npm - dd-trace - Versions diffs - 5.80.0 → 5.82.0 - Mend

dd-trace 5.80.0 → 5.82.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (460) hide show

package/packages/datadog-plugin-ws/src/close.js CHANGED Viewed

@@ -1,6 +1,16 @@
 'use strict'
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing.js')
+const {
+  WEBSOCKET_PTR_KIND,
+  SPAN_POINTER_DIRECTION,
+  SPAN_POINTER_DIRECTION_NAME
+} = require('../../dd-trace/src/constants')
+const {
+  incrementWebSocketCounter,
+  buildWebSocketSpanPointerHash,
+  hasDistributedTracingContext
+} = require('./util')
 class WSClosePlugin extends TracingPlugin {
   static get id () { return 'ws' }
@@ -10,11 +20,9 @@ class WSClosePlugin extends TracingPlugin {
   bindStart (ctx) {
     const {
-      traceWebsocketMessagesEnabled,
       traceWebsocketMessagesInheritSampling,
       traceWebsocketMessagesSeparateTraces
     } = this.config
-    if (!traceWebsocketMessagesEnabled) return
     const { code, data, socket, isPeerClose } = ctx
     if (!socket?.spanContext) return
@@ -60,7 +68,52 @@ class WSClosePlugin extends TracingPlugin {
   end (ctx) {
     if (!Object.hasOwn(ctx, 'result') || !ctx.span) return
-    if (ctx.socket.spanContext) ctx.span.addLink({ context: ctx.socket.spanContext })
+    if (ctx.socket.spanContext) {
+      const linkAttributes = {}
+      // Determine link kind based on whether this is peer close (incoming) or self close (outgoing)
+      const isIncoming = ctx.isPeerClose
+      linkAttributes['dd.kind'] = isIncoming ? 'executed_by' : 'resuming'
+      // Add span pointer for context propagation
+      if (this.config.traceWebsocketMessagesEnabled && ctx.socket.handshakeSpan) {
+        const handshakeSpan = ctx.socket.handshakeSpan
+        // Only add span pointers if distributed tracing is enabled and handshake has distributed context
+        if (hasDistributedTracingContext(handshakeSpan, ctx.socket)) {
+          const counterType = isIncoming ? 'receiveCounter' : 'sendCounter'
+          const counter = incrementWebSocketCounter(ctx.socket, counterType)
+          const handshakeContext = handshakeSpan.context()
+          const ptrHash = buildWebSocketSpanPointerHash(
+            handshakeContext._traceId,
+            handshakeContext._spanId,
+            counter,
+            true, // isServer
+            isIncoming
+          )
+          const directionName = isIncoming
+            ? SPAN_POINTER_DIRECTION_NAME.UPSTREAM
+            : SPAN_POINTER_DIRECTION_NAME.DOWNSTREAM
+          const direction = isIncoming
+            ? SPAN_POINTER_DIRECTION.UPSTREAM
+            : SPAN_POINTER_DIRECTION.DOWNSTREAM
+          // Add span pointer attributes to link
+          linkAttributes['link.name'] = directionName
+          linkAttributes['dd.kind'] = 'span-pointer'
+          linkAttributes['ptr.kind'] = WEBSOCKET_PTR_KIND
+          linkAttributes['ptr.dir'] = direction
+          linkAttributes['ptr.hash'] = ptrHash
+        }
+      }
+      ctx.span.addLink({
+        context: ctx.socket.spanContext,
+        attributes: linkAttributes
+      })
+    }
     ctx.span.finish()
   }

package/packages/datadog-plugin-ws/src/index.js CHANGED Viewed

@@ -19,6 +19,10 @@ class WSPlugin extends CompositePlugin {
   }
   configure (config) {
+    if (!config.traceWebsocketMessagesEnabled) {
+      super.configure(false)
+      return
+    }
     return super.configure(config)
   }
 }

package/packages/datadog-plugin-ws/src/producer.js CHANGED Viewed

@@ -1,6 +1,16 @@
 'use strict'
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing.js')
+const {
+  WEBSOCKET_PTR_KIND,
+  SPAN_POINTER_DIRECTION,
+  SPAN_POINTER_DIRECTION_NAME
+} = require('../../dd-trace/src/constants')
+const {
+  incrementWebSocketCounter,
+  buildWebSocketSpanPointerHash,
+  hasDistributedTracingContext
+} = require('./util')
 class WSProducerPlugin extends TracingPlugin {
   static get id () { return 'ws' }
@@ -9,9 +19,6 @@ class WSProducerPlugin extends TracingPlugin {
   static get kind () { return 'producer' }
   bindStart (ctx) {
-    const messagesEnabled = this.config.traceWebsocketMessagesEnabled
-    if (!messagesEnabled) return
     const { byteLength, socket, binary } = ctx
     if (!socket.spanContext) return
@@ -51,9 +58,37 @@ class WSProducerPlugin extends TracingPlugin {
     if (!Object.hasOwn(ctx, 'result') || !ctx.span) return
     if (ctx.socket.spanContext) {
+      const linkAttributes = { 'dd.kind': 'resuming' }
+      // Add span pointer for context propagation
+      if (this.config.traceWebsocketMessagesEnabled && ctx.socket.handshakeSpan) {
+        const handshakeSpan = ctx.socket.handshakeSpan
+        // Only add span pointers if distributed tracing is enabled and handshake has distributed context
+        if (hasDistributedTracingContext(handshakeSpan, ctx.socket)) {
+          const counter = incrementWebSocketCounter(ctx.socket, 'sendCounter')
+          const handshakeContext = handshakeSpan.context()
+          const ptrHash = buildWebSocketSpanPointerHash(
+            handshakeContext._traceId,
+            handshakeContext._spanId,
+            counter,
+            true, // isServer
+            false // isIncoming (this is outgoing)
+          )
+          // Add span pointer attributes to link
+          linkAttributes['link.name'] = SPAN_POINTER_DIRECTION_NAME.DOWNSTREAM
+          linkAttributes['dd.kind'] = 'span-pointer'
+          linkAttributes['ptr.kind'] = WEBSOCKET_PTR_KIND
+          linkAttributes['ptr.dir'] = SPAN_POINTER_DIRECTION.DOWNSTREAM
+          linkAttributes['ptr.hash'] = ptrHash
+        }
+      }
       ctx.span.addLink({
         context: ctx.socket.spanContext,
-        attributes: { 'dd.kind': 'resuming' },
+        attributes: linkAttributes,
       })
     }

package/packages/datadog-plugin-ws/src/receiver.js CHANGED Viewed

@@ -1,6 +1,16 @@
 'use strict'
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing.js')
+const {
+  WEBSOCKET_PTR_KIND,
+  SPAN_POINTER_DIRECTION,
+  SPAN_POINTER_DIRECTION_NAME
+} = require('../../dd-trace/src/constants')
+const {
+  incrementWebSocketCounter,
+  buildWebSocketSpanPointerHash,
+  hasDistributedTracingContext
+} = require('./util')
 class WSReceiverPlugin extends TracingPlugin {
   static get id () { return 'ws' }
@@ -10,11 +20,9 @@ class WSReceiverPlugin extends TracingPlugin {
   bindStart (ctx) {
     const {
-      traceWebsocketMessagesEnabled,
       traceWebsocketMessagesInheritSampling,
       traceWebsocketMessagesSeparateTraces
     } = this.config
-    if (!traceWebsocketMessagesEnabled) return
     const { byteLength, socket, binary } = ctx
     if (!socket.spanContext) return
@@ -61,9 +69,37 @@ class WSReceiverPlugin extends TracingPlugin {
     if (!Object.hasOwn(ctx, 'result') || !ctx.span) return
     if (ctx.socket.spanContext) {
+      const linkAttributes = { 'dd.kind': 'executed_by' }
+      // Add span pointer for context propagation
+      if (this.config.traceWebsocketMessagesEnabled && ctx.socket.handshakeSpan) {
+        const handshakeSpan = ctx.socket.handshakeSpan
+        // Only add span pointers if distributed tracing is enabled and handshake has distributed context
+        if (hasDistributedTracingContext(handshakeSpan, ctx.socket)) {
+          const counter = incrementWebSocketCounter(ctx.socket, 'receiveCounter')
+          const handshakeContext = handshakeSpan.context()
+          const ptrHash = buildWebSocketSpanPointerHash(
+            handshakeContext._traceId,
+            handshakeContext._spanId,
+            counter,
+            true, // isServer
+            true // isIncoming
+          )
+          // Add span pointer attributes to link
+          linkAttributes['link.name'] = SPAN_POINTER_DIRECTION_NAME.UPSTREAM
+          linkAttributes['dd.kind'] = 'span-pointer'
+          linkAttributes['ptr.kind'] = WEBSOCKET_PTR_KIND
+          linkAttributes['ptr.dir'] = SPAN_POINTER_DIRECTION.UPSTREAM
+          linkAttributes['ptr.hash'] = ptrHash
+        }
+      }
       ctx.span.addLink({
         context: ctx.socket.spanContext,
-        attributes: { 'dd.kind': 'executed_by' },
+        attributes: linkAttributes,
       })
     }

package/packages/datadog-plugin-ws/src/server.js CHANGED Viewed

@@ -2,6 +2,8 @@
 const TracingPlugin = require('../../dd-trace/src/plugins/tracing.js')
 const tags = require('../../../ext/tags.js')
+const { FORMAT_HTTP_HEADERS } = require('../../../ext/formats')
+const { initWebSocketMessageCounters } = require('./util')
 const HTTP_STATUS_CODE = tags.HTTP_STATUS_CODE
@@ -28,9 +30,13 @@ class WSServerPlugin extends TracingPlugin {
     ctx.args = { options }
+    // Extract distributed tracing context from request headers
+    const childOf = this.tracer.extract(FORMAT_HTTP_HEADERS, req.headers)
     const service = this.serviceName({ pluginConfig: this.config })
     const span = this.startSpan(this.operationName(), {
       service,
+      childOf,
       meta: {
         'span.type': 'websocket',
         'http.upgraded': 'websocket',
@@ -38,7 +44,6 @@ class WSServerPlugin extends TracingPlugin {
         'http.url': uri,
         'resource.name': `${options.method} ${route}`,
         'span.kind': 'server'
       }
     }, ctx)
@@ -46,6 +51,13 @@ class WSServerPlugin extends TracingPlugin {
     ctx.socket.spanContext = ctx.span._spanContext
     ctx.socket.spanContext.spanTags = ctx.span._spanContext._tags
+    // Store the handshake span for use in message span pointers
+    ctx.socket.handshakeSpan = ctx.span
+    // Store the request headers for distributed tracing check
+    ctx.socket.requestHeaders = req.headers
+    // Initialize message counters for span pointers
+    initWebSocketMessageCounters(ctx.socket)
     return ctx.currentStore
   }

package/packages/datadog-plugin-ws/src/util.js ADDED Viewed

@@ -0,0 +1,107 @@
+'use strict'
+// WeakMap to store message counters per socket without mutating the socket object
+const socketCounters = new WeakMap()
+/**
+ * Initializes WebSocket message counters for a socket.
+ * @param {object} socket - The WebSocket socket object
+ */
+function initWebSocketMessageCounters (socket) {
+  if (!socketCounters.has(socket)) {
+    socketCounters.set(socket, {
+      receiveCounter: 0,
+      sendCounter: 0
+    })
+  }
+}
+/**
+ * Increments and returns the WebSocket message counter.
+ * @param {object} socket - The WebSocket socket object
+ * @param {string} counterType - Either 'receiveCounter' or 'sendCounter'
+ * @returns {number} The incremented counter value
+ */
+function incrementWebSocketCounter (socket, counterType) {
+  if (!socketCounters.has(socket)) {
+    initWebSocketMessageCounters(socket)
+  }
+  const counters = socketCounters.get(socket)
+  counters[counterType]++
+  return counters[counterType]
+}
+/**
+ * Builds a WebSocket span pointer hash.
+ *
+ * Format: <prefix><128 bit hex trace id><64 bit hex span id><32 bit hex counter>
+ * Prefix: 'S' for server outgoing or client incoming, 'C' for server incoming or client outgoing
+ *
+ * @param {bigint} handshakeTraceId - The trace ID from the handshake span (as a BigInt)
+ * @param {bigint} handshakeSpanId - The span ID from the handshake span (as a BigInt)
+ * @param {number} counter - The message counter
+ * @param {boolean} isServer - Whether this is a server (true) or client (false)
+ * @param {boolean} isIncoming - Whether this is an incoming message (true) or outgoing (false)
+ * @returns {string} The span pointer hash
+ */
+function buildWebSocketSpanPointerHash (handshakeTraceId, handshakeSpanId, counter, isServer, isIncoming) {
+  // Determine prefix based on server/client and incoming/outgoing
+  // Server outgoing or client incoming: 'S'
+  // Server incoming or client outgoing: 'C'
+  const prefix = (isServer && !isIncoming) || (!isServer && isIncoming) ? 'S' : 'C'
+  // Pad trace ID to 32 hex chars (128 bits)
+  const traceIdHex = handshakeTraceId.toString(16).padStart(32, '0')
+  // Pad span ID to 16 hex chars (64 bits)
+  const spanIdHex = handshakeSpanId.toString(16).padStart(16, '0')
+  // Pad counter to 8 hex chars (32 bits)
+  const counterHex = counter.toString(16).padStart(8, '0')
+  return `${prefix}${traceIdHex}${spanIdHex}${counterHex}`
+}
+/**
+ * Checks if the handshake span has extracted distributed tracing context.
+ * A websocket server must not set the span pointer if the handshake has not extracted a context.
+ *
+ * A span has distributed tracing context if it has a parent context that was
+ * extracted from headers (remote parent).
+ *
+ * @param {object} span - The handshake span
+ * @param {object} socket - The WebSocket socket object
+ * @returns {boolean} True if the span has distributed tracing context
+ */
+function hasDistributedTracingContext (span, socket) {
+  if (!span) return false
+  const context = span.context()
+  if (!context) return false
+  // Check if this span has a parent. If the parent was extracted from remote headers,
+  // then this span is part of a distributed trace.
+  // We check if the span has a parent by looking at _parentId.
+  // In the JavaScript tracer, when a context is extracted from headers and a child span
+  // is created, the child will have _parentId set to the extracted parent's span ID.
+  //
+  // For testing purposes, we also check if Datadog trace headers are present in the socket's
+  // upgrade request, which indicates distributed tracing context was sent by the client.
+  if (context._parentId !== null) {
+    return true
+  }
+  // Fallback check: look for distributed tracing headers in the stored request headers
+  if (socket && socket.requestHeaders) {
+    const headers = socket.requestHeaders
+    return !!(headers['x-datadog-trace-id'] || headers.traceparent)
+  }
+  return false
+}
+module.exports = {
+  initWebSocketMessageCounters,
+  incrementWebSocketCounter,
+  buildWebSocketSpanPointerHash,
+  hasDistributedTracingContext
+}

package/packages/datadog-shimmer/src/shimmer.js CHANGED Viewed

@@ -91,7 +91,7 @@ function wrapFunction (original, wrapper) {
  * @param {Record<string | symbol, unknown> | Function | undefined} target - The target
  * object.
  * @param {string | symbol} name - The property key of the method to wrap.
- * @param {(original: Function) => (...args: unknown[]) => any} wrapper - The wrapper function.
+ * @param {(original: Function) => (...args: unknown[]) => unknown} wrapper - The wrapper function.
  * @param {{ replaceGetter?: boolean }} [options] - If `replaceGetter` is set to
  * true, the getter is accessed and the getter is replaced with one that just
  * returns the earlier retrieved value. Use with care! This may only be done in
@@ -214,7 +214,7 @@ function wrap (target, name, wrapper, options) {
  *         Record<string | symbol, unknown> |
  *         Function} targets - The target objects.
  * @param {Array<string | symbol> | string | symbol} names - The property keys of the methods to wrap.
- * @param {(original: Function) => (...args: unknown[]) => any} wrapper - The wrapper function.
+ * @param {(original: Function) => (...args: unknown[]) => unknown} wrapper - The wrapper function.
  */
 function massWrap (targets, names, wrapper) {
   targets = toArray(targets)

package/packages/dd-trace/src/aiguard/sdk.js CHANGED Viewed

@@ -1,5 +1,9 @@
 'use strict'
+const rfdc = require('../../../../vendor/dist/rfdc')({ proto: false, circles: false })
+const log = require('../log')
+const telemetryMetrics = require('../telemetry/metrics')
+const tracerVersion = require('../../../../package.json').version
 const NoopAIGuard = require('./noop')
 const executeRequest = require('./client')
 const {
@@ -13,19 +17,17 @@ const {
   AI_GUARD_TELEMETRY_REQUESTS,
   AI_GUARD_TELEMETRY_TRUNCATED
 } = require('./tags')
-const log = require('../log')
-const telemetryMetrics = require('../telemetry/metrics')
-const tracerVersion = require('../../../../package.json').version
 const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
 const ALLOW = 'ALLOW'
 class AIGuardAbortError extends Error {
-  constructor (reason) {
+  constructor (reason, tags) {
     super(reason)
     this.name = 'AIGuardAbortError'
     this.reason = reason
+    this.tags = tags
   }
 }
@@ -77,20 +79,26 @@ class AIGuard extends NoopAIGuard {
     this.#initialized = true
   }
-  #truncate (messages) {
+  /**
+   * Returns a safe copy of the messages to be serialized into the meta struct.
+   *
+   * - Clones each message so callers cannot mutate the data set in the meta struct.
+   * - Truncates the list of messages and `content` fields emitting metrics accordingly.
+   */
+  #buildMessagesForMetaStruct (messages) {
     const size = Math.min(messages.length, this.#maxMessagesLength)
     if (messages.length > size) {
       appsecMetrics.count(AI_GUARD_TELEMETRY_TRUNCATED, { type: 'messages' }).inc(1)
     }
-    const result = messages.slice(-size)
+    const result = []
     let contentTruncated = false
-    for (let i = 0; i < size; i++) {
-      const message = result[i]
+    for (let i = messages.length - size; i < messages.length; i++) {
+      const message = rfdc(messages[i])
       if (message.content?.length > this.#maxContentSize) {
         contentTruncated = true
-        result[i] = { ...message, content: message.content.slice(0, this.#maxContentSize) }
+        message.content = message.content.slice(0, this.#maxContentSize)
       }
+      result.push(message)
     }
     if (contentTruncated) {
       appsecMetrics.count(AI_GUARD_TELEMETRY_TRUNCATED, { type: 'content' }).inc(1)
@@ -139,7 +147,7 @@ class AIGuard extends NoopAIGuard {
         }
       }
       const metaStruct = {
-        messages: this.#truncate(messages)
+        messages: this.#buildMessagesForMetaStruct(messages)
       }
       span.meta_struct = {
         [AI_GUARD_META_STRUCT_KEY]: metaStruct
@@ -192,9 +200,9 @@ class AIGuard extends NoopAIGuard {
       }
       if (shouldBlock) {
         span.setTag(AI_GUARD_BLOCKED_TAG_KEY, 'true')
-        throw new AIGuardAbortError(reason)
+        throw new AIGuardAbortError(reason, tags)
       }
-      return { action, reason }
+      return { action, reason, tags }
     })
   }
 }

package/packages/dd-trace/src/appsec/api_security_sampler.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const { TTLCache } = require('@isaacs/ttlcache')
+const { TTLCache } = require('../../../../vendor/dist/@isaacs/ttlcache')
 const web = require('../plugins/util/web')
 const log = require('../log')
 const { AUTO_REJECT, USER_REJECT } = require('../../../../ext/priority')

package/packages/dd-trace/src/appsec/graphql.js CHANGED Viewed

@@ -1,16 +1,16 @@
 'use strict'
 const { storage } = require('../../../datadog-core')
+const log = require('../log')
+const web = require('../plugins/util/web')
 const {
   addSpecificEndpoint,
   specificBlockingTypes,
   getBlockingData,
   getBlockingAction
 } = require('./blocking')
-const log = require('../log')
 const waf = require('./waf')
 const addresses = require('./addresses')
-const web = require('../plugins/util/web')
 const {
   startGraphqlResolve,
   graphqlMiddlewareChannel,

package/packages/dd-trace/src/appsec/iast/analyzers/code-injection-analyzer.js CHANGED Viewed

@@ -1,10 +1,10 @@
 'use strict'
 const { CODE_INJECTION } = require('../vulnerabilities')
-const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 const { INSTRUMENTED_SINK } = require('../telemetry/iast-metric')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
+const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 class CodeInjectionAnalyzer extends StoredInjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/command-injection-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { COMMAND_INJECTION } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class CommandInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getNodeModulesPaths } = require('../path-line')
+const Analyzer = require('./vulnerability-analyzer')
 const EXCLUDED_PATHS = [
   // Express

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getRelativePath } = require('../path-line')
+const Analyzer = require('./vulnerability-analyzer')
 class HardcodedBaseAnalyzer extends Analyzer {
   constructor (type, allRules = [], valueOnlyRules = []) {

package/packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getRanges } = require('../taint-tracking/operations')
 const { SQL_ROW_VALUE } = require('../taint-tracking/source-types')
+const Analyzer = require('./vulnerability-analyzer')
 class InjectionAnalyzer extends Analyzer {
   _isVulnerable (value, iastContext) {

package/packages/dd-trace/src/appsec/iast/analyzers/ldap-injection-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { LDAP_INJECTION } = require('../vulnerabilities')
 const { getNodeModulesPaths } = require('../path-line')
+const InjectionAnalyzer = require('./injection-analyzer')
 const EXCLUDED_PATHS = getNodeModulesPaths('ldapjs-promise')

package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js CHANGED Viewed

@@ -1,16 +1,16 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { NOSQL_MONGODB_INJECTION } = require('../vulnerabilities')
 const { getRanges, addSecureMark } = require('../taint-tracking/operations')
 const { getNodeModulesPaths } = require('../path-line')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
 const { HTTP_REQUEST_PARAMETER, HTTP_REQUEST_BODY } = require('../taint-tracking/source-types')
-const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const { NOSQL_MONGODB_INJECTION_MARK } = require('../taint-tracking/secure-marks')
 const { iterateObjectStrings } = require('../utils')
+const InjectionAnalyzer = require('./injection-analyzer')
+const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const SAFE_OPERATORS = new Set(['$eq', '$gt', '$gte', '$in', '$lt', '$lte', '$ne', '$nin',
   '$exists', '$type', '$mod', '$bitsAllClear', '$bitsAllSet', '$bitsAnyClear', '$bitsAnySet'])

package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js CHANGED Viewed

@@ -2,10 +2,10 @@
 const path = require('path')
-const InjectionAnalyzer = require('./injection-analyzer')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
 const { PATH_TRAVERSAL } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 const ignoredOperations = new Set(['dir.close', 'close'])

package/packages/dd-trace/src/appsec/iast/analyzers/ssrf-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { SSRF } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class SSRFAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/untrusted-deserialization-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { UNTRUSTED_DESERIALIZATION } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class UntrustedDeserializationAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/unvalidated-redirect-analyzer.js CHANGED Viewed

@@ -1,6 +1,5 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { UNVALIDATED_REDIRECT } = require('../vulnerabilities')
 const { getNodeModulesPaths } = require('../path-line')
 const { getRanges } = require('../taint-tracking/operations')
@@ -8,6 +7,7 @@ const {
   HTTP_REQUEST_BODY,
   HTTP_REQUEST_PARAMETER
 } = require('../taint-tracking/source-types')
+const InjectionAnalyzer = require('./injection-analyzer')
 const EXCLUDED_PATHS = [
   getNodeModulesPaths('express/lib/response.js'),

package/packages/dd-trace/src/appsec/iast/analyzers/weak-cipher-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { WEAK_CIPHER } = require('../vulnerabilities')
+const Analyzer = require('./vulnerability-analyzer')
 const INSECURE_CIPHERS = new Set([
   'des', 'des-cbc', 'des-cfb', 'des-cfb1', 'des-cfb8', 'des-ecb', 'des-ede', 'des-ede-cbc', 'des-ede-cfb',