Merge branch 'master' into jbertran/http-servers

DataDog · Jun 20, 2023 · 3b53426 · 3b53426
2 parents e7dadc9 + 89da666
commit 3b53426
Show file tree

Hide file tree

Showing 13 changed files with 103 additions and 19 deletions.
diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml
@@ -22,12 +22,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: ./.github/actions/node/setup
-      - run: yarn install
       - uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.version }}
       # Disable core dumps since some integration tests intentionally abort and core dump generation takes around 5-10s
+      - run: yarn install
       - run: sudo sysctl -w kernel.core_pattern='|/bin/false'
       - run: yarn test:integration
 
@@ -39,11 +38,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: ./.github/actions/node/setup
-      - run: yarn install
       - uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.version }}
+      - run: yarn install
       - run: yarn test:integration:${{ matrix.framework }}
 
   integration-cypress:

diff --git a/benchmark/sirun/appsec-iast/common.js b/benchmark/sirun/appsec-iast/common.js
@@ -2,5 +2,5 @@
 
 module.exports = {
   port: 3331 + parseInt(process.env.CPU_AFFINITY || '0'),
-  reqs: 350
+  reqs: 200
 }
diff --git a/benchmark/sirun/appsec-iast/meta.json b/benchmark/sirun/appsec-iast/meta.json
@@ -2,7 +2,7 @@
   "name": "appsec-iast",
   "cachegrind": false,
   "instructions": true,
-  "iterations": 40,
+  "iterations": 30,
   "variants": {
     "no-vulnerability-control": {
       "setup": "bash -c \"nohup node client.js >/dev/null 2>&1 &\"",

diff --git a/integration-tests/opentelemetry.spec.js b/integration-tests/opentelemetry.spec.js
@@ -45,7 +45,12 @@ describe('opentelemetry', () => {
   const timeout = 5000
 
   before(async () => {
-    sandbox = await createSandbox()
+    sandbox = await createSandbox([
+      '@opentelemetry/api',
+      '@opentelemetry/sdk-node',
+      // Needed because sdk-node doesn't start a tracer without an exporter
+      '@opentelemetry/exporter-jaeger'
+    ])
     cwd = sandbox.folder
     agent = await new FakeAgent().start()
   })
@@ -102,4 +107,23 @@ describe('opentelemetry', () => {
       assert.strictEqual(ddSpan.parent_id.toString(), otelSpan.span_id.toString())
     })
   })
+
+  it('should auto-instrument @opentelemetry/sdk-node', async () => {
+    proc = fork(join(cwd, 'opentelemetry/env-var.js'), {
+      cwd,
+      env: {
+        DD_TRACE_AGENT_PORT: agent.port
+      }
+    })
+    return check(agent, proc, timeout, ({ payload }) => {
+      // Should have a single trace with a single span
+      assert.strictEqual(payload.length, 1)
+      const [trace] = payload
+      assert.strictEqual(trace.length, 1)
+      const [span] = trace
+
+      // Should be the expected otel span
+      assert.strictEqual(span.name, 'otel-sub')
+    })
+  })
 })
diff --git a/integration-tests/opentelemetry/env-var.js b/integration-tests/opentelemetry/env-var.js
@@ -0,0 +1,24 @@
+'use strict'
+
+process.env.DD_TRACE_OTEL_ENABLED = '1'
+
+require('dd-trace').init()
+
+const opentelemetry = require('@opentelemetry/sdk-node')
+const { JaegerExporter } = require('@opentelemetry/exporter-jaeger')
+
+const sdk = new opentelemetry.NodeSDK({
+  traceExporter: new JaegerExporter()
+})
+
+sdk.start()
+
+const otelTracer = opentelemetry.api.trace.getTracer(
+  'my-service-tracer'
+)
+
+otelTracer.startActiveSpan('otel-sub', otelSpan => {
+  setImmediate(() => {
+    otelSpan.end()
+  })
+})
diff --git a/package.json b/package.json
@@ -73,7 +73,7 @@
     "@datadog/pprof": "^2.2.1",
     "@datadog/sketches-js": "^2.1.0",
     "@opentelemetry/api": "^1.0.0",
-    "@opentelemetry/core": "<1.4.0",
+    "@opentelemetry/core": "^1.14.0",
     "crypto-randomuuid": "^1.0.0",
     "diagnostics_channel": "^1.1.0",
     "ignore": "^5.2.0",

diff --git a/packages/datadog-instrumentations/src/helpers/hooks.js b/packages/datadog-instrumentations/src/helpers/hooks.js
@@ -14,6 +14,7 @@ module.exports = {
   '@koa/router': () => require('../koa'),
   '@node-redis/client': () => require('../redis'),
   '@opensearch-project/opensearch': () => require('../opensearch'),
+  '@opentelemetry/sdk-trace-node': () => require('../otel-sdk-trace'),
   '@redis/client': () => require('../redis'),
   'amqp10': () => require('../amqp10'),
   'amqplib': () => require('../amqplib'),

diff --git a/packages/datadog-instrumentations/src/otel-sdk-trace.js b/packages/datadog-instrumentations/src/otel-sdk-trace.js
@@ -0,0 +1,18 @@
+'use strict'
+
+const { addHook } = require('./helpers/instrument')
+const shimmer = require('../../datadog-shimmer')
+const tracer = require('../../dd-trace')
+
+if (process.env.DD_TRACE_OTEL_ENABLED) {
+  addHook({
+    name: '@opentelemetry/sdk-trace-node',
+    file: 'build/src/NodeTracerProvider.js',
+    versions: ['*']
+  }, (mod) => {
+    shimmer.wrap(mod, 'NodeTracerProvider', () => {
+      return tracer.TracerProvider
+    })
+    return mod
+  })
+}
diff --git a/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js b/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js
@@ -28,7 +28,7 @@ class SqlInjectionAnalyzer extends InjectionAnalyzer {
 
     this.addSub('datadog:sequelize:query:finish', () => {
       const store = storage.getStore()
-      if (store.sequelizeParentStore) {
+      if (store && store.sequelizeParentStore) {
         storage.enterWith(store.sequelizeParentStore)
       }
     })

diff --git a/packages/dd-trace/src/noop/proxy.js b/packages/dd-trace/src/noop/proxy.js
@@ -75,6 +75,10 @@ class Tracer {
     this.appsec.setUser(user)
     return this
   }
+
+  get TracerProvider () {
+    return require('../opentelemetry/tracer_provider')
+  }
 }
 
 module.exports = Tracer
diff --git a/packages/dd-trace/src/opentelemetry/context_manager.js b/packages/dd-trace/src/opentelemetry/context_manager.js
@@ -62,7 +62,7 @@ class ContextManager {
   bind (context, target) {
     const self = this
     return function (...args) {
-      return self.with(context, target, this, args)
+      return self.with(context, target, this, ...args)
     }
   }
 

diff --git a/packages/dd-trace/test/appsec/iast/analyzers/sql-injection-analyzer.spec.js b/packages/dd-trace/test/appsec/iast/analyzers/sql-injection-analyzer.spec.js
@@ -2,6 +2,9 @@
 
 const proxyquire = require('proxyquire')
 
+const iastLog = require('../../../../src/appsec/iast/iast-log')
+const dc = require('../../../../../diagnostics_channel')
+
 describe('sql-injection-analyzer', () => {
   const NOT_TAINTED_QUERY = 'no vulnerable query'
   const TAINTED_QUERY = 'vulnerable query'
@@ -19,6 +22,10 @@ describe('sql-injection-analyzer', () => {
     './injection-analyzer': InjectionAnalyzer
   })
 
+  afterEach(() => {
+    sinon.restore()
+  })
+
   it('should subscribe to mysql, mysql2 and pg start query channel', () => {
     expect(sqlInjectionAnalyzer._subscriptions).to.have.lengthOf(5)
     expect(sqlInjectionAnalyzer._subscriptions[0]._channel.name).to.equals('apm:mysql:query:start')
@@ -83,4 +90,12 @@ describe('sql-injection-analyzer', () => {
       evidence: { dialect: dialect }
     })
   })
+
+  it('should not report an error when context is not initialized', () => {
+    sinon.stub(iastLog, 'errorAndPublish')
+    sqlInjectionAnalyzer.configure(true)
+    dc.channel('datadog:sequelize:query:finish').publish()
+    sqlInjectionAnalyzer.configure(false)
+    expect(iastLog.errorAndPublish).not.to.be.called
+  })
 })
diff --git a/yarn.lock b/yarn.lock
@@ -681,17 +681,17 @@
   resolved "https://registry.yarnpkg.com/@opentelemetry/api/-/api-1.4.1.tgz#ff22eb2e5d476fbc2450a196e40dd243cc20c28f"
   integrity sha512-O2yRJce1GOc6PAy3QxFM4NzFiWzvScDC1/5ihYBL6BUEVdq0XMWN01sppE+H6bBXbaFYipjwFLEWLg5PaSOThA==
 
-"@opentelemetry/core@<1.4.0":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@opentelemetry/core/-/core-1.3.1.tgz#6eef5c5efca9a4cd7daa0cd4c7ff28ca2317c8d7"
-  integrity sha512-k7lOC86N7WIyUZsUuSKZfFIrUtINtlauMGQsC1r7jNmcr0vVJGqK1ROBvt7WWMxLbpMnt1q2pXJO8tKu0b9auA==
+"@opentelemetry/core@^1.14.0":
+  version "1.14.0"
+  resolved "https://registry.yarnpkg.com/@opentelemetry/core/-/core-1.14.0.tgz#64e876b29cb736c984d54164cd47433f513eafd3"
+  integrity sha512-MnMZ+sxsnlzloeuXL2nm5QcNczt/iO82UOeQQDHhV83F2fP3sgntW2evvtoxJki0MBLxEsh5ADD7PR/Hn5uzjw==
   dependencies:
-    "@opentelemetry/semantic-conventions" "1.3.1"
+    "@opentelemetry/semantic-conventions" "1.14.0"
 
-"@opentelemetry/semantic-conventions@1.3.1":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@opentelemetry/semantic-conventions/-/semantic-conventions-1.3.1.tgz#ba07b864a3c955f061aa30ea3ef7f4ae4449794a"
-  integrity sha512-wU5J8rUoo32oSef/rFpOT1HIjLjAv3qIDHkw1QIhODV3OpAVHi5oVzlouozg9obUmZKtbZ0qUe/m7FP0y0yBzA==
+"@opentelemetry/semantic-conventions@1.14.0":
+  version "1.14.0"
+  resolved "https://registry.yarnpkg.com/@opentelemetry/semantic-conventions/-/semantic-conventions-1.14.0.tgz#6a729b7f372ce30f77a3f217c09bc216f863fccb"
+  integrity sha512-rJfCY8rCWz3cb4KI6pEofnytvMPuj3YLQwoscCCYZ5DkdiPjo15IQ0US7+mjcWy9H3fcZIzf2pbJZ7ck/h4tug==
 
 "@protobufjs/aspromise@^1.1.1", "@protobufjs/aspromise@^1.1.2":
   version "1.1.2"