v5.37.0 proposal #5281
Merged
v5.37.0 proposal #5281
+4,491
−799
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* move withPeerService out of before * use mongo 4.0 * do not call done() * provide dbName * service name delegate * await * try without bufferCommands * restore original version
…span event if not a native type (#5212) * only stringify graphql error extension value if the value is not a number or bool * fix reviewer comments
…ch was flaking when the stream was inactive (#5202)
Some APIs (pretty much just trace) return whatever value is returned from a callback passed in. Without providing for this, this would trip up the check that returned objects are proxied. We don't want to proxy these objects since they come directly from the caller.
…ions >= 8.10.0 (#5238) * remove skip condition :S * await disconnect
* Extend iast location fields * improve iast test to check if frame have location * check that location do not have column * Exlude test without location * use official msgpack * Fix linter * send class and function from original location * fix test
This reverts commit 95462ec.
* Security controls parser and secure marks for vulnerabilities * Use new NOSQL_MONGODB_INJECTION_MARK in nosql-injection-mongodb-analyzer * Config * first hooks * wrap object properties and more tests * Use dd-trace:moduleLoad(Start|End) channels * iterate object strings and more tests * fix parameter index, include createNewTainted flag and do not use PluginManager in the tests * Fix parameter index and include a test with incorrect index * Avoid to hook multiple times the same module and config tests * sql_injection_mark test * vulnerable ranges tests * fix windows paths * Upgrade taint-tracking to 3.3.0 * Fix * secure mark * add createNewTainted flag to addSecureMark * Use existing _isRangeSecure * supressed vulnerabilities metric * increment supressed vulnerability metric * typo * handle esm default export and filenames starting with file:// * esm integration tests * clean up * secure-marks tests * fix secure-marks generator test * fix config test * empty * check for repeated marks * Update packages/dd-trace/src/appsec/iast/analyzers/injection-analyzer.js Co-authored-by: Ugaitz Urien <[email protected]> * Update packages/dd-trace/src/appsec/iast/security-controls/index.js Co-authored-by: Ugaitz Urien <[email protected]> * Update packages/dd-trace/src/appsec/iast/taint-tracking/secure-marks.js Co-authored-by: Ugaitz Urien <[email protected]> * some suggestions * move _isRangeSecure to InjectionAnalyzer * Add programatically config option * index.d.ts * StoredInjectionAnalyzer * Update packages/dd-trace/test/appsec/iast/analyzers/command-injection-analyzer.spec.js Co-authored-by: ishabi <[email protected]> * store control keys to avoid recreating the array * check visited before iterating * test suggestions * Update packages/dd-trace/src/appsec/iast/security-controls/parser.js Co-authored-by: Ilyas Shabi <[email protected]> * lint * ritm test * clean up * Reject security control with non numeric parameters * fix parameter 0 * Update integration-tests/appsec/iast.esm-security-controls.spec.js Co-authored-by: Ugaitz Urien <[email protected]> * suggestions * use legacy store * fix test * fix test * fix test --------- Co-authored-by: Ugaitz Urien <[email protected]> Co-authored-by: ishabi <[email protected]>
The previous version was transforming the lookup parameter to a string. Closes #4894 Co-authored-by: Benoit Lemoine <[email protected]>
…tead of override (#5243) * update don't override * remove unecessary changes
This was previously checking that objects returned by APIs are wrapped. This shouldn't be checked at run time, but at test time in dd-trace-api.
This is as per the landed change in dd-go.
remove some unnecessary span information --------- Co-authored-by: Zarir Hamza <[email protected]>
…n is enabled. (#5230) * inject dbm trace comment * add service mode test * add unit test to verify both full and service mode * update test * fix lint * use find query * fix timeout * remove done * add tests to mongodb-core * fix service mode full * remove custom timeout * Update packages/dd-trace/src/plugins/database.js Co-authored-by: Bryan English <[email protected]> * merge duplicate code * add tests * add tests to verify command with comments * fix lint * Update index.js Co-authored-by: Thomas Hunter II <[email protected]> --------- Co-authored-by: Bryan English <[email protected]> Co-authored-by: Thomas Hunter II <[email protected]>
Overall package sizeSelf size: 8.75 MB Dependency sizes| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.4.0 | 29.44 MB | 29.44 MB | | @datadog/native-appsec | 8.4.0 | 19.25 MB | 19.26 MB | | @datadog/native-iast-taint-tracking | 3.3.0 | 13.77 MB | 13.78 MB | | @datadog/pprof | 5.5.1 | 9.79 MB | 10.17 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.8.0 | 2.6 MB | 2.74 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 3.1.0 | 1.06 MB | 1.46 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.11.2 | 112.74 kB | 835.4 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.2 | 53.63 kB | 53.63 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.3.1 | 25.21 kB | 25.21 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |🤖 This report was automatically generated by heaviest-objects-in-the-universe |
Datadog ReportBranch report: ✅ 0 Failed, 674 Passed, 0 Skipped, 16m 39.73s Total Time |
BenchmarksBenchmark execution time: 2025-02-17 11:34:12 Comparing candidate commit e3f43a4 in PR branch Found 77 performance improvements and 1 performance regressions! Performance is the same for 833 metrics, 22 unstable metrics. scenario:appsec-control-18
scenario:appsec-control-20
scenario:appsec-control-with-attacks-18
scenario:debugger-enabled-but-breakpoint-not-hit-18
scenario:debugger-enabled-but-breakpoint-not-hit-20
scenario:debugger-enabled-but-breakpoint-not-hit-22
scenario:debugger-line-probe-with-snapshot-default-18
scenario:debugger-line-probe-with-snapshot-default-20
scenario:debugger-line-probe-with-snapshot-default-22
scenario:debugger-line-probe-with-snapshot-minimal-18
scenario:debugger-line-probe-with-snapshot-minimal-20
scenario:debugger-line-probe-with-snapshot-minimal-22
scenario:debugger-line-probe-without-snapshot-18
scenario:debugger-line-probe-without-snapshot-20
scenario:debugger-line-probe-without-snapshot-22
scenario:log-without-log-22
scenario:plugin-bluebird-with-tracer-18
scenario:plugin-graphql-with-async-hooks-18
scenario:plugin-graphql-with-depth-and-collapse-on-18
scenario:plugin-graphql-with-depth-off-18
scenario:plugin-graphql-with-depth-on-max-18
scenario:startup-with-tracer-18
scenario:startup-with-tracer-20
scenario:startup-with-tracer-22
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1ae023d3b4] - (SEMVER-PATCH) [DI] Use column number from source maps (Thomas Watson) #5279366368a38c] - (SEMVER-MINOR) [test optimization] [SDTEST-1529] Add quarantined tests logic (Juan Antonio Fernández de Alba) #5236b599fab632] - (SEMVER-PATCH) [test optimization] Fix session fingerprint in playwright (Juan Antonio Fernández de Alba) #5273efb8e44d5d] - (SEMVER-MINOR) [DI] Add source map support (Thomas Watson) #52052fea9b5c58] - (SEMVER-PATCH) fix(openai): apply span char limit truncation to chat completion input tags (Sam Brenner) #52765a08ad941e] - (SEMVER-PATCH) Delete unused packages/memwatch/* directory (Thomas Watson) #5275560236e353] - (SEMVER-MINOR) Inject trace info as comment to MongoDB operation when dbm propagation is enabled. (Zhengda Lu) #5230ff09f50cb0] - (SEMVER-MINOR) remove span kind from inferred proxy spans (William Conti) #52656b971861fb] - (SEMVER-PATCH) fix(openai): update openai instrumentation for newest release (Sam Brenner) #5271ee6423febd] - (SEMVER-PATCH) change telemetry name for dd-trace-api (Bryan English) #526480800d630f] - (SEMVER-PATCH) ESLint: Disallow warnings in CI (Thomas Watson) #52618e8898d2ce] - (SEMVER-PATCH) dd-trace-api: remove runtime tests that should be test time (Bryan English) #5246872bac80cc] - (SEMVER-MINOR) [MLOB-2096] feat(llmobs): metadata and metrics annotations update instead of override (Sam Brenner) #5243b8130f2229] - (SEMVER-PATCH) prevent usage of semver in code (Roch Devost) #5252d7a574bd2c] - (SEMVER-PATCH) fix(config): keep the lookup value as passed (Thomas Hunter II) #5244fd1dd7e150] - (SEMVER-MINOR) [asm] IAST security controls (Igor Unanua) #5117784b6f39d2] - (SEMVER-PATCH) remove semver and replace with simpler semifies (Roch Devost) #525148f6904f1c] - Revert "Temporarily limit koa upstream tests to test against 2.15.3" (Thomas Watson)95462ecee8] - Temporarily limit koa upstream tests to test against 2.15.3 (Thomas Watson)b8c03bdd48] - (SEMVER-PATCH) change RASP addresses from persistent to ephemeral (simon-id) #5235dc57b5a7af] - (SEMVER-PATCH) Upgrade ESLint from v8 to v9 (Thomas Watson) #5215f8cc54a971] - (SEMVER-PATCH) Add troubleshooting link to profiler start error message (Attila Szegedi) #5242e0ac79507d] - (SEMVER-MINOR) Extended iast location fields (Ilyas Shabi) #5171c64020ae12] - (SEMVER-PATCH) datadog-plugin-mongoose test remove forgotten skip condition for versions >= 8.10.0 (Igor Unanua) #5238788cb6fcba] - (SEMVER-PATCH) dd-trace-api: don't proxy objects returned from callbacks (Bryan English) #5240d19540d525] - (SEMVER-PATCH) [DSM] Add a wait for active stream to the putTestRecords function which was flaking when the stream was inactive (Eric Firth) #5202d3ef34e185] - (SEMVER-PATCH) chore(graphql): only stringify graphql error extension attributes in span event if not a native type (William Conti) #5212ca855f89c6] - (SEMVER-PATCH) Fix mongoose plugin tests (Igor Unanua) #5217