Merge branch 'master' into igor/iast-security-controls

.github/actions/install/action.yml

@@ -3,6 +3,6 @@ description: Install dependencies
 runs:
   using: composite
   steps: # retry in case of server error from registry
-    - run: yarn install --ignore-engines || yarn install --ignore-engines
+    - run: yarn install --frozen-lockfile --ignore-engines || yarn install --frozen-lockfile --ignore-engines
       shell: bash
 

.github/actions/testagent/logs/action.yml

@@ -11,33 +11,44 @@ runs:
   using: composite
   steps:
     - uses: actions/checkout@v2
-    - run: |
+    - name: Create Artifacts Directories
+      run: |
+        mkdir -p "./artifacts/logs"
+        mkdir -p "./artifacts/supported-integrations"
+      shell: bash
+    - name: Save Test Agent Logs
+      id: save_logs
+      if:  runner.debug == '1' # only create test agent log artifacts if the github action has been re-run with debug mode
+      run: |
         if [ -n "${{inputs.container-id}}" ]; then
-          docker logs ${{inputs.container-id}}
+          docker logs "${{inputs.container-id}}" > "artifacts/logs/test_agent_logs_${{ inputs.suffix }}.txt"
         else
-          docker compose logs testagent
+          docker compose logs testagent > "artifacts/logs/test_agent_logs_${{ inputs.suffix }}.txt"
         fi
       shell: bash
+    - name: Archive Test Agent Logs
+      if:  runner.debug == '1' # only create test agent log artifacts if the github action has been re-run with debug mode
+      uses: actions/upload-artifact@v4
+      with:
+        name: "test_agent_logs_${{ inputs.suffix }}"
+        path: "./artifacts/logs"
     - name: Get Tested Integrations from Test Agent
       run: |
         # make temporary files to save response data to
         response=$(mktemp) && headers=$(mktemp)
 
-        # create artifacts directory if it doesn't exist
-        mkdir -p "./artifacts"
-
         # get tested integrations
         curl -o "$response" -D "$headers" http://127.0.0.1:9126/test/integrations/tested_versions
 
         # get filename representing the name of the tested integration from headers
         filename=$(awk -F': ' '/file-name/{print $2}' "$headers" | tr -d '\r\n')
 
         # copy data to final file and remove temp files
-        mv "$response" "artifacts/${filename}_supported_versions.csv"
+        mv "$response" "artifacts/supported-integrations/${filename}_supported_versions.csv"
         rm "$headers"
       shell: bash
-    - name: Archive Test Agent Artifacts
+    - name: Archive Test Agent Tested Versions Artifacts
       uses: actions/upload-artifact@v4
       with:
-        name: supported-integrations-${{inputs.suffix}}
-        path: ./artifacts
+        name: supported-integrations-${{ inputs.suffix }}
+        path: ./artifacts

.github/workflows/instrumentations.yml

@@ -36,6 +36,14 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/plugins/test
 
+  passport:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: passport
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/plugins/test
+
   passport-http:
     runs-on: ubuntu-latest
     env:

.github/workflows/plugins.yml

@@ -317,6 +317,14 @@ jobs:
           suffix: plugins-${{ github.job }}
       - uses: codecov/codecov-action@v5
 
+  dd-trace-api:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: dd-trace-api
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/plugins/test
+
   dns:
     runs-on: ubuntu-latest
     env:

.github/workflows/system-tests.yml

@@ -90,5 +90,5 @@ jobs:
     with:
       library: nodejs
       binaries_artifact: system_tests_binaries
-      _experimental_job_count: 8
-      _experimental_job_matrix: '[1,2,3,4,5,6,7,8]'
+      job_count: 8
+      job_matrix: '[1,2,3,4,5,6,7,8]'

LICENSE-3rdparty.csv

@@ -35,6 +35,7 @@ dev,@apollo/server,MIT,Copyright (c) 2016-2020 Apollo Graph, Inc. (Formerly Mete
 dev,@types/node,MIT,Copyright Authors
 dev,@eslint/eslintrc,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
 dev,@eslint/js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
+dev,@msgpack/msgpack,ISC,Copyright 2019 The MessagePack Community
 dev,@stylistic/eslint-plugin-js,MIT,Copyright OpenJS Foundation and other contributors, <www.openjsf.org>
 dev,autocannon,MIT,Copyright 2016 Matteo Collina
 dev,aws-sdk,Apache 2.0,Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
@@ -58,12 +59,10 @@ dev,get-port,MIT,Copyright Sindre Sorhus
 dev,glob,ISC,Copyright Isaac Z. Schlueter and Contributors
 dev,globals,MIT,Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)
 dev,graphql,MIT,Copyright 2015 Facebook Inc.
-dev,int64-buffer,MIT,Copyright 2015-2016 Yusuke Kawasaki
 dev,jszip,MIT,Copyright 2015-2016 Stuart Knightley and contributors
 dev,knex,MIT,Copyright (c) 2013-present Tim Griesser
 dev,mkdirp,MIT,Copyright 2010 James Halliday
 dev,mocha,MIT,Copyright 2011-2018 JS Foundation and contributors https://js.foundation
-dev,msgpack-lite,MIT,Copyright 2015 Yusuke Kawasaki
 dev,multer,MIT,Copyright 2014 Hage Yaapa
 dev,nock,MIT,Copyright 2017 Pedro Teixeira and other contributors
 dev,nyc,ISC,Copyright 2015 Contributors

integration-tests/ci-visibility-intake.js

@@ -1,7 +1,6 @@
 const express = require('express')
 const bodyParser = require('body-parser')
-const msgpack = require('msgpack-lite')
-const codec = msgpack.createCodec({ int64: true })
+const msgpack = require('@msgpack/msgpack')
 const http = require('http')
 const multer = require('multer')
 const upload = multer()
@@ -81,7 +80,7 @@ class FakeCiVisIntake extends FakeAgent {
       res.status(200).send({ rate_by_service: { 'service:,env:': 1 } })
       this.emit('message', {
         headers: req.headers,
-        payload: msgpack.decode(req.body, { codec }),
+        payload: msgpack.decode(req.body, { useBigInt64: true }),
         url: req.url
       })
     })
@@ -100,7 +99,7 @@ class FakeCiVisIntake extends FakeAgent {
         res.status(200).send('OK')
         this.emit('message', {
           headers: req.headers,
-          payload: msgpack.decode(req.body, { codec }),
+          payload: msgpack.decode(req.body, { useBigInt64: true }),
           url: req.url
         })
       }, waitingTime || 0)

integration-tests/helpers/fake-agent.js

@@ -5,8 +5,7 @@ const EventEmitter = require('events')
 const http = require('http')
 const express = require('express')
 const bodyParser = require('body-parser')
-const msgpack = require('msgpack-lite')
-const codec = msgpack.createCodec({ int64: true })
+const msgpack = require('@msgpack/msgpack')
 const upload = require('multer')()
 
 module.exports = class FakeAgent extends EventEmitter {
@@ -241,7 +240,7 @@ function buildExpressServer (agent) {
     res.status(200).send({ rate_by_service: { 'service:,env:': 1 } })
     agent.emit('message', {
       headers: req.headers,
-      payload: msgpack.decode(req.body, { codec })
+      payload: msgpack.decode(req.body, { useBigInt64: true })
     })
   })
 

package.json

@@ -86,7 +86,7 @@
     "@datadog/native-iast-rewriter": "2.6.1",
     "@datadog/native-iast-taint-tracking": "3.3.0",
     "@datadog/native-metrics": "^3.1.0",
-    "@datadog/pprof": "5.5.0",
+    "@datadog/pprof": "5.5.1",
     "@datadog/sketches-js": "^2.1.0",
     "@isaacs/ttlcache": "^1.4.1",
     "@opentelemetry/api": ">=1.0.0 <1.9.0",
@@ -118,6 +118,7 @@
     "@apollo/server": "^4.11.0",
     "@eslint/eslintrc": "^3.1.0",
     "@eslint/js": "^9.11.1",
+    "@msgpack/msgpack": "^3.0.0-beta3",
     "@stylistic/eslint-plugin-js": "^2.8.0",
     "@types/node": "^16.0.0",
     "autocannon": "^4.5.2",
@@ -142,12 +143,10 @@
     "glob": "^7.1.6",
     "globals": "^15.10.0",
     "graphql": "0.13.2",
-    "int64-buffer": "^0.1.9",
     "jszip": "^3.5.0",
     "knex": "^2.4.2",
     "mkdirp": "^3.0.1",
     "mocha": "^10",
-    "msgpack-lite": "^0.1.26",
     "multer": "^1.4.5-lts.1",
     "nock": "^11.3.3",
     "nyc": "^15.1.0",

packages/datadog-instrumentations/src/aws-sdk.js

@@ -40,6 +40,18 @@ function wrapRequest (send) {
   }
 }
 
+function wrapDeserialize (deserialize, channelSuffix) {
+  const headersCh = channel(`apm:aws:response:deserialize:${channelSuffix}`)
+
+  return function (response) {
+    if (headersCh.hasSubscribers) {
+      headersCh.publish({ headers: response.headers })
+    }
+
+    return deserialize.apply(this, arguments)
+  }
+}
+
 function wrapSmithySend (send) {
   return function (command, ...args) {
     const cb = args[args.length - 1]
@@ -61,6 +73,10 @@ function wrapSmithySend (send) {
     const responseStartChannel = channel(`apm:aws:response:start:${channelSuffix}`)
     const responseFinishChannel = channel(`apm:aws:response:finish:${channelSuffix}`)
 
+    if (typeof command.deserialize === 'function') {
+      shimmer.wrap(command, 'deserialize', deserialize => wrapDeserialize(deserialize, channelSuffix))
+    }
+
     return innerAr.runInAsyncScope(() => {
       startCh.publish({
         serviceIdentifier,

packages/datadog-instrumentations/src/helpers/hooks.js

@@ -102,6 +102,7 @@ module.exports = {
   oracledb: () => require('../oracledb'),
   openai: () => require('../openai'),
   paperplane: () => require('../paperplane'),
+  passport: () => require('../passport'),
   'passport-http': () => require('../passport-http'),
   'passport-local': () => require('../passport-local'),
   pg: () => require('../pg'),

packages/datadog-instrumentations/src/jest.js

@@ -313,10 +313,11 @@ function getWrappedEnvironment (BaseEnvironment, jestVersion) {
         const asyncResource = asyncResources.get(event.test)
 
         if (status === 'fail') {
+          const shouldSetProbe = this.isDiEnabled && willBeRetried && numTestExecutions === 1
           asyncResource.runInAsyncScope(() => {
             testErrCh.publish({
               error: formatJestError(event.test.errors[0]),
-              shouldSetProbe: this.isDiEnabled && willBeRetried && numTestExecutions === 1,
+              shouldSetProbe,
               promises
             })
           })
@@ -336,18 +337,13 @@ function getWrappedEnvironment (BaseEnvironment, jestVersion) {
           testFinishCh.publish({
             status,
             testStartLine: getTestLineStart(event.test.asyncError, this.testSuite),
-            promises,
-            shouldRemoveProbe: this.isDiEnabled && !willBeRetried
+            promises
           })
         })
 
         if (promises.isProbeReady) {
           await promises.isProbeReady
         }
-
-        if (promises.isProbeRemoved) {
-          await promises.isProbeRemoved
-        }
       }
       if (event.name === 'test_skip' || event.name === 'test_todo') {
         const asyncResource = new AsyncResource('bound-anonymous-fn')

packages/datadog-instrumentations/src/passport.js

@@ -0,0 +1,45 @@
+'use strict'
+
+const shimmer = require('../../datadog-shimmer')
+const { channel, addHook } = require('./helpers/instrument')
+
+const onPassportDeserializeUserChannel = channel('datadog:passport:deserializeUser:finish')
+
+function wrapDone (done) {
+  return function wrappedDone (err, user) {
+    if (!err && user) {
+      const abortController = new AbortController()
+
+      onPassportDeserializeUserChannel.publish({ user, abortController })
+
+      if (abortController.signal.aborted) return
+    }
+
+    return done.apply(this, arguments)
+  }
+}
+
+function wrapDeserializeUser (deserializeUser) {
+  return function wrappedDeserializeUser (fn, req, done) {
+    if (typeof fn === 'function') return deserializeUser.apply(this, arguments)
+
+    if (typeof req === 'function') {
+      done = req
+      arguments[1] = wrapDone(done)
+    } else {
+      arguments[2] = wrapDone(done)
+    }
+
+    return deserializeUser.apply(this, arguments)
+  }
+}
+
+addHook({
+  name: 'passport',
+  file: 'lib/authenticator.js',
+  versions: ['>=0.3.0']
+}, Authenticator => {
+  shimmer.wrap(Authenticator.prototype, 'deserializeUser', wrapDeserializeUser)
+
+  return Authenticator
+})