dd-trace 5.70.0 → 5.72.0

package/packages/datadog-plugin-azure-event-hubs/src/producer.js

@@ -0,0 +1,82 @@
+'use strict'
+
+const { getEnvironmentVariable } = require('../../dd-trace/src/config-helper')
+const ProducerPlugin = require('../../dd-trace/src/plugins/producer')
+
+class AzureEventHubsProducerPlugin extends ProducerPlugin {
+  static get id () { return 'azure-event-hubs' }
+  static get operation () { return 'send' }
+  static get prefix () { return 'tracing:apm:azure-event-hubs:send' }
+
+  bindStart (ctx) {
+    // we do not want to make these spans when batch linking is disabled.
+    if (!batchLinksAreEnabled() && ctx.functionName === 'tryAdd') {
+      return ctx.currentStore
+    }
+
+    const qualifiedNamespace = ctx.config.endpoint.replace('sb://', '').replace('/', '')
+    const entityPath = ctx.config.entityPath
+    const span = this.startSpan({
+      resource: entityPath,
+      type: 'messaging',
+      meta: {
+        component: 'azure-event-hubs',
+        'messaging.system': 'eventhubs',
+        'messaging.destination.name': entityPath,
+        'network.destination.name': qualifiedNamespace,
+      }
+    }, ctx)
+
+    if (ctx.functionName === 'tryAdd') {
+      span._spanContext._name = 'azure.eventhubs.create'
+      span.setTag('messaging.operation', 'create')
+
+      if (ctx.eventData.messageID !== undefined) {
+        span.setTag('message.id', ctx.eventData.messageID)
+      }
+
+      if (batchLinksAreEnabled()) {
+        ctx.batch._spanContexts.push(span.context())
+        injectTraceContext(this.tracer, span, ctx.eventData)
+      }
+    }
+
+    if (ctx.functionName === 'sendBatch') {
+      const eventData = ctx.eventData
+      const eventDataLength = eventData.length || eventData._context.connection._eventsCount
+      span.setTag('messaging.operation', 'send')
+      span.setTag('messaging.batch.message_count', eventDataLength)
+
+      if (eventData.constructor.name !== 'EventDataBatchImpl' && Array.isArray(eventData)) {
+        eventData.forEach(event => {
+          injectTraceContext(this.tracer, span, event)
+        })
+      } else {
+        if (batchLinksAreEnabled()) {
+          eventData._spanContexts.forEach(spanContext => {
+            span.addLink(spanContext)
+          })
+        }
+      }
+    }
+    return ctx.currentStore
+  }
+
+  asyncEnd (ctx) {
+    super.finish()
+  }
+}
+
+function injectTraceContext (tracer, span, event) {
+  if (!event.properties) {
+    event.properties = {}
+  }
+  tracer.inject(span, 'text_map', event.properties)
+}
+
+function batchLinksAreEnabled () {
+  const eh = getEnvironmentVariable('DD_TRACE_AZURE_EVENTHUBS_BATCH_LINKS_ENABLED')
+  return eh !== 'false'
+}
+
+module.exports = AzureEventHubsProducerPlugin

package/packages/datadog-plugin-azure-functions/src/index.js

@@ -13,6 +13,7 @@ const triggerMap = {
   put: 'Http',
   serviceBusQueue: 'ServiceBus',
   serviceBusTopic: 'ServiceBus',
+  eventHub: 'EventHubs',
 }
 
 class AzureFunctionsPlugin extends TracingPlugin {
@@ -25,6 +26,8 @@ class AzureFunctionsPlugin extends TracingPlugin {
   bindStart (ctx) {
     const childOf = extractTraceContext(this._tracer, ctx)
     const meta = getMetaForTrigger(ctx)
+    const triggerType = triggerMap[ctx.methodName]
+    const isMessagingService = (triggerType === 'ServiceBus' || triggerType === 'EventHubs')
     const span = this.startSpan(this.operationName(), {
       childOf,
       service: this.serviceName(),
@@ -32,6 +35,10 @@ class AzureFunctionsPlugin extends TracingPlugin {
       meta,
     }, ctx)
 
+    if (isMessagingService) {
+      setSpanLinks(this.tracer, span, ctx)
+    }
+
     ctx.span = span
     return ctx.currentStore
   }
@@ -86,6 +93,16 @@ function getMetaForTrigger ({ functionName, methodName, invocationContext }) {
       'resource.name': `ServiceBus ${functionName}`,
       'span.kind': 'consumer'
     }
+  } else if (triggerMap[methodName] === 'EventHubs') {
+    const partitionContext = invocationContext.triggerMetadata.triggerPartitionContext
+    meta = {
+      ...meta,
+      'messaging.destination.name': partitionContext.eventHubName,
+      'messaging.operation': 'receive',
+      'messaging.system': 'eventhubs',
+      'resource.name': `EventHubs ${functionName}`,
+      'span.kind': 'consumer'
+    }
   }
 
   return meta
@@ -101,6 +118,26 @@ function extractTraceContext (tracer, ctx) {
       return tracer.extract('http_headers', Object.fromEntries(ctx.httpRequest.headers))
     case 'ServiceBus':
       return tracer.extract('text_map', ctx.invocationContext.triggerMetadata.applicationProperties)
+    default:
+      null
+  }
+}
+
+function setSpanLinks (tracer, span, ctx) {
+  const cardinality = ctx.invocationContext.options.trigger.cardinality
+  const triggerMetadata = ctx.invocationContext.triggerMetadata
+  if (cardinality === 'many' && triggerMetadata.propertiesArray.length > 0) {
+    triggerMetadata.propertiesArray.forEach(event => {
+      // Check for possible empty event when span links are disabled
+      if (Object.keys(event).length > 0) {
+        span.addLink(tracer.extract('text_map', event))
+      }
+    })
+  } else if (cardinality === 'one') {
+    const spanContext = tracer.extract('text_map', triggerMetadata.properties)
+    if (spanContext) {
+      span.addLink(spanContext)
+    }
   }
 }
 

package/packages/datadog-plugin-cucumber/src/index.js

@@ -407,7 +407,7 @@ class CucumberPlugin extends CiPlugin {
     this.addSub('ci:cucumber:is-modified-test', ({
       scenarios,
       testFileAbsolutePath,
-      modifiedTests,
+      modifiedFiles,
       stepIds,
       stepDefinitions,
       setIsModified
@@ -418,7 +418,7 @@ class CucumberPlugin extends CiPlugin {
           testScenarioPath,
           scenario.location.line,
           scenario.steps[scenario.steps.length - 1].location.line,
-          modifiedTests,
+          modifiedFiles,
           'cucumber'
         )
         if (isModified) {
@@ -436,7 +436,7 @@ class CucumberPlugin extends CiPlugin {
           stepDefinition.uri,
           testStartLineStep,
           testEndLineStep,
-          modifiedTests,
+          modifiedFiles,
           'cucumber'
         )
         if (isModified) {

package/packages/datadog-plugin-cypress/src/cypress-plugin.js

@@ -45,7 +45,7 @@ const {
   getLibraryCapabilitiesTags,
   TEST_RETRY_REASON_TYPES,
   getPullRequestDiff,
-  getModifiedTestsFromDiff,
+  getModifiedFilesFromDiff,
   TEST_IS_MODIFIED,
   getPullRequestBaseBranch
 } = require('../../dd-trace/src/plugins/util/test')
@@ -188,7 +188,7 @@ function getTestManagementTests (tracer, testConfiguration) {
   })
 }
 
-function getModifiedTests (testEnvironmentMetadata) {
+function getModifiedFiles (testEnvironmentMetadata) {
   const {
     [GIT_PULL_REQUEST_BASE_BRANCH]: pullRequestBaseBranch,
     [GIT_PULL_REQUEST_BASE_BRANCH_SHA]: pullRequestBaseBranchSha,
@@ -199,9 +199,9 @@ function getModifiedTests (testEnvironmentMetadata) {
 
   if (baseBranchSha) {
     const diff = getPullRequestDiff(baseBranchSha, commitHeadSha)
-    const modifiedTests = getModifiedTestsFromDiff(diff)
-    if (modifiedTests) {
-      return modifiedTests
+    const modifiedFiles = getModifiedFilesFromDiff(diff)
+    if (modifiedFiles) {
+      return modifiedFiles
     }
   }
 
@@ -245,7 +245,7 @@ class CypressPlugin {
   isTestManagementTestsEnabled = false
   testManagementAttemptToFixRetries = 0
   isImpactedTestsEnabled = false
-  modifiedTests = []
+  modifiedFiles = []
 
   constructor () {
     const {
@@ -339,10 +339,10 @@ class CypressPlugin {
 
   getIsTestModified (testSuiteAbsolutePath) {
     const relativeTestSuitePath = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
-    if (!this.modifiedTests) {
+    if (!this.modifiedFiles) {
       return false
     }
-    const lines = this.modifiedTests[relativeTestSuitePath]
+    const lines = this.modifiedFiles[relativeTestSuitePath]
     if (!lines) {
       return false
     }
@@ -520,7 +520,7 @@ class CypressPlugin {
 
     if (this.isImpactedTestsEnabled) {
       try {
-        this.modifiedTests = getModifiedTests(this.testEnvironmentMetadata)
+        this.modifiedFiles = getModifiedFiles(this.testEnvironmentMetadata)
       } catch (error) {
         log.error(error)
         this.isImpactedTestsEnabled = false

package/packages/datadog-plugin-jest/src/util.js

@@ -41,8 +41,11 @@ function getFormattedJestTestParameters (testParameters) {
   return formattedParameters
 }
 
+// Support for `@fast-check/jest`: this library modifies the test name to include the seed
+// A test name that keeps changing breaks some Test Optimization's features.
+const SEED_SUFFIX_RE = /\s*\(with seed=-?\d+\)\s*$/i
 // https://github.com/facebook/jest/blob/3e38157ad5f23fb7d24669d24fae8ded06a7ab75/packages/jest-circus/src/utils.ts#L396
-function getJestTestName (test) {
+function getJestTestName (test, shouldStripSeed = false) {
   const titles = []
   let parent = test
   do {
@@ -50,7 +53,12 @@ function getJestTestName (test) {
   } while ((parent = parent.parent))
 
   titles.shift() // remove TOP_DESCRIBE_BLOCK_NAME
-  return titles.join(' ')
+
+  const testName = titles.join(' ')
+  if (shouldStripSeed) {
+    return testName.replace(SEED_SUFFIX_RE, '')
+  }
+  return testName
 }
 
 function isMarkedAsUnskippable (test) {

package/packages/datadog-plugin-mocha/src/index.js

@@ -169,13 +169,13 @@ class MochaPlugin extends CiPlugin {
       return ctx.currentStore
     })
 
-    this.addSub('ci:mocha:test:is-modified', ({ modifiedTests, file, onDone }) => {
+    this.addSub('ci:mocha:test:is-modified', ({ modifiedFiles, file, onDone }) => {
       const testPath = getTestSuitePath(file, this.repositoryRoot)
       const isModified = isModifiedTest(
         testPath,
         null,
         null,
-        modifiedTests,
+        modifiedFiles,
         this.constructor.id
       )
 

package/packages/datadog-plugin-playwright/src/index.js

@@ -60,11 +60,11 @@ class PlaywrightPlugin extends CiPlugin {
 
     this.addSub('ci:playwright:test:is-modified', ({
       filePath,
-      modifiedTests,
+      modifiedFiles,
       onDone
     }) => {
       const testSuite = getTestSuitePath(filePath, this.repositoryRoot)
-      const isModified = isModifiedTest(testSuite, 0, 0, modifiedTests, this.constructor.id)
+      const isModified = isModifiedTest(testSuite, 0, 0, modifiedFiles, this.constructor.id)
       onDone({ isModified })
     })
 

package/packages/datadog-plugin-vitest/src/index.js

@@ -90,9 +90,9 @@ class VitestPlugin extends CiPlugin {
       onDone(isQuarantined)
     })
 
-    this.addSub('ci:vitest:test:is-modified', ({ modifiedTests, testSuiteAbsolutePath, onDone }) => {
+    this.addSub('ci:vitest:test:is-modified', ({ modifiedFiles, testSuiteAbsolutePath, onDone }) => {
       const testSuite = getTestSuitePath(testSuiteAbsolutePath, this.repositoryRoot)
-      const isModified = isModifiedTest(testSuite, 0, 0, modifiedTests, this.constructor.id)
+      const isModified = isModifiedTest(testSuite, 0, 0, modifiedFiles, this.constructor.id)
 
       onDone(isModified)
     })

package/packages/datadog-plugin-ws/src/server.js

@@ -21,8 +21,10 @@ class WSServerPlugin extends TracingPlugin {
 
     const protocol = `${getRequestProtocol(req)}:`
     const host = options.headers.host
-    const path = req.url
-    const uri = `${protocol}//${host}${path}`
+    const url = req.url
+    const indexOfParam = url.indexOf('?')
+    const route = indexOfParam === -1 ? url : url.slice(0, indexOfParam)
+    const uri = `${protocol}//${host}${route}`
 
     ctx.args = { options }
 
@@ -34,7 +36,7 @@ class WSServerPlugin extends TracingPlugin {
         'http.upgraded': 'websocket',
         'http.method': options.method,
         'http.url': uri,
-        'resource.name': `${options.method} ${path}`,
+        'resource.name': `${options.method} ${route}`,
         'span.kind': 'server'
 
       }

package/packages/dd-trace/src/appsec/reporter.js

@@ -38,14 +38,20 @@ const config = {
 
 const metricsQueue = new Map()
 
+const extendedDataCollectionRequest = new WeakMap()
+
 // following header lists are ordered in the same way the spec orders them, it doesn't matter but it's easier to compare
 const contentHeaderList = [
   'content-length',
-  'content-type',
   'content-encoding',
   'content-language'
 ]
 
+const responseHeaderList = [
+  ...contentHeaderList,
+  'content-type'
+]
+
 const identificationHeaders = [
   'x-amzn-trace-id',
   'cloudfront-viewer-ja3-fingerprint',
@@ -75,15 +81,27 @@ const requestHeadersList = [
   ...identificationHeaders
 ]
 
+const redactedHeadersList = [
+  'authorization',
+  'proxy-authorization',
+  'www-authenticate',
+  'proxy-authenticate',
+  'authentication-info',
+  'proxy-authentication-info',
+  'cookie',
+  'set-cookie'
+]
+
 // these request headers are always collected - it breaks the expected spec orders
 const REQUEST_HEADERS_MAP = mapHeaderAndTags(requestHeadersList, REQUEST_HEADER_TAG_PREFIX)
 
 const EVENT_HEADERS_MAP = mapHeaderAndTags(eventHeadersList, REQUEST_HEADER_TAG_PREFIX)
 
-const RESPONSE_HEADERS_MAP = mapHeaderAndTags(contentHeaderList, RESPONSE_HEADER_TAG_PREFIX)
+const RESPONSE_HEADERS_MAP = mapHeaderAndTags(responseHeaderList, RESPONSE_HEADER_TAG_PREFIX)
 
 const NON_EXTENDED_REQUEST_HEADERS = new Set([...requestHeadersList, ...eventHeadersList])
-const NON_EXTENDED_RESPONSE_HEADERS = new Set(contentHeaderList)
+const NON_EXTENDED_RESPONSE_HEADERS = new Set(responseHeaderList)
+const REDACTED_HEADERS = new Set(redactedHeadersList)
 
 function init (_config) {
   config.headersExtendedCollectionEnabled = _config.extendedHeadersCollection.enabled
@@ -132,7 +150,9 @@ function filterExtendedHeaders (headers, excludedHeaderNames, tagPrefix, limit =
   for (const [headerName, headerValue] of Object.entries(headers)) {
     if (counter >= limit) break
     if (!excludedHeaderNames.has(headerName)) {
-      result[getHeaderTag(tagPrefix, headerName)] = String(headerValue)
+      result[getHeaderTag(tagPrefix, headerName)] = REDACTED_HEADERS.has(headerName)
+        ? '<redacted>'
+        : String(headerValue)
       counter++
     }
   }
@@ -140,7 +160,7 @@ function filterExtendedHeaders (headers, excludedHeaderNames, tagPrefix, limit =
   return result
 }
 
-function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedResponseHeaders = {}) {
+function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedResponseHeaders = {}, extendedDataCollection) {
   // Mandatory
   const mandatoryCollectedHeaders = filterHeaders(req.headers, REQUEST_HEADERS_MAP)
 
@@ -154,7 +174,8 @@ function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedRespons
   const requestEventCollectedHeaders = filterHeaders(req.headers, EVENT_HEADERS_MAP)
   const responseEventCollectedHeaders = filterHeaders(responseHeaders, RESPONSE_HEADERS_MAP)
 
-  if (!config.headersExtendedCollectionEnabled || config.headersRedaction) {
+  // TODO headersExtendedCollectionEnabled and headersRedaction properties are deprecated to delete in a major
+  if ((!config.headersExtendedCollectionEnabled || config.headersRedaction) && !extendedDataCollection) {
     // Standard collection
     return Object.assign(
       mandatoryCollectedHeaders,
@@ -163,12 +184,15 @@ function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedRespons
     )
   }
 
+  // TODO config.maxHeadersCollected is deprecated to delete in a major
+  const maxHeadersCollected = extendedDataCollection?.max_collected_headers ?? config.maxHeadersCollected
+
   // Extended collection
-  const requestExtendedHeadersAvailableCount =
-    config.maxHeadersCollected -
-    Object.keys(mandatoryCollectedHeaders).length -
+  const collectedHeadersCount = Object.keys(mandatoryCollectedHeaders).length +
     Object.keys(requestEventCollectedHeaders).length
 
+  const requestExtendedHeadersAvailableCount = maxHeadersCollected - collectedHeadersCount
+
   const requestEventExtendedCollectedHeaders =
     filterExtendedHeaders(
       req.headers,
@@ -178,7 +202,7 @@ function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedRespons
     )
 
   const responseExtendedHeadersAvailableCount =
-    config.maxHeadersCollected -
+    maxHeadersCollected -
     Object.keys(responseEventCollectedHeaders).length
 
   const responseEventExtendedCollectedHeaders =
@@ -199,15 +223,15 @@ function getCollectedHeaders (req, res, shouldCollectEventHeaders, storedRespons
 
   // Check discarded headers
   const requestHeadersCount = Object.keys(req.headers).length
-  if (requestHeadersCount > config.maxHeadersCollected) {
+  if (requestHeadersCount > maxHeadersCollected) {
     headersTags['_dd.appsec.request.header_collection.discarded'] =
-      requestHeadersCount - config.maxHeadersCollected
+      requestHeadersCount - maxHeadersCollected
   }
 
   const responseHeadersCount = Object.keys(responseHeaders).length
-  if (responseHeadersCount > config.maxHeadersCollected) {
+  if (responseHeadersCount > maxHeadersCollected) {
     headersTags['_dd.appsec.response.header_collection.discarded'] =
-      responseHeadersCount - config.maxHeadersCollected
+      responseHeadersCount - maxHeadersCollected
   }
 
   return headersTags
@@ -307,7 +331,7 @@ function reportTruncationMetrics (rootSpan, metrics) {
   }
 }
 
-function reportAttack (attackData) {
+function reportAttack ({ events: attackData, actions }) {
   const store = storage('legacy').getStore()
   const req = store?.req
   const rootSpan = web.root(req)
@@ -338,8 +362,14 @@ function reportAttack (attackData) {
 
   rootSpan.addTags(newTags)
 
+  // TODO this should be deleted in a major
   if (config.raspBodyCollection && isRaspAttack(attackData)) {
-    reportRequestBody(rootSpan, req.body)
+    reportRequestBody(rootSpan, req.body, true)
+  }
+
+  const extendedDataCollection = actions?.extended_data_collection
+  if (extendedDataCollection) {
+    extendedDataCollectionRequest.set(req, extendedDataCollection)
   }
 }
 
@@ -398,18 +428,29 @@ function truncateRequestBody (target, depth = 0) {
   }
 }
 
-function reportRequestBody (rootSpan, requestBody) {
-  if (!requestBody) return
+function reportRequestBody (rootSpan, requestBody, comesFromRaspAction = false) {
+  if (!requestBody || Object.keys(requestBody).length === 0) return
 
   if (!rootSpan.meta_struct) {
     rootSpan.meta_struct = {}
   }
 
-  if (!rootSpan.meta_struct['http.request.body']) {
+  if (rootSpan.meta_struct['http.request.body']) {
+    // If the rasp.exceed metric exists, set also the same for the new tag
+    const currentTags = rootSpan.context()._tags
+    const sizeExceedTagValue = currentTags['_dd.appsec.rasp.request_body_size.exceeded']
+
+    if (sizeExceedTagValue) {
+      rootSpan.setTag('_dd.appsec.request_body_size.exceeded', sizeExceedTagValue)
+    }
+  } else {
     const { truncated, value } = truncateRequestBody(requestBody)
     rootSpan.meta_struct['http.request.body'] = value
     if (truncated) {
-      rootSpan.setTag('_dd.appsec.rasp.request_body_size.exceeded', 'true')
+      const sizeExceedTagKey = comesFromRaspAction
+        ? '_dd.appsec.rasp.request_body_size.exceeded' // TODO old metric to delete in a major
+        : '_dd.appsec.request_body_size.exceeded'
+      rootSpan.setTag(sizeExceedTagKey, 'true')
     }
   }
 }
@@ -496,7 +537,15 @@ function finishRequest (req, res, storedResponseHeaders) {
 
   const tags = rootSpan.context()._tags
 
-  const newTags = getCollectedHeaders(req, res, shouldCollectEventHeaders(tags), storedResponseHeaders)
+  const extendedDataCollection = extendedDataCollectionRequest.get(req)
+  const newTags = getCollectedHeaders(
+    req, res, shouldCollectEventHeaders(tags), storedResponseHeaders, extendedDataCollection
+  )
+
+  if (extendedDataCollection) {
+    // TODO add support for fastify, req.body is not available in fastify
+    reportRequestBody(rootSpan, req.body)
+  }
 
   if (tags['appsec.event'] === 'true' && typeof req.route?.path === 'string') {
     newTags['http.endpoint'] = req.route.path

package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js

@@ -141,7 +141,7 @@ class WAFContextWrapper {
       metrics.wafTimeout = result.timeout
 
       if (ruleTriggered) {
-        Reporter.reportAttack(result.events)
+        Reporter.reportAttack(result)
       }
 
       Reporter.reportAttributes(result.attributes)