npm - dd-trace - Versions diffs - 5.84.0 → 5.85.0 - Mend

dd-trace 5.84.0 → 5.85.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (625) hide show

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -5,7 +5,7 @@ const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
 const { storage } = require('../../../datadog-core')
-const { isInServerlessEnvironment } = require('../serverless')
+const { IS_SERVERLESS } = require('../serverless')
 const RuleManager = require('./rule_manager')
 const appsecRemoteConfig = require('./remote_config')
 const {
@@ -29,7 +29,7 @@ const {
   responseSetHeader,
   routerParam,
   fastifyResponseChannel,
-  fastifyPathParams
+  fastifyPathParams,
 } = require('./channels')
 const waf = require('./waf')
 const addresses = require('./addresses')
@@ -96,7 +96,7 @@ function enable (_config) {
     isEnabled = true
     config = _config
   } catch (err) {
-    if (!isInServerlessEnvironment()) {
+    if (!IS_SERVERLESS) {
       log.error('[ASM] Unable to start AppSec', err)
     }
@@ -122,7 +122,6 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
     storedBodies.set(req, body)
   }
-  // eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
   if (typeof body === 'object') {
     if (isEmptyObject(body)) return
     analyzedBodies.add(body)
@@ -130,8 +129,8 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   const results = waf.run({
     persistent: {
-      [addresses.HTTP_INCOMING_BODY]: body
-    }
+      [addresses.HTTP_INCOMING_BODY]: body,
+    },
   }, req)
   handleResults(results?.actions, req, res, rootSpan, abortController)
@@ -150,8 +149,8 @@ function onRequestCookieParser ({ req, res, abortController, cookies }) {
   const results = waf.run({
     persistent: {
-      [addresses.HTTP_INCOMING_COOKIES]: cookies
-    }
+      [addresses.HTTP_INCOMING_COOKIES]: cookies,
+    },
   }, req)
   handleResults(results?.actions, req, res, rootSpan, abortController)
@@ -166,7 +165,7 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
   rootSpan.addTags({
     '_dd.appsec.enabled': 1,
     '_dd.runtime_family': 'nodejs',
-    [HTTP_CLIENT_IP]: clientIp
+    [HTTP_CLIENT_IP]: clientIp,
   })
   const requestHeaders = { ...req.headers }
@@ -175,7 +174,7 @@ function incomingHttpStartTranslator ({ req, res, abortController }) {
   const persistent = {
     [addresses.HTTP_INCOMING_URL]: req.url,
     [addresses.HTTP_INCOMING_HEADERS]: requestHeaders,
-    [addresses.HTTP_INCOMING_METHOD]: req.method
+    [addresses.HTTP_INCOMING_METHOD]: req.method,
   }
   if (clientIp) {
@@ -192,7 +191,6 @@ function incomingHttpEndTranslator ({ req, res }) {
   // we need to keep this to support other body parsers
   if (req.body !== undefined && req.body !== null) {
-    // eslint-disable-next-line eslint-rules/eslint-safe-typeof-object
     if (typeof req.body === 'object') {
       if (!isEmptyObject(req.body) && !analyzedBodies.has(req.body)) {
         persistent[addresses.HTTP_INCOMING_BODY] = req.body
@@ -283,8 +281,8 @@ function onExpressSession ({ req, res, sessionId, abortController }) {
   const results = waf.run({
     persistent: {
-      [addresses.USER_SESSION_ID]: sessionId
-    }
+      [addresses.USER_SESSION_ID]: sessionId,
+    },
   }, req)
   handleResults(results?.actions, req, res, rootSpan, abortController)
@@ -305,8 +303,8 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   const results = waf.run({
     persistent: {
-      [addresses.HTTP_INCOMING_QUERY]: query
-    }
+      [addresses.HTTP_INCOMING_QUERY]: query,
+    },
   }, req)
   handleResults(results?.actions, req, res, rootSpan, abortController)
@@ -320,8 +318,8 @@ function onRequestProcessParams ({ req, res, abortController, params }) {
   const results = waf.run({
     persistent: {
-      [addresses.HTTP_INCOMING_PARAMS]: params
-    }
+      [addresses.HTTP_INCOMING_PARAMS]: params,
+    },
   }, req)
   handleResults(results?.actions, req, res, rootSpan, abortController)
@@ -334,8 +332,8 @@ function onResponseBody ({ req, res, body }) {
   // we don't support blocking at this point, so no results needed
   waf.run({
     persistent: {
-      [addresses.HTTP_INCOMING_RESPONSE_BODY]: body
-    }
+      [addresses.HTTP_INCOMING_RESPONSE_BODY]: body,
+    },
   }, req)
 }
@@ -369,8 +367,8 @@ function onResponseWriteHead ({ req, res, abortController, statusCode, responseH
   const results = waf.run({
     persistent: {
       [addresses.HTTP_INCOMING_RESPONSE_CODE]: String(statusCode),
-      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders
-    }
+      [addresses.HTTP_INCOMING_RESPONSE_HEADERS]: responseHeaders,
+    },
   }, req)
   responseAnalyzedSet.add(res)
@@ -445,5 +443,5 @@ module.exports = {
   enable,
   disable,
   incomingHttpStartTranslator,
-  incomingHttpEndTranslator
+  incomingHttpEndTranslator,
 }

package/packages/dd-trace/src/appsec/rasp/command_injection.js CHANGED Viewed

@@ -12,14 +12,14 @@ function enable (_config) {
   config = _config
   childProcessExecutionTracingChannel.subscribe({
-    start: analyzeCommandInjection
+    start: analyzeCommandInjection,
   })
 }
 function disable () {
   if (childProcessExecutionTracingChannel.start.hasSubscribers) {
     childProcessExecutionTracingChannel.unsubscribe({
-      start: analyzeCommandInjection
+      start: analyzeCommandInjection,
     })
   }
 }
@@ -52,5 +52,5 @@ function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
 module.exports = {
   enable,
-  disable
+  disable,
 }

package/packages/dd-trace/src/appsec/rasp/fs-plugin.js CHANGED Viewed

@@ -9,7 +9,7 @@ const IAST_MODULE = 'iast'
 const enabledFor = {
   [RASP_MODULE]: false,
-  [IAST_MODULE]: false
+  [IAST_MODULE]: false,
 }
 let fsPlugin
@@ -21,8 +21,8 @@ function getStoreToStart (fsProps, store = storage('legacy').getStore()) {
       fs: {
         ...store.fs,
         ...fsProps,
-        parentStore: store
-      }
+        parentStore: store,
+      },
     }
   }
@@ -99,5 +99,5 @@ module.exports = {
   AppsecFsPlugin,
   RASP_MODULE,
-  IAST_MODULE
+  IAST_MODULE,
 }

package/packages/dd-trace/src/appsec/rasp/index.js CHANGED Viewed

@@ -5,7 +5,7 @@ const {
   setUncaughtExceptionCaptureCallbackStart,
   expressMiddlewareError,
   fastifyMiddlewareError,
-  routerMiddlewareError
+  routerMiddlewareError,
 } = require('../channels')
 const { block, registerBlockDelegation, isBlocked } = require('../blocking')
 const { updateRaspRuleMatchMetricTags } = require('../telemetry')
@@ -136,5 +136,5 @@ module.exports = {
   enable,
   disable,
   handleUncaughtExceptionMonitor, // exported only for testing purpose
-  blockOnDatadogRaspAbortError // exported only for testing purpose
+  blockOnDatadogRaspAbortError, // exported only for testing purpose
 }

package/packages/dd-trace/src/appsec/rasp/lfi.js CHANGED Viewed

@@ -63,14 +63,14 @@ function analyzeLfi (ctx) {
   const { req, fs, res } = store
   if (!req || !fs) return
-  getPaths(ctx, fs).forEach(path => {
+  for (const path of getPaths(ctx, fs)) {
     analyzeLfiPath(path, req, res, ctx.abortController)
-  })
+  }
 }
 function analyzeLfiPath (path, req, res, abortController) {
   const ephemeral = {
-    [FS_OPERATION_PATH]: path
+    [FS_OPERATION_PATH]: path,
   }
   const raspRule = { type: RULE_TYPES.LFI }
@@ -90,7 +90,7 @@ function getPaths (ctx, fs) {
     ctx.path,
     ctx.prefix,
     ctx.src,
-    ctx.target
+    ctx.target,
   ]
   return pathArguments
@@ -125,5 +125,5 @@ function shouldAnalyzeURLFile (path, fs) {
 module.exports = {
   enable,
-  disable
+  disable,
 }

package/packages/dd-trace/src/appsec/rasp/sql_injection.js CHANGED Viewed

@@ -4,7 +4,7 @@ const {
   pgQueryStart,
   pgPoolQueryStart,
   wafRunFinished,
-  mysql2OuterQueryStart
+  mysql2OuterQueryStart,
 } = require('../channels')
 const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
@@ -69,7 +69,7 @@ function analyzeSqlInjection (query, dbSystem, abortController) {
   const ephemeral = {
     [addresses.DB_STATEMENT]: query,
-    [addresses.DB_SYSTEM]: dbSystem
+    [addresses.DB_SYSTEM]: dbSystem,
   }
   const raspRule = { type: RULE_TYPES.SQL_INJECTION }

package/packages/dd-trace/src/appsec/rasp/ssrf.js CHANGED Viewed

@@ -26,7 +26,7 @@ function analyzeSsrf (ctx) {
   if (!req || !outgoingUrl) return
   const ephemeral = {
-    [addresses.HTTP_OUTGOING_URL]: outgoingUrl
+    [addresses.HTTP_OUTGOING_URL]: outgoingUrl,
   }
   const raspRule = { type: RULE_TYPES.SSRF }

package/packages/dd-trace/src/appsec/rasp/utils.js CHANGED Viewed

@@ -16,12 +16,12 @@ const RULE_TYPES = {
   COMMAND_INJECTION: 'command_injection',
   LFI: 'lfi',
   SQL_INJECTION: 'sql_injection',
-  SSRF: 'ssrf'
+  SSRF: 'ssrf',
 }
 const ALLOWED_ROOTSPAN_NAMES = new Set([
   'express.request',
-  'fastify.request'
+  'fastify.request',
 ])
 class DatadogRaspAbortError extends Error {
@@ -37,7 +37,7 @@ class DatadogRaspAbortError extends Error {
     // hide these props to not pollute app logs
     Object.defineProperties(this, {
       req: { enumerable: false },
-      res: { enumerable: false }
+      res: { enumerable: false },
     })
   }
 }
@@ -81,5 +81,5 @@ function handleResult (result, req, res, abortController, config, raspRule) {
 module.exports = {
   handleResult,
   RULE_TYPES,
-  DatadogRaspAbortError
+  DatadogRaspAbortError,
 }

package/packages/dd-trace/src/appsec/rc-products.js CHANGED Viewed

@@ -6,5 +6,5 @@ const ASM_WAF_PRODUCTS_SET = new Set(ASM_WAF_PRODUCTS)
 module.exports = {
   ASM_WAF_PRODUCTS,
-  ASM_WAF_PRODUCTS_SET
+  ASM_WAF_PRODUCTS_SET,
 }

package/packages/dd-trace/src/appsec/remote_config.js CHANGED Viewed

@@ -80,8 +80,8 @@ function enableOrDisableAppsec (action, rcConfig, config, appsec) {
       {
         name: 'appsec.enabled',
         origin: isRemoteConfigControlling ? 'remote_config' : config.getOrigin('appsec.enabled'),
-        value: shouldEnable
-      }
+        value: shouldEnable,
+      },
     ], config)
   }
 }
@@ -173,5 +173,5 @@ function disableWafUpdate () {
 module.exports = {
   enable,
   enableWafUpdate,
-  disableWafUpdate
+  disableWafUpdate,
 }

package/packages/dd-trace/src/appsec/reporter.js CHANGED Viewed

@@ -16,7 +16,7 @@ const {
   updateWafRequestsMetricTags,
   updateRaspRequestsMetricTags,
   updateRaspRuleSkippedMetricTags,
-  getRequestMetrics
+  getRequestMetrics,
 } = require('./telemetry')
 const { DIAGNOSTIC_KEYS } = require('./waf/diagnostics')
@@ -33,7 +33,7 @@ const config = {
   headersExtendedCollectionEnabled: false,
   maxHeadersCollected: 0,
   headersRedaction: false,
-  raspBodyCollection: false
+  raspBodyCollection: false,
 }
 const metricsQueue = new Map()
@@ -44,12 +44,12 @@ const extendedDataCollectionRequest = new WeakMap()
 const contentHeaderList = [
   'content-length',
   'content-encoding',
-  'content-language'
+  'content-language',
 ]
 const responseHeaderList = [
   ...contentHeaderList,
-  'content-type'
+  'content-type',
 ]
 const identificationHeaders = [
@@ -60,7 +60,7 @@ const identificationHeaders = [
   'x-appgw-trace-id',
   'x-sigsci-requestid',
   'x-sigsci-tags',
-  'akamai-user-risk'
+  'akamai-user-risk',
 ]
 const eventHeadersList = [
@@ -71,14 +71,14 @@ const eventHeadersList = [
   ...contentHeaderList,
   'host',
   'accept-encoding',
-  'accept-language'
+  'accept-language',
 ]
 const requestHeadersList = [
   'content-type',
   'user-agent',
   'accept',
-  ...identificationHeaders
+  ...identificationHeaders,
 ]
 const redactedHeadersList = [
@@ -89,7 +89,7 @@ const redactedHeadersList = [
   'authentication-info',
   'proxy-authentication-info',
   'cookie',
-  'set-cookie'
+  'set-cookie',
 ]
 // these request headers are always collected - it breaks the expected spec orders
@@ -251,7 +251,7 @@ function logWafDiagnosticMessage (product, rcConfigId, configKey, message, level
   telemetryLogCh.publish({
     message,
     level,
-    tags
+    tags,
   })
 }
@@ -340,7 +340,7 @@ function reportAttack ({ events: attackData, actions }) {
   const currentTags = rootSpan.context()._tags
   const newTags = {
-    'appsec.event': 'true'
+    'appsec.event': 'true',
   }
   // TODO: maybe add this to format.js later (to take decision as late as possible)
@@ -578,5 +578,5 @@ module.exports = {
   reportAttributes,
   finishRequest,
   mapHeaderAndTags,
-  truncateRequestBody
+  truncateRequestBody,
 }

package/packages/dd-trace/src/appsec/rule_manager.js CHANGED Viewed

@@ -164,5 +164,5 @@ function clearAllRules () {
 module.exports = {
   loadRules,
   updateWafFromRC,
-  clearAllRules
+  clearAllRules,
 }

package/packages/dd-trace/src/appsec/sdk/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ const {
   trackUserLoginFailureEvent,
   trackCustomEvent,
   trackUserLoginSuccessV2,
-  trackUserLoginFailureV2
+  trackUserLoginFailureV2,
 } = require('./track_event')
 const { checkUserAndSetUser, blockRequest } = require('./user_blocking')
 const { setUser } = require('./set_user')

package/packages/dd-trace/src/appsec/sdk/set_user.js CHANGED Viewed

@@ -28,7 +28,7 @@ function setUser (tracer, user) {
   setUserTags(user, rootSpan)
   const persistent = {
-    [addresses.USER_ID]: String(user.id)
+    [addresses.USER_ID]: String(user.id),
   }
   if (user.session_id && typeof user.session_id === 'string') {
@@ -40,5 +40,5 @@ function setUser (tracer, user) {
 module.exports = {
   setUserTags,
-  setUser
+  setUser,
 }

package/packages/dd-trace/src/appsec/sdk/track_event.js CHANGED Viewed

@@ -51,7 +51,7 @@ function trackUserLoginFailureEvent (tracer, userId, exists, metadata) {
     'usr.id': userId,
     'usr.login': userId,
     'usr.exists': exists ? 'true' : 'false',
-    ...metadata
+    ...metadata,
   }
   trackEvent('users.login.failure', fields, 'trackUserLoginFailureEvent', getRootSpan(tracer))
@@ -94,7 +94,7 @@ function trackUserLoginSuccessV2 (tracer, login, user, metadata) {
   metadata = {
     'usr.login': login,
-    ...metadata
+    ...metadata,
   }
   if (user) {
@@ -138,7 +138,7 @@ function trackUserLoginFailureV2 (tracer, login, exists, metadata) {
   metadata = {
     'usr.login': login,
     'usr.exists': exists ? 'true' : 'false',
-    ...metadata
+    ...metadata,
   }
   trackEvent('users.login.failure', metadata, 'eventTrackingV2.trackUserLoginFailure', rootSpan)
@@ -149,7 +149,7 @@ function trackUserLoginFailureV2 (tracer, login, exists, metadata) {
 function flattenFields (fields, depth = 0) {
   if (depth > 4) {
     return {
-      truncated: true
+      truncated: true,
     }
   }
@@ -183,7 +183,7 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
   const tags = {
     [`appsec.events.${eventName}.track`]: 'true',
-    [`_dd.appsec.events.${eventName}.sdk`]: 'true'
+    [`_dd.appsec.events.${eventName}.sdk`]: 'true',
   }
   if (fields) {
@@ -205,7 +205,7 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
 function runWaf (eventName, user) {
   const persistent = {
-    [`server.business_logic.${eventName}`]: null
+    [`server.business_logic.${eventName}`]: null,
   }
   if (user?.id) {
@@ -226,5 +226,5 @@ module.exports = {
   trackUserLoginSuccessV2,
   trackUserLoginFailureV2,
   trackEvent,
-  runWaf
+  runWaf,
 }

package/packages/dd-trace/src/appsec/sdk/user_blocking.js CHANGED Viewed

@@ -56,5 +56,5 @@ function blockRequest (tracer, req, res) {
 module.exports = {
   checkUserAndSetUser,
-  blockRequest
+  blockRequest,
 }

package/packages/dd-trace/src/appsec/sdk/utils.js CHANGED Viewed

@@ -25,5 +25,5 @@ function getRootSpan (tracer) {
 }
 module.exports = {
-  getRootSpan
+  getRootSpan,
 }

package/packages/dd-trace/src/appsec/stack_trace.js CHANGED Viewed

@@ -7,7 +7,7 @@ const LIBRARY_FRAMES_BUFFER = 20
 const STACK_TRACE_NAMESPACES = {
   RASP: 'exploit',
-  IAST: 'vulnerability'
+  IAST: 'vulnerability',
 }
 function prepareStackTrace (_, callsites) {
@@ -44,7 +44,7 @@ function filterOutFramesFromLibrary (callSiteList) {
       const callSiteLocation = {
         path: callSite.getTranslatedFileName?.() ?? callSite.getFileName(),
         line: callSite.getTranslatedLineNumber?.() ?? callSite.getLineNumber(),
-        column: callSite.getTranslatedColumnNumber?.() ?? callSite.getColumnNumber()
+        column: callSite.getTranslatedColumnNumber?.() ?? callSite.getColumnNumber(),
       }
       const { path } = getOriginalPathAndLineFromSourceMap(callSiteLocation)
       return !path?.startsWith(ddBasePath)
@@ -73,7 +73,7 @@ function getCallsiteFrames (maxDepth = 32, constructorOpt = getCallsiteFrames, c
       column: callSite.getTranslatedColumnNumber?.() ?? callSite.getColumnNumber(),
       function: callSite.getFunctionName(),
       class_name: callSite.getTypeName(),
-      isNative: callSite.isNative()
+      isNative: callSite.isNative(),
     })
   }
@@ -99,7 +99,7 @@ function reportStackTrace (rootSpan, stackId, frames, namespace = STACK_TRACE_NA
   rootSpan.meta_struct['_dd.stack'][namespace].push({
     id: stackId,
     language: 'nodejs',
-    frames
+    frames,
   })
 }
@@ -113,5 +113,5 @@ module.exports = {
   getCallsiteFrames,
   reportStackTrace,
   canReportStackTrace,
-  STACK_TRACE_NAMESPACES
+  STACK_TRACE_NAMESPACES,
 }

package/packages/dd-trace/src/appsec/telemetry/common.js CHANGED Viewed

@@ -11,18 +11,18 @@ const tags = {
   RULE_TRIGGERED: 'rule_triggered',
   WAF_ERROR: 'waf_error',
   WAF_TIMEOUT: 'waf_timeout',
-  WAF_VERSION: 'waf_version'
+  WAF_VERSION: 'waf_version',
 }
 function getVersionsTags (wafVersion, rulesVersion) {
   return {
     [tags.WAF_VERSION]: wafVersion,
-    [tags.EVENT_RULES_VERSION]: rulesVersion || 'unknown'
+    [tags.EVENT_RULES_VERSION]: rulesVersion || 'unknown',
   }
 }
 module.exports = {
   tags,
   getVersionsTags,
-  DD_TELEMETRY_REQUEST_METRICS
+  DD_TELEMETRY_REQUEST_METRICS,
 }

package/packages/dd-trace/src/appsec/telemetry/index.js CHANGED Viewed

@@ -6,7 +6,7 @@ const {
   addRaspRequestMetrics,
   trackRaspMetrics,
   trackRaspRuleMatch,
-  trackRaspRuleSkipped
+  trackRaspRuleSkipped,
 } = require('./rasp')
 const {
   addWafRequestMetrics,
@@ -14,7 +14,7 @@ const {
   incrementWafInit,
   incrementWafUpdates,
   incrementWafConfigErrors,
-  incrementWafRequests
+  incrementWafRequests,
 } = require('./waf')
 const metricsStoreMap = new WeakMap()
@@ -42,8 +42,8 @@ function newStore () {
       wafErrorCode: null,
       raspErrorCode: null,
       wafVersion: null,
-      rulesVersion: null
-    }
+      rulesVersion: null,
+    },
   }
 }
@@ -180,5 +180,5 @@ module.exports = {
   incrementMissingUserIdMetric,
   incrementSdkEventMetric,
-  getRequestMetrics
+  getRequestMetrics,
 }

package/packages/dd-trace/src/appsec/telemetry/rasp.js CHANGED Viewed

@@ -8,7 +8,7 @@ const appsecMetrics = telemetryMetrics.manager.namespace('appsec')
 const BLOCKING_STATUS = {
   FAILURE: 'failure',
   IRRELEVANT: 'irrelevant',
-  SUCCESS: 'success'
+  SUCCESS: 'success',
 }
 function addRaspRequestMetrics (store, { duration, durationExt, wafTimeout, errorCode }) {
@@ -67,7 +67,7 @@ function trackRaspRuleMatch (store, raspRule, blockTriggered, blocked) {
     waf_version: telemetryMetrics.wafVersion,
     event_rules_version: telemetryMetrics.rulesVersion,
     rule_type: raspRule.type,
-    block: getRuleMatchBlockingStatus(blockTriggered, blocked)
+    block: getRuleMatchBlockingStatus(blockTriggered, blocked),
   }
   if (raspRule.variant) {
@@ -99,5 +99,5 @@ module.exports = {
   addRaspRequestMetrics,
   trackRaspMetrics,
   trackRaspRuleMatch,
-  trackRaspRuleSkipped
+  trackRaspRuleSkipped,
 }