dd-trace 5.6.0 → 5.7.0

package/index.d.ts

@@ -1624,6 +1624,10 @@ declare namespace tracer {
        * The service name to be used for this plugin. If a function is used, it will be passed the connection parameters and its return value will be used as the service name.
        */
       service?: string | ((params: any) => string);
+      /**
+       * The database monitoring propagation mode to be used for this plugin.
+       */
+      dbmPropagationMode?: string;
     }
 
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.6.0",
+  "version": "5.7.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -70,7 +70,7 @@
   },
   "dependencies": {
     "@datadog/native-appsec": "7.1.0",
-    "@datadog/native-iast-rewriter": "2.2.3",
+    "@datadog/native-iast-rewriter": "2.3.0",
     "@datadog/native-iast-taint-tracking": "1.7.0",
     "@datadog/native-metrics": "^2.0.0",
     "@datadog/pprof": "5.1.0",

package/packages/datadog-plugin-cucumber/src/index.js

@@ -18,7 +18,7 @@ const {
   TEST_SOURCE_FILE,
   TEST_EARLY_FLAKE_IS_ENABLED,
   TEST_IS_NEW,
-  TEST_EARLY_FLAKE_IS_RETRY
+  TEST_IS_RETRY
 } = require('../../dd-trace/src/plugins/util/test')
 const { RESOURCE_NAME } = require('../../../ext/tags')
 const { COMPONENT, ERROR_MESSAGE } = require('../../dd-trace/src/constants')
@@ -181,7 +181,7 @@ class CucumberPlugin extends CiPlugin {
       if (isNew) {
         span.setTag(TEST_IS_NEW, 'true')
         if (isEfdRetry) {
-          span.setTag(TEST_EARLY_FLAKE_IS_RETRY, 'true')
+          span.setTag(TEST_IS_RETRY, 'true')
         }
       }
 

package/packages/datadog-plugin-cypress/src/cypress-plugin.js

@@ -27,7 +27,7 @@ const {
   ITR_CORRELATION_ID,
   TEST_SOURCE_FILE,
   TEST_IS_NEW,
-  TEST_EARLY_FLAKE_IS_RETRY,
+  TEST_IS_RETRY,
   TEST_EARLY_FLAKE_IS_ENABLED
 } = require('../../dd-trace/src/plugins/util/test')
 const { isMarkedAsUnskippable } = require('../../datadog-plugin-jest/src/util')
@@ -592,7 +592,7 @@ class CypressPlugin {
           if (isNew) {
             this.activeTestSpan.setTag(TEST_IS_NEW, 'true')
             if (isEfdRetry) {
-              this.activeTestSpan.setTag(TEST_EARLY_FLAKE_IS_RETRY, 'true')
+              this.activeTestSpan.setTag(TEST_IS_RETRY, 'true')
             }
           }
           const finishedTest = {

package/packages/datadog-plugin-jest/src/index.js

@@ -17,7 +17,7 @@ const {
   ITR_CORRELATION_ID,
   TEST_SOURCE_FILE,
   TEST_IS_NEW,
-  TEST_EARLY_FLAKE_IS_RETRY,
+  TEST_IS_RETRY,
   TEST_EARLY_FLAKE_IS_ENABLED,
   JEST_DISPLAY_NAME
 } = require('../../dd-trace/src/plugins/util/test')
@@ -339,7 +339,7 @@ class JestPlugin extends CiPlugin {
     if (isNew) {
       extraTags[TEST_IS_NEW] = 'true'
       if (isEfdRetry) {
-        extraTags[TEST_EARLY_FLAKE_IS_RETRY] = 'true'
+        extraTags[TEST_IS_RETRY] = 'true'
       }
     }
 

package/packages/datadog-plugin-mocha/src/index.js

@@ -19,7 +19,7 @@ const {
   TEST_SOURCE_FILE,
   removeEfdStringFromTestName,
   TEST_IS_NEW,
-  TEST_EARLY_FLAKE_IS_RETRY,
+  TEST_IS_RETRY,
   TEST_EARLY_FLAKE_IS_ENABLED
 } = require('../../dd-trace/src/plugins/util/test')
 const { COMPONENT } = require('../../dd-trace/src/constants')
@@ -270,7 +270,7 @@ class MochaPlugin extends CiPlugin {
     if (isNew) {
       extraTags[TEST_IS_NEW] = 'true'
       if (isEfdRetry) {
-        extraTags[TEST_EARLY_FLAKE_IS_RETRY] = 'true'
+        extraTags[TEST_IS_RETRY] = 'true'
       }
     }
 

package/packages/dd-trace/src/appsec/iast/iast-plugin.js

@@ -5,7 +5,8 @@ const { channel } = require('dc-polyfill')
 const iastLog = require('./iast-log')
 const Plugin = require('../../plugins/plugin')
 const iastTelemetry = require('./telemetry')
-const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE } = require('./telemetry/iast-metric')
+const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, formatTags } =
+  require('./telemetry/iast-metric')
 const { storage } = require('../../../../datadog-core')
 const { getIastContext } = require('./iast-context')
 const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
@@ -20,25 +21,29 @@ const instrumentations = require('../../../../datadog-instrumentations/src/helpe
  * - tagKey can be only SOURCE_TYPE (Source) or VULNERABILITY_TYPE (Sink)
  */
 class IastPluginSubscription {
-  constructor (moduleName, channelName, tag, tagKey = TagKey.VULNERABILITY_TYPE) {
+  constructor (moduleName, channelName, tagValues, tagKey = TagKey.VULNERABILITY_TYPE) {
     this.moduleName = moduleName
     this.channelName = channelName
-    this.tag = tag
-    this.tagKey = tagKey
-    this.executedMetric = getExecutedMetric(this.tagKey)
-    this.instrumentedMetric = getInstrumentedMetric(this.tagKey)
+
+    tagValues = Array.isArray(tagValues) ? tagValues : [tagValues]
+    this.tags = formatTags(tagValues, tagKey)
+
+    this.executedMetric = getExecutedMetric(tagKey)
+    this.instrumentedMetric = getInstrumentedMetric(tagKey)
+
     this.moduleInstrumented = false
   }
 
   increaseInstrumented () {
-    if (this.moduleInstrumented) return
+    if (!this.moduleInstrumented) {
+      this.moduleInstrumented = true
 
-    this.moduleInstrumented = true
-    this.instrumentedMetric.inc(this.tag)
+      this.tags.forEach(tag => this.instrumentedMetric.inc(undefined, tag))
+    }
   }
 
   increaseExecuted (iastContext) {
-    this.executedMetric.inc(this.tag, iastContext)
+    this.tags.forEach(tag => this.executedMetric.inc(iastContext, tag))
   }
 
   matchesModuleInstrumented (name) {
@@ -76,10 +81,16 @@ class IastPlugin extends Plugin {
     }
   }
 
-  _execHandlerAndIncMetric ({ handler, metric, tag, iastContext = getIastContext(storage.getStore()) }) {
+  _execHandlerAndIncMetric ({ handler, metric, tags, iastContext = getIastContext(storage.getStore()) }) {
     try {
       const result = handler()
-      iastTelemetry.isEnabled() && metric.inc(tag, iastContext)
+      if (iastTelemetry.isEnabled()) {
+        if (Array.isArray(tags)) {
+          tags.forEach(tag => metric.inc(iastContext, tag))
+        } else {
+          metric.inc(iastContext, tags)
+        }
+      }
       return result
     } catch (e) {
       iastLog.errorAndPublish(e)

package/packages/dd-trace/src/appsec/iast/path-line.js

@@ -29,13 +29,16 @@ function getCallSiteInfo () {
   const previousStackTraceLimit = Error.stackTraceLimit
   let callsiteList
   Error.stackTraceLimit = 100
-  Error.prepareStackTrace = function (_, callsites) {
-    callsiteList = callsites
+  try {
+    Error.prepareStackTrace = function (_, callsites) {
+      callsiteList = callsites
+    }
+    const e = new Error()
+    e.stack
+  } finally {
+    Error.prepareStackTrace = previousPrepareStackTrace
+    Error.stackTraceLimit = previousStackTraceLimit
   }
-  const e = new Error()
-  e.stack
-  Error.prepareStackTrace = previousPrepareStackTrace
-  Error.stackTraceLimit = previousStackTraceLimit
   return callsiteList
 }
 

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js

@@ -19,7 +19,7 @@ let onRemoveTransaction = (transactionId, iastContext) => {}
 function onRemoveTransactionInformationTelemetry (transactionId, iastContext) {
   const metrics = TaintedUtils.getMetrics(transactionId, iastTelemetry.verbosity)
   if (metrics?.requestCount) {
-    REQUEST_TAINTED.add(metrics.requestCount, null, iastContext)
+    REQUEST_TAINTED.inc(iastContext, metrics.requestCount)
   }
 }
 

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js

@@ -14,6 +14,10 @@ const {
   HTTP_REQUEST_PATH_PARAM,
   HTTP_REQUEST_URI
 } = require('./source-types')
+const { EXECUTED_SOURCE } = require('../telemetry/iast-metric')
+
+const REQ_HEADER_TAGS = EXECUTED_SOURCE.formatTags(HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME)
+const REQ_URI_TAGS = EXECUTED_SOURCE.formatTags(HTTP_REQUEST_URI)
 
 class TaintTrackingPlugin extends SourceIastPlugin {
   constructor () {
@@ -97,7 +101,7 @@ class TaintTrackingPlugin extends SourceIastPlugin {
   taintHeaders (headers, iastContext) {
     this.execSource({
       handler: () => taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE, true, HTTP_REQUEST_HEADER_NAME),
-      tag: [HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME],
+      tags: REQ_HEADER_TAGS,
       iastContext
     })
   }
@@ -107,7 +111,7 @@ class TaintTrackingPlugin extends SourceIastPlugin {
       handler: function () {
         req.url = newTaintedString(iastContext, req.url, HTTP_REQUEST_URI, HTTP_REQUEST_URI)
       },
-      tag: [HTTP_REQUEST_URI],
+      tags: REQ_URI_TAGS,
       iastContext
     })
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter-telemetry.js

@@ -14,7 +14,7 @@ const telemetryRewriter = {
 
     const metrics = response.metrics
     if (metrics && metrics.instrumentedPropagation) {
-      INSTRUMENTED_PROPAGATION.add(metrics.instrumentedPropagation)
+      INSTRUMENTED_PROPAGATION.inc(undefined, metrics.instrumentedPropagation)
     }
 
     return response

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js

@@ -12,6 +12,7 @@ const dc = require('dc-polyfill')
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter
 let getPrepareStackTrace
+let kSymbolPrepareStackTrace
 
 let getRewriterOriginalPathAndLineFromSourceMap = function (path, line, column) {
   return { path, line, column }
@@ -44,6 +45,7 @@ function getRewriter (telemetryVerbosity) {
       const iastRewriter = require('@datadog/native-iast-rewriter')
       const Rewriter = iastRewriter.Rewriter
       getPrepareStackTrace = iastRewriter.getPrepareStackTrace
+      kSymbolPrepareStackTrace = iastRewriter.kSymbolPrepareStackTrace
 
       const chainSourceMap = isFlagPresent('--enable-source-maps')
       const getOriginalPathAndLineFromSourceMap = iastRewriter.getOriginalPathAndLineFromSourceMap
@@ -66,17 +68,16 @@ function getRewriter (telemetryVerbosity) {
 }
 
 let originalPrepareStackTrace
-let actualPrepareStackTrace
 function getPrepareStackTraceAccessor () {
   originalPrepareStackTrace = Error.prepareStackTrace
-  actualPrepareStackTrace = getPrepareStackTrace(originalPrepareStackTrace)
+  let actual = getPrepareStackTrace(originalPrepareStackTrace)
   return {
     configurable: true,
     get () {
-      return actualPrepareStackTrace
+      return actual
     },
     set (value) {
-      actualPrepareStackTrace = getPrepareStackTrace(value)
+      actual = getPrepareStackTrace(value)
       originalPrepareStackTrace = value
     }
   }
@@ -124,14 +125,12 @@ function enableRewriter (telemetryVerbosity) {
 function disableRewriter () {
   shimmer.unwrap(Module.prototype, '_compile')
 
-  if (!actualPrepareStackTrace) return
+  if (!Error.prepareStackTrace?.[kSymbolPrepareStackTrace]) return
 
   try {
     delete Error.prepareStackTrace
 
     Error.prepareStackTrace = originalPrepareStackTrace
-
-    actualPrepareStackTrace = undefined
   } catch (e) {
     iastLog.warn(e)
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js

@@ -40,7 +40,7 @@ function getContextDefault () {
 
 function getContextDebug () {
   const iastContext = getContextDefault()
-  EXECUTED_PROPAGATION.inc(null, iastContext)
+  EXECUTED_PROPAGATION.inc(iastContext)
   return iastContext
 }
 

package/packages/dd-trace/src/appsec/iast/telemetry/iast-metric.js

@@ -19,6 +19,19 @@ const TagKey = {
   PROPAGATION_TYPE: 'propagation_type'
 }
 
+function formatTags (tags, tagKey) {
+  return tags.map(tagValue => tagValue ? [`${tagKey}:${tagValue.toLowerCase()}`] : undefined)
+}
+
+function getNamespace (scope, context) {
+  let namespace = globalNamespace
+
+  if (scope === Scope.REQUEST) {
+    namespace = getNamespaceFromContext(context) || globalNamespace
+  }
+  return namespace
+}
+
 class IastMetric {
   constructor (name, scope, tagKey) {
     this.name = name
@@ -26,30 +39,26 @@ class IastMetric {
     this.tagKey = tagKey
   }
 
-  getNamespace (context) {
-    return getNamespaceFromContext(context) || globalNamespace
+  formatTags (...tags) {
+    return formatTags(tags, this.tagKey)
   }
 
-  getTag (tagValue) {
-    return tagValue ? { [this.tagKey]: tagValue } : undefined
+  inc (context, tags, value = 1) {
+    const namespace = getNamespace(this.scope, context)
+    namespace.count(this.name, tags).inc(value)
   }
+}
 
-  addValue (value, tagValue, context) {
-    this.getNamespace(context)
-      .count(this.name, this.getTag(tagValue))
-      .inc(value)
-  }
+class NoTaggedIastMetric extends IastMetric {
+  constructor (name, scope) {
+    super(name, scope)
 
-  add (value, tagValue, context) {
-    if (Array.isArray(tagValue)) {
-      tagValue.forEach(tag => this.addValue(value, tag, context))
-    } else {
-      this.addValue(value, tagValue, context)
-    }
+    this.tags = []
   }
 
-  inc (tagValue, context) {
-    this.add(1, tagValue, context)
+  inc (context, value = 1) {
+    const namespace = getNamespace(this.scope, context)
+    namespace.count(this.name, this.tags).inc(value)
   }
 }
 
@@ -61,21 +70,18 @@ function getInstrumentedMetric (tagKey) {
   return tagKey === TagKey.VULNERABILITY_TYPE ? INSTRUMENTED_SINK : INSTRUMENTED_SOURCE
 }
 
-const INSTRUMENTED_PROPAGATION = new IastMetric('instrumented.propagation', Scope.GLOBAL)
+const INSTRUMENTED_PROPAGATION = new NoTaggedIastMetric('instrumented.propagation', Scope.GLOBAL)
 const INSTRUMENTED_SOURCE = new IastMetric('instrumented.source', Scope.GLOBAL, TagKey.SOURCE_TYPE)
 const INSTRUMENTED_SINK = new IastMetric('instrumented.sink', Scope.GLOBAL, TagKey.VULNERABILITY_TYPE)
 
 const EXECUTED_SOURCE = new IastMetric('executed.source', Scope.REQUEST, TagKey.SOURCE_TYPE)
 const EXECUTED_SINK = new IastMetric('executed.sink', Scope.REQUEST, TagKey.VULNERABILITY_TYPE)
 
-const REQUEST_TAINTED = new IastMetric('request.tainted', Scope.REQUEST)
+const REQUEST_TAINTED = new NoTaggedIastMetric('request.tainted', Scope.REQUEST)
 
 // DEBUG using metrics
-const EXECUTED_PROPAGATION = new IastMetric('executed.propagation', Scope.REQUEST)
-const EXECUTED_TAINTED = new IastMetric('executed.tainted', Scope.REQUEST)
-
-// DEBUG using distribution endpoint
-const INSTRUMENTATION_TIME = new IastMetric('instrumentation.time', Scope.GLOBAL)
+const EXECUTED_PROPAGATION = new NoTaggedIastMetric('executed.propagation', Scope.REQUEST)
+const EXECUTED_TAINTED = new NoTaggedIastMetric('executed.tainted', Scope.REQUEST)
 
 module.exports = {
   INSTRUMENTED_PROPAGATION,
@@ -89,13 +95,14 @@ module.exports = {
 
   REQUEST_TAINTED,
 
-  INSTRUMENTATION_TIME,
-
   PropagationType,
   TagKey,
 
   IastMetric,
+  NoTaggedIastMetric,
 
   getExecutedMetric,
-  getInstrumentedMetric
+  getInstrumentedMetric,
+
+  formatTags
 }

package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js

@@ -10,13 +10,13 @@ const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')
 function initRequestNamespace (context) {
   if (!context) return
 
-  const namespace = new Namespace('iast')
+  const namespace = new IastNamespace()
   context[DD_IAST_METRICS_NAMESPACE] = namespace
   return namespace
 }
 
 function getNamespaceFromContext (context) {
-  return context && context[DD_IAST_METRICS_NAMESPACE]
+  return context?.[DD_IAST_METRICS_NAMESPACE]
 }
 
 function finalizeRequestNamespace (context, rootSpan) {
@@ -40,11 +40,14 @@ function finalizeRequestNamespace (context, rootSpan) {
 }
 
 function merge (metrics) {
-  metrics.forEach(metric => metric.points.forEach(point => {
-    globalNamespace
-      .count(metric.metric, getTagsObject(metric.tags))
-      .inc(point[1])
-  }))
+  metrics.forEach(metric => {
+    const { metric: metricName, type, tags, points } = metric
+
+    if (points?.length && type === 'count') {
+      const gMetric = globalNamespace.count(metricName, getTagsObject(tags))
+      points.forEach(point => gMetric.inc(point[1]))
+    }
+  })
 }
 
 function getTagsObject (tags) {
@@ -56,11 +59,34 @@ function getTagsObject (tags) {
 class IastNamespace extends Namespace {
   constructor () {
     super('iast')
+
+    this.iastMetrics = new Map()
   }
 
-  reset () {
-    this.metrics.clear()
-    this.distributions.clear()
+  getIastMetrics (name) {
+    let metrics = this.iastMetrics.get(name)
+    if (!metrics) {
+      metrics = new Map()
+      this.iastMetrics.set(name, metrics)
+    }
+
+    return metrics
+  }
+
+  getMetric (name, tags, type = 'count') {
+    const metrics = this.getIastMetrics(name)
+
+    let metric = metrics.get(tags)
+    if (!metric) {
+      metric = super[type](name, Array.isArray(tags) ? [...tags] : tags)
+      metrics.set(tags, metric)
+    }
+
+    return metric
+  }
+
+  count (name, tags) {
+    return this.getMetric(name, tags, 'count')
   }
 }
 
@@ -72,5 +98,7 @@ module.exports = {
   finalizeRequestNamespace,
   globalNamespace,
 
-  DD_IAST_METRICS_NAMESPACE
+  DD_IAST_METRICS_NAMESPACE,
+
+  IastNamespace
 }

package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js

@@ -1,11 +1,11 @@
 'use strict'
 
 function addMetricsToSpan (rootSpan, metrics, tagPrefix) {
-  if (!rootSpan || !rootSpan.addTags || !metrics) return
+  if (!rootSpan?.addTags || !metrics) return
 
   const flattenMap = new Map()
   metrics
-    .filter(data => data && data.metric)
+    .filter(data => data?.metric)
     .forEach(data => {
       const name = taggedMetricName(data)
       let total = flattenMap.get(name)
@@ -27,19 +27,20 @@ function addMetricsToSpan (rootSpan, metrics, tagPrefix) {
 }
 
 function flatten (metricData) {
-  return metricData.points && metricData.points.map(point => point[1]).reduce((total, value) => total + value, 0)
+  const { points } = metricData
+  return points ? points.map(point => point[1]).reduce((total, value) => total + value, 0) : 0
 }
 
 function taggedMetricName (data) {
   const metric = data.metric
-  const tags = data.tags && filterTags(data.tags)
-  return !tags || !tags.length
+  const tags = filterTags(data.tags)
+  return !tags?.length
     ? metric
     : `${metric}.${processTagValue(tags)}`
 }
 
 function filterTags (tags) {
-  return tags.filter(tag => !tag.startsWith('lib_language') && !tag.startsWith('version'))
+  return tags?.filter(tag => !tag.startsWith('lib_language') && !tag.startsWith('version'))
 }
 
 function processTagValue (tags) {

package/packages/dd-trace/src/appsec/reporter.js

@@ -17,25 +17,35 @@ let limiter = new Limiter(100)
 
 const metricsQueue = new Map()
 
+// following header lists are ordered in the same way the spec orders them, it doesn't matter but it's easier to compare
 const contentHeaderList = [
-  'content-encoding',
-  'content-language',
   'content-length',
-  'content-type'
+  'content-type',
+  'content-encoding',
+  'content-language'
 ]
 
 const REQUEST_HEADERS_MAP = mapHeaderAndTags([
-  'accept',
-  'accept-encoding',
-  'accept-language',
-  'host',
+  ...ipHeaderList,
   'forwarded',
-  'user-agent',
   'via',
-  'x-amzn-trace-id',
+  ...contentHeaderList,
+  'host',
+  'user-agent',
+  'accept',
+  'accept-encoding',
+  'accept-language'
+], 'http.request.headers.')
 
-  ...ipHeaderList,
-  ...contentHeaderList
+const IDENTIFICATION_HEADERS_MAP = mapHeaderAndTags([
+  'x-amzn-trace-id',
+  'cloudfront-viewer-ja3-fingerprint',
+  'cf-ray',
+  'x-cloud-trace-context',
+  'x-appgw-trace-id',
+  'x-sigsci-requestid',
+  'x-sigsci-tags',
+  'akamai-user-risk'
 ], 'http.request.headers.')
 
 const RESPONSE_HEADERS_MAP = mapHeaderAndTags(contentHeaderList, 'http.response.headers.')
@@ -171,6 +181,9 @@ function finishRequest (req, res) {
 
   incrementWafRequestsMetric(req)
 
+  // collect some headers even when no attack is detected
+  rootSpan.addTags(filterHeaders(req.headers, IDENTIFICATION_HEADERS_MAP))
+
   if (!rootSpan.context()._tags['appsec.event']) return
 
   const newTags = filterHeaders(res.getHeaders(), RESPONSE_HEADERS_MAP)

package/packages/dd-trace/src/ci-visibility/exporters/agent-proxy/index.js

@@ -38,10 +38,15 @@ class AgentProxyCiVisibilityExporter extends CiVisibilityExporter {
 
     this.getAgentInfo((err, agentInfo) => {
       this._isInitialized = true
-      const latestEvpProxyVersion = getLatestEvpProxyVersion(err, agentInfo)
+      let latestEvpProxyVersion = getLatestEvpProxyVersion(err, agentInfo)
       const isEvpCompatible = latestEvpProxyVersion >= 2
       const isGzipCompatible = latestEvpProxyVersion >= 4
 
+      // v3 does not work well citestcycle, so we downgrade to v2
+      if (latestEvpProxyVersion === 3) {
+        latestEvpProxyVersion = 2
+      }
+
       const evpProxyPrefix = `${AGENT_EVP_PROXY_PATH_PREFIX}${latestEvpProxyVersion}`
       if (isEvpCompatible) {
         this._isUsingEvpProxy = true

package/packages/dd-trace/src/lambda/runtime/ritm.js

@@ -87,7 +87,7 @@ const registerLambdaHook = () => {
   const lambdaTaskRoot = process.env.LAMBDA_TASK_ROOT
   const originalLambdaHandler = process.env.DD_LAMBDA_HANDLER
 
-  if (originalLambdaHandler !== undefined) {
+  if (originalLambdaHandler !== undefined && lambdaTaskRoot !== undefined) {
     const [moduleRoot, moduleAndHandler] = _extractModuleRootAndHandler(originalLambdaHandler)
     const [_module] = _extractModuleNameAndHandlerPath(moduleAndHandler)