npm - dd-trace - Versions diffs - 5.81.0 → 5.83.0 - Mend

dd-trace 5.81.0 → 5.83.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/packages/datadog-plugin-ws/src/util.js ADDED Viewed

@@ -0,0 +1,107 @@
+'use strict'
+// WeakMap to store message counters per socket without mutating the socket object
+const socketCounters = new WeakMap()
+/**
+ * Initializes WebSocket message counters for a socket.
+ * @param {object} socket - The WebSocket socket object
+ */
+function initWebSocketMessageCounters (socket) {
+  if (!socketCounters.has(socket)) {
+    socketCounters.set(socket, {
+      receiveCounter: 0,
+      sendCounter: 0
+    })
+  }
+}
+/**
+ * Increments and returns the WebSocket message counter.
+ * @param {object} socket - The WebSocket socket object
+ * @param {string} counterType - Either 'receiveCounter' or 'sendCounter'
+ * @returns {number} The incremented counter value
+ */
+function incrementWebSocketCounter (socket, counterType) {
+  if (!socketCounters.has(socket)) {
+    initWebSocketMessageCounters(socket)
+  }
+  const counters = socketCounters.get(socket)
+  counters[counterType]++
+  return counters[counterType]
+}
+/**
+ * Builds a WebSocket span pointer hash.
+ *
+ * Format: <prefix><128 bit hex trace id><64 bit hex span id><32 bit hex counter>
+ * Prefix: 'S' for server outgoing or client incoming, 'C' for server incoming or client outgoing
+ *
+ * @param {bigint} handshakeTraceId - The trace ID from the handshake span (as a BigInt)
+ * @param {bigint} handshakeSpanId - The span ID from the handshake span (as a BigInt)
+ * @param {number} counter - The message counter
+ * @param {boolean} isServer - Whether this is a server (true) or client (false)
+ * @param {boolean} isIncoming - Whether this is an incoming message (true) or outgoing (false)
+ * @returns {string} The span pointer hash
+ */
+function buildWebSocketSpanPointerHash (handshakeTraceId, handshakeSpanId, counter, isServer, isIncoming) {
+  // Determine prefix based on server/client and incoming/outgoing
+  // Server outgoing or client incoming: 'S'
+  // Server incoming or client outgoing: 'C'
+  const prefix = (isServer && !isIncoming) || (!isServer && isIncoming) ? 'S' : 'C'
+  // Pad trace ID to 32 hex chars (128 bits)
+  const traceIdHex = handshakeTraceId.toString(16).padStart(32, '0')
+  // Pad span ID to 16 hex chars (64 bits)
+  const spanIdHex = handshakeSpanId.toString(16).padStart(16, '0')
+  // Pad counter to 8 hex chars (32 bits)
+  const counterHex = counter.toString(16).padStart(8, '0')
+  return `${prefix}${traceIdHex}${spanIdHex}${counterHex}`
+}
+/**
+ * Checks if the handshake span has extracted distributed tracing context.
+ * A websocket server must not set the span pointer if the handshake has not extracted a context.
+ *
+ * A span has distributed tracing context if it has a parent context that was
+ * extracted from headers (remote parent).
+ *
+ * @param {object} span - The handshake span
+ * @param {object} socket - The WebSocket socket object
+ * @returns {boolean} True if the span has distributed tracing context
+ */
+function hasDistributedTracingContext (span, socket) {
+  if (!span) return false
+  const context = span.context()
+  if (!context) return false
+  // Check if this span has a parent. If the parent was extracted from remote headers,
+  // then this span is part of a distributed trace.
+  // We check if the span has a parent by looking at _parentId.
+  // In the JavaScript tracer, when a context is extracted from headers and a child span
+  // is created, the child will have _parentId set to the extracted parent's span ID.
+  //
+  // For testing purposes, we also check if Datadog trace headers are present in the socket's
+  // upgrade request, which indicates distributed tracing context was sent by the client.
+  if (context._parentId !== null) {
+    return true
+  }
+  // Fallback check: look for distributed tracing headers in the stored request headers
+  if (socket && socket.requestHeaders) {
+    const headers = socket.requestHeaders
+    return !!(headers['x-datadog-trace-id'] || headers.traceparent)
+  }
+  return false
+}
+module.exports = {
+  initWebSocketMessageCounters,
+  incrementWebSocketCounter,
+  buildWebSocketSpanPointerHash,
+  hasDistributedTracingContext
+}

package/packages/datadog-shimmer/src/shimmer.js CHANGED Viewed

@@ -91,7 +91,7 @@ function wrapFunction (original, wrapper) {
  * @param {Record<string | symbol, unknown> | Function | undefined} target - The target
  * object.
  * @param {string | symbol} name - The property key of the method to wrap.
- * @param {(original: Function) => (...args: unknown[]) => any} wrapper - The wrapper function.
+ * @param {(original: Function) => (...args: unknown[]) => unknown} wrapper - The wrapper function.
  * @param {{ replaceGetter?: boolean }} [options] - If `replaceGetter` is set to
  * true, the getter is accessed and the getter is replaced with one that just
  * returns the earlier retrieved value. Use with care! This may only be done in
@@ -214,7 +214,7 @@ function wrap (target, name, wrapper, options) {
  *         Record<string | symbol, unknown> |
  *         Function} targets - The target objects.
  * @param {Array<string | symbol> | string | symbol} names - The property keys of the methods to wrap.
- * @param {(original: Function) => (...args: unknown[]) => any} wrapper - The wrapper function.
+ * @param {(original: Function) => (...args: unknown[]) => unknown} wrapper - The wrapper function.
  */
 function massWrap (targets, names, wrapper) {
   targets = toArray(targets)

package/packages/dd-trace/index.js CHANGED Viewed

@@ -10,6 +10,25 @@ if (!global._ddtrace) {
     writable: true
   })
+  const ddTraceSymbol = Symbol.for('dd-trace')
+  Object.defineProperty(globalThis, ddTraceSymbol, {
+    value: {
+      beforeExitHandlers: new Set(),
+    },
+    enumerable: false,
+    configurable: true, // Allow this to be overridden by loading the tracer
+    writable: false
+  })
+  process.once('beforeExit', function mainBeforeExit () {
+    if (globalThis[ddTraceSymbol]?.beforeExitHandlers) {
+      for (const handler of globalThis[ddTraceSymbol].beforeExitHandlers) {
+        handler()
+      }
+    }
+  })
   global._ddtrace.default = global._ddtrace
   global._ddtrace.tracer = global._ddtrace
 }

package/packages/dd-trace/src/aiguard/sdk.js CHANGED Viewed

@@ -1,6 +1,9 @@
 'use strict'
 const rfdc = require('../../../../vendor/dist/rfdc')({ proto: false, circles: false })
+const log = require('../log')
+const telemetryMetrics = require('../telemetry/metrics')
+const tracerVersion = require('../../../../package.json').version
 const NoopAIGuard = require('./noop')
 const executeRequest = require('./client')
 const {
@@ -14,9 +17,6 @@ const {
   AI_GUARD_TELEMETRY_REQUESTS,
   AI_GUARD_TELEMETRY_TRUNCATED
 } = require('./tags')
-const log = require('../log')
-const telemetryMetrics = require('../telemetry/metrics')
-const tracerVersion = require('../../../../package.json').version
 const appsecMetrics = telemetryMetrics.manager.namespace('appsec')

package/packages/dd-trace/src/appsec/graphql.js CHANGED Viewed

@@ -1,16 +1,16 @@
 'use strict'
 const { storage } = require('../../../datadog-core')
+const log = require('../log')
+const web = require('../plugins/util/web')
 const {
   addSpecificEndpoint,
   specificBlockingTypes,
   getBlockingData,
   getBlockingAction
 } = require('./blocking')
-const log = require('../log')
 const waf = require('./waf')
 const addresses = require('./addresses')
-const web = require('../plugins/util/web')
 const {
   startGraphqlResolve,
   graphqlMiddlewareChannel,

package/packages/dd-trace/src/appsec/iast/analyzers/code-injection-analyzer.js CHANGED Viewed

@@ -1,10 +1,10 @@
 'use strict'
 const { CODE_INJECTION } = require('../vulnerabilities')
-const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 const { INSTRUMENTED_SINK } = require('../telemetry/iast-metric')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
+const StoredInjectionAnalyzer = require('./stored-injection-analyzer')
 class CodeInjectionAnalyzer extends StoredInjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/command-injection-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { COMMAND_INJECTION } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class CommandInjectionAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getNodeModulesPaths } = require('../path-line')
+const Analyzer = require('./vulnerability-analyzer')
 const EXCLUDED_PATHS = [
   // Express

package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getRelativePath } = require('../path-line')
+const Analyzer = require('./vulnerability-analyzer')
 class HardcodedBaseAnalyzer extends Analyzer {
   constructor (type, allRules = [], valueOnlyRules = []) {

package/packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { getRanges } = require('../taint-tracking/operations')
 const { SQL_ROW_VALUE } = require('../taint-tracking/source-types')
+const Analyzer = require('./vulnerability-analyzer')
 class InjectionAnalyzer extends Analyzer {
   _isVulnerable (value, iastContext) {

package/packages/dd-trace/src/appsec/iast/analyzers/ldap-injection-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { LDAP_INJECTION } = require('../vulnerabilities')
 const { getNodeModulesPaths } = require('../path-line')
+const InjectionAnalyzer = require('./injection-analyzer')
 const EXCLUDED_PATHS = getNodeModulesPaths('ldapjs-promise')

package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js CHANGED Viewed

@@ -1,16 +1,16 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { NOSQL_MONGODB_INJECTION } = require('../vulnerabilities')
 const { getRanges, addSecureMark } = require('../taint-tracking/operations')
 const { getNodeModulesPaths } = require('../path-line')
 const { storage } = require('../../../../../datadog-core')
 const { getIastContext } = require('../iast-context')
 const { HTTP_REQUEST_PARAMETER, HTTP_REQUEST_BODY } = require('../taint-tracking/source-types')
-const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const { NOSQL_MONGODB_INJECTION_MARK } = require('../taint-tracking/secure-marks')
 const { iterateObjectStrings } = require('../utils')
+const InjectionAnalyzer = require('./injection-analyzer')
+const EXCLUDED_PATHS_FROM_STACK = getNodeModulesPaths('mongodb', 'mongoose', 'mquery')
 const SAFE_OPERATORS = new Set(['$eq', '$gt', '$gte', '$in', '$lt', '$lte', '$ne', '$nin',
   '$exists', '$type', '$mod', '$bitsAllClear', '$bitsAllSet', '$bitsAnyClear', '$bitsAnySet'])

package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js CHANGED Viewed

@@ -2,10 +2,10 @@
 const path = require('path')
-const InjectionAnalyzer = require('./injection-analyzer')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
 const { PATH_TRAVERSAL } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 const ignoredOperations = new Set(['dir.close', 'close'])

package/packages/dd-trace/src/appsec/iast/analyzers/ssrf-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { SSRF } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class SSRFAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/untrusted-deserialization-analyzer.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { UNTRUSTED_DESERIALIZATION } = require('../vulnerabilities')
+const InjectionAnalyzer = require('./injection-analyzer')
 class UntrustedDeserializationAnalyzer extends InjectionAnalyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/analyzers/unvalidated-redirect-analyzer.js CHANGED Viewed

@@ -1,6 +1,5 @@
 'use strict'
-const InjectionAnalyzer = require('./injection-analyzer')
 const { UNVALIDATED_REDIRECT } = require('../vulnerabilities')
 const { getNodeModulesPaths } = require('../path-line')
 const { getRanges } = require('../taint-tracking/operations')
@@ -8,6 +7,7 @@ const {
   HTTP_REQUEST_BODY,
   HTTP_REQUEST_PARAMETER
 } = require('../taint-tracking/source-types')
+const InjectionAnalyzer = require('./injection-analyzer')
 const EXCLUDED_PATHS = [
   getNodeModulesPaths('express/lib/response.js'),

package/packages/dd-trace/src/appsec/iast/analyzers/weak-cipher-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { WEAK_CIPHER } = require('../vulnerabilities')
+const Analyzer = require('./vulnerability-analyzer')
 const INSECURE_CIPHERS = new Set([
   'des', 'des-cbc', 'des-cfb', 'des-cfb1', 'des-cfb8', 'des-ecb', 'des-ede', 'des-ede-cbc', 'des-ede-cfb',

package/packages/dd-trace/src/appsec/iast/analyzers/weak-hash-analyzer.js CHANGED Viewed

@@ -3,8 +3,8 @@
 const path = require('path')
 const { getNodeModulesPaths } = require('../path-line')
-const Analyzer = require('./vulnerability-analyzer')
 const { WEAK_HASH } = require('../vulnerabilities')
+const Analyzer = require('./vulnerability-analyzer')
 const INSECURE_HASH_ALGORITHMS = new Set([
   'md4', 'md4WithRSAEncryption', 'RSA-MD4',
@@ -23,7 +23,8 @@ const EXCLUDED_LOCATIONS = getNodeModulesPaths(
   'ws/lib/websocket-server.js',
   'google-gax/build/src/grpc.js',
   'cookie-signature/index.js',
-  'express-session/index.js'
+  'express-session/index.js',
+  'node-preload/preload-list-env.js'
 )
 const EXCLUDED_PATHS_FROM_STACK = [

package/packages/dd-trace/src/appsec/iast/analyzers/weak-randomness-analyzer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict'
-const Analyzer = require('./vulnerability-analyzer')
 const { WEAK_RANDOMNESS } = require('../vulnerabilities')
+const Analyzer = require('./vulnerability-analyzer')
 class WeakRandomnessAnalyzer extends Analyzer {
   constructor () {

package/packages/dd-trace/src/appsec/iast/iast-plugin.js CHANGED Viewed

@@ -3,13 +3,13 @@
 const { channel } = require('dc-polyfill')
 const Plugin = require('../../plugins/plugin')
+const { storage } = require('../../../../datadog-core')
+const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
+const log = require('../../log')
 const iastTelemetry = require('./telemetry')
 const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, formatTags } =
   require('./telemetry/iast-metric')
-const { storage } = require('../../../../datadog-core')
 const { getIastContext } = require('./iast-context')
-const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
-const log = require('../../log')
 /**
  * Used by vulnerability sources and sinks to subscribe diagnostic channel events

package/packages/dd-trace/src/appsec/iast/index.js CHANGED Viewed

@@ -1,11 +1,13 @@
 'use strict'
-const vulnerabilityReporter = require('./vulnerability-reporter')
-const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
+const dc = require('dc-polyfill')
 const web = require('../../plugins/util/web')
 const { storage } = require('../../../../datadog-core')
+const { enable: enableFsPlugin, disable: disableFsPlugin, IAST_MODULE } = require('../rasp/fs-plugin')
+const { incomingHttpRequestStart, incomingHttpRequestEnd, responseWriteHead } = require('../channels')
+const vulnerabilityReporter = require('./vulnerability-reporter')
+const { enableAllAnalyzers, disableAllAnalyzers } = require('./analyzers')
 const overheadController = require('./overhead-controller')
-const dc = require('dc-polyfill')
 const iastContextFunctions = require('./iast-context')
 const {
   enableTaintTracking,
@@ -16,9 +18,7 @@ const {
 } = require('./taint-tracking')
 const { IAST_ENABLED_TAG_KEY } = require('./tags')
 const iastTelemetry = require('./telemetry')
-const { enable: enableFsPlugin, disable: disableFsPlugin, IAST_MODULE } = require('../rasp/fs-plugin')
 const securityControls = require('./security-controls')
-const { incomingHttpRequestStart, incomingHttpRequestEnd, responseWriteHead } = require('../channels')
 const collectedResponseHeaders = new WeakMap()

package/packages/dd-trace/src/appsec/iast/security-controls/index.js CHANGED Viewed

@@ -5,10 +5,10 @@ const dc = require('dc-polyfill')
 const { storage } = require('../../../../../datadog-core')
 const shimmer = require('../../../../../datadog-shimmer')
 const log = require('../../../log')
-const { parse, SANITIZER_TYPE } = require('./parser')
 const TaintTrackingOperations = require('../taint-tracking/operations')
 const { getIastContext } = require('../iast-context')
 const { iterateObjectStrings } = require('../utils')
+const { parse, SANITIZER_TYPE } = require('./parser')
 // esm
 const moduleLoadStartChannel = dc.channel('dd-trace:moduleLoadStart')

package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
 'use strict'
+const kafkaContextPlugin = require('../context/kafka-ctx-plugin')
 const {
   createTransaction,
   removeTransaction,
@@ -11,8 +12,6 @@ const {
 const taintTrackingPlugin = require('./plugin')
 const kafkaConsumerPlugin = require('./plugins/kafka')
-const kafkaContextPlugin = require('../context/kafka-ctx-plugin')
 module.exports = {
   enableTaintTracking (config, telemetryVerbosity) {
     enableTaintOperations(telemetryVerbosity)

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js CHANGED Viewed

@@ -2,8 +2,8 @@
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
-const { HTTP_REQUEST_PARAMETER } = require('./source-types')
 const log = require('../../../log')
+const { HTTP_REQUEST_PARAMETER } = require('./source-types')
 const SEPARATOR = '\u0000' // Unit Separator (cannot be in URL keys)

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -3,6 +3,7 @@
 const { SourceIastPlugin } = require('../iast-plugin')
 const { getIastContext } = require('../iast-context')
 const { storage } = require('../../../../../datadog-core')
+const { EXECUTED_SOURCE } = require('../telemetry/iast-metric')
 const { taintObject, newTaintedString, getRanges, taintQueryWithCache } = require('./operations')
 const {
   HTTP_REQUEST_BODY,
@@ -15,7 +16,6 @@ const {
   HTTP_REQUEST_URI,
   SQL_ROW_VALUE
 } = require('./source-types')
-const { EXECUTED_SOURCE } = require('../telemetry/iast-metric')
 const REQ_HEADER_TAGS = EXECUTED_SOURCE.formatTags(HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME)
 const REQ_URI_TAGS = EXECUTED_SOURCE.formatTags(HTTP_REQUEST_URI)

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -5,18 +5,18 @@
 const Module = require('module')
 const { pathToFileURL } = require('url')
 const { MessageChannel } = require('worker_threads')
+const { isMainThread } = require('worker_threads')
+const dc = require('dc-polyfill')
 const shimmer = require('../../../../../datadog-shimmer')
-const { isPrivateModule, isDdTrace } = require('./filter')
-const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
 const telemetry = require('../telemetry')
-const { incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
-const dc = require('dc-polyfill')
 const log = require('../../../log')
-const { isMainThread } = require('worker_threads')
-const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
 const orchestrionConfig = require('../../../../../datadog-instrumentations/src/orchestrion-config')
-const { getEnvironmentVariable } = require('../../../config-helper')
+const { getEnvironmentVariable } = require('../../../config/helper')
+const { LOG_MESSAGE, REWRITTEN_MESSAGE } = require('./constants')
+const { incrementTelemetryIfNeeded } = require('./rewriter-telemetry')
+const { csiMethods } = require('./csi-methods')
+const { isPrivateModule, isDdTrace } = require('./filter')
 let config
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
@@ -183,14 +183,10 @@ function enableRewriter (telemetryVerbosity) {
 }
 function isEsmConfigured () {
-  const hasLoaderArg = isFlagPresent('--loader') || isFlagPresent('--experimental-loader')
-  if (hasLoaderArg) return true
-  // Fast path for common case when enabled
-  if (require.cache[`${process.cwd()}/node_modules/import-in-the-middle/hook.js`]) {
-    return true
-  }
-  return Object.keys(require.cache).some(file => file.endsWith('import-in-the-middle/hook.js'))
+  return (isFlagPresent('--loader') ||
+    isFlagPresent('--experimental-loader') ||
+    isFlagPresent('dd-trace/initialize.mjs')) ||
+    isFlagPresent('dd-trace/register.js')
 }
 let enableEsmRewriter = function (telemetryVerbosity) {

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -6,8 +6,8 @@ const { storage } = require('../../../../../datadog-core')
 const iastContextFunctions = require('../iast-context')
 const { EXECUTED_PROPAGATION } = require('../telemetry/iast-metric')
 const { isDebugAllowed } = require('../telemetry/verbosity')
-const { taintObject } = require('./operations-taint-object')
 const log = require('../../../log')
+const { taintObject } = require('./operations-taint-object')
 const mathRandomCallCh = dc.channel('datadog:random:call')
 const evalCallCh = dc.channel('datadog:eval:call')

package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js CHANGED Viewed

@@ -2,8 +2,8 @@
 const log = require('../../../log')
 const { Namespace } = require('../../../telemetry/metrics')
-const { addMetricsToSpan } = require('./span-tags')
 const { IAST_TRACE_METRIC_PREFIX } = require('../tags')
+const { addMetricsToSpan } = require('./span-tags')
 const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED Viewed

@@ -1,12 +1,12 @@
 'use strict'
 const { LRUCache } = require('../../../../../vendor/dist/lru-cache')
-const vulnerabilitiesFormatter = require('./vulnerabilities-formatter')
-const { IAST_ENABLED_TAG_KEY, IAST_JSON_TAG_KEY } = require('./tags')
 const { keepTrace } = require('../../priority_sampler')
 const { reportStackTrace, getCallsiteFrames, canReportStackTrace, STACK_TRACE_NAMESPACES } = require('../stack_trace')
-const { getOriginalPathAndLineFromSourceMap } = require('./taint-tracking/rewriter')
 const { ASM } = require('../../standalone/product')
+const vulnerabilitiesFormatter = require('./vulnerabilities-formatter')
+const { IAST_ENABLED_TAG_KEY, IAST_JSON_TAG_KEY } = require('./tags')
+const { getOriginalPathAndLineFromSourceMap } = require('./taint-tracking/rewriter')
 const VULNERABILITIES_KEY = 'vulnerabilities'
 const VULNERABILITY_HASHES_MAX_SIZE = 1000

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -1,8 +1,13 @@
 'use strict'
 const log = require('../log')
+const web = require('../plugins/util/web')
+const { extractIp } = require('../plugins/util/ip_extractor')
+const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
+const { storage } = require('../../../datadog-core')
+const { isInServerlessEnvironment } = require('../serverless')
 const RuleManager = require('./rule_manager')
-const remoteConfig = require('../remote_config')
+const appsecRemoteConfig = require('./remote_config')
 const {
   bodyParser,
   cookieParser,
@@ -31,15 +36,10 @@ const addresses = require('./addresses')
 const Reporter = require('./reporter')
 const appsecTelemetry = require('./telemetry')
 const apiSecuritySampler = require('./api_security_sampler')
-const web = require('../plugins/util/web')
-const { extractIp } = require('../plugins/util/ip_extractor')
-const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { isBlocked, block, callBlockDelegation, setTemplates, getBlockingAction } = require('./blocking')
 const UserTracking = require('./user_tracking')
-const { storage } = require('../../../datadog-core')
 const graphql = require('./graphql')
 const rasp = require('./rasp')
-const { isInServerlessEnvironment } = require('../serverless')
 const responseAnalyzedSet = new WeakSet()
 const storedResponseHeaders = new WeakMap()
@@ -63,7 +63,7 @@ function enable (_config) {
     RuleManager.loadRules(_config.appsec)
-    remoteConfig.enableWafUpdate(_config.appsec)
+    appsecRemoteConfig.enableWafUpdate(_config.appsec)
     Reporter.init(_config.appsec)
@@ -373,7 +373,7 @@ function disable () {
   graphql.disable()
   rasp.disable()
-  remoteConfig.disableWafUpdate()
+  appsecRemoteConfig.disableWafUpdate()
   apiSecuritySampler.disable()

package/packages/dd-trace/src/appsec/rasp/command_injection.js CHANGED Viewed

@@ -1,10 +1,10 @@
 'use strict'
 const { childProcessExecutionTracingChannel } = require('../channels')
-const { RULE_TYPES, handleResult } = require('./utils')
 const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
 const waf = require('../waf')
+const { RULE_TYPES, handleResult } = require('./utils')
 let config

package/packages/dd-trace/src/appsec/rasp/index.js CHANGED Viewed

@@ -8,11 +8,11 @@ const {
   routerMiddlewareError
 } = require('../channels')
 const { block, registerBlockDelegation, isBlocked } = require('../blocking')
+const { updateRaspRuleMatchMetricTags } = require('../telemetry')
 const ssrf = require('./ssrf')
 const sqli = require('./sql_injection')
 const lfi = require('./lfi')
 const cmdi = require('./command_injection')
-const { updateRaspRuleMatchMetricTags } = require('../telemetry')
 const { DatadogRaspAbortError } = require('./utils')
@@ -73,16 +73,14 @@ function handleUncaughtExceptionMonitor (error) {
     }
   } else {
     const cleanUp = removeAllListeners(process, 'uncaughtException')
-    const handler = () => {
-      process.removeListener('uncaughtException', handler)
-    }
+    const handler = () => {}
     setTimeout(() => {
       process.removeListener('uncaughtException', handler)
       cleanUp()
     })
-    process.on('uncaughtException', handler)
+    process.once('uncaughtException', handler)
   }
 }