Skip to content

Commit 39df8d3

Browse files
rochdevuurien
rochdev
and
uurien
authored
fix babel helpers regex vulnerability error (#5400)
* fix babel helpers regex vulnerability error * update 3rd party license * fix test no longer running on older unsupported node version * Fix user agent in fingerprinting tests (#5402) --------- Co-authored-by: Ugaitz Urien <ugaitz.urien@datadoghq.com>
1 parent 647d4be commit 39df8d3

8 files changed

+1541
-1485
lines changed

.github/workflows/project.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636
integration-guardrails:
3737
strategy:
3838
matrix:
39-
version: [12, 14.0.0, 14, 16.0.0, 16, 18.0.0, 18.1.0, 20.0.0, 22.0.0]
39+
version: [14.0.0, 14, 16.0.0, 16, 18.0.0, 18.1.0, 20.0.0, 22.0.0]
4040
runs-on: ubuntu-latest
4141
steps:
4242
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -49,7 +49,7 @@ jobs:
4949
integration-guardrails-unsupported:
5050
strategy:
5151
matrix:
52-
version: ['0.8', '0.10', '0.12', '4', '6', '8', '10', '12.0.0']
52+
version: ['0.8', '0.10', '0.12', '4', '6', '8', '10', '12']
5353
runs-on: ubuntu-latest
5454
steps:
5555
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

LICENSE-3rdparty.csv

+1
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ require,shell-quote,mit,Copyright (c) 2013 James Halliday
3232
require,source-map,BSD-3-Clause,Copyright (c) 2009-2011, Mozilla Foundation and contributors
3333
require,ttl-set,MIT,Copyright (c) 2024 Thomas Watson
3434
dev,@apollo/server,MIT,Copyright (c) 2016-2020 Apollo Graph, Inc. (Formerly Meteor Development Group, Inc.)
35+
dev,@babel/helpers,MIT,Copyright (c) 2014-present Sebastian McKenzie and other contributors
3536
dev,@types/node,MIT,Copyright Authors
3637
dev,@eslint/eslintrc,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
3738
dev,@eslint/js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>

package.json

+1
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@
117117
},
118118
"devDependencies": {
119119
"@apollo/server": "^4.11.0",
120+
"@babel/helpers": "^7.26.10",
120121
"@eslint/eslintrc": "^3.2.0",
121122
"@eslint/js": "^9.19.0",
122123
"@msgpack/msgpack": "^3.0.0-beta3",

packages/dd-trace/test/appsec/attacker-fingerprinting.express.plugin.spec.js

+2-1
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ withVersions('express', 'express', expressVersion => {
6161
},
6262
{
6363
headers: {
64+
'User-Agent': 'test-user-agent',
6465
headerName: 'headerValue',
6566
'x-real-ip': '255.255.255.255'
6667
}
@@ -70,7 +71,7 @@ withVersions('express', 'express', expressVersion => {
7071
await agent.use((traces) => {
7172
const span = traces[0][0]
7273
assert.property(span.meta, '_dd.appsec.fp.http.header')
73-
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-24b31d51-5-55682ec1')
74+
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-74c2908f-5-55682ec1')
7475
assert.property(span.meta, '_dd.appsec.fp.http.network')
7576
assert.equal(span.meta['_dd.appsec.fp.http.network'], 'net-1-0100000000')
7677
assert.property(span.meta, '_dd.appsec.fp.http.endpoint')

packages/dd-trace/test/appsec/attacker-fingerprinting.passport-http.plugin.spec.js

+5-2
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ const Config = require('../../src/config')
1010
function assertFingerprintInTraces (traces) {
1111
const span = traces[0][0]
1212
assert.property(span.meta, '_dd.appsec.fp.http.header')
13-
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-24b31d51-5-e58aa9dd')
13+
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-74c2908f-5-e58aa9dd')
1414
assert.property(span.meta, '_dd.appsec.fp.http.network')
1515
assert.equal(span.meta['_dd.appsec.fp.http.network'], 'net-0-0000000000')
1616
assert.property(span.meta, '_dd.appsec.fp.http.endpoint')
@@ -61,7 +61,10 @@ withVersions('passport-http', 'passport-http', version => {
6161
server = app.listen(port, () => {
6262
port = server.address().port
6363
axios = Axios.create({
64-
baseURL: `http://localhost:${port}`
64+
baseURL: `http://localhost:${port}`,
65+
headers: {
66+
'User-Agent': 'test-user-agent'
67+
}
6568
})
6669
done()
6770
})

packages/dd-trace/test/appsec/attacker-fingerprinting.passport-local.plugin.spec.js

+5-2
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ const Config = require('../../src/config')
1010
function assertFingerprintInTraces (traces) {
1111
const span = traces[0][0]
1212
assert.property(span.meta, '_dd.appsec.fp.http.header')
13-
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-24b31d51-4-c348f529')
13+
assert.equal(span.meta['_dd.appsec.fp.http.header'], 'hdr-0110000110-74c2908f-4-c348f529')
1414
assert.property(span.meta, '_dd.appsec.fp.http.network')
1515
assert.equal(span.meta['_dd.appsec.fp.http.network'], 'net-0-0000000000')
1616
assert.property(span.meta, '_dd.appsec.fp.http.endpoint')
@@ -61,7 +61,10 @@ withVersions('passport-local', 'passport-local', version => {
6161
server = app.listen(port, () => {
6262
port = server.address().port
6363
axios = Axios.create({
64-
baseURL: `http://localhost:${port}`
64+
baseURL: `http://localhost:${port}`,
65+
headers: {
66+
'User-Agent': 'test-user-agent'
67+
}
6568
})
6669
done()
6770
})

packages/dd-trace/test/appsec/attacker-fingerprinting.spec.js

+12-4
Original file line numberDiff line numberDiff line change
@@ -56,12 +56,16 @@ describe('Attacker fingerprinting', () => {
5656

5757
agent.use(traces => {
5858
assert.property(traces[0][0].meta, '_dd.appsec.fp.http.header')
59-
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.header'], 'hdr-0110000010-24b31d51-3-98425651')
59+
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.header'], 'hdr-0110000010-74c2908f-3-98425651')
6060
assert.property(traces[0][0].meta, '_dd.appsec.fp.http.network')
6161
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.network'], 'net-0-0000000000')
6262
}).then(done).catch(done)
6363

64-
axios.get(`http://localhost:${port}/`)
64+
axios.get(`http://localhost:${port}/`, {
65+
headers: {
66+
'User-Agent': 'test-user-agent'
67+
}
68+
})
6569
})
6670

6771
it('should provide fingerprinting on failed user login track', (done) => {
@@ -72,12 +76,16 @@ describe('Attacker fingerprinting', () => {
7276

7377
agent.use(traces => {
7478
assert.property(traces[0][0].meta, '_dd.appsec.fp.http.header')
75-
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.header'], 'hdr-0110000010-24b31d51-3-98425651')
79+
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.header'], 'hdr-0110000010-74c2908f-3-98425651')
7680
assert.property(traces[0][0].meta, '_dd.appsec.fp.http.network')
7781
assert.equal(traces[0][0].meta['_dd.appsec.fp.http.network'], 'net-0-0000000000')
7882
}).then(done).catch(done)
7983

80-
axios.get(`http://localhost:${port}/`)
84+
axios.get(`http://localhost:${port}/`, {
85+
headers: {
86+
'User-Agent': 'test-user-agent'
87+
}
88+
})
8189
})
8290
})
8391
})

0 commit comments

Comments
 (0)