V4.48.0 proposal

.eslintignore

@@ -9,3 +9,4 @@ vendor
 integration-tests/esbuild/out.js
 integration-tests/esbuild/aws-sdk-out.js
 packages/dd-trace/src/appsec/blocked_templates.js
+packages/dd-trace/src/payload-tagging/jsonpath-plus.js

.github/actions/node/latest/action.yml

@@ -4,4 +4,4 @@ runs:
   steps:
     - uses: actions/setup-node@v3
       with:
-        node-version: 'latest'
+        node-version: '22' # Update this line to the latest Node.js version

.github/workflows/appsec.yml

@@ -256,3 +256,17 @@ jobs:
       - run: yarn test:integration:appsec
       - uses: ./.github/actions/node/latest
       - run: yarn test:integration:appsec
+
+  passport:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: passport-local|passport-http
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/node/setup
+      - uses: ./.github/actions/install
+      - uses: ./.github/actions/node/oldest
+      - run: yarn test:appsec:plugins:ci
+      - uses: ./.github/actions/node/latest
+      - run: yarn test:appsec:plugins:ci
+      - uses: codecov/codecov-action@v3

.github/workflows/plugins.yml

@@ -127,6 +127,15 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/plugins/test-and-upstream
 
+  avsc:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: avsc
+      DD_DATA_STREAMS_ENABLED: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/plugins/test-and-upstream
+
   aws-sdk:
     strategy:
       matrix:
@@ -187,6 +196,14 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/plugins/upstream
 
+  azure-functions:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: azure-functions
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/plugins/test
+
   bluebird:
     runs-on: ubuntu-latest
     env:
@@ -798,6 +815,15 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/plugins/test
 
+  protobufjs:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: protobufjs
+      DD_DATA_STREAMS_ENABLED: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/plugins/test-and-upstream
+
   q:
     runs-on: ubuntu-latest
     env:

.github/workflows/project.yml

@@ -42,7 +42,7 @@ jobs:
         with:
           node-version: ${{ matrix.version }}
       - uses: ./.github/actions/install
-      - run: node node_modules/.bin/mocha --colors --timeout 30000 -r packages/dd-trace/test/setup/core.js integration-tests/init.spec.js
+      - run: node node_modules/.bin/mocha --colors --timeout 30000 integration-tests/init.spec.js
 
   integration-ci:
     strategy:

.github/workflows/system-tests.yml

@@ -47,10 +47,8 @@ jobs:
       TEST_LIBRARY: nodejs
       WEBLOG_VARIANT: ${{ matrix.weblog-variant }}
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: us-east-1
-      AWS_DEFAULT_REGION: us-east-1  # AWS services should use `AWS_REGION`, but some still use the older `AWS_DEFAULT_REGION`
+      SYSTEM_TESTS_AWS_ACCESS_KEY_ID: ${{ secrets.IDM_AWS_ACCESS_KEY_ID }}
+      SYSTEM_TESTS_AWS_SECRET_ACCESS_KEY: ${{ secrets.IDM_AWS_SECRET_ACCESS_KEY }}
 
     steps:
       - name: Checkout system tests

.gitignore

@@ -125,3 +125,4 @@ packages/dd-trace/test/appsec/next/*/package.json
 packages/dd-trace/test/appsec/next/*/node_modules
 packages/dd-trace/test/appsec/next/*/yarn.lock
 !packages/dd-trace/**/telemetry/logs
+packages/datadog-plugin-azure-functions/test/integration-test/fixtures/node_modules

LICENSE-3rdparty.csv

@@ -14,7 +14,6 @@ require,import-in-the-middle,Apache license 2.0,Copyright 2021 Datadog Inc.
 require,int64-buffer,MIT,Copyright 2015-2016 Yusuke Kawasaki
 require,istanbul-lib-coverage,BSD-3-Clause,Copyright 2012-2015 Yahoo! Inc.
 require,jest-docblock,MIT,Copyright Meta Platforms, Inc. and affiliates.
-require,jsonpath-plus,MIT,Copyright (c) 2011-2019 Stefan Goessner, Subbu Allamaraju, Mike Brevoort, Robert Krahn, Brett Zamir, Richard Schneider
 require,koalas,MIT,Copyright 2013-2017 Brian Woodward
 require,limiter,MIT,Copyright 2011 John Hurliman
 require,lodash.sortby,MIT,Copyright JS Foundation and other contributors

docs/API.md

@@ -24,9 +24,11 @@ tracer.use('pg', {
 <h5 id="amqplib"></h5>
 <h5 id="amqplib-tags"></h5>
 <h5 id="amqplib-config"></h5>
+<h5 id="avsc"></h5>
 <h5 id="aws-sdk"></h5>
 <h5 id="aws-sdk-tags"></h5>
 <h5 id="aws-sdk-config"></h5>
+<h5 id="azure-functions"></h5>
 <h5 id="bunyan"></h5>
 <h5 id="couchbase"></h5>
 <h5 id="cucumber"></h5>
@@ -87,6 +89,7 @@ tracer.use('pg', {
 <h5 id="pg"></h5>
 <h5 id="pg-tags"></h5>
 <h5 id="pg-config"></h5>
+<h5 id="protobufjs"></h5>
 <h5 id="redis"></h5>
 <h5 id="redis-tags"></h5>
 <h5 id="redis-config"></h5>
@@ -101,7 +104,9 @@ tracer.use('pg', {
 
 * [amqp10](./interfaces/export_.plugins.amqp10.html)
 * [amqplib](./interfaces/export_.plugins.amqplib.html)
+* [avsc](./interfaces/export_.plugins.avsc.html)
 * [aws-sdk](./interfaces/export_.plugins.aws_sdk.html)
+* [azure-functions](./interfaces/export_.plugins.azure_functions.html)
 * [bluebird](./interfaces/export_.plugins.bluebird.html)
 * [couchbase](./interfaces/export_.plugins.couchbase.html)
 * [cucumber](./interfaces/export_.plugins.cucumber.html)
@@ -142,6 +147,7 @@ tracer.use('pg', {
 * [pg](./interfaces/export_.plugins.pg.html)
 * [promise](./interfaces/export_.plugins.promise.html)
 * [promise-js](./interfaces/export_.plugins.promise_js.html)
+* [protobufjs](./interfaces/export_.plugins.protobufjs.html)
 * [q](./interfaces/export_.plugins.q.html)
 * [redis](./interfaces/export_.plugins.redis.html)
 * [restify](./interfaces/export_.plugins.restify.html)
@@ -375,7 +381,7 @@ Options can be configured as a parameter to the [init()](./interfaces/tracer.htm
 
 <h3 id="custom-logging">Custom Logging</h3>
 
-By default, logging from this library is disabled. In order to get debugging information and errors sent to logs, the `debug` options should be set to `true` in the [init()](./interfaces/tracer.html#init) method.
+By default, logging from this library is disabled. In order to get debugging information and errors sent to logs, the `DD_TRACE_DEBUG` env var should be set to `true`.
 
 The tracer will then log debug information to `console.log()` and errors to `console.error()`. This behavior can be changed by passing a custom logger to the tracer. The logger should contain a `debug()` and `error()` methods that can handle messages and errors, respectively.
 
@@ -388,14 +394,15 @@ const logger = bunyan.createLogger({
   level: 'trace'
 })
 
+process.env.DD_TRACE_DEBUG = 'true'
+
 const tracer = require('dd-trace').init({
   logger: {
     error: err => logger.error(err),
     warn: message => logger.warn(message),
     info: message => logger.info(message),
     debug: message => logger.trace(message),
-  },
-  debug: true
+  }
 })
 ```
 

docs/add-redirects.sh

@@ -14,6 +14,7 @@ echo "writing redirects..."
 declare -a plugins=(
   "amqp10"
   "amqplib"
+  "avsc"
   "aws_sdk"
   "bluebird"
   "couchbase"
@@ -55,6 +56,7 @@ declare -a plugins=(
   "pg"
   "promise"
   "promise_js"
+  "protobufjs"
   "q"
   "redis"
   "restify"

docs/test.ts

@@ -128,6 +128,7 @@ tracer.init({
   },
   iast: {
     enabled: true,
+    cookieFilterPattern: '.*',
     requestSampling: 50,
     maxConcurrentRequests: 4,
     maxContextOperations: 30,
@@ -143,6 +144,7 @@ tracer.init({
   experimental: {
     iast: {
       enabled: true,
+      cookieFilterPattern: '.*',
       requestSampling: 50,
       maxConcurrentRequests: 4,
       maxContextOperations: 30,
@@ -281,8 +283,10 @@ const openSearchOptions: plugins.opensearch = {
 
 tracer.use('amqp10');
 tracer.use('amqplib');
+tracer.use('avsc');
 tracer.use('aws-sdk');
 tracer.use('aws-sdk', awsSdkOptions);
+tracer.use('azure-functions');
 tracer.use('bunyan');
 tracer.use('couchbase');
 tracer.use('cassandra-driver');
@@ -362,6 +366,7 @@ tracer.use('playwright');
 tracer.use('pg');
 tracer.use('pg', { service: params => `${params.host}-${params.database}` });
 tracer.use('pino');
+tracer.use('protobufjs');
 tracer.use('redis');
 tracer.use('redis', redisOptions);
 tracer.use('restify');

ext/types.d.ts

@@ -1,5 +1,6 @@
 declare const types: {
   HTTP: 'http'
+  SERVERLESS: 'serverless'
   WEB: 'web'
 }
 

ext/types.js

@@ -2,5 +2,6 @@
 
 module.exports = {
   HTTP: 'http',
+  SERVERLESS: 'serverless',
   WEB: 'web'
 }

index.d.ts

@@ -147,7 +147,9 @@ interface Plugins {
   "amqp10": tracer.plugins.amqp10;
   "amqplib": tracer.plugins.amqplib;
   "apollo": tracer.plugins.apollo;
+  "avsc": tracer.plugins.avsc;
   "aws-sdk": tracer.plugins.aws_sdk;
+  "azure-functions": tracer.plugins.azure_functions;
   "bunyan": tracer.plugins.bunyan;
   "cassandra-driver": tracer.plugins.cassandra_driver;
   "child_process": tracer.plugins.child_process;
@@ -190,6 +192,7 @@ interface Plugins {
   "playwright": tracer.plugins.playwright;
   "pg": tracer.plugins.pg;
   "pino": tracer.plugins.pino;
+  "protobufjs": tracer.plugins.protobufjs;
   "redis": tracer.plugins.redis;
   "restify": tracer.plugins.restify;
   "rhea": tracer.plugins.rhea;
@@ -1191,6 +1194,12 @@ declare namespace tracer {
       signature?: boolean;
     }
 
+    /**
+     * This plugin automatically patches the [avsc](https://github.com/mtth/avsc) module
+     * to collect avro message schemas when Datastreams Monitoring is enabled.
+     */
+    interface avsc extends Integration {}
+
     /**
      * This plugin automatically instruments the
      * [aws-sdk](https://github.com/aws/aws-sdk-js) module.
@@ -1229,6 +1238,12 @@ declare namespace tracer {
       [key: string]: boolean | Object | undefined;
     }
 
+    /**
+     * This plugin automatically instruments the
+     * @azure/functions module.
+    */
+    interface azure_functions extends Instrumentation {}
+
     /**
      * This plugin patches the [bunyan](https://github.com/trentm/node-bunyan)
      * to automatically inject trace identifiers in log records when the
@@ -1731,6 +1746,11 @@ declare namespace tracer {
      * on the tracer.
      */
     interface pino extends Integration {}
+    /**
+     * This plugin automatically patches the [protobufjs](https://protobufjs.github.io/protobuf.js/)
+     * to collect protobuf message schemas when Datastreams Monitoring is enabled.
+     */
+    interface protobufjs extends Integration {}
 
     /**
      * This plugin automatically instruments the
@@ -2146,6 +2166,12 @@ declare namespace tracer {
      */
     maxContextOperations?: number,
 
+    /**
+     * Defines the pattern to ignore cookie names in the vulnerability hash calculation
+     * @default ".{32,}"
+     */
+    cookieFilterPattern?: string,
+
     /**
      * Whether to enable vulnerability deduplication
      */