dd-trace 5.97.0 → 5.99.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE-3rdparty.csv +0 -1
- package/ext/tags.js +1 -0
- package/index.d.ts +35 -3
- package/package.json +48 -46
- package/packages/datadog-instrumentations/src/crypto.js +45 -0
- package/packages/datadog-instrumentations/src/cucumber.js +65 -3
- package/packages/datadog-instrumentations/src/cypress-config.js +153 -53
- package/packages/datadog-instrumentations/src/dns.js +24 -56
- package/packages/datadog-instrumentations/src/graphql.js +1 -1
- package/packages/datadog-instrumentations/src/helpers/callback-instrumentor.js +74 -0
- package/packages/datadog-instrumentations/src/helpers/check-require-cache.js +4 -1
- package/packages/datadog-instrumentations/src/helpers/hooks.js +2 -0
- package/packages/datadog-instrumentations/src/helpers/rewriter/compiler.js +10 -3
- package/packages/datadog-instrumentations/src/helpers/rewriter/instrumentations/index.js +1 -0
- package/packages/datadog-instrumentations/src/helpers/rewriter/instrumentations/modelcontextprotocol-sdk.js +59 -0
- package/packages/datadog-instrumentations/src/helpers/rewriter/transforms.js +11 -2
- package/packages/datadog-instrumentations/src/jest.js +104 -12
- package/packages/datadog-instrumentations/src/mocha/utils.js +8 -0
- package/packages/datadog-instrumentations/src/modelcontextprotocol-sdk.js +7 -0
- package/packages/datadog-instrumentations/src/pino.js +4 -28
- package/packages/datadog-instrumentations/src/playwright-browser-scripts.js +27 -0
- package/packages/datadog-instrumentations/src/playwright.js +5 -17
- package/packages/datadog-instrumentations/src/redis.js +12 -6
- package/packages/datadog-instrumentations/src/stripe.js +38 -24
- package/packages/datadog-instrumentations/src/vitest.js +32 -4
- package/packages/datadog-instrumentations/src/zlib.js +29 -0
- package/packages/datadog-plugin-aws-sdk/src/base.js +2 -3
- package/packages/datadog-plugin-aws-sdk/src/services/dynamodb.js +1 -0
- package/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js +1 -0
- package/packages/datadog-plugin-aws-sdk/src/services/kinesis.js +1 -0
- package/packages/datadog-plugin-aws-sdk/src/services/redshift.js +1 -0
- package/packages/datadog-plugin-aws-sdk/src/services/sns.js +1 -0
- package/packages/datadog-plugin-aws-sdk/src/services/sqs.js +1 -0
- package/packages/datadog-plugin-azure-event-hubs/src/producer.js +8 -15
- package/packages/datadog-plugin-azure-service-bus/src/producer.js +4 -9
- package/packages/datadog-plugin-cucumber/src/index.js +8 -2
- package/packages/datadog-plugin-cypress/src/cypress-plugin.js +114 -6
- package/packages/datadog-plugin-cypress/src/index.js +59 -2
- package/packages/datadog-plugin-cypress/src/source-map-utils.js +48 -1
- package/packages/datadog-plugin-fs/src/index.js +1 -1
- package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js +2 -1
- package/packages/datadog-plugin-google-cloud-pubsub/src/pubsub-push-subscription.js +2 -7
- package/packages/datadog-plugin-http/src/client.js +1 -1
- package/packages/datadog-plugin-http/src/server.js +21 -13
- package/packages/datadog-plugin-http2/src/client.js +1 -1
- package/packages/datadog-plugin-http2/src/server.js +10 -2
- package/packages/datadog-plugin-jest/src/index.js +2 -2
- package/packages/datadog-plugin-mocha/src/index.js +1 -2
- package/packages/datadog-plugin-modelcontextprotocol-sdk/src/index.js +24 -0
- package/packages/datadog-plugin-modelcontextprotocol-sdk/src/tracing.js +55 -0
- package/packages/datadog-plugin-mongodb-core/src/index.js +4 -9
- package/packages/datadog-plugin-mysql/src/index.js +1 -1
- package/packages/datadog-plugin-next/src/index.js +8 -2
- package/packages/datadog-plugin-pg/src/index.js +1 -1
- package/packages/datadog-plugin-playwright/src/index.js +2 -3
- package/packages/datadog-plugin-tedious/src/index.js +1 -1
- package/packages/datadog-plugin-vitest/src/index.js +14 -6
- package/packages/datadog-plugin-ws/src/close.js +3 -1
- package/packages/datadog-plugin-ws/src/producer.js +2 -0
- package/packages/datadog-plugin-ws/src/receiver.js +2 -1
- package/packages/dd-trace/src/aiguard/channels.js +8 -0
- package/packages/dd-trace/src/aiguard/index.js +7 -3
- package/packages/dd-trace/src/aiguard/sdk.js +66 -22
- package/packages/dd-trace/src/aiguard/tags.js +1 -0
- package/packages/dd-trace/src/appsec/blocked_templates.js +4 -3
- package/packages/dd-trace/src/appsec/blocking.js +62 -34
- package/packages/dd-trace/src/appsec/graphql.js +6 -6
- package/packages/dd-trace/src/appsec/index.js +9 -11
- package/packages/dd-trace/src/appsec/rasp/command_injection.js +4 -5
- package/packages/dd-trace/src/appsec/rasp/lfi.js +8 -4
- package/packages/dd-trace/src/appsec/rasp/sql_injection.js +5 -10
- package/packages/dd-trace/src/appsec/rasp/ssrf.js +5 -6
- package/packages/dd-trace/src/appsec/recommended.json +2438 -13
- package/packages/dd-trace/src/appsec/reporter.js +6 -5
- package/packages/dd-trace/src/appsec/sdk/set_user.js +1 -1
- package/packages/dd-trace/src/appsec/sdk/track_event.js +5 -5
- package/packages/dd-trace/src/appsec/sdk/user_blocking.js +6 -10
- package/packages/dd-trace/src/appsec/sdk/utils.js +4 -2
- package/packages/dd-trace/src/appsec/store.js +50 -0
- package/packages/dd-trace/src/appsec/waf/index.js +3 -5
- package/packages/dd-trace/src/ci-visibility/early-flake-detection/get-known-tests.js +2 -2
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/coverage-writer.js +2 -2
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/di-logs-writer.js +2 -2
- package/packages/dd-trace/src/ci-visibility/exporters/agentless/writer.js +2 -2
- package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +3 -4
- package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +2 -2
- package/packages/dd-trace/src/ci-visibility/log-submission/log-submission-plugin.js +4 -5
- package/packages/dd-trace/src/ci-visibility/requests/fs-cache.js +3 -4
- package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js +6 -6
- package/packages/dd-trace/src/ci-visibility/requests/upload-coverage-report.js +2 -2
- package/packages/dd-trace/src/ci-visibility/test-management/get-test-management-tests.js +2 -2
- package/packages/dd-trace/src/config/config-types.d.ts +0 -4
- package/packages/dd-trace/src/config/defaults.js +10 -11
- package/packages/dd-trace/src/config/generated-config-types.d.ts +14 -8
- package/packages/dd-trace/src/config/index.js +49 -32
- package/packages/dd-trace/src/config/parsers.js +26 -9
- package/packages/dd-trace/src/config/supported-configurations.json +86 -33
- package/packages/dd-trace/src/constants.js +1 -0
- package/packages/dd-trace/src/debugger/config.js +2 -0
- package/packages/dd-trace/src/debugger/devtools_client/send.js +25 -5
- package/packages/dd-trace/src/debugger/devtools_client/snapshot/processor.js +5 -2
- package/packages/dd-trace/src/encode/0.4.js +11 -11
- package/packages/dd-trace/src/encode/span-stats.js +4 -1
- package/packages/dd-trace/src/exporters/agent/index.js +0 -1
- package/packages/dd-trace/src/exporters/agent/writer.js +1 -2
- package/packages/dd-trace/src/exporters/agentless/writer.js +3 -3
- package/packages/dd-trace/src/exporters/common/util.js +2 -2
- package/packages/dd-trace/src/id.js +2 -0
- package/packages/dd-trace/src/index.js +2 -5
- package/packages/dd-trace/src/lambda/handler.js +1 -3
- package/packages/dd-trace/src/llmobs/plugins/{anthropic.js → anthropic/index.js} +5 -63
- package/packages/dd-trace/src/llmobs/plugins/anthropic/util.js +106 -0
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/chain.js +3 -2
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/chat_model.js +3 -2
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/embedding.js +2 -1
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/index.js +0 -49
- package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/vectorstore.js +2 -1
- package/packages/dd-trace/src/llmobs/plugins/langchain/messages.js +76 -0
- package/packages/dd-trace/src/llmobs/plugins/langgraph/index.js +1 -26
- package/packages/dd-trace/src/llmobs/plugins/modelcontextprotocol-sdk/index.js +68 -0
- package/packages/dd-trace/src/llmobs/plugins/modelcontextprotocol-sdk/utils.js +57 -0
- package/packages/dd-trace/src/llmobs/sdk.js +2 -2
- package/packages/dd-trace/src/log/index.js +0 -10
- package/packages/dd-trace/src/openfeature/eval-metrics-hook.js +103 -0
- package/packages/dd-trace/src/openfeature/flagging_provider.js +3 -0
- package/packages/dd-trace/src/openfeature/remote_config.js +6 -1
- package/packages/dd-trace/src/opentelemetry/context_manager.js +6 -4
- package/packages/dd-trace/src/opentelemetry/logs/index.js +1 -1
- package/packages/dd-trace/src/opentelemetry/logs/otlp_http_log_exporter.js +3 -2
- package/packages/dd-trace/src/opentelemetry/metrics/index.js +1 -1
- package/packages/dd-trace/src/opentelemetry/metrics/otlp_http_metric_exporter.js +3 -2
- package/packages/dd-trace/src/opentelemetry/otlp/otlp_http_exporter_base.js +19 -51
- package/packages/dd-trace/src/opentelemetry/otlp/protobuf_loader.js +14 -2
- package/packages/dd-trace/src/opentelemetry/otlp/trace.proto +358 -0
- package/packages/dd-trace/src/opentelemetry/otlp/trace_service.proto +78 -0
- package/packages/dd-trace/src/opentelemetry/trace/index.js +70 -0
- package/packages/dd-trace/src/opentelemetry/trace/otlp_http_trace_exporter.js +74 -0
- package/packages/dd-trace/src/opentelemetry/trace/otlp_transformer.js +342 -0
- package/packages/dd-trace/src/opentelemetry/tracer.js +9 -11
- package/packages/dd-trace/src/opentracing/propagation/text_map.js +17 -10
- package/packages/dd-trace/src/opentracing/span.js +1 -1
- package/packages/dd-trace/src/opentracing/tracer.js +17 -5
- package/packages/dd-trace/src/plugins/index.js +1 -0
- package/packages/dd-trace/src/plugins/log_plugin.js +3 -0
- package/packages/dd-trace/src/plugins/plugin.js +6 -11
- package/packages/dd-trace/src/plugins/storage.js +2 -2
- package/packages/dd-trace/src/plugins/tracing.js +22 -5
- package/packages/dd-trace/src/plugins/util/test.js +128 -5
- package/packages/dd-trace/src/plugins/util/url.js +2 -1
- package/packages/dd-trace/src/plugins/util/web.js +6 -88
- package/packages/dd-trace/src/profiling/profiler.js +34 -77
- package/packages/dd-trace/src/profiling/profilers/event_plugins/crypto.js +32 -0
- package/packages/dd-trace/src/profiling/profilers/event_plugins/zlib.js +19 -0
- package/packages/dd-trace/src/profiling/profilers/events.js +35 -0
- package/packages/dd-trace/src/proxy.js +3 -4
- package/packages/dd-trace/src/runtime_metrics/runtime_metrics.js +17 -13
- package/packages/dd-trace/src/service-naming/index.js +1 -1
- package/packages/dd-trace/src/service-naming/schemas/definition.js +4 -1
- package/packages/dd-trace/src/service-naming/schemas/util.js +15 -1
- package/packages/dd-trace/src/service-naming/schemas/v0/messaging.js +24 -1
- package/packages/dd-trace/src/service-naming/schemas/v0/storage.js +60 -0
- package/packages/dd-trace/src/service-naming/schemas/v0/web.js +21 -1
- package/packages/dd-trace/src/service-naming/schemas/v0/websocket.js +5 -0
- package/packages/dd-trace/src/service-naming/schemas/v1/storage.js +17 -0
- package/packages/dd-trace/src/service-naming/schemas/v1/web.js +15 -1
- package/packages/dd-trace/src/service-naming/schemas/v1/websocket.js +6 -0
- package/packages/dd-trace/src/span_processor.js +1 -2
- package/packages/dd-trace/src/span_stats.js +5 -1
- package/packages/dd-trace/src/tagger.js +2 -2
- package/packages/dd-trace/src/telemetry/send-data.js +5 -7
- package/vendor/dist/@apm-js-collab/code-transformer/index.js +28 -6
- package/vendor/dist/protobufjs/index.js +1 -1
- package/packages/dd-trace/src/log/utils.js +0 -16
- package/vendor/dist/ignore/LICENSE +0 -21
- package/vendor/dist/ignore/index.js +0 -1
|
@@ -6,9 +6,27 @@ const { updateBlockFailureMetric } = require('./telemetry')
|
|
|
6
6
|
|
|
7
7
|
const detectedSpecificEndpoints = {}
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
const templateKeyword = '[security_response_id]'
|
|
10
|
+
|
|
11
|
+
const templates = {
|
|
12
|
+
html: {
|
|
13
|
+
body: null,
|
|
14
|
+
idIndex: -1,
|
|
15
|
+
type: 'text/html; charset=utf-8',
|
|
16
|
+
},
|
|
17
|
+
json: {
|
|
18
|
+
body: null,
|
|
19
|
+
idIndex: -1,
|
|
20
|
+
type: 'application/json',
|
|
21
|
+
},
|
|
22
|
+
graphqlJson: {
|
|
23
|
+
body: null,
|
|
24
|
+
idIndex: -1,
|
|
25
|
+
type: 'application/json',
|
|
26
|
+
},
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
setTemplates()
|
|
12
30
|
|
|
13
31
|
let defaultBlockingActionParameters
|
|
14
32
|
|
|
@@ -17,7 +35,7 @@ const responseBlockedSet = new WeakSet()
|
|
|
17
35
|
const blockDelegations = new WeakMap()
|
|
18
36
|
|
|
19
37
|
const specificBlockingTypes = {
|
|
20
|
-
GRAPHQL: '
|
|
38
|
+
GRAPHQL: 'graphqlJson',
|
|
21
39
|
}
|
|
22
40
|
|
|
23
41
|
function getSpecificKey (method, url) {
|
|
@@ -33,21 +51,14 @@ function getBlockWithRedirectData (actionParameters) {
|
|
|
33
51
|
if (!statusCode || statusCode < 300 || statusCode >= 400) {
|
|
34
52
|
statusCode = 303
|
|
35
53
|
}
|
|
36
|
-
const headers = {
|
|
37
|
-
Location: actionParameters.location,
|
|
38
|
-
}
|
|
39
54
|
|
|
40
|
-
|
|
41
|
-
}
|
|
55
|
+
const headers = { Location: actionParameters.location }
|
|
42
56
|
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
case specificBlockingTypes.GRAPHQL:
|
|
46
|
-
return {
|
|
47
|
-
type: 'application/json',
|
|
48
|
-
body: templateGraphqlJson,
|
|
49
|
-
}
|
|
57
|
+
if (headers.Location) {
|
|
58
|
+
headers.Location = headers.Location.replace(templateKeyword, actionParameters.security_response_id ?? '')
|
|
50
59
|
}
|
|
60
|
+
|
|
61
|
+
return { headers, statusCode }
|
|
51
62
|
}
|
|
52
63
|
|
|
53
64
|
function getBlockWithContentData (req, specificType, actionParameters) {
|
|
@@ -56,7 +67,7 @@ function getBlockWithContentData (req, specificType, actionParameters) {
|
|
|
56
67
|
|
|
57
68
|
const specificBlockingType = specificType || detectedSpecificEndpoints[getSpecificKey(req.method, req.url)]
|
|
58
69
|
if (specificBlockingType) {
|
|
59
|
-
const specificBlockingContent =
|
|
70
|
+
const specificBlockingContent = getTemplate(specificBlockingType, actionParameters)
|
|
60
71
|
type = specificBlockingContent?.type
|
|
61
72
|
body = specificBlockingContent?.body
|
|
62
73
|
}
|
|
@@ -65,23 +76,17 @@ function getBlockWithContentData (req, specificType, actionParameters) {
|
|
|
65
76
|
// parse the Accept header, ex: Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
|
|
66
77
|
const accept = req.headers.accept?.split(',').map((str) => str.split(';', 1)[0].trim())
|
|
67
78
|
|
|
79
|
+
let templateName = 'json'
|
|
80
|
+
|
|
68
81
|
if (!actionParameters || actionParameters.type === 'auto') {
|
|
69
82
|
if (accept?.includes('text/html') && !accept.includes('application/json')) {
|
|
70
|
-
|
|
71
|
-
body = templateHtml
|
|
72
|
-
} else {
|
|
73
|
-
type = 'application/json'
|
|
74
|
-
body = templateJson
|
|
75
|
-
}
|
|
76
|
-
} else {
|
|
77
|
-
if (actionParameters.type === 'html') {
|
|
78
|
-
type = 'text/html; charset=utf-8'
|
|
79
|
-
body = templateHtml
|
|
80
|
-
} else {
|
|
81
|
-
type = 'application/json'
|
|
82
|
-
body = templateJson
|
|
83
|
+
templateName = 'html'
|
|
83
84
|
}
|
|
85
|
+
} else if (actionParameters.type === 'html') {
|
|
86
|
+
templateName = 'html'
|
|
84
87
|
}
|
|
88
|
+
|
|
89
|
+
({ type, body } = getTemplate(templateName, actionParameters))
|
|
85
90
|
}
|
|
86
91
|
|
|
87
92
|
const statusCode = actionParameters?.status_code || 403
|
|
@@ -165,14 +170,37 @@ function getBlockingAction (actions) {
|
|
|
165
170
|
}
|
|
166
171
|
|
|
167
172
|
/**
|
|
168
|
-
* @param {import('../config/config-base')} config - Tracer configuration
|
|
173
|
+
* @param {import('../config/config-base')} [config] - Tracer configuration
|
|
169
174
|
*/
|
|
170
175
|
function setTemplates (config) {
|
|
171
|
-
|
|
176
|
+
templates.html.body = config?.appsec?.blockedTemplateHtml
|
|
177
|
+
templates.json.body = config?.appsec?.blockedTemplateJson
|
|
178
|
+
templates.graphqlJson.body = config?.appsec?.blockedTemplateGraphql
|
|
179
|
+
|
|
180
|
+
for (const type of Object.keys(templates)) {
|
|
181
|
+
const template = templates[type]
|
|
182
|
+
|
|
183
|
+
// set default template if not set by config
|
|
184
|
+
if (!template.body) template.body = blockedTemplates[type]
|
|
185
|
+
|
|
186
|
+
template.idIndex = template.body.indexOf(templateKeyword)
|
|
187
|
+
|
|
188
|
+
if (template.idIndex !== -1) {
|
|
189
|
+
template.body = [
|
|
190
|
+
template.body.slice(0, template.idIndex),
|
|
191
|
+
template.body.slice(template.idIndex + templateKeyword.length),
|
|
192
|
+
]
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
|
|
197
|
+
function getTemplate (type, actionParameters) {
|
|
198
|
+
const template = templates[type]
|
|
199
|
+
if (template.idIndex === -1) return template
|
|
172
200
|
|
|
173
|
-
|
|
201
|
+
const body = template.body[0] + (actionParameters?.security_response_id ?? '') + template.body[1]
|
|
174
202
|
|
|
175
|
-
|
|
203
|
+
return { body, type: template.type }
|
|
176
204
|
}
|
|
177
205
|
|
|
178
206
|
function isBlocked (res) {
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
|
-
const { storage } = require('../../../datadog-core')
|
|
4
3
|
const log = require('../log')
|
|
5
4
|
const web = require('../plugins/util/web')
|
|
5
|
+
const { getActiveRequest } = require('./store')
|
|
6
6
|
const {
|
|
7
7
|
addSpecificEndpoint,
|
|
8
8
|
specificBlockingTypes,
|
|
@@ -33,7 +33,7 @@ function disable () {
|
|
|
33
33
|
}
|
|
34
34
|
|
|
35
35
|
function onGraphqlStartResolve ({ context, resolverInfo }) {
|
|
36
|
-
const req =
|
|
36
|
+
const req = getActiveRequest()
|
|
37
37
|
|
|
38
38
|
if (!req) return
|
|
39
39
|
|
|
@@ -52,7 +52,7 @@ function onGraphqlStartResolve ({ context, resolverInfo }) {
|
|
|
52
52
|
}
|
|
53
53
|
|
|
54
54
|
function enterInApolloMiddleware (data) {
|
|
55
|
-
const req = data?.req ||
|
|
55
|
+
const req = data?.req || getActiveRequest()
|
|
56
56
|
if (!req) return
|
|
57
57
|
|
|
58
58
|
graphqlRequestData.set(req, {
|
|
@@ -61,7 +61,7 @@ function enterInApolloMiddleware (data) {
|
|
|
61
61
|
}
|
|
62
62
|
|
|
63
63
|
function enterInApolloServerCoreRequest () {
|
|
64
|
-
const req =
|
|
64
|
+
const req = getActiveRequest()
|
|
65
65
|
if (!req) return
|
|
66
66
|
|
|
67
67
|
graphqlRequestData.set(req, {
|
|
@@ -71,7 +71,7 @@ function enterInApolloServerCoreRequest () {
|
|
|
71
71
|
}
|
|
72
72
|
|
|
73
73
|
function enterInApolloRequest () {
|
|
74
|
-
const req =
|
|
74
|
+
const req = getActiveRequest()
|
|
75
75
|
|
|
76
76
|
const requestData = graphqlRequestData.get(req)
|
|
77
77
|
if (requestData) {
|
|
@@ -83,7 +83,7 @@ function enterInApolloRequest () {
|
|
|
83
83
|
}
|
|
84
84
|
|
|
85
85
|
function beforeWriteApolloGraphqlResponse ({ abortController, abortData }) {
|
|
86
|
-
const req =
|
|
86
|
+
const req = getActiveRequest()
|
|
87
87
|
if (!req) return
|
|
88
88
|
|
|
89
89
|
const requestData = graphqlRequestData.get(req)
|
|
@@ -4,7 +4,6 @@ const log = require('../log')
|
|
|
4
4
|
const web = require('../plugins/util/web')
|
|
5
5
|
const { extractIp } = require('../plugins/util/ip_extractor')
|
|
6
6
|
const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
|
|
7
|
-
const { storage } = require('../../../datadog-core')
|
|
8
7
|
const { IS_SERVERLESS } = require('../serverless')
|
|
9
8
|
const RuleManager = require('./rule_manager')
|
|
10
9
|
const appsecRemoteConfig = require('./remote_config')
|
|
@@ -40,6 +39,7 @@ const Reporter = require('./reporter')
|
|
|
40
39
|
const appsecTelemetry = require('./telemetry')
|
|
41
40
|
const apiSecuritySampler = require('./api_security_sampler')
|
|
42
41
|
const { isBlocked, block, callBlockDelegation, setTemplates, getBlockingAction } = require('./blocking')
|
|
42
|
+
const { getActiveRequest } = require('./store')
|
|
43
43
|
const UserTracking = require('./user_tracking')
|
|
44
44
|
const graphql = require('./graphql')
|
|
45
45
|
const rasp = require('./rasp')
|
|
@@ -116,8 +116,7 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
|
|
|
116
116
|
if (body === undefined || body === null) return
|
|
117
117
|
|
|
118
118
|
if (!req) {
|
|
119
|
-
|
|
120
|
-
req = store?.req
|
|
119
|
+
req = getActiveRequest()
|
|
121
120
|
}
|
|
122
121
|
|
|
123
122
|
const rootSpan = web.root(req)
|
|
@@ -258,8 +257,8 @@ function incomingHttpEndTranslator ({ req, res }) {
|
|
|
258
257
|
}
|
|
259
258
|
|
|
260
259
|
function onPassportVerify ({ framework, login, user, success, abortController }) {
|
|
261
|
-
const
|
|
262
|
-
const rootSpan =
|
|
260
|
+
const req = getActiveRequest()
|
|
261
|
+
const rootSpan = req && web.root(req)
|
|
263
262
|
|
|
264
263
|
if (!rootSpan) {
|
|
265
264
|
log.warn('[ASM] No rootSpan found in onPassportVerify')
|
|
@@ -268,12 +267,12 @@ function onPassportVerify ({ framework, login, user, success, abortController })
|
|
|
268
267
|
|
|
269
268
|
const results = UserTracking.trackLogin(framework, login, user, success, rootSpan)
|
|
270
269
|
|
|
271
|
-
handleResults(results?.actions,
|
|
270
|
+
handleResults(results?.actions, req, web.getContext(req)?.res, rootSpan, abortController)
|
|
272
271
|
}
|
|
273
272
|
|
|
274
273
|
function onPassportDeserializeUser ({ user, abortController }) {
|
|
275
|
-
const
|
|
276
|
-
const rootSpan =
|
|
274
|
+
const req = getActiveRequest()
|
|
275
|
+
const rootSpan = req && web.root(req)
|
|
277
276
|
|
|
278
277
|
if (!rootSpan) {
|
|
279
278
|
log.warn('[ASM] No rootSpan found in onPassportDeserializeUser')
|
|
@@ -282,7 +281,7 @@ function onPassportDeserializeUser ({ user, abortController }) {
|
|
|
282
281
|
|
|
283
282
|
const results = UserTracking.trackUser(user, rootSpan)
|
|
284
283
|
|
|
285
|
-
handleResults(results?.actions,
|
|
284
|
+
handleResults(results?.actions, req, web.getContext(req)?.res, rootSpan, abortController)
|
|
286
285
|
}
|
|
287
286
|
|
|
288
287
|
function onExpressSession ({ req, res, sessionId, abortController }) {
|
|
@@ -308,8 +307,7 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
|
|
|
308
307
|
if (!query || typeof query !== 'object') return
|
|
309
308
|
|
|
310
309
|
if (!req) {
|
|
311
|
-
|
|
312
|
-
req = store?.req
|
|
310
|
+
req = getActiveRequest()
|
|
313
311
|
}
|
|
314
312
|
|
|
315
313
|
const rootSpan = web.root(req)
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const { childProcessExecutionTracingChannel } = require('../channels')
|
|
4
|
-
const { storage } = require('../../../../datadog-core')
|
|
5
4
|
const addresses = require('../addresses')
|
|
5
|
+
const web = require('../../plugins/util/web')
|
|
6
|
+
const { getActiveRequest } = require('../store')
|
|
6
7
|
const waf = require('../waf')
|
|
7
8
|
const { RULE_TYPES, handleResult } = require('./utils')
|
|
8
9
|
|
|
@@ -27,8 +28,7 @@ function disable () {
|
|
|
27
28
|
function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
|
|
28
29
|
if (!file) return
|
|
29
30
|
|
|
30
|
-
const
|
|
31
|
-
const req = store?.req
|
|
31
|
+
const req = getActiveRequest()
|
|
32
32
|
if (!req) return
|
|
33
33
|
|
|
34
34
|
const ephemeral = {}
|
|
@@ -46,8 +46,7 @@ function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
|
|
|
46
46
|
|
|
47
47
|
const result = waf.run({ ephemeral }, req, raspRule)
|
|
48
48
|
|
|
49
|
-
|
|
50
|
-
handleResult(result, req, res, abortController, config, raspRule)
|
|
49
|
+
handleResult(result, req, web.getContext(req)?.res, abortController, config, raspRule)
|
|
51
50
|
}
|
|
52
51
|
|
|
53
52
|
module.exports = {
|
|
@@ -4,7 +4,9 @@ const { isAbsolute } = require('path')
|
|
|
4
4
|
|
|
5
5
|
const { fsOperationStart, incomingHttpRequestStart, expressResponseRenderStart } = require('../channels')
|
|
6
6
|
const { storage } = require('../../../../datadog-core')
|
|
7
|
+
const web = require('../../plugins/util/web')
|
|
7
8
|
const { FS_OPERATION_PATH } = require('../addresses')
|
|
9
|
+
const { getRequest } = require('../store')
|
|
8
10
|
const waf = require('../waf')
|
|
9
11
|
const { enable: enableFsPlugin, disable: disableFsPlugin, RASP_MODULE } = require('./fs-plugin')
|
|
10
12
|
const { RULE_TYPES, handleResult } = require('./utils')
|
|
@@ -53,16 +55,18 @@ function analyzeLfiInResponseRender (ctx) {
|
|
|
53
55
|
const store = storage('legacy').getStore()
|
|
54
56
|
if (!store) return
|
|
55
57
|
|
|
56
|
-
analyzeLfiPath(ctx.view, ctx.req,
|
|
58
|
+
analyzeLfiPath(ctx.view, ctx.req, web.getContext(ctx.req)?.res, ctx.abortController)
|
|
57
59
|
}
|
|
58
60
|
|
|
59
61
|
function analyzeLfi (ctx) {
|
|
60
62
|
const store = storage('legacy').getStore()
|
|
61
|
-
|
|
63
|
+
const fs = store?.fs
|
|
64
|
+
if (!fs) return
|
|
62
65
|
|
|
63
|
-
const
|
|
64
|
-
if (!req
|
|
66
|
+
const req = getRequest(store)
|
|
67
|
+
if (!req) return
|
|
65
68
|
|
|
69
|
+
const res = web.getContext(req)?.res
|
|
66
70
|
for (const path of getPaths(ctx, fs)) {
|
|
67
71
|
analyzeLfiPath(path, req, res, ctx.abortController)
|
|
68
72
|
}
|
|
@@ -6,8 +6,9 @@ const {
|
|
|
6
6
|
wafRunFinished,
|
|
7
7
|
mysql2OuterQueryStart,
|
|
8
8
|
} = require('../channels')
|
|
9
|
-
const { storage } = require('../../../../datadog-core')
|
|
10
9
|
const addresses = require('../addresses')
|
|
10
|
+
const web = require('../../plugins/util/web')
|
|
11
|
+
const { getActiveRequest } = require('../store')
|
|
11
12
|
const waf = require('../waf')
|
|
12
13
|
const { RULE_TYPES, handleResult } = require('./utils')
|
|
13
14
|
|
|
@@ -49,10 +50,7 @@ function analyzePgSqlInjection (ctx) {
|
|
|
49
50
|
}
|
|
50
51
|
|
|
51
52
|
function analyzeSqlInjection (query, dbSystem, abortController) {
|
|
52
|
-
const
|
|
53
|
-
if (!store) return
|
|
54
|
-
|
|
55
|
-
const { req, res } = store
|
|
53
|
+
const req = getActiveRequest()
|
|
56
54
|
|
|
57
55
|
if (!req) return
|
|
58
56
|
|
|
@@ -76,7 +74,7 @@ function analyzeSqlInjection (query, dbSystem, abortController) {
|
|
|
76
74
|
|
|
77
75
|
const result = waf.run({ ephemeral }, req, raspRule)
|
|
78
76
|
|
|
79
|
-
handleResult(result, req, res, abortController, config, raspRule)
|
|
77
|
+
handleResult(result, req, web.getContext(req)?.res, abortController, config, raspRule)
|
|
80
78
|
}
|
|
81
79
|
|
|
82
80
|
function hasInputAddress (payload) {
|
|
@@ -91,10 +89,7 @@ function hasAddressesObjectInputAddress (addressesObject) {
|
|
|
91
89
|
function clearQuerySet ({ payload }) {
|
|
92
90
|
if (!payload) return
|
|
93
91
|
|
|
94
|
-
const
|
|
95
|
-
if (!store) return
|
|
96
|
-
|
|
97
|
-
const { req } = store
|
|
92
|
+
const req = getActiveRequest()
|
|
98
93
|
if (!req) return
|
|
99
94
|
|
|
100
95
|
const executedQueries = reqQueryMap.get(req)
|
|
@@ -5,8 +5,9 @@ const {
|
|
|
5
5
|
httpClientRequestStart,
|
|
6
6
|
httpClientResponseFinish,
|
|
7
7
|
} = require('../channels')
|
|
8
|
-
const { storage } = require('../../../../datadog-core')
|
|
9
8
|
const addresses = require('../addresses')
|
|
9
|
+
const web = require('../../plugins/util/web')
|
|
10
|
+
const { getActiveRequest } = require('../store')
|
|
10
11
|
const waf = require('../waf')
|
|
11
12
|
const downstream = require('../downstream_requests')
|
|
12
13
|
const { updateRaspRuleMatchMetricTags } = require('../telemetry')
|
|
@@ -30,8 +31,7 @@ function disable () {
|
|
|
30
31
|
}
|
|
31
32
|
|
|
32
33
|
function analyzeSsrf (ctx) {
|
|
33
|
-
const
|
|
34
|
-
const req = store?.req
|
|
34
|
+
const req = getActiveRequest()
|
|
35
35
|
const outgoingUrl = (ctx.args.options?.uri && format(ctx.args.options.uri)) ?? ctx.args.uri
|
|
36
36
|
|
|
37
37
|
if (!req || !outgoingUrl) return
|
|
@@ -50,7 +50,7 @@ function analyzeSsrf (ctx) {
|
|
|
50
50
|
|
|
51
51
|
const result = waf.run({ ephemeral }, req, raspRule)
|
|
52
52
|
|
|
53
|
-
handleResult(result, req,
|
|
53
|
+
handleResult(result, req, web.getContext(req)?.res, ctx.abortController, config, raspRule)
|
|
54
54
|
|
|
55
55
|
downstream.incrementDownstreamAnalysisCount(req)
|
|
56
56
|
}
|
|
@@ -67,8 +67,7 @@ function handleResponseFinish ({ ctx, res, body }) {
|
|
|
67
67
|
// downstream response object
|
|
68
68
|
if (!res) return
|
|
69
69
|
|
|
70
|
-
const
|
|
71
|
-
const originatingRequest = store?.req
|
|
70
|
+
const originatingRequest = getActiveRequest()
|
|
72
71
|
if (!originatingRequest) return
|
|
73
72
|
|
|
74
73
|
// Skip body analysis for redirect responses
|