npm - dd-trace - Versions diffs - 5.84.0 → 5.85.0 - Mend

dd-trace 5.84.0 → 5.85.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (625) hide show

package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js CHANGED Viewed

@@ -9,7 +9,7 @@ const { isInfoAllowed } = require('../telemetry/verbosity')
 const {
   getTaintTrackingImpl,
   getTaintTrackingNoop,
-  lodashTaintTrackingHandler
+  lodashTaintTrackingHandler,
 } = require('./taint-tracking-impl')
 const { taintObject, taintQueryWithCache } = require('./operations-taint-object')
@@ -104,5 +104,5 @@ module.exports = {
   enableTaintOperations,
   disableTaintOperations,
   setMaxTransactions,
-  IAST_TRANSACTION_ID
+  IAST_TRANSACTION_ID,
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js CHANGED Viewed

@@ -14,7 +14,7 @@ const {
   HTTP_REQUEST_PARAMETER,
   HTTP_REQUEST_PATH_PARAM,
   HTTP_REQUEST_URI,
-  SQL_ROW_VALUE
+  SQL_ROW_VALUE,
 } = require('./source-types')
 const REQ_HEADER_TAGS = EXECUTED_SOURCE.formatTags(HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME)
@@ -201,9 +201,9 @@ class TaintTrackingPlugin extends SourceIastPlugin {
           if (isURL) {
             this._taintedURLs.set(parsed, ranges[0])
           } else {
-            urlResultTaintedProperties.forEach(param => {
+            for (const param of urlResultTaintedProperties) {
               this._taintTrackingHandler(ranges[0].iinfo.type, parsed, param, iastContext)
-            })
+            }
           }
         }
       }
@@ -244,7 +244,7 @@ class TaintTrackingPlugin extends SourceIastPlugin {
     this.execSource({
       handler: () => taintObject(iastContext, headers, HTTP_REQUEST_HEADER_VALUE),
       tags: REQ_HEADER_TAGS,
-      iastContext
+      iastContext,
     })
   }
@@ -254,7 +254,7 @@ class TaintTrackingPlugin extends SourceIastPlugin {
         req.url = newTaintedString(iastContext, req.url, HTTP_REQUEST_URI, HTTP_REQUEST_URI)
       },
       tags: REQ_URI_TAGS,
-      iastContext
+      iastContext,
     })
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter-esm.mjs CHANGED Viewed

@@ -24,7 +24,7 @@ export async function initialize (data) {
     csiMethods,
     telemetryVerbosity: getName(telemetryVerbosity),
     chainSourceMap,
-    orchestrion: orchestrionConfig
+    orchestrion: orchestrionConfig,
   })
 }
@@ -59,16 +59,16 @@ export async function load (url, context, nextLoad) {
   } catch (e) {
     const newErrObject = {
       message: e.message,
-      stack: e.stack
+      stack: e.stack,
     }
     const data = {
       level: 'error',
-      messages: ['[ASM] Error rewriting file %s', url, newErrObject]
+      messages: ['[ASM] Error rewriting file %s', url, newErrObject],
     }
     port.postMessage({
       type: constants.LOG_MESSAGE,
-      data
+      data,
     })
   }

package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js CHANGED Viewed

@@ -67,7 +67,7 @@ function getRewriter (telemetryVerbosity) {
         csiMethods,
         telemetryVerbosity: getName(telemetryVerbosity),
         chainSourceMap,
-        orchestrion: orchestrionConfig
+        orchestrion: orchestrionConfig,
       })
     } catch (e) {
       log.error('Unable to initialize Rewriter', e)
@@ -91,7 +91,7 @@ function getPrepareStackTraceAccessor () {
     set (value) {
       actual = getPrepareStackTrace(value)
       originalPrepareStackTrace = value
-    }
+    },
   }
 }
@@ -221,8 +221,8 @@ let enableEsmRewriter = function (telemetryVerbosity) {
           telemetryVerbosity,
           chainSourceMap: isFlagPresent('--enable-source-maps'),
           orchestrionConfig,
-          iastEnabled: config?.iast?.enabled
-        }
+          iastEnabled: config?.iast?.enabled,
+        },
       })
     } catch (e) {
       log.error('Error enabling ESM Rewriter', e)
@@ -262,5 +262,5 @@ function enable (configArg) {
 }
 module.exports = {
-  enable, disable, getOriginalPathAndLineFromSourceMap, getRewriter
+  enable, disable, getOriginalPathAndLineFromSourceMap, getRewriter,
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks.js CHANGED Viewed

@@ -4,12 +4,14 @@ const vulnerabilities = require('../vulnerabilities')
 const { getNextSecureMark } = require('./secure-marks-generator')
 const marks = {}
-Object.keys(vulnerabilities).forEach(vulnerability => {
+for (const vulnerability of Object.keys(vulnerabilities)) {
   marks[vulnerability + '_MARK'] = getNextSecureMark()
-})
+}
 let asterisk = 0x0
-Object.values(marks).forEach(mark => { asterisk |= mark })
+for (const mark of Object.values(marks)) {
+  asterisk |= mark
+}
 marks.ASTERISK_MARK = asterisk
 marks.CUSTOM_SECURE_MARK = getNextSecureMark()
@@ -24,5 +26,5 @@ module.exports = {
   ...marks,
   getMarkFromVulnerabilityType,
-  ALL: marks
+  ALL: marks,
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/source-types.js CHANGED Viewed

@@ -11,5 +11,5 @@ module.exports = {
   HTTP_REQUEST_URI: 'http.request.uri',
   KAFKA_MESSAGE_KEY: 'kafka.message.key',
   KAFKA_MESSAGE_VALUE: 'kafka.message.value',
-  SQL_ROW_VALUE: 'sql.row.value'
+  SQL_ROW_VALUE: 'sql.row.value',
 }

package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js CHANGED Viewed

@@ -31,7 +31,7 @@ const TaintTrackingNoop = {
   stringCase: noop,
   tplOperator: noop,
   trim: noop,
-  trimEnd: noop
+  trimEnd: noop,
 }
 function getTransactionId (iastContext) {
@@ -89,14 +89,14 @@ function getCsiFn (cb, getContext, ...protos) {
 function csiMethodsDefaults (names, excluded, getContext) {
   const impl = {}
-  names.forEach(name => {
-    if (excluded.includes(name)) return
+  for (const name of names) {
+    if (excluded.includes(name)) continue
     impl[name] = getCsiFn(
       (transactionId, res, target, ...rest) => TaintedUtils[name](transactionId, res, target, ...rest),
       getContext,
       String.prototype[name]
     )
-  })
+  }
   return impl
 }
@@ -196,7 +196,7 @@ function csiMethodsOverrides (getContext) {
       }
       return res
-    }
+    },
   }
 }
@@ -207,7 +207,7 @@ function createImplWith (getContext) {
   // impls could be cached but at the moment there is only one invocation to getTaintTrackingImpl
   return {
     ...csiMethodsDefaults(methodNames, Object.keys(overrides), getContext),
-    ...overrides
+    ...overrides,
   }
 }
@@ -230,7 +230,7 @@ const lodashFns = {
   toUpper: TaintedUtils.stringCase,
   trim: TaintedUtils.trim,
   trimEnd: TaintedUtils.trimEnd,
-  trimStart: TaintedUtils.trim
+  trimStart: TaintedUtils.trim,
 }
@@ -254,5 +254,5 @@ function lodashTaintTrackingHandler (message) {
 module.exports = {
   getTaintTrackingImpl,
   getTaintTrackingNoop,
-  lodashTaintTrackingHandler
+  lodashTaintTrackingHandler,
 }

package/packages/dd-trace/src/appsec/iast/telemetry/iast-metric.js CHANGED Viewed

@@ -4,19 +4,19 @@ const { getNamespaceFromContext, globalNamespace } = require('./namespaces')
 const Scope = {
   GLOBAL: 'GLOBAL',
-  REQUEST: 'REQUEST'
+  REQUEST: 'REQUEST',
 }
 const PropagationType = {
   STRING: 'STRING',
   JSON: 'JSON',
-  URL: 'URL'
+  URL: 'URL',
 }
 const TagKey = {
   VULNERABILITY_TYPE: 'vulnerability_type',
   SOURCE_TYPE: 'source_type',
-  PROPAGATION_TYPE: 'propagation_type'
+  PROPAGATION_TYPE: 'propagation_type',
 }
 function formatTags (tags, tagKey) {
@@ -109,5 +109,5 @@ module.exports = {
   getExecutedMetric,
   getInstrumentedMetric,
-  formatTags
+  formatTags,
 }

package/packages/dd-trace/src/appsec/iast/telemetry/namespaces.js CHANGED Viewed

@@ -45,7 +45,7 @@ function merge (namespace) {
       if (points?.length && type === 'count') {
         const gMetric = globalNamespace.getMetric(metricName, tags)
-        points.forEach(point => gMetric.inc(point[1]))
+        for (const point of points) gMetric.inc(point[1])
       }
     }
   }
@@ -108,5 +108,5 @@ module.exports = {
   DD_IAST_METRICS_NAMESPACE,
-  IastNamespace
+  IastNamespace,
 }

package/packages/dd-trace/src/appsec/iast/telemetry/span-tags.js CHANGED Viewed

@@ -4,9 +4,8 @@ function addMetricsToSpan (rootSpan, metrics, tagPrefix) {
   if (!rootSpan?.addTags || !metrics) return
   const flattenMap = new Map()
-  metrics
-    .filter(data => data?.metric)
-    .forEach(data => {
+  for (const data of metrics) {
+    if (data?.metric) {
       const name = taggedMetricName(data)
       let total = flattenMap.get(name)
       const value = flatten(data)
@@ -16,12 +15,13 @@ function addMetricsToSpan (rootSpan, metrics, tagPrefix) {
         total = value
       }
       flattenMap.set(name, total)
-    })
+    }
+  }
   for (const [key, value] of flattenMap) {
     const tagName = `${tagPrefix}.${key}`
     rootSpan.addTags({
-      [tagName]: value
+      [tagName]: value,
     })
   }
 }
@@ -50,5 +50,5 @@ function processTagValue (tags) {
 module.exports = {
   addMetricsToSpan,
-  filterTags
+  filterTags,
 }

package/packages/dd-trace/src/appsec/iast/telemetry/verbosity.js CHANGED Viewed

@@ -4,7 +4,7 @@ const Verbosity = {
   OFF: 0,
   MANDATORY: 1,
   INFORMATION: 2,
-  DEBUG: 3
+  DEBUG: 3,
 }
 function isDebugAllowed (value) {
@@ -37,5 +37,5 @@ module.exports = {
   isDebugAllowed,
   isInfoAllowed,
   getVerbosity,
-  getName
+  getName,
 }

package/packages/dd-trace/src/appsec/iast/utils.js CHANGED Viewed

@@ -6,7 +6,7 @@ function iterateObjectStrings (target, fn, levelKeys = [], depth = 20, visited =
     visited.add(target)
-    Object.keys(target).forEach((key) => {
+    for (const key of Object.keys(target)) {
       const nextLevelKeys = [...levelKeys, key]
       const val = target[key]
@@ -15,10 +15,10 @@ function iterateObjectStrings (target, fn, levelKeys = [], depth = 20, visited =
       } else if (depth > 0) {
         iterateObjectStrings(val, fn, nextLevelKeys, depth - 1, visited)
       }
-    })
+    }
   }
 }
 module.exports = {
-  iterateObjectStrings
+  iterateObjectStrings,
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/constants.js CHANGED Viewed

@@ -3,5 +3,5 @@
 const HEADER_NAME_VALUE_SEPARATOR = ': '
 module.exports = {
-  HEADER_NAME_VALUE_SEPARATOR
+  HEADER_NAME_VALUE_SEPARATOR,
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/range-utils.js CHANGED Viewed

@@ -32,5 +32,5 @@ function remove (range, rangeToRemove) {
 module.exports = {
   contains,
   intersects,
-  remove
+  remove,
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/hardcoded-password-analyzer.js CHANGED Viewed

@@ -5,7 +5,7 @@ module.exports = function extractSensitiveRanges (evidence, valuePattern) {
   if (valuePattern.test(value)) {
     return [{
       start: 0,
-      end: value.length
+      end: value.length,
     }]
   }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js CHANGED Viewed

@@ -18,7 +18,7 @@ const NUMERIC_LITERAL =
       HEX_NUMBER,
       BIN_NUMBER,
       DECIMAL_NUMBER + EXPONENT,
-      INTEGER_NUMBER + EXPONENT
+      INTEGER_NUMBER + EXPONENT,
     ].join('|')
   })`
 const ORACLE_ESCAPED_LITERAL = String.raw`q'<.*?>'|q'\(.*?\)'|q'\{.*?\}'|q'\[.*?\]'|q'(?<ESCAPE>.).*?\k<ESCAPE>'`
@@ -29,7 +29,7 @@ const patterns = {
       NUMERIC_LITERAL,
       STRING_LITERAL,
       LINE_COMMENT,
-      BLOCK_COMMENT
+      BLOCK_COMMENT,
     ].join('|'),
     'gmi'
   ),
@@ -38,7 +38,7 @@ const patterns = {
       NUMERIC_LITERAL,
       MYSQL_STRING_LITERAL,
       LINE_COMMENT,
-      BLOCK_COMMENT
+      BLOCK_COMMENT,
     ].join('|'),
     'gmi'
   ),
@@ -48,7 +48,7 @@ const patterns = {
       POSTGRESQL_ESCAPED_LITERAL,
       STRING_LITERAL,
       LINE_COMMENT,
-      BLOCK_COMMENT
+      BLOCK_COMMENT,
     ].join('|'),
     'gmi'
   ),
@@ -57,9 +57,9 @@ const patterns = {
     ORACLE_ESCAPED_LITERAL,
     STRING_LITERAL,
     LINE_COMMENT,
-    BLOCK_COMMENT
+    BLOCK_COMMENT,
   ].join('|'),
-  'gmi')
+  'gmi'),
 }
 patterns.SQLITE = patterns.MYSQL
 patterns.MARIADB = patterns.MYSQL

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/tainted-range-based-sensitive-analyzer.js CHANGED Viewed

@@ -5,7 +5,7 @@ module.exports = function extractSensitiveRanges (evidence) {
   if (evidence.ranges[0].start > 0) {
     newRanges.push({
       start: 0,
-      end: evidence.ranges[0].start
+      end: evidence.ranges[0].start,
     })
   }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js CHANGED Viewed

@@ -185,7 +185,7 @@ class SensitiveHandler {
       }
       redactedSourcesContext[sourceIndex].push({
         start,
-        end
+        end,
       })
     }
   }
@@ -222,7 +222,7 @@ class SensitiveHandler {
         let _value = partValue
         const dedupedSourceRedactionContexts = []
-        sourceRedactionContext.forEach(_sourceRedactionContext => {
+        for (const _sourceRedactionContext of sourceRedactionContext) {
           const isPresentInDeduped = dedupedSourceRedactionContexts.some(_dedupedSourceRedactionContext =>
             _dedupedSourceRedactionContext.start === _sourceRedactionContext.start &&
             _dedupedSourceRedactionContext.end === _sourceRedactionContext.end
@@ -231,14 +231,14 @@ class SensitiveHandler {
           if (!isPresentInDeduped) {
             dedupedSourceRedactionContexts.push(_sourceRedactionContext)
           }
-        })
+        }
         let offset = 0
-        dedupedSourceRedactionContexts.forEach((_sourceRedactionContext) => {
+        for (const _sourceRedactionContext of dedupedSourceRedactionContexts) {
           if (_sourceRedactionContext.start > 0) {
             valueParts.push({
               source: sourceIndex,
-              value: _value.substring(0, _sourceRedactionContext.start - offset)
+              value: _value.substring(0, _sourceRedactionContext.start - offset),
             })
             _value = _value.substring(_sourceRedactionContext.start - offset)
@@ -256,17 +256,17 @@ class SensitiveHandler {
           valueParts.push({
             redacted: true,
             source: sourceIndex,
-            pattern
+            pattern,
           })
           _value = _value.slice(pattern.length)
           offset += pattern.length
-        })
+        }
         if (_value.length) {
           valueParts.push({
             source: sourceIndex,
-            value: _value
+            value: _value,
           })
         }
       }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-regex.js CHANGED Viewed

@@ -7,5 +7,5 @@ const DEFAULT_IAST_REDACTION_VALUE_PATTERN = String.raw`(?:bearer\s+[a-z0-9\._\-
 module.exports = {
   DEFAULT_IAST_REDACTION_NAME_PATTERN,
-  DEFAULT_IAST_REDACTION_VALUE_PATTERN
+  DEFAULT_IAST_REDACTION_VALUE_PATTERN,
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/index.js CHANGED Viewed

@@ -19,7 +19,7 @@ class VulnerabilityFormatter {
       {
         origin: range.iinfo.type,
         name: range.iinfo.parameterName,
-        value: range.iinfo.parameterValue
+        value: range.iinfo.parameterValue,
       }
     ))
   }
@@ -28,9 +28,9 @@ class VulnerabilityFormatter {
     const scrubbingResult = sensitiveHandler.scrubEvidence(type, evidence, sourcesIndexes, sources)
     if (scrubbingResult) {
       const { redactedValueParts, redactedSources } = scrubbingResult
-      redactedSources.forEach(i => {
+      for (const i of redactedSources) {
         delete sources[i].value
-      })
+      }
       return { valueParts: redactedValueParts }
     }
@@ -41,9 +41,10 @@ class VulnerabilityFormatter {
     const valueParts = []
     let fromIndex = 0
-    if (evidence.value == null) return { valueParts }
+    if (evidence.value == null) {
+      return { valueParts }
+    }
-    // eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
     if (typeof evidence.value === 'object' && evidence.rangesToApply) {
       const { value, ranges } = stringifyWithRanges(evidence.value, evidence.rangesToApply)
       evidence.value = value
@@ -54,13 +55,13 @@ class VulnerabilityFormatter {
       return { value: evidence.value }
     }
-    evidence.ranges.forEach((range, rangeIndex) => {
+    for (const [rangeIndex, range] of evidence.ranges.entries()) {
       if (fromIndex < range.start) {
         valueParts.push({ value: evidence.value.slice(fromIndex, range.start) })
       }
       valueParts.push({ value: evidence.value.slice(range.start, range.end), source: sourcesIndexes[rangeIndex] })
       fromIndex = range.end
-    })
+    }
     if (fromIndex < evidence.value.length) {
       valueParts.push({ value: evidence.value.slice(fromIndex) })
@@ -86,7 +87,7 @@ class VulnerabilityFormatter {
       type,
       hash,
       evidence: this.formatEvidence(type, evidence, sourcesIndexes, sources),
-      location
+      location,
     }
     return formattedVulnerability
@@ -98,7 +99,7 @@ class VulnerabilityFormatter {
     const vulnerabilities = vulnerabilitiesToFormat.map(vulnerability => {
       const vulnerabilitySources = this.extractSourcesFromVulnerability(vulnerability)
       const sourcesIndexes = []
-      vulnerabilitySources.forEach((source) => {
+      for (const source of vulnerabilitySources) {
         let sourceIndex = sources.findIndex(
           existingSource =>
             existingSource.origin === source.origin &&
@@ -110,14 +111,14 @@ class VulnerabilityFormatter {
           sources.push(source)
         }
         sourcesIndexes.push(sourceIndex)
-      })
+      }
       return this.formatVulnerability(vulnerability, sourcesIndexes, sources)
     })
     return {
       sources,
-      vulnerabilities
+      vulnerabilities,
     }
   }
 }

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js CHANGED Viewed

@@ -14,7 +14,7 @@ const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(String.raw`"(${STRINGIFY_
 const sensitiveValueRegex = new RegExp(DEFAULT_IAST_REDACTION_VALUE_PATTERN, 'gmi')
 function iterateObject (target, fn, levelKeys = [], depth = 10, visited = new Set()) {
-  Object.keys(target).forEach((key) => {
+  for (const key of Object.keys(target)) {
     const nextLevelKeys = [...levelKeys, key]
     const val = target[key]
@@ -26,7 +26,7 @@ function iterateObject (target, fn, levelKeys = [], depth = 10, visited = new Se
         iterateObject(val, fn, nextLevelKeys, depth - 1, visited)
       }
     }
-  })
+  }
 }
 function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
@@ -125,7 +125,7 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
             return {
               ...range,
               start: range.start + offset,
-              end: range.end + offset
+              end: range.end + offset,
             }
           })
@@ -136,7 +136,7 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
           sensitiveRanges.push({
             start: offset,
-            end: offset + Number.parseInt(regexRes[3])
+            end: offset + Number.parseInt(regexRes[3]),
           })
           value = value.replace(sensitiveId, '')
@@ -147,7 +147,7 @@ function stringifyWithRanges (obj, objRanges, loadSensitiveRanges = false) {
           sensitiveRanges.push({
             start: regexRes.index,
-            end: regexRes.index + originalValue.length
+            end: regexRes.index + originalValue.length,
           })
           value = value.replace(sensitiveId, originalValue)

package/packages/dd-trace/src/appsec/iast/vulnerabilities.js CHANGED Viewed

@@ -20,5 +20,5 @@ module.exports = {
   WEAK_CIPHER: 'WEAK_CIPHER',
   WEAK_HASH: 'WEAK_HASH',
   WEAK_RANDOMNESS: 'WEAK_RANDOMNESS',
-  XCONTENTTYPE_HEADER_MISSING: 'XCONTENTTYPE_HEADER_MISSING'
+  XCONTENTTYPE_HEADER_MISSING: 'XCONTENTTYPE_HEADER_MISSING',
 }

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js CHANGED Viewed

@@ -38,13 +38,13 @@ function addVulnerability (iastContext, vulnerability, callSiteFrames) {
   if (!span && tracer) {
     span = tracer.startSpan('vulnerability', {
-      type: 'vulnerability'
+      type: 'vulnerability',
     })
     vulnerability.location.spanId = span.context().toSpanId()
     span.addTags({
-      [IAST_ENABLED_TAG_KEY]: 1
+      [IAST_ENABLED_TAG_KEY]: 1,
     })
   }
@@ -86,7 +86,7 @@ function sendVulnerabilities (vulnerabilities, span) {
     if (jsonToSend.vulnerabilities.length > 0) {
       const tags = {
         // TODO: Store this outside of the span and set the tag in the exporter.
-        [IAST_JSON_TAG_KEY]: JSON.stringify(jsonToSend)
+        [IAST_JSON_TAG_KEY]: JSON.stringify(jsonToSend),
       }
       span.addTags(tags)
     }
@@ -165,5 +165,5 @@ module.exports = {
   replaceCallSiteFromSourceMap,
   clearCache,
   start,
-  stop
+  stop,
 }