', filename, e)
+      log.error('Error rewriting file %s', filename, e)
     }
     return compileMethod.apply(this, [content, filename])
   }
+
+  const shim = function () {
+    return delegate.apply(this, arguments)
+  }
+
+  unwrapCompile = function () {
+    delegate = compileMethod
+  }
+
+  return shim
 }
 
 function esmRewritePostProcess (rewritten, filename) {
@@ -128,20 +149,31 @@ function esmRewritePostProcess (rewritten, filename) {
   }
 }
 
+let shimmedPrepareStackTrace = false
+function shimPrepareStackTrace () {
+  if (shimmedPrepareStackTrace) {
+    return
+  }
+  const pstDescriptor = Object.getOwnPropertyDescriptor(global.Error, 'prepareStackTrace')
+  if (!pstDescriptor || pstDescriptor.configurable) {
+    Object.defineProperty(global.Error, 'prepareStackTrace', getPrepareStackTraceAccessor())
+  }
+  shimmedPrepareStackTrace = true
+}
+
 function enableRewriter (telemetryVerbosity) {
   try {
-    const rewriter = getRewriter(telemetryVerbosity)
-    if (rewriter) {
-      const pstDescriptor = Object.getOwnPropertyDescriptor(global.Error, 'prepareStackTrace')
-      if (!pstDescriptor || pstDescriptor.configurable) {
-        Object.defineProperty(global.Error, 'prepareStackTrace', getPrepareStackTraceAccessor())
+    if (config.iast?.enabled) {
+      const rewriter = getRewriter(telemetryVerbosity)
+      if (rewriter) {
+        shimPrepareStackTrace()
+        shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
       }
-      shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
     }
 
     enableEsmRewriter(telemetryVerbosity)
   } catch (e) {
-    log.error('[ASM] Error enabling TaintTracking Rewriter', e)
+    log.error('Error enabling Rewriter', e)
   }
 }
 
@@ -155,6 +187,8 @@ function isEsmConfigured () {
 
 function enableEsmRewriter (telemetryVerbosity) {
   if (isMainThread && Module.register && !esmRewriterEnabled && isEsmConfigured()) {
+    shimPrepareStackTrace()
+
     esmRewriterEnabled = true
 
     const { port1, port2 } = new MessageChannel()
@@ -175,30 +209,31 @@ function enableEsmRewriter (telemetryVerbosity) {
     port1.unref()
     port2.unref()
 
-    const chainSourceMap = isFlagPresent('--enable-source-maps')
-    const data = {
-      port: port2,
-      csiMethods,
-      telemetryVerbosity,
-      chainSourceMap
-    }
-
     try {
       Module.register('./rewriter-esm.mjs', {
         parentURL: pathToFileURL(__filename),
         transferList: [port2],
-        data
+        data: {
+          port: port2,
+          csiMethods,
+          telemetryVerbosity,
+          chainSourceMap: isFlagPresent('--enable-source-maps'),
+          orchestrionConfig,
+          iastEnabled: config?.iast?.enabled
+        }
       })
     } catch (e) {
-      log.error('[ASM] Error enabling ESM Rewriter', e)
+      log.error('Error enabling ESM Rewriter', e)
       port1.close()
       port2.close()
     }
+
+    cacheRewrittenSourceMap = require('@datadog/wasm-js-rewriter/js/source-map').cacheRewrittenSourceMap
   }
 }
 
-function disableRewriter () {
-  shimmer.unwrap(Module.prototype, '_compile')
+function disable () {
+  unwrapCompile()
 
   if (!Error.prepareStackTrace?.[kSymbolPrepareStackTrace]) return
 
@@ -206,8 +241,10 @@ function disableRewriter () {
     delete Error.prepareStackTrace
 
     Error.prepareStackTrace = originalPrepareStackTrace
+
+    shimmedPrepareStackTrace = false
   } catch (e) {
-    log.warn('[ASM] Error disabling TaintTracking rewriter', e)
+    log.warn('Error disabling Rewriter', e)
   }
 }
 
@@ -215,6 +252,11 @@ function getOriginalPathAndLineFromSourceMap ({ path, line, column }) {
   return getRewriterOriginalPathAndLineFromSourceMap(path, line, column)
 }
 
+function enable (configArg) {
+  config = configArg
+  enableRewriter(telemetry.verbosity || 'OFF')
+}
+
 module.exports = {
-  enableRewriter, disableRewriter, getOriginalPathAndLineFromSourceMap
+  enable, disable, getOriginalPathAndLineFromSourceMap
 }

package/packages/dd-trace/src/appsec/sdk/index.js

@@ -1,16 +1,38 @@
 'use strict'
 
-const { trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent } = require('./track_event')
+const {
+  trackUserLoginSuccessEvent,
+  trackUserLoginFailureEvent,
+  trackCustomEvent,
+  trackUserLoginSuccessV2,
+  trackUserLoginFailureV2
+} = require('./track_event')
 const { checkUserAndSetUser, blockRequest } = require('./user_blocking')
 const { setTemplates } = require('../blocking')
 const { setUser } = require('./set_user')
 
+class EventTrackingV2 {
+  constructor (tracer) {
+    this._tracer = tracer
+  }
+
+  trackUserLoginSuccess (login, user, metadata) {
+    trackUserLoginSuccessV2(this._tracer, login, user, metadata)
+  }
+
+  trackUserLoginFailure (login, exists, metadata) {
+    trackUserLoginFailureV2(this._tracer, login, exists, metadata)
+  }
+}
+
 class AppsecSdk {
   constructor (tracer, config) {
     this._tracer = tracer
     if (config) {
       setTemplates(config)
     }
+
+    this.eventTrackingV2 = new EventTrackingV2(tracer)
   }
 
   trackUserLoginSuccessEvent (user, metadata) {

package/packages/dd-trace/src/appsec/sdk/noop.js

@@ -1,6 +1,16 @@
 'use strict'
 
+class NoopEventTrackingV2 {
+  trackUserLoginSuccess () {}
+
+  trackUserLoginFailure () {}
+}
+
 class NoopAppsecSdk {
+  constructor () {
+    this.eventTrackingV2 = new NoopEventTrackingV2()
+  }
+
   trackUserLoginSuccessEvent () {}
 
   trackUserLoginFailureEvent () {}

package/packages/dd-trace/src/appsec/sdk/set_user.js

@@ -9,6 +9,8 @@ function setUserTags (user, rootSpan) {
   for (const k of Object.keys(user)) {
     rootSpan.setTag(`usr.${k}`, '' + user[k])
   }
+
+  rootSpan.setTag('_dd.appsec.user.collection_mode', 'sdk')
 }
 
 function setUser (tracer, user) {
@@ -24,7 +26,6 @@ function setUser (tracer, user) {
   }
 
   setUserTags(user, rootSpan)
-  rootSpan.setTag('_dd.appsec.user.collection_mode', 'sdk')
 
   const persistent = {
     [addresses.USER_ID]: '' + user.id

package/packages/dd-trace/src/appsec/sdk/track_event.js

@@ -9,6 +9,9 @@ const addresses = require('../addresses')
 const { ASM } = require('../../standalone/product')
 const { incrementSdkEventMetric } = require('../telemetry')
 
+/**
+ * @deprecated in favor of trackUserLoginSuccessV2
+ */
 function trackUserLoginSuccessEvent (tracer, user, metadata) {
   // TODO: better user check here and in _setUser() ?
   if (!user || !user.id) {
@@ -16,7 +19,7 @@ function trackUserLoginSuccessEvent (tracer, user, metadata) {
     return
   }
 
-  incrementSdkEventMetric('login_success')
+  incrementSdkEventMetric('login_success', 'v1')
 
   const rootSpan = getRootSpan(tracer)
   if (!rootSpan) {
@@ -35,6 +38,9 @@ function trackUserLoginSuccessEvent (tracer, user, metadata) {
   runWaf('users.login.success', { id: user.id, login })
 }
 
+/**
+ * @deprecated in favor of trackUserLoginFailureV2
+ */
 function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
   if (!userId || typeof userId !== 'string') {
     log.warn('[ASM] Invalid userId provided to trackUserLoginFailureEvent')
@@ -52,7 +58,7 @@ function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
 
   runWaf('users.login.failure', { login: userId })
 
-  incrementSdkEventMetric('login_failure')
+  incrementSdkEventMetric('login_failure', 'v1')
 }
 
 function trackCustomEvent (tracer, eventName, metadata) {
@@ -63,7 +69,112 @@ function trackCustomEvent (tracer, eventName, metadata) {
 
   trackEvent(eventName, metadata, 'trackCustomEvent', getRootSpan(tracer))
 
-  incrementSdkEventMetric('custom')
+  incrementSdkEventMetric('custom', 'v1')
+
+  if (eventName === 'users.login.success' || eventName === 'users.login.failure') {
+    runWaf(eventName)
+  }
+}
+
+function trackUserLoginSuccessV2 (tracer, login, user, metadata) {
+  if (!login || typeof login !== 'string') {
+    log.warn('[ASM] Invalid login provided to eventTrackingV2.trackUserLoginSuccess')
+    return
+  }
+
+  incrementSdkEventMetric('login_success', 'v2')
+
+  const rootSpan = getRootSpan(tracer)
+  if (!rootSpan) {
+    log.warn('[ASM] Root span not available in eventTrackingV2.trackUserLoginSuccess')
+    return
+  }
+
+  const wafData = { login }
+
+  metadata = {
+    'usr.login': login,
+    ...metadata
+  }
+
+  if (user) {
+    if (typeof user !== 'object') {
+      user = { id: user }
+    }
+
+    if (user.id) {
+      wafData.id = user.id
+      setUserTags(user, rootSpan)
+      metadata.usr = user
+    }
+  }
+
+  trackEvent('users.login.success', metadata, 'eventTrackingV2.trackUserLoginSuccess', rootSpan)
+
+  runWaf('users.login.success', wafData)
+}
+
+function trackUserLoginFailureV2 (tracer, login, exists, metadata) {
+  if (!login || typeof login !== 'string') {
+    log.warn('[ASM] Invalid login provided to eventTrackingV2.trackUserLoginFailure')
+    return
+  }
+
+  incrementSdkEventMetric('login_failure', 'v2')
+
+  const rootSpan = getRootSpan(tracer)
+  if (!rootSpan) {
+    log.warn('[ASM] Root span not available in eventTrackingV2.trackUserLoginFailure')
+    return
+  }
+
+  const wafData = { login }
+
+  if (typeof exists === 'object' && metadata === undefined) {
+    metadata = exists
+    exists = false
+  }
+
+  metadata = {
+    'usr.login': login,
+    'usr.exists': exists ? 'true' : 'false',
+    ...metadata
+  }
+
+  trackEvent('users.login.failure', metadata, 'eventTrackingV2.trackUserLoginFailure', rootSpan)
+
+  runWaf('users.login.failure', wafData)
+}
+
+function flattenFields (fields, depth = 0) {
+  if (depth > 4) {
+    return {
+      truncated: true
+    }
+  }
+
+  const result = {}
+  let truncated = false
+  for (const key of Object.keys(fields)) {
+    const value = fields[key]
+
+    if (value && typeof value === 'object') {
+      const { result: flatValue, truncated: inheritTruncated } = flattenFields(value, depth + 1)
+      truncated = truncated || inheritTruncated
+
+      if (flatValue) {
+        for (const flatKey of Object.keys(flatValue)) {
+          result[`${key}.${flatKey}`] = flatValue[flatKey]
+        }
+      }
+    } else {
+      if (value !== undefined) {
+        result[key] = value
+      }
+    }
+  }
+
+  return { result, truncated }
 }
 
 function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
@@ -78,8 +189,14 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
   }
 
   if (fields) {
-    for (const metadataKey of Object.keys(fields)) {
-      tags[`appsec.events.${eventName}.${metadataKey}`] = '' + fields[metadataKey]
+    const { result: flatFields, truncated } = flattenFields(fields)
+
+    if (truncated) {
+      log.warn('[ASM] Too deep object provided in the SDK method %s, object truncated', sdkMethodName)
+    }
+
+    for (const metadataKey of Object.keys(flatFields)) {
+      tags[`appsec.events.${eventName}.${metadataKey}`] = '' + flatFields[metadataKey]
     }
   }
 
@@ -93,11 +210,11 @@ function runWaf (eventName, user) {
     [`server.business_logic.${eventName}`]: null
   }
 
-  if (user.id) {
+  if (user?.id) {
     persistent[addresses.USER_ID] = '' + user.id
   }
 
-  if (user.login) {
+  if (user?.login) {
     persistent[addresses.USER_LOGIN] = '' + user.login
   }
 
@@ -107,5 +224,9 @@ function runWaf (eventName, user) {
 module.exports = {
   trackUserLoginSuccessEvent,
   trackUserLoginFailureEvent,
-  trackCustomEvent
+  trackCustomEvent,
+  trackUserLoginSuccessV2,
+  trackUserLoginFailureV2,
+  trackEvent,
+  runWaf
 }

package/packages/dd-trace/src/appsec/sdk/user_blocking.js

@@ -23,7 +23,6 @@ function checkUserAndSetUser (tracer, user) {
   if (rootSpan) {
     if (!rootSpan.context()._tags['usr.id']) {
       setUserTags(user, rootSpan)
-      rootSpan.setTag('_dd.appsec.user.collection_mode', 'sdk')
     }
   } else {
     log.warn('[ASM] Root span not available in isUserBlocked')

package/packages/dd-trace/src/appsec/telemetry/index.js

@@ -143,10 +143,10 @@ function incrementMissingUserIdMetric (framework, eventType) {
   incrementMissingUserId(framework, eventType)
 }
 
-function incrementSdkEventMetric (framework, eventType) {
+function incrementSdkEventMetric (eventType, sdkVersion) {
   if (!enabled) return
 
-  incrementSdkEvent(framework, eventType)
+  incrementSdkEvent(eventType, sdkVersion)
 }
 
 function getRequestMetrics (req) {

package/packages/dd-trace/src/appsec/telemetry/user.js

@@ -18,10 +18,10 @@ function incrementMissingUserId (framework, eventType) {
   }).inc()
 }
 
-function incrementSdkEvent (eventType) {
+function incrementSdkEvent (eventType, sdkVersion = 'v1') {
   appsecMetrics.count('sdk.event', {
     event_type: eventType,
-    sdk_version: 'v1'
+    sdk_version: sdkVersion
   }).inc()
 }
 

package/packages/dd-trace/src/config.js

@@ -63,6 +63,8 @@ const otelDdEnvMapping = {
 
 const VALID_PROPAGATION_STYLES = new Set(['datadog', 'tracecontext', 'b3', 'b3 single header', 'none'])
 
+const VALID_PROPAGATION_BEHAVIOR_EXTRACT = new Set(['continue', 'restart', 'ignore'])
+
 const VALID_LOG_LEVELS = new Set(['debug', 'info', 'warn', 'error'])
 
 function getFromOtelSamplerMap (otelTracesSampler, otelTracesSamplerArg) {
@@ -584,6 +586,7 @@ class Config {
     this._setValue(defaults, 'traceId128BitGenerationEnabled', true)
     this._setValue(defaults, 'traceId128BitLoggingEnabled', true)
     this._setValue(defaults, 'tracePropagationExtractFirst', false)
+    this._setValue(defaults, 'tracePropagationBehaviorExtract', 'continue')
     this._setValue(defaults, 'tracePropagationStyle.inject', ['datadog', 'tracecontext', 'baggage'])
     this._setValue(defaults, 'tracePropagationStyle.extract', ['datadog', 'tracecontext', 'baggage'])
     this._setValue(defaults, 'tracePropagationStyle.otelPropagators', false)
@@ -746,6 +749,7 @@ class Config {
       DD_TRACE_PARTIAL_FLUSH_MIN_SPANS,
       DD_TRACE_PEER_SERVICE_MAPPING,
       DD_TRACE_PROPAGATION_EXTRACT_FIRST,
+      DD_TRACE_PROPAGATION_BEHAVIOR_EXTRACT,
       DD_TRACE_PROPAGATION_STYLE,
       DD_TRACE_PROPAGATION_STYLE_INJECT,
       DD_TRACE_PROPAGATION_STYLE_EXTRACT,
@@ -967,6 +971,11 @@ class Config {
     this._setBoolean(env, 'traceId128BitGenerationEnabled', DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED)
     this._setBoolean(env, 'traceId128BitLoggingEnabled', DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED)
     this._setBoolean(env, 'tracePropagationExtractFirst', DD_TRACE_PROPAGATION_EXTRACT_FIRST)
+    const stringPropagationBehaviorExtract = String(DD_TRACE_PROPAGATION_BEHAVIOR_EXTRACT)
+    this._setValue(env, 'tracePropagationBehaviorExtract',
+      VALID_PROPAGATION_BEHAVIOR_EXTRACT.has(stringPropagationBehaviorExtract)
+        ? stringPropagationBehaviorExtract
+        : 'continue')
     this._setBoolean(env, 'tracePropagationStyle.otelPropagators',
       DD_TRACE_PROPAGATION_STYLE ||
       DD_TRACE_PROPAGATION_STYLE_INJECT ||

package/packages/dd-trace/src/debugger/devtools_client/breakpoints.js

@@ -3,7 +3,7 @@
 const { getGeneratedPosition } = require('./source-maps')
 const lock = require('./lock')()
 const session = require('./session')
-const compileCondition = require('./condition')
+const { compile: compileCondition, compileSegments, templateRequiresEvaluation } = require('./condition')
 const { MAX_SNAPSHOTS_PER_SECOND_PER_PROBE, MAX_NON_SNAPSHOTS_PER_SECOND_PER_PROBE } = require('./defaults')
 const { findScriptFromPartialPath, locationToBreakpoint, breakpointToProbes, probeToLocation } = require('./state')
 const log = require('../../log')
@@ -26,6 +26,13 @@ async function addBreakpoint (probe) {
   probe.location = { file, lines: [String(lineNumber)] }
   delete probe.where
 
+  // Optimize for fast calculations when probe is hit
+  probe.templateRequiresEvaluation = templateRequiresEvaluation(probe.segments)
+  if (probe.templateRequiresEvaluation) {
+    probe.template = compileSegments(probe.segments)
+  }
+  delete probe.segments
+
   // Optimize for fast calculations when probe is hit
   const snapshotsPerSecond = probe.sampling?.snapshotsPerSecond ?? (probe.captureSnapshot
     ? MAX_SNAPSHOTS_PER_SECOND_PER_PROBE
@@ -41,6 +48,10 @@ async function addBreakpoint (probe) {
   const { url, scriptId, sourceMapURL, source } = script
 
   if (sourceMapURL) {
+    log.debug(
+      '[debugger:devtools_client] Translating location using source map for %s:%d:%d (probe: %s, version: %d)',
+      file, lineNumber, columnNumber, probe.id, probe.version
+    );
     ({ line: lineNumber, column: columnNumber } = await getGeneratedPosition(url, source, lineNumber, sourceMapURL))
   }
 
@@ -156,6 +167,8 @@ function stop () {
 
 // Only if all probes have a condition can we use a compound condition.
 // Otherwise, we need to evaluate each probe individually once the breakpoint is hit.
+// TODO: Handle errors - if there's 2 conditons, and one fails but the other returns true, we should still pause the
+// breakpoint
 function compileCompoundCondition (probes) {
   return probes.every(p => p.condition)
     ? probes.map(p => p.condition).filter(Boolean).join(' || ')