npm - dd-trace - Versions diffs - 5.98.0 → 5.99.0 - Mend

dd-trace 5.98.0 → 5.99.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/packages/dd-trace/src/appsec/index.js CHANGED Viewed

@@ -4,7 +4,6 @@ const log = require('../log')
 const web = require('../plugins/util/web')
 const { extractIp } = require('../plugins/util/ip_extractor')
 const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
-const { storage } = require('../../../datadog-core')
 const { IS_SERVERLESS } = require('../serverless')
 const RuleManager = require('./rule_manager')
 const appsecRemoteConfig = require('./remote_config')
@@ -40,6 +39,7 @@ const Reporter = require('./reporter')
 const appsecTelemetry = require('./telemetry')
 const apiSecuritySampler = require('./api_security_sampler')
 const { isBlocked, block, callBlockDelegation, setTemplates, getBlockingAction } = require('./blocking')
+const { getActiveRequest } = require('./store')
 const UserTracking = require('./user_tracking')
 const graphql = require('./graphql')
 const rasp = require('./rasp')
@@ -116,8 +116,7 @@ function onRequestBodyParsed ({ req, res, body, abortController }) {
   if (body === undefined || body === null) return
   if (!req) {
-    const store = storage('legacy').getStore()
-    req = store?.req
+    req = getActiveRequest()
   }
   const rootSpan = web.root(req)
@@ -258,8 +257,8 @@ function incomingHttpEndTranslator ({ req, res }) {
 }
 function onPassportVerify ({ framework, login, user, success, abortController }) {
-  const store = storage('legacy').getStore()
-  const rootSpan = store?.req && web.root(store.req)
+  const req = getActiveRequest()
+  const rootSpan = req && web.root(req)
   if (!rootSpan) {
     log.warn('[ASM] No rootSpan found in onPassportVerify')
@@ -268,12 +267,12 @@ function onPassportVerify ({ framework, login, user, success, abortController })
   const results = UserTracking.trackLogin(framework, login, user, success, rootSpan)
-  handleResults(results?.actions, store.req, store.req.res, rootSpan, abortController)
+  handleResults(results?.actions, req, web.getContext(req)?.res, rootSpan, abortController)
 }
 function onPassportDeserializeUser ({ user, abortController }) {
-  const store = storage('legacy').getStore()
-  const rootSpan = store?.req && web.root(store.req)
+  const req = getActiveRequest()
+  const rootSpan = req && web.root(req)
   if (!rootSpan) {
     log.warn('[ASM] No rootSpan found in onPassportDeserializeUser')
@@ -282,7 +281,7 @@ function onPassportDeserializeUser ({ user, abortController }) {
   const results = UserTracking.trackUser(user, rootSpan)
-  handleResults(results?.actions, store.req, store.req.res, rootSpan, abortController)
+  handleResults(results?.actions, req, web.getContext(req)?.res, rootSpan, abortController)
 }
 function onExpressSession ({ req, res, sessionId, abortController }) {
@@ -308,8 +307,7 @@ function onRequestQueryParsed ({ req, res, query, abortController }) {
   if (!query || typeof query !== 'object') return
   if (!req) {
-    const store = storage('legacy').getStore()
-    req = store?.req
+    req = getActiveRequest()
   }
   const rootSpan = web.root(req)

package/packages/dd-trace/src/appsec/rasp/command_injection.js CHANGED Viewed

@@ -1,8 +1,9 @@
 'use strict'
 const { childProcessExecutionTracingChannel } = require('../channels')
-const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
+const web = require('../../plugins/util/web')
+const { getActiveRequest } = require('../store')
 const waf = require('../waf')
 const { RULE_TYPES, handleResult } = require('./utils')
@@ -27,8 +28,7 @@ function disable () {
 function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
   if (!file) return
-  const store = storage('legacy').getStore()
-  const req = store?.req
+  const req = getActiveRequest()
   if (!req) return
   const ephemeral = {}
@@ -46,8 +46,7 @@ function analyzeCommandInjection ({ file, fileArgs, shell, abortController }) {
   const result = waf.run({ ephemeral }, req, raspRule)
-  const res = store?.res
-  handleResult(result, req, res, abortController, config, raspRule)
+  handleResult(result, req, web.getContext(req)?.res, abortController, config, raspRule)
 }
 module.exports = {

package/packages/dd-trace/src/appsec/rasp/lfi.js CHANGED Viewed

@@ -4,7 +4,9 @@ const { isAbsolute } = require('path')
 const { fsOperationStart, incomingHttpRequestStart, expressResponseRenderStart } = require('../channels')
 const { storage } = require('../../../../datadog-core')
+const web = require('../../plugins/util/web')
 const { FS_OPERATION_PATH } = require('../addresses')
+const { getRequest } = require('../store')
 const waf = require('../waf')
 const { enable: enableFsPlugin, disable: disableFsPlugin, RASP_MODULE } = require('./fs-plugin')
 const { RULE_TYPES, handleResult } = require('./utils')
@@ -53,16 +55,18 @@ function analyzeLfiInResponseRender (ctx) {
   const store = storage('legacy').getStore()
   if (!store) return
-  analyzeLfiPath(ctx.view, ctx.req, store.res, ctx.abortController)
+  analyzeLfiPath(ctx.view, ctx.req, web.getContext(ctx.req)?.res, ctx.abortController)
 }
 function analyzeLfi (ctx) {
   const store = storage('legacy').getStore()
-  if (!store) return
+  const fs = store?.fs
+  if (!fs) return
-  const { req, fs, res } = store
-  if (!req || !fs) return
+  const req = getRequest(store)
+  if (!req) return
+  const res = web.getContext(req)?.res
   for (const path of getPaths(ctx, fs)) {
     analyzeLfiPath(path, req, res, ctx.abortController)
   }

package/packages/dd-trace/src/appsec/rasp/sql_injection.js CHANGED Viewed

@@ -6,8 +6,9 @@ const {
   wafRunFinished,
   mysql2OuterQueryStart,
 } = require('../channels')
-const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
+const web = require('../../plugins/util/web')
+const { getActiveRequest } = require('../store')
 const waf = require('../waf')
 const { RULE_TYPES, handleResult } = require('./utils')
@@ -49,10 +50,7 @@ function analyzePgSqlInjection (ctx) {
 }
 function analyzeSqlInjection (query, dbSystem, abortController) {
-  const store = storage('legacy').getStore()
-  if (!store) return
-  const { req, res } = store
+  const req = getActiveRequest()
   if (!req) return
@@ -76,7 +74,7 @@ function analyzeSqlInjection (query, dbSystem, abortController) {
   const result = waf.run({ ephemeral }, req, raspRule)
-  handleResult(result, req, res, abortController, config, raspRule)
+  handleResult(result, req, web.getContext(req)?.res, abortController, config, raspRule)
 }
 function hasInputAddress (payload) {
@@ -91,10 +89,7 @@ function hasAddressesObjectInputAddress (addressesObject) {
 function clearQuerySet ({ payload }) {
   if (!payload) return
-  const store = storage('legacy').getStore()
-  if (!store) return
-  const { req } = store
+  const req = getActiveRequest()
   if (!req) return
   const executedQueries = reqQueryMap.get(req)

package/packages/dd-trace/src/appsec/rasp/ssrf.js CHANGED Viewed

@@ -5,8 +5,9 @@ const {
   httpClientRequestStart,
   httpClientResponseFinish,
 } = require('../channels')
-const { storage } = require('../../../../datadog-core')
 const addresses = require('../addresses')
+const web = require('../../plugins/util/web')
+const { getActiveRequest } = require('../store')
 const waf = require('../waf')
 const downstream = require('../downstream_requests')
 const { updateRaspRuleMatchMetricTags } = require('../telemetry')
@@ -30,8 +31,7 @@ function disable () {
 }
 function analyzeSsrf (ctx) {
-  const store = storage('legacy').getStore()
-  const req = store?.req
+  const req = getActiveRequest()
   const outgoingUrl = (ctx.args.options?.uri && format(ctx.args.options.uri)) ?? ctx.args.uri
   if (!req || !outgoingUrl) return
@@ -50,7 +50,7 @@ function analyzeSsrf (ctx) {
   const result = waf.run({ ephemeral }, req, raspRule)
-  handleResult(result, req, store?.res, ctx.abortController, config, raspRule)
+  handleResult(result, req, web.getContext(req)?.res, ctx.abortController, config, raspRule)
   downstream.incrementDownstreamAnalysisCount(req)
 }
@@ -67,8 +67,7 @@ function handleResponseFinish ({ ctx, res, body }) {
   // downstream response object
   if (!res) return
-  const store = storage('legacy').getStore()
-  const originatingRequest = store?.req
+  const originatingRequest = getActiveRequest()
   if (!originatingRequest) return
   // Skip body analysis for redirect responses