npm - dd-trace - Versions diffs - 5.67.0 → 5.69.0 - Mend

dd-trace 5.67.0 → 5.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

package/packages/dd-trace/src/appsec/iast/path-line.js CHANGED Viewed

@@ -3,6 +3,7 @@
 const path = require('path')
 const process = require('process')
 const { ddBasePath } = require('../../util')
+const { getOriginalPathAndLineFromSourceMap } = require('./taint-tracking/rewriter')
 const pathLine = {
   getNodeModulesPaths,
   getRelativePath,
@@ -30,8 +31,24 @@ function getNonDDCallSiteFrames (callSiteFrames, externallyExcludedPaths) {
   const result = []
   for (const callsite of callSiteFrames) {
-    const filepath = callsite.file
-    if (!isExcluded(callsite, externallyExcludedPaths) && !filepath.includes(pathLine.ddBasePath)) {
+    let filepath = callsite.file
+    if (globalThis.__DD_ESBUILD_IAST_WITH_SM) {
+      const callsiteLocation = {
+        path: getRelativePath(filepath),
+        line: callsite.line,
+        column: callsite.column
+      }
+      const { path: originalPath, line, column } = getOriginalPathAndLineFromSourceMap(callsiteLocation)
+      callsite.path = filepath = originalPath
+      callsite.line = line
+      callsite.column = column
+    }
+    if (
+      !isExcluded(callsite, externallyExcludedPaths) &&
+      (!filepath.includes(pathLine.ddBasePath) || globalThis.__DD_ESBUILD_IAST_WITH_NO_SM)
+    ) {
       callsite.path = getRelativePath(filepath)
       callsite.isInternal = !path.isAbsolute(filepath)
@@ -43,12 +60,12 @@ function getNonDDCallSiteFrames (callSiteFrames, externallyExcludedPaths) {
 }
 function getRelativePath (filepath) {
-  return path.relative(process.cwd(), filepath)
+  return filepath && path.relative(process.cwd(), filepath)
 }
 function isExcluded (callsite, externallyExcludedPaths) {
   if (callsite.isNative) return true
-  const filename = callsite.file
+  const filename = globalThis.__DD_ESBUILD_IAST_WITH_SM ? callsite.path : callsite.file
   if (!filename) {
     return true
   }

package/packages/dd-trace/src/appsec/iast/security-controls/parser.js CHANGED Viewed

@@ -15,7 +15,7 @@ const validTypes = new Set([INPUT_VALIDATOR_TYPE, SANITIZER_TYPE])
 function parse (securityControlsConfiguration) {
   const controls = new Map()
-  securityControlsConfiguration?.replace(/[\r\n\t\v\f]*/g, '')
+  securityControlsConfiguration?.replaceAll(/[\r\n\t\v\f]*/g, '')
     .split(SECURITY_CONTROL_DELIMITER)
     .map(parseControl)
     .filter(control => !!control)

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -44,7 +44,7 @@ function setGetOriginalPathAndLineFromSourceMapFunction (chainSourceMap, { getOr
     ? (path, line, column) => {
       // if --enable-source-maps is present stacktraces of the rewritten files contain the original path, file and
       // column because the sourcemap chaining is done during the rewriting process so we can skip it
-        return isPrivateModule(path) && !isDdTrace(path)
+        return !globalThis.__DD_ESBUILD_IAST_WITH_SM && isPrivateModule(path) && !isDdTrace(path)
           ? { path, line, column }
           : getOriginalPathAndLineFromSourceMap(path, line, column)
       }
@@ -170,7 +170,10 @@ function enableRewriter (telemetryVerbosity) {
       const rewriter = getRewriter(telemetryVerbosity)
       if (rewriter) {
         shimPrepareStackTrace()
-        shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
+        if (!globalThis.__DD_ESBUILD_IAST_WITH_SM && !globalThis.__DD_ESBUILD_IAST_WITH_NO_SM) {
+          // Avoid rewriting twice when application has been bundled
+          shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
+        }
       }
     }
@@ -264,5 +267,5 @@ function enable (configArg) {
 }
 module.exports = {
-  enable, disable, getOriginalPathAndLineFromSourceMap
+  enable, disable, getOriginalPathAndLineFromSourceMap, getRewriter
 }

package/packages/dd-trace/src/appsec/stack_trace.js CHANGED Viewed

@@ -1,6 +1,7 @@
 'use strict'
 const { ddBasePath } = require('../util')
+const { getOriginalPathAndLineFromSourceMap } = require('./iast/taint-tracking/rewriter')
 const LIBRARY_FRAMES_BUFFER = 20
@@ -32,7 +33,25 @@ function getCallSiteList (maxDepth = 100, constructorOpt) {
 }
 function filterOutFramesFromLibrary (callSiteList) {
-  return callSiteList.filter(callSite => !callSite.getFileName()?.startsWith(ddBasePath))
+  return callSiteList.filter(callSite => {
+    if (globalThis.__DD_ESBUILD_IAST_WITH_NO_SM) {
+      // bundled and no SourceMap, not possible to discriminate if the frame comes from dd-trace code or not
+      return true
+    }
+    if (globalThis.__DD_ESBUILD_IAST_WITH_SM) {
+      // bundled with SourceMap, get original file and line to discriminate if comes from dd-trace or not
+      const callSiteLocation = {
+        path: callSite.getFileName(),
+        line: callSite.getLineNumber(),
+        column: callSite.getColumnNumber()
+      }
+      const { path } = getOriginalPathAndLineFromSourceMap(callSiteLocation)
+      return !path?.startsWith(ddBasePath)
+    }
+    return !callSite.getFileName()?.startsWith(ddBasePath)
+  })
 }
 function getCallsiteFrames (maxDepth = 32, constructorOpt = getCallsiteFrames, callSiteListGetter = getCallSiteList) {

package/packages/dd-trace/src/appsec/telemetry/waf.js CHANGED Viewed

@@ -96,7 +96,7 @@ function incrementWafInit (wafVersion, rulesVersion, success) {
   appsecMetrics.count('waf.init', { ...versionsTags, success }).inc()
   if (!success) {
-    appsecMetrics.count('waf.config_errors', versionsTags).inc()
+    appsecMetrics.count('waf.config_errors', { ...versionsTags, action: 'init' }).inc()
   }
 }
@@ -107,7 +107,7 @@ function incrementWafUpdates (wafVersion, rulesVersion, success) {
 function incrementWafConfigErrors (wafVersion, rulesVersion) {
   const versionsTags = getVersionsTags(wafVersion, rulesVersion)
-  appsecMetrics.count('waf.config_errors', versionsTags).inc()
+  appsecMetrics.count('waf.config_errors', { ...versionsTags, action: 'update' }).inc()
 }
 function incrementWafRequests (store) {

package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js CHANGED Viewed

@@ -287,11 +287,11 @@ class CiVisibilityExporter extends AgentInfoExporter {
     this._export(formattedCoverage, this._coverageWriter, '_coverageTimer')
   }
-  formatLogMessage (testConfiguration, logMessage) {
+  formatLogMessage (testEnvironmentMetadata, logMessage) {
     const {
       [GIT_REPOSITORY_URL]: gitRepositoryUrl,
       [GIT_COMMIT_SHA]: gitCommitSha
-    } = testConfiguration
+    } = testEnvironmentMetadata
     const { service, env, version } = this._config
@@ -315,14 +315,14 @@ class CiVisibilityExporter extends AgentInfoExporter {
   }
   // DI logs
-  exportDiLogs (testConfiguration, logMessage) {
+  exportDiLogs (testEnvironmentMetadata, logMessage) {
     // TODO: could we lose logs if it's not initialized?
     if (!this._config.isTestDynamicInstrumentationEnabled || !this._isInitialized || !this._canForwardLogs) {
       return
     }
     this._export(
-      this.formatLogMessage(testConfiguration, logMessage),
+      this.formatLogMessage(testEnvironmentMetadata, logMessage),
       this._logsWriter,
       '_logsTimer'
     )

package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js CHANGED Viewed

@@ -7,7 +7,9 @@ const {
   CUCUMBER_WORKER_TRACE_PAYLOAD_CODE,
   MOCHA_WORKER_TRACE_PAYLOAD_CODE,
   JEST_WORKER_LOGS_PAYLOAD_CODE,
-  PLAYWRIGHT_WORKER_TRACE_PAYLOAD_CODE
+  PLAYWRIGHT_WORKER_TRACE_PAYLOAD_CODE,
+  VITEST_WORKER_TRACE_PAYLOAD_CODE,
+  VITEST_WORKER_LOGS_PAYLOAD_CODE
 } = require('../../../plugins/util/test')
 const { getEnvironmentVariable } = require('../../../config-helper')
@@ -24,6 +26,9 @@ function getInterprocessTraceCode () {
   if (getEnvironmentVariable('DD_PLAYWRIGHT_WORKER')) {
     return PLAYWRIGHT_WORKER_TRACE_PAYLOAD_CODE
   }
+  if (getEnvironmentVariable('TINYPOOL_WORKER_ID')) {
+    return VITEST_WORKER_TRACE_PAYLOAD_CODE
+  }
   return null
 }
@@ -39,6 +44,9 @@ function getInterprocessLogsCode () {
   if (getEnvironmentVariable('JEST_WORKER_ID')) {
     return JEST_WORKER_LOGS_PAYLOAD_CODE
   }
+  if (getEnvironmentVariable('TINYPOOL_WORKER_ID')) {
+    return VITEST_WORKER_LOGS_PAYLOAD_CODE
+  }
   return null
 }
@@ -66,8 +74,8 @@ class TestWorkerCiVisibilityExporter {
     this._coverageWriter.append(formattedCoverage)
   }
-  exportDiLogs (testConfiguration, logMessage) {
-    this._logsWriter.append({ testConfiguration, logMessage })
+  exportDiLogs (testEnvironmentMetadata, logMessage) {
+    this._logsWriter.append({ testEnvironmentMetadata, logMessage })
   }
   // TODO: add to other writers

package/packages/dd-trace/src/ci-visibility/exporters/test-worker/writer.js CHANGED Viewed

@@ -1,5 +1,6 @@
 'use strict'
 const { JSONEncoder } = require('../../encode/json-encoder')
+const { getEnvironmentVariable } = require('../../../config-helper')
 class Writer {
   constructor (interprocessCode) {
@@ -34,9 +35,17 @@ class Writer {
     // See cucumber code:
     // https://github.com/cucumber/cucumber-js/blob/5ce371870b677fe3d1a14915dc535688946f734c/src/runtime/parallel/run_worker.ts#L13
     if (process.send) { // it only works if process.send is available
-      process.send([this._interprocessCode, data], () => {
+      const isVitestWorker = !!getEnvironmentVariable('TINYPOOL_WORKER_ID')
+      const payload = isVitestWorker
+        ? { __tinypool_worker_message__: true, interprocessCode: this._interprocessCode, data }
+        : [this._interprocessCode, data]
+      process.send(payload, () => {
         onDone()
       })
+    } else {
+      onDone()
     }
   }
 }

package/packages/dd-trace/src/config-helper.js CHANGED Viewed

@@ -5,6 +5,13 @@
 const { deprecate } = require('util')
 const { supportedConfigurations, aliases, deprecations } = require('./supported-configurations.json')
+/**
+ * Types for environment variable handling.
+ *
+ * @typedef {keyof typeof supportedConfigurations} SupportedEnvKey
+ * @typedef {Partial<typeof process.env> & Partial<Record<SupportedEnvKey, string|undefined>>} TracerEnv
+ */
 const aliasToCanonical = {}
 for (const canonical of Object.keys(aliases)) {
   for (const alias of aliases[canonical]) {
@@ -32,7 +39,7 @@ module.exports = {
    * Returns the environment variables that are supported by the tracer
    * (including all non-Datadog/OTEL specific environment variables)
    *
-   * @returns {Partial<process.env>} The environment variables
+   * @returns {TracerEnv} The environment variables
    */
   getEnvironmentVariables () {
     const configs = {}