Disable APM tracing (standalone billing)

docs/test.ts

@@ -144,6 +144,7 @@ tracer.init({
 });
 
 tracer.init({
+  apmTracingEnabled: false,
   experimental: {
     iast: {
       enabled: true,
@@ -157,11 +158,6 @@ tracer.init({
       redactionNamePattern: 'password',
       redactionValuePattern: 'bearer',
       telemetryVerbosity: 'OFF'
-    },
-    appsec: {
-      standalone: {
-        enabled: true
-      }
     }
   }
 })

index.d.ts

@@ -345,6 +345,12 @@ declare namespace tracer {
    * List of options available to the tracer.
    */
   export interface TracerOptions {
+    /**
+     * Whether to disable APM Tracing
+     * @default true
+     */
+    apmTracingEnabled?: boolean
+
     /**
      * Whether to enable trace ID injection in log records to be able to correlate
      * traces with logs.
@@ -528,6 +534,10 @@ declare namespace tracer {
       appsec?: {
         /**
          * Configuration of Standalone ASM mode
+         * Deprecated in favor of `apmTracingEnabled`.
+         *
+         * @deprecated
+         * @hidden
          */
         standalone?: {
           /**

integration-tests/standalone-asm.spec.js

@@ -47,7 +47,7 @@ describe('Standalone ASM', () => {
     function assertKeep (payload) {
       const { meta, metrics } = payload
 
-      assert.propertyVal(meta, '_dd.p.appsec', '1')
+      assert.propertyVal(meta, '_dd.p.ts', '02')
 
       assert.propertyVal(metrics, '_sampling_priority_v1', USER_KEEP)
       assert.propertyVal(metrics, '_dd.apm.enabled', 0)
@@ -57,7 +57,7 @@ describe('Standalone ASM', () => {
       const { metrics } = payload
       assert.propertyVal(metrics, '_sampling_priority_v1', AUTO_REJECT)
       assert.propertyVal(metrics, '_dd.apm.enabled', 0)
-      assert.notProperty(metrics, '_dd.p.appsec')
+      assert.notProperty(metrics, '_dd.p.ts')
     }
 
     async function doWarmupRequests (procOrUrl, number = 3) {
@@ -99,7 +99,7 @@ describe('Standalone ASM', () => {
 
           const { meta, metrics } = fifthReq[0]
           assert.notProperty(meta, 'manual.keep')
-          assert.notProperty(meta, '_dd.p.appsec')
+          assert.notProperty(meta, '_dd.p.ts')
 
           assert.propertyVal(metrics, '_sampling_priority_v1', AUTO_KEEP)
           assert.propertyVal(metrics, '_dd.apm.enabled', 0)
@@ -207,7 +207,7 @@ describe('Standalone ASM', () => {
       })
 
       // proc/propagation-with-event triggers an appsec event and calls downstream proc2/down with no event
-      it('should keep if parent trace is (prio:2, _dd.p.appsec:1) but there is no event in the local trace',
+      it('should keep if parent trace is (prio:2, _dd.p.ts:02) but there is no event in the local trace',
         async () => {
           await doWarmupRequests(proc)
           await doWarmupRequests(proc2)
@@ -284,7 +284,7 @@ describe('Standalone ASM', () => {
         const { meta, metrics } = payload[0][0]
         assert.property(meta, '_dd.iast.json') // WEAK_HASH and XCONTENTTYPE_HEADER_MISSING reported
 
-        assert.notProperty(meta, '_dd.p.appsec')
+        assert.notProperty(meta, '_dd.p.ts')
         assert.notProperty(metrics, '_dd.apm.enabled')
       })
     })
@@ -304,7 +304,7 @@ describe('Standalone ASM', () => {
         const { meta, metrics } = payload[0][0]
         assert.property(meta, '_dd.appsec.json') // crs-942-100 triggered
 
-        assert.notProperty(meta, '_dd.p.appsec')
+        assert.notProperty(meta, '_dd.p.ts')
         assert.notProperty(metrics, '_dd.apm.enabled')
       })
     })

package.json

@@ -23,7 +23,7 @@
     "test:appsec:plugins:ci": "yarn services && nyc --no-clean --include \"packages/dd-trace/src/appsec/**/*.js\" -- npm run test:appsec:plugins",
     "test:debugger": "mocha -r 'packages/dd-trace/test/setup/mocha.js' 'packages/dd-trace/test/debugger/**/*.spec.js'",
     "test:debugger:ci": "nyc --no-clean --include 'packages/dd-trace/src/debugger/**/*.js' -- npm run test:debugger",
-    "test:trace:core": "tap packages/dd-trace/test/*.spec.js \"packages/dd-trace/test/{ci-visibility,datastreams,encode,exporters,opentelemetry,opentracing,plugins,service-naming,telemetry}/**/*.spec.js\"",
+    "test:trace:core": "tap packages/dd-trace/test/*.spec.js \"packages/dd-trace/test/{ci-visibility,datastreams,encode,exporters,opentelemetry,opentracing,plugins,service-naming,standalone,telemetry}/**/*.spec.js\"",
     "test:trace:core:ci": "npm run test:trace:core -- --coverage --nyc-arg=--include=\"packages/dd-trace/src/**/*.js\"",
     "test:instrumentations": "mocha -r 'packages/dd-trace/test/setup/mocha.js' 'packages/datadog-instrumentations/test/**/*.spec.js'",
     "test:instrumentations:ci": "nyc --no-clean --include 'packages/datadog-instrumentations/src/**/*.js' -- npm run test:instrumentations",

packages/dd-trace/src/appsec/iast/index.js

@@ -22,7 +22,6 @@ const securityControls = require('./security-controls')
 const requestStart = dc.channel('dd-trace:incomingHttpRequestStart')
 const requestClose = dc.channel('dd-trace:incomingHttpRequestEnd')
 const iastResponseEnd = dc.channel('datadog:iast:response-end')
-
 let isEnabled = false
 
 function enable (config, _tracer) {

packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -3,11 +3,10 @@
 const LRU = require('lru-cache')
 const vulnerabilitiesFormatter = require('./vulnerabilities-formatter')
 const { IAST_ENABLED_TAG_KEY, IAST_JSON_TAG_KEY } = require('./tags')
-const standalone = require('../standalone')
-const { SAMPLING_MECHANISM_APPSEC } = require('../../constants')
 const { keepTrace } = require('../../priority_sampler')
 const { reportStackTrace, getCallsiteFrames, canReportStackTrace, STACK_TRACE_NAMESPACES } = require('../stack_trace')
 const { getOriginalPathAndLineFromSourceMap } = require('./taint-tracking/rewriter')
+const { ASM } = require('../../standalone/product')
 
 const VULNERABILITIES_KEY = 'vulnerabilities'
 const VULNERABILITY_HASHES_MAX_SIZE = 1000
@@ -51,8 +50,7 @@ function addVulnerability (iastContext, vulnerability, callSiteFrames) {
 
   if (!span) return
 
-  keepTrace(span, SAMPLING_MECHANISM_APPSEC)
-  standalone.sample(span)
+  keepTrace(span, ASM)
 
   if (stackTraceEnabled && canReportStackTrace(span, maxStackTraces, STACK_TRACE_NAMESPACES.IAST)) {
     const originalCallSiteList = callSiteFrames.map(callsite => replaceCallSiteFromSourceMap(callsite))

packages/dd-trace/src/appsec/reporter.js

@@ -13,9 +13,8 @@ const {
   getRequestMetrics
 } = require('./telemetry')
 const zlib = require('zlib')
-const standalone = require('./standalone')
-const { SAMPLING_MECHANISM_APPSEC } = require('../constants')
 const { keepTrace } = require('../priority_sampler')
+const { ASM } = require('../standalone/product')
 
 // default limiter, configurable with setRateLimit()
 let limiter = new Limiter(100)
@@ -129,9 +128,7 @@ function reportAttack (attackData) {
   }
 
   if (limiter.isAllowed()) {
-    keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
-
-    standalone.sample(rootSpan)
+    keepTrace(rootSpan, ASM)
   }
 
   // TODO: maybe add this to format.js later (to take decision as late as possible)
@@ -186,9 +183,7 @@ function finishRequest (req, res) {
   if (metricsQueue.size) {
     rootSpan.addTags(Object.fromEntries(metricsQueue))
 
-    keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
-
-    standalone.sample(rootSpan)
+    keepTrace(rootSpan, ASM)
 
     metricsQueue.clear()
   }

packages/dd-trace/src/appsec/sdk/track_event.js

@@ -3,11 +3,10 @@
 const log = require('../../log')
 const { getRootSpan } = require('./utils')
 const { setUserTags } = require('./set_user')
-const standalone = require('../standalone')
 const waf = require('../waf')
-const { SAMPLING_MECHANISM_APPSEC } = require('../../constants')
 const { keepTrace } = require('../../priority_sampler')
 const addresses = require('../addresses')
+const { ASM } = require('../../standalone/product')
 
 function trackUserLoginSuccessEvent (tracer, user, metadata) {
   // TODO: better user check here and in _setUser() ?
@@ -79,8 +78,7 @@ function trackEvent (eventName, fields, sdkMethodName, rootSpan) {
 
   rootSpan.addTags(tags)
 
-  keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
-  standalone.sample(rootSpan)
+  keepTrace(rootSpan, ASM)
 }
 
 function runWaf (eventName, user) {

packages/dd-trace/src/appsec/user_tracking.js

@@ -5,9 +5,8 @@ const log = require('../log')
 const telemetry = require('./telemetry')
 const addresses = require('./addresses')
 const { keepTrace } = require('../priority_sampler')
-const { SAMPLING_MECHANISM_APPSEC } = require('../constants')
-const standalone = require('./standalone')
 const waf = require('./waf')
+const { ASM } = require('../standalone/product')
 
 // the RFC doesn't include '_id', but it's common in MongoDB
 const USER_ID_FIELDS = ['id', '_id', 'email', 'username', 'login', 'user']
@@ -151,8 +150,7 @@ function trackLogin (framework, login, user, success, rootSpan) {
     persistent[addresses.LOGIN_FAILURE] = null
   }
 
-  keepTrace(rootSpan, SAMPLING_MECHANISM_APPSEC)
-  standalone.sample(rootSpan)
+  keepTrace(rootSpan, ASM)
 
   rootSpan.addTags(newTags)