dd-trace 5.83.0 → 5.85.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE-3rdparty.csv +0 -1
- package/ci/cypress/polyfills.js +1 -1
- package/ci/init.js +5 -5
- package/ext/exporters.js +1 -1
- package/ext/formats.js +1 -1
- package/ext/index.js +1 -1
- package/ext/kinds.js +1 -1
- package/ext/priority.js +1 -1
- package/ext/scopes.js +1 -1
- package/ext/tags.js +1 -1
- package/ext/types.js +1 -1
- package/index.d.ts +115 -2
- package/initialize.mjs +47 -31
- package/loader-hook.mjs +35 -22
- package/package.json +36 -33
- package/packages/datadog-code-origin/index.js +12 -10
- package/packages/datadog-core/src/utils/src/pick.js +2 -2
- package/packages/datadog-esbuild/index.js +75 -79
- package/packages/datadog-esbuild/src/log.js +32 -0
- package/packages/datadog-esbuild/src/utils.js +12 -8
- package/packages/datadog-instrumentations/src/aerospike.js +3 -3
- package/packages/datadog-instrumentations/src/ai.js +5 -5
- package/packages/datadog-instrumentations/src/amqp10.js +1 -1
- package/packages/datadog-instrumentations/src/amqplib.js +1 -1
- package/packages/datadog-instrumentations/src/anthropic.js +3 -3
- package/packages/datadog-instrumentations/src/apollo-server.js +4 -4
- package/packages/datadog-instrumentations/src/apollo.js +2 -2
- package/packages/datadog-instrumentations/src/avsc.js +1 -1
- package/packages/datadog-instrumentations/src/aws-sdk.js +4 -4
- package/packages/datadog-instrumentations/src/azure-event-hubs.js +2 -2
- package/packages/datadog-instrumentations/src/azure-functions.js +1 -1
- package/packages/datadog-instrumentations/src/azure-service-bus.js +1 -1
- package/packages/datadog-instrumentations/src/body-parser.js +2 -2
- package/packages/datadog-instrumentations/src/bunyan.js +1 -1
- package/packages/datadog-instrumentations/src/cassandra-driver.js +1 -1
- package/packages/datadog-instrumentations/src/child_process.js +7 -7
- package/packages/datadog-instrumentations/src/confluentinc-kafka-javascript.js +17 -16
- package/packages/datadog-instrumentations/src/cookie-parser.js +1 -1
- package/packages/datadog-instrumentations/src/couchbase.js +8 -6
- package/packages/datadog-instrumentations/src/crypto.js +1 -1
- package/packages/datadog-instrumentations/src/cucumber.js +19 -19
- package/packages/datadog-instrumentations/src/cypress.js +1 -1
- package/packages/datadog-instrumentations/src/dns.js +2 -2
- package/packages/datadog-instrumentations/src/elasticsearch.js +2 -2
- package/packages/datadog-instrumentations/src/express-mongo-sanitize.js +2 -2
- package/packages/datadog-instrumentations/src/express-session.js +1 -1
- package/packages/datadog-instrumentations/src/express.js +4 -4
- package/packages/datadog-instrumentations/src/fastify.js +1 -1
- package/packages/datadog-instrumentations/src/fetch.js +2 -2
- package/packages/datadog-instrumentations/src/fs.js +7 -7
- package/packages/datadog-instrumentations/src/generic-pool.js +2 -2
- package/packages/datadog-instrumentations/src/google-cloud-pubsub.js +8 -8
- package/packages/datadog-instrumentations/src/google-cloud-vertexai.js +4 -4
- package/packages/datadog-instrumentations/src/google-genai.js +1 -1
- package/packages/datadog-instrumentations/src/graphql.js +10 -10
- package/packages/datadog-instrumentations/src/grpc/client.js +9 -13
- package/packages/datadog-instrumentations/src/grpc/types.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/bundler-register.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/check-require-cache.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/extract-package-and-module-path.js +2 -2
- package/packages/datadog-instrumentations/src/helpers/hooks.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/register.js +7 -7
- package/packages/datadog-instrumentations/src/helpers/rewriter/compiler.js +6 -0
- package/packages/datadog-instrumentations/src/helpers/rewriter/index.js +1 -0
- package/packages/datadog-instrumentations/src/helpers/rewriter/instrumentations/index.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/rewriter/instrumentations/langchain.js +55 -55
- package/packages/datadog-instrumentations/src/helpers/rewriter/transforms.js +74 -17
- package/packages/datadog-instrumentations/src/helpers/router-helper.js +7 -7
- package/packages/datadog-instrumentations/src/helpers/shared-utils.js +1 -1
- package/packages/datadog-instrumentations/src/hono.js +6 -6
- package/packages/datadog-instrumentations/src/http/client.js +1 -1
- package/packages/datadog-instrumentations/src/http/server.js +4 -4
- package/packages/datadog-instrumentations/src/http2/server.js +1 -1
- package/packages/datadog-instrumentations/src/ioredis.js +1 -1
- package/packages/datadog-instrumentations/src/iovalkey.js +1 -1
- package/packages/datadog-instrumentations/src/jest.js +250 -106
- package/packages/datadog-instrumentations/src/kafkajs.js +9 -8
- package/packages/datadog-instrumentations/src/knex.js +2 -2
- package/packages/datadog-instrumentations/src/koa.js +3 -1
- package/packages/datadog-instrumentations/src/ldapjs.js +1 -1
- package/packages/datadog-instrumentations/src/light-my-request.js +1 -1
- package/packages/datadog-instrumentations/src/limitd-client.js +1 -1
- package/packages/datadog-instrumentations/src/mariadb.js +1 -1
- package/packages/datadog-instrumentations/src/memcached.js +1 -1
- package/packages/datadog-instrumentations/src/mocha/common.js +3 -3
- package/packages/datadog-instrumentations/src/mocha/main.js +24 -24
- package/packages/datadog-instrumentations/src/mocha/utils.js +15 -11
- package/packages/datadog-instrumentations/src/mocha/worker.js +4 -4
- package/packages/datadog-instrumentations/src/moleculer/server.js +1 -1
- package/packages/datadog-instrumentations/src/mongodb-core.js +3 -3
- package/packages/datadog-instrumentations/src/mongodb.js +7 -7
- package/packages/datadog-instrumentations/src/mongoose.js +10 -10
- package/packages/datadog-instrumentations/src/mquery.js +6 -6
- package/packages/datadog-instrumentations/src/multer.js +1 -1
- package/packages/datadog-instrumentations/src/mysql.js +1 -1
- package/packages/datadog-instrumentations/src/net.js +6 -6
- package/packages/datadog-instrumentations/src/next.js +6 -6
- package/packages/datadog-instrumentations/src/nyc.js +34 -2
- package/packages/datadog-instrumentations/src/openai.js +24 -24
- package/packages/datadog-instrumentations/src/oracledb.js +2 -2
- package/packages/datadog-instrumentations/src/otel-sdk-trace.js +1 -1
- package/packages/datadog-instrumentations/src/passport-http.js +1 -1
- package/packages/datadog-instrumentations/src/passport-local.js +1 -1
- package/packages/datadog-instrumentations/src/passport-utils.js +1 -1
- package/packages/datadog-instrumentations/src/passport.js +1 -1
- package/packages/datadog-instrumentations/src/pg.js +3 -3
- package/packages/datadog-instrumentations/src/pino.js +2 -2
- package/packages/datadog-instrumentations/src/playwright.js +71 -67
- package/packages/datadog-instrumentations/src/prisma.js +24 -78
- package/packages/datadog-instrumentations/src/promise-js.js +1 -1
- package/packages/datadog-instrumentations/src/promise.js +1 -1
- package/packages/datadog-instrumentations/src/protobufjs.js +6 -6
- package/packages/datadog-instrumentations/src/q.js +2 -2
- package/packages/datadog-instrumentations/src/redis.js +2 -2
- package/packages/datadog-instrumentations/src/rhea.js +5 -5
- package/packages/datadog-instrumentations/src/router.js +8 -8
- package/packages/datadog-instrumentations/src/selenium.js +3 -3
- package/packages/datadog-instrumentations/src/sequelize.js +1 -1
- package/packages/datadog-instrumentations/src/sharedb.js +2 -2
- package/packages/datadog-instrumentations/src/tedious.js +1 -1
- package/packages/datadog-instrumentations/src/undici.js +2 -2
- package/packages/datadog-instrumentations/src/url.js +5 -5
- package/packages/datadog-instrumentations/src/vitest.js +56 -45
- package/packages/datadog-instrumentations/src/when.js +1 -1
- package/packages/datadog-instrumentations/src/winston.js +1 -1
- package/packages/datadog-instrumentations/src/ws.js +128 -41
- package/packages/datadog-plugin-aerospike/src/index.js +4 -4
- package/packages/datadog-plugin-ai/src/index.js +1 -1
- package/packages/datadog-plugin-ai/src/tracing.js +2 -2
- package/packages/datadog-plugin-ai/src/utils.js +1 -1
- package/packages/datadog-plugin-amqp10/src/consumer.js +2 -2
- package/packages/datadog-plugin-amqp10/src/index.js +1 -1
- package/packages/datadog-plugin-amqp10/src/producer.js +2 -2
- package/packages/datadog-plugin-amqplib/src/client.js +2 -2
- package/packages/datadog-plugin-amqplib/src/consumer.js +2 -2
- package/packages/datadog-plugin-amqplib/src/index.js +1 -1
- package/packages/datadog-plugin-amqplib/src/producer.js +2 -2
- package/packages/datadog-plugin-amqplib/src/util.js +1 -1
- package/packages/datadog-plugin-anthropic/src/index.js +1 -1
- package/packages/datadog-plugin-anthropic/src/tracing.js +2 -2
- package/packages/datadog-plugin-apollo/src/gateway/fetch.js +1 -1
- package/packages/datadog-plugin-apollo/src/gateway/index.js +1 -1
- package/packages/datadog-plugin-apollo/src/gateway/request.js +5 -5
- package/packages/datadog-plugin-apollo/src/index.js +1 -1
- package/packages/datadog-plugin-avsc/src/schema_iterator.js +3 -3
- package/packages/datadog-plugin-aws-sdk/src/base.js +11 -10
- package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/index.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/tracing.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/bedrockruntime/utils.js +24 -24
- package/packages/datadog-plugin-aws-sdk/src/services/cloudwatchlogs.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/kinesis.js +6 -6
- package/packages/datadog-plugin-aws-sdk/src/services/lambda.js +3 -3
- package/packages/datadog-plugin-aws-sdk/src/services/redshift.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/s3.js +1 -1
- package/packages/datadog-plugin-aws-sdk/src/services/sns.js +5 -5
- package/packages/datadog-plugin-aws-sdk/src/services/sqs.js +12 -12
- package/packages/datadog-plugin-aws-sdk/src/util.js +1 -1
- package/packages/datadog-plugin-azure-event-hubs/src/index.js +1 -1
- package/packages/datadog-plugin-azure-event-hubs/src/producer.js +3 -3
- package/packages/datadog-plugin-azure-functions/src/index.js +11 -10
- package/packages/datadog-plugin-azure-service-bus/src/index.js +1 -1
- package/packages/datadog-plugin-azure-service-bus/src/producer.js +3 -3
- package/packages/datadog-plugin-bullmq/src/consumer.js +2 -2
- package/packages/datadog-plugin-bullmq/src/index.js +1 -1
- package/packages/datadog-plugin-bullmq/src/producer.js +11 -11
- package/packages/datadog-plugin-cassandra-driver/src/index.js +2 -2
- package/packages/datadog-plugin-child_process/src/index.js +2 -2
- package/packages/datadog-plugin-child_process/src/scrub-cmd-params.js +5 -5
- package/packages/datadog-plugin-confluentinc-kafka-javascript/src/index.js +1 -1
- package/packages/datadog-plugin-couchbase/src/index.js +3 -3
- package/packages/datadog-plugin-cucumber/src/index.js +46 -45
- package/packages/datadog-plugin-cypress/src/cypress-plugin.js +68 -55
- package/packages/datadog-plugin-cypress/src/plugin.js +1 -1
- package/packages/datadog-plugin-cypress/src/support.js +56 -9
- package/packages/datadog-plugin-dd-trace-api/src/index.js +1 -1
- package/packages/datadog-plugin-dns/src/index.js +1 -1
- package/packages/datadog-plugin-dns/src/lookup.js +2 -2
- package/packages/datadog-plugin-dns/src/lookup_service.js +3 -3
- package/packages/datadog-plugin-dns/src/resolve.js +2 -2
- package/packages/datadog-plugin-dns/src/reverse.js +2 -2
- package/packages/datadog-plugin-elasticsearch/src/index.js +2 -2
- package/packages/datadog-plugin-express/src/index.js +1 -1
- package/packages/datadog-plugin-fastify/src/index.js +1 -1
- package/packages/datadog-plugin-fs/src/index.js +2 -2
- package/packages/datadog-plugin-google-cloud-pubsub/src/client.js +2 -2
- package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js +8 -6
- package/packages/datadog-plugin-google-cloud-pubsub/src/index.js +1 -1
- package/packages/datadog-plugin-google-cloud-pubsub/src/producer.js +11 -10
- package/packages/datadog-plugin-google-cloud-pubsub/src/pubsub-push-subscription.js +6 -6
- package/packages/datadog-plugin-google-cloud-vertexai/src/index.js +1 -1
- package/packages/datadog-plugin-google-cloud-vertexai/src/tracing.js +2 -2
- package/packages/datadog-plugin-google-cloud-vertexai/src/utils.js +1 -1
- package/packages/datadog-plugin-google-genai/src/index.js +1 -1
- package/packages/datadog-plugin-google-genai/src/tracing.js +2 -2
- package/packages/datadog-plugin-graphql/src/execute.js +2 -2
- package/packages/datadog-plugin-graphql/src/index.js +2 -2
- package/packages/datadog-plugin-graphql/src/parse.js +1 -1
- package/packages/datadog-plugin-graphql/src/resolve.js +6 -6
- package/packages/datadog-plugin-graphql/src/utils.js +1 -1
- package/packages/datadog-plugin-graphql/src/validate.js +2 -2
- package/packages/datadog-plugin-grpc/src/client.js +3 -3
- package/packages/datadog-plugin-grpc/src/index.js +1 -1
- package/packages/datadog-plugin-grpc/src/server.js +3 -3
- package/packages/datadog-plugin-grpc/src/util.js +2 -2
- package/packages/datadog-plugin-http/src/client.js +10 -10
- package/packages/datadog-plugin-http/src/index.js +1 -1
- package/packages/datadog-plugin-http2/src/client.js +6 -6
- package/packages/datadog-plugin-http2/src/index.js +1 -1
- package/packages/datadog-plugin-http2/src/server.js +1 -1
- package/packages/datadog-plugin-jest/src/index.js +39 -22
- package/packages/datadog-plugin-jest/src/util.js +1 -1
- package/packages/datadog-plugin-kafkajs/src/consumer.js +5 -5
- package/packages/datadog-plugin-kafkajs/src/index.js +1 -1
- package/packages/datadog-plugin-kafkajs/src/producer.js +5 -5
- package/packages/datadog-plugin-kafkajs/src/utils.js +1 -1
- package/packages/datadog-plugin-langchain/src/tokens.js +2 -2
- package/packages/datadog-plugin-langchain/src/tracing.js +4 -4
- package/packages/datadog-plugin-memcached/src/index.js +2 -2
- package/packages/datadog-plugin-mocha/src/index.js +12 -12
- package/packages/datadog-plugin-moleculer/src/client.js +1 -1
- package/packages/datadog-plugin-moleculer/src/index.js +1 -1
- package/packages/datadog-plugin-moleculer/src/server.js +2 -2
- package/packages/datadog-plugin-moleculer/src/util.js +1 -1
- package/packages/datadog-plugin-mongodb-core/src/index.js +5 -5
- package/packages/datadog-plugin-mysql/src/index.js +2 -2
- package/packages/datadog-plugin-net/src/ipc.js +2 -2
- package/packages/datadog-plugin-net/src/tcp.js +4 -4
- package/packages/datadog-plugin-next/src/index.js +4 -4
- package/packages/datadog-plugin-nyc/src/index.js +60 -0
- package/packages/datadog-plugin-openai/src/index.js +1 -1
- package/packages/datadog-plugin-openai/src/services.js +3 -3
- package/packages/datadog-plugin-openai/src/stream-helpers.js +1 -1
- package/packages/datadog-plugin-openai/src/tracing.js +10 -10
- package/packages/datadog-plugin-oracledb/src/connection-parser.js +1 -1
- package/packages/datadog-plugin-oracledb/src/index.js +1 -1
- package/packages/datadog-plugin-pg/src/index.js +2 -2
- package/packages/datadog-plugin-playwright/src/index.js +42 -42
- package/packages/datadog-plugin-prisma/src/datadog-tracing-helper.js +95 -0
- package/packages/datadog-plugin-prisma/src/index.js +129 -10
- package/packages/datadog-plugin-protobufjs/src/schema_iterator.js +3 -3
- package/packages/datadog-plugin-redis/src/index.js +2 -2
- package/packages/datadog-plugin-restify/src/index.js +1 -1
- package/packages/datadog-plugin-rhea/src/consumer.js +2 -2
- package/packages/datadog-plugin-rhea/src/index.js +1 -1
- package/packages/datadog-plugin-rhea/src/producer.js +2 -2
- package/packages/datadog-plugin-router/src/index.js +3 -3
- package/packages/datadog-plugin-selenium/src/index.js +2 -2
- package/packages/datadog-plugin-sharedb/src/index.js +2 -2
- package/packages/datadog-plugin-tedious/src/index.js +2 -2
- package/packages/datadog-plugin-undici/src/index.js +5 -5
- package/packages/datadog-plugin-vitest/src/index.js +39 -18
- package/packages/datadog-plugin-ws/src/close.js +10 -11
- package/packages/datadog-plugin-ws/src/index.js +1 -1
- package/packages/datadog-plugin-ws/src/producer.js +8 -9
- package/packages/datadog-plugin-ws/src/receiver.js +8 -9
- package/packages/datadog-plugin-ws/src/server.js +17 -12
- package/packages/datadog-plugin-ws/src/util.js +48 -16
- package/packages/datadog-shimmer/src/shimmer.js +5 -8
- package/packages/dd-trace/index.js +2 -2
- package/packages/dd-trace/src/agent/info.js +57 -0
- package/packages/dd-trace/src/agent/url.js +28 -0
- package/packages/dd-trace/src/aiguard/client.js +3 -3
- package/packages/dd-trace/src/aiguard/sdk.js +6 -6
- package/packages/dd-trace/src/aiguard/tags.js +1 -1
- package/packages/dd-trace/src/analytics_sampler.js +1 -1
- package/packages/dd-trace/src/appsec/activation.js +1 -1
- package/packages/dd-trace/src/appsec/addresses.js +1 -1
- package/packages/dd-trace/src/appsec/api_security_sampler.js +1 -1
- package/packages/dd-trace/src/appsec/blocked_templates.js +1 -1
- package/packages/dd-trace/src/appsec/blocking.js +5 -5
- package/packages/dd-trace/src/appsec/channels.js +1 -1
- package/packages/dd-trace/src/appsec/graphql.js +13 -13
- package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-base-analyzer.js +6 -5
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-password-rules.js +2 -2
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-rule-type.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secret-rules.js +148 -148
- package/packages/dd-trace/src/appsec/iast/analyzers/hardcoded-secrets-rules.js +148 -148
- package/packages/dd-trace/src/appsec/iast/analyzers/index.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/missing-header-analyzer.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js +7 -8
- package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js +2 -2
- package/packages/dd-trace/src/appsec/iast/analyzers/set-cookies-header-interceptor.js +2 -2
- package/packages/dd-trace/src/appsec/iast/analyzers/unvalidated-redirect-analyzer.js +2 -2
- package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js +3 -3
- package/packages/dd-trace/src/appsec/iast/analyzers/weak-cipher-analyzer.js +1 -1
- package/packages/dd-trace/src/appsec/iast/analyzers/weak-hash-analyzer.js +2 -2
- package/packages/dd-trace/src/appsec/iast/context/context-plugin.js +3 -3
- package/packages/dd-trace/src/appsec/iast/iast-context.js +6 -3
- package/packages/dd-trace/src/appsec/iast/iast-plugin.js +17 -9
- package/packages/dd-trace/src/appsec/iast/index.js +2 -2
- package/packages/dd-trace/src/appsec/iast/overhead-controller.js +9 -9
- package/packages/dd-trace/src/appsec/iast/path-line.js +6 -6
- package/packages/dd-trace/src/appsec/iast/security-controls/index.js +11 -11
- package/packages/dd-trace/src/appsec/iast/security-controls/parser.js +49 -17
- package/packages/dd-trace/src/appsec/iast/tags.js +1 -1
- package/packages/dd-trace/src/appsec/iast/taint-tracking/constants.js +1 -1
- package/packages/dd-trace/src/appsec/iast/taint-tracking/csi-methods.js +2 -2
- package/packages/dd-trace/src/appsec/iast/taint-tracking/filter.js +1 -1
- package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js +2 -2
- package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js +3 -6
- package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js +2 -2
- package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +5 -5
- package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter-esm.mjs +4 -4
- package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +5 -5
- package/packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks.js +6 -4
- package/packages/dd-trace/src/appsec/iast/taint-tracking/source-types.js +1 -1
- package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js +8 -8
- package/packages/dd-trace/src/appsec/iast/telemetry/iast-metric.js +4 -4
- package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js +2 -2
- package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js +6 -6
- package/packages/dd-trace/src/appsec/iast/telemetry/verbosity.js +2 -2
- package/packages/dd-trace/src/appsec/iast/utils.js +3 -3
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/constants.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/range-utils.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/hardcoded-password-analyzer.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js +6 -6
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/tainted-range-based-sensitive-analyzer.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +8 -8
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js +12 -11
- package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js +5 -5
- package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +1 -1
- package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js +4 -4
- package/packages/dd-trace/src/appsec/index.js +65 -27
- package/packages/dd-trace/src/appsec/rasp/command_injection.js +3 -3
- package/packages/dd-trace/src/appsec/rasp/fs-plugin.js +4 -4
- package/packages/dd-trace/src/appsec/rasp/index.js +2 -2
- package/packages/dd-trace/src/appsec/rasp/lfi.js +5 -5
- package/packages/dd-trace/src/appsec/rasp/sql_injection.js +2 -2
- package/packages/dd-trace/src/appsec/rasp/ssrf.js +1 -1
- package/packages/dd-trace/src/appsec/rasp/utils.js +4 -4
- package/packages/dd-trace/src/appsec/rc-products.js +1 -1
- package/packages/dd-trace/src/appsec/remote_config.js +3 -3
- package/packages/dd-trace/src/appsec/reporter.js +11 -11
- package/packages/dd-trace/src/appsec/rule_manager.js +1 -1
- package/packages/dd-trace/src/appsec/sdk/index.js +1 -1
- package/packages/dd-trace/src/appsec/sdk/set_user.js +2 -2
- package/packages/dd-trace/src/appsec/sdk/track_event.js +7 -7
- package/packages/dd-trace/src/appsec/sdk/user_blocking.js +1 -1
- package/packages/dd-trace/src/appsec/sdk/utils.js +1 -1
- package/packages/dd-trace/src/appsec/stack_trace.js +5 -5
- package/packages/dd-trace/src/appsec/telemetry/common.js +3 -3
- package/packages/dd-trace/src/appsec/telemetry/index.js +5 -5
- package/packages/dd-trace/src/appsec/telemetry/rasp.js +3 -3
- package/packages/dd-trace/src/appsec/telemetry/user.js +4 -4
- package/packages/dd-trace/src/appsec/telemetry/waf.js +3 -3
- package/packages/dd-trace/src/appsec/user_tracking.js +7 -7
- package/packages/dd-trace/src/appsec/waf/diagnostics.js +2 -2
- package/packages/dd-trace/src/appsec/waf/index.js +1 -1
- package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +2 -2
- package/packages/dd-trace/src/azure_metadata.js +16 -9
- package/packages/dd-trace/src/baggage.js +1 -1
- package/packages/dd-trace/src/ci-visibility/coverage-report-discovery.js +82 -0
- package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/index.js +5 -5
- package/packages/dd-trace/src/ci-visibility/dynamic-instrumentation/worker/index.js +9 -9
- package/packages/dd-trace/src/ci-visibility/early-flake-detection/get-known-tests.js +8 -8
- package/packages/dd-trace/src/ci-visibility/exporters/agent-proxy/index.js +11 -11
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/coverage-writer.js +4 -3
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/di-logs-writer.js +8 -6
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/index.js +2 -0
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/writer.js +4 -3
- package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +39 -20
- package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +22 -22
- package/packages/dd-trace/src/ci-visibility/exporters/test-worker/index.js +1 -1
- package/packages/dd-trace/src/ci-visibility/exporters/test-worker/writer.js +1 -1
- package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +8 -8
- package/packages/dd-trace/src/ci-visibility/log-submission/log-submission-plugin.js +3 -3
- package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js +17 -12
- package/packages/dd-trace/src/ci-visibility/requests/upload-coverage-report.js +92 -0
- package/packages/dd-trace/src/ci-visibility/telemetry.js +8 -4
- package/packages/dd-trace/src/ci-visibility/test-api-manual/test-api-manual-plugin.js +1 -1
- package/packages/dd-trace/src/ci-visibility/test-management/get-test-management-tests.js +6 -6
- package/packages/dd-trace/src/ci-visibility/test-optimization-cache.js +61 -0
- package/packages/dd-trace/src/config/defaults.js +1 -1
- package/packages/dd-trace/src/config/git_properties.js +1 -1
- package/packages/dd-trace/src/config/helper.js +2 -2
- package/packages/dd-trace/src/config/index.js +645 -641
- package/packages/dd-trace/src/config/remote_config.js +2 -1
- package/packages/dd-trace/src/config/stable.js +2 -2
- package/packages/dd-trace/src/config/supported-configurations.json +2 -1
- package/packages/dd-trace/src/constants.js +3 -3
- package/packages/dd-trace/src/crashtracking/crashtracker.js +8 -11
- package/packages/dd-trace/src/datastreams/checkpointer.js +1 -1
- package/packages/dd-trace/src/datastreams/context.js +1 -1
- package/packages/dd-trace/src/datastreams/encoding.js +1 -1
- package/packages/dd-trace/src/datastreams/fnv.js +1 -1
- package/packages/dd-trace/src/datastreams/index.js +8 -8
- package/packages/dd-trace/src/datastreams/pathway.js +5 -3
- package/packages/dd-trace/src/datastreams/processor.js +14 -12
- package/packages/dd-trace/src/datastreams/schemas/schema_builder.js +27 -25
- package/packages/dd-trace/src/datastreams/schemas/schema_sampler.js +1 -1
- package/packages/dd-trace/src/datastreams/size.js +3 -3
- package/packages/dd-trace/src/datastreams/writer.js +5 -11
- package/packages/dd-trace/src/debugger/config.js +2 -1
- package/packages/dd-trace/src/debugger/constants.js +7 -0
- package/packages/dd-trace/src/debugger/devtools_client/breakpoints.js +14 -10
- package/packages/dd-trace/src/debugger/devtools_client/condition.js +2 -2
- package/packages/dd-trace/src/debugger/devtools_client/config.js +6 -12
- package/packages/dd-trace/src/debugger/devtools_client/defaults.js +1 -1
- package/packages/dd-trace/src/debugger/devtools_client/index.js +32 -25
- package/packages/dd-trace/src/debugger/devtools_client/inspector_promises_polyfill.js +1 -1
- package/packages/dd-trace/src/debugger/devtools_client/json-buffer.js +10 -11
- package/packages/dd-trace/src/debugger/devtools_client/log.js +1 -1
- package/packages/dd-trace/src/debugger/devtools_client/send.js +54 -10
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/collector.js +94 -37
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/index.js +4 -4
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/processor.js +7 -7
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/redaction.js +2 -2
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/symbols.js +1 -1
- package/packages/dd-trace/src/debugger/devtools_client/snapshot-pruner.js +1 -1
- package/packages/dd-trace/src/debugger/devtools_client/source-maps.js +10 -1
- package/packages/dd-trace/src/debugger/devtools_client/state.js +65 -8
- package/packages/dd-trace/src/debugger/devtools_client/status.js +9 -8
- package/packages/dd-trace/src/debugger/index.js +95 -37
- package/packages/dd-trace/src/dogstatsd.js +17 -18
- package/packages/dd-trace/src/encode/0.4.js +7 -6
- package/packages/dd-trace/src/encode/agentless-ci-visibility.js +8 -8
- package/packages/dd-trace/src/encode/coverage-ci-visibility.js +3 -3
- package/packages/dd-trace/src/encode/span-stats.js +2 -2
- package/packages/dd-trace/src/encode/tags-processors.js +1 -1
- package/packages/dd-trace/src/exporters/agent/index.js +5 -9
- package/packages/dd-trace/src/exporters/agent/writer.js +5 -4
- package/packages/dd-trace/src/exporters/common/agents.js +1 -1
- package/packages/dd-trace/src/exporters/common/{agent-info-exporter.js → buffering-exporter.js} +12 -39
- package/packages/dd-trace/src/exporters/common/docker.js +11 -7
- package/packages/dd-trace/src/exporters/common/request.js +28 -8
- package/packages/dd-trace/src/exporters/common/url-to-http-options-polyfill.js +2 -2
- package/packages/dd-trace/src/exporters/common/writer.js +2 -0
- package/packages/dd-trace/src/exporters/span-stats/index.js +4 -11
- package/packages/dd-trace/src/exporters/span-stats/writer.js +3 -3
- package/packages/dd-trace/src/external-logger/src/index.js +4 -4
- package/packages/dd-trace/src/flare/index.js +3 -3
- package/packages/dd-trace/src/guardrails/telemetry.js +1 -1
- package/packages/dd-trace/src/heap_snapshots.js +1 -1
- package/packages/dd-trace/src/id.js +1 -1
- package/packages/dd-trace/src/iitm.js +1 -1
- package/packages/dd-trace/src/lambda/handler.js +1 -1
- package/packages/dd-trace/src/lambda/runtime/errors.js +1 -1
- package/packages/dd-trace/src/lambda/runtime/ritm.js +3 -3
- package/packages/dd-trace/src/llmobs/constants/tags.js +1 -1
- package/packages/dd-trace/src/llmobs/constants/text.js +1 -1
- package/packages/dd-trace/src/llmobs/constants/writers.js +1 -1
- package/packages/dd-trace/src/llmobs/index.js +2 -4
- package/packages/dd-trace/src/llmobs/noop.js +2 -2
- package/packages/dd-trace/src/llmobs/plugins/ai/index.js +8 -8
- package/packages/dd-trace/src/llmobs/plugins/ai/util.js +2 -2
- package/packages/dd-trace/src/llmobs/plugins/anthropic.js +5 -5
- package/packages/dd-trace/src/llmobs/plugins/base.js +1 -1
- package/packages/dd-trace/src/llmobs/plugins/bedrockruntime.js +8 -8
- package/packages/dd-trace/src/llmobs/plugins/genai/index.js +2 -2
- package/packages/dd-trace/src/llmobs/plugins/genai/util.js +15 -15
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/chat_model.js +2 -2
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/index.js +5 -5
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/vectorstore.js +1 -1
- package/packages/dd-trace/src/llmobs/plugins/langchain/index.js +3 -3
- package/packages/dd-trace/src/llmobs/plugins/openai/constants.js +1 -1
- package/packages/dd-trace/src/llmobs/plugins/openai/index.js +17 -17
- package/packages/dd-trace/src/llmobs/plugins/openai/utils.js +3 -3
- package/packages/dd-trace/src/llmobs/plugins/vertexai.js +6 -6
- package/packages/dd-trace/src/llmobs/sdk.js +11 -11
- package/packages/dd-trace/src/llmobs/span_processor.js +6 -6
- package/packages/dd-trace/src/llmobs/tagger.js +4 -4
- package/packages/dd-trace/src/llmobs/telemetry.js +8 -8
- package/packages/dd-trace/src/llmobs/util.js +1 -1
- package/packages/dd-trace/src/llmobs/writers/base.js +11 -17
- package/packages/dd-trace/src/llmobs/writers/evaluations.js +5 -5
- package/packages/dd-trace/src/llmobs/writers/spans.js +3 -3
- package/packages/dd-trace/src/llmobs/writers/util.js +4 -10
- package/packages/dd-trace/src/log/channels.js +2 -2
- package/packages/dd-trace/src/log/index.js +46 -31
- package/packages/dd-trace/src/log/log.js +1 -1
- package/packages/dd-trace/src/log/writer.js +14 -79
- package/packages/dd-trace/src/noop/span.js +2 -2
- package/packages/dd-trace/src/openfeature/constants/constants.js +1 -1
- package/packages/dd-trace/src/openfeature/flagging_provider.js +4 -4
- package/packages/dd-trace/src/openfeature/index.js +2 -2
- package/packages/dd-trace/src/openfeature/noop.js +3 -3
- package/packages/dd-trace/src/openfeature/remote_config.js +1 -1
- package/packages/dd-trace/src/openfeature/writers/base.js +14 -20
- package/packages/dd-trace/src/openfeature/writers/exposures.js +10 -10
- package/packages/dd-trace/src/openfeature/writers/util.js +4 -9
- package/packages/dd-trace/src/opentelemetry/context_manager.js +48 -29
- package/packages/dd-trace/src/opentelemetry/logs/index.js +2 -2
- package/packages/dd-trace/src/opentelemetry/logs/logger_provider.js +2 -2
- package/packages/dd-trace/src/opentelemetry/logs/otlp_transformer.js +10 -10
- package/packages/dd-trace/src/opentelemetry/metrics/constants.js +3 -3
- package/packages/dd-trace/src/opentelemetry/metrics/index.js +2 -2
- package/packages/dd-trace/src/opentelemetry/metrics/instruments.js +3 -3
- package/packages/dd-trace/src/opentelemetry/metrics/meter.js +1 -1
- package/packages/dd-trace/src/opentelemetry/metrics/otlp_transformer.js +11 -11
- package/packages/dd-trace/src/opentelemetry/metrics/periodic_metric_reader.js +18 -18
- package/packages/dd-trace/src/opentelemetry/otlp/otlp_http_exporter_base.js +6 -6
- package/packages/dd-trace/src/opentelemetry/otlp/otlp_transformer_base.js +10 -7
- package/packages/dd-trace/src/opentelemetry/otlp/protobuf_loader.js +3 -3
- package/packages/dd-trace/src/opentelemetry/span.js +8 -8
- package/packages/dd-trace/src/opentelemetry/span_context.js +1 -1
- package/packages/dd-trace/src/opentelemetry/span_processor.js +1 -1
- package/packages/dd-trace/src/opentelemetry/tracer.js +4 -4
- package/packages/dd-trace/src/opentracing/propagation/log.js +2 -2
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +14 -12
- package/packages/dd-trace/src/opentracing/propagation/text_map_dsm.js +2 -0
- package/packages/dd-trace/src/opentracing/span.js +20 -20
- package/packages/dd-trace/src/opentracing/span_context.js +3 -3
- package/packages/dd-trace/src/opentracing/tracer.js +3 -3
- package/packages/dd-trace/src/payload-tagging/config/index.js +1 -1
- package/packages/dd-trace/src/payload-tagging/index.js +1 -1
- package/packages/dd-trace/src/payload-tagging/tagging.js +2 -2
- package/packages/dd-trace/src/plugin_manager.js +6 -6
- package/packages/dd-trace/src/plugins/apollo.js +4 -4
- package/packages/dd-trace/src/plugins/ci_plugin.js +101 -36
- package/packages/dd-trace/src/plugins/database.js +1 -1
- package/packages/dd-trace/src/plugins/index.js +1 -1
- package/packages/dd-trace/src/plugins/log_plugin.js +2 -2
- package/packages/dd-trace/src/plugins/outbound.js +9 -8
- package/packages/dd-trace/src/plugins/plugin.js +17 -7
- package/packages/dd-trace/src/plugins/producer.js +6 -5
- package/packages/dd-trace/src/plugins/tracing.js +37 -8
- package/packages/dd-trace/src/plugins/util/ci.js +40 -40
- package/packages/dd-trace/src/plugins/util/env.js +2 -2
- package/packages/dd-trace/src/plugins/util/git-cache.js +2 -2
- package/packages/dd-trace/src/plugins/util/git.js +20 -18
- package/packages/dd-trace/src/plugins/util/inferred_proxy.js +6 -6
- package/packages/dd-trace/src/plugins/util/ip_extractor.js +3 -3
- package/packages/dd-trace/src/plugins/util/llm.js +1 -1
- package/packages/dd-trace/src/plugins/util/stacktrace.js +3 -3
- package/packages/dd-trace/src/plugins/util/tags.js +1 -1
- package/packages/dd-trace/src/plugins/util/test.js +46 -40
- package/packages/dd-trace/src/plugins/util/url.js +1 -1
- package/packages/dd-trace/src/plugins/util/urlfilter.js +1 -1
- package/packages/dd-trace/src/plugins/util/user-provided-git.js +2 -2
- package/packages/dd-trace/src/plugins/util/web.js +12 -12
- package/packages/dd-trace/src/priority_sampler.js +4 -4
- package/packages/dd-trace/src/process-tags/index.js +2 -2
- package/packages/dd-trace/src/profiler.js +1 -1
- package/packages/dd-trace/src/profiling/config.js +11 -14
- package/packages/dd-trace/src/profiling/constants.js +2 -2
- package/packages/dd-trace/src/profiling/exporter_cli.js +3 -3
- package/packages/dd-trace/src/profiling/exporters/agent.js +5 -5
- package/packages/dd-trace/src/profiling/exporters/event_serializer.js +8 -8
- package/packages/dd-trace/src/profiling/index.js +1 -1
- package/packages/dd-trace/src/profiling/libuv-size.js +1 -1
- package/packages/dd-trace/src/profiling/loggers/console.js +1 -1
- package/packages/dd-trace/src/profiling/profiler.js +21 -23
- package/packages/dd-trace/src/profiling/profilers/event_plugins/event.js +1 -1
- package/packages/dd-trace/src/profiling/profilers/event_plugins/fs.js +3 -3
- package/packages/dd-trace/src/profiling/profilers/events.js +27 -19
- package/packages/dd-trace/src/profiling/profilers/shared.js +2 -2
- package/packages/dd-trace/src/profiling/profilers/wall.js +4 -4
- package/packages/dd-trace/src/profiling/tagger.js +1 -1
- package/packages/dd-trace/src/profiling/webspan-utils.js +2 -2
- package/packages/dd-trace/src/proxy.js +13 -13
- package/packages/dd-trace/src/remote_config/apply_states.js +1 -1
- package/packages/dd-trace/src/remote_config/capabilities.js +1 -0
- package/packages/dd-trace/src/remote_config/index.js +17 -22
- package/packages/dd-trace/src/remote_config/scheduler.js +1 -1
- package/packages/dd-trace/src/ritm.js +1 -1
- package/packages/dd-trace/src/runtime_metrics/index.js +2 -2
- package/packages/dd-trace/src/runtime_metrics/runtime_metrics.js +3 -3
- package/packages/dd-trace/src/serverless.js +1 -1
- package/packages/dd-trace/src/service-naming/extra-services.js +1 -1
- package/packages/dd-trace/src/service-naming/index.js +1 -1
- package/packages/dd-trace/src/service-naming/schemas/v0/graphql.js +3 -3
- package/packages/dd-trace/src/service-naming/schemas/v0/messaging.js +25 -25
- package/packages/dd-trace/src/service-naming/schemas/v0/serverless.js +3 -3
- package/packages/dd-trace/src/service-naming/schemas/v0/storage.js +18 -18
- package/packages/dd-trace/src/service-naming/schemas/v0/web.js +23 -23
- package/packages/dd-trace/src/service-naming/schemas/v0/websocket.js +9 -9
- package/packages/dd-trace/src/service-naming/schemas/v1/graphql.js +3 -3
- package/packages/dd-trace/src/service-naming/schemas/v1/messaging.js +21 -21
- package/packages/dd-trace/src/service-naming/schemas/v1/serverless.js +3 -3
- package/packages/dd-trace/src/service-naming/schemas/v1/storage.js +17 -17
- package/packages/dd-trace/src/service-naming/schemas/v1/web.js +23 -23
- package/packages/dd-trace/src/service-naming/schemas/v1/websocket.js +9 -9
- package/packages/dd-trace/src/span_format.js +4 -4
- package/packages/dd-trace/src/span_sampler.js +1 -1
- package/packages/dd-trace/src/span_stats.js +11 -11
- package/packages/dd-trace/src/spanleak.js +1 -1
- package/packages/dd-trace/src/standalone/index.js +1 -1
- package/packages/dd-trace/src/standalone/product.js +2 -2
- package/packages/dd-trace/src/standalone/tracesource.js +1 -1
- package/packages/dd-trace/src/startup-log.js +4 -4
- package/packages/dd-trace/src/tagger.js +3 -1
- package/packages/dd-trace/src/telemetry/dependencies.js +4 -4
- package/packages/dd-trace/src/telemetry/endpoints.js +4 -4
- package/packages/dd-trace/src/telemetry/index.js +1 -1
- package/packages/dd-trace/src/telemetry/logs/index.js +2 -2
- package/packages/dd-trace/src/telemetry/logs/log-collector.js +2 -2
- package/packages/dd-trace/src/telemetry/metrics.js +6 -6
- package/packages/dd-trace/src/telemetry/send-data.js +5 -5
- package/packages/dd-trace/src/telemetry/telemetry.js +10 -10
- package/packages/dd-trace/src/tracer.js +3 -2
- package/packages/dd-trace/src/util.js +1 -1
- package/scripts/preinstall.js +1 -1
- package/vendor/dist/@datadog/sketches-js/index.js +1 -1
- package/vendor/dist/@datadog/source-map/index.js +1 -1
- package/vendor/dist/@isaacs/ttlcache/index.js +1 -1
- package/vendor/dist/@opentelemetry/core/index.js +1 -1
- package/vendor/dist/@opentelemetry/resources/index.js +1 -1
- package/vendor/dist/astring/index.js +1 -1
- package/vendor/dist/crypto-randomuuid/index.js +1 -1
- package/vendor/dist/escape-string-regexp/index.js +1 -1
- package/vendor/dist/esquery/index.js +1 -1
- package/vendor/dist/ignore/index.js +1 -1
- package/vendor/dist/istanbul-lib-coverage/index.js +1 -1
- package/vendor/dist/jest-docblock/index.js +1 -1
- package/vendor/dist/jsonpath-plus/index.js +1 -1
- package/vendor/dist/limiter/index.js +1 -1
- package/vendor/dist/lodash.sortby/index.js +1 -1
- package/vendor/dist/lru-cache/index.js +1 -1
- package/vendor/dist/meriyah/index.js +1 -1
- package/vendor/dist/module-details-from-path/index.js +1 -1
- package/vendor/dist/mutexify/promise/index.js +1 -1
- package/vendor/dist/opentracing/index.js +1 -1
- package/vendor/dist/path-to-regexp/index.js +1 -1
- package/vendor/dist/pprof-format/index.js +1 -1
- package/vendor/dist/protobufjs/index.js +1 -1
- package/vendor/dist/protobufjs/minimal/index.js +1 -1
- package/vendor/dist/retry/index.js +1 -1
- package/vendor/dist/rfdc/index.js +1 -1
- package/vendor/dist/semifies/index.js +1 -1
- package/vendor/dist/shell-quote/index.js +1 -1
- package/vendor/dist/source-map/index.js +1 -1
- package/vendor/dist/source-map/lib/util/index.js +1 -1
- package/vendor/dist/tlhunter-sorted-set/index.js +1 -1
- package/vendor/dist/ttl-set/index.js +1 -1
- package/packages/datadog-plugin-prisma/src/client.js +0 -60
- package/packages/datadog-plugin-prisma/src/engine.js +0 -81
|
@@ -25,13 +25,12 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
|
|
|
25
25
|
this.configureSanitizers()
|
|
26
26
|
|
|
27
27
|
// Anything that accesses the storage is context dependent
|
|
28
|
-
// eslint-disable-next-line unicorn/consistent-function-scoping
|
|
29
28
|
const onStart = ({ filters }) => {
|
|
30
29
|
const store = storage('legacy').getStore()
|
|
31
30
|
if (store && !store.nosqlAnalyzed && filters?.length) {
|
|
32
|
-
|
|
31
|
+
for (const filter of filters) {
|
|
33
32
|
this.analyze({ filter }, store)
|
|
34
|
-
}
|
|
33
|
+
}
|
|
35
34
|
}
|
|
36
35
|
|
|
37
36
|
return store
|
|
@@ -69,7 +68,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
|
|
|
69
68
|
const iastContext = getIastContext(store)
|
|
70
69
|
|
|
71
70
|
if (iastContext) { // do nothing if we are not in an iast request
|
|
72
|
-
|
|
71
|
+
for (const key of sanitizedProperties) {
|
|
73
72
|
iterateObjectStrings(req[key], function (value, levelKeys) {
|
|
74
73
|
if (typeof value === 'string') {
|
|
75
74
|
let parentObj = req[key]
|
|
@@ -86,7 +85,7 @@ class NosqlInjectionMongodbAnalyzer extends InjectionAnalyzer {
|
|
|
86
85
|
}
|
|
87
86
|
}
|
|
88
87
|
})
|
|
89
|
-
}
|
|
88
|
+
}
|
|
90
89
|
}
|
|
91
90
|
})
|
|
92
91
|
|
|
@@ -175,8 +174,8 @@ function iterateMongodbQueryStrings (target, fn, levelKeys = [], depth = 10, vis
|
|
|
175
174
|
|
|
176
175
|
visited.add(target)
|
|
177
176
|
|
|
178
|
-
Object.keys(target)
|
|
179
|
-
if (SAFE_OPERATORS.has(key))
|
|
177
|
+
for (const key of Object.keys(target)) {
|
|
178
|
+
if (SAFE_OPERATORS.has(key)) continue
|
|
180
179
|
|
|
181
180
|
const nextLevelKeys = [...levelKeys, key]
|
|
182
181
|
const val = target[key]
|
|
@@ -186,7 +185,7 @@ function iterateMongodbQueryStrings (target, fn, levelKeys = [], depth = 10, vis
|
|
|
186
185
|
} else if (depth > 0) {
|
|
187
186
|
iterateMongodbQueryStrings(val, fn, nextLevelKeys, depth - 1, visited)
|
|
188
187
|
}
|
|
189
|
-
}
|
|
188
|
+
}
|
|
190
189
|
}
|
|
191
190
|
}
|
|
192
191
|
|
|
@@ -14,7 +14,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
|
|
|
14
14
|
super(PATH_TRAVERSAL)
|
|
15
15
|
|
|
16
16
|
this.exclusionList = [
|
|
17
|
-
path.join('node_modules', 'send') + path.sep
|
|
17
|
+
path.join('node_modules', 'send') + path.sep,
|
|
18
18
|
]
|
|
19
19
|
|
|
20
20
|
this.internalExclusionList = [
|
|
@@ -23,7 +23,7 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
|
|
|
23
23
|
String.raw`node:internal\fs`,
|
|
24
24
|
'fs.js',
|
|
25
25
|
'internal/fs',
|
|
26
|
-
String.raw`internal\fs
|
|
26
|
+
String.raw`internal\fs`,
|
|
27
27
|
]
|
|
28
28
|
}
|
|
29
29
|
|
|
@@ -24,14 +24,14 @@ class SetCookiesHeaderInterceptor extends Plugin {
|
|
|
24
24
|
const alreadyCheckedCookies = this._getAlreadyCheckedCookiesInResponse(res)
|
|
25
25
|
|
|
26
26
|
let location
|
|
27
|
-
|
|
27
|
+
for (const cookieString of allCookies) {
|
|
28
28
|
if (!alreadyCheckedCookies.includes(cookieString)) {
|
|
29
29
|
alreadyCheckedCookies.push(cookieString)
|
|
30
30
|
const parsedCookie = this._parseCookie(cookieString, location)
|
|
31
31
|
setCookieChannel.publish(parsedCookie)
|
|
32
32
|
location = parsedCookie.location
|
|
33
33
|
}
|
|
34
|
-
}
|
|
34
|
+
}
|
|
35
35
|
}
|
|
36
36
|
}
|
|
37
37
|
|
|
@@ -5,7 +5,7 @@ const { getNodeModulesPaths } = require('../path-line')
|
|
|
5
5
|
const { getRanges } = require('../taint-tracking/operations')
|
|
6
6
|
const {
|
|
7
7
|
HTTP_REQUEST_BODY,
|
|
8
|
-
HTTP_REQUEST_PARAMETER
|
|
8
|
+
HTTP_REQUEST_PARAMETER,
|
|
9
9
|
} = require('../taint-tracking/source-types')
|
|
10
10
|
const InjectionAnalyzer = require('./injection-analyzer')
|
|
11
11
|
|
|
@@ -16,7 +16,7 @@ const EXCLUDED_PATHS = [
|
|
|
16
16
|
|
|
17
17
|
const VULNERABLE_SOURCE_TYPES = new Set([
|
|
18
18
|
HTTP_REQUEST_BODY,
|
|
19
|
-
HTTP_REQUEST_PARAMETER
|
|
19
|
+
HTTP_REQUEST_PARAMETER,
|
|
20
20
|
])
|
|
21
21
|
|
|
22
22
|
class UnvalidatedRedirectAnalyzer extends InjectionAnalyzer {
|
|
@@ -8,7 +8,7 @@ const { SinkIastPlugin } = require('../iast-plugin')
|
|
|
8
8
|
const {
|
|
9
9
|
addVulnerability,
|
|
10
10
|
getVulnerabilityCallSiteFrames,
|
|
11
|
-
replaceCallSiteFromSourceMap
|
|
11
|
+
replaceCallSiteFromSourceMap,
|
|
12
12
|
} = require('../vulnerability-reporter')
|
|
13
13
|
const { getMarkFromVulnerabilityType } = require('../taint-tracking/secure-marks')
|
|
14
14
|
const { SUPPRESSED_VULNERABILITIES } = require('../telemetry/iast-metric')
|
|
@@ -137,9 +137,9 @@ class Analyzer extends SinkIastPlugin {
|
|
|
137
137
|
location: {
|
|
138
138
|
spanId: _spanId,
|
|
139
139
|
stackId,
|
|
140
|
-
...location
|
|
140
|
+
...location,
|
|
141
141
|
},
|
|
142
|
-
hash: this._createHash(this._createHashSource(type, evidence, location))
|
|
142
|
+
hash: this._createHash(this._createHashSource(type, evidence, location)),
|
|
143
143
|
}
|
|
144
144
|
}
|
|
145
145
|
return null
|
|
@@ -8,7 +8,7 @@ const INSECURE_CIPHERS = new Set([
|
|
|
8
8
|
'des-ede3-ecb', 'des-ede3-ofb', 'des-ofb', 'des3', 'des3-wrap',
|
|
9
9
|
'rc2', 'rc2-128', 'rc2-40', 'rc2-40-cbc', 'rc2-64', 'rc2-64-cbc', 'rc2-cbc', 'rc2-cfb', 'rc2-ecb', 'rc2-ofb',
|
|
10
10
|
'blowfish',
|
|
11
|
-
'rc4', 'rc4-40', 'rc4-hmac-md5'
|
|
11
|
+
'rc4', 'rc4-40', 'rc4-hmac-md5',
|
|
12
12
|
].map(algorithm => algorithm.toLowerCase()))
|
|
13
13
|
|
|
14
14
|
class WeakCipherAnalyzer extends Analyzer {
|
|
@@ -9,7 +9,7 @@ const Analyzer = require('./vulnerability-analyzer')
|
|
|
9
9
|
const INSECURE_HASH_ALGORITHMS = new Set([
|
|
10
10
|
'md4', 'md4WithRSAEncryption', 'RSA-MD4',
|
|
11
11
|
'RSA-MD5', 'md5', 'md5-sha1', 'ssl3-md5', 'md5WithRSAEncryption',
|
|
12
|
-
'RSA-SHA1', 'RSA-SHA1-2', 'sha1', 'md5-sha1', 'sha1WithRSAEncryption', 'ssl3-sha1'
|
|
12
|
+
'RSA-SHA1', 'RSA-SHA1-2', 'sha1', 'md5-sha1', 'sha1WithRSAEncryption', 'ssl3-sha1',
|
|
13
13
|
].map(algorithm => algorithm.toLowerCase()))
|
|
14
14
|
|
|
15
15
|
const EXCLUDED_LOCATIONS = getNodeModulesPaths(
|
|
@@ -30,7 +30,7 @@ const EXCLUDED_LOCATIONS = getNodeModulesPaths(
|
|
|
30
30
|
const EXCLUDED_PATHS_FROM_STACK = [
|
|
31
31
|
path.join('node_modules', 'object-hash', path.sep),
|
|
32
32
|
path.join('node_modules', 'aws-sdk', 'lib', 'util.js'),
|
|
33
|
-
path.join('node_modules', 'keygrip', path.sep)
|
|
33
|
+
path.join('node_modules', 'keygrip', path.sep),
|
|
34
34
|
]
|
|
35
35
|
class WeakHashAnalyzer extends Analyzer {
|
|
36
36
|
constructor () {
|
|
@@ -16,7 +16,7 @@ class IastContextPlugin extends IastPlugin {
|
|
|
16
16
|
this._getAndRegisterSubscription({
|
|
17
17
|
channelName,
|
|
18
18
|
tag,
|
|
19
|
-
tagKey: TagKey.SOURCE_TYPE
|
|
19
|
+
tagKey: TagKey.SOURCE_TYPE,
|
|
20
20
|
})
|
|
21
21
|
}
|
|
22
22
|
|
|
@@ -39,7 +39,7 @@ class IastContextPlugin extends IastPlugin {
|
|
|
39
39
|
addIastEnabledTag (isRequestAcquired, rootSpan) {
|
|
40
40
|
if (rootSpan?.addTags) {
|
|
41
41
|
rootSpan.addTags({
|
|
42
|
-
[IAST_ENABLED_TAG_KEY]: isRequestAcquired ? 1 : 0
|
|
42
|
+
[IAST_ENABLED_TAG_KEY]: isRequestAcquired ? 1 : 0,
|
|
43
43
|
})
|
|
44
44
|
}
|
|
45
45
|
}
|
|
@@ -64,7 +64,7 @@ class IastContextPlugin extends IastPlugin {
|
|
|
64
64
|
return {
|
|
65
65
|
isRequestAcquired,
|
|
66
66
|
iastContext,
|
|
67
|
-
store
|
|
67
|
+
store,
|
|
68
68
|
}
|
|
69
69
|
}
|
|
70
70
|
|
|
@@ -54,8 +54,11 @@ function cleanIastContext (store, context, iastContext) {
|
|
|
54
54
|
context[IAST_CONTEXT_KEY] = null
|
|
55
55
|
}
|
|
56
56
|
if (iastContext) {
|
|
57
|
-
if (typeof iastContext === 'object') {
|
|
58
|
-
Object.keys(iastContext)
|
|
57
|
+
if (typeof iastContext === 'object') {
|
|
58
|
+
for (const key of Object.keys(iastContext)) {
|
|
59
|
+
// TODO: Consider using a (weak)map instead of an object to avoid the need to delete the keys.
|
|
60
|
+
delete iastContext[key]
|
|
61
|
+
}
|
|
59
62
|
}
|
|
60
63
|
return true
|
|
61
64
|
}
|
|
@@ -68,5 +71,5 @@ module.exports = {
|
|
|
68
71
|
cleanIastContext,
|
|
69
72
|
getIastStackTraceId,
|
|
70
73
|
IAST_CONTEXT_KEY,
|
|
71
|
-
IAST_TRANSACTION_ID
|
|
74
|
+
IAST_TRANSACTION_ID,
|
|
72
75
|
}
|
|
@@ -38,12 +38,16 @@ class IastPluginSubscription {
|
|
|
38
38
|
if (!this.moduleInstrumented) {
|
|
39
39
|
this.moduleInstrumented = true
|
|
40
40
|
|
|
41
|
-
|
|
41
|
+
for (const tag of this.tags) {
|
|
42
|
+
this.instrumentedMetric.inc(undefined, tag)
|
|
43
|
+
}
|
|
42
44
|
}
|
|
43
45
|
}
|
|
44
46
|
|
|
45
47
|
increaseExecuted (iastContext) {
|
|
46
|
-
|
|
48
|
+
for (const tag of this.tags) {
|
|
49
|
+
this.executedMetric.inc(iastContext, tag)
|
|
50
|
+
}
|
|
47
51
|
}
|
|
48
52
|
|
|
49
53
|
matchesModuleInstrumented (name) {
|
|
@@ -76,7 +80,9 @@ class IastPlugin extends Plugin {
|
|
|
76
80
|
const result = handler()
|
|
77
81
|
if (iastTelemetry.isEnabled()) {
|
|
78
82
|
if (Array.isArray(tags)) {
|
|
79
|
-
|
|
83
|
+
for (const tag of tags) {
|
|
84
|
+
metric.inc(iastContext, tag)
|
|
85
|
+
}
|
|
80
86
|
} else {
|
|
81
87
|
metric.inc(iastContext, tags)
|
|
82
88
|
}
|
|
@@ -178,9 +184,11 @@ class IastPlugin extends Plugin {
|
|
|
178
184
|
}
|
|
179
185
|
|
|
180
186
|
_onInstrumentationLoaded (name) {
|
|
181
|
-
this.pluginSubs
|
|
182
|
-
|
|
183
|
-
|
|
187
|
+
for (const sub of this.pluginSubs) {
|
|
188
|
+
if (sub.matchesModuleInstrumented(name)) {
|
|
189
|
+
sub.increaseInstrumented()
|
|
190
|
+
}
|
|
191
|
+
}
|
|
184
192
|
}
|
|
185
193
|
}
|
|
186
194
|
|
|
@@ -193,14 +201,14 @@ class SourceIastPlugin extends IastPlugin {
|
|
|
193
201
|
this._getAndRegisterSubscription({
|
|
194
202
|
moduleName,
|
|
195
203
|
tag,
|
|
196
|
-
tagKey: TagKey.SOURCE_TYPE
|
|
204
|
+
tagKey: TagKey.SOURCE_TYPE,
|
|
197
205
|
})
|
|
198
206
|
}
|
|
199
207
|
|
|
200
208
|
execSource (sourceHandlerInfo) {
|
|
201
209
|
this._execHandlerAndIncMetric({
|
|
202
210
|
metric: EXECUTED_SOURCE,
|
|
203
|
-
...sourceHandlerInfo
|
|
211
|
+
...sourceHandlerInfo,
|
|
204
212
|
})
|
|
205
213
|
}
|
|
206
214
|
}
|
|
@@ -218,5 +226,5 @@ class SinkIastPlugin extends IastPlugin {
|
|
|
218
226
|
module.exports = {
|
|
219
227
|
SourceIastPlugin,
|
|
220
228
|
SinkIastPlugin,
|
|
221
|
-
IastPlugin
|
|
229
|
+
IastPlugin,
|
|
222
230
|
}
|
|
@@ -14,7 +14,7 @@ const {
|
|
|
14
14
|
disableTaintTracking,
|
|
15
15
|
createTransaction,
|
|
16
16
|
removeTransaction,
|
|
17
|
-
taintTrackingPlugin
|
|
17
|
+
taintTrackingPlugin,
|
|
18
18
|
} = require('./taint-tracking')
|
|
19
19
|
const { IAST_ENABLED_TAG_KEY } = require('./tags')
|
|
20
20
|
const iastTelemetry = require('./telemetry')
|
|
@@ -78,7 +78,7 @@ function onIncomingHttpRequestStart (data) {
|
|
|
78
78
|
}
|
|
79
79
|
if (rootSpan.addTags) {
|
|
80
80
|
rootSpan.addTags({
|
|
81
|
-
[IAST_ENABLED_TAG_KEY]: isRequestAcquired ? 1 : 0
|
|
81
|
+
[IAST_ENABLED_TAG_KEY]: isRequestAcquired ? 1 : 0,
|
|
82
82
|
})
|
|
83
83
|
}
|
|
84
84
|
}
|
|
@@ -77,13 +77,13 @@ const OPERATIONS = {
|
|
|
77
77
|
},
|
|
78
78
|
initContext: function (context) {
|
|
79
79
|
context.tokens[REPORT_VULNERABILITY] = this.initialTokenBucketSize()
|
|
80
|
-
}
|
|
81
|
-
}
|
|
80
|
+
},
|
|
81
|
+
},
|
|
82
82
|
}
|
|
83
83
|
|
|
84
84
|
function _getNewContext () {
|
|
85
85
|
const oceContext = {
|
|
86
|
-
tokens: {}
|
|
86
|
+
tokens: {},
|
|
87
87
|
}
|
|
88
88
|
|
|
89
89
|
for (const operation in OPERATIONS) {
|
|
@@ -119,16 +119,16 @@ function consolidateVulnerabilities (iastContext) {
|
|
|
119
119
|
const reserved = context.tokens?.[REPORT_VULNERABILITY] > 0
|
|
120
120
|
|
|
121
121
|
if (reserved) { // still a bit of budget available
|
|
122
|
-
Object.keys(context.localMaps)
|
|
122
|
+
for (const route of Object.keys(context.localMaps)) {
|
|
123
123
|
globalRouteMap.set(route, newCountersArray())
|
|
124
|
-
}
|
|
124
|
+
}
|
|
125
125
|
} else {
|
|
126
|
-
Object.keys(context.localMaps)
|
|
126
|
+
for (const route of Object.keys(context.localMaps)) {
|
|
127
127
|
const localMap = context.localMaps[route]
|
|
128
128
|
const globalMap = globalRouteMap.get(route)
|
|
129
129
|
if (!globalMap) {
|
|
130
130
|
globalRouteMap.set(route, localMap)
|
|
131
|
-
|
|
131
|
+
continue
|
|
132
132
|
}
|
|
133
133
|
|
|
134
134
|
for (let i = 0; i < vulnerabilitiesSize; i++) {
|
|
@@ -136,7 +136,7 @@ function consolidateVulnerabilities (iastContext) {
|
|
|
136
136
|
globalMap[i] = localMap[i]
|
|
137
137
|
}
|
|
138
138
|
}
|
|
139
|
-
}
|
|
139
|
+
}
|
|
140
140
|
}
|
|
141
141
|
}
|
|
142
142
|
|
|
@@ -205,5 +205,5 @@ module.exports = {
|
|
|
205
205
|
releaseRequest,
|
|
206
206
|
configure,
|
|
207
207
|
consolidateVulnerabilities,
|
|
208
|
-
clearGlobalRouteMap
|
|
208
|
+
clearGlobalRouteMap,
|
|
209
209
|
}
|
|
@@ -9,11 +9,11 @@ const pathLine = {
|
|
|
9
9
|
getNodeModulesPaths,
|
|
10
10
|
getRelativePath,
|
|
11
11
|
getNonDDCallSiteFrames,
|
|
12
|
-
ddBasePath // Exported only for test purposes
|
|
12
|
+
ddBasePath, // Exported only for test purposes
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
const EXCLUDED_PATHS = [
|
|
16
|
-
path.join(path.sep, 'node_modules', 'dc-polyfill')
|
|
16
|
+
path.join(path.sep, 'node_modules', 'dc-polyfill'),
|
|
17
17
|
]
|
|
18
18
|
const EXCLUDED_PATH_PREFIXES = [
|
|
19
19
|
'node:diagnostics_channel',
|
|
@@ -21,7 +21,7 @@ const EXCLUDED_PATH_PREFIXES = [
|
|
|
21
21
|
'node:child_process',
|
|
22
22
|
'child_process',
|
|
23
23
|
'node:async_hooks',
|
|
24
|
-
'async_hooks'
|
|
24
|
+
'async_hooks',
|
|
25
25
|
]
|
|
26
26
|
|
|
27
27
|
function getNonDDCallSiteFrames (callSiteFrames, externallyExcludedPaths) {
|
|
@@ -38,7 +38,7 @@ function getNonDDCallSiteFrames (callSiteFrames, externallyExcludedPaths) {
|
|
|
38
38
|
const callsiteLocation = {
|
|
39
39
|
path: filepath,
|
|
40
40
|
line: callsite.line,
|
|
41
|
-
column: callsite.column
|
|
41
|
+
column: callsite.column,
|
|
42
42
|
}
|
|
43
43
|
const { path: originalPath, line, column } = getOriginalPathAndLineFromSourceMap(callsiteLocation)
|
|
44
44
|
callsite.path = filepath = originalPath
|
|
@@ -93,10 +93,10 @@ function isExcluded (callsite, externallyExcludedPaths) {
|
|
|
93
93
|
function getNodeModulesPaths (...paths) {
|
|
94
94
|
const nodeModulesPaths = []
|
|
95
95
|
|
|
96
|
-
|
|
96
|
+
for (const p of paths) {
|
|
97
97
|
const pathParts = p.split('/')
|
|
98
98
|
nodeModulesPaths.push(path.join('node_modules', ...pathParts))
|
|
99
|
-
}
|
|
99
|
+
}
|
|
100
100
|
|
|
101
101
|
return nodeModulesPaths
|
|
102
102
|
}
|
|
@@ -67,11 +67,11 @@ function getControls (filename) {
|
|
|
67
67
|
|
|
68
68
|
function hookModule (filename, module, controlsByFile) {
|
|
69
69
|
try {
|
|
70
|
-
|
|
70
|
+
for (const { type, method, parameters, secureMarks } of controlsByFile) {
|
|
71
71
|
const { target, parent, methodName } = resolve(method, module)
|
|
72
72
|
if (!target) {
|
|
73
73
|
log.error('[ASM] Unable to resolve IAST security control %s:%s', filename, method)
|
|
74
|
-
|
|
74
|
+
continue
|
|
75
75
|
}
|
|
76
76
|
|
|
77
77
|
const wrapper = type === SANITIZER_TYPE
|
|
@@ -83,7 +83,7 @@ function hookModule (filename, module, controlsByFile) {
|
|
|
83
83
|
} else {
|
|
84
84
|
module = wrapper
|
|
85
85
|
}
|
|
86
|
-
}
|
|
86
|
+
}
|
|
87
87
|
} catch (e) {
|
|
88
88
|
log.error('[ASM] Error initializing IAST security control for %s', filename, e)
|
|
89
89
|
}
|
|
@@ -127,18 +127,18 @@ function wrapSanitizer (target, secureMarks) {
|
|
|
127
127
|
function wrapInputValidator (target, parameters, secureMarks) {
|
|
128
128
|
const allParameters = !parameters?.length
|
|
129
129
|
|
|
130
|
-
return shimmer.wrapFunction(target, orig => function () {
|
|
130
|
+
return shimmer.wrapFunction(target, orig => function (...args) {
|
|
131
131
|
try {
|
|
132
|
-
|
|
132
|
+
for (let index = 0; index < args.length; index++) {
|
|
133
133
|
if (allParameters || parameters.includes(index)) {
|
|
134
|
-
addSecureMarks(
|
|
134
|
+
addSecureMarks(args[index], secureMarks, false)
|
|
135
135
|
}
|
|
136
|
-
}
|
|
137
|
-
} catch (
|
|
138
|
-
log.error('[ASM] Error adding Secure mark for input validator',
|
|
136
|
+
}
|
|
137
|
+
} catch (error) {
|
|
138
|
+
log.error('[ASM] Error adding Secure mark for input validator', error)
|
|
139
139
|
}
|
|
140
140
|
|
|
141
|
-
return orig.apply(this,
|
|
141
|
+
return orig.apply(this, args)
|
|
142
142
|
})
|
|
143
143
|
}
|
|
144
144
|
|
|
@@ -175,5 +175,5 @@ function disable () {
|
|
|
175
175
|
|
|
176
176
|
module.exports = {
|
|
177
177
|
configure,
|
|
178
|
-
disable
|
|
178
|
+
disable,
|
|
179
179
|
}
|
|
@@ -12,23 +12,48 @@ const SANITIZER_TYPE = 'SANITIZER'
|
|
|
12
12
|
|
|
13
13
|
const validTypes = new Set([INPUT_VALIDATOR_TYPE, SANITIZER_TYPE])
|
|
14
14
|
|
|
15
|
+
/**
|
|
16
|
+
* @param {string} securityControlsConfiguration
|
|
17
|
+
* @returns {Map<string, Array<{
|
|
18
|
+
* type: string,
|
|
19
|
+
* secureMarks: number,
|
|
20
|
+
* file: string,
|
|
21
|
+
* method: string,
|
|
22
|
+
* parameters: number[] | undefined
|
|
23
|
+
* }>>}
|
|
24
|
+
*/
|
|
15
25
|
function parse (securityControlsConfiguration) {
|
|
16
26
|
const controls = new Map()
|
|
17
27
|
|
|
18
|
-
securityControlsConfiguration
|
|
28
|
+
const potentialControls = securityControlsConfiguration
|
|
29
|
+
.replaceAll(/[\r\n\t\v\f]*/g, '')
|
|
19
30
|
.split(SECURITY_CONTROL_DELIMITER)
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
31
|
+
|
|
32
|
+
for (const potentialControl of potentialControls) {
|
|
33
|
+
const control = parseControl(potentialControl)
|
|
34
|
+
if (control) {
|
|
35
|
+
const fileControls = controls.get(control.file)
|
|
36
|
+
if (fileControls) {
|
|
37
|
+
fileControls.push(control)
|
|
38
|
+
} else {
|
|
39
|
+
controls.set(control.file, [control])
|
|
25
40
|
}
|
|
26
|
-
|
|
27
|
-
|
|
41
|
+
}
|
|
42
|
+
}
|
|
28
43
|
|
|
29
44
|
return controls
|
|
30
45
|
}
|
|
31
46
|
|
|
47
|
+
/**
|
|
48
|
+
* @param {string} control
|
|
49
|
+
* @returns {{
|
|
50
|
+
* type: string,
|
|
51
|
+
* secureMarks: number,
|
|
52
|
+
* file: string,
|
|
53
|
+
* method: string,
|
|
54
|
+
* parameters: number[] | undefined
|
|
55
|
+
* } | undefined}
|
|
56
|
+
*/
|
|
32
57
|
function parseControl (control) {
|
|
33
58
|
if (!control) return
|
|
34
59
|
|
|
@@ -48,32 +73,39 @@ function parseControl (control) {
|
|
|
48
73
|
}
|
|
49
74
|
|
|
50
75
|
let secureMarks = CUSTOM_SECURE_MARK
|
|
51
|
-
getSecureMarks(marks)
|
|
76
|
+
for (const mark of getSecureMarks(marks)) {
|
|
77
|
+
secureMarks |= mark
|
|
78
|
+
}
|
|
52
79
|
if (secureMarks === CUSTOM_SECURE_MARK) {
|
|
53
80
|
log.warn('[ASM] Invalid security control mark: %s', marks)
|
|
54
81
|
return
|
|
55
82
|
}
|
|
56
83
|
|
|
57
|
-
file = file
|
|
84
|
+
file = file.trim()
|
|
58
85
|
|
|
59
86
|
method = method?.trim()
|
|
60
87
|
|
|
61
88
|
try {
|
|
62
|
-
|
|
89
|
+
const parsedParameters = getParameters(parameters)
|
|
90
|
+
return { type, secureMarks, file, method, parameters: parsedParameters }
|
|
63
91
|
} catch {
|
|
64
92
|
log.warn('[ASM] Invalid non-numeric security control parameter %s', parameters)
|
|
65
|
-
return
|
|
66
93
|
}
|
|
67
|
-
|
|
68
|
-
return { type, secureMarks, file, method, parameters }
|
|
69
94
|
}
|
|
70
95
|
|
|
96
|
+
/**
|
|
97
|
+
* @param {string} marks
|
|
98
|
+
* @returns {number[]}
|
|
99
|
+
*/
|
|
71
100
|
function getSecureMarks (marks) {
|
|
72
|
-
return marks
|
|
101
|
+
return marks.split(SECURITY_CONTROL_ELEMENT_DELIMITER)
|
|
73
102
|
.map(getMarkFromVulnerabilityType)
|
|
74
|
-
.filter(
|
|
103
|
+
.filter(Boolean)
|
|
75
104
|
}
|
|
76
105
|
|
|
106
|
+
/**
|
|
107
|
+
* @param {string | undefined} parameters
|
|
108
|
+
*/
|
|
77
109
|
function getParameters (parameters) {
|
|
78
110
|
return parameters?.split(SECURITY_CONTROL_ELEMENT_DELIMITER)
|
|
79
111
|
.map(param => {
|
|
@@ -92,5 +124,5 @@ module.exports = {
|
|
|
92
124
|
parse,
|
|
93
125
|
|
|
94
126
|
INPUT_VALIDATOR_TYPE,
|
|
95
|
-
SANITIZER_TYPE
|
|
127
|
+
SANITIZER_TYPE,
|
|
96
128
|
}
|
|
@@ -16,9 +16,9 @@ const csiMethods = [
|
|
|
16
16
|
{ src: 'trim' },
|
|
17
17
|
{ src: 'trimEnd' },
|
|
18
18
|
{ src: 'trimStart', dst: 'trim' },
|
|
19
|
-
{ src: 'eval', allowedWithoutCallee: true }
|
|
19
|
+
{ src: 'eval', allowedWithoutCallee: true },
|
|
20
20
|
]
|
|
21
21
|
|
|
22
22
|
module.exports = {
|
|
23
|
-
csiMethods
|
|
23
|
+
csiMethods,
|
|
24
24
|
}
|
|
@@ -6,7 +6,7 @@ const {
|
|
|
6
6
|
removeTransaction,
|
|
7
7
|
setMaxTransactions,
|
|
8
8
|
enableTaintOperations,
|
|
9
|
-
disableTaintOperations
|
|
9
|
+
disableTaintOperations,
|
|
10
10
|
} = require('./operations')
|
|
11
11
|
|
|
12
12
|
const taintTrackingPlugin = require('./plugin')
|
|
@@ -32,5 +32,5 @@ module.exports = {
|
|
|
32
32
|
setMaxTransactions,
|
|
33
33
|
createTransaction,
|
|
34
34
|
removeTransaction,
|
|
35
|
-
taintTrackingPlugin
|
|
35
|
+
taintTrackingPlugin,
|
|
36
36
|
}
|
|
@@ -28,10 +28,7 @@ function taintObject (iastContext, object, type) {
|
|
|
28
28
|
} else {
|
|
29
29
|
result = tainted
|
|
30
30
|
}
|
|
31
|
-
} else if (
|
|
32
|
-
// eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
|
|
33
|
-
typeof value === 'object' && !visited.has(value)
|
|
34
|
-
) {
|
|
31
|
+
} else if (typeof value === 'object' && !visited.has(value)) {
|
|
35
32
|
visited.add(value)
|
|
36
33
|
|
|
37
34
|
for (const key of Object.keys(value)) {
|
|
@@ -72,7 +69,7 @@ function traverseAndTaint (node, path, cache, transactionId) {
|
|
|
72
69
|
return tainted
|
|
73
70
|
}
|
|
74
71
|
|
|
75
|
-
if (typeof node === 'object') {
|
|
72
|
+
if (typeof node === 'object') {
|
|
76
73
|
const keys = Array.isArray(node) ? node.keys() : Object.keys(node)
|
|
77
74
|
|
|
78
75
|
for (const key of keys) {
|
|
@@ -87,5 +84,5 @@ function traverseAndTaint (node, path, cache, transactionId) {
|
|
|
87
84
|
|
|
88
85
|
module.exports = {
|
|
89
86
|
taintObject,
|
|
90
|
-
taintQueryWithCache
|
|
87
|
+
taintQueryWithCache,
|
|
91
88
|
}
|