dd-trace 5.53.0 → 5.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (368) hide show
  1. package/LICENSE-3rdparty.csv +2 -1
  2. package/ci/cypress/plugin.js +8 -0
  3. package/ci/cypress/polyfills.js +23 -0
  4. package/ci/init.js +8 -7
  5. package/index.d.ts +33 -16
  6. package/initialize.mjs +5 -6
  7. package/package.json +40 -38
  8. package/packages/datadog-code-origin/index.js +22 -4
  9. package/packages/datadog-core/src/utils/src/get.js +1 -1
  10. package/packages/datadog-core/src/utils/src/has.js +1 -1
  11. package/packages/datadog-core/src/utils/src/kebabcase.js +4 -6
  12. package/packages/datadog-core/src/utils/src/parse-tags.js +1 -1
  13. package/packages/datadog-core/src/utils/src/pick.js +2 -2
  14. package/packages/datadog-core/src/utils/src/set.js +1 -1
  15. package/packages/datadog-core/src/utils/src/uniq.js +1 -1
  16. package/packages/datadog-instrumentations/src/amqp10.js +19 -17
  17. package/packages/datadog-instrumentations/src/amqplib.js +52 -35
  18. package/packages/datadog-instrumentations/src/apollo.js +2 -2
  19. package/packages/datadog-instrumentations/src/aws-sdk.js +1 -1
  20. package/packages/datadog-instrumentations/src/cassandra-driver.js +10 -10
  21. package/packages/datadog-instrumentations/src/child_process.js +1 -2
  22. package/packages/datadog-instrumentations/src/confluentinc-kafka-javascript.js +89 -75
  23. package/packages/datadog-instrumentations/src/cookie-parser.js +1 -1
  24. package/packages/datadog-instrumentations/src/couchbase.js +6 -9
  25. package/packages/datadog-instrumentations/src/cucumber.js +108 -68
  26. package/packages/datadog-instrumentations/src/cypress.js +2 -1
  27. package/packages/datadog-instrumentations/src/dns.js +5 -5
  28. package/packages/datadog-instrumentations/src/elasticsearch.js +9 -10
  29. package/packages/datadog-instrumentations/src/fastify.js +7 -9
  30. package/packages/datadog-instrumentations/src/fs.js +1 -1
  31. package/packages/datadog-instrumentations/src/google-cloud-pubsub.js +35 -43
  32. package/packages/datadog-instrumentations/src/graphql.js +7 -10
  33. package/packages/datadog-instrumentations/src/grpc/client.js +11 -23
  34. package/packages/datadog-instrumentations/src/grpc/server.js +7 -20
  35. package/packages/datadog-instrumentations/src/hapi.js +10 -11
  36. package/packages/datadog-instrumentations/src/helpers/extract-package-and-module-path.js +16 -10
  37. package/packages/datadog-instrumentations/src/helpers/fetch.js +4 -5
  38. package/packages/datadog-instrumentations/src/helpers/hook.js +2 -3
  39. package/packages/datadog-instrumentations/src/helpers/hooks.js +0 -1
  40. package/packages/datadog-instrumentations/src/helpers/instrument.js +1 -41
  41. package/packages/datadog-instrumentations/src/helpers/register.js +11 -12
  42. package/packages/datadog-instrumentations/src/http/client.js +14 -20
  43. package/packages/datadog-instrumentations/src/jest.js +201 -143
  44. package/packages/datadog-instrumentations/src/kafkajs.js +52 -44
  45. package/packages/datadog-instrumentations/src/knex.js +4 -4
  46. package/packages/datadog-instrumentations/src/koa.js +2 -3
  47. package/packages/datadog-instrumentations/src/ldapjs.js +3 -4
  48. package/packages/datadog-instrumentations/src/mariadb.js +49 -65
  49. package/packages/datadog-instrumentations/src/mocha/main.js +116 -73
  50. package/packages/datadog-instrumentations/src/mocha/utils.js +36 -12
  51. package/packages/datadog-instrumentations/src/mocha/worker.js +6 -0
  52. package/packages/datadog-instrumentations/src/mocha.js +3 -1
  53. package/packages/datadog-instrumentations/src/mongodb-core.js +1 -1
  54. package/packages/datadog-instrumentations/src/mysql.js +30 -37
  55. package/packages/datadog-instrumentations/src/mysql2.js +53 -47
  56. package/packages/datadog-instrumentations/src/net.js +1 -1
  57. package/packages/datadog-instrumentations/src/next.js +1 -0
  58. package/packages/datadog-instrumentations/src/nyc.js +3 -2
  59. package/packages/datadog-instrumentations/src/openai.js +22 -24
  60. package/packages/datadog-instrumentations/src/oracledb.js +1 -1
  61. package/packages/datadog-instrumentations/src/otel-sdk-trace.js +4 -3
  62. package/packages/datadog-instrumentations/src/pg.js +3 -5
  63. package/packages/datadog-instrumentations/src/playwright.js +123 -83
  64. package/packages/datadog-instrumentations/src/protobufjs.js +3 -4
  65. package/packages/datadog-instrumentations/src/redis.js +4 -4
  66. package/packages/datadog-instrumentations/src/restify.js +9 -13
  67. package/packages/datadog-instrumentations/src/rhea.js +42 -54
  68. package/packages/datadog-instrumentations/src/router.js +30 -32
  69. package/packages/datadog-instrumentations/src/tedious.js +2 -3
  70. package/packages/datadog-instrumentations/src/vitest.js +87 -52
  71. package/packages/datadog-plugin-amqp10/src/consumer.js +7 -3
  72. package/packages/datadog-plugin-amqp10/src/producer.js +7 -3
  73. package/packages/datadog-plugin-amqplib/src/client.js +6 -2
  74. package/packages/datadog-plugin-amqplib/src/consumer.js +7 -3
  75. package/packages/datadog-plugin-amqplib/src/producer.js +7 -3
  76. package/packages/datadog-plugin-amqplib/src/util.js +1 -1
  77. package/packages/datadog-plugin-apollo/src/gateway/request.js +5 -6
  78. package/packages/datadog-plugin-apollo/src/gateway/validate.js +2 -3
  79. package/packages/datadog-plugin-avsc/src/schema_iterator.js +12 -12
  80. package/packages/datadog-plugin-aws-sdk/src/base.js +15 -10
  81. package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/tracing.js +2 -2
  82. package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/utils.js +13 -13
  83. package/packages/datadog-plugin-aws-sdk/src/services/cloudwatchlogs.js +3 -5
  84. package/packages/datadog-plugin-aws-sdk/src/services/dynamodb.js +28 -43
  85. package/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js +2 -2
  86. package/packages/datadog-plugin-aws-sdk/src/services/kinesis.js +10 -11
  87. package/packages/datadog-plugin-aws-sdk/src/services/lambda.js +4 -6
  88. package/packages/datadog-plugin-aws-sdk/src/services/redshift.js +3 -5
  89. package/packages/datadog-plugin-aws-sdk/src/services/s3.js +3 -5
  90. package/packages/datadog-plugin-aws-sdk/src/services/sns.js +2 -3
  91. package/packages/datadog-plugin-aws-sdk/src/services/sqs.js +11 -15
  92. package/packages/datadog-plugin-aws-sdk/src/services/stepfunctions.js +1 -1
  93. package/packages/datadog-plugin-aws-sdk/src/util.js +5 -6
  94. package/packages/datadog-plugin-cassandra-driver/src/index.js +1 -1
  95. package/packages/datadog-plugin-child_process/src/index.js +4 -4
  96. package/packages/datadog-plugin-child_process/src/scrub-cmd-params.js +23 -23
  97. package/packages/datadog-plugin-cucumber/src/index.js +60 -4
  98. package/packages/datadog-plugin-cypress/src/cypress-plugin.js +99 -28
  99. package/packages/datadog-plugin-cypress/src/plugin.js +11 -1
  100. package/packages/datadog-plugin-cypress/src/support.js +24 -5
  101. package/packages/datadog-plugin-dd-trace-api/src/index.js +2 -1
  102. package/packages/datadog-plugin-elasticsearch/src/index.js +1 -1
  103. package/packages/datadog-plugin-express/src/code_origin.js +30 -0
  104. package/packages/datadog-plugin-express/src/index.js +10 -12
  105. package/packages/datadog-plugin-express/src/tracing.js +19 -0
  106. package/packages/datadog-plugin-google-cloud-pubsub/src/client.js +7 -3
  107. package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js +12 -7
  108. package/packages/datadog-plugin-google-cloud-pubsub/src/producer.js +6 -2
  109. package/packages/datadog-plugin-google-cloud-vertexai/src/tracing.js +27 -10
  110. package/packages/datadog-plugin-graphql/src/execute.js +2 -2
  111. package/packages/datadog-plugin-graphql/src/index.js +10 -8
  112. package/packages/datadog-plugin-graphql/src/resolve.js +19 -12
  113. package/packages/datadog-plugin-graphql/src/tools/index.js +1 -0
  114. package/packages/datadog-plugin-graphql/src/tools/signature.js +1 -0
  115. package/packages/datadog-plugin-graphql/src/tools/transforms.js +1 -0
  116. package/packages/datadog-plugin-grpc/src/client.js +2 -2
  117. package/packages/datadog-plugin-grpc/src/util.js +2 -2
  118. package/packages/datadog-plugin-http/src/client.js +23 -13
  119. package/packages/datadog-plugin-http2/src/client.js +24 -25
  120. package/packages/datadog-plugin-jest/src/index.js +26 -23
  121. package/packages/datadog-plugin-jest/src/util.js +8 -8
  122. package/packages/datadog-plugin-kafkajs/src/batch-consumer.js +3 -1
  123. package/packages/datadog-plugin-kafkajs/src/consumer.js +9 -5
  124. package/packages/datadog-plugin-kafkajs/src/producer.js +8 -3
  125. package/packages/datadog-plugin-kafkajs/src/utils.js +1 -1
  126. package/packages/datadog-plugin-langchain/src/handlers/chain.js +7 -7
  127. package/packages/datadog-plugin-langchain/src/handlers/embedding.js +2 -2
  128. package/packages/datadog-plugin-langchain/src/handlers/language_models/chat_model.js +6 -4
  129. package/packages/datadog-plugin-langchain/src/handlers/language_models/llm.js +5 -4
  130. package/packages/datadog-plugin-langchain/src/tracing.js +11 -10
  131. package/packages/datadog-plugin-mariadb/src/index.js +3 -9
  132. package/packages/datadog-plugin-mocha/src/index.js +39 -14
  133. package/packages/datadog-plugin-mongodb-core/src/index.js +3 -2
  134. package/packages/datadog-plugin-mysql/src/index.js +22 -9
  135. package/packages/datadog-plugin-mysql2/src/index.js +16 -0
  136. package/packages/datadog-plugin-net/src/tcp.js +1 -1
  137. package/packages/datadog-plugin-next/src/index.js +7 -6
  138. package/packages/datadog-plugin-openai/src/services.js +6 -10
  139. package/packages/datadog-plugin-openai/src/tracing.js +12 -18
  140. package/packages/datadog-plugin-oracledb/src/index.js +1 -1
  141. package/packages/datadog-plugin-playwright/src/index.js +25 -4
  142. package/packages/datadog-plugin-protobufjs/src/schema_iterator.js +8 -9
  143. package/packages/datadog-plugin-redis/src/index.js +2 -4
  144. package/packages/datadog-plugin-rhea/src/consumer.js +8 -6
  145. package/packages/datadog-plugin-rhea/src/producer.js +5 -2
  146. package/packages/datadog-plugin-router/src/index.js +1 -1
  147. package/packages/datadog-plugin-selenium/src/index.js +1 -6
  148. package/packages/datadog-plugin-vitest/src/index.js +52 -35
  149. package/packages/datadog-shimmer/src/shimmer.js +4 -8
  150. package/packages/dd-trace/src/appsec/api_security_sampler.js +2 -2
  151. package/packages/dd-trace/src/appsec/blocked_templates.js +1 -1
  152. package/packages/dd-trace/src/appsec/blocking.js +6 -20
  153. package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +0 -1
  154. package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-rules.js +0 -1
  155. package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-rules.js +0 -1
  156. package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secrets-rules.js +0 -1
  157. package/packages/dd-trace/src/appsec/iast/analyzers/hsts-header-missing-analyzer.js +7 -12
  158. package/packages/dd-trace/src/appsec/iast/analyzers/missing-header-analyzer.js +5 -8
  159. package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js +4 -0
  160. package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js +9 -12
  161. package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js +5 -4
  162. package/packages/dd-trace/src/appsec/iast/context/context-plugin.js +2 -3
  163. package/packages/dd-trace/src/appsec/iast/iast-plugin.js +3 -3
  164. package/packages/dd-trace/src/appsec/iast/index.js +1 -0
  165. package/packages/dd-trace/src/appsec/iast/overhead-controller.js +102 -7
  166. package/packages/dd-trace/src/appsec/iast/path-line.js +7 -8
  167. package/packages/dd-trace/src/appsec/iast/security-controls/index.js +16 -24
  168. package/packages/dd-trace/src/appsec/iast/security-controls/parser.js +6 -6
  169. package/packages/dd-trace/src/appsec/iast/taint-tracking/filter.js +2 -2
  170. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js +3 -3
  171. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js +4 -28
  172. package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +2 -8
  173. package/packages/dd-trace/src/appsec/iast/taint-tracking/plugins/kafka.js +3 -4
  174. package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter-esm.mjs +1 -1
  175. package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +7 -8
  176. package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js +2 -2
  177. package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js +7 -7
  178. package/packages/dd-trace/src/appsec/iast/telemetry/verbosity.js +2 -3
  179. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/range-utils.js +10 -11
  180. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js +1 -1
  181. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js +1 -1
  182. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js +7 -7
  183. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +23 -28
  184. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js +3 -3
  185. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js +4 -4
  186. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js +6 -11
  187. package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +0 -1
  188. package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js +9 -11
  189. package/packages/dd-trace/src/appsec/index.js +5 -5
  190. package/packages/dd-trace/src/appsec/rasp/index.js +15 -15
  191. package/packages/dd-trace/src/appsec/rasp/lfi.js +2 -1
  192. package/packages/dd-trace/src/appsec/reporter.js +232 -41
  193. package/packages/dd-trace/src/appsec/rule_manager.js +2 -2
  194. package/packages/dd-trace/src/appsec/sdk/set_user.js +2 -2
  195. package/packages/dd-trace/src/appsec/sdk/track_event.js +3 -3
  196. package/packages/dd-trace/src/appsec/stack_trace.js +2 -4
  197. package/packages/dd-trace/src/appsec/telemetry/index.js +31 -1
  198. package/packages/dd-trace/src/appsec/telemetry/rasp.js +3 -5
  199. package/packages/dd-trace/src/appsec/telemetry/waf.js +3 -5
  200. package/packages/dd-trace/src/appsec/user_tracking.js +3 -5
  201. package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +8 -4
  202. package/packages/dd-trace/src/azure_metadata.js +9 -9
  203. package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/index.js +9 -8
  204. package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/worker/index.js +2 -2
  205. package/packages/dd-trace/src/ci-visibility/early-flake-detection/get-known-tests.js +3 -2
  206. package/packages/dd-trace/src/ci-visibility/exporters/agent-proxy/index.js +3 -3
  207. package/packages/dd-trace/src/ci-visibility/exporters/agentless/coverage-writer.js +3 -2
  208. package/packages/dd-trace/src/ci-visibility/exporters/agentless/di-logs-writer.js +3 -2
  209. package/packages/dd-trace/src/ci-visibility/exporters/agentless/writer.js +3 -2
  210. package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +6 -4
  211. package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +6 -5
  212. package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js +7 -6
  213. package/packages/dd-trace/src/ci-visibility/exporters/test-worker/writer.js +0 -2
  214. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +3 -2
  215. package/packages/dd-trace/src/ci-visibility/log-submission/log-submission-plugin.js +5 -4
  216. package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js +12 -8
  217. package/packages/dd-trace/src/ci-visibility/telemetry.js +4 -0
  218. package/packages/dd-trace/src/ci-visibility/test-management/get-test-management-tests.js +3 -2
  219. package/packages/dd-trace/src/config-helper.js +89 -0
  220. package/packages/dd-trace/src/config.js +159 -129
  221. package/packages/dd-trace/src/config_stable.js +10 -7
  222. package/packages/dd-trace/src/datastreams/encoding.js +9 -9
  223. package/packages/dd-trace/src/datastreams/fnv.js +2 -2
  224. package/packages/dd-trace/src/datastreams/pathway.js +4 -4
  225. package/packages/dd-trace/src/datastreams/processor.js +5 -7
  226. package/packages/dd-trace/src/datastreams/schemas/schema_builder.js +7 -7
  227. package/packages/dd-trace/src/datastreams/schemas/schema_sampler.js +4 -6
  228. package/packages/dd-trace/src/datastreams/size.js +1 -1
  229. package/packages/dd-trace/src/debugger/devtools_client/breakpoints.js +75 -69
  230. package/packages/dd-trace/src/debugger/devtools_client/condition.js +7 -10
  231. package/packages/dd-trace/src/debugger/devtools_client/defaults.js +1 -1
  232. package/packages/dd-trace/src/debugger/devtools_client/index.js +9 -2
  233. package/packages/dd-trace/src/debugger/devtools_client/remote_config.js +18 -38
  234. package/packages/dd-trace/src/debugger/devtools_client/send.js +3 -2
  235. package/packages/dd-trace/src/debugger/devtools_client/snapshot/collector.js +1 -2
  236. package/packages/dd-trace/src/debugger/devtools_client/snapshot/index.js +1 -1
  237. package/packages/dd-trace/src/debugger/devtools_client/snapshot/processor.js +11 -14
  238. package/packages/dd-trace/src/debugger/devtools_client/snapshot/redaction.js +4 -4
  239. package/packages/dd-trace/src/debugger/devtools_client/source-maps.js +2 -10
  240. package/packages/dd-trace/src/debugger/devtools_client/state.js +10 -3
  241. package/packages/dd-trace/src/debugger/index.js +1 -0
  242. package/packages/dd-trace/src/dogstatsd.js +7 -6
  243. package/packages/dd-trace/src/encode/0.4.js +14 -11
  244. package/packages/dd-trace/src/encode/0.5.js +4 -6
  245. package/packages/dd-trace/src/encode/agentless-ci-visibility.js +8 -8
  246. package/packages/dd-trace/src/encode/coverage-ci-visibility.js +1 -1
  247. package/packages/dd-trace/src/encode/tags-processors.js +1 -1
  248. package/packages/dd-trace/src/exporter.js +7 -6
  249. package/packages/dd-trace/src/exporters/agent/writer.js +1 -5
  250. package/packages/dd-trace/src/exporters/common/docker.js +4 -3
  251. package/packages/dd-trace/src/exporters/common/form-data.js +6 -4
  252. package/packages/dd-trace/src/exporters/common/request.js +5 -2
  253. package/packages/dd-trace/src/exporters/common/util.js +4 -2
  254. package/packages/dd-trace/src/external-logger/src/index.js +5 -5
  255. package/packages/dd-trace/src/flare/file.js +1 -5
  256. package/packages/dd-trace/src/format.js +1 -1
  257. package/packages/dd-trace/src/git_properties.js +1 -1
  258. package/packages/dd-trace/src/id.js +15 -9
  259. package/packages/dd-trace/src/iitm.js +10 -22
  260. package/packages/dd-trace/src/index.js +4 -3
  261. package/packages/dd-trace/src/lambda/handler.js +7 -6
  262. package/packages/dd-trace/src/lambda/index.js +2 -1
  263. package/packages/dd-trace/src/lambda/runtime/patch.js +7 -6
  264. package/packages/dd-trace/src/lambda/runtime/ritm.js +4 -3
  265. package/packages/dd-trace/src/llmobs/constants/tags.js +1 -0
  266. package/packages/dd-trace/src/llmobs/index.js +21 -5
  267. package/packages/dd-trace/src/llmobs/noop.js +18 -20
  268. package/packages/dd-trace/src/llmobs/plugins/bedrockruntime.js +6 -6
  269. package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/chain.js +2 -6
  270. package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/chat_model.js +3 -3
  271. package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/index.js +11 -13
  272. package/packages/dd-trace/src/llmobs/plugins/langchain/index.js +6 -6
  273. package/packages/dd-trace/src/llmobs/plugins/openai.js +2 -3
  274. package/packages/dd-trace/src/llmobs/sdk.js +4 -3
  275. package/packages/dd-trace/src/llmobs/span_processor.js +1 -1
  276. package/packages/dd-trace/src/llmobs/tagger.js +129 -102
  277. package/packages/dd-trace/src/llmobs/util.js +9 -9
  278. package/packages/dd-trace/src/llmobs/writers/base.js +1 -1
  279. package/packages/dd-trace/src/llmobs/writers/util.js +1 -1
  280. package/packages/dd-trace/src/log/index.js +9 -8
  281. package/packages/dd-trace/src/log/log.js +1 -1
  282. package/packages/dd-trace/src/log/writer.js +3 -4
  283. package/packages/dd-trace/src/msgpack/chunk.js +3 -3
  284. package/packages/dd-trace/src/msgpack/encoder.js +31 -31
  285. package/packages/dd-trace/src/noop/dogstatsd.js +6 -6
  286. package/packages/dd-trace/src/noop/span.js +4 -6
  287. package/packages/dd-trace/src/noop/tracer.js +1 -2
  288. package/packages/dd-trace/src/opentelemetry/span_processor.js +2 -2
  289. package/packages/dd-trace/src/opentelemetry/tracer.js +7 -6
  290. package/packages/dd-trace/src/opentracing/propagation/log.js +10 -13
  291. package/packages/dd-trace/src/opentracing/propagation/text_map.js +40 -37
  292. package/packages/dd-trace/src/opentracing/propagation/tracestate.js +8 -4
  293. package/packages/dd-trace/src/opentracing/span.js +16 -20
  294. package/packages/dd-trace/src/opentracing/tracer.js +9 -6
  295. package/packages/dd-trace/src/payload-tagging/config/index.js +17 -21
  296. package/packages/dd-trace/src/payload-tagging/index.js +1 -1
  297. package/packages/dd-trace/src/payload-tagging/tagging.js +6 -6
  298. package/packages/dd-trace/src/pkg.js +1 -1
  299. package/packages/dd-trace/src/plugin_manager.js +4 -3
  300. package/packages/dd-trace/src/plugins/ci_plugin.js +87 -11
  301. package/packages/dd-trace/src/plugins/consumer.js +2 -2
  302. package/packages/dd-trace/src/plugins/inbound.js +5 -1
  303. package/packages/dd-trace/src/plugins/index.js +0 -1
  304. package/packages/dd-trace/src/plugins/outbound.js +4 -5
  305. package/packages/dd-trace/src/plugins/plugin.js +1 -1
  306. package/packages/dd-trace/src/plugins/producer.js +2 -2
  307. package/packages/dd-trace/src/plugins/storage.js +2 -2
  308. package/packages/dd-trace/src/plugins/util/ci.js +28 -20
  309. package/packages/dd-trace/src/plugins/util/git.js +166 -12
  310. package/packages/dd-trace/src/plugins/util/inferred_proxy.js +1 -1
  311. package/packages/dd-trace/src/plugins/util/ip_extractor.js +1 -1
  312. package/packages/dd-trace/src/plugins/util/llm.js +27 -10
  313. package/packages/dd-trace/src/plugins/util/stacktrace.js +9 -2
  314. package/packages/dd-trace/src/plugins/util/test.js +315 -51
  315. package/packages/dd-trace/src/plugins/util/url.js +1 -1
  316. package/packages/dd-trace/src/plugins/util/urlfilter.js +13 -17
  317. package/packages/dd-trace/src/plugins/util/user-provided-git.js +14 -4
  318. package/packages/dd-trace/src/plugins/util/web.js +8 -8
  319. package/packages/dd-trace/src/priority_sampler.js +64 -53
  320. package/packages/dd-trace/src/profiling/config.js +51 -35
  321. package/packages/dd-trace/src/profiling/exporter_cli.js +20 -20
  322. package/packages/dd-trace/src/profiling/exporters/agent.js +1 -1
  323. package/packages/dd-trace/src/profiling/exporters/event_serializer.js +7 -6
  324. package/packages/dd-trace/src/profiling/exporters/file.js +2 -1
  325. package/packages/dd-trace/src/profiling/index.js +2 -1
  326. package/packages/dd-trace/src/profiling/profiler.js +44 -6
  327. package/packages/dd-trace/src/profiling/profilers/events.js +14 -17
  328. package/packages/dd-trace/src/profiling/profilers/shared.js +6 -1
  329. package/packages/dd-trace/src/profiling/profilers/space.js +3 -3
  330. package/packages/dd-trace/src/profiling/profilers/wall.js +6 -7
  331. package/packages/dd-trace/src/profiling/ssi-heuristics.js +3 -5
  332. package/packages/dd-trace/src/profiling/ssi-telemetry-mock-profiler.js +3 -1
  333. package/packages/dd-trace/src/profiling/tagger.js +21 -13
  334. package/packages/dd-trace/src/profiling/webspan-utils.js +1 -1
  335. package/packages/dd-trace/src/proxy.js +9 -10
  336. package/packages/dd-trace/src/random_sampler.js +40 -0
  337. package/packages/dd-trace/src/rate_limiter.js +4 -4
  338. package/packages/dd-trace/src/remote_config/index.js +3 -7
  339. package/packages/dd-trace/src/remote_config/manager.js +25 -13
  340. package/packages/dd-trace/src/require-package-json.js +1 -1
  341. package/packages/dd-trace/src/ritm.js +8 -8
  342. package/packages/dd-trace/src/runtime_metrics/runtime_metrics.js +5 -4
  343. package/packages/dd-trace/src/sampler.js +41 -4
  344. package/packages/dd-trace/src/sampling_rule.js +12 -3
  345. package/packages/dd-trace/src/scope.js +1 -1
  346. package/packages/dd-trace/src/serverless.js +11 -4
  347. package/packages/dd-trace/src/service-naming/schemas/util.js +1 -1
  348. package/packages/dd-trace/src/service-naming/schemas/v0/web.js +2 -3
  349. package/packages/dd-trace/src/span_processor.js +5 -4
  350. package/packages/dd-trace/src/span_sampler.js +4 -1
  351. package/packages/dd-trace/src/standalone/tracesource.js +2 -3
  352. package/packages/dd-trace/src/standalone/tracesource_priority_sampler.js +1 -2
  353. package/packages/dd-trace/src/startup-log.js +6 -18
  354. package/packages/dd-trace/src/supported-configurations.json +439 -0
  355. package/packages/dd-trace/src/telemetry/dependencies.js +64 -59
  356. package/packages/dd-trace/src/telemetry/logs/log-collector.js +9 -10
  357. package/packages/dd-trace/src/telemetry/metrics.js +10 -5
  358. package/packages/dd-trace/src/telemetry/send-data.js +8 -7
  359. package/packages/dd-trace/src/telemetry/telemetry.js +31 -45
  360. package/packages/dd-trace/src/tracer.js +3 -7
  361. package/packages/dd-trace/src/util.js +1 -6
  362. package/version.js +1 -0
  363. package/packages/datadog-instrumentations/src/paperplane.js +0 -77
  364. package/packages/datadog-plugin-paperplane/src/index.js +0 -25
  365. package/packages/datadog-plugin-paperplane/src/logger.js +0 -11
  366. package/packages/datadog-plugin-paperplane/src/server.js +0 -24
  367. package/packages/dd-trace/src/appsec/iast/analyzers/header-injection-analyzer.js +0 -122
  368. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/header-sensitive-analyzer.js +0 -20
package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED
@@ -14,6 +14,7 @@ const log = require('../../../log')
14
14
  const { isMainThread } = require('worker_threads')
15
15
  const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
16
16
  const orchestrionConfig = require('../../../../../datadog-instrumentations/src/orchestrion-config')
17
+ const { getEnvironmentVariable } = require('../../../config-helper')
17
18
 
18
19
  let config
19
20
  const hardcodedSecretCh = dc.channel('datadog:secrets:result')
@@ -26,7 +27,7 @@ let kSymbolPrepareStackTrace
26
27
  function noop () {}
27
28
 
28
29
  function isFlagPresent (flag) {
29
- return process.env.NODE_OPTIONS?.includes(flag) ||
30
+ return getEnvironmentVariable('NODE_OPTIONS')?.includes(flag) ||
30
31
  process.execArgv?.some(arg => arg.includes(flag))
31
32
  }
32
33
 
@@ -41,11 +42,9 @@ function setGetOriginalPathAndLineFromSourceMapFunction (chainSourceMap, { getOr
41
42
  ? (path, line, column) => {
42
43
  // if --enable-source-maps is present stacktraces of the rewritten files contain the original path, file and
43
44
  // column because the sourcemap chaining is done during the rewriting process so we can skip it
44
- if (isPrivateModule(path) && !isDdTrace(path)) {
45
- return { path, line, column }
46
- } else {
47
- return getOriginalPathAndLineFromSourceMap(path, line, column)
48
- }
45
+ return isPrivateModule(path) && !isDdTrace(path)
46
+ ? { path, line, column }
47
+ : getOriginalPathAndLineFromSourceMap(path, line, column)
49
48
  }
50
49
  : getOriginalPathAndLineFromSourceMap
51
50
  }
@@ -138,7 +137,7 @@ function esmRewritePostProcess (rewritten, filename) {
138
137
 
139
138
  if (metrics?.status === 'modified') {
140
139
  if (filename.startsWith('file://')) {
141
- filename = filename.substring(7)
140
+ filename = filename.slice(7)
142
141
  }
143
142
 
144
143
  cacheRewrittenSourceMap(filename, rewritten.content)
@@ -157,7 +156,7 @@ function shimPrepareStackTrace () {
157
156
  return
158
157
  }
159
158
  const pstDescriptor = Object.getOwnPropertyDescriptor(global.Error, 'prepareStackTrace')
160
- if (pstDescriptor?.configurable || pstDescriptor?.writable) {
159
+ if (!pstDescriptor || pstDescriptor.configurable || pstDescriptor.writable) {
161
160
  Object.defineProperty(global.Error, 'prepareStackTrace', getPrepareStackTraceAccessor())
162
161
  }
163
162
  shimmedPrepareStackTrace = true
package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED
@@ -71,7 +71,7 @@ function notString () {
71
71
  }
72
72
 
73
73
  function isValidCsiMethod (fn, protos) {
74
- return protos.some(proto => fn === proto)
74
+ return protos.includes(fn)
75
75
  }
76
76
 
77
77
  function getCsiFn (cb, getContext, ...protos) {
@@ -90,7 +90,7 @@ function getCsiFn (cb, getContext, ...protos) {
90
90
  function csiMethodsDefaults (names, excluded, getContext) {
91
91
  const impl = {}
92
92
  names.forEach(name => {
93
- if (excluded.indexOf(name) !== -1) return
93
+ if (excluded.includes(name)) return
94
94
  impl[name] = getCsiFn(
95
95
  (transactionId, res, target, ...rest) => TaintedUtils[name](transactionId, res, target, ...rest),
96
96
  getContext,
package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js CHANGED
@@ -10,10 +10,10 @@ function addMetricsToSpan (rootSpan, metrics, tagPrefix) {
10
10
  const name = taggedMetricName(data)
11
11
  let total = flattenMap.get(name)
12
12
  const value = flatten(data)
13
- if (!total) {
14
- total = value
15
- } else {
13
+ if (total) {
16
14
  total += value
15
+ } else {
16
+ total = value
17
17
  }
18
18
  flattenMap.set(name, total)
19
19
  })
@@ -34,9 +34,9 @@ function flatten (metricData) {
34
34
  function taggedMetricName (data) {
35
35
  const metric = data.metric
36
36
  const tags = filterTags(data.tags)
37
- return !tags?.length
38
- ? metric
39
- : `${metric}.${processTagValue(tags)}`
37
+ return tags?.length
38
+ ? `${metric}.${processTagValue(tags)}`
39
+ : metric
40
40
  }
41
41
 
42
42
  function filterTags (tags) {
@@ -45,7 +45,7 @@ function filterTags (tags) {
45
45
 
46
46
  function processTagValue (tags) {
47
47
  return tags.map(tag => tag.includes(':') ? tag.split(':')[1] : tag)
48
- .join('_').replace(/\./g, '_')
48
+ .join('_').replaceAll('.', '_')
49
49
  }
50
50
 
51
51
  module.exports = {
package/packages/dd-trace/src/appsec/iast/telemetry/verbosity.js CHANGED
@@ -18,10 +18,9 @@ function isInfoAllowed (value) {
18
18
  function getVerbosity (verbosity) {
19
19
  if (verbosity) {
20
20
  verbosity = verbosity.toUpperCase()
21
- return Verbosity[verbosity] !== undefined ? Verbosity[verbosity] : Verbosity.INFORMATION
22
- } else {
23
- return Verbosity.INFORMATION
21
+ return Verbosity[verbosity] === undefined ? Verbosity.INFORMATION : Verbosity[verbosity]
24
22
  }
23
+ return Verbosity.INFORMATION
25
24
  }
26
25
 
27
26
  function getName (verbosityValue) {
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/range-utils.js CHANGED
@@ -16,18 +16,17 @@ function remove (range, rangeToRemove) {
16
16
  return [range]
17
17
  } else if (contains(rangeToRemove, range)) {
18
18
  return []
19
- } else {
20
- const result = []
21
- if (rangeToRemove.start > range.start) {
22
- const offset = rangeToRemove.start - range.start
23
- result.push({ start: range.start, end: range.start + offset })
24
- }
25
- if (rangeToRemove.end < range.end) {
26
- const offset = range.end - rangeToRemove.end
27
- result.push({ start: rangeToRemove.end, end: rangeToRemove.end + offset })
28
- }
29
- return result
30
19
  }
20
+ const result = []
21
+ if (rangeToRemove.start > range.start) {
22
+ const offset = rangeToRemove.start - range.start
23
+ result.push({ start: range.start, end: range.start + offset })
24
+ }
25
+ if (rangeToRemove.end < range.end) {
26
+ const offset = range.end - rangeToRemove.end
27
+ result.push({ start: rangeToRemove.end, end: rangeToRemove.end + offset })
28
+ }
29
+ return result
31
30
  }
32
31
 
33
32
  module.exports = {
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  const log = require('../../../../../log')
4
4
 
5
- const COMMAND_PATTERN = '^(?:\\s*(?:sudo|doas)\\s+)?\\b\\S+\\b\\s(.*)'
5
+ const COMMAND_PATTERN = String.raw`^(?:\s*(?:sudo|doas)\s+)?\b\S+\b\s(.*)`
6
6
  const pattern = new RegExp(COMMAND_PATTERN, 'gmi')
7
7
 
8
8
  module.exports = function extractSensitiveRanges (evidence) {
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  const log = require('../../../../../log')
4
4
 
5
- const LDAP_PATTERN = '\\(.*?(?:~=|=|<=|>=)(?<LITERAL>[^)]+)\\)'
5
+ const LDAP_PATTERN = String.raw`\(.*?(?:~=|=|<=|>=)(?<LITERAL>[^)]+)\)`
6
6
  const pattern = new RegExp(LDAP_PATTERN, 'gmi')
7
7
 
8
8
  module.exports = function extractSensitiveRanges (evidence) {
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js CHANGED
@@ -3,13 +3,13 @@
3
3
  const log = require('../../../../../log')
4
4
 
5
5
  const STRING_LITERAL = '\'(?:\'\'|[^\'])*\''
6
- const POSTGRESQL_ESCAPED_LITERAL = '\\$([^$]*)\\$.*?\\$\\1\\$'
7
- const MYSQL_STRING_LITERAL = '"(?:\\\\"|[^"])*"|\'(?:\\\\\'|[^\'])*\''
6
+ const POSTGRESQL_ESCAPED_LITERAL = String.raw`\$([^$]*)\$.*?\$\1\$`
7
+ const MYSQL_STRING_LITERAL = String.raw`"(?:\\"|[^"])*"|'(?:\\'|[^'])*'`
8
8
  const LINE_COMMENT = '--.*$'
9
- const BLOCK_COMMENT = '/\\*[\\s\\S]*\\*/'
10
- const EXPONENT = '(?:E[-+]?\\d+[fd]?)?'
11
- const INTEGER_NUMBER = '(?<!\\w)\\d+'
12
- const DECIMAL_NUMBER = '\\d*\\.\\d+'
9
+ const BLOCK_COMMENT = String.raw`/\*[\s\S]*\*/`
10
+ const EXPONENT = String.raw`(?:E[-+]?\d+[fd]?)?`
11
+ const INTEGER_NUMBER = String.raw`(?<!\w)\d+`
12
+ const DECIMAL_NUMBER = String.raw`\d*\.\d+`
13
13
  const HEX_NUMBER = 'x\'[0-9a-f]+\'|0x[0-9a-f]+'
14
14
  const BIN_NUMBER = 'b\'[0-9a-f]+\'|0b[0-9a-f]+'
15
15
  const NUMERIC_LITERAL =
@@ -21,7 +21,7 @@ const NUMERIC_LITERAL =
21
21
  INTEGER_NUMBER + EXPONENT
22
22
  ].join('|')
23
23
  })`
24
- const ORACLE_ESCAPED_LITERAL = 'q\'<.*?>\'|q\'\\(.*?\\)\'|q\'\\{.*?\\}\'|q\'\\[.*?\\]\'|q\'(?<ESCAPE>.).*?\\k<ESCAPE>\''
24
+ const ORACLE_ESCAPED_LITERAL = String.raw`q'<.*?>'|q'\(.*?\)'|q'\{.*?\}'|q'\[.*?\]'|q'(?<ESCAPE>.).*?\k<ESCAPE>'`
25
25
 
26
26
  const patterns = {
27
27
  ANSI: new RegExp( // Default
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js CHANGED
@@ -1,4 +1,5 @@
1
1
  'use strict'
2
+ /* eslint-disable unicorn/prefer-string-slice */
2
3
 
3
4
  const log = require('../../../../log')
4
5
  const vulnerabilities = require('../../vulnerabilities')
@@ -7,7 +8,6 @@ const { contains, intersects, remove } = require('./range-utils')
7
8
 
8
9
  const commandSensitiveAnalyzer = require('./sensitive-analyzers/command-sensitive-analyzer')
9
10
  const hardcodedPasswordAnalyzer = require('./sensitive-analyzers/hardcoded-password-analyzer')
10
- const headerSensitiveAnalyzer = require('./sensitive-analyzers/header-sensitive-analyzer')
11
11
  const jsonSensitiveAnalyzer = require('./sensitive-analyzers/json-sensitive-analyzer')
12
12
  const ldapSensitiveAnalyzer = require('./sensitive-analyzers/ldap-sensitive-analyzer')
13
13
  const sqlSensitiveAnalyzer = require('./sensitive-analyzers/sql-sensitive-analyzer')
@@ -29,9 +29,6 @@ class SensitiveHandler {
29
29
  this._sensitiveAnalyzers.set(vulnerabilities.HARDCODED_PASSWORD, (evidence) => {
30
30
  return hardcodedPasswordAnalyzer(evidence, this._valuePattern)
31
31
  })
32
- this._sensitiveAnalyzers.set(vulnerabilities.HEADER_INJECTION, (evidence) => {
33
- return headerSensitiveAnalyzer(evidence, this._namePattern, this._valuePattern)
34
- })
35
32
  this._sensitiveAnalyzers.set(vulnerabilities.LDAP_INJECTION, ldapSensitiveAnalyzer)
36
33
  this._sensitiveAnalyzers.set(vulnerabilities.NOSQL_MONGODB_INJECTION, jsonSensitiveAnalyzer)
37
34
  this._sensitiveAnalyzers.set(vulnerabilities.SQL_INJECTION, sqlSensitiveAnalyzer)
@@ -82,7 +79,7 @@ class SensitiveHandler {
82
79
 
83
80
  for (let i = 0; i < value.length; i++) {
84
81
  if (nextTainted != null && nextTainted.start === i) {
85
- this.writeValuePart(valueParts, value.substring(start, i), sourceIndex)
82
+ this.writeValuePart(valueParts, value.slice(start, i), sourceIndex)
86
83
 
87
84
  sourceIndex = sourcesIndexes[nextTaintedIndex]
88
85
 
@@ -113,16 +110,14 @@ class SensitiveHandler {
113
110
  nextSensitive = entries.length > 0 ? entries[0] : null
114
111
  }
115
112
 
116
- if (this.isSensibleSource(sources[sourceIndex])) {
117
- if (!sources[sourceIndex].redacted) {
118
- redactedSources.push(sourceIndex)
119
- sources[sourceIndex].pattern = ''.padEnd(sources[sourceIndex].value.length, REDACTED_SOURCE_BUFFER)
120
- sources[sourceIndex].redacted = true
121
- }
113
+ if (this.isSensibleSource(sources[sourceIndex]) && !sources[sourceIndex].redacted) {
114
+ redactedSources.push(sourceIndex)
115
+ sources[sourceIndex].pattern = ''.padEnd(sources[sourceIndex].value.length, REDACTED_SOURCE_BUFFER)
116
+ sources[sourceIndex].redacted = true
122
117
  }
123
118
 
124
- if (redactedSources.indexOf(sourceIndex) > -1) {
125
- const partValue = value.substring(i, i + (nextTainted.end - nextTainted.start))
119
+ if (redactedSources.includes(sourceIndex)) {
120
+ const partValue = value.slice(i, i + (nextTainted.end - nextTainted.start))
126
121
  this.writeRedactedValuePart(
127
122
  valueParts,
128
123
  partValue.length,
@@ -135,7 +130,7 @@ class SensitiveHandler {
135
130
  redactedSourcesContext[sourceIndex] = []
136
131
  } else {
137
132
  const substringEnd = Math.min(nextTainted.end, value.length)
138
- this.writeValuePart(valueParts, value.substring(nextTainted.start, substringEnd), sourceIndex)
133
+ this.writeValuePart(valueParts, value.slice(nextTainted.start, substringEnd), sourceIndex)
139
134
  }
140
135
 
141
136
  start = i + (nextTainted.end - nextTainted.start)
@@ -144,7 +139,7 @@ class SensitiveHandler {
144
139
  nextTaintedIndex++
145
140
  sourceIndex = null
146
141
  } else if (nextSensitive != null && nextSensitive.start === i) {
147
- this.writeValuePart(valueParts, value.substring(start, i), sourceIndex)
142
+ this.writeValuePart(valueParts, value.slice(start, i), sourceIndex)
148
143
  if (nextTainted != null && intersects(nextSensitive, nextTainted)) {
149
144
  sourceIndex = sourcesIndexes[nextTaintedIndex]
150
145
 
@@ -171,7 +166,7 @@ class SensitiveHandler {
171
166
  }
172
167
 
173
168
  if (start < value.length) {
174
- this.writeValuePart(valueParts, value.substring(start))
169
+ this.writeValuePart(valueParts, value.slice(start))
175
170
  }
176
171
 
177
172
  return { redactedValueParts: valueParts, redactedSources }
@@ -197,10 +192,10 @@ class SensitiveHandler {
197
192
 
198
193
  writeValuePart (valueParts, value, source) {
199
194
  if (value.length > 0) {
200
- if (source != null) {
201
- valueParts.push({ value, source })
202
- } else {
195
+ if (source == null) {
203
196
  valueParts.push({ value })
197
+ } else {
198
+ valueParts.push({ value, source })
204
199
  }
205
200
  }
206
201
  }
@@ -214,7 +209,9 @@ class SensitiveHandler {
214
209
  sourceRedactionContext,
215
210
  isSensibleSource
216
211
  ) {
217
- if (sourceIndex != null) {
212
+ if (sourceIndex == null) {
213
+ valueParts.push({ redacted: true })
214
+ } else {
218
215
  const placeholder = source.value.includes(partValue)
219
216
  ? source.pattern
220
217
  : '*'.repeat(length)
@@ -252,9 +249,9 @@ class SensitiveHandler {
252
249
  _value.substring(_sourceRedactionContext.start - offset, _sourceRedactionContext.end - offset)
253
250
  const indexOfPartValueInPattern = source.value.indexOf(sensitive)
254
251
 
255
- const pattern = indexOfPartValueInPattern > -1
256
- ? placeholder.substring(indexOfPartValueInPattern, indexOfPartValueInPattern + sensitive.length)
257
- : placeholder.substring(_sourceRedactionContext.start, _sourceRedactionContext.end)
252
+ const pattern = indexOfPartValueInPattern === -1
253
+ ? placeholder.substring(_sourceRedactionContext.start, _sourceRedactionContext.end)
254
+ : placeholder.substring(indexOfPartValueInPattern, indexOfPartValueInPattern + sensitive.length)
258
255
 
259
256
  valueParts.push({
260
257
  redacted: true,
@@ -262,7 +259,7 @@ class SensitiveHandler {
262
259
  pattern
263
260
  })
264
261
 
265
- _value = _value.substring(pattern.length)
262
+ _value = _value.slice(pattern.length)
266
263
  offset += pattern.length
267
264
  })
268
265
 
@@ -273,8 +270,6 @@ class SensitiveHandler {
273
270
  })
274
271
  }
275
272
  }
276
- } else {
277
- valueParts.push({ redacted: true })
278
273
  }
279
274
  }
280
275
 
@@ -282,7 +277,7 @@ class SensitiveHandler {
282
277
  if (redactionNamePattern) {
283
278
  try {
284
279
  this._namePattern = new RegExp(redactionNamePattern, 'gmi')
285
- } catch (e) {
280
+ } catch {
286
281
  log.warn('[ASM] Redaction name pattern is not valid')
287
282
  }
288
283
  }
@@ -290,7 +285,7 @@ class SensitiveHandler {
290
285
  if (redactionValuePattern) {
291
286
  try {
292
287
  this._valuePattern = new RegExp(redactionValuePattern, 'gmi')
293
- } catch (e) {
288
+ } catch {
294
289
  log.warn('[ASM] Redaction value pattern is not valid')
295
290
  }
296
291
  }
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js CHANGED
@@ -1,7 +1,7 @@
1
- // eslint-disable-next-line @stylistic/js/max-len
1
+ // eslint-disable-next-line @stylistic/max-len
2
2
  const DEFAULT_IAST_REDACTION_NAME_PATTERN = '(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|(?:sur|last)name|user(?:name)?|address|e?mail)'
3
- // eslint-disable-next-line @stylistic/js/max-len
4
- const DEFAULT_IAST_REDACTION_VALUE_PATTERN = '(?:bearer\\s+[a-z0-9\\._\\-]+|glpat-[\\w\\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\\w=\\-]+\\.ey[I-L][\\w=\\-]+(?:\\.[\\w.+/=\\-]+)?|(?:[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY[\\-]{5}|ssh-rsa\\s*[a-z0-9/\\.+]{100,})|[\\w\\.-]+@[a-zA-Z\\d\\.-]+\\.[a-zA-Z]{2,})'
3
+ // eslint-disable-next-line @stylistic/max-len
4
+ const DEFAULT_IAST_REDACTION_VALUE_PATTERN = String.raw`(?:bearer\s+[a-z0-9\._\-]+|glpat-[\w\-]{20}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L][\w=\-]+\.ey[I-L][\w=\-]+(?:\.[\w.+/=\-]+)?|(?:[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}[^\-]+[\-]{5}END[a-z\s]+PRIVATE\sKEY[\-]{5}|ssh-rsa\s*[a-z0-9/\.+]{100,})|[\w\.-]+@[a-zA-Z\d\.-]+\.[a-zA-Z]{2,})`
5
5
 
6
6
  module.exports = {
7
7
  DEFAULT_IAST_REDACTION_NAME_PATTERN,
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js CHANGED
@@ -57,14 +57,14 @@ class VulnerabilityFormatter {
57
57
 
58
58
  evidence.ranges.forEach((range, rangeIndex) => {
59
59
  if (fromIndex < range.start) {
60
- valueParts.push({ value: evidence.value.substring(fromIndex, range.start) })
60
+ valueParts.push({ value: evidence.value.slice(fromIndex, range.start) })
61
61
  }
62
- valueParts.push({ value: evidence.value.substring(range.start, range.end), source: sourcesIndexes[rangeIndex] })
62
+ valueParts.push({ value: evidence.value.slice(range.start, range.end), source: sourcesIndexes[rangeIndex] })
63
63
  fromIndex = range.end
64
64
  })
65
65
 
66
66
  if (fromIndex < evidence.value.length) {
67
- valueParts.push({ value: evidence.value.substring(fromIndex) })
67
+ valueParts.push({ value: evidence.value.slice(fromIndex) })
68
68
  }
69
69
 
70
70
  return { valueParts }
@@ -72,7 +72,7 @@ class VulnerabilityFormatter {
72
72
 
73
73
  formatEvidence (type, evidence, sourcesIndexes, sources) {
74
74
  if (evidence.value === undefined) {
75
- return undefined
75
+ return
76
76
  }
77
77
 
78
78
  return this._redactVulnearbilities
package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js CHANGED
@@ -7,7 +7,7 @@ const STRINGIFY_RANGE_KEY = 'DD_' + crypto.randomBytes(20).toString('hex')
7
7
  const STRINGIFY_SENSITIVE_KEY = STRINGIFY_RANGE_KEY + 'SENSITIVE'
8
8
  const STRINGIFY_SENSITIVE_NOT_STRING_KEY = STRINGIFY_SENSITIVE_KEY + 'NOTSTRING'
9
9
 
10
- // eslint-disable-next-line @stylistic/js/max-len
10
+ // eslint-disable-next-line @stylistic/max-len
11
11
  const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(`(?:"(${STRINGIFY_RANGE_KEY}_\\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\\d+_(\\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\\d+_([\\s0-9.a-zA-Z]*)")`, 'gm')
12
12
  const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(`"(${STRINGIFY_RANGE_KEY}_\\d+_)`, 'gm')
13
13
 
@@ -99,22 +99,17 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
99
99
  } else {
100
100
  currentLevelClone[key] = val
101
101
  }
102
- } else if (Array.isArray(val)) {
103
- currentLevelClone[key] = []
104
102
  } else {
105
- currentLevelClone[key] = {}
103
+ currentLevelClone[key] = Array.isArray(val) ? [] : {}
106
104
  }
107
105
  })
108
106
 
109
107
  value = JSON.stringify(cloneObj, null, 2)
110
108
 
111
109
  if (counter > 0) {
112
- let keysRegex
113
- if (loadSensitiveRanges) {
114
- keysRegex = KEYS_REGEX_WITH_SENSITIVE_RANGES
115
- } else {
116
- keysRegex = KEYS_REGEX_WITHOUT_SENSITIVE_RANGES
117
- }
110
+ const keysRegex = loadSensitiveRanges
111
+ ? KEYS_REGEX_WITH_SENSITIVE_RANGES
112
+ : KEYS_REGEX_WITHOUT_SENSITIVE_RANGES
118
113
  keysRegex.lastIndex = 0
119
114
 
120
115
  let regexRes = keysRegex.exec(value)
@@ -141,7 +136,7 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
141
136
 
142
137
  sensitiveRanges.push({
143
138
  start: offset,
144
- end: offset + parseInt(regexRes[3])
139
+ end: offset + Number.parseInt(regexRes[3])
145
140
  })
146
141
 
147
142
  value = value.replace(sensitiveId, '')
package/packages/dd-trace/src/appsec/iast/vulnerabilities.js CHANGED
@@ -3,7 +3,6 @@ module.exports = {
3
3
  CODE_INJECTION: 'CODE_INJECTION',
4
4
  HARDCODED_PASSWORD: 'HARDCODED_PASSWORD',
5
5
  HARDCODED_SECRET: 'HARDCODED_SECRET',
6
- HEADER_INJECTION: 'HEADER_INJECTION',
7
6
  HSTS_HEADER_MISSING: 'HSTS_HEADER_MISSING',
8
7
  INSECURE_COOKIE: 'INSECURE_COOKIE',
9
8
  LDAP_INJECTION: 'LDAP_INJECTION',
package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED
@@ -79,17 +79,15 @@ function isValidVulnerability (vulnerability) {
79
79
  }
80
80
 
81
81
  function sendVulnerabilities (vulnerabilities, span) {
82
- if (vulnerabilities && vulnerabilities.length) {
83
- if (span && span.addTags) {
84
- const validatedVulnerabilities = vulnerabilities.filter(isValidVulnerability)
85
- const jsonToSend = vulnerabilitiesFormatter.toJson(validatedVulnerabilities)
86
-
87
- if (jsonToSend.vulnerabilities.length > 0) {
88
- const tags = {}
89
- // TODO: Store this outside of the span and set the tag in the exporter.
90
- tags[IAST_JSON_TAG_KEY] = JSON.stringify(jsonToSend)
91
- span.addTags(tags)
92
- }
82
+ if (vulnerabilities?.length && span?.addTags) {
83
+ const validatedVulnerabilities = vulnerabilities.filter(isValidVulnerability)
84
+ const jsonToSend = vulnerabilitiesFormatter.toJson(validatedVulnerabilities)
85
+
86
+ if (jsonToSend.vulnerabilities.length > 0) {
87
+ const tags = {}
88
+ // TODO: Store this outside of the span and set the tag in the exporter.
89
+ tags[IAST_JSON_TAG_KEY] = JSON.stringify(jsonToSend)
90
+ span.addTags(tags)
93
91
  }
94
92
  }
95
93
  return IAST_JSON_TAG_KEY
package/packages/dd-trace/src/appsec/index.js CHANGED
@@ -45,7 +45,7 @@ function enable (_config) {
45
45
  if (isEnabled) return
46
46
 
47
47
  try {
48
- appsecTelemetry.enable(_config.telemetry)
48
+ appsecTelemetry.enable(_config)
49
49
  graphql.enable()
50
50
 
51
51
  if (_config.appsec.rasp.enabled) {
@@ -58,7 +58,7 @@ function enable (_config) {
58
58
 
59
59
  remoteConfig.enableWafUpdate(_config.appsec)
60
60
 
61
- Reporter.setRateLimit(_config.appsec.rateLimit)
61
+ Reporter.init(_config.appsec)
62
62
 
63
63
  apiSecuritySampler.configure(_config)
64
64
 
@@ -139,7 +139,7 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
139
139
  [HTTP_CLIENT_IP]: clientIp
140
140
  })
141
141
 
142
- const requestHeaders = Object.assign({}, req.headers)
142
+ const requestHeaders = { ...req.headers }
143
143
  delete requestHeaders.cookie
144
144
 
145
145
  const persistent = {
@@ -299,12 +299,12 @@ function onResponseWriteHead ({ req, res, abortController, statusCode, responseH
299
299
  const rootSpan = web.root(req)
300
300
  if (!rootSpan) return
301
301
 
302
- responseHeaders = Object.assign({}, responseHeaders)
302
+ responseHeaders = { ...responseHeaders }
303
303
  delete responseHeaders['set-cookie']
304
304
 
305
305
  const results = waf.run({
306
306
  persistent: {
307
- [addresses.HTTP_INCOMING_RESPONSE_CODE]: '' + statusCode,
307
+ [addresses.HTTP_INCOMING_RESPONSE_CODE]: String(statusCode),
308
308
  [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders
309
309
  }
310
310
  }, req)
package/packages/dd-trace/src/appsec/rasp/index.js CHANGED
@@ -22,8 +22,8 @@ function removeAllListeners (emitter, event) {
22
22
  }
23
23
  cleaned = true
24
24
 
25
- for (let i = 0; i < listeners.length; ++i) {
26
- emitter.on(event, listeners[i])
25
+ for (const listener of listeners) {
26
+ emitter.on(event, listener)
27
27
  }
28
28
  }
29
29
  }
@@ -41,19 +41,7 @@ function findDatadogRaspAbortError (err, deep = 10) {
41
41
  function handleUncaughtExceptionMonitor (error) {
42
42
  if (!blockOnDatadogRaspAbortError({ error })) return
43
43
 
44
- if (!process.hasUncaughtExceptionCaptureCallback()) {
45
- const cleanUp = removeAllListeners(process, 'uncaughtException')
46
- const handler = () => {
47
- process.removeListener('uncaughtException', handler)
48
- }
49
-
50
- setTimeout(() => {
51
- process.removeListener('uncaughtException', handler)
52
- cleanUp()
53
- })
54
-
55
- process.on('uncaughtException', handler)
56
- } else {
44
+ if (process.hasUncaughtExceptionCaptureCallback()) {
57
45
  // uncaughtException event is not executed when hasUncaughtExceptionCaptureCallback is true
58
46
  let previousCb
59
47
  const cb = ({ currentCallback, abortController }) => {
@@ -78,6 +66,18 @@ function handleUncaughtExceptionMonitor (error) {
78
66
  process.setUncaughtExceptionCaptureCallback(previousCb)
79
67
  })
80
68
  }
69
+ } else {
70
+ const cleanUp = removeAllListeners(process, 'uncaughtException')
71
+ const handler = () => {
72
+ process.removeListener('uncaughtException', handler)
73
+ }
74
+
75
+ setTimeout(() => {
76
+ process.removeListener('uncaughtException', handler)
77
+ cleanUp()
78
+ })
79
+
80
+ process.on('uncaughtException', handler)
81
81
  }
82
82
  }
83
83
 
package/packages/dd-trace/src/appsec/rasp/lfi.js CHANGED
@@ -88,6 +88,7 @@ function pathToStr (path) {
88
88
  if (!path) return
89
89
 
90
90
  if (typeof path === 'string' ||
91
+ // eslint-disable-next-line unicorn/no-instanceof-builtins
91
92
  path instanceof String ||
92
93
  path instanceof Buffer ||
93
94
  path instanceof URL) {
@@ -104,7 +105,7 @@ function shouldAnalyze (path, fs) {
104
105
 
105
106
  function shouldAnalyzeURLFile (path, fs) {
106
107
  if (path.startsWith('file://')) {
107
- return shouldAnalyze(path.substring(7), fs)
108
+ return shouldAnalyze(path.slice(7), fs)
108
109
  }
109
110
  }
110
111