dd-trace 5.49.0 → 5.50.0

package/LICENSE-3rdparty.csv

@@ -20,6 +20,7 @@ require,limiter,MIT,Copyright 2011 John Hurliman
 require,lodash.sortby,MIT,Copyright JS Foundation and other contributors
 require,lru-cache,ISC,Copyright (c) 2010-2022 Isaac Z. Schlueter and Contributors
 require,module-details-from-path,MIT,Copyright 2016 Thomas Watson Steen
+require,mutexify,MIT,Copyright (c) 2014 Mathias Buus
 require,opentracing,MIT,Copyright 2016 Resonance Labs Inc
 require,path-to-regexp,MIT,Copyright 2014 Blake Embrey
 require,pprof-format,MIT,Copyright 2022 Stephen Belanger
@@ -31,7 +32,6 @@ require,semifies,Apache license 2.0,Copyright Authors
 require,shell-quote,mit,Copyright (c) 2013 James Halliday
 require,source-map,BSD-3-Clause,Copyright (c) 2009-2011, Mozilla Foundation and contributors
 require,ttl-set,MIT,Copyright (c) 2024 Thomas Watson
-dev,@apollo/server,MIT,Copyright (c) 2016-2020 Apollo Graph, Inc. (Formerly Meteor Development Group, Inc.)
 dev,@babel/helpers,MIT,Copyright (c) 2014-present Sebastian McKenzie and other contributors
 dev,@types/node,MIT,Copyright Authors
 dev,@eslint/eslintrc,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
@@ -39,7 +39,6 @@ dev,@eslint/js,MIT,Copyright OpenJS Foundation and other contributors, <www.open
 dev,@msgpack/msgpack,ISC,Copyright 2019 The MessagePack Community
 dev,@stylistic/eslint-plugin-js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
 dev,autocannon,MIT,Copyright 2016 Matteo Collina
-dev,aws-sdk,Apache 2.0,Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 dev,axios,MIT,Copyright 2014-present Matt Zabriskie
 dev,benchmark,MIT,Copyright 2010-2016 Mathias Bynens Robert Kieffer John-David Dalton
 dev,body-parser,MIT,Copyright 2014 Jonathan Ong 2014-2015 Douglas Christopher Wilson
@@ -48,7 +47,6 @@ dev,chalk,MIT,Copyright Sindre Sorhus
 dev,checksum,MIT,Copyright Daniel D. Shaw
 dev,cli-table3,MIT,Copyright 2014 James Talmage
 dev,dotenv,BSD-2-Clause,Copyright 2015 Scott Motte
-dev,esbuild,MIT,Copyright (c) 2020 Evan Wallace
 dev,eslint,MIT,Copyright JS Foundation and other contributors https://js.foundation
 dev,eslint-config-standard,MIT,Copyright Feross Aboukhadijeh
 dev,eslint-plugin-import,MIT,Copyright 2015 Ben Mosher
@@ -62,7 +60,6 @@ dev,glob,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,globals,MIT,Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 dev,graphql,MIT,Copyright 2015 Facebook Inc.
 dev,jszip,MIT,Copyright 2015-2016 Stuart Knightley and contributors
-dev,knex,MIT,Copyright (c) 2013-present Tim Griesser
 dev,mkdirp,MIT,Copyright 2010 James Halliday
 dev,mocha,MIT,Copyright 2011-2018 JS Foundation and contributors https://js.foundation
 dev,multer,MIT,Copyright 2014 Hage Yaapa

package/README.md

@@ -15,7 +15,7 @@
 Most of the documentation for `dd-trace` is available on these webpages:
 
 - [Tracing Node.js Applications](https://docs.datadoghq.com/tracing/languages/nodejs/) - most project documentation, including setup instructions
-- [Configuring the NodeJS Tracing Library](https://docs.datadoghq.com/tracing/trace_collection/library_config/nodejs) - environment variables and config options
+- [Configuring the Node.js Tracing Library](https://docs.datadoghq.com/tracing/trace_collection/library_config/nodejs) - environment variables and config options
 - [API Documentation](https://datadog.github.io/dd-trace-js) - method signatures, plugin list, and some usage examples
 - [APM Terms and Concepts](https://docs.datadoghq.com/tracing/visualization/) - a glossary of concepts applicable across all languages
 
@@ -59,7 +59,7 @@ When a new release line is introduced the previous release line then enters main
 Once that year is up the release line enters End of Life and will not receive new updates.
 The library also follows the Node.js LTS lifecycle wherein new release lines drop compatibility with Node.js versions that reach end-of-life (with the maintenance release line still receiving updates for a year).
 
-For more information about library versioning and compatibility, see the [NodeJS Compatibility Requirements](https://docs.datadoghq.com/tracing/trace_collection/compatibility/nodejs/#releases) page.
+For more information about library versioning and compatibility, see the [Node.js Compatibility Requirements](https://docs.datadoghq.com/tracing/trace_collection/compatibility/nodejs/#releases) page.
 
 Changes associated with each individual release are documented on the [GitHub Releases](https://github.com/DataDog/dd-trace-js/releases) screen.
 
@@ -69,21 +69,11 @@ Changes associated with each individual release are documented on the [GitHub Re
 Please read the [CONTRIBUTING.md](https://github.com/DataDog/dd-trace-js/blob/master/CONTRIBUTING.md) document before contributing to this open source project.
 
 
-## EcmaScript Modules (ESM) Support
+## ECMAScript Modules (ESM) Support
 
-ESM support requires an additional command-line argument. Use the following to enable experimental ESM support with your application:
+ESM support requires an _additional_ command line argument when starting the Node.js process.
+For more information, see the [section on ESM support](https://docs.datadoghq.com/tracing/trace_collection/automatic_instrumentation/dd_libraries/nodejs/#esm-applications-only-import-the-loader) in the Node.js tracer documentation.
 
-Node.js < v20.6
-
-```sh
-node --loader dd-trace/loader-hook.mjs entrypoint.js
-```
-
-Node.js >= v20.6
-
-```sh
-node --import dd-trace/register.js entrypoint.js
-```
 
 ## Serverless / Lambda
 

package/index.d.ts

@@ -2251,6 +2251,7 @@ declare namespace tracer {
     /**
      * Defines the pattern to ignore cookie names in the vulnerability hash calculation
      * @default ".{32,}"
+     * @deprecated This property has no effect because hash calculation algorithm has been updated for cookie vulnerabilities
      */
     cookieFilterPattern?: string,
 

package/package.json

@@ -1,14 +1,13 @@
 {
   "name": "dd-trace",
-  "version": "5.49.0",
+  "version": "5.50.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
   "scripts": {
     "env": "bash ./plugin-env",
     "preinstall": "node scripts/preinstall.js",
-    "bench": "node benchmark",
-    "bench:e2e": "SERVICES=mongo yarn services && cd benchmark/e2e && node benchmark-run.js --duration=30",
+    "bench": "node benchmark/index.js",
     "bench:e2e:ci-visibility": "node benchmark/e2e-ci/benchmark-run.js",
     "type:doc": "cd docs && yarn && yarn build",
     "type:test": "cd docs && yarn && yarn test",
@@ -106,6 +105,7 @@
     "lodash.sortby": "^4.7.0",
     "lru-cache": "^7.14.0",
     "module-details-from-path": "^1.0.3",
+    "mutexify": "^1.4.0",
     "opentracing": ">=0.12.1",
     "path-to-regexp": "^0.1.12",
     "pprof-format": "^2.1.0",
@@ -119,7 +119,6 @@
     "ttl-set": "^1.0.0"
   },
   "devDependencies": {
-    "@apollo/server": "^4.11.0",
     "@babel/helpers": "^7.26.10",
     "@eslint/eslintrc": "^3.2.0",
     "@eslint/js": "^9.19.0",
@@ -127,7 +126,6 @@
     "@stylistic/eslint-plugin-js": "^3.0.1",
     "@types/node": "^16.0.0",
     "autocannon": "^4.5.2",
-    "aws-sdk": "^2.1446.0",
     "axios": "^1.8.2",
     "benchmark": "^2.1.4",
     "body-parser": "^1.20.3",
@@ -136,7 +134,6 @@
     "checksum": "^1.0.0",
     "cli-table3": "^0.6.3",
     "dotenv": "16.3.1",
-    "esbuild": "^0.25.0",
     "eslint": "^9.19.0",
     "eslint-config-standard": "^17.1.0",
     "eslint-plugin-import": "^2.31.0",
@@ -145,12 +142,11 @@
     "eslint-plugin-promise": "^7.2.1",
     "eslint-plugin-unicorn": "^57.0.0",
     "express": "^4.21.2",
-    "get-port": "^3.2.0",
+    "get-port": "^5.1.1",
     "glob": "^7.1.6",
     "globals": "^15.10.0",
     "graphql": "0.13.2",
     "jszip": "^3.5.0",
-    "knex": "^2.4.2",
     "mkdirp": "^3.0.1",
     "mocha": "^10",
     "multer": "^1.4.5-lts.1",

package/packages/datadog-core/src/storage.js

@@ -47,15 +47,16 @@ class DatadogStorage extends AsyncLocalStorage {
    * key. This is useful if you've stashed a handle somewhere and want to
    * retrieve the store with it.
    *
-   * @param handle {{}}
+   * @param [handle] {{}}
    * @returns {T | undefined}
    */
   getStore (handle) {
     if (!handle) {
       handle = super.getStore()
     }
-
-    return stores.get(handle)
+    if (handle) {
+      return stores.get(handle)
+    }
   }
 
   /**

package/packages/datadog-plugin-aws-sdk/src/services/dynamodb.js

@@ -164,7 +164,6 @@ class DynamoDb extends BaseAwsSdkPlugin {
       return
     }
     if (!primaryKeyConfig) {
-      log.warn('Missing DD_TRACE_DYNAMODB_TABLE_PRIMARY_KEYS env variable')
       return
     }
     const primaryKeySet = primaryKeyConfig[tableName]

package/packages/datadog-shimmer/src/shimmer.js

@@ -1,85 +1,105 @@
 'use strict'
 
+const skipMethods = new Set([
+  'caller',
+  'arguments',
+  'name',
+  'length'
+])
+
 function copyProperties (original, wrapped) {
-  // TODO getPrototypeOf is not fast. Should we instead do this in specific
-  // instrumentations where needed?
-  const proto = Object.getPrototypeOf(original)
-  if (proto !== Function.prototype) {
+  if (original.constructor !== wrapped.constructor) {
+    const proto = Object.getPrototypeOf(original)
     Object.setPrototypeOf(wrapped, proto)
   }
-  const props = Object.getOwnPropertyDescriptors(original)
-  const keys = Reflect.ownKeys(props)
-
-  for (const key of keys) {
-    try {
-      Object.defineProperty(wrapped, key, props[key])
-    } catch (e) {
-      // TODO: figure out how to handle this without a try/catch
+
+  const ownKeys = Reflect.ownKeys(original)
+  if (original.length !== wrapped.length) {
+    Object.defineProperty(wrapped, 'length', { value: original.length, configurable: true })
+  }
+  if (original.name !== wrapped.name) {
+    Object.defineProperty(wrapped, 'name', { value: original.name, configurable: true })
+  }
+  if (ownKeys.length !== 2) {
+    for (const key of ownKeys) {
+      if (skipMethods.has(key)) continue
+      const descriptor = Object.getOwnPropertyDescriptor(original, key)
+      if (descriptor.writable && descriptor.enumerable && descriptor.configurable) {
+        wrapped[key] = original[key]
+      } else if (descriptor.writable || descriptor.configurable || !Object.hasOwn(wrapped, key)) {
+        Object.defineProperty(wrapped, key, descriptor)
+      }
     }
   }
 }
 
 function wrapFunction (original, wrapper) {
-  if (typeof original === 'function') assertNotClass(original)
-
   const wrapped = wrapper(original)
 
-  if (typeof original === 'function') copyProperties(original, wrapped)
+  if (typeof original === 'function') {
+    assertNotClass(original)
+    copyProperties(original, wrapped)
+  }
 
   return wrapped
 }
 
-const wrapFn = function (original, delegate) {
-  throw new Error('calling `wrap()` with 2 args is deprecated. Use wrapFunction instead.')
-}
-
-function wrapMethod (target, name, wrapper, noAssert) {
-  if (!noAssert) {
-    assertMethod(target, name)
-    assertFunction(wrapper)
+function wrap (target, name, wrapper) {
+  assertMethod(target, name)
+  if (typeof wrapper !== 'function') {
+    throw new Error(wrapper ? 'Target is not a function' : 'No function provided')
   }
 
   const original = target[name]
   const wrapped = wrapper(original)
 
-  const descriptor = Object.getOwnPropertyDescriptor(target, name)
-
-  const attributes = {
-    configurable: true,
-    ...descriptor
-  }
-
   if (typeof original === 'function') copyProperties(original, wrapped)
 
-  if (descriptor) {
+  let descriptor = Object.getOwnPropertyDescriptor(target, name)
+
+  // No descriptor means original was on the prototype
+  if (descriptor === undefined) {
+    descriptor = {
+      value: wrapped,
+      writable: true,
+      configurable: true,
+      enumerable: false
+    }
+  } else if (descriptor.writable) {
+    // Fast path for assigned properties.
+    if (descriptor.configurable && descriptor.enumerable) {
+      target[name] = wrapped
+      return target
+    }
+    descriptor.value = wrapped
+  } else {
     if (descriptor.get || descriptor.set) {
-      attributes.get = () => wrapped
+      // TODO(BridgeAR): What happens in case there is a setter? This seems wrong?
+      // What happens in case the user does indeed set this to a different value?
+      // In that case the getter would potentially return the wrong value?
+      descriptor.get = () => wrapped
     } else {
-      attributes.value = wrapped
+      descriptor.value = wrapped
     }
 
-    // TODO: create a single object for multiple wrapped methods
     if (descriptor.configurable === false) {
+      // TODO(BridgeAR): Bail out instead (throw). It is unclear if the newly
+      // created object is actually used. If it's not used, the wrapping would
+      // have had no effect without noticing. It is also unclear what would happen
+      // in case user code would check for properties to be own properties. That
+      // would fail with this code. A function being replaced with an object is
+      // also not possible.
       return Object.create(target, {
-        [name]: attributes
+        [name]: descriptor
       })
     }
-  } else { // no descriptor means original was on the prototype
-    attributes.value = wrapped
-    attributes.writable = true
   }
 
-  Object.defineProperty(target, name, attributes)
+  Object.defineProperty(target, name, descriptor)
 
   return target
 }
 
-function wrap (target, name, wrapper) {
-  return typeof name === 'function'
-    ? wrapFn(target, name)
-    : wrapMethod(target, name, wrapper)
-}
-
 function massWrap (targets, names, wrapper) {
   targets = toArray(targets)
   names = toArray(names)
@@ -96,30 +116,18 @@ function toArray (maybeArray) {
 }
 
 function assertMethod (target, name) {
-  if (!target) {
-    throw new Error('No target object provided.')
-  }
-
-  if (typeof target !== 'object' && typeof target !== 'function') {
-    throw new Error('Invalid target.')
-  }
-
-  if (!target[name]) {
-    throw new Error(`No original method ${name}.`)
-  }
-
-  if (typeof target[name] !== 'function') {
-    throw new Error(`Original method ${name} is not a function.`)
-  }
-}
-
-function assertFunction (target) {
-  if (!target) {
-    throw new Error('No function provided.')
-  }
+  if (typeof target?.[name] !== 'function') {
+    let message = 'No target object provided'
+
+    if (target) {
+      if (typeof target !== 'object' && typeof target !== 'function') {
+        message = 'Invalid target'
+      } else {
+        message = target[name] ? `Original method ${name} is not a function` : `No original method ${name}`
+      }
+    }
 
-  if (typeof target !== 'function') {
-    throw new Error('Target is not a function.')
+    throw new Error(message)
   }
 }
 

package/packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js

@@ -2,7 +2,6 @@
 
 const Analyzer = require('./vulnerability-analyzer')
 const { getNodeModulesPaths } = require('../path-line')
-const log = require('../../../log')
 
 const EXCLUDED_PATHS = getNodeModulesPaths('express/lib/response.js')
 
@@ -12,14 +11,7 @@ class CookieAnalyzer extends Analyzer {
     this.propertyToBeSafe = propertyToBeSafe.toLowerCase()
   }
 
-  onConfigure (config) {
-    try {
-      this.cookieFilterRegExp = new RegExp(config.iast.cookieFilterPattern)
-    } catch {
-      log.error('[ASM] Invalid regex in cookieFilterPattern')
-      this.cookieFilterRegExp = /.{32,}/
-    }
-
+  onConfigure () {
     this.addSub(
       { channelName: 'datadog:iast:set-cookie', moduleName: 'http' },
       (cookieInfo) => this.analyze(cookieInfo)
@@ -35,14 +27,6 @@ class CookieAnalyzer extends Analyzer {
     return { value: cookieName }
   }
 
-  _createHashSource (type, evidence, location) {
-    if (typeof evidence.value === 'string' && evidence.value.match(this.cookieFilterRegExp)) {
-      return 'FILTERED_' + this._type
-    }
-
-    return `${type}:${evidence.value}`
-  }
-
   _getExcludedPaths () {
     return EXCLUDED_PATHS
   }

package/packages/dd-trace/src/appsec/iast/iast-plugin.js

@@ -114,7 +114,7 @@ class IastPlugin extends Plugin {
       config = { enabled: config }
     }
     if (config.enabled && !this.configured) {
-      this.onConfigure(config.tracerConfig)
+      this.onConfigure()
       this.configured = true
     }
 

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js

@@ -13,7 +13,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     let regexResult = pattern.exec(evidence.value)
     while (regexResult != null) {
       if (!regexResult.groups.LITERAL) continue
-      // Computing indices manually since NodeJs 12 does not support d flag on regular expressions
+      // Computing indices manually since Node.js 12 does not support d flag on regular expressions
       // TODO Get indices from group by adding d flag in regular expression
       const start = regexResult.index + (regexResult[0].length - regexResult.groups.LITERAL.length - 1)
       const end = start + regexResult.groups.LITERAL.length

package/packages/dd-trace/src/config.js

@@ -181,8 +181,7 @@ function validateNamingVersion (versionString) {
  * If a blank path is provided a null is returned to signal that the feature is disabled.
  * An empty array means the feature is enabled but that no rules need to be applied.
  *
- * @param {string} input
- * @returns {[string]|null}
+ * @param {string | string[]} input
  */
 function splitJSONPathRules (input) {
   if (!input) return null
@@ -289,8 +288,7 @@ class Config {
     }
     const PROPAGATION_STYLE_INJECT = propagationStyle(
       'inject',
-      options.tracePropagationStyle,
-      this._getDefaultPropagationStyle(options)
+      options.tracePropagationStyle
     )
 
     validateOtelPropagators(PROPAGATION_STYLE_INJECT)
@@ -299,8 +297,6 @@ class Config {
       options.appsec = {
         enabled: options.appsec
       }
-    } else if (options.appsec == null) {
-      options.appsec = {}
     }
 
     const DD_INSTRUMENTATION_INSTALL_ID = coalesce(
@@ -505,7 +501,6 @@ class Config {
     this._setValue(defaults, 'grpc.server.error.statuses', GRPC_SERVER_ERROR_STATUSES)
     this._setValue(defaults, 'headerTags', [])
     this._setValue(defaults, 'hostname', '127.0.0.1')
-    this._setValue(defaults, 'iast.cookieFilterPattern', '.{32,}')
     this._setValue(defaults, 'iast.dbRowsToTaint', 1)
     this._setValue(defaults, 'iast.deduplicationEnabled', true)
     this._setValue(defaults, 'iast.enabled', false)
@@ -594,10 +589,10 @@ class Config {
     this._setValue(defaults, 'url', undefined)
     this._setValue(defaults, 'version', pkg.version)
     this._setValue(defaults, 'instrumentation_config_id', undefined)
-    this._setValue(defaults, 'aws.dynamoDb.tablePrimaryKeys', undefined)
     this._setValue(defaults, 'vertexai.spanCharLimit', 128)
     this._setValue(defaults, 'vertexai.spanPromptCompletionSampleRate', 1.0)
     this._setValue(defaults, 'trace.aws.addSpanPointers', true)
+    this._setValue(defaults, 'trace.dynamoDb.tablePrimaryKeys', undefined)
     this._setValue(defaults, 'trace.nativeSpanEvents', false)
   }
 
@@ -680,7 +675,6 @@ class Config {
       DD_GRPC_CLIENT_ERROR_STATUSES,
       DD_GRPC_SERVER_ERROR_STATUSES,
       JEST_WORKER_ID,
-      DD_IAST_COOKIE_FILTER_PATTERN,
       DD_IAST_DB_ROWS_TO_TAINT,
       DD_IAST_DEDUPLICATION_ENABLED,
       DD_IAST_ENABLED,
@@ -855,7 +849,6 @@ class Config {
     this._setIntegerRangeSet(env, 'grpc.server.error.statuses', DD_GRPC_SERVER_ERROR_STATUSES)
     this._setArray(env, 'headerTags', DD_TRACE_HEADER_TAGS)
     this._setString(env, 'hostname', coalesce(DD_AGENT_HOST, DD_TRACE_AGENT_HOSTNAME))
-    this._setString(env, 'iast.cookieFilterPattern', DD_IAST_COOKIE_FILTER_PATTERN)
     this._setValue(env, 'iast.dbRowsToTaint', maybeInt(DD_IAST_DB_ROWS_TO_TAINT))
     this._setBoolean(env, 'iast.deduplicationEnabled', DD_IAST_DEDUPLICATION_ENABLED)
     this._setBoolean(env, 'iast.enabled', DD_IAST_ENABLED)
@@ -1010,27 +1003,27 @@ class Config {
       options.apmTracingEnabled,
       options.experimental?.appsec?.standalone && !options.experimental.appsec.standalone.enabled
     ))
-    this._setBoolean(opts, 'appsec.apiSecurity.enabled', options.appsec.apiSecurity?.enabled)
-    this._setValue(opts, 'appsec.blockedTemplateGraphql', maybeFile(options.appsec.blockedTemplateGraphql))
-    this._setValue(opts, 'appsec.blockedTemplateHtml', maybeFile(options.appsec.blockedTemplateHtml))
-    this._optsUnprocessed['appsec.blockedTemplateHtml'] = options.appsec.blockedTemplateHtml
-    this._setValue(opts, 'appsec.blockedTemplateJson', maybeFile(options.appsec.blockedTemplateJson))
-    this._optsUnprocessed['appsec.blockedTemplateJson'] = options.appsec.blockedTemplateJson
-    this._setBoolean(opts, 'appsec.enabled', options.appsec.enabled)
-    this._setString(opts, 'appsec.eventTracking.mode', options.appsec.eventTracking?.mode)
-    this._setString(opts, 'appsec.obfuscatorKeyRegex', options.appsec.obfuscatorKeyRegex)
-    this._setString(opts, 'appsec.obfuscatorValueRegex', options.appsec.obfuscatorValueRegex)
-    this._setBoolean(opts, 'appsec.rasp.enabled', options.appsec.rasp?.enabled)
-    this._setValue(opts, 'appsec.rateLimit', maybeInt(options.appsec.rateLimit))
-    this._optsUnprocessed['appsec.rateLimit'] = options.appsec.rateLimit
-    this._setString(opts, 'appsec.rules', options.appsec.rules)
-    this._setBoolean(opts, 'appsec.stackTrace.enabled', options.appsec.stackTrace?.enabled)
-    this._setValue(opts, 'appsec.stackTrace.maxDepth', maybeInt(options.appsec.stackTrace?.maxDepth))
-    this._optsUnprocessed['appsec.stackTrace.maxDepth'] = options.appsec.stackTrace?.maxDepth
-    this._setValue(opts, 'appsec.stackTrace.maxStackTraces', maybeInt(options.appsec.stackTrace?.maxStackTraces))
-    this._optsUnprocessed['appsec.stackTrace.maxStackTraces'] = options.appsec.stackTrace?.maxStackTraces
-    this._setValue(opts, 'appsec.wafTimeout', maybeInt(options.appsec.wafTimeout))
-    this._optsUnprocessed['appsec.wafTimeout'] = options.appsec.wafTimeout
+    this._setBoolean(opts, 'appsec.apiSecurity.enabled', options.appsec?.apiSecurity?.enabled)
+    this._setValue(opts, 'appsec.blockedTemplateGraphql', maybeFile(options.appsec?.blockedTemplateGraphql))
+    this._setValue(opts, 'appsec.blockedTemplateHtml', maybeFile(options.appsec?.blockedTemplateHtml))
+    this._optsUnprocessed['appsec.blockedTemplateHtml'] = options.appsec?.blockedTemplateHtml
+    this._setValue(opts, 'appsec.blockedTemplateJson', maybeFile(options.appsec?.blockedTemplateJson))
+    this._optsUnprocessed['appsec.blockedTemplateJson'] = options.appsec?.blockedTemplateJson
+    this._setBoolean(opts, 'appsec.enabled', options.appsec?.enabled)
+    this._setString(opts, 'appsec.eventTracking.mode', options.appsec?.eventTracking?.mode)
+    this._setString(opts, 'appsec.obfuscatorKeyRegex', options.appsec?.obfuscatorKeyRegex)
+    this._setString(opts, 'appsec.obfuscatorValueRegex', options.appsec?.obfuscatorValueRegex)
+    this._setBoolean(opts, 'appsec.rasp.enabled', options.appsec?.rasp?.enabled)
+    this._setValue(opts, 'appsec.rateLimit', maybeInt(options.appsec?.rateLimit))
+    this._optsUnprocessed['appsec.rateLimit'] = options.appsec?.rateLimit
+    this._setString(opts, 'appsec.rules', options.appsec?.rules)
+    this._setBoolean(opts, 'appsec.stackTrace.enabled', options.appsec?.stackTrace?.enabled)
+    this._setValue(opts, 'appsec.stackTrace.maxDepth', maybeInt(options.appsec?.stackTrace?.maxDepth))
+    this._optsUnprocessed['appsec.stackTrace.maxDepth'] = options.appsec?.stackTrace?.maxDepth
+    this._setValue(opts, 'appsec.stackTrace.maxStackTraces', maybeInt(options.appsec?.stackTrace?.maxStackTraces))
+    this._optsUnprocessed['appsec.stackTrace.maxStackTraces'] = options.appsec?.stackTrace?.maxStackTraces
+    this._setValue(opts, 'appsec.wafTimeout', maybeInt(options.appsec?.wafTimeout))
+    this._optsUnprocessed['appsec.wafTimeout'] = options.appsec?.wafTimeout
     this._setBoolean(opts, 'clientIpEnabled', options.clientIpEnabled)
     this._setString(opts, 'clientIpHeader', options.clientIpHeader?.toLowerCase())
     this._setValue(opts, 'baggageMaxBytes', options.baggageMaxBytes)
@@ -1063,7 +1056,6 @@ class Config {
     this._optsUnprocessed.flushMinSpans = options.flushMinSpans
     this._setArray(opts, 'headerTags', options.headerTags)
     this._setString(opts, 'hostname', options.hostname)
-    this._setString(opts, 'iast.cookieFilterPattern', options.iast?.cookieFilterPattern)
     this._setValue(opts, 'iast.dbRowsToTaint', maybeInt(options.iast?.dbRowsToTaint))
     this._setBoolean(opts, 'iast.deduplicationEnabled', options.iast && options.iast.deduplicationEnabled)
     this._setBoolean(opts, 'iast.enabled',

package/packages/dd-trace/src/datastreams/processor.js

@@ -13,16 +13,14 @@ const log = require('../log')
 
 const ENTRY_PARENT_HASH = Buffer.from('0000000000000000', 'hex')
 
-const HIGH_ACCURACY_DISTRIBUTION = 0.0075
-
 class StatsPoint {
   constructor (hash, parentHash, edgeTags) {
     this.hash = hash.readBigUInt64BE()
     this.parentHash = parentHash.readBigUInt64BE()
     this.edgeTags = edgeTags
-    this.edgeLatency = new LogCollapsingLowestDenseDDSketch(HIGH_ACCURACY_DISTRIBUTION)
-    this.pathwayLatency = new LogCollapsingLowestDenseDDSketch(HIGH_ACCURACY_DISTRIBUTION)
-    this.payloadSize = new LogCollapsingLowestDenseDDSketch(HIGH_ACCURACY_DISTRIBUTION)
+    this.edgeLatency = new LogCollapsingLowestDenseDDSketch()
+    this.pathwayLatency = new LogCollapsingLowestDenseDDSketch()
+    this.payloadSize = new LogCollapsingLowestDenseDDSketch()
   }
 
   addLatencies (checkpoint) {