dd-trace 5.61.1 → 5.63.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -5
- package/package.json +2 -2
- package/packages/datadog-instrumentations/src/ai.js +140 -0
- package/packages/datadog-instrumentations/src/apollo-server.js +50 -8
- package/packages/datadog-instrumentations/src/aws-sdk.js +49 -60
- package/packages/datadog-instrumentations/src/couchbase.js +102 -65
- package/packages/datadog-instrumentations/src/fastify.js +61 -55
- package/packages/datadog-instrumentations/src/graphql.js +90 -122
- package/packages/datadog-instrumentations/src/helpers/hooks.js +1 -0
- package/packages/datadog-instrumentations/src/helpers/register.js +2 -22
- package/packages/datadog-instrumentations/src/hono.js +11 -8
- package/packages/datadog-instrumentations/src/http2/server.js +14 -20
- package/packages/datadog-instrumentations/src/knex.js +15 -17
- package/packages/datadog-instrumentations/src/microgateway-core.js +16 -15
- package/packages/datadog-instrumentations/src/mongodb-core.js +35 -32
- package/packages/datadog-instrumentations/src/mongodb.js +9 -13
- package/packages/datadog-instrumentations/src/mongoose.js +25 -29
- package/packages/datadog-instrumentations/src/next.js +4 -8
- package/packages/datadog-instrumentations/src/openai.js +0 -2
- package/packages/datadog-instrumentations/src/oracledb.js +39 -33
- package/packages/datadog-instrumentations/src/pg.js +38 -48
- package/packages/datadog-plugin-aerospike/src/index.js +11 -11
- package/packages/datadog-plugin-ai/src/index.js +17 -0
- package/packages/datadog-plugin-ai/src/tracing.js +33 -0
- package/packages/datadog-plugin-ai/src/utils.js +28 -0
- package/packages/datadog-plugin-amqp10/src/consumer.js +2 -2
- package/packages/datadog-plugin-amqp10/src/index.js +1 -1
- package/packages/datadog-plugin-amqp10/src/producer.js +3 -3
- package/packages/datadog-plugin-amqplib/src/client.js +3 -3
- package/packages/datadog-plugin-amqplib/src/consumer.js +2 -2
- package/packages/datadog-plugin-amqplib/src/index.js +1 -1
- package/packages/datadog-plugin-amqplib/src/producer.js +2 -2
- package/packages/datadog-plugin-apollo/src/gateway/execute.js +2 -4
- package/packages/datadog-plugin-apollo/src/gateway/fetch.js +2 -4
- package/packages/datadog-plugin-apollo/src/gateway/index.js +1 -1
- package/packages/datadog-plugin-apollo/src/gateway/plan.js +2 -4
- package/packages/datadog-plugin-apollo/src/gateway/postprocessing.js +2 -4
- package/packages/datadog-plugin-apollo/src/gateway/request.js +2 -4
- package/packages/datadog-plugin-apollo/src/gateway/validate.js +2 -4
- package/packages/datadog-plugin-apollo/src/index.js +1 -1
- package/packages/datadog-plugin-avsc/src/index.js +2 -2
- package/packages/datadog-plugin-aws-sdk/src/base.js +70 -46
- package/packages/datadog-plugin-aws-sdk/src/index.js +1 -3
- package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/index.js +1 -3
- package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/tracing.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/cloudwatchlogs.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/dynamodb.js +3 -3
- package/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js +2 -2
- package/packages/datadog-plugin-aws-sdk/src/services/kinesis.js +22 -20
- package/packages/datadog-plugin-aws-sdk/src/services/lambda.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/redshift.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/s3.js +3 -3
- package/packages/datadog-plugin-aws-sdk/src/services/sfn.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/sns.js +3 -3
- package/packages/datadog-plugin-aws-sdk/src/services/sqs.js +17 -15
- package/packages/datadog-plugin-aws-sdk/src/services/states.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/stepfunctions.js +1 -1
- package/packages/datadog-plugin-azure-functions/src/index.js +5 -5
- package/packages/datadog-plugin-azure-service-bus/src/index.js +1 -1
- package/packages/datadog-plugin-azure-service-bus/src/producer.js +2 -2
- package/packages/datadog-plugin-bunyan/src/index.js +3 -5
- package/packages/datadog-plugin-cassandra-driver/src/index.js +3 -3
- package/packages/datadog-plugin-child_process/src/index.js +2 -2
- package/packages/datadog-plugin-confluentinc-kafka-javascript/src/batch-consumer.js +1 -3
- package/packages/datadog-plugin-confluentinc-kafka-javascript/src/consumer.js +1 -3
- package/packages/datadog-plugin-confluentinc-kafka-javascript/src/index.js +1 -1
- package/packages/datadog-plugin-confluentinc-kafka-javascript/src/producer.js +1 -3
- package/packages/datadog-plugin-connect/src/index.js +1 -3
- package/packages/datadog-plugin-couchbase/src/index.js +39 -19
- package/packages/datadog-plugin-cucumber/src/index.js +1 -3
- package/packages/datadog-plugin-cypress/src/index.js +1 -3
- package/packages/datadog-plugin-dd-trace-api/src/index.js +1 -3
- package/packages/datadog-plugin-dns/src/index.js +1 -1
- package/packages/datadog-plugin-dns/src/lookup.js +2 -2
- package/packages/datadog-plugin-dns/src/lookup_service.js +2 -2
- package/packages/datadog-plugin-dns/src/resolve.js +2 -2
- package/packages/datadog-plugin-dns/src/reverse.js +2 -2
- package/packages/datadog-plugin-elasticsearch/src/index.js +1 -1
- package/packages/datadog-plugin-express/src/code_origin.js +1 -3
- package/packages/datadog-plugin-express/src/index.js +1 -1
- package/packages/datadog-plugin-express/src/tracing.js +1 -3
- package/packages/datadog-plugin-fastify/src/code_origin.js +1 -3
- package/packages/datadog-plugin-fastify/src/index.js +1 -1
- package/packages/datadog-plugin-fastify/src/tracing.js +18 -3
- package/packages/datadog-plugin-fetch/src/index.js +2 -2
- package/packages/datadog-plugin-find-my-way/src/index.js +1 -3
- package/packages/datadog-plugin-fs/src/index.js +2 -2
- package/packages/datadog-plugin-google-cloud-pubsub/src/client.js +3 -3
- package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js +2 -2
- package/packages/datadog-plugin-google-cloud-pubsub/src/index.js +1 -1
- package/packages/datadog-plugin-google-cloud-pubsub/src/producer.js +2 -2
- package/packages/datadog-plugin-google-cloud-vertexai/src/index.js +1 -1
- package/packages/datadog-plugin-google-cloud-vertexai/src/tracing.js +2 -4
- package/packages/datadog-plugin-graphql/src/execute.js +16 -9
- package/packages/datadog-plugin-graphql/src/index.js +1 -1
- package/packages/datadog-plugin-graphql/src/parse.js +12 -7
- package/packages/datadog-plugin-graphql/src/resolve.js +50 -16
- package/packages/datadog-plugin-graphql/src/validate.js +13 -7
- package/packages/datadog-plugin-grpc/src/client.js +4 -4
- package/packages/datadog-plugin-grpc/src/index.js +1 -1
- package/packages/datadog-plugin-grpc/src/server.js +3 -3
- package/packages/datadog-plugin-hapi/src/index.js +1 -3
- package/packages/datadog-plugin-hono/src/index.js +1 -3
- package/packages/datadog-plugin-http/src/client.js +2 -2
- package/packages/datadog-plugin-http/src/index.js +1 -1
- package/packages/datadog-plugin-http/src/server.js +3 -7
- package/packages/datadog-plugin-http2/src/client.js +2 -2
- package/packages/datadog-plugin-http2/src/index.js +1 -1
- package/packages/datadog-plugin-http2/src/server.js +22 -11
- package/packages/datadog-plugin-ioredis/src/index.js +1 -3
- package/packages/datadog-plugin-iovalkey/src/index.js +2 -4
- package/packages/datadog-plugin-jest/src/index.js +1 -3
- package/packages/datadog-plugin-kafkajs/src/batch-consumer.js +2 -2
- package/packages/datadog-plugin-kafkajs/src/consumer.js +2 -2
- package/packages/datadog-plugin-kafkajs/src/index.js +1 -1
- package/packages/datadog-plugin-kafkajs/src/producer.js +3 -3
- package/packages/datadog-plugin-koa/src/index.js +1 -3
- package/packages/datadog-plugin-langchain/src/index.js +2 -2
- package/packages/datadog-plugin-langchain/src/tracing.js +30 -48
- package/packages/datadog-plugin-mariadb/src/index.js +2 -2
- package/packages/datadog-plugin-memcached/src/index.js +1 -1
- package/packages/datadog-plugin-microgateway-core/src/index.js +4 -4
- package/packages/datadog-plugin-mocha/src/index.js +1 -3
- package/packages/datadog-plugin-moleculer/src/client.js +2 -2
- package/packages/datadog-plugin-moleculer/src/index.js +1 -1
- package/packages/datadog-plugin-moleculer/src/server.js +2 -2
- package/packages/datadog-plugin-mongodb-core/src/index.js +9 -5
- package/packages/datadog-plugin-mongoose/src/index.js +20 -0
- package/packages/datadog-plugin-mysql/src/index.js +2 -2
- package/packages/datadog-plugin-mysql2/src/index.js +1 -1
- package/packages/datadog-plugin-net/src/index.js +1 -1
- package/packages/datadog-plugin-net/src/ipc.js +2 -2
- package/packages/datadog-plugin-net/src/tcp.js +2 -2
- package/packages/datadog-plugin-next/src/index.js +1 -3
- package/packages/datadog-plugin-nyc/src/index.js +1 -3
- package/packages/datadog-plugin-openai/src/index.js +1 -1
- package/packages/datadog-plugin-openai/src/tracing.js +7 -411
- package/packages/datadog-plugin-opensearch/src/index.js +1 -3
- package/packages/datadog-plugin-oracledb/src/index.js +9 -5
- package/packages/datadog-plugin-pg/src/index.js +8 -5
- package/packages/datadog-plugin-pino/src/index.js +3 -5
- package/packages/datadog-plugin-playwright/src/index.js +1 -3
- package/packages/datadog-plugin-prisma/src/client.js +4 -6
- package/packages/datadog-plugin-prisma/src/engine.js +3 -3
- package/packages/datadog-plugin-prisma/src/index.js +1 -1
- package/packages/datadog-plugin-protobufjs/src/index.js +2 -6
- package/packages/datadog-plugin-redis/src/index.js +2 -2
- package/packages/datadog-plugin-restify/src/index.js +1 -3
- package/packages/datadog-plugin-rhea/src/consumer.js +1 -1
- package/packages/datadog-plugin-rhea/src/index.js +1 -1
- package/packages/datadog-plugin-rhea/src/producer.js +2 -2
- package/packages/datadog-plugin-router/src/index.js +1 -3
- package/packages/datadog-plugin-selenium/src/index.js +1 -3
- package/packages/datadog-plugin-sharedb/src/index.js +1 -1
- package/packages/datadog-plugin-tedious/src/index.js +3 -3
- package/packages/datadog-plugin-undici/src/index.js +2 -4
- package/packages/datadog-plugin-vitest/src/index.js +1 -3
- package/packages/datadog-plugin-web/src/index.js +1 -3
- package/packages/datadog-plugin-winston/src/index.js +3 -5
- package/packages/dd-trace/src/appsec/channels.js +1 -0
- package/packages/dd-trace/src/appsec/graphql.js +14 -12
- package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js +14 -7
- package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +4 -4
- package/packages/dd-trace/src/appsec/recommended.json +271 -2
- package/packages/dd-trace/src/appsec/waf/waf_manager.js +1 -1
- package/packages/dd-trace/src/ci-visibility/log-submission/log-submission-plugin.js +1 -3
- package/packages/dd-trace/src/ci-visibility/test-api-manual/test-api-manual-plugin.js +1 -3
- package/packages/dd-trace/src/config.js +1 -1
- package/packages/dd-trace/src/datastreams/checkpointer.js +23 -2
- package/packages/dd-trace/src/datastreams/processor.js +4 -3
- package/packages/dd-trace/src/guardrails/telemetry.js +18 -2
- package/packages/dd-trace/src/llmobs/plugins/ai/index.js +351 -0
- package/packages/dd-trace/src/llmobs/plugins/ai/util.js +179 -0
- package/packages/dd-trace/src/llmobs/plugins/langchain/index.js +30 -50
- package/packages/dd-trace/src/llmobs/plugins/openai.js +3 -5
- package/packages/dd-trace/src/llmobs/plugins/vertexai.js +3 -5
- package/packages/dd-trace/src/llmobs/writers/base.js +3 -2
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +25 -2
- package/packages/dd-trace/src/opentracing/span_context.js +4 -0
- package/packages/dd-trace/src/plugin_manager.js +8 -4
- package/packages/dd-trace/src/plugins/apollo.js +3 -3
- package/packages/dd-trace/src/plugins/cache.js +1 -1
- package/packages/dd-trace/src/plugins/client.js +3 -3
- package/packages/dd-trace/src/plugins/consumer.js +3 -3
- package/packages/dd-trace/src/plugins/database.js +2 -2
- package/packages/dd-trace/src/plugins/index.js +2 -0
- package/packages/dd-trace/src/plugins/log_plugin.js +1 -5
- package/packages/dd-trace/src/plugins/outbound.js +1 -1
- package/packages/dd-trace/src/plugins/plugin.js +1 -1
- package/packages/dd-trace/src/plugins/producer.js +3 -3
- package/packages/dd-trace/src/plugins/server.js +3 -3
- package/packages/dd-trace/src/plugins/storage.js +1 -1
- package/packages/dd-trace/src/plugins/tracing.js +24 -6
- package/packages/dd-trace/src/plugins/util/ci.js +11 -7
- package/packages/dd-trace/src/plugins/util/inferred_proxy.js +15 -19
- package/packages/dd-trace/src/plugins/util/ip_extractor.js +44 -3
- package/packages/dd-trace/src/plugins/util/tags.js +2 -0
- package/packages/dd-trace/src/plugins/util/web.js +26 -7
- package/packages/dd-trace/src/profiling/config.js +2 -0
- package/packages/dd-trace/src/profiling/exporters/event_serializer.js +2 -21
- package/packages/dd-trace/src/profiling/libuv-size.js +49 -0
- package/packages/dd-trace/src/profiling/profilers/event_plugins/dns.js +2 -6
- package/packages/dd-trace/src/profiling/profilers/event_plugins/dns_lookup.js +1 -3
- package/packages/dd-trace/src/profiling/profilers/event_plugins/dns_lookupservice.js +1 -3
- package/packages/dd-trace/src/profiling/profilers/event_plugins/dns_resolve.js +1 -3
- package/packages/dd-trace/src/profiling/profilers/event_plugins/dns_reverse.js +1 -3
- package/packages/dd-trace/src/profiling/profilers/event_plugins/event.js +24 -23
- package/packages/dd-trace/src/profiling/profilers/event_plugins/fs.js +3 -9
- package/packages/dd-trace/src/profiling/profilers/event_plugins/net.js +3 -9
- package/packages/dd-trace/src/profiling/profilers/events.js +83 -64
- package/packages/dd-trace/src/profiling/profilers/poisson.js +105 -0
- package/packages/dd-trace/src/profiling/profilers/wall.js +3 -3
- package/packages/dd-trace/src/remote_config/manager.js +1 -1
- package/packages/dd-trace/src/supported-configurations.json +2 -0
- package/packages/dd-trace/src/tracer_metadata.js +1 -1
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": "2.2",
|
|
3
3
|
"metadata": {
|
|
4
|
-
"rules_version": "1.15.
|
|
4
|
+
"rules_version": "1.15.1"
|
|
5
5
|
},
|
|
6
6
|
"rules": [
|
|
7
7
|
{
|
|
@@ -5539,6 +5539,7 @@
|
|
|
5539
5539
|
"confidence": "0",
|
|
5540
5540
|
"module": "waf"
|
|
5541
5541
|
},
|
|
5542
|
+
"max_version": "1.24.9",
|
|
5542
5543
|
"conditions": [
|
|
5543
5544
|
{
|
|
5544
5545
|
"parameters": {
|
|
@@ -6671,7 +6672,10 @@
|
|
|
6671
6672
|
{
|
|
6672
6673
|
"address": "graphql.server.resolver"
|
|
6673
6674
|
}
|
|
6674
|
-
]
|
|
6675
|
+
],
|
|
6676
|
+
"options": {
|
|
6677
|
+
"path-inspection": true
|
|
6678
|
+
}
|
|
6675
6679
|
},
|
|
6676
6680
|
"operator": "ssrf_detector"
|
|
6677
6681
|
}
|
|
@@ -8916,6 +8920,271 @@
|
|
|
8916
8920
|
"transformers": []
|
|
8917
8921
|
}
|
|
8918
8922
|
],
|
|
8923
|
+
"rules_compat": [
|
|
8924
|
+
{
|
|
8925
|
+
"id": "api-001-100",
|
|
8926
|
+
"name": "JWT: No expiry is present",
|
|
8927
|
+
"tags": {
|
|
8928
|
+
"type": "jwt",
|
|
8929
|
+
"category": "api_security",
|
|
8930
|
+
"confidence": "0",
|
|
8931
|
+
"module": "business-logic"
|
|
8932
|
+
},
|
|
8933
|
+
"min_version": "1.25.0",
|
|
8934
|
+
"conditions": [
|
|
8935
|
+
{
|
|
8936
|
+
"parameters": {
|
|
8937
|
+
"inputs": [
|
|
8938
|
+
{
|
|
8939
|
+
"address": "server.request.jwt",
|
|
8940
|
+
"key_path": [
|
|
8941
|
+
"payload",
|
|
8942
|
+
"exp"
|
|
8943
|
+
]
|
|
8944
|
+
}
|
|
8945
|
+
]
|
|
8946
|
+
},
|
|
8947
|
+
"operator": "!exists"
|
|
8948
|
+
}
|
|
8949
|
+
],
|
|
8950
|
+
"transformers": [],
|
|
8951
|
+
"output": {
|
|
8952
|
+
"event": false,
|
|
8953
|
+
"keep": false,
|
|
8954
|
+
"attributes": {
|
|
8955
|
+
"_dd.appsec.api.jwt.no_expiry": {
|
|
8956
|
+
"value": 1
|
|
8957
|
+
}
|
|
8958
|
+
}
|
|
8959
|
+
}
|
|
8960
|
+
},
|
|
8961
|
+
{
|
|
8962
|
+
"id": "api-001-110",
|
|
8963
|
+
"name": "JWT: Collect algorithm used",
|
|
8964
|
+
"tags": {
|
|
8965
|
+
"type": "jwt",
|
|
8966
|
+
"category": "api_security",
|
|
8967
|
+
"confidence": "0",
|
|
8968
|
+
"module": "business-logic"
|
|
8969
|
+
},
|
|
8970
|
+
"min_version": "1.25.0",
|
|
8971
|
+
"conditions": [
|
|
8972
|
+
{
|
|
8973
|
+
"parameters": {
|
|
8974
|
+
"inputs": [
|
|
8975
|
+
{
|
|
8976
|
+
"address": "server.request.jwt",
|
|
8977
|
+
"key_path": [
|
|
8978
|
+
"header",
|
|
8979
|
+
"alg"
|
|
8980
|
+
]
|
|
8981
|
+
}
|
|
8982
|
+
]
|
|
8983
|
+
},
|
|
8984
|
+
"operator": "exists"
|
|
8985
|
+
}
|
|
8986
|
+
],
|
|
8987
|
+
"transformers": [],
|
|
8988
|
+
"output": {
|
|
8989
|
+
"event": false,
|
|
8990
|
+
"keep": false,
|
|
8991
|
+
"attributes": {
|
|
8992
|
+
"_dd.appsec.api.jwt_alg": {
|
|
8993
|
+
"address": "server.request.jwt",
|
|
8994
|
+
"key_path": [
|
|
8995
|
+
"header",
|
|
8996
|
+
"alg"
|
|
8997
|
+
]
|
|
8998
|
+
}
|
|
8999
|
+
}
|
|
9000
|
+
}
|
|
9001
|
+
},
|
|
9002
|
+
{
|
|
9003
|
+
"id": "api-001-120",
|
|
9004
|
+
"name": "JWT: No audience is specified",
|
|
9005
|
+
"tags": {
|
|
9006
|
+
"type": "jwt",
|
|
9007
|
+
"category": "api_security",
|
|
9008
|
+
"confidence": "0",
|
|
9009
|
+
"module": "business-logic"
|
|
9010
|
+
},
|
|
9011
|
+
"min_version": "1.25.0",
|
|
9012
|
+
"conditions": [
|
|
9013
|
+
{
|
|
9014
|
+
"parameters": {
|
|
9015
|
+
"inputs": [
|
|
9016
|
+
{
|
|
9017
|
+
"address": "server.request.jwt",
|
|
9018
|
+
"key_path": [
|
|
9019
|
+
"payload",
|
|
9020
|
+
"aud"
|
|
9021
|
+
]
|
|
9022
|
+
}
|
|
9023
|
+
]
|
|
9024
|
+
},
|
|
9025
|
+
"operator": "!exists"
|
|
9026
|
+
}
|
|
9027
|
+
],
|
|
9028
|
+
"transformers": [],
|
|
9029
|
+
"output": {
|
|
9030
|
+
"event": false,
|
|
9031
|
+
"keep": false,
|
|
9032
|
+
"attributes": {
|
|
9033
|
+
"_dd.appsec.api.jwt.no_audience": {
|
|
9034
|
+
"value": 1
|
|
9035
|
+
}
|
|
9036
|
+
}
|
|
9037
|
+
}
|
|
9038
|
+
},
|
|
9039
|
+
{
|
|
9040
|
+
"id": "api-001-130",
|
|
9041
|
+
"name": "JWT: None algorithm used",
|
|
9042
|
+
"tags": {
|
|
9043
|
+
"type": "jwt",
|
|
9044
|
+
"category": "api_security",
|
|
9045
|
+
"confidence": "0",
|
|
9046
|
+
"module": "business-logic"
|
|
9047
|
+
},
|
|
9048
|
+
"min_version": "1.25.0",
|
|
9049
|
+
"conditions": [
|
|
9050
|
+
{
|
|
9051
|
+
"parameters": {
|
|
9052
|
+
"inputs": [
|
|
9053
|
+
{
|
|
9054
|
+
"address": "server.request.jwt",
|
|
9055
|
+
"key_path": [
|
|
9056
|
+
"header",
|
|
9057
|
+
"alg"
|
|
9058
|
+
]
|
|
9059
|
+
}
|
|
9060
|
+
],
|
|
9061
|
+
"list": [
|
|
9062
|
+
"none",
|
|
9063
|
+
"nonE",
|
|
9064
|
+
"noNe",
|
|
9065
|
+
"noNE",
|
|
9066
|
+
"nOne",
|
|
9067
|
+
"nOnE",
|
|
9068
|
+
"nONe",
|
|
9069
|
+
"nONE",
|
|
9070
|
+
"None",
|
|
9071
|
+
"NonE",
|
|
9072
|
+
"NoNe",
|
|
9073
|
+
"NoNE",
|
|
9074
|
+
"NOne",
|
|
9075
|
+
"NOnE",
|
|
9076
|
+
"NONe",
|
|
9077
|
+
"NONE"
|
|
9078
|
+
]
|
|
9079
|
+
},
|
|
9080
|
+
"operator": "exact_match"
|
|
9081
|
+
}
|
|
9082
|
+
],
|
|
9083
|
+
"transformers": [],
|
|
9084
|
+
"output": {
|
|
9085
|
+
"event": false,
|
|
9086
|
+
"keep": true,
|
|
9087
|
+
"attributes": {
|
|
9088
|
+
"_dd.appsec.api.jwt.none_alg": {
|
|
9089
|
+
"value": 1
|
|
9090
|
+
}
|
|
9091
|
+
}
|
|
9092
|
+
}
|
|
9093
|
+
},
|
|
9094
|
+
{
|
|
9095
|
+
"id": "ua0-600-551",
|
|
9096
|
+
"name": "Datadog test scanner - scalar trace-tagging version: user-agent",
|
|
9097
|
+
"tags": {
|
|
9098
|
+
"type": "security_scanner",
|
|
9099
|
+
"category": "attack_attempt",
|
|
9100
|
+
"cwe": "200",
|
|
9101
|
+
"capec": "1000/118/169",
|
|
9102
|
+
"tool_name": "Datadog Canary Test",
|
|
9103
|
+
"confidence": "1",
|
|
9104
|
+
"module": "waf"
|
|
9105
|
+
},
|
|
9106
|
+
"min_version": "1.25.0",
|
|
9107
|
+
"conditions": [
|
|
9108
|
+
{
|
|
9109
|
+
"parameters": {
|
|
9110
|
+
"inputs": [
|
|
9111
|
+
{
|
|
9112
|
+
"address": "server.request.headers.no_cookies",
|
|
9113
|
+
"key_path": [
|
|
9114
|
+
"user-agent"
|
|
9115
|
+
]
|
|
9116
|
+
},
|
|
9117
|
+
{
|
|
9118
|
+
"address": "grpc.server.request.metadata",
|
|
9119
|
+
"key_path": [
|
|
9120
|
+
"dd-canary"
|
|
9121
|
+
]
|
|
9122
|
+
}
|
|
9123
|
+
],
|
|
9124
|
+
"regex": "^dd-test-scanner-tag-scalar(?:$|/|\\s)"
|
|
9125
|
+
},
|
|
9126
|
+
"operator": "match_regex"
|
|
9127
|
+
}
|
|
9128
|
+
],
|
|
9129
|
+
"transformers": [],
|
|
9130
|
+
"output": {
|
|
9131
|
+
"event": false,
|
|
9132
|
+
"attributes": {
|
|
9133
|
+
"_dd.appsec.test.scanner.scalar": {
|
|
9134
|
+
"value": 1
|
|
9135
|
+
}
|
|
9136
|
+
}
|
|
9137
|
+
}
|
|
9138
|
+
},
|
|
9139
|
+
{
|
|
9140
|
+
"id": "ua0-600-552",
|
|
9141
|
+
"name": "Datadog test scanner - reference trace-tagging version: user-agent",
|
|
9142
|
+
"tags": {
|
|
9143
|
+
"type": "security_scanner",
|
|
9144
|
+
"category": "attack_attempt",
|
|
9145
|
+
"cwe": "200",
|
|
9146
|
+
"capec": "1000/118/169",
|
|
9147
|
+
"tool_name": "Datadog Canary Test",
|
|
9148
|
+
"confidence": "1",
|
|
9149
|
+
"module": "waf"
|
|
9150
|
+
},
|
|
9151
|
+
"min_version": "1.25.0",
|
|
9152
|
+
"conditions": [
|
|
9153
|
+
{
|
|
9154
|
+
"parameters": {
|
|
9155
|
+
"inputs": [
|
|
9156
|
+
{
|
|
9157
|
+
"address": "server.request.headers.no_cookies",
|
|
9158
|
+
"key_path": [
|
|
9159
|
+
"user-agent"
|
|
9160
|
+
]
|
|
9161
|
+
},
|
|
9162
|
+
{
|
|
9163
|
+
"address": "grpc.server.request.metadata",
|
|
9164
|
+
"key_path": [
|
|
9165
|
+
"dd-canary"
|
|
9166
|
+
]
|
|
9167
|
+
}
|
|
9168
|
+
],
|
|
9169
|
+
"regex": "^dd-test-scanner-tag-ref(?:$|/|\\s)"
|
|
9170
|
+
},
|
|
9171
|
+
"operator": "match_regex"
|
|
9172
|
+
}
|
|
9173
|
+
],
|
|
9174
|
+
"transformers": [],
|
|
9175
|
+
"output": {
|
|
9176
|
+
"event": false,
|
|
9177
|
+
"attributes": {
|
|
9178
|
+
"_dd.appsec.test.scanner.reference": {
|
|
9179
|
+
"address": "server.request.headers.no_cookies",
|
|
9180
|
+
"key_path": [
|
|
9181
|
+
"user-agent"
|
|
9182
|
+
]
|
|
9183
|
+
}
|
|
9184
|
+
}
|
|
9185
|
+
}
|
|
9186
|
+
}
|
|
9187
|
+
],
|
|
8919
9188
|
"processors": [
|
|
8920
9189
|
{
|
|
8921
9190
|
"id": "http-endpoint-fingerprint",
|
|
@@ -7,7 +7,7 @@ const WAFContextWrapper = require('./waf_context_wrapper')
|
|
|
7
7
|
const contexts = new WeakMap()
|
|
8
8
|
|
|
9
9
|
class WAFManager {
|
|
10
|
-
static
|
|
10
|
+
static defaultWafConfigPath = 'datadog/00/ASM_DD/default/config'
|
|
11
11
|
|
|
12
12
|
constructor (rules, config) {
|
|
13
13
|
this.config = config
|
|
@@ -571,7 +571,7 @@ class Config {
|
|
|
571
571
|
defaults.testManagementAttemptToFixRetries = 20
|
|
572
572
|
defaults.isTestManagementEnabled = false
|
|
573
573
|
defaults.isImpactedTestsEnabled = false
|
|
574
|
-
defaults.logInjection =
|
|
574
|
+
defaults.logInjection = true
|
|
575
575
|
defaults.lookup = undefined
|
|
576
576
|
defaults.inferredProxyServicesEnabled = false
|
|
577
577
|
defaults.memcachedCommandEnabled = false
|
|
@@ -9,6 +9,12 @@ class DataStreamsCheckpointer {
|
|
|
9
9
|
this.dsmProcessor = tracer._dataStreamsProcessor
|
|
10
10
|
}
|
|
11
11
|
|
|
12
|
+
/**
|
|
13
|
+
* @param {string} type - The type of the checkpoint, usually the streaming technology being used.
|
|
14
|
+
* Examples include kafka, kinesis, sns etc.
|
|
15
|
+
* @param {string} target - The target of data. This can be a topic, exchange or stream name.
|
|
16
|
+
* @param {Object} carrier - The carrier object to inject context into.
|
|
17
|
+
*/
|
|
12
18
|
setProduceCheckpoint (type, target, carrier) {
|
|
13
19
|
if (!this.config.dsmEnabled) return
|
|
14
20
|
|
|
@@ -23,14 +29,29 @@ class DataStreamsCheckpointer {
|
|
|
23
29
|
this.tracer.inject(ctx, 'text_map_dsm', carrier)
|
|
24
30
|
}
|
|
25
31
|
|
|
26
|
-
|
|
32
|
+
/**
|
|
33
|
+
* @param {string} type - The type of the checkpoint, usually the streaming technology being used.
|
|
34
|
+
* Examples include kafka, kinesis, sns etc.
|
|
35
|
+
* @param {string} source - The source of data. This can be a topic, exchange or stream name.
|
|
36
|
+
* @param {Object} carrier - The carrier object to extract context from.
|
|
37
|
+
* @param {boolean} [manualCheckpoint=true] - Whether this checkpoint was manually set. Keep true if manually
|
|
38
|
+
* instrumenting. Manual instrumentation always overrides automatic
|
|
39
|
+
* instrumentation in the case a call is both manually and automatically
|
|
40
|
+
* instrumented.
|
|
41
|
+
*/
|
|
42
|
+
setConsumeCheckpoint (type, source, carrier, manualCheckpoint = true) {
|
|
27
43
|
if (!this.config.dsmEnabled) return
|
|
28
44
|
|
|
29
45
|
const parentCtx = this.tracer.extract('text_map_dsm', carrier)
|
|
30
46
|
DataStreamsContext.setDataStreamsContext(parentCtx)
|
|
31
47
|
|
|
48
|
+
const tags = ['type:' + type, 'topic:' + source, 'direction:in']
|
|
49
|
+
if (manualCheckpoint) {
|
|
50
|
+
tags.push('manual_checkpoint:true')
|
|
51
|
+
}
|
|
52
|
+
|
|
32
53
|
const ctx = this.dsmProcessor.setCheckpoint(
|
|
33
|
-
|
|
54
|
+
tags,
|
|
34
55
|
null,
|
|
35
56
|
parentCtx,
|
|
36
57
|
null
|
|
@@ -17,8 +17,9 @@ const ENTRY_PARENT_HASH = Buffer.from('0000000000000000', 'hex')
|
|
|
17
17
|
|
|
18
18
|
class StatsPoint {
|
|
19
19
|
constructor (hash, parentHash, edgeTags) {
|
|
20
|
-
this.hash = hash.
|
|
21
|
-
this.parentHash = parentHash.
|
|
20
|
+
this.hash = hash.readBigUInt64LE()
|
|
21
|
+
this.parentHash = parentHash.readBigUInt64LE()
|
|
22
|
+
|
|
22
23
|
this.edgeTags = edgeTags
|
|
23
24
|
this.edgeLatency = new LogCollapsingLowestDenseDDSketch()
|
|
24
25
|
this.pathwayLatency = new LogCollapsingLowestDenseDDSketch()
|
|
@@ -191,7 +192,7 @@ class DataStreamsProcessor {
|
|
|
191
192
|
.addLatencies(checkpoint)
|
|
192
193
|
// set DSM pathway hash on span to enable related traces feature on DSM tab, convert from buffer to uint64
|
|
193
194
|
if (span) {
|
|
194
|
-
span.setTag(PATHWAY_HASH, checkpoint.hash.
|
|
195
|
+
span.setTag(PATHWAY_HASH, checkpoint.hash.readBigUInt64LE(0).toString())
|
|
195
196
|
}
|
|
196
197
|
}
|
|
197
198
|
|
|
@@ -22,7 +22,10 @@ var metadata = {
|
|
|
22
22
|
runtime_name: 'nodejs',
|
|
23
23
|
runtime_version: process.versions.node,
|
|
24
24
|
tracer_version: tracerVersion,
|
|
25
|
-
pid: process.pid
|
|
25
|
+
pid: process.pid,
|
|
26
|
+
result: 'unknown',
|
|
27
|
+
result_reason: 'unknown',
|
|
28
|
+
result_class: 'unknown'
|
|
26
29
|
}
|
|
27
30
|
|
|
28
31
|
var seen = {}
|
|
@@ -64,14 +67,27 @@ function sendTelemetry (name, tags) {
|
|
|
64
67
|
})
|
|
65
68
|
proc.on('error', function () {
|
|
66
69
|
log.error('Failed to spawn telemetry forwarder')
|
|
70
|
+
metadata.result = 'error'
|
|
71
|
+
metadata.result_class = 'internal_error'
|
|
72
|
+
metadata.result_reason = 'Failed to spawn telemetry forwarder'
|
|
67
73
|
})
|
|
68
74
|
proc.on('exit', function (code) {
|
|
69
|
-
if (code
|
|
75
|
+
if (code === 0) {
|
|
76
|
+
metadata.result = 'success'
|
|
77
|
+
metadata.result_class = 'success'
|
|
78
|
+
metadata.result_reason = 'Successfully configured ddtrace package'
|
|
79
|
+
} else {
|
|
70
80
|
log.error('Telemetry forwarder exited with code', code)
|
|
81
|
+
metadata.result = 'error'
|
|
82
|
+
metadata.result_class = 'internal_error'
|
|
83
|
+
metadata.result_reason = 'Telemetry forwarder exited with code ' + code
|
|
71
84
|
}
|
|
72
85
|
})
|
|
73
86
|
proc.stdin.on('error', function () {
|
|
74
87
|
log.error('Failed to write telemetry data to telemetry forwarder')
|
|
88
|
+
metadata.result = 'error'
|
|
89
|
+
metadata.result_class = 'internal_error'
|
|
90
|
+
metadata.result_reason = 'Failed to write telemetry data to telemetry forwarder'
|
|
75
91
|
})
|
|
76
92
|
proc.stdin.end(JSON.stringify({ metadata: metadata, points: points }))
|
|
77
93
|
}
|