dd-trace 5.73.0 → 5.75.0

package/packages/dd-trace/src/config_defaults.js

@@ -2,7 +2,7 @@
 
 const pkg = require('./pkg')
 const { GRPC_CLIENT_ERROR_STATUSES, GRPC_SERVER_ERROR_STATUSES } = require('./constants')
-const { getEnvironmentVariables } = require('./config-helper')
+const { getEnvironmentVariable: getEnv } = require('./config-helper')
 
 // eslint-disable-next-line @stylistic/max-len
 const qsRegex = String.raw`(?:p(?:ass)?w(?:or)?d|pass(?:_?phrase)?|secret|(?:api_?|private_?|public_?|access_?|secret_?)key(?:_?id)?|token|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)(?:(?:\s|%20)*(?:=|%3D)[^&]+|(?:"|%22)(?:\s|%20)*(?::|%3A)(?:\s|%20)*(?:"|%22)(?:%2[^2]|%[^2]|[^"%])+(?:"|%22))|bearer(?:\s|%20)+[a-z0-9\._\-]+|token(?::|%3A)[a-z0-9]{13}|gh[opsu]_[0-9a-zA-Z]{36}|ey[I-L](?:[\w=-]|%3D)+\.ey[I-L](?:[\w=-]|%3D)+(?:\.(?:[\w.+\/=-]|%3D|%2F|%2B)+)?|[\-]{5}BEGIN(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY[\-]{5}[^\-]+[\-]{5}END(?:[a-z\s]|%20)+PRIVATE(?:\s|%20)KEY|ssh-rsa(?:\s|%20)*(?:[a-z0-9\/\.+]|%2F|%5C|%2B){100,}`
@@ -11,21 +11,16 @@ const defaultWafObfuscatorKeyRegex = String.raw`(?i)pass|pw(?:or)?d|secret|(?:ap
 // eslint-disable-next-line @stylistic/max-len
 const defaultWafObfuscatorValueRegex = String.raw`(?i)(?:p(?:ass)?w(?:or)?d|pass(?:[_-]?phrase)?|secret(?:[_-]?key)?|(?:(?:api|private|public|access)[_-]?)key(?:[_-]?id)?|(?:(?:auth|access|id|refresh)[_-]?)?token|consumer[_-]?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?|jsessionid|phpsessid|asp\.net(?:[_-]|-)sessionid|sid|jwt)(?:\s*=([^;&]+)|"\s*:\s*("[^"]+"|\d+))|bearer\s+([a-z0-9\._\-]+)|token\s*:\s*([a-z0-9]{13})|gh[opsu]_([0-9a-zA-Z]{36})|ey[I-L][\w=-]+\.(ey[I-L][\w=-]+(?:\.[\w.+\/=-]+)?)|[\-]{5}BEGIN[a-z\s]+PRIVATE\sKEY[\-]{5}([^\-]+)[\-]{5}END[a-z\s]+PRIVATE\sKEY|ssh-rsa\s*([a-z0-9\/\.+]{100,})`
 
-const {
-  AWS_LAMBDA_FUNCTION_NAME,
-  FUNCTION_NAME,
-  K_SERVICE,
-  WEBSITE_SITE_NAME
-} = getEnvironmentVariables()
-
-const service = AWS_LAMBDA_FUNCTION_NAME ||
-  FUNCTION_NAME || // Google Cloud Function Name set by deprecated runtimes
-  K_SERVICE || // Google Cloud Function Name set by newer runtimes
-  WEBSITE_SITE_NAME || // set by Azure Functions
+const service = getEnv('AWS_LAMBDA_FUNCTION_NAME') ||
+  getEnv('FUNCTION_NAME') || // Google Cloud Function Name set by deprecated runtimes
+  getEnv('K_SERVICE') || // Google Cloud Function Name set by newer runtimes
+  getEnv('WEBSITE_SITE_NAME') || // set by Azure Functions
   pkg.name ||
   'node'
 
 module.exports = {
+  apiKey: undefined,
+  appKey: undefined,
   apmTracingEnabled: true,
   'appsec.apiSecurity.enabled': true,
   'appsec.apiSecurity.sampleDelay': 30,
@@ -57,6 +52,10 @@ module.exports = {
   baggageTagKeys: 'user.id,session.id,account.id',
   clientIpEnabled: false,
   clientIpHeader: null,
+  'cloudPayloadTagging.requestsEnabled': false,
+  'cloudPayloadTagging.responsesEnabled': false,
+  'cloudPayloadTagging.maxDepth': 10,
+  'cloudPayloadTagging.rules': [],
   'crashtracking.enabled': true,
   'codeOriginForSpans.enabled': true,
   'codeOriginForSpans.experimental.exit_spans.enabled': false,
@@ -102,6 +101,9 @@ module.exports = {
   'iast.telemetryVerbosity': 'INFORMATION',
   'iast.stackTrace.enabled': true,
   injectionEnabled: [],
+  'installSignature.id': null,
+  'installSignature.time': null,
+  'installSignature.type': null,
   instrumentationSource: 'manual',
   injectForce: null,
   isAzureFunction: false,

package/packages/dd-trace/src/plugins/util/ci.js

@@ -95,10 +95,11 @@ function normalizeNumber (number) {
 }
 
 function getGitHubEventPayload () {
-  if (!getEnvironmentVariable('GITHUB_EVENT_PATH')) {
+  const path = getEnvironmentVariable('GITHUB_EVENT_PATH')
+  if (!path) {
     return
   }
-  return JSON.parse(readFileSync(getEnvironmentVariable('GITHUB_EVENT_PATH'), 'utf8'))
+  return JSON.parse(readFileSync(path, 'utf8'))
 }
 
 module.exports = {

package/packages/dd-trace/src/plugins/util/stacktrace.js

@@ -1,12 +1,22 @@
 'use strict'
 
-const { relative, sep } = require('path')
+const { relative, sep, join } = require('path')
 
 const cwd = process.cwd()
 
 const NODE_MODULES_PATTERN_MIDDLE = `${sep}node_modules${sep}`
 const NODE_MODULES_PATTERN_START = `node_modules${sep}`
 
+/**
+ * We detect if we're running inside the dd-trace-js repo by checking if the
+ * current file path ends with the expected path structure from the repo root.
+ * This is needed for local and CI where dd-trace-js is not in node_modules.
+ * In production, these frames are already filtered by isNodeModulesFrame.
+ */
+const SHOULD_FILTER_DD_TRACE_INSTRUMENTAION = __filename.endsWith(
+  join(sep, 'dd-trace-js', 'packages', 'dd-trace', 'src', 'plugins', 'util', 'stacktrace.js')
+)
+
 module.exports = {
   getCallSites,
   parseUserLandFrames
@@ -90,6 +100,7 @@ function parseLine (stack, start, end) {
   [fileName, lineNumber, columnNumber, index] = result
 
   if (isNodeModulesFrame(fileName)) return
+  if (SHOULD_FILTER_DD_TRACE_INSTRUMENTAION && isDDInstrumentationFile(fileName)) return
 
   // parse method name
   let methodName, functionName
@@ -153,6 +164,10 @@ function isNodeModulesFrame (fileName) {
   return relativePath.startsWith(NODE_MODULES_PATTERN_START) || relativePath.includes(NODE_MODULES_PATTERN_MIDDLE)
 }
 
+function isDDInstrumentationFile (fileName) {
+  return fileName.includes(`packages${sep}datadog-instrumentations${sep}src`)
+}
+
 /**
  * A stack trace location can be in one of the following formats:
  *

package/packages/dd-trace/src/proxy.js

@@ -164,7 +164,7 @@ class Tracer extends NoopProxy {
           rc.setProductHandler('FFE_FLAGS', (action, conf) => {
             // Feed UFC config directly to OpenFeature provider
             if (action === 'apply' || action === 'modify') {
-              this.openfeature._setConfiguration(conf.flag_configuration)
+              this.openfeature._setConfiguration(conf)
             }
           })
         }

package/packages/dd-trace/src/supported-configurations.json

@@ -282,6 +282,7 @@
     "DD_TRACE_FASTIFY_ENABLED": ["A"],
     "DD_TRACE_FETCH_ENABLED": ["A"],
     "DD_TRACE_FIND_MY_WAY_ENABLED": ["A"],
+    "DD_TRACE_FLUSH_INTERVAL": ["A"],
     "DD_TRACE_FS_ENABLED": ["A"],
     "DD_TRACE_GENERIC_POOL_ENABLED": ["A"],
     "DD_TRACE_GIT_METADATA_ENABLED": ["A"],

package/packages/dd-trace/src/telemetry/endpoints.js

@@ -4,6 +4,8 @@ const dc = require('dc-polyfill')
 const { sendData } = require('./send-data')
 
 const fastifyRouteCh = dc.channel('apm:fastify:route:added')
+const expressRouteCh = dc.channel('apm:express:route:added')
+const routerRouteCh = dc.channel('apm:router:route:added')
 
 let config
 let application
@@ -16,6 +18,7 @@ let updateRetryData
  * Map key is `${METHOD} ${PATH}`, value is { method, path }
  */
 const pendingEndpoints = new Map()
+const wildcardEndpoints = new Set()
 let flushScheduled = false
 let isFirstPayload = true
 
@@ -42,12 +45,31 @@ function onFastifyRoute (routeData) {
   if (!routeOptions?.path) return
 
   const methods = Array.isArray(routeOptions.method) ? routeOptions.method : [routeOptions.method]
-
   for (const method of methods) {
     recordEndpoint(method, routeOptions.path)
   }
 }
 
+function onExpressRoute ({ method, path }) {
+  if (!method || !path) return
+
+  // If wildcard already recorded for this path, skip specific methods
+  if (wildcardEndpoints.has(path)) return
+
+  recordEndpoint(method, path)
+
+  // If this is a wildcard event, record it and mark path as wildcarded
+  if (method === '*') {
+    wildcardEndpoints.add(path)
+    return
+  }
+
+  // Express automatically adds HEAD support for GET routes
+  if (method.toUpperCase() === 'GET') {
+    recordEndpoint('HEAD', path)
+  }
+}
+
 function buildEndpointObjects (endpoints) {
   return endpoints.map(({ method, path }) => {
     return {
@@ -108,10 +130,14 @@ function start (_config = {}, _application, _host, getRetryDataFunction, updateR
   updateRetryData = updateRetryDataFunction
 
   fastifyRouteCh.subscribe(onFastifyRoute)
+  expressRouteCh.subscribe(onExpressRoute)
+  routerRouteCh.subscribe(onExpressRoute)
 }
 
 function stop () {
   fastifyRouteCh.unsubscribe(onFastifyRoute)
+  expressRouteCh.unsubscribe(onExpressRoute)
+  routerRouteCh.unsubscribe(onExpressRoute)
 
   pendingEndpoints.clear()
   flushScheduled = false

package/packages/dd-trace/src/telemetry/index.js

@@ -1,23 +1,26 @@
 'use strict'
 
-const activate = () => {
-  const active = require('./telemetry')
+let telemetry
 
-  return Object.setPrototypeOf(module.exports, active)
-}
-
-const inactive = {
+// Lazy load the telemetry module to avoid the performance impact of loading it unconditionally
+module.exports = {
   start (config, ...args) {
-    return config?.telemetry?.enabled && activate().start(config, ...args)
+    telemetry ??= require('./telemetry')
+    telemetry.start(config, ...args)
+  },
+  stop () {
+    telemetry?.stop()
   },
-  stop () {},
   // This might be called before `start` so we have to trigger loading the
   // underlying module here as well.
   updateConfig (changes, config, ...args) {
-    return config?.telemetry?.enabled && activate().updateConfig(changes, config, ...args)
+    telemetry ??= require('./telemetry')
+    telemetry.updateConfig(changes, config, ...args)
   },
-  updateIntegrations () {},
-  appClosing () {}
+  updateIntegrations () {
+    telemetry?.updateIntegrations()
+  },
+  appClosing () {
+    telemetry?.appClosing()
+  }
 }
-
-module.exports = Object.setPrototypeOf({}, inactive)

package/packages/dd-trace/src/telemetry/logs/log-collector.js

@@ -41,12 +41,14 @@ function sanitize (logEntry) {
 
   const firstIndex = stackLines.findIndex(l => l.match(STACK_FRAME_LINE_REGEX))
 
-  const isDDCode = firstIndex !== -1 && stackLines[firstIndex].includes(ddBasePath)
+  // Filter to keep only DD frames
   stackLines = stackLines
-    .filter((line, index) => (isDDCode && index < firstIndex) || line.includes(ddBasePath))
+    .filter((line, index) => index >= firstIndex && line.includes(ddBasePath))
     .map(line => line.replace(ddBasePath, ''))
 
-  if (!isDDCode && logEntry.errorType && stackLines.length) {
+  // ALWAYS redact error messages (RFC requirement: exception type only, no message)
+  // This handles single-line and multi-line error messages
+  if (logEntry.errorType && stackLines.length) {
     stackLines = [`${logEntry.errorType}: redacted`, ...stackLines]
   }
 

package/register.js

@@ -5,14 +5,4 @@
 const { register } = require('node:module')
 const { pathToFileURL } = require('node:url')
 
-register('./loader-hook.mjs', pathToFileURL(__filename), {
-  data: {
-    exclude: [
-      /langsmith/,
-      /openai\/_shims/,
-      /openai\/resources\/chat\/completions\/messages/,
-      /openai\/agents-core\/dist\/shims/,
-      /@anthropic-ai\/sdk\/_shims/
-    ]
-  }
-})
+register('./loader-hook.mjs', pathToFileURL(__filename))

package/scripts/preinstall.js

@@ -17,7 +17,9 @@ const nodeMajor = Number(process.versions.node.split('.')[0])
 
 const min = Number(requirePackageJson(path.join(__dirname, '..')).engines.node.match(/\d+/)[0])
 
-const hasIgnoreEngines = npmArgv &&
+// Most package managers don't support `npm_config_argv`, so we need a custom
+// flag to allow installing dd-trace on unsupported engines.
+const hasIgnoreEngines = process.env._DD_IGNORE_ENGINES === 'true' || npmArgv &&
   npmArgv.original &&
   npmArgv.original.includes('--ignore-engines')
 

package/version.js

@@ -13,5 +13,6 @@ module.exports = {
   DD_PATCH: parseInt(ddMatches[3]),
   NODE_MAJOR: parseInt(nodeMatches[1]),
   NODE_MINOR: parseInt(nodeMatches[2]),
-  NODE_PATCH: parseInt(nodeMatches[3])
+  NODE_PATCH: parseInt(nodeMatches[3]),
+  NODE_VERSION: nodeMatches[0]
 }