diff --git a/.github/actions/check-release-branch/action.yml b/.github/actions/check-release-branch/action.yml
new file mode 100644
index 00000000000..32f7082a689
--- /dev/null
+++ b/.github/actions/check-release-branch/action.yml
@@ -0,0 +1,29 @@
+name: Check release branch
+inputs:
+ release-branch:
+ description: 'Release branch to check'
+ required: true
+ default: '3.x'
+runs:
+ using: composite
+ steps:
+ - name: Squash current branch commits
+ id: get-commit-to-cherry-pick
+ shell: bash
+ run: |
+ git checkout -b ${{github.head_ref}}-squashed
+ git reset --soft refs/remotes/origin/master
+ git add -A
+ git config user.email "dummy@commit.com"
+ git config user.name "Dummy commit"
+ git commit -m "squashed commit"
+ echo "commit-to-cherry-pick=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
+ - name: Attempt merge current branch to ${{ inputs.release-branch }}
+ shell: bash
+ run: |
+ git checkout ${{ inputs.release-branch }}
+ {
+ git cherry-pick ${{ steps.get-commit-to-cherry-pick.outputs.commit-to-cherry-pick}}
+ } || {
+ git status ; git diff ; exit 1
+ }
diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml
index 9ca53aa52c1..ab39acdab0a 100644
--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@@ -14,6 +14,9 @@ concurrency:
jobs:
integration:
strategy:
+ # when one version fails, say 14, all the other versions are stopped
+ # setting fail-fast to false in an attempt to prevent this from happening
+ fail-fast: false
matrix:
version: [12, 14, 16, 18, latest]
runs-on: ubuntu-latest
@@ -28,6 +31,21 @@ jobs:
- run: sudo sysctl -w kernel.core_pattern='|/bin/false'
- run: yarn test:integration
+ integration-ci:
+ strategy:
+ matrix:
+ version: [14, latest]
+ framework: [cucumber, cypress, playwright]
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: ./.github/actions/node/setup
+ - run: yarn install
+ - uses: actions/setup-node@v3
+ with:
+ node-version: ${{ matrix.version }}
+ - run: yarn test:integration:${{ matrix.framework }}
+
lint:
runs-on: ubuntu-latest
steps:
diff --git a/.github/workflows/release-branches-check.yml b/.github/workflows/release-branches-check.yml
new file mode 100644
index 00000000000..c1437fa3fa0
--- /dev/null
+++ b/.github/workflows/release-branches-check.yml
@@ -0,0 +1,28 @@
+name: Release branches check
+
+on:
+ pull_request:
+ branches: [master]
+
+jobs:
+ check-release-branch-v2:
+ if: "!contains(github.event.pull_request.labels.*.name, 'dont-land-on-v2.x')"
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ - uses: ./.github/actions/check-release-branch
+ with:
+ release-branch: v2.x
+
+ check-release-branch-v3:
+ if: "!contains(github.event.pull_request.labels.*.name, 'dont-land-on-v3.x')"
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ - uses: ./.github/actions/check-release-branch
+ with:
+ release-branch: v3.x
diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv
index 8ff58815ba3..eef6b00befd 100644
--- a/LICENSE-3rdparty.csv
+++ b/LICENSE-3rdparty.csv
@@ -36,6 +36,7 @@ dev,chalk,MIT,Copyright Sindre Sorhus
dev,checksum,MIT,Copyright Daniel D. Shaw
dev,cli-table3,MIT,Copyright 2014 James Talmage
dev,dotenv,BSD-2-Clause,Copyright 2015 Scott Motte
+dev,esbuild,MIT,Copyright (c) 2020 Evan Wallace
dev,eslint,MIT,Copyright JS Foundation and other contributors https://js.foundation
dev,eslint-config-standard,MIT,Copyright Feross Aboukhadijeh
dev,eslint-plugin-import,MIT,Copyright 2015 Ben Mosher
diff --git a/README.md b/README.md
index 3039fb4a341..f7c2dddd9b4 100644
--- a/README.md
+++ b/README.md
@@ -151,6 +151,19 @@ $ yarn lint
```
+### Experimental ESM Support
+
+ESM support is currently in the experimental stages, while CJS has been supported
+since inception. This means that code loaded using `require()` should work fine
+but code loaded using `import` might not always work.
+
+Use the following command to enable experimental ESM support with your application:
+
+```sh
+node --loader dd-trace/loader-hook.mjs entrypoint.js
+```
+
+
### Benchmarks
Our microbenchmarks live in `benchmark/sirun`. Each directory in there
@@ -175,6 +188,42 @@ That said, even if your application runs on Lambda, any core instrumentation iss
Regardless of where you open the issue, someone at Datadog will try to help.
+## Bundling
+
+Generally, `dd-trace` works by intercepting `require()` calls that a Node.js application makes when loading modules. This includes modules that are built-in to Node.js, like the `fs` module for accessing the filesystem, as well as modules installed from the npm registry, like the `pg` database module.
+
+Also generally, bundlers work by crawling all of the `require()` calls that an application makes to files on disk, replacing the `require()` calls with custom code, and then concatenating all of the resulting JavaScript into one "bundled" file. When a built-in module is loaded, like `require('fs')`, that call can then remain the same in the resulting bundle.
+
+Fundamentally APM tools like `dd-trace` stop working at this point. Perhaps they continue to intercept the calls for built-in modules but don't intercept calls to third party libraries. This means that by default when you bundle a `dd-trace` app with a bundler it is likely to capture information about disk access (via `fs`) and outbound HTTP requests (via `http`), but will otherwise omit calls to third party libraries (like extracting incoming request route information for the `express` framework or showing which query is run for the `mysql` database client).
+
+To get around this, one can treat all third party modules, or at least third party modules that the APM needs to instrument, as being "external" to the bundler. With this setting the instrumented modules remain on disk and continue to be loaded via `require()` while the non-instrumented modules are bundled. Sadly this results in a build with many extraneous files and starts to defeat the purpose of bundling.
+
+For these reasons it's necessary to have custom-built bundler plugins. Such plugins are able to instruct the bundler on how to behave, injecting intermediary code and otherwise intercepting the "translated" `require()` calls. The result is that many more packages are then included in the bundled JavaScript file. Some applications can have 100% of modules bundled, however native modules still need to remain external to the bundle.
+
+### Esbuild Support
+
+This library provides experimental esbuild support in the form of an esbuild plugin, and currently requires at least Node.js v16.17 or v18.7. To use the plugin, make sure you have `dd-trace@3+` installed, and then require the `dd-trace/esbuild` module when building your bundle.
+
+Here's an example of how one might use `dd-trace` with esbuild:
+
+```javascript
+const ddPlugin = require('dd-trace/esbuild')
+const esbuild = require('esbuild')
+
+esbuild.build({
+ entryPoints: ['app.js'],
+ bundle: true,
+ outfile: 'out.js',
+ plugins: [ddPlugin],
+ platform: 'node', // allows built-in modules to be required
+ target: ['node16']
+}).catch((err) => {
+ console.error(err)
+ process.exit(1)
+})
+```
+
+
## Security Vulnerabilities
If you have found a security issue, please contact the security team directly at [security@datadoghq.com](mailto:security@datadoghq.com).
diff --git a/esbuild.js b/esbuild.js
new file mode 100644
index 00000000000..424ba5cb908
--- /dev/null
+++ b/esbuild.js
@@ -0,0 +1,3 @@
+'use strict'
+
+module.exports = require('./packages/datadog-esbuild/index.js')
diff --git a/integration-tests/ci-visibility-intake.js b/integration-tests/ci-visibility-intake.js
index f2ed23dd2e9..44e6f2d3119 100644
--- a/integration-tests/ci-visibility-intake.js
+++ b/integration-tests/ci-visibility-intake.js
@@ -169,6 +169,39 @@ class FakeCiVisIntake extends FakeAgent {
infoResponse = DEFAULT_INFO_RESPONSE
}
+ // Similar to gatherPayloads but resolves if enough payloads have been gathered
+ // to make the assertions pass. It times out after maxGatheringTime so it should
+ // always be faster or as fast as gatherPayloads
+ gatherPayloadsMaxTimeout (payloadMatch, onPayload, maxGatheringTime = 15000) {
+ const payloads = []
+ return new Promise((resolve, reject) => {
+ const timeoutId = setTimeout(() => {
+ try {
+ onPayload(payloads)
+ resolve()
+ } catch (e) {
+ reject(e)
+ } finally {
+ this.off('message', messageHandler)
+ }
+ }, maxGatheringTime)
+ const messageHandler = (message) => {
+ if (!payloadMatch || payloadMatch(message)) {
+ payloads.push(message)
+ try {
+ onPayload(payloads)
+ clearTimeout(timeoutId)
+ this.off('message', messageHandler)
+ resolve()
+ } catch (e) {
+ // we'll try again when a new payload arrives
+ }
+ }
+ }
+ this.on('message', messageHandler)
+ })
+ }
+
gatherPayloads (payloadMatch, gatheringTime = 15000) {
const payloads = []
return new Promise((resolve, reject) => {
diff --git a/integration-tests/cucumber.spec.js b/integration-tests/cucumber/cucumber.spec.js
similarity index 98%
rename from integration-tests/cucumber.spec.js
rename to integration-tests/cucumber/cucumber.spec.js
index 04bc5f7be61..009c4a44f46 100644
--- a/integration-tests/cucumber.spec.js
+++ b/integration-tests/cucumber/cucumber.spec.js
@@ -10,8 +10,8 @@ const {
createSandbox,
getCiVisAgentlessConfig,
getCiVisEvpProxyConfig
-} = require('./helpers')
-const { FakeCiVisIntake } = require('./ci-visibility-intake')
+} = require('../helpers')
+const { FakeCiVisIntake } = require('../ci-visibility-intake')
const {
TEST_STATUS,
TEST_COMMAND,
@@ -23,7 +23,7 @@ const {
TEST_MODULE_ITR_SKIPPING_ENABLED,
TEST_ITR_TESTS_SKIPPED,
TEST_CODE_COVERAGE_LINES_TOTAL
-} = require('../packages/dd-trace/src/plugins/util/test')
+} = require('../../packages/dd-trace/src/plugins/util/test')
const isOldNode = semver.satisfies(process.version, '<=12')
const versions = ['7.0.0', isOldNode ? '8' : 'latest']
@@ -63,7 +63,7 @@ versions.forEach(version => {
envVars = isAgentless ? getCiVisAgentlessConfig(receiver.port) : getCiVisEvpProxyConfig(receiver.port)
})
it('can run and report tests', (done) => {
- receiver.gatherPayloads(({ url }) => url.endsWith('/api/v2/citestcycle'), 5000).then((payloads) => {
+ receiver.gatherPayloadsMaxTimeout(({ url }) => url.endsWith('/api/v2/citestcycle'), payloads => {
const events = payloads.flatMap(({ payload }) => payload.events)
const testSessionEvent = events.find(event => event.type === 'test_session_end')
@@ -151,9 +151,7 @@ versions.forEach(version => {
assert.equal(stepEvent.content.name, 'cucumber.step')
assert.property(stepEvent.content.meta, 'cucumber.step')
})
-
- done()
- }).catch(done)
+ }, 5000).then(() => done()).catch(done)
childProcess = exec(
runTestsCommand,
diff --git a/integration-tests/cypress.spec.js b/integration-tests/cypress/cypress.spec.js
similarity index 93%
rename from integration-tests/cypress.spec.js
rename to integration-tests/cypress/cypress.spec.js
index 51e34e0301d..b409ff8c653 100644
--- a/integration-tests/cypress.spec.js
+++ b/integration-tests/cypress/cypress.spec.js
@@ -10,16 +10,16 @@ const {
createSandbox,
getCiVisAgentlessConfig,
getCiVisEvpProxyConfig
-} = require('./helpers')
-const { FakeCiVisIntake } = require('./ci-visibility-intake')
-const webAppServer = require('./ci-visibility/web-app-server')
+} = require('../helpers')
+const { FakeCiVisIntake } = require('../ci-visibility-intake')
+const webAppServer = require('../ci-visibility/web-app-server')
const {
TEST_STATUS,
TEST_COMMAND,
TEST_MODULE,
TEST_FRAMEWORK_VERSION,
TEST_TOOLCHAIN
-} = require('../packages/dd-trace/src/plugins/util/test')
+} = require('../../packages/dd-trace/src/plugins/util/test')
// TODO: remove when 2.x support is removed.
// This is done because from playwright@>=1.22.0 node 12 is not supported
@@ -29,7 +29,7 @@ const versions = ['6.7.0', isOldNode ? '11.2.0' : 'latest']
versions.forEach((version) => {
describe(`cypress@${version}`, function () {
this.retries(2)
- this.timeout(45000)
+ this.timeout(60000)
let sandbox, cwd, receiver, childProcess, webAppPort
before(async () => {
sandbox = await createSandbox([`cypress@${version}`], true)
@@ -61,7 +61,7 @@ versions.forEach((version) => {
? getCiVisAgentlessConfig(receiver.port) : getCiVisEvpProxyConfig(receiver.port)
const reportUrl = reportMethod === 'agentless' ? '/api/v2/citestcycle' : '/evp_proxy/v2/api/v2/citestcycle'
- receiver.gatherPayloads(({ url }) => url === reportUrl, 25000).then((payloads) => {
+ receiver.gatherPayloadsMaxTimeout(({ url }) => url === reportUrl, payloads => {
const events = payloads.flatMap(({ payload }) => payload.events)
const testSessionEvent = events.find(event => event.type === 'test_session_end')
@@ -141,9 +141,7 @@ versions.forEach((version) => {
assert.equal(testModuleId.toString(10), testModuleEventContent.test_module_id.toString(10))
assert.equal(testSessionId.toString(10), testSessionEventContent.test_session_id.toString(10))
})
-
- done()
- }).catch(done)
+ }, 25000).then(() => done()).catch(done)
const {
NODE_OPTIONS, // NODE_OPTIONS dd-trace config does not work with cypress
@@ -160,7 +158,7 @@ versions.forEach((version) => {
...restEnvVars,
CYPRESS_BASE_URL: `http://localhost:${webAppPort}`
},
- stdio: 'on'
+ stdio: 'pipe'
}
)
})
diff --git a/integration-tests/esbuild.spec.js b/integration-tests/esbuild.spec.js
new file mode 100755
index 00000000000..378dda5baa2
--- /dev/null
+++ b/integration-tests/esbuild.spec.js
@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+
+'use strict'
+
+const chproc = require('child_process')
+const path = require('path')
+
+const CWD = process.cwd()
+const TEST_DIR = path.join(__dirname, 'esbuild')
+
+// eslint-disable-next-line no-console
+console.log(`cd ${TEST_DIR}`)
+process.chdir(TEST_DIR)
+
+// eslint-disable-next-line no-console
+console.log('npm run build')
+chproc.execSync('npm run build')
+
+// eslint-disable-next-line no-console
+console.log('npm run built')
+try {
+ chproc.execSync('npm run built', {
+ timeout: 1000 * 30
+ })
+} catch (err) {
+ // eslint-disable-next-line no-console
+ console.error(err)
+ process.exit(1)
+} finally {
+ process.chdir(CWD)
+}
diff --git a/integration-tests/esbuild/.gitignore b/integration-tests/esbuild/.gitignore
new file mode 100644
index 00000000000..641a92dd387
--- /dev/null
+++ b/integration-tests/esbuild/.gitignore
@@ -0,0 +1 @@
+out.js
diff --git a/integration-tests/esbuild/basic-test.js b/integration-tests/esbuild/basic-test.js
new file mode 100755
index 00000000000..faf85fd1dea
--- /dev/null
+++ b/integration-tests/esbuild/basic-test.js
@@ -0,0 +1,41 @@
+#!/usr/bin/env node
+
+// TODO: add support for Node.js v14.17+ and v16.0+
+if (Number(process.versions.node.split('.')[0]) < 16) {
+ console.error(`Skip esbuild test for node@${process.version}`) // eslint-disable-line no-console
+ process.exit(0)
+}
+
+const tracer = require('../../').init() // dd-trace
+
+const assert = require('assert')
+const express = require('express')
+const http = require('http')
+
+const app = express()
+const PORT = 31415
+
+assert.equal(express.static.mime.types.ogg, 'audio/ogg')
+
+const server = app.listen(PORT, () => {
+ setImmediate(() => {
+ http.request(`http://localhost:${PORT}`).end() // query to self
+ })
+})
+
+app.get('/', async (_req, res) => {
+ assert.equal(
+ tracer.scope().active().context()._tags.component,
+ 'express',
+ `the sample app bundled by esbuild is not properly instrumented. using node@${process.version}`
+ ) // bad exit
+
+ res.json({ narwhal: 'bacons' })
+
+ setImmediate(() => {
+ server.close() // clean exit
+ setImmediate(() => {
+ process.exit(0)
+ })
+ })
+})
diff --git a/integration-tests/esbuild/build.js b/integration-tests/esbuild/build.js
new file mode 100755
index 00000000000..3f3687b58ff
--- /dev/null
+++ b/integration-tests/esbuild/build.js
@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+
+const ddPlugin = require('../../esbuild') // dd-trace/esbuild
+const esbuild = require('esbuild')
+
+esbuild.build({
+ entryPoints: ['basic-test.js'],
+ bundle: true,
+ outfile: 'out.js',
+ plugins: [ddPlugin],
+ platform: 'node',
+ target: ['node16']
+}).catch((err) => {
+ console.error(err) // eslint-disable-line no-console
+ process.exit(1)
+})
diff --git a/integration-tests/esbuild/complex-app.js b/integration-tests/esbuild/complex-app.js
new file mode 100755
index 00000000000..8f402cd4271
--- /dev/null
+++ b/integration-tests/esbuild/complex-app.js
@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+
+require('../../').init() // dd-trace
+const assert = require('assert')
+const express = require('express')
+const redis = require('redis')
+const app = express()
+const PORT = 3000
+const pg = require('pg')
+const pgp = require('pg-promise')() // transient dep of 'pg'
+
+assert.equal(redis.Graph.name, 'Graph')
+assert.equal(pg.types.builtins.BOOL, 16)
+assert.equal(express.static.mime.types.ogg, 'audio/ogg')
+
+const conn = {
+ user: 'postgres',
+ host: 'localhost',
+ database: 'postgres',
+ password: 'hunter2',
+ port: 5433
+}
+
+console.log('pg connect') // eslint-disable-line no-console
+const client = new pg.Client(conn)
+client.connect()
+
+console.log('pg-promise connect') // eslint-disable-line no-console
+const client2 = pgp(conn)
+
+app.get('/', async (_req, res) => {
+ const query = await client.query('SELECT NOW() AS now')
+ const query2 = await client2.query('SELECT NOW() AS now')
+ res.json({
+ connection_pg: query.rows[0].now,
+ connection_pg_promise: query2[0].now
+ })
+})
+
+app.listen(PORT, () => {
+ console.log(`Example app listening on port ${PORT}`) // eslint-disable-line no-console
+})
diff --git a/integration-tests/esbuild/complex-app.mjs b/integration-tests/esbuild/complex-app.mjs
new file mode 100755
index 00000000000..5f097655eeb
--- /dev/null
+++ b/integration-tests/esbuild/complex-app.mjs
@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+
+import 'dd-trace/init.js'
+import assert from 'assert'
+import express from 'express'
+import redis from 'redis'
+const app = express()
+const PORT = 3000
+import pg from 'pg'
+import PGP from 'pg-promise' // transient dep of 'pg'
+const pgp = PGP()
+
+assert.equal(redis.Graph.name, 'Graph')
+assert.equal(pg.types.builtins.BOOL, 16)
+assert.equal(express.static.mime.types.ogg, 'audio/ogg')
+
+const conn = {
+ user: 'postgres',
+ host: 'localhost',
+ database: 'postgres',
+ password: 'hunter2',
+ port: 5433
+}
+
+console.log('pg connect') // eslint-disable-line no-console
+const client = new pg.Client(conn)
+client.connect()
+
+console.log('pg-promise connect') // eslint-disable-line no-console
+const client2 = pgp(conn)
+
+app.get('/', async (_req, res) => {
+ const query = await client.query('SELECT NOW() AS now')
+ const query2 = await client2.query('SELECT NOW() AS now')
+ res.json({
+ connection_pg: query.rows[0].now,
+ connection_pg_promise: query2[0].now
+ })
+})
+
+app.listen(PORT, () => {
+ console.log(`Example app listening on port ${PORT}`) // eslint-disable-line no-console
+})
diff --git a/integration-tests/esbuild/package.json b/integration-tests/esbuild/package.json
new file mode 100644
index 00000000000..1e70730cbe8
--- /dev/null
+++ b/integration-tests/esbuild/package.json
@@ -0,0 +1,24 @@
+{
+ "name": "esbuild-dd-trace-demo",
+ "private": true,
+ "version": "1.0.0",
+ "description": "basic example app bundling dd-trace via esbuild",
+ "main": "app.js",
+ "scripts": {
+ "build": "DD_TRACE_DEBUG=true node ./build.js",
+ "built": "DD_TRACE_DEBUG=true node ./out.js",
+ "raw": "DD_TRACE_DEBUG=true node ./app.js",
+ "link": "pushd ../.. && yarn link && popd && yarn link dd-trace",
+ "request": "curl http://localhost:3000 | jq"
+ },
+ "keywords": [
+ "esbuild",
+ "apm"
+ ],
+ "author": "Thomas Hunter II <tlhunter@datadog.com>",
+ "license": "ISC",
+ "dependencies": {
+ "esbuild": "0.16.12",
+ "express": "^4.16.2"
+ }
+}
diff --git a/integration-tests/playwright.spec.js b/integration-tests/playwright/playwright.spec.js
similarity index 91%
rename from integration-tests/playwright.spec.js
rename to integration-tests/playwright/playwright.spec.js
index f0f8b7af1e3..246fc386ea8 100644
--- a/integration-tests/playwright.spec.js
+++ b/integration-tests/playwright/playwright.spec.js
@@ -10,10 +10,10 @@ const {
createSandbox,
getCiVisAgentlessConfig,
getCiVisEvpProxyConfig
-} = require('./helpers')
-const { FakeCiVisIntake } = require('./ci-visibility-intake')
-const webAppServer = require('./ci-visibility/web-app-server')
-const { TEST_STATUS } = require('../packages/dd-trace/src/plugins/util/test')
+} = require('../helpers')
+const { FakeCiVisIntake } = require('../ci-visibility-intake')
+const webAppServer = require('../ci-visibility/web-app-server')
+const { TEST_STATUS } = require('../../packages/dd-trace/src/plugins/util/test')
// TODO: remove when 2.x support is removed.
// This is done because from playwright@>=1.22.0 node 12 is not supported
@@ -58,7 +58,7 @@ versions.forEach((version) => {
? getCiVisAgentlessConfig(receiver.port) : getCiVisEvpProxyConfig(receiver.port)
const reportUrl = reportMethod === 'agentless' ? '/api/v2/citestcycle' : '/evp_proxy/v2/api/v2/citestcycle'
- receiver.gatherPayloads(({ url }) => url === reportUrl).then((payloads) => {
+ receiver.gatherPayloadsMaxTimeout(({ url }) => url === reportUrl, payloads => {
const events = payloads.flatMap(({ payload }) => payload.events)
const testSessionEvent = events.find(event => event.type === 'test_session_end')
@@ -99,9 +99,7 @@ versions.forEach((version) => {
assert.equal(stepEvent.content.name, 'playwright.step')
assert.property(stepEvent.content.meta, 'playwright.step')
})
-
- done()
- }).catch(done)
+ }).then(() => done()).catch(done)
childProcess = exec(
'./node_modules/.bin/playwright test -c playwright.config.js',
@@ -119,7 +117,8 @@ versions.forEach((version) => {
})
it('works when tests are compiled to a different location', (done) => {
let testOutput = ''
- receiver.gatherPayloads(({ url }) => url === '/api/v2/citestcycle').then((payloads) => {
+
+ receiver.gatherPayloadsMaxTimeout(({ url }) => url === '/api/v2/citestcycle', payloads => {
const events = payloads.flatMap(({ payload }) => payload.events)
const testEvents = events.filter(event => event.type === 'test')
assert.includeMembers(testEvents.map(test => test.content.resource), [
@@ -129,8 +128,7 @@ versions.forEach((version) => {
assert.include(testOutput, '1 passed')
assert.include(testOutput, '1 skipped')
assert.notInclude(testOutput, 'TypeError')
- done()
- }).catch(done)
+ }).then(() => done()).catch(done)
childProcess = exec(
'node ./node_modules/typescript/bin/tsc' +
diff --git a/package.json b/package.json
index e79986bd1eb..781fc506b29 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "dd-trace",
- "version": "2.29.0",
+ "version": "2.30.0",
"description": "Datadog APM tracing client for JavaScript",
"main": "index.js",
"typings": "index.d.ts",
@@ -32,7 +32,10 @@
"test:plugins:upstream": "node ./packages/dd-trace/test/plugins/suite.js",
"test:profiler": "tap \"packages/dd-trace/test/profiling/**/*.spec.js\"",
"test:profiler:ci": "npm run test:profiler -- --coverage --nyc-arg=--include=\"packages/dd-trace/src/profiling/**/*.js\"",
- "test:integration": "mocha --colors --timeout 30000 \"integration-tests/**/*.spec.js\"",
+ "test:integration": "mocha --colors --timeout 30000 \"integration-tests/*.spec.js\"",
+ "test:integration:cucumber": "mocha --colors --timeout 30000 \"integration-tests/cucumber/*.spec.js\"",
+ "test:integration:cypress": "mocha --colors --timeout 30000 \"integration-tests/cypress/*.spec.js\"",
+ "test:integration:playwright": "mocha --colors --timeout 30000 \"integration-tests/playwright/*.spec.js\"",
"test:shimmer": "mocha --colors 'packages/datadog-shimmer/test/**/*.spec.js'",
"test:shimmer:ci": "nyc --no-clean --include 'packages/datadog-shimmer/src/**/*.js' -- npm run test:shimmer",
"leak:core": "node ./scripts/install_plugin_modules && (cd packages/memwatch && yarn) && NODE_PATH=./packages/memwatch/node_modules node --no-warnings ./node_modules/.bin/tape 'packages/dd-trace/test/leak/**/*.js'",
@@ -64,7 +67,7 @@
"dependencies": {
"@datadog/native-appsec": "2.0.0",
"@datadog/native-iast-rewriter": "2.0.1",
- "@datadog/native-iast-taint-tracking": "1.1.1",
+ "@datadog/native-iast-taint-tracking": "1.3.1",
"@datadog/native-metrics": "^1.5.0",
"@datadog/pprof": "^2.1.0",
"@datadog/sketches-js": "^2.1.0",
@@ -101,6 +104,7 @@
"checksum": "^0.1.1",
"cli-table3": "^0.5.1",
"dotenv": "8.2.0",
+ "esbuild": "0.16.12",
"eslint": "^8.23.0",
"eslint-config-standard": "^11.0.0-beta.0",
"eslint-plugin-import": "^2.8.0",
diff --git a/packages/datadog-esbuild/index.js b/packages/datadog-esbuild/index.js
new file mode 100644
index 00000000000..e8b6063ece7
--- /dev/null
+++ b/packages/datadog-esbuild/index.js
@@ -0,0 +1,104 @@
+'use strict'
+
+/* eslint-disable no-console */
+
+const NAMESPACE = 'datadog'
+
+const instrumented = Object.keys(require('../datadog-instrumentations/src/helpers/hooks.js'))
+const rawBuiltins = require('module').builtinModules
+
+warnIfUnsupported()
+
+const builtins = new Set()
+
+for (const builtin of rawBuiltins) {
+ builtins.add(builtin)
+ builtins.add(`node:${builtin}`)
+}
+
+const packagesOfInterest = new Set()
+
+const DEBUG = !!process.env.DD_TRACE_DEBUG
+
+// We don't want to handle any built-in packages via DCITM
+// Those packages will still be handled via RITM
+// Attempting to instrument them would fail as they have no package.json file
+for (const pkg of instrumented) {
+ if (builtins.has(pkg)) continue
+ if (pkg.startsWith('node:')) continue
+ packagesOfInterest.add(pkg)
+}
+
+const DC_CHANNEL = 'dd-trace:bundledModuleLoadStart'
+
+module.exports.name = 'datadog-esbuild'
+
+module.exports.setup = function (build) {
+ build.onResolve({ filter: /.*/ }, args => {
+ const packageName = args.path
+
+ if (args.namespace === 'file' && packagesOfInterest.has(packageName)) {
+ // The file namespace is used when requiring files from disk in userland
+ const pathToPackageJson = require.resolve(`${packageName}/package.json`, { paths: [ args.resolveDir ] })
+ const pkg = require(pathToPackageJson)
+
+ if (DEBUG) {
+ console.log(`resolve ${packageName}@${pkg.version}`)
+ }
+
+ // https://esbuild.github.io/plugins/#on-resolve-arguments
+ return {
+ path: packageName,
+ namespace: NAMESPACE,
+ pluginData: {
+ version: pkg.version
+ }
+ }
+ } else if (args.namespace === 'datadog') {
+ // The datadog namespace is used when requiring files that are injected during the onLoad stage
+ // see note in onLoad
+
+ if (builtins.has(packageName)) return
+
+ return {
+ path: require.resolve(packageName, { paths: [ args.resolveDir ] }),
+ namespace: 'file'
+ }
+ }
+ })
+
+ build.onLoad({ filter: /.*/, namespace: NAMESPACE }, args => {
+ if (DEBUG) {
+ console.log(`load ${args.path}@${args.pluginData.version}`)
+ }
+
+ // JSON.stringify adds double quotes. For perf gain could simply add in quotes when we know it's safe.
+ const contents = `
+ const dc = require('diagnostics_channel');
+ const ch = dc.channel(${JSON.stringify(DC_CHANNEL + ':' + args.path)});
+ const mod = require(${JSON.stringify(args.path)});
+ const payload = {
+ module: mod,
+ path: ${JSON.stringify(args.path)},
+ version: ${JSON.stringify(args.pluginData.version)}
+ };
+ ch.publish(payload);
+ module.exports = payload.module;
+ `
+ // https://esbuild.github.io/plugins/#on-load-results
+ return {
+ contents,
+ loader: 'js'
+ }
+ })
+}
+
+function warnIfUnsupported () {
+ const [major, minor] = process.versions.node.split('.').map(Number)
+ if (major < 14 || (major === 14 && minor < 17)) {
+ console.error('WARNING: Esbuild support isn\'t available for older versions of Node.js.')
+ console.error(`Expected: Node.js >= v14.17. Actual: Node.js = ${process.version}.`)
+ console.error('This application may build properly with this version of Node.js, but unless a')
+ console.error('more recent version is used at runtime, third party packages won\'t be instrumented.')
+ }
+}
diff --git a/packages/datadog-instrumentations/src/google-cloud-pubsub.js b/packages/datadog-instrumentations/src/google-cloud-pubsub.js
index 8a003bfd116..c0450b93d49 100644
--- a/packages/datadog-instrumentations/src/google-cloud-pubsub.js
+++ b/packages/datadog-instrumentations/src/google-cloud-pubsub.js
@@ -63,7 +63,7 @@ function wrapMethod (method) {
const api = method.name
return function (request) {
- if (!requestStartCh.hasSubscribers) return request.apply(this, arguments)
+ if (!requestStartCh.hasSubscribers) return method.apply(this, arguments)
const innerAsyncResource = new AsyncResource('bound-anonymous-fn')
diff --git a/packages/datadog-instrumentations/src/helpers/hook.js b/packages/datadog-instrumentations/src/helpers/hook.js
index b2a6187ad40..256e16d4ac5 100644
--- a/packages/datadog-instrumentations/src/helpers/hook.js
+++ b/packages/datadog-instrumentations/src/helpers/hook.js
@@ -3,13 +3,21 @@
const path = require('path')
const iitm = require('../../../dd-trace/src/iitm')
const ritm = require('../../../dd-trace/src/ritm')
-
+const dcitm = require('../../../dd-trace/src/dcitm')
+
+/**
+ * This is called for every module that dd-trace supports instrumentation for.
+ * In practice, `modules` is always an array with a single entry.
+ *
+ * @param {string[]} modules list of modules to hook into
+ * @param {Function} onrequire callback to be executed upon encountering module
+ */
function Hook (modules, onrequire) {
if (!(this instanceof Hook)) return new Hook(modules, onrequire)
this._patched = Object.create(null)
- const safeHook = (moduleExports, moduleName, moduleBaseDir) => {
+ const safeHook = (moduleExports, moduleName, moduleBaseDir, moduleVersion) => {
const parts = [moduleBaseDir, moduleName].filter(v => v)
const filename = path.join(...parts)
@@ -17,7 +25,7 @@ function Hook (modules, onrequire) {
this._patched[filename] = true
- return onrequire(moduleExports, moduleName, moduleBaseDir)
+ return onrequire(moduleExports, moduleName, moduleBaseDir, moduleVersion)
}
this._ritmHook = ritm(modules, {}, safeHook)
@@ -33,11 +41,13 @@ function Hook (modules, onrequire) {
return safeHook(moduleExports, moduleName, moduleBaseDir)
}
})
+ this._dcitmHook = dcitm(modules, {}, safeHook)
}
Hook.prototype.unhook = function () {
this._ritmHook.unhook()
this._iitmHook.unhook()
+ this._dcitmHook.unhook()
this._patched = Object.create(null)
}
diff --git a/packages/datadog-instrumentations/src/helpers/instrument.js b/packages/datadog-instrumentations/src/helpers/instrument.js
index ff626427a29..fb1931ca256 100644
--- a/packages/datadog-instrumentations/src/helpers/instrument.js
+++ b/packages/datadog-instrumentations/src/helpers/instrument.js
@@ -14,6 +14,12 @@ exports.channel = function (name) {
return ch
}
+/**
+ * @param {string} args.name module name
+ * @param {string[]} args.versions array of semver range strings
+ * @param {string} args.file path to file within package to instrument?
+ * @param Function hook
+ */
exports.addHook = function addHook ({ name, versions, file }, hook) {
if (!instrumentations[name]) {
instrumentations[name] = []
diff --git a/packages/datadog-instrumentations/src/helpers/register.js b/packages/datadog-instrumentations/src/helpers/register.js
index 5e09a89ae44..ad90184ed80 100644
--- a/packages/datadog-instrumentations/src/helpers/register.js
+++ b/packages/datadog-instrumentations/src/helpers/register.js
@@ -17,7 +17,7 @@ const loadChannel = channel('dd-trace:instrumentation:load')
// TODO: make this more efficient
for (const packageName of names) {
- Hook([packageName], (moduleExports, moduleName, moduleBaseDir) => {
+ Hook([packageName], (moduleExports, moduleName, moduleBaseDir, moduleVersion) => {
moduleName = moduleName.replace(pathSepExpr, '/')
hooks[packageName]()
@@ -26,7 +26,7 @@ for (const packageName of names) {
const fullFilename = filename(name, file)
if (moduleName === fullFilename) {
- const version = getVersion(moduleBaseDir)
+ const version = moduleVersion || getVersion(moduleBaseDir)
if (matchVersion(version, versions)) {
try {
diff --git a/packages/datadog-instrumentations/src/pg.js b/packages/datadog-instrumentations/src/pg.js
index f4fa0a97cab..028b0d7e494 100644
--- a/packages/datadog-instrumentations/src/pg.js
+++ b/packages/datadog-instrumentations/src/pg.js
@@ -27,27 +27,22 @@ function wrapQuery (query) {
return query.apply(this, arguments)
}
- const retval = query.apply(this, arguments)
-
- const queryQueue = this.queryQueue || this._queryQueue
- const activeQuery = this.activeQuery || this._activeQuery
- const pgQuery = queryQueue[queryQueue.length - 1] || activeQuery
-
- if (!pgQuery) {
- return retval
- }
-
const callbackResource = new AsyncResource('bound-anonymous-fn')
const asyncResource = new AsyncResource('bound-anonymous-fn')
const processId = this.processID
+ let pgQuery = {
+ text: arguments[0]
+ }
+
return asyncResource.runInAsyncScope(() => {
startCh.publish({
params: this.connectionParameters,
- originalQuery: pgQuery.text,
query: pgQuery,
processId
})
+ arguments[0] = pgQuery.text
+
const finish = asyncResource.bind(function (error) {
if (error) {
errorCh.publish(error)
@@ -55,6 +50,16 @@ function wrapQuery (query) {
finishCh.publish()
})
+ const retval = query.apply(this, arguments)
+ const queryQueue = this.queryQueue || this._queryQueue
+ const activeQuery = this.activeQuery || this._activeQuery
+
+ pgQuery = queryQueue[queryQueue.length - 1] || activeQuery
+
+ if (!pgQuery) {
+ return retval
+ }
+
if (pgQuery.callback) {
const originalCallback = callbackResource.bind(pgQuery.callback)
pgQuery.callback = function (err, res) {
diff --git a/packages/datadog-plugin-google-cloud-pubsub/test/index.spec.js b/packages/datadog-plugin-google-cloud-pubsub/test/index.spec.js
index d46294b2428..d566dde7f77 100644
--- a/packages/datadog-plugin-google-cloud-pubsub/test/index.spec.js
+++ b/packages/datadog-plugin-google-cloud-pubsub/test/index.spec.js
@@ -219,6 +219,20 @@ describe('Plugin', () => {
return expectedSpanPromise
})
})
+
+ describe('when disabled', () => {
+ beforeEach(() => {
+ tracer.use('google-cloud-pubsub', false)
+ })
+
+ afterEach(() => {
+ tracer.use('google-cloud-pubsub', true)
+ })
+
+ it('should work normally', async () => {
+ await pubsub.createTopic(topicName)
+ })
+ })
})
describe('with configuration', () => {
diff --git a/packages/datadog-plugin-pg/test/index.spec.js b/packages/datadog-plugin-pg/test/index.spec.js
index b3952e76a10..40273947ad0 100644
--- a/packages/datadog-plugin-pg/test/index.spec.js
+++ b/packages/datadog-plugin-pg/test/index.spec.js
@@ -4,6 +4,7 @@ const { expect } = require('chai')
const semver = require('semver')
const agent = require('../../dd-trace/test/plugins/agent')
const { ERROR_MESSAGE, ERROR_TYPE, ERROR_STACK } = require('../../dd-trace/src/constants')
+const net = require('net')
const clients = {
pg: pg => pg.Client
@@ -374,6 +375,10 @@ describe('Plugin', () => {
})
describe('with DBM propagation enabled with full using tracer configurations', () => {
const tracer = require('../../dd-trace')
+ let seenTraceParent
+ let seenTraceId
+ let seenSpanId
+ let originalWrite
before(() => {
return agent.load('pg')
})
@@ -393,27 +398,36 @@ describe('Plugin', () => {
database: 'postgres'
})
client.connect(err => done(err))
+ originalWrite = net.Socket.prototype.write
+ net.Socket.prototype.write = function (buffer) {
+ let strBuf = buffer.toString()
+ if (strBuf.includes('traceparent=\'')) {
+ strBuf = strBuf.split('-')
+ seenTraceParent = true
+ seenTraceId = strBuf[1]
+ seenSpanId = strBuf[2]
+ }
+ return originalWrite.apply(this, arguments)
+ }
+ })
+ afterEach(() => {
+ net.Socket.prototype.write = originalWrite
})
-
it('query text should contain traceparent', done => {
- let queryText = ''
agent.use(traces => {
const traceId = traces[0][0].trace_id.toString(16).padStart(32, '0')
const spanId = traces[0][0].span_id.toString(16).padStart(16, '0')
-
- expect(queryText).to.equal(
- `/*dddbs='post',dde='tester',ddps='test',ddpv='8.4.0',` +
- `traceparent='00-${traceId}-${spanId}-00'*/ SELECT $1::text as message`)
+ expect(seenTraceId).to.equal(traceId)
+ expect(seenSpanId).to.equal(spanId)
}).then(done, done)
client.query('SELECT $1::text as message', ['Hello World!'], (err, result) => {
if (err) return done(err)
-
+ expect(seenTraceParent).to.be.true
client.end((err) => {
if (err) return done(err)
})
})
- queryText = client.queryQueue[0].text
})
it('query should inject _dd.dbm_trace_injected into span', done => {
agent.use(traces => {
diff --git a/packages/dd-trace/src/appsec/templates/blocked.html b/packages/dd-trace/src/appsec/blocked_templates.js
similarity index 87%
rename from packages/dd-trace/src/appsec/templates/blocked.html
rename to packages/dd-trace/src/appsec/blocked_templates.js
index c81dfaf934a..8ded947cc90 100644
--- a/packages/dd-trace/src/appsec/templates/blocked.html
+++ b/packages/dd-trace/src/appsec/blocked_templates.js
@@ -1,4 +1,7 @@
-<!-- Sorry, you’ve been blocked -->
+/* eslint-disable max-len */
+'use strict'
+
+const html = `<!-- Sorry, you've been blocked -->
<!DOCTYPE html>
<html lang="en">
@@ -97,3 +100,18 @@
</body>
</html>
+`
+
+const json = `{
+ "errors": [
+ {
+ "title": "You've been blocked",
+ "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."
+ }
+ ]
+}`
+
+module.exports = {
+ html,
+ json
+}
diff --git a/packages/dd-trace/src/appsec/blocking.js b/packages/dd-trace/src/appsec/blocking.js
index 23c75a348b1..ef1a71489b8 100644
--- a/packages/dd-trace/src/appsec/blocking.js
+++ b/packages/dd-trace/src/appsec/blocking.js
@@ -1,12 +1,10 @@
'use strict'
const log = require('../log')
-const fs = require('fs')
+const blockedTemplates = require('./blocked_templates')
-// TODO: move template loading to a proper spot.
-let templateLoaded = false
-let templateHtml = ''
-let templateJson = ''
+let templateHtml = blockedTemplates.html
+let templateJson = blockedTemplates.json
function block (req, res, rootSpan, abortController) {
if (res.headersSent) {
@@ -42,29 +40,16 @@ function block (req, res, rootSpan, abortController) {
}
}
-function loadTemplates (config) {
- if (!templateLoaded) {
- templateHtml = fs.readFileSync(config.appsec.blockedTemplateHtml)
- templateJson = fs.readFileSync(config.appsec.blockedTemplateJson)
- templateLoaded = true
+function setTemplates (config) {
+ if (config.appsec.blockedTemplateHtml) {
+ templateHtml = config.appsec.blockedTemplateHtml
}
-}
-
-async function loadTemplatesAsync (config) {
- if (!templateLoaded) {
- templateHtml = await fs.promises.readFile(config.appsec.blockedTemplateHtml)
- templateJson = await fs.promises.readFile(config.appsec.blockedTemplateJson)
- templateLoaded = true
+ if (config.appsec.blockedTemplateJson) {
+ templateJson = config.appsec.blockedTemplateJson
}
}
-function resetTemplates () {
- templateLoaded = false
-}
-
module.exports = {
block,
- loadTemplates,
- loadTemplatesAsync,
- resetTemplates
+ setTemplates
}
diff --git a/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js b/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
index cf54968e014..31d7df41bac 100644
--- a/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
+++ b/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js
@@ -1,4 +1,6 @@
'use strict'
+
+const path = require('path')
const { getIastContext } = require('../iast-context')
const { storage } = require('../../../../../datadog-core')
const InjectionAnalyzer = require('./injection-analyzer')
@@ -37,6 +39,16 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
}
this.analyze(pathArguments)
})
+
+ this.exclusionList = [ path.join('node_modules', 'send') + path.sep ]
+ }
+
+ _isExcluded (location) {
+ let ret = false
+ if (location && location.path) {
+ ret = this.exclusionList.some(elem => location.path.includes(elem))
+ }
+ return ret
}
analyze (value) {
diff --git a/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js b/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js
index 0cf0e3eb2e1..51ad551e388 100644
--- a/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js
+++ b/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js
@@ -6,7 +6,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
super('SQL_INJECTION')
this.addSub('apm:mysql:query:start', ({ sql }) => this.analyze(sql))
this.addSub('apm:mysql2:query:start', ({ sql }) => this.analyze(sql))
- this.addSub('apm:pg:query:start', ({ originalQuery }) => this.analyze(originalQuery))
+ this.addSub('apm:pg:query:start', ({ query }) => this.analyze(query.text))
}
}
diff --git a/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js b/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js
index d459fa7a889..20e7c7fd0e8 100644
--- a/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js
+++ b/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js
@@ -32,12 +32,18 @@ class Analyzer extends Plugin {
return false
}
+ _isExcluded (location) {
+ return false
+ }
+
_report (value, context) {
const evidence = this._getEvidence(value, context)
const location = this._getLocation()
- const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
- const vulnerability = createVulnerability(this._type, evidence, spanId, location)
- addVulnerability(context, vulnerability)
+ if (!this._isExcluded(location)) {
+ const spanId = context && context.rootSpan && context.rootSpan.context().toSpanId()
+ const vulnerability = createVulnerability(this._type, evidence, spanId, location)
+ addVulnerability(context, vulnerability)
+ }
}
_reportIfVulnerable (value, context) {
diff --git a/packages/dd-trace/src/appsec/iast/index.js b/packages/dd-trace/src/appsec/iast/index.js
index c635ec1fb61..2102ea6ad88 100644
--- a/packages/dd-trace/src/appsec/iast/index.js
+++ b/packages/dd-trace/src/appsec/iast/index.js
@@ -6,6 +6,7 @@ const overheadController = require('./overhead-controller')
const dc = require('diagnostics_channel')
const iastContextFunctions = require('./iast-context')
const { enableTaintTracking, disableTaintTracking, createTransaction, removeTransaction } = require('./taint-tracking')
+
const telemetryLogs = require('./telemetry/logs')
const IAST_ENABLED_TAG_KEY = '_dd.iast.enabled'
@@ -16,7 +17,7 @@ const requestClose = dc.channel('dd-trace:incomingHttpRequestEnd')
function enable (config, _tracer) {
enableAllAnalyzers()
- enableTaintTracking()
+ enableTaintTracking(config.iast)
requestStart.subscribe(onIncomingHttpRequestStart)
requestClose.subscribe(onIncomingHttpRequestEnd)
overheadController.configure(config.iast)
diff --git a/packages/dd-trace/src/appsec/iast/taint-tracking/index.js b/packages/dd-trace/src/appsec/iast/taint-tracking/index.js
index fb9d8636277..3d5da490725 100644
--- a/packages/dd-trace/src/appsec/iast/taint-tracking/index.js
+++ b/packages/dd-trace/src/appsec/iast/taint-tracking/index.js
@@ -1,20 +1,27 @@
'use strict'
const { enableRewriter, disableRewriter } = require('./rewriter')
-const { createTransaction, removeTransaction, enableTaintOperations, disableTaintOperations } = require('./operations')
+const { createTransaction,
+ removeTransaction,
+ setMaxTransactions,
+ enableTaintOperations,
+ disableTaintOperations } = require('./operations')
+
const taintTrackingPlugin = require('./plugin')
module.exports = {
- enableTaintTracking () {
+ enableTaintTracking (config) {
enableRewriter()
enableTaintOperations()
taintTrackingPlugin.enable()
+ setMaxTransactions(config.maxConcurrentRequests)
},
disableTaintTracking () {
disableRewriter()
disableTaintOperations()
taintTrackingPlugin.disable()
},
+ setMaxTransactions: setMaxTransactions,
createTransaction: createTransaction,
removeTransaction: removeTransaction
}
diff --git a/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js b/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js
index e19188f6b66..d1ebcdef34a 100644
--- a/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js
+++ b/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js
@@ -87,6 +87,14 @@ function disableTaintOperations () {
global._ddiast = TaintTrackingDummy
}
+function setMaxTransactions (transactions) {
+ if (!transactions) {
+ return
+ }
+
+ TaintedUtils.setMaxTransactions(transactions)
+}
+
module.exports = {
createTransaction,
removeTransaction,
@@ -96,5 +104,6 @@ module.exports = {
getRanges,
enableTaintOperations,
disableTaintOperations,
+ setMaxTransactions,
IAST_TRANSACTION_ID
}
diff --git a/packages/dd-trace/src/appsec/index.js b/packages/dd-trace/src/appsec/index.js
index f5b1a19b71e..5c500838d67 100644
--- a/packages/dd-trace/src/appsec/index.js
+++ b/packages/dd-trace/src/appsec/index.js
@@ -1,7 +1,5 @@
'use strict'
-const fs = require('fs')
-const path = require('path')
const log = require('../log')
const RuleManager = require('./rule_manager')
const remoteConfig = require('./remote_config')
@@ -12,7 +10,7 @@ const Reporter = require('./reporter')
const web = require('../plugins/util/web')
const { extractIp } = require('../plugins/util/ip_extractor')
const { HTTP_CLIENT_IP } = require('../../../../ext/tags')
-const { block, loadTemplates, loadTemplatesAsync } = require('./blocking')
+const { block, setTemplates } = require('./blocking')
let isEnabled = false
let config
@@ -21,21 +19,10 @@ function enable (_config) {
if (isEnabled) return
try {
- loadTemplates(_config)
- const rules = fs.readFileSync(_config.appsec.rules || path.join(__dirname, 'recommended.json'))
- enableFromRules(_config, JSON.parse(rules))
- } catch (err) {
- abortEnable(err)
- }
-}
+ setTemplates(_config)
-async function enableAsync (_config) {
- if (isEnabled) return
-
- try {
- await loadTemplatesAsync(_config)
- const rules = await fs.promises.readFile(_config.appsec.rules || path.join(__dirname, 'recommended.json'))
- enableFromRules(_config, JSON.parse(rules))
+ // TODO: inline this function
+ enableFromRules(_config, _config.appsec.rules)
} catch (err) {
abortEnable(err)
}
@@ -169,7 +156,6 @@ function disable () {
module.exports = {
enable,
- enableAsync,
disable,
incomingHttpStartTranslator,
incomingHttpEndTranslator
diff --git a/packages/dd-trace/src/appsec/recommended.json b/packages/dd-trace/src/appsec/recommended.json
index bf1af5e255c..9d7f2a46e61 100644
--- a/packages/dd-trace/src/appsec/recommended.json
+++ b/packages/dd-trace/src/appsec/recommended.json
@@ -1,7 +1,7 @@
{
"version": "2.2",
"metadata": {
- "rules_version": "1.5.2"
+ "rules_version": "1.6.0"
},
"rules": [
{
@@ -2907,7 +2907,8 @@
}
],
"transformers": [
- "removeNulls"
+ "removeNulls",
+ "urlDecodeUni"
]
},
{
@@ -2957,7 +2958,8 @@
}
],
"transformers": [
- "removeNulls"
+ "removeNulls",
+ "urlDecodeUni"
]
},
{
@@ -3007,7 +3009,8 @@
}
],
"transformers": [
- "removeNulls"
+ "removeNulls",
+ "urlDecodeUni"
]
},
{
@@ -3054,7 +3057,8 @@
}
],
"transformers": [
- "removeNulls"
+ "removeNulls",
+ "urlDecodeUni"
]
},
{
@@ -3088,8 +3092,7 @@
".parentnode",
".innerhtml",
"window.location",
- "-moz-binding",
- "<![cdata["
+ "-moz-binding"
]
},
"operator": "phrase_match"
@@ -3545,7 +3548,7 @@
"address": "grpc.server.request.message"
}
],
- "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)\\s*\\([^\\)]",
+ "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
"options": {
"case_sensitive": true,
"min_length": 5
@@ -5347,14 +5350,12 @@
"address": "grpc.server.request.message"
}
],
- "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com)"
+ "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
},
"operator": "match_regex"
}
],
- "transformers": [
- "lowercase"
- ]
+ "transformers": []
},
{
"id": "sqr-000-015",
@@ -5429,7 +5430,9 @@
"operator": "match_regex"
}
],
- "transformers": []
+ "transformers": [
+ "unicode_normalize"
+ ]
},
{
"id": "ua0-600-0xx",
@@ -5905,7 +5908,7 @@
"tags": {
"type": "security_scanner",
"category": "attack_attempt",
- "confidence": "1"
+ "confidence": "0"
},
"conditions": [
{
@@ -6616,6 +6619,32 @@
"block"
]
},
+ {
+ "id": "ua0-600-57x",
+ "name": "AlertLogic",
+ "tags": {
+ "type": "security_scanner",
+ "category": "attack_attempt",
+ "confidence": "0"
+ },
+ "conditions": [
+ {
+ "parameters": {
+ "inputs": [
+ {
+ "address": "server.request.headers.no_cookies",
+ "key_path": [
+ "user-agent"
+ ]
+ }
+ ],
+ "regex": "\\bAlertLogic-MDR-"
+ },
+ "operator": "match_regex"
+ }
+ ],
+ "transformers": []
+ },
{
"id": "ua0-600-5xx",
"name": "Blind SQL Injection Brute Forcer",
diff --git a/packages/dd-trace/src/appsec/remote_config/index.js b/packages/dd-trace/src/appsec/remote_config/index.js
index 155da7a1beb..0a65ef06ee3 100644
--- a/packages/dd-trace/src/appsec/remote_config/index.js
+++ b/packages/dd-trace/src/appsec/remote_config/index.js
@@ -23,7 +23,7 @@ function enable (config) {
}
if (shouldEnable) {
- require('..').enableAsync(config).catch(() => {})
+ require('..').enable(config)
} else {
require('..').disable()
}
diff --git a/packages/dd-trace/src/appsec/sdk/index.js b/packages/dd-trace/src/appsec/sdk/index.js
index eb13b24df0a..447d7b1121a 100644
--- a/packages/dd-trace/src/appsec/sdk/index.js
+++ b/packages/dd-trace/src/appsec/sdk/index.js
@@ -2,14 +2,14 @@
const { trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent } = require('./track_event')
const { checkUserAndSetUser, blockRequest } = require('./user_blocking')
-const { loadTemplates } = require('../blocking')
+const { setTemplates } = require('../blocking')
const { setUser } = require('./set_user')
class AppsecSdk {
constructor (tracer, config) {
this._tracer = tracer
if (config) {
- loadTemplates(config)
+ setTemplates(config)
}
}
diff --git a/packages/dd-trace/src/appsec/templates/blocked.json b/packages/dd-trace/src/appsec/templates/blocked.json
deleted file mode 100644
index dafde53b41d..00000000000
--- a/packages/dd-trace/src/appsec/templates/blocked.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
- "errors": [
- {
- "title": "You've been blocked",
- "detail": "Sorry, you cannot access this page. Please contact the customer service team. Security provided by Datadog."
- }
- ]
-}
diff --git a/packages/dd-trace/src/config.js b/packages/dd-trace/src/config.js
index 9e5606d5fe3..f1bf59c22d2 100644
--- a/packages/dd-trace/src/config.js
+++ b/packages/dd-trace/src/config.js
@@ -9,7 +9,6 @@ const coalesce = require('koalas')
const tagger = require('./tagger')
const { isTrue, isFalse } = require('./util')
const uuid = require('crypto-randomuuid')
-const path = require('path')
const fromEntries = Object.fromEntries || (entries =>
entries.reduce((obj, [k, v]) => Object.assign(obj, { [k]: v }), {}))
@@ -19,16 +18,7 @@ function maybeFile (filepath) {
try {
return fs.readFileSync(filepath, 'utf8')
} catch (e) {
- return undefined
- }
-}
-
-function maybePath (filepath) {
- if (!filepath) return
- try {
- fs.openSync(filepath, 'r')
- return filepath
- } catch (e) {
+ log.error(e)
return undefined
}
}
@@ -279,6 +269,18 @@ class Config {
false
)
+ const DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED = coalesce(
+ options.traceId128BitGenerationEnabled,
+ process.env.DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED,
+ false
+ )
+
+ const DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED = coalesce(
+ options.traceId128BitLoggingEnabled,
+ process.env.DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED,
+ false
+ )
+
let appsec = options.appsec != null ? options.appsec : options.experimental && options.experimental.appsec
if (typeof appsec === 'boolean') {
@@ -323,14 +325,12 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
|[\\-]{5}BEGIN[a-z\\s]+PRIVATE\\sKEY[\\-]{5}[^\\-]+[\\-]{5}END[a-z\\s]+PRIVATE\\sKEY|ssh-rsa\\s*[a-z0-9\\/\\.+]{100,}`
)
const DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML = coalesce(
- maybePath(appsec.blockedTemplateHtml),
- maybePath(process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML),
- path.join(__dirname, 'appsec', 'templates', 'blocked.html')
+ maybeFile(appsec.blockedTemplateHtml),
+ maybeFile(process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML)
)
const DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON = coalesce(
- maybePath(appsec.blockedTemplateJson),
- maybePath(process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON),
- path.join(__dirname, 'appsec', 'templates', 'blocked.json')
+ maybeFile(appsec.blockedTemplateJson),
+ maybeFile(process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON)
)
const inAWSLambda = process.env.AWS_LAMBDA_FUNCTION_NAME !== undefined
@@ -476,7 +476,7 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
this.tagsHeaderMaxLength = parseInt(DD_TRACE_X_DATADOG_TAGS_MAX_LENGTH)
this.appsec = {
enabled: DD_APPSEC_ENABLED,
- rules: DD_APPSEC_RULES,
+ rules: DD_APPSEC_RULES ? safeJsonParse(maybeFile(DD_APPSEC_RULES)) : require('./appsec/recommended.json'),
rateLimit: DD_APPSEC_TRACE_RATE_LIMIT,
wafTimeout: DD_APPSEC_WAF_TIMEOUT,
obfuscatorKeyRegex: DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP,
@@ -506,6 +506,9 @@ ken|consumer_?(?:id|key|secret)|sign(?:ed|ature)?|auth(?:entication|orization)?)
enabled: isTrue(DD_TRACE_STATS_COMPUTATION_ENABLED)
}
+ this.traceId128BitGenerationEnabled = isTrue(DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED)
+ this.traceId128BitLoggingEnabled = isTrue(DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED)
+
tagger.add(this.tags, {
service: this.service,
env: this.env,
diff --git a/packages/dd-trace/src/datastreams/encoding.js b/packages/dd-trace/src/datastreams/encoding.js
index 341e7d89c79..5ab4e84d4ce 100644
--- a/packages/dd-trace/src/datastreams/encoding.js
+++ b/packages/dd-trace/src/datastreams/encoding.js
@@ -16,13 +16,13 @@ function encodeVarint (v) {
// decodes positive and negative numbers, using zig zag encoding to reduce the size of the variable length encoding.
// uses high and low part to ensure those parts are under the limit for byte operations in javascript (32 bits)
function decodeVarint (b) {
- const [low, high] = decodeUvarint64(b)
+ const [low, high, bytes] = decodeUvarint64(b)
if (low === undefined || high === undefined) {
- return undefined
+ return [undefined, bytes]
}
const positive = (low & 1) === 0
const abs = (low >>> 1) + high * 0x80000000
- return positive ? abs : -abs
+ return [positive ? abs : -abs, bytes]
}
const maxVarLen64 = 9
@@ -50,7 +50,7 @@ function decodeUvarint64 (
let s = 0
for (let i = 0; ; i++) {
if (bytes.length <= i) {
- return [undefined, undefined]
+ return [undefined, undefined, bytes.slice(bytes.length)]
}
const n = bytes[i]
if (n < 0x80 || i === maxVarLen64 - 1) {
@@ -61,7 +61,7 @@ function decodeUvarint64 (
if (s > 0) {
high |= s - 32 > 0 ? n << (s - 32) : n >> (32 - s)
}
- return [low, high]
+ return [low, high, bytes]
}
if (s < 32) {
low |= (n & 0x7f) << s
diff --git a/packages/dd-trace/src/dcitm.js b/packages/dd-trace/src/dcitm.js
new file mode 100644
index 00000000000..8a61a4f36e8
--- /dev/null
+++ b/packages/dd-trace/src/dcitm.js
@@ -0,0 +1,51 @@
+'use strict'
+
+const dc = require('diagnostics_channel')
+
+const CHANNEL_PREFIX = 'dd-trace:bundledModuleLoadStart'
+
+if (!dc.subscribe) {
+ dc.subscribe = (channel, cb) => {
+ dc.channel(channel).subscribe(cb)
+ }
+}
+if (!dc.unsubscribe) {
+ dc.unsubscribe = (channel, cb) => {
+ if (dc.channel(channel).hasSubscribers) {
+ dc.channel(channel).unsubscribe(cb)
+ }
+ }
+}
+
+module.exports = DcitmHook
+
+/**
+ * This allows for listening to diagnostic channel events when a module is loaded.
+ * Currently it's intended use is for situations like when code runs through a bundler.
+ *
+ * Unlike RITM and IITM, which have files available on a filesystem at runtime, DCITM
+ * requires access to a package's version ahead of time as the package.json file likely
+ * won't be available.
+ *
+ * This function runs many times at startup, once for every module that dd-trace may trace.
+ * As it runs on a per-module basis we're creating per-module channels.
+ */
+function DcitmHook (moduleNames, options, onrequire) {
+ if (!(this instanceof DcitmHook)) return new DcitmHook(moduleNames, options, onrequire)
+
+ function onModuleLoad (payload) {
+ payload.module = onrequire(payload.module, payload.path, undefined, payload.version)
+ }
+
+ for (const moduleName of moduleNames) {
+ // dc.channel(`${CHANNEL_PREFIX}:${moduleName}`).subscribe(onModuleLoad)
+ dc.subscribe(`${CHANNEL_PREFIX}:${moduleName}`, onModuleLoad)
+ }
+
+ this.unhook = function dcitmUnload () {
+ for (const moduleName of moduleNames) {
+ // dc.channel(`${CHANNEL_PREFIX}:${moduleName}`).unsubscribe(onModuleLoad)
+ dc.unsubscribe(`${CHANNEL_PREFIX}:${moduleName}`, onModuleLoad)
+ }
+ }
+}
diff --git a/packages/dd-trace/src/opentracing/propagation/log.js b/packages/dd-trace/src/opentracing/propagation/log.js
index 81d01098458..957bfc113d2 100644
--- a/packages/dd-trace/src/opentracing/propagation/log.js
+++ b/packages/dd-trace/src/opentracing/propagation/log.js
@@ -14,7 +14,12 @@ class LogPropagator {
carrier.dd = {}
if (spanContext) {
- carrier.dd.trace_id = spanContext.toTraceId()
+ if (this._config.traceId128BitLoggingEnabled && spanContext._trace.tags['_dd.p.tid']) {
+ carrier.dd.trace_id = spanContext._trace.tags['_dd.p.tid'] + spanContext._traceId.toString(16)
+ } else {
+ carrier.dd.trace_id = spanContext.toTraceId()
+ }
+
carrier.dd.span_id = spanContext.toSpanId()
}
@@ -28,12 +33,23 @@ class LogPropagator {
return null
}
- const spanContext = new DatadogSpanContext({
- traceId: id(carrier.dd.trace_id, 10),
- spanId: id(carrier.dd.span_id, 10)
- })
-
- return spanContext
+ if (carrier.dd.trace_id.length === 32) {
+ const hi = carrier.dd.trace_id.substring(0, 16)
+ const lo = carrier.dd.trace_id.substring(16, 32)
+ const spanContext = new DatadogSpanContext({
+ traceId: id(lo, 16),
+ spanId: id(carrier.dd.span_id, 10)
+ })
+
+ spanContext._trace.tags['_dd.p.tid'] = hi
+
+ return spanContext
+ } else {
+ return new DatadogSpanContext({
+ traceId: id(carrier.dd.trace_id, 10),
+ spanId: id(carrier.dd.span_id, 10)
+ })
+ }
}
}
diff --git a/packages/dd-trace/src/opentracing/propagation/text_map.js b/packages/dd-trace/src/opentracing/propagation/text_map.js
index 7ed926efe07..e27f5c35eac 100644
--- a/packages/dd-trace/src/opentracing/propagation/text_map.js
+++ b/packages/dd-trace/src/opentracing/propagation/text_map.js
@@ -132,7 +132,7 @@ class TextMapPropagator {
const hasB3multi = this._hasPropagationStyle('inject', 'b3multi')
if (!(hasB3 || hasB3multi)) return
- carrier[b3TraceKey] = spanContext._traceId.toString(16)
+ carrier[b3TraceKey] = this._getB3TraceId(spanContext)
carrier[b3SpanKey] = spanContext._spanId.toString(16)
carrier[b3SampledKey] = spanContext._sampling.priority >= AUTO_KEEP ? '1' : '0'
@@ -149,7 +149,7 @@ class TextMapPropagator {
const hasB3SingleHeader = this._hasPropagationStyle('inject', 'b3 single header')
if (!hasB3SingleHeader) return null
- const traceId = spanContext._traceId.toString(16)
+ const traceId = this._getB3TraceId(spanContext)
const spanId = spanContext._spanId.toString(16)
const sampled = spanContext._sampling.priority >= AUTO_KEEP ? '1' : '0'
@@ -277,6 +277,8 @@ class TextMapPropagator {
spanContext._sampling.priority = priority
}
+ this._extract128BitTraceId(b3[b3TraceKey], spanContext)
+
return spanContext
}
@@ -321,6 +323,8 @@ class TextMapPropagator {
tracestate
})
+ this._extract128BitTraceId(traceId, spanContext)
+
tracestate.forVendor('dd', state => {
for (const [key, value] of state.entries()) {
switch (key) {
@@ -484,6 +488,20 @@ class TextMapPropagator {
}
}
+ _extract128BitTraceId (traceId, spanContext) {
+ if (!spanContext) return
+
+ const buffer = spanContext._traceId.toBuffer()
+
+ if (buffer.length !== 16) return
+
+ const tid = traceId.substring(0, 16)
+
+ if (tid === '0000000000000000') return
+
+ spanContext._trace.tags['_dd.p.tid'] = tid
+ }
+
_validateTagKey (key) {
return tagKeyExpr.test(key)
}
@@ -501,6 +519,14 @@ class TextMapPropagator {
return AUTO_REJECT
}
}
+
+ _getB3TraceId (spanContext) {
+ if (spanContext._traceId.toBuffer().length <= 8 && spanContext._trace.tags['_dd.p.tid']) {
+ return spanContext._trace.tags['_dd.p.tid'] + spanContext._traceId.toString(16)
+ }
+
+ return spanContext._traceId.toString(16)
+ }
}
module.exports = TextMapPropagator
diff --git a/packages/dd-trace/src/opentracing/span.js b/packages/dd-trace/src/opentracing/span.js
index 87343a1ab0f..80ed809ead3 100644
--- a/packages/dd-trace/src/opentracing/span.js
+++ b/packages/dd-trace/src/opentracing/span.js
@@ -39,7 +39,7 @@ class DatadogSpan {
// This is necessary for span count metrics.
this._name = operationName
- this._spanContext = this._createContext(parent)
+ this._spanContext = this._createContext(parent, fields)
this._spanContext._name = operationName
this._spanContext._tags = tags
this._spanContext._hostname = hostname
@@ -145,7 +145,7 @@ class DatadogSpan {
this._processor.process(this)
}
- _createContext (parent) {
+ _createContext (parent, fields) {
let spanContext
if (parent) {
@@ -158,16 +158,27 @@ class DatadogSpan {
trace: parent._trace,
tracestate: parent._tracestate
})
+
+ if (!spanContext._trace.startTime) {
+ spanContext._trace.startTime = dateNow()
+ }
} else {
const spanId = id()
+ const startTime = dateNow()
spanContext = new SpanContext({
traceId: spanId,
spanId
})
+ spanContext._trace.startTime = startTime
+
+ if (fields.traceId128BitGenerationEnabled) {
+ spanContext._trace.tags['_dd.p.tid'] = Math.floor(startTime / 1000).toString(16)
+ .padStart(8, '0')
+ .padEnd(16, '0')
+ }
}
spanContext._trace.started.push(this)
- spanContext._trace.startTime = spanContext._trace.startTime || dateNow()
spanContext._trace.ticks = spanContext._trace.ticks || now()
return spanContext
diff --git a/packages/dd-trace/src/opentracing/span_context.js b/packages/dd-trace/src/opentracing/span_context.js
index 1f87fee0e16..95acf243205 100644
--- a/packages/dd-trace/src/opentracing/span_context.js
+++ b/packages/dd-trace/src/opentracing/span_context.js
@@ -34,7 +34,9 @@ class DatadogSpanContext {
toTraceparent () {
const flags = this._sampling.priority >= AUTO_KEEP ? '01' : '00'
- const traceId = this._traceId.toString(16).padStart(32, '0')
+ const traceId = this._traceId.toBuffer().length <= 8 && this._trace.tags['_dd.p.tid']
+ ? this._trace.tags['_dd.p.tid'] + this._traceId.toString(16).padStart(16, '0')
+ : this._traceId.toString(16).padStart(32, '0')
const spanId = this._spanId.toString(16).padStart(16, '0')
const version = (this._traceparent && this._traceparent.version) || '00'
return `${version}-${traceId}-${spanId}-${flags}`
diff --git a/packages/dd-trace/src/opentracing/tracer.js b/packages/dd-trace/src/opentracing/tracer.js
index 15b96eab509..7efd65c2097 100644
--- a/packages/dd-trace/src/opentracing/tracer.js
+++ b/packages/dd-trace/src/opentracing/tracer.js
@@ -33,6 +33,7 @@ class DatadogTracer {
this._processor = new SpanProcessor(this._exporter, this._prioritySampler, config)
this._url = this._exporter._url
this._enableGetRumData = config.experimental.enableGetRumData
+ this._traceId128BitGenerationEnabled = config.traceId128BitGenerationEnabled
this._propagators = {
[formats.TEXT_MAP]: new TextMapPropagator(config),
[formats.HTTP_HEADERS]: new HttpPropagator(config),
@@ -58,7 +59,8 @@ class DatadogTracer {
parent,
tags,
startTime: options.startTime,
- hostname: this._hostname
+ hostname: this._hostname,
+ traceId128BitGenerationEnabled: this._traceId128BitGenerationEnabled
}, this._debug)
span.addTags(this._tags)
diff --git a/packages/dd-trace/test/appsec/blocking.spec.js b/packages/dd-trace/test/appsec/blocking.spec.js
index 171fc53fb03..a300a0791c8 100644
--- a/packages/dd-trace/test/appsec/blocking.spec.js
+++ b/packages/dd-trace/test/appsec/blocking.spec.js
@@ -3,15 +3,20 @@
const { AbortController } = require('node-abort-controller')
describe('blocking', () => {
+ const defaultBlockedTemplate = {
+ html: 'block test',
+ json: '{ "block": true }'
+ }
+
const config = {
appsec: {
- blockedTemplateHtml: 'htmlPath',
- blockedTemplateJson: 'jsonPath'
+ blockedTemplateHtml: 'htmlBodyéé',
+ blockedTemplateJson: 'jsonBody'
}
}
- let log, fs
- let block, loadTemplates, loadTemplatesAsync, resetTemplates
+ let log
+ let block, setTemplates
let req, res, rootSpan
beforeEach(() => {
@@ -19,22 +24,13 @@ describe('blocking', () => {
warn: sinon.stub()
}
- fs = {
- readFileSync: sinon.stub().callsFake(getBody),
- promises: {
- readFile: sinon.stub()
- }
- }
-
const blocking = proxyquire('../src/appsec/blocking', {
'../log': log,
- fs
+ './blocked_templates': defaultBlockedTemplate
})
block = blocking.block
- loadTemplates = blocking.loadTemplates
- loadTemplatesAsync = blocking.loadTemplatesAsync
- resetTemplates = blocking.resetTemplates
+ setTemplates = blocking.setTemplates
req = {
headers: {}
@@ -52,11 +48,7 @@ describe('blocking', () => {
describe('block', () => {
beforeEach(() => {
- loadTemplates(config)
- })
-
- afterEach(() => {
- resetTemplates()
+ setTemplates(config)
})
it('should log warn and not send blocking response when headers have already been sent', () => {
@@ -115,118 +107,29 @@ describe('blocking', () => {
})
})
- describe('loadTemplates', () => {
- afterEach(() => {
- resetTemplates()
- })
-
- describe('sync', () => {
- it('should not read templates more than once if templates are already loaded', () => {
- loadTemplates(config)
-
- expect(fs.readFileSync).to.have.been.calledTwice
- expect(fs.readFileSync.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.readFileSync.secondCall).to.have.been.calledWithExactly('jsonPath')
-
- fs.readFileSync.resetHistory()
-
- loadTemplates(config)
- loadTemplates(config)
-
- expect(fs.readFileSync).to.not.have.been.called
- })
-
- it('should read templates twice if resetTemplates is called', () => {
- loadTemplates(config)
-
- expect(fs.readFileSync).to.have.been.calledTwice
- expect(fs.readFileSync.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.readFileSync.secondCall).to.have.been.calledWithExactly('jsonPath')
-
- fs.readFileSync.resetHistory()
- resetTemplates()
-
- loadTemplates(config)
-
- expect(fs.readFileSync).to.have.been.calledTwice
- expect(fs.readFileSync.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.readFileSync.secondCall).to.have.been.calledWithExactly('jsonPath')
- })
- })
-
- describe('async', () => {
- it('should not read templates more than once if templates are already loaded', async () => {
- await loadTemplatesAsync(config)
-
- expect(fs.promises.readFile).to.have.been.calledTwice
- expect(fs.promises.readFile.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.promises.readFile.secondCall).to.have.been.calledWithExactly('jsonPath')
-
- fs.promises.readFile.resetHistory()
-
- await loadTemplatesAsync(config)
- await loadTemplatesAsync(config)
-
- expect(fs.promises.readFile).to.not.have.been.called
- })
-
- it('should read templates twice if resetTemplates is called', async () => {
- await loadTemplatesAsync(config)
-
- expect(fs.promises.readFile).to.have.been.calledTwice
- expect(fs.promises.readFile.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.promises.readFile.secondCall).to.have.been.calledWithExactly('jsonPath')
+ describe('block with default templates', () => {
+ const config = {
+ appsec: {
+ blockedTemplateHtml: undefined,
+ blockedTemplateJson: undefined
+ }
+ }
- fs.promises.readFile.resetHistory()
- resetTemplates()
+ it('should block with default html template', () => {
+ req.headers.accept = 'text/html'
+ setTemplates(config)
- await loadTemplatesAsync(config)
+ block(req, res, rootSpan)
- expect(fs.promises.readFile).to.have.been.calledTwice
- expect(fs.promises.readFile.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.promises.readFile.secondCall).to.have.been.calledWithExactly('jsonPath')
- })
+ expect(res.end).to.have.been.calledOnceWithExactly(defaultBlockedTemplate.html)
})
- describe('mixed sync/async', () => {
- it('should not read templates more than once if templates are already loaded', () => {
- loadTemplates(config)
+ it('should block with default json template', () => {
+ setTemplates(config)
- expect(fs.readFileSync).to.have.been.calledTwice
- expect(fs.readFileSync.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.readFileSync.secondCall).to.have.been.calledWithExactly('jsonPath')
-
- fs.readFileSync.resetHistory()
-
- loadTemplatesAsync(config)
- loadTemplatesAsync(config)
-
- expect(fs.readFileSync).to.not.have.been.called
- expect(fs.promises.readFile).to.not.have.been.called
- })
-
- it('should read templates twice if resetTemplates is called', async () => {
- loadTemplates(config)
-
- expect(fs.readFileSync).to.have.been.calledTwice
- expect(fs.readFileSync.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.readFileSync.secondCall).to.have.been.calledWithExactly('jsonPath')
-
- fs.readFileSync.resetHistory()
- resetTemplates()
-
- await loadTemplatesAsync(config)
+ block(req, res, rootSpan)
- expect(fs.readFileSync).to.not.have.been.called
- expect(fs.promises.readFile).to.have.been.calledTwice
- expect(fs.promises.readFile.firstCall).to.have.been.calledWithExactly('htmlPath')
- expect(fs.promises.readFile.secondCall).to.have.been.calledWithExactly('jsonPath')
- })
+ expect(res.end).to.have.been.calledOnceWithExactly(defaultBlockedTemplate.json)
})
})
})
-
-function getBody (path) {
- if (path === 'htmlPath') return 'htmlBodyéé'
- if (path === 'jsonPath') return 'jsonBody'
-}
diff --git a/packages/dd-trace/test/appsec/iast/analyzers/command-injection-analyzer.spec.js b/packages/dd-trace/test/appsec/iast/analyzers/command-injection-analyzer.spec.js
index 378d81dde78..248a310ab90 100644
--- a/packages/dd-trace/test/appsec/iast/analyzers/command-injection-analyzer.spec.js
+++ b/packages/dd-trace/test/appsec/iast/analyzers/command-injection-analyzer.spec.js
@@ -1,6 +1,5 @@
'use strict'
-const childProcess = require('child_process')
const { prepareTestServerForIast } = require('../utils')
const { storage } = require('../../../../../datadog-core')
const iastContextFunctions = require('../../../../src/appsec/iast/iast-context')
@@ -13,10 +12,12 @@ describe('command injection analyzer', () => {
const store = storage.getStore()
const iastContext = iastContextFunctions.getIastContext(store)
const command = newTaintedString(iastContext, 'ls -la', 'param', 'Request')
+ const childProcess = require('child_process')
childProcess.execSync(command)
}, 'COMMAND_INJECTION')
testThatRequestHasNoVulnerability(() => {
+ const childProcess = require('child_process')
childProcess.execSync('ls -la')
}, 'COMMAND_INJECTION')
})
diff --git a/packages/dd-trace/test/appsec/iast/analyzers/path-traversal-analyzer.spec.js b/packages/dd-trace/test/appsec/iast/analyzers/path-traversal-analyzer.spec.js
index 4ce4528f395..d419c1cb91c 100644
--- a/packages/dd-trace/test/appsec/iast/analyzers/path-traversal-analyzer.spec.js
+++ b/packages/dd-trace/test/appsec/iast/analyzers/path-traversal-analyzer.spec.js
@@ -71,7 +71,7 @@ describe('path-traversal-analyzer', () => {
})
proxyPathAnalyzer._isVulnerable(undefined, iastContext)
- expect(isTainted).to.have.been.callCount(0)
+ expect(isTainted).not.to.have.been.called
})
it('if context and value are valid it should call isTainted', () => {
@@ -134,6 +134,27 @@ describe('path-traversal-analyzer', () => {
expect(addVulnerability).to.have.been.calledOnce
expect(addVulnerability).to.have.been.calledWithMatch(iastContext, { evidence: { value: 'taintedArg2' } })
})
+
+ it('Should not report the vulnerability if it comes from send module', () => {
+ const mockPath = path.join('node_modules', 'send', 'send.js')
+ const proxyPathAnalyzer = proxyquire('../../../../src/appsec/iast/analyzers/path-traversal-analyzer', {
+ './injection-analyzer': InjectionAnalyzer,
+ '../iast-context': { getIastContext: () => iastContext }
+ })
+
+ proxyPathAnalyzer._getLocation = function () {
+ return { path: mockPath, line: 3 }
+ }
+
+ addVulnerability.reset()
+ TaintTrackingMock.isTainted.reset()
+ getIastContext.returns(iastContext)
+ TaintTrackingMock.isTainted.returns(true)
+ hasQuota.returns(true)
+
+ proxyPathAnalyzer.analyze(['arg1'])
+ expect(addVulnerability).not.have.been.called
+ })
})
prepareTestServerForIast('integration test', (testThatRequestHasVulnerability, testThatRequestHasNoVulnerability) => {
diff --git a/packages/dd-trace/test/appsec/iast/taint-tracking/index.spec.js b/packages/dd-trace/test/appsec/iast/taint-tracking/index.spec.js
index c3f1ef94c95..5b7ca0e3dae 100644
--- a/packages/dd-trace/test/appsec/iast/taint-tracking/index.spec.js
+++ b/packages/dd-trace/test/appsec/iast/taint-tracking/index.spec.js
@@ -5,6 +5,12 @@ const proxyquire = require('proxyquire')
describe('IAST TaintTracking', () => {
let taintTracking
+ const config = {
+ iast: {
+ maxConcurrentRequests: 2
+ }
+ }
+
const rewriter = {
enableRewriter: sinon.spy(),
disableRewriter: sinon.spy()
@@ -12,7 +18,8 @@ describe('IAST TaintTracking', () => {
const taintTrackingOperations = {
enableTaintOperations: sinon.spy(),
- disableTaintOperations: sinon.spy()
+ disableTaintOperations: sinon.spy(),
+ setMaxTransactions: sinon.spy()
}
const taintTrackingPlugin = {
@@ -31,10 +38,12 @@ describe('IAST TaintTracking', () => {
afterEach(sinon.restore)
it('Should enable rewriter, taint tracking operations and plugin', () => {
- taintTracking.enableTaintTracking()
+ taintTracking.enableTaintTracking(config.iast)
expect(rewriter.enableRewriter).to.be.calledOnce
expect(taintTrackingOperations.enableTaintOperations).to.be.calledOnce
expect(taintTrackingPlugin.enable).to.be.calledOnce
+ expect(taintTrackingOperations.setMaxTransactions)
+ .to.have.been.calledOnceWithExactly(config.iast.maxConcurrentRequests)
})
it('Should disable both rewriter, taint tracking operations, plugin', () => {
diff --git a/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-impl.spec.js b/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-impl.spec.js
index fc491268f7f..03994deff5f 100644
--- a/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-impl.spec.js
+++ b/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-impl.spec.js
@@ -2,7 +2,6 @@
const fs = require('fs')
const path = require('path')
-const childProcess = require('child_process')
const { prepareTestServerForIast, copyFileToTmp } = require('../utils')
const { storage } = require('../../../../../datadog-core')
@@ -73,6 +72,7 @@ describe('TaintTracking', () => {
expect(commandResult).eq(commandResultOrig)
try {
+ const childProcess = require('child_process')
childProcess.execSync(commandResult, { stdio: 'ignore' })
} catch (e) {
// do nothing
diff --git a/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-operations.spec.js b/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-operations.spec.js
index b2e243f69f8..499754e61e4 100644
--- a/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-operations.spec.js
+++ b/packages/dd-trace/test/appsec/iast/taint-tracking/taint-tracking-operations.spec.js
@@ -11,6 +11,7 @@ describe('IAST TaintTracking Operations', () => {
const taintedUtils = {
createTransaction: id => id,
removeTransaction: id => id,
+ setMaxTransactions: () => {},
newTaintedString: id => id,
isTainted: id => id,
getRanges: id => id,
@@ -101,6 +102,20 @@ describe('IAST TaintTracking Operations', () => {
})
})
+ describe('SetMaxTransactions', () => {
+ it('Given a number of concurrent transactions should call setMaxTransactions', () => {
+ const transactions = 3
+
+ taintTrackingOperations.setMaxTransactions(transactions)
+ expect(taintedUtils.setMaxTransactions).to.have.been.calledOnceWithExactly(transactions)
+ })
+
+ it('Given undefined as a number of concurrent transactions should not call setMaxTransactions', () => {
+ taintTrackingOperations.setMaxTransactions()
+ expect(taintedUtils.setMaxTransactions).not.to.have.been.called
+ })
+ })
+
describe('enableTaintTracking', () => {
beforeEach(() => {
iastContextFunctions.saveIastContext(
diff --git a/packages/dd-trace/test/appsec/iast/utils.js b/packages/dd-trace/test/appsec/iast/utils.js
index 225c9aafcb6..bfa1117067e 100644
--- a/packages/dd-trace/test/appsec/iast/utils.js
+++ b/packages/dd-trace/test/appsec/iast/utils.js
@@ -169,6 +169,7 @@ function prepareTestServerForIast (description, tests) {
function testThatRequestHasVulnerability (fn, vulnerability) {
it(`should have ${vulnerability} vulnerability`, function (done) {
+ this.timeout(5000)
app = fn
agent
.use(traces => {
diff --git a/packages/dd-trace/test/appsec/index.spec.js b/packages/dd-trace/test/appsec/index.spec.js
index 0ee02d7f733..ea5d3d9b804 100644
--- a/packages/dd-trace/test/appsec/index.spec.js
+++ b/packages/dd-trace/test/appsec/index.spec.js
@@ -1,7 +1,5 @@
'use strict'
-const fs = require('fs')
-const path = require('path')
const proxyquire = require('proxyquire')
const log = require('../../src/log')
const RuleManager = require('../../src/appsec/rule_manager')
@@ -15,24 +13,28 @@ const agent = require('../plugins/agent')
const Config = require('../../src/config')
const axios = require('axios')
const getPort = require('get-port')
-const { resetTemplates } = require('../../src/appsec/blocking')
+
+const blockedTemplate = require('../../src/appsec/blocked_templates')
describe('AppSec Index', () => {
let config
let AppSec
let web
+ let blocking
+
+ const RULES = { rules: [{ a: 1 }] }
beforeEach(() => {
config = {
appsec: {
enabled: true,
- rules: './path/rules.json',
+ rules: RULES,
rateLimit: 42,
wafTimeout: 42,
obfuscatorKeyRegex: '.*',
obfuscatorValueRegex: '.*',
- blockedTemplateHtml: path.join(__dirname, '..', '..', 'src', 'appsec', 'templates', 'blocked.html'),
- blockedTemplateJson: path.join(__dirname, '..', '..', 'src', 'appsec', 'templates', 'blocked.json')
+ blockedTemplateHtml: blockedTemplate.html,
+ blockedTemplateJson: blockedTemplate.json
}
}
@@ -40,14 +42,15 @@ describe('AppSec Index', () => {
root: sinon.stub()
}
+ blocking = {
+ setTemplates: sinon.stub()
+ }
+
AppSec = proxyquire('../../src/appsec', {
- '../plugins/util/web': web
+ '../plugins/util/web': web,
+ './blocking': blocking
})
- resetTemplates()
-
- sinon.stub(fs, 'readFileSync').returns('{"rules": [{"a": 1}]}')
- sinon.stub(fs.promises, 'readFile').returns('{"rules": [{"a": 1}]}')
sinon.stub(RuleManager, 'applyRules')
sinon.stub(remoteConfig, 'enableAsmData')
sinon.stub(remoteConfig, 'disableAsmData')
@@ -66,10 +69,8 @@ describe('AppSec Index', () => {
AppSec.enable(config)
AppSec.enable(config)
- expect(fs.readFileSync).to.have.been.calledWithExactly('./path/rules.json')
- expect(fs.readFileSync).to.have.been.calledWithExactly(config.appsec.blockedTemplateHtml)
- expect(fs.readFileSync).to.have.been.calledWithExactly(config.appsec.blockedTemplateJson)
- expect(RuleManager.applyRules).to.have.been.calledOnceWithExactly({ rules: [{ a: 1 }] }, config.appsec)
+ expect(blocking.setTemplates).to.have.been.calledOnceWithExactly(config)
+ expect(RuleManager.applyRules).to.have.been.calledOnceWithExactly(RULES, config.appsec)
expect(remoteConfig.enableAsmData).to.have.been.calledOnce
expect(Reporter.setRateLimit).to.have.been.calledOnceWithExactly(42)
expect(incomingHttpRequestStart.subscribe)
@@ -102,49 +103,6 @@ describe('AppSec Index', () => {
})
})
- describe('enableAsync', () => {
- it('should enable AppSec only once', async () => {
- await AppSec.enableAsync(config)
- await AppSec.enableAsync(config)
-
- expect(fs.readFileSync).not.to.have.been.called
- expect(fs.promises.readFile).to.have.been.calledThrice
- expect(fs.promises.readFile).to.have.been.calledWithExactly('./path/rules.json')
- expect(fs.promises.readFile).to.have.been.calledWithExactly(config.appsec.blockedTemplateHtml)
- expect(fs.promises.readFile).to.have.been.calledWithExactly(config.appsec.blockedTemplateJson)
- expect(RuleManager.applyRules).to.have.been.calledOnceWithExactly({ rules: [{ a: 1 }] }, config.appsec)
- expect(remoteConfig.enableAsmData).to.have.been.calledOnce
- expect(Reporter.setRateLimit).to.have.been.calledOnceWithExactly(42)
- expect(incomingHttpRequestStart.subscribe)
- .to.have.been.calledOnceWithExactly(AppSec.incomingHttpStartTranslator)
- expect(incomingHttpRequestEnd.subscribe).to.have.been.calledOnceWithExactly(AppSec.incomingHttpEndTranslator)
- expect(Gateway.manager.addresses).to.have.all.keys(
- addresses.HTTP_INCOMING_HEADERS,
- addresses.HTTP_INCOMING_ENDPOINT,
- addresses.HTTP_INCOMING_RESPONSE_HEADERS,
- addresses.HTTP_INCOMING_REMOTE_IP
- )
- })
-
- it('should log when enable fails', async () => {
- sinon.stub(log, 'error')
- RuleManager.applyRules.restore()
-
- const err = new Error('Invalid Rules')
- sinon.stub(RuleManager, 'applyRules').throws(err)
-
- await AppSec.enableAsync(config)
-
- expect(log.error).to.have.been.calledTwice
- expect(log.error.firstCall).to.have.been.calledWithExactly('Unable to start AppSec')
- expect(log.error.secondCall).to.have.been.calledWithExactly(err)
- expect(remoteConfig.disableAsmData).to.have.been.calledOnce
- expect(incomingHttpRequestStart.subscribe).to.not.have.been.called
- expect(incomingHttpRequestEnd.subscribe).to.not.have.been.called
- expect(Gateway.manager.addresses).to.be.empty
- })
- })
-
describe('disable', () => {
it('should disable AppSec', () => {
// we need real DC for this test
@@ -481,7 +439,6 @@ describe('IP blocking', () => {
})
afterEach(() => {
appsec.disable()
- resetTemplates()
})
describe('do not block the request', () => {
@@ -521,11 +478,8 @@ describe('IP blocking', () => {
})
describe(`block - ip in header ${ipHeader}`, () => {
- const templatesPath = path.join(__dirname, '..', '..', 'src', 'appsec', 'templates')
- const htmlDefaultContent = fs.readFileSync(path.join(templatesPath, 'blocked.html'), 'utf8').toString()
- const jsonDefaultContent = JSON.parse(
- fs.readFileSync(path.join(templatesPath, 'blocked.json'), 'utf8').toString()
- )
+ const htmlDefaultContent = blockedTemplate.html
+ const jsonDefaultContent = JSON.parse(blockedTemplate.json)
it('should block the request with JSON content if no headers', async () => {
await axios.get(`http://localhost:${port}/`, {
diff --git a/packages/dd-trace/test/appsec/remote_config/index.spec.js b/packages/dd-trace/test/appsec/remote_config/index.spec.js
index 592bf5a5ea3..642364052c7 100644
--- a/packages/dd-trace/test/appsec/remote_config/index.spec.js
+++ b/packages/dd-trace/test/appsec/remote_config/index.spec.js
@@ -26,7 +26,6 @@ describe('Remote Config enable', () => {
appsec = {
enable: sinon.spy(),
- enableAsync: sinon.spy(() => Promise.resolve()),
disable: sinon.spy()
}
@@ -76,15 +75,13 @@ describe('Remote Config enable', () => {
it('should enable appsec when listener is called with apply and enabled', () => {
listener('apply', { asm: { enabled: true } })
- expect(appsec.enable).to.not.have.been.called
- expect(appsec.enableAsync).to.have.been.calledOnceWithExactly(config)
+ expect(appsec.enable).to.have.been.calledOnceWithExactly(config)
})
it('should enable appsec when listener is called with modify and enabled', () => {
listener('modify', { asm: { enabled: true } })
- expect(appsec.enable).to.not.have.been.called
- expect(appsec.enableAsync).to.have.been.calledOnceWithExactly(config)
+ expect(appsec.enable).to.have.been.calledOnceWithExactly(config)
})
it('should disable appsec when listener is called with unnaply and enabled', () => {
@@ -96,7 +93,6 @@ describe('Remote Config enable', () => {
it('should not do anything when listener is called with apply and malformed data', () => {
listener('apply', {})
- expect(appsec.enableAsync).to.not.have.been.called
expect(appsec.enable).to.not.have.been.called
expect(appsec.disable).to.not.have.been.called
})
diff --git a/packages/dd-trace/test/appsec/sdk/index.spec.js b/packages/dd-trace/test/appsec/sdk/index.spec.js
index a18b8c1563c..6f54920e85e 100644
--- a/packages/dd-trace/test/appsec/sdk/index.spec.js
+++ b/packages/dd-trace/test/appsec/sdk/index.spec.js
@@ -4,7 +4,7 @@ const proxyquire = require('proxyquire')
describe('Appsec SDK', () => {
let trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent
- let checkUserAndSetUser, blockRequest, setUser, loadTemplates
+ let checkUserAndSetUser, blockRequest, setUser, setTemplates
let appsecSdk
const tracer = {}
const config = {}
@@ -15,21 +15,21 @@ describe('Appsec SDK', () => {
trackCustomEvent = sinon.stub()
checkUserAndSetUser = sinon.stub()
blockRequest = sinon.stub()
- loadTemplates = sinon.stub()
+ setTemplates = sinon.stub()
setUser = sinon.stub()
const AppsecSdk = proxyquire('../../../src/appsec/sdk', {
'./track_event': { trackUserLoginSuccessEvent, trackUserLoginFailureEvent, trackCustomEvent },
'./user_blocking': { checkUserAndSetUser, blockRequest },
- '../blocking': { loadTemplates },
+ '../blocking': { setTemplates },
'./set_user': { setUser }
})
appsecSdk = new AppsecSdk(tracer, config)
})
- it('should call loadTemplates when instanciated', () => {
- expect(loadTemplates).to.have.been.calledOnceWithExactly(config)
+ it('should call setTemplates when instanciated', () => {
+ expect(setTemplates).to.have.been.calledOnceWithExactly(config)
})
it('trackUserLoginSuccessEvent should call internal function with proper params', () => {
diff --git a/packages/dd-trace/test/config.spec.js b/packages/dd-trace/test/config.spec.js
index d9edb1f1f8c..4fd27f68924 100644
--- a/packages/dd-trace/test/config.spec.js
+++ b/packages/dd-trace/test/config.spec.js
@@ -3,7 +3,8 @@
require('./setup/tap')
const { expect } = require('chai')
-const path = require('path')
+const { readFileSync } = require('fs')
+
describe('Config', () => {
let Config
let log
@@ -15,6 +16,15 @@ describe('Config', () => {
let existsSyncReturn
let osType
+ const RECOMMENDED_JSON_PATH = require.resolve('../src/appsec/recommended.json')
+ const RECOMMENDED_JSON = require(RECOMMENDED_JSON_PATH)
+ const RULES_JSON_PATH = require.resolve('./fixtures/config/appsec-rules.json')
+ const RULES_JSON = require(RULES_JSON_PATH)
+ const BLOCKED_TEMPLATE_HTML_PATH = require.resolve('./fixtures/config/appsec-blocked-template.html')
+ const BLOCKED_TEMPLATE_HTML = readFileSync(BLOCKED_TEMPLATE_HTML_PATH, { encoding: 'utf8' })
+ const BLOCKED_TEMPLATE_JSON_PATH = require.resolve('./fixtures/config/appsec-blocked-template.json')
+ const BLOCKED_TEMPLATE_JSON = readFileSync(BLOCKED_TEMPLATE_JSON_PATH, { encoding: 'utf8' })
+
beforeEach(() => {
pkg = {
name: '',
@@ -24,7 +34,8 @@ describe('Config', () => {
log = {
use: sinon.spy(),
toggle: sinon.spy(),
- warn: sinon.spy()
+ warn: sinon.spy(),
+ error: sinon.spy()
}
env = process.env
@@ -77,6 +88,8 @@ describe('Config', () => {
expect(config).to.have.property('reportHostname', false)
expect(config).to.have.property('scope', undefined)
expect(config).to.have.property('logLevel', 'debug')
+ expect(config).to.have.property('traceId128BitGenerationEnabled', false)
+ expect(config).to.have.property('traceId128BitLoggingEnabled', false)
expect(config).to.have.deep.property('serviceMapping', {})
expect(config).to.have.nested.deep.property('tracePropagationStyle.inject', ['tracecontext', 'datadog'])
expect(config).to.have.nested.deep.property('tracePropagationStyle.extract', ['tracecontext', 'datadog'])
@@ -84,11 +97,13 @@ describe('Config', () => {
expect(config).to.have.nested.property('experimental.exporter', undefined)
expect(config).to.have.nested.property('experimental.enableGetRumData', false)
expect(config).to.have.nested.property('appsec.enabled', undefined)
- expect(config).to.have.nested.property('appsec.rules', undefined)
+ expect(config).to.have.nested.property('appsec.rules', RECOMMENDED_JSON)
expect(config).to.have.nested.property('appsec.rateLimit', 100)
expect(config).to.have.nested.property('appsec.wafTimeout', 5e3)
expect(config).to.have.nested.property('appsec.obfuscatorKeyRegex').with.length(155)
expect(config).to.have.nested.property('appsec.obfuscatorValueRegex').with.length(443)
+ expect(config).to.have.nested.property('appsec.blockedTemplateHtml', undefined)
+ expect(config).to.have.nested.property('appsec.blockedTemplateJson', undefined)
expect(config).to.have.nested.property('remoteConfig.enabled', true)
expect(config).to.have.nested.property('remoteConfig.pollInterval', 5)
expect(config).to.have.nested.property('iast.enabled', false)
@@ -161,11 +176,13 @@ describe('Config', () => {
process.env.DD_TRACE_EXPERIMENTAL_GET_RUM_DATA_ENABLED = 'true'
process.env.DD_TRACE_EXPERIMENTAL_INTERNAL_ERRORS_ENABLED = 'true'
process.env.DD_APPSEC_ENABLED = 'true'
- process.env.DD_APPSEC_RULES = './path/rules.json'
+ process.env.DD_APPSEC_RULES = RULES_JSON_PATH
process.env.DD_APPSEC_TRACE_RATE_LIMIT = '42'
process.env.DD_APPSEC_WAF_TIMEOUT = '42'
process.env.DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP = '.*'
process.env.DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP = '.*'
+ process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML = BLOCKED_TEMPLATE_HTML_PATH
+ process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON = BLOCKED_TEMPLATE_JSON_PATH
process.env.DD_REMOTE_CONFIGURATION_ENABLED = 'false'
process.env.DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS = '42'
process.env.DD_IAST_ENABLED = 'true'
@@ -173,6 +190,8 @@ describe('Config', () => {
process.env.DD_IAST_MAX_CONCURRENT_REQUESTS = '3'
process.env.DD_IAST_MAX_CONTEXT_OPERATIONS = '4'
process.env.DD_IAST_DEDUPLICATION_ENABLED = false
+ process.env.DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED = 'true'
+ process.env.DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED = 'true'
const config = new Config()
@@ -191,6 +210,8 @@ describe('Config', () => {
expect(config).to.have.property('reportHostname', true)
expect(config).to.have.property('env', 'test')
expect(config).to.have.property('sampleRate', 0.5)
+ expect(config).to.have.property('traceId128BitGenerationEnabled', true)
+ expect(config).to.have.property('traceId128BitLoggingEnabled', true)
expect(config.tags).to.include({ foo: 'bar', baz: 'qux' })
expect(config.tags).to.include({ service: 'service', 'version': '1.0.0', 'env': 'test' })
expect(config).to.have.deep.nested.property('sampler', {
@@ -219,11 +240,13 @@ describe('Config', () => {
expect(config).to.have.nested.property('experimental.exporter', 'log')
expect(config).to.have.nested.property('experimental.enableGetRumData', true)
expect(config).to.have.nested.property('appsec.enabled', true)
- expect(config).to.have.nested.property('appsec.rules', './path/rules.json')
+ expect(config).to.have.nested.deep.property('appsec.rules', RULES_JSON)
expect(config).to.have.nested.property('appsec.rateLimit', 42)
expect(config).to.have.nested.property('appsec.wafTimeout', 42)
expect(config).to.have.nested.property('appsec.obfuscatorKeyRegex', '.*')
expect(config).to.have.nested.property('appsec.obfuscatorValueRegex', '.*')
+ expect(config).to.have.nested.property('appsec.blockedTemplateHtml', BLOCKED_TEMPLATE_HTML)
+ expect(config).to.have.nested.property('appsec.blockedTemplateJson', BLOCKED_TEMPLATE_JSON)
expect(config).to.have.nested.property('remoteConfig.enabled', false)
expect(config).to.have.nested.property('remoteConfig.pollInterval', 42)
expect(config).to.have.nested.property('iast.enabled', true)
@@ -348,7 +371,9 @@ describe('Config', () => {
appsec: false,
remoteConfig: {
pollInterval: 42
- }
+ },
+ traceId128BitGenerationEnabled: true,
+ traceId128BitLoggingEnabled: true
})
expect(config).to.have.property('protocolVersion', '0.5')
@@ -374,6 +399,8 @@ describe('Config', () => {
expect(config).to.have.property('reportHostname', true)
expect(config).to.have.property('plugins', false)
expect(config).to.have.property('logLevel', logLevel)
+ expect(config).to.have.property('traceId128BitGenerationEnabled', true)
+ expect(config).to.have.property('traceId128BitLoggingEnabled', true)
expect(config).to.have.property('tags')
expect(config.tags).to.have.property('foo', 'bar')
expect(config.tags).to.have.property('runtime-id')
@@ -508,13 +535,17 @@ describe('Config', () => {
process.env.DD_TRACE_EXPERIMENTAL_GET_RUM_DATA_ENABLED = 'true'
process.env.DD_TRACE_EXPERIMENTAL_INTERNAL_ERRORS_ENABLED = 'true'
process.env.DD_APPSEC_ENABLED = 'false'
- process.env.DD_APPSEC_RULES = 'something'
+ process.env.DD_APPSEC_RULES = RECOMMENDED_JSON_PATH
process.env.DD_APPSEC_TRACE_RATE_LIMIT = 11
process.env.DD_APPSEC_WAF_TIMEOUT = 11
process.env.DD_APPSEC_OBFUSCATION_PARAMETER_KEY_REGEXP = '^$'
process.env.DD_APPSEC_OBFUSCATION_PARAMETER_VALUE_REGEXP = '^$'
+ process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_HTML = BLOCKED_TEMPLATE_JSON // note the inversion between
+ process.env.DD_APPSEC_HTTP_BLOCKED_TEMPLATE_JSON = BLOCKED_TEMPLATE_HTML // json and html here
process.env.DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS = 11
process.env.DD_IAST_ENABLED = 'false'
+ process.env.DD_TRACE_128_BIT_TRACEID_GENERATION_ENABLED = 'true'
+ process.env.DD_TRACE_128_BIT_TRACEID_LOGGING_ENABLED = 'true'
const config = new Config({
protocolVersion: '0.5',
@@ -555,17 +586,19 @@ describe('Config', () => {
},
appsec: {
enabled: true,
- rules: './path/rules.json',
+ rules: RULES_JSON_PATH,
rateLimit: 42,
wafTimeout: 42,
obfuscatorKeyRegex: '.*',
obfuscatorValueRegex: '.*',
- blockedTemplateHtml: __filename,
- blockedTemplateJson: __filename
+ blockedTemplateHtml: BLOCKED_TEMPLATE_HTML_PATH,
+ blockedTemplateJson: BLOCKED_TEMPLATE_JSON_PATH
},
remoteConfig: {
pollInterval: 42
- }
+ },
+ traceId128BitGenerationEnabled: false,
+ traceId128BitLoggingEnabled: false
})
expect(config).to.have.property('protocolVersion', '0.5')
@@ -583,6 +616,8 @@ describe('Config', () => {
expect(config).to.have.property('env', 'development')
expect(config).to.have.property('clientIpEnabled', true)
expect(config).to.have.property('clientIpHeader', 'x-true-client-ip')
+ expect(config).to.have.property('traceId128BitGenerationEnabled', false)
+ expect(config).to.have.property('traceId128BitLoggingEnabled', false)
expect(config.tags).to.include({ foo: 'foo', baz: 'qux' })
expect(config.tags).to.include({ service: 'test', version: '1.0.0', env: 'development' })
expect(config).to.have.deep.property('serviceMapping', { b: 'bb' })
@@ -592,13 +627,13 @@ describe('Config', () => {
expect(config).to.have.nested.property('experimental.exporter', 'agent')
expect(config).to.have.nested.property('experimental.enableGetRumData', false)
expect(config).to.have.nested.property('appsec.enabled', true)
- expect(config).to.have.nested.property('appsec.rules', './path/rules.json')
+ expect(config).to.have.nested.deep.property('appsec.rules', RULES_JSON)
expect(config).to.have.nested.property('appsec.rateLimit', 42)
expect(config).to.have.nested.property('appsec.wafTimeout', 42)
expect(config).to.have.nested.property('appsec.obfuscatorKeyRegex', '.*')
expect(config).to.have.nested.property('appsec.obfuscatorValueRegex', '.*')
- expect(config).to.have.nested.property('appsec.blockedTemplateHtml', __filename)
- expect(config).to.have.nested.property('appsec.blockedTemplateJson', __filename)
+ expect(config).to.have.nested.property('appsec.blockedTemplateHtml', BLOCKED_TEMPLATE_HTML)
+ expect(config).to.have.nested.property('appsec.blockedTemplateJson', BLOCKED_TEMPLATE_JSON)
expect(config).to.have.nested.property('remoteConfig.pollInterval', 42)
expect(config).to.have.nested.property('iast.enabled', true)
expect(config).to.have.nested.property('iast.requestSampling', 30)
@@ -611,35 +646,63 @@ describe('Config', () => {
const config = new Config({
appsec: {
enabled: true,
- rules: './path/rules.json',
+ rules: undefined,
rateLimit: 42,
wafTimeout: 42,
obfuscatorKeyRegex: '.*',
- obfuscatorValueRegex: '.*'
+ obfuscatorValueRegex: '.*',
+ blockedTemplateHtml: undefined,
+ blockedTemplateJson: undefined
},
experimental: {
appsec: {
enabled: false,
- rules: 'something',
+ rules: RULES_JSON_PATH,
rateLimit: 11,
wafTimeout: 11,
obfuscatorKeyRegex: '^$',
- obfuscatorValueRegex: '^$'
+ obfuscatorValueRegex: '^$',
+ blockedTemplateHtml: BLOCKED_TEMPLATE_HTML_PATH,
+ blockedTemplateJson: BLOCKED_TEMPLATE_JSON_PATH
}
}
})
expect(config).to.have.deep.property('appsec', {
enabled: true,
- rules: './path/rules.json',
+ rules: RECOMMENDED_JSON,
+ rateLimit: 42,
+ wafTimeout: 42,
+ obfuscatorKeyRegex: '.*',
+ obfuscatorValueRegex: '.*',
+ blockedTemplateHtml: undefined,
+ blockedTemplateJson: undefined
+ })
+ })
+
+ it('should left undefined appsec rules if user rules file could not be loaded', () => {
+ const config = new Config({
+ appsec: {
+ enabled: true,
+ rules: '/not/existing/path/or/bad/format.json',
+ rateLimit: 42,
+ wafTimeout: 42,
+ obfuscatorKeyRegex: '.*',
+ obfuscatorValueRegex: '.*',
+ blockedTemplateHtml: undefined,
+ blockedTemplateJson: undefined
+ }
+ })
+
+ expect(config).to.have.deep.property('appsec', {
+ enabled: true,
+ rules: undefined,
rateLimit: 42,
wafTimeout: 42,
obfuscatorKeyRegex: '.*',
obfuscatorValueRegex: '.*',
- blockedTemplateHtml:
- path.join(__dirname, '..', 'src', 'appsec', 'templates', 'blocked.html'),
- blockedTemplateJson:
- path.join(__dirname, '..', 'src', 'appsec', 'templates', 'blocked.json')
+ blockedTemplateHtml: undefined,
+ blockedTemplateJson: undefined
})
})
@@ -813,18 +876,33 @@ describe('Config', () => {
])
})
- it('should ignore appsec.blockedTemplateHtml if it does not exist', () => {
+ it('should skip appsec config files if they do not exist', () => {
+ const error = new Error('file not found')
+ fs.readFileSync = () => { throw error }
+
+ const Config = proxyquire('../src/config', {
+ './pkg': pkg,
+ './log': log,
+ fs,
+ os
+ })
+
const config = new Config({
appsec: {
enabled: true,
- blockedTemplateHtml: path.join(__dirname, 'DOES_NOT_EXIST.html'),
- blockedTemplateJson: path.join(__dirname, 'DOES_NOT_EXIST.json')
+ rules: 'DOES_NOT_EXIST.json',
+ blockedTemplateHtml: 'DOES_NOT_EXIST.html',
+ blockedTemplateJson: 'DOES_NOT_EXIST.json'
}
})
- expect(config.appsec.blockedTemplateHtml).to.be
- .equal(path.join(__dirname, '..', 'src', 'appsec', 'templates', 'blocked.html'))
- expect(config.appsec.blockedTemplateJson).to.be
- .equal(path.join(__dirname, '..', 'src', 'appsec', 'templates', 'blocked.json'))
+
+ expect(log.error).to.be.calledThrice
+ expect(log.error.firstCall).to.have.been.calledWithExactly(error)
+ expect(log.error.secondCall).to.have.been.calledWithExactly(error)
+ expect(log.error.thirdCall).to.have.been.calledWithExactly(error)
+ expect(config.appsec.rules).to.be.undefined
+ expect(config.appsec.blockedTemplateHtml).to.be.undefined
+ expect(config.appsec.blockedTemplateJson).to.be.undefined
})
context('auto configuration w/ unix domain sockets', () => {
diff --git a/packages/dd-trace/test/datastreams/encoding.spec.js b/packages/dd-trace/test/datastreams/encoding.spec.js
index 51432c4b6ff..be5dd1d838c 100644
--- a/packages/dd-trace/test/datastreams/encoding.spec.js
+++ b/packages/dd-trace/test/datastreams/encoding.spec.js
@@ -11,8 +11,9 @@ describe('encoding', () => {
const encoded = encodeVarint(n)
expect(encoded.length).to.equal(expectedEncoded.length)
expect(encoded.every((val, i) => val === expectedEncoded[i])).to.true
- const decoded = decodeVarint(encoded)
+ const [decoded, bytes] = decodeVarint(encoded)
expect(decoded).to.equal(n)
+ expect(bytes).to.length(0)
})
it('encoding then decoding should be a no op for bigger than int32 numbers', () => {
const n = 1679711644352
@@ -22,8 +23,13 @@ describe('encoding', () => {
const encoded = encodeVarint(n)
expect(encoded.length).to.equal(expectedEncoded.length)
expect(encoded.every((val, i) => val === expectedEncoded[i])).to.true
- const decoded = decodeVarint(encoded)
+ const toDecode = [...encoded, ...encoded]
+ const [decoded, bytes] = decodeVarint(toDecode)
expect(decoded).to.equal(n)
+ expect(bytes.every((val, i) => val === expectedEncoded[i])).to.true
+ const [decoded2, bytes2] = decodeVarint(bytes)
+ expect(decoded2).to.equal(n)
+ expect(bytes2).to.length(0)
})
it('encoding a number bigger than Max safe int fails.', () => {
const n = Number.MAX_SAFE_INTEGER + 10
diff --git a/packages/dd-trace/test/fixtures/config/appsec-blocked-template.html b/packages/dd-trace/test/fixtures/config/appsec-blocked-template.html
new file mode 100644
index 00000000000..2224a2221af
--- /dev/null
+++ b/packages/dd-trace/test/fixtures/config/appsec-blocked-template.html
@@ -0,0 +1 @@
+<html>blocked</html>
diff --git a/packages/dd-trace/test/fixtures/config/appsec-blocked-template.json b/packages/dd-trace/test/fixtures/config/appsec-blocked-template.json
new file mode 100644
index 00000000000..8b1e6f02968
--- /dev/null
+++ b/packages/dd-trace/test/fixtures/config/appsec-blocked-template.json
@@ -0,0 +1 @@
+{"error": "blocked"}
diff --git a/packages/dd-trace/test/fixtures/config/appsec-rules.json b/packages/dd-trace/test/fixtures/config/appsec-rules.json
new file mode 100644
index 00000000000..5a70b81709d
--- /dev/null
+++ b/packages/dd-trace/test/fixtures/config/appsec-rules.json
@@ -0,0 +1,7 @@
+{
+ "version": "2.2",
+ "metadata": {
+ "rules_version": "1.5.2"
+ },
+ "rules": [{"a": 1}]
+}
diff --git a/packages/dd-trace/test/opentracing/propagation/log.spec.js b/packages/dd-trace/test/opentracing/propagation/log.spec.js
index d40f945183d..95ff1ce82ac 100644
--- a/packages/dd-trace/test/opentracing/propagation/log.spec.js
+++ b/packages/dd-trace/test/opentracing/propagation/log.spec.js
@@ -9,18 +9,20 @@ describe('LogPropagator', () => {
let LogPropagator
let propagator
let log
+ let config
beforeEach(() => {
- LogPropagator = require('../../../src/opentracing/propagation/log')
- propagator = new LogPropagator({
+ config = {
service: 'test',
env: 'dev',
version: '1.0.0'
- })
+ }
+ LogPropagator = require('../../../src/opentracing/propagation/log')
+ propagator = new LogPropagator(config)
log = {
dd: {
trace_id: '123',
- span_id: '18446744073709551160' // -456 casted to uint64
+ span_id: '456'
}
}
})
@@ -30,14 +32,14 @@ describe('LogPropagator', () => {
const carrier = {}
const spanContext = new SpanContext({
traceId: id('123', 10),
- spanId: id('-456', 10)
+ spanId: id('456', 10)
})
propagator.inject(spanContext, carrier)
expect(carrier).to.have.property('dd')
expect(carrier.dd).to.have.property('trace_id', '123')
- expect(carrier.dd).to.have.property('span_id', '18446744073709551160') // -456 casted to uint64
+ expect(carrier.dd).to.have.property('span_id', '456')
})
it('should inject the global context into the carrier', () => {
@@ -53,6 +55,44 @@ describe('LogPropagator', () => {
}
})
})
+
+ it('should inject 128-bit trace IDs when enabled', () => {
+ config.traceId128BitLoggingEnabled = true
+
+ const carrier = {}
+ const traceId = id('1234567812345678')
+ const traceIdTag = '8765432187654321'
+ const spanContext = new SpanContext({
+ traceId,
+ spanId: id('456', 10)
+ })
+
+ spanContext._trace.tags['_dd.p.tid'] = traceIdTag
+
+ propagator.inject(spanContext, carrier)
+
+ expect(carrier).to.have.property('dd')
+ expect(carrier.dd).to.have.property('trace_id', '87654321876543211234567812345678')
+ expect(carrier.dd).to.have.property('span_id', '456')
+ })
+
+ it('should not inject 128-bit trace IDs when disabled', () => {
+ const carrier = {}
+ const traceId = id('123', 10)
+ const traceIdTag = '8765432187654321'
+ const spanContext = new SpanContext({
+ traceId,
+ spanId: id('456', 10)
+ })
+
+ spanContext._trace.tags['_dd.p.tid'] = traceIdTag
+
+ propagator.inject(spanContext, carrier)
+
+ expect(carrier).to.have.property('dd')
+ expect(carrier.dd).to.have.property('trace_id', '123')
+ expect(carrier.dd).to.have.property('span_id', '456')
+ })
})
describe('extract', () => {
@@ -62,7 +102,20 @@ describe('LogPropagator', () => {
expect(spanContext).to.deep.equal(new SpanContext({
traceId: id('123', 10),
- spanId: id('-456', 10)
+ spanId: id('456', 10)
+ }))
+ })
+
+ it('should convert signed IDs to unsigned', () => {
+ log.dd.trace_id = '-123'
+ log.dd.span_id = '-456'
+
+ const carrier = log
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext).to.deep.equal(new SpanContext({
+ traceId: id('18446744073709551493', 10), // -123 casted to uint64
+ spanId: id('18446744073709551160', 10) // -456 casted to uint64
}))
})
@@ -72,5 +125,25 @@ describe('LogPropagator', () => {
expect(spanContext).to.equal(null)
})
+
+ it('should extract 128-bit IDs', () => {
+ config.traceId128BitLoggingEnabled = true
+ log.dd.trace_id = '87654321876543211234567812345678'
+
+ const carrier = log
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext).to.deep.equal(new SpanContext({
+ traceId: id('1234567812345678', 16),
+ spanId: id('456', 10),
+ trace: {
+ started: [],
+ finished: [],
+ tags: {
+ '_dd.p.tid': '8765432187654321'
+ }
+ }
+ }))
+ })
})
})
diff --git a/packages/dd-trace/test/opentracing/propagation/text_map.spec.js b/packages/dd-trace/test/opentracing/propagation/text_map.spec.js
index 4a328435ad6..55729b12977 100644
--- a/packages/dd-trace/test/opentracing/propagation/text_map.spec.js
+++ b/packages/dd-trace/test/opentracing/propagation/text_map.spec.js
@@ -22,7 +22,7 @@ describe('TextMapPropagator', () => {
const trace = { started: [], finished: [], tags: {} }
const spanContext = new SpanContext({
traceId: id('123', 10),
- spanId: id('-456', 10),
+ spanId: id('456', 10),
baggageItems,
...params,
trace: {
@@ -40,7 +40,7 @@ describe('TextMapPropagator', () => {
propagator = new TextMapPropagator(config)
textMap = {
'x-datadog-trace-id': '123',
- 'x-datadog-parent-id': '18446744073709551160', // -456 casted to uint64
+ 'x-datadog-parent-id': '456',
'ot-baggage-foo': 'bar'
}
baggageItems = {}
@@ -60,7 +60,7 @@ describe('TextMapPropagator', () => {
propagator.inject(spanContext, carrier)
expect(carrier).to.have.property('x-datadog-trace-id', '123')
- expect(carrier).to.have.property('x-datadog-parent-id', '18446744073709551160') // -456 casted to uint64
+ expect(carrier).to.have.property('x-datadog-parent-id', '456')
expect(carrier).to.have.property('ot-baggage-foo', 'bar')
})
@@ -211,6 +211,42 @@ describe('TextMapPropagator', () => {
expect(carrier).to.have.property('x-b3-flags', '1')
})
+ it('should inject the 128-bit trace ID in B3 headers when available as tag', () => {
+ const carrier = {}
+ const spanContext = createContext({
+ traceId: id('0000000000000123'),
+ trace: {
+ tags: {
+ '_dd.p.tid': '0000000000000234'
+ }
+ }
+ })
+
+ config.tracePropagationStyle.inject = ['b3']
+
+ propagator.inject(spanContext, carrier)
+
+ expect(carrier).to.have.property('x-b3-traceid', '00000000000002340000000000000123')
+ })
+
+ it('should inject the 128-bit trace ID in B3 headers when available as ID', () => {
+ const carrier = {}
+ const spanContext = createContext({
+ traceId: id('00000000000002340000000000000123'),
+ trace: {
+ tags: {
+ '_dd.p.tid': '0000000000000234'
+ }
+ }
+ })
+
+ config.tracePropagationStyle.inject = ['b3']
+
+ propagator.inject(spanContext, carrier)
+
+ expect(carrier).to.have.property('x-b3-traceid', '00000000000002340000000000000123')
+ })
+
it('should inject the traceparent header', () => {
const carrier = {}
const spanContext = createContext({
@@ -292,6 +328,17 @@ describe('TextMapPropagator', () => {
expect(spanContext._baggageItems['foo']).to.equal(carrier['ot-baggage-foo'])
})
+ it('should convert signed IDs to unsigned', () => {
+ textMap['x-datadog-trace-id'] = '-123'
+ textMap['x-datadog-parent-id'] = '-456'
+
+ const carrier = textMap
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext.toTraceId()).to.equal('18446744073709551493') // -123 casted to uint64
+ expect(spanContext.toSpanId()).to.equal('18446744073709551160') // -456 casted to uint64
+ })
+
it('should return null if the carrier does not contain a trace', () => {
const carrier = {}
const spanContext = propagator.extract(carrier)
@@ -593,6 +640,39 @@ describe('TextMapPropagator', () => {
expect(spanContext).to.be.null
})
+
+ it('should support 128-bit trace IDs', () => {
+ textMap['b3'] = '00000000000002340000000000000123-0000000000000456'
+
+ config.traceId128BitGenerationEnabled = true
+
+ const carrier = textMap
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext).to.deep.equal(createContext({
+ traceId: id('00000000000002340000000000000123', 16),
+ spanId: id('456', 16),
+ trace: {
+ tags: {
+ '_dd.p.tid': '0000000000000234'
+ }
+ }
+ }))
+ })
+
+ it('should skip extracting upper bits for 64-bit trace IDs', () => {
+ textMap['b3'] = '00000000000000000000000000000123-0000000000000456'
+
+ config.traceId128BitGenerationEnabled = true
+
+ const carrier = textMap
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext).to.deep.equal(createContext({
+ traceId: id('00000000000000000000000000000123', 16),
+ spanId: id('456', 16)
+ }))
+ })
})
describe('With traceparent propagation as single header', () => {
@@ -627,6 +707,29 @@ describe('TextMapPropagator', () => {
)
})
+ it('should extract a 128-bit trace ID', () => {
+ textMap['traceparent'] = '00-1111aaaa2222bbbb3333cccc4444dddd-5555eeee6666ffff-01'
+ config.tracePropagationStyle.extract = ['tracecontext']
+ config.traceId128BitGenerationEnabled = true
+
+ const carrier = textMap
+ const spanContext = propagator.extract(carrier)
+ expect(spanContext._traceId.toString(16)).to.equal('1111aaaa2222bbbb3333cccc4444dddd')
+ expect(spanContext._trace.tags).to.have.property('_dd.p.tid', '1111aaaa2222bbbb')
+ })
+
+ it('should skip extracting upper bits for 64-bit trace IDs', () => {
+ textMap['traceparent'] = '00-00000000000000003333cccc4444dddd-5555eeee6666ffff-01'
+ config.tracePropagationStyle.extract = ['tracecontext']
+ config.traceId128BitGenerationEnabled = true
+
+ const carrier = textMap
+ const spanContext = propagator.extract(carrier)
+
+ expect(spanContext._traceId.toString(16)).to.equal('00000000000000003333cccc4444dddd')
+ expect(spanContext._trace.tags).to.not.have.property('_dd.p.tid')
+ })
+
it('should propagate the version', () => {
textMap['traceparent'] = '01-1111aaaa2222bbbb3333cccc4444dddd-5555eeee6666ffff-01'
textMap['tracestate'] = 'other=bleh,dd=t.foo_bar_baz_:abc_!@#$%^&*()_+`-~;s:2;o:foo;t.dm:-4'
diff --git a/packages/dd-trace/test/opentracing/span.spec.js b/packages/dd-trace/test/opentracing/span.spec.js
index bb6805a2213..6566faa053c 100644
--- a/packages/dd-trace/test/opentracing/span.spec.js
+++ b/packages/dd-trace/test/opentracing/span.spec.js
@@ -137,6 +137,7 @@ describe('Span', () => {
_trace: {
started: ['span'],
finished: [],
+ tags: {},
origin: 'synthetics'
}
}
@@ -149,6 +150,17 @@ describe('Span', () => {
expect(span.context()._trace).to.equal(parent._trace)
})
+ it('should generate a 128-bit trace ID when configured', () => {
+ span = new Span(tracer, processor, prioritySampler, {
+ operationName: 'operation',
+ traceId128BitGenerationEnabled: true
+ })
+
+ expect(span.context()._traceId).to.deep.equal('123')
+ expect(span.context()._trace.tags).to.have.property('_dd.p.tid')
+ expect(span.context()._trace.tags['_dd.p.tid']).to.match(/^[a-f0-9]{8}0{8}$/)
+ })
+
describe('tracer', () => {
it('should return its parent tracer', () => {
span = new Span(tracer, processor, prioritySampler, { operationName: 'operation' })
diff --git a/packages/dd-trace/test/opentracing/span_context.spec.js b/packages/dd-trace/test/opentracing/span_context.spec.js
index be89194d40e..f58e80d2265 100644
--- a/packages/dd-trace/test/opentracing/span_context.spec.js
+++ b/packages/dd-trace/test/opentracing/span_context.spec.js
@@ -116,4 +116,37 @@ describe('SpanContext', () => {
expect(spanContext.toSpanId()).to.equal('456')
})
})
+
+ describe('toTraceparent()', () => {
+ it('should return the traceparent', () => {
+ const spanContext = new SpanContext({
+ traceId: id('123', 16),
+ spanId: id('456', 16)
+ })
+
+ expect(spanContext.toTraceparent()).to.equal('00-00000000000000000000000000000123-0000000000000456-00')
+ })
+
+ it('should return the traceparent with 128-bit trace ID from the tag', () => {
+ const spanContext = new SpanContext({
+ traceId: id('123', 16),
+ spanId: id('456', 16)
+ })
+
+ spanContext._trace.tags['_dd.p.tid'] = '0000000000000789'
+
+ expect(spanContext.toTraceparent()).to.equal('00-00000000000007890000000000000123-0000000000000456-00')
+ })
+
+ it('should return the traceparent with 128-bit trace ID from the traceparent', () => {
+ const spanContext = new SpanContext({
+ traceId: id('00000000000007890000000000000123', 16),
+ spanId: id('456', 16)
+ })
+
+ spanContext._trace.tags['_dd.p.tid'] = '0000000000000789'
+
+ expect(spanContext.toTraceparent()).to.equal('00-00000000000007890000000000000123-0000000000000456-00')
+ })
+ })
})
diff --git a/packages/dd-trace/test/opentracing/tracer.spec.js b/packages/dd-trace/test/opentracing/tracer.spec.js
index d6ce493bace..d2b96e5729d 100644
--- a/packages/dd-trace/test/opentracing/tracer.spec.js
+++ b/packages/dd-trace/test/opentracing/tracer.spec.js
@@ -118,7 +118,8 @@ describe('Tracer', () => {
'service.name': 'service'
},
startTime: fields.startTime,
- hostname: undefined
+ hostname: undefined,
+ traceId128BitGenerationEnabled: undefined
}, true)
expect(span.addTags).to.have.been.calledWith({
@@ -174,7 +175,8 @@ describe('Tracer', () => {
'service.name': 'service'
},
startTime: fields.startTime,
- hostname: os.hostname()
+ hostname: os.hostname(),
+ traceId128BitGenerationEnabled: undefined
})
expect(testSpan).to.equal(span)
@@ -230,6 +232,25 @@ describe('Tracer', () => {
expect(span.addTags).to.have.been.calledWith(config.tags)
expect(span.addTags).to.have.been.calledWith(fields.tags)
})
+
+ it('should start a span with the trace ID generation configuration', () => {
+ config.traceId128BitGenerationEnabled = true
+ tracer = new Tracer(config)
+ const testSpan = tracer.startSpan('name', fields)
+
+ expect(Span).to.have.been.calledWith(tracer, processor, prioritySampler, {
+ operationName: 'name',
+ parent: null,
+ tags: {
+ 'service.name': 'service'
+ },
+ startTime: fields.startTime,
+ hostname: undefined,
+ traceId128BitGenerationEnabled: true
+ })
+
+ expect(testSpan).to.equal(span)
+ })
})
describe('inject', () => {
diff --git a/yarn.lock b/yarn.lock
index 871297d6745..44d89469096 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -267,10 +267,10 @@
dependencies:
node-gyp-build "^4.5.0"
-"@datadog/native-iast-taint-tracking@1.1.1":
- version "1.1.1"
- resolved "https://registry.yarnpkg.com/@datadog/native-iast-taint-tracking/-/native-iast-taint-tracking-1.1.1.tgz#cbeace022b6c1f3a0a40dc0000cc40079c6d4895"
- integrity sha512-VkESVYpVlLHqw38UHqqEYsJaJTp3+JpKIJhfB9nlQO13dYBc3Sgq/QJZNdPViU73SVsCJtuw4D0SXRyjTXP1IA==
+"@datadog/native-iast-taint-tracking@1.3.1":
+ version "1.3.1"
+ resolved "https://registry.yarnpkg.com/@datadog/native-iast-taint-tracking/-/native-iast-taint-tracking-1.3.1.tgz#49b3befc3049370f4034babcf57c3d67e9f4d56b"
+ integrity sha512-KWKmK4/GANisxqVZ1TtGlBIOw2RIXdUO0r7361QJHiBVUxwNKmKNVDVuCTKGpRRH/0GZcxY0yVgl38ee/6HM3A==
dependencies:
node-gyp-build "^3.9.0"
@@ -315,6 +315,121 @@
version "2.0.1"
resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-2.0.1.tgz#7888fe7ec8f21bc26d646dbd2c11cd776e21192d"
integrity sha512-eFRmABvW2E5Ho6f5fHLqgena46rOj7r7OKHYfLElqcBfGFHHpjBhivyi5+jOEQuSpdc/1phIZJlbC2te+tZNIw==
+
+"@esbuild/android-arm64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/android-arm64/-/android-arm64-0.16.12.tgz#86c4fdd7c0d65fe9dcbe138fbe72720658ec3b88"
+ integrity sha512-0LacmiIW+X0/LOLMZqYtZ7d4uY9fxYABAYhSSOu+OGQVBqH4N5eIYgkT7bBFnR4Nm3qo6qS3RpHKVrDASqj/uQ==
+
+"@esbuild/android-arm@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/android-arm/-/android-arm-0.16.12.tgz#15e33bb1c8c2f560fbb27cda227c0fa22d83d0ef"
+ integrity sha512-CTWgMJtpCyCltrvipZrrcjjRu+rzm6pf9V8muCsJqtKujR3kPmU4ffbckvugNNaRmhxAF1ZI3J+0FUIFLFg8KA==
+
+"@esbuild/android-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/android-x64/-/android-x64-0.16.12.tgz#3b0ddaf59fdf94e8e9fcb2aa6537cbab93d5fe22"
+ integrity sha512-sS5CR3XBKQXYpSGMM28VuiUnbX83Z+aWPZzClW+OB2JquKqxoiwdqucJ5qvXS8pM6Up3RtJfDnRQZkz3en2z5g==
+
+"@esbuild/darwin-arm64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/darwin-arm64/-/darwin-arm64-0.16.12.tgz#ac6c5d85cabf20de5047b55eab7f3c252d9aae71"
+ integrity sha512-Dpe5hOAQiQRH20YkFAg+wOpcd4PEuXud+aGgKBQa/VriPJA8zuVlgCOSTwna1CgYl05lf6o5els4dtuyk1qJxQ==
+
+"@esbuild/darwin-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/darwin-x64/-/darwin-x64-0.16.12.tgz#3433e6432dd474994302bcfe35c5420fae46a206"
+ integrity sha512-ApGRA6X5txIcxV0095X4e4KKv87HAEXfuDRcGTniDWUUN+qPia8sl/BqG/0IomytQWajnUn4C7TOwHduk/FXBQ==
+
+"@esbuild/freebsd-arm64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/freebsd-arm64/-/freebsd-arm64-0.16.12.tgz#b150587dc54dc2369cb826e6ee9f94fc5ec14635"
+ integrity sha512-AMdK2gA9EU83ccXCWS1B/KcWYZCj4P3vDofZZkl/F/sBv/fphi2oUqUTox/g5GMcIxk8CF1CVYTC82+iBSyiUg==
+
+"@esbuild/freebsd-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/freebsd-x64/-/freebsd-x64-0.16.12.tgz#e682a61cde8d6332aaeb4c2b28fce0d833928903"
+ integrity sha512-KUKB9w8G/xaAbD39t6gnRBuhQ8vIYYlxGT2I+mT6UGRnCGRr1+ePFIGBQmf5V16nxylgUuuWVW1zU2ktKkf6WQ==
+
+"@esbuild/linux-arm64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-arm64/-/linux-arm64-0.16.12.tgz#d0d75e10796d4f1414ecaf16a8071ce05446cb9f"
+ integrity sha512-29HXMLpLklDfmw7T2buGqq3HImSUaZ1ArmrPOMaNiZZQptOSZs32SQtOHEl8xWX5vfdwZqrBfNf8Te4nArVzKQ==
+
+"@esbuild/linux-arm@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-arm/-/linux-arm-0.16.12.tgz#945ebcd99205fadea5ee22bff624189bd95c0484"
+ integrity sha512-vhDdIv6z4eL0FJyNVfdr3C/vdd/Wc6h1683GJsFoJzfKb92dU/v88FhWdigg0i6+3TsbSDeWbsPUXb4dif2abg==
+
+"@esbuild/linux-ia32@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-ia32/-/linux-ia32-0.16.12.tgz#132e61b2124eee6033bf7f0d5b312c02524d39db"
+ integrity sha512-JFDuNDTTfgD1LJg7wHA42o2uAO/9VzHYK0leAVnCQE/FdMB599YMH73ux+nS0xGr79pv/BK+hrmdRin3iLgQjg==
+
+"@esbuild/linux-loong64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-loong64/-/linux-loong64-0.16.12.tgz#d27dc1e203c0d0516c1daadb7988f88b643f8ea2"
+ integrity sha512-xTGzVPqm6WKfCC0iuj1fryIWr1NWEM8DMhAIo+4rFgUtwy/lfHl+Obvus4oddzRDbBetLLmojfVZGmt/g/g+Rw==
+
+"@esbuild/linux-mips64el@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-mips64el/-/linux-mips64el-0.16.12.tgz#9616c378ca76f12d06ffaf242da68a58be966a18"
+ integrity sha512-zI1cNgHa3Gol+vPYjIYHzKhU6qMyOQrvZ82REr5Fv7rlh5PG6SkkuCoH7IryPqR+BK2c/7oISGsvPJPGnO2bHQ==
+
+"@esbuild/linux-ppc64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-ppc64/-/linux-ppc64-0.16.12.tgz#b033a248212249c05c162b64124744345a041f92"
+ integrity sha512-/C8OFXExoMmvTDIOAM54AhtmmuDHKoedUd0Otpfw3+AuuVGemA1nQK99oN909uZbLEU6Bi+7JheFMG3xGfZluQ==
+
+"@esbuild/linux-riscv64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-riscv64/-/linux-riscv64-0.16.12.tgz#b6476abff413b5b472e6cf093086b9d5be4553a8"
+ integrity sha512-qeouyyc8kAGV6Ni6Isz8hUsKMr00EHgVwUKWNp1r4l88fHEoNTDB8mmestvykW6MrstoGI7g2EAsgr0nxmuGYg==
+
+"@esbuild/linux-s390x@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-s390x/-/linux-s390x-0.16.12.tgz#981a639f8c2a2e0646f47eba0fae7c2c270b208b"
+ integrity sha512-s9AyI/5vz1U4NNqnacEGFElqwnHusWa81pskAf8JNDM2eb6b2E6PpBmT8RzeZv6/TxE6/TADn2g9bb0jOUmXwQ==
+
+"@esbuild/linux-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/linux-x64/-/linux-x64-0.16.12.tgz#01b777229d8baf068eeeb7cd7c396aea4d1ebd36"
+ integrity sha512-e8YA7GQGLWhvakBecLptUiKxOk4E/EPtSckS1i0MGYctW8ouvNUoh7xnU15PGO2jz7BYl8q1R6g0gE5HFtzpqQ==
+
+"@esbuild/netbsd-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/netbsd-x64/-/netbsd-x64-0.16.12.tgz#6d4b9de7dc3ac99bf04653fe640b3be63c57b1aa"
+ integrity sha512-z2+kUxmOqBS+6SRVd57iOLIHE8oGOoEnGVAmwjm2aENSP35HPS+5cK+FL1l+rhrsJOFIPrNHqDUNechpuG96Sg==
+
+"@esbuild/openbsd-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/openbsd-x64/-/openbsd-x64-0.16.12.tgz#2a28010b1848466586d5e2189e9f1b8334b65708"
+ integrity sha512-PAonw4LqIybwn2/vJujhbg1N9W2W8lw9RtXIvvZoyzoA/4rA4CpiuahVbASmQohiytRsixbNoIOUSjRygKXpyA==
+
+"@esbuild/sunos-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/sunos-x64/-/sunos-x64-0.16.12.tgz#3ee120008cc759d604825dd25501152071ef30f0"
+ integrity sha512-+wr1tkt1RERi+Zi/iQtkzmMH4nS8+7UIRxjcyRz7lur84wCkAITT50Olq/HiT4JN2X2bjtlOV6vt7ptW5Gw60Q==
+
+"@esbuild/win32-arm64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/win32-arm64/-/win32-arm64-0.16.12.tgz#8c599a91f1c55b3df304c450ac0613855c10502e"
+ integrity sha512-XEjeUSHmjsAOJk8+pXJu9pFY2O5KKQbHXZWQylJzQuIBeiGrpMeq9sTVrHefHxMOyxUgoKQTcaTS+VK/K5SviA==
+
+"@esbuild/win32-ia32@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/win32-ia32/-/win32-ia32-0.16.12.tgz#102b5a44b514f8849a10cc4cc618c60c70a4c536"
+ integrity sha512-eRKPM7e0IecUAUYr2alW7JGDejrFJXmpjt4MlfonmQ5Rz9HWpKFGCjuuIRgKO7W9C/CWVFXdJ2GjddsBXqQI4A==
+
+"@esbuild/win32-x64@0.16.12":
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/@esbuild/win32-x64/-/win32-x64-0.16.12.tgz#31197bb509049b63c059c4808ac58e66fdff7479"
+ integrity sha512-iPYKN78t3op2+erv2frW568j1q0RpqX6JOLZ7oPPaAV1VaF7dDstOrNw37PVOYoTWE11pV4A1XUitpdEFNIsPg==
+
+"@eslint/eslintrc@^1.3.2":
+ version "1.3.2"
+ resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-1.3.2.tgz#58b69582f3b7271d8fa67fe5251767a5b38ea356"
+ integrity sha512-AXYd23w1S/bv3fTs3Lz0vjiYemS08jWkI3hYyS9I1ry+0f+Yjs1wm+sU0BS8qDOPrBIkp4qHYC16I8uVtpLajQ==
dependencies:
ajv "^6.12.4"
debug "^4.3.2"
@@ -1511,6 +1626,34 @@ es6-error@^4.0.1:
resolved "https://registry.yarnpkg.com/es6-error/-/es6-error-4.1.1.tgz#9e3af407459deed47e9a91f9b885a84eb05c561d"
integrity sha512-Um/+FxMr9CISWh0bi5Zv0iOD+4cFh5qLeks1qhAopKVAJw3drgKbKySikp7wGhDL0HPeaja0P5ULZrxLkniUVg==
+esbuild@0.16.12:
+ version "0.16.12"
+ resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.16.12.tgz#60850b9ad2f103f1c4316be42c34d5023f27378d"
+ integrity sha512-eq5KcuXajf2OmivCl4e89AD3j8fbV+UTE9vczEzq5haA07U9oOTzBWlh3+6ZdjJR7Rz2QfWZ2uxZyhZxBgJ4+g==
+ optionalDependencies:
+ "@esbuild/android-arm" "0.16.12"
+ "@esbuild/android-arm64" "0.16.12"
+ "@esbuild/android-x64" "0.16.12"
+ "@esbuild/darwin-arm64" "0.16.12"
+ "@esbuild/darwin-x64" "0.16.12"
+ "@esbuild/freebsd-arm64" "0.16.12"
+ "@esbuild/freebsd-x64" "0.16.12"
+ "@esbuild/linux-arm" "0.16.12"
+ "@esbuild/linux-arm64" "0.16.12"
+ "@esbuild/linux-ia32" "0.16.12"
+ "@esbuild/linux-loong64" "0.16.12"
+ "@esbuild/linux-mips64el" "0.16.12"
+ "@esbuild/linux-ppc64" "0.16.12"
+ "@esbuild/linux-riscv64" "0.16.12"
+ "@esbuild/linux-s390x" "0.16.12"
+ "@esbuild/linux-x64" "0.16.12"
+ "@esbuild/netbsd-x64" "0.16.12"
+ "@esbuild/openbsd-x64" "0.16.12"
+ "@esbuild/sunos-x64" "0.16.12"
+ "@esbuild/win32-arm64" "0.16.12"
+ "@esbuild/win32-ia32" "0.16.12"
+ "@esbuild/win32-x64" "0.16.12"
+
escalade@^3.1.1:
version "3.1.1"
resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.1.tgz#d8cfdc7000965c5a0174b4a82eaa5c0552742e40"