Skip to content

Commit

Permalink
Merge branch 'master' into ida613/baggage-patch
Browse files Browse the repository at this point in the history
  • Loading branch information
ida613 authored Nov 5, 2024
2 parents a35319d + 497ff72 commit 307133b
Show file tree
Hide file tree
Showing 11 changed files with 352 additions and 5 deletions.
10 changes: 9 additions & 1 deletion .github/workflows/plugins.yml
Original file line number Diff line number Diff line change
Expand Up @@ -578,7 +578,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/plugins/test

mariadb:
runs-on: ubuntu-latest
services:
Expand Down Expand Up @@ -999,6 +999,14 @@ jobs:
- uses: actions/checkout@v4
- uses: ./.github/actions/plugins/test

url:
runs-on: ubuntu-latest
env:
PLUGINS: url
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/plugins/test

when:
runs-on: ubuntu-latest
env:
Expand Down
3 changes: 2 additions & 1 deletion .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ onboarding_tests_installer:
parallel:
matrix:
- ONBOARDING_FILTER_WEBLOG: [test-app-nodejs,test-app-nodejs-container]
SCENARIO: [ INSTALLER_AUTO_INJECTION, SIMPLE_AUTO_INJECTION_PROFILING ]
SCENARIO: [ SIMPLE_INSTALLER_AUTO_INJECTION, SIMPLE_AUTO_INJECTION_PROFILING ]

onboarding_tests_k8s_injection:
variables:
Expand All @@ -31,3 +31,4 @@ requirements_json_test:
variables:
REQUIREMENTS_BLOCK_JSON_PATH: ".gitlab/requirements_block.json"
REQUIREMENTS_ALLOW_JSON_PATH: ".gitlab/requirements_allow.json"

2 changes: 1 addition & 1 deletion docs/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"main": "typedoc.js",
"scripts": {
"build": "typedoc ../index.d.ts && ./add-redirects.sh",
"pretest": "tsc -p . && tsc test",
"pretest": "tsc -p . && tsc --types node test",
"test": "node test"
},
"license": "BSD-3-Clause",
Expand Down
3 changes: 2 additions & 1 deletion docs/tsconfig.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
"moduleResolution": "node",
"module": "commonjs",
"baseUrl": ".",
"strict": true
"strict": true,
"types": ["node"]
},
"files": [
"../index.d.ts"
Expand Down
4 changes: 4 additions & 0 deletions integration-tests/appsec/multer.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ const {
spawnProc
} = require('../helpers')

const { NODE_MAJOR } = require('../../version')

const describe = NODE_MAJOR <= 16 ? globalThis.describe.skip : globalThis.describe

describe('multer', () => {
let sandbox, cwd, startupTestFile, agent, proc, env

Expand Down
2 changes: 2 additions & 0 deletions packages/datadog-instrumentations/src/helpers/hooks.js
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ module.exports = {
'node:http2': () => require('../http2'),
'node:https': () => require('../http'),
'node:net': () => require('../net'),
'node:url': () => require('../url'),
nyc: () => require('../nyc'),
oracledb: () => require('../oracledb'),
openai: () => require('../openai'),
Expand All @@ -115,6 +116,7 @@ module.exports = {
sharedb: () => require('../sharedb'),
tedious: () => require('../tedious'),
undici: () => require('../undici'),
url: () => require('../url'),
vitest: { esmFirst: true, fn: () => require('../vitest') },
when: () => require('../when'),
winston: () => require('../winston'),
Expand Down
84 changes: 84 additions & 0 deletions packages/datadog-instrumentations/src/url.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
'use strict'

const { addHook, channel } = require('./helpers/instrument')
const shimmer = require('../../datadog-shimmer')
const names = ['url', 'node:url']

const parseFinishedChannel = channel('datadog:url:parse:finish')
const urlGetterChannel = channel('datadog:url:getter:finish')
const instrumentedGetters = ['host', 'origin', 'hostname']

addHook({ name: names }, function (url) {
shimmer.wrap(url, 'parse', (parse) => {
return function wrappedParse (input) {
const parsedValue = parse.apply(this, arguments)
if (!parseFinishedChannel.hasSubscribers) return parsedValue

parseFinishedChannel.publish({
input,
parsed: parsedValue,
isURL: false
})

return parsedValue
}
})

const URLPrototype = url.URL.prototype.constructor.prototype
instrumentedGetters.forEach(property => {
const originalDescriptor = Object.getOwnPropertyDescriptor(URLPrototype, property)

if (originalDescriptor?.get) {
const newDescriptor = shimmer.wrap(originalDescriptor, 'get', function (originalGet) {
return function get () {
const result = originalGet.apply(this, arguments)
if (!urlGetterChannel.hasSubscribers) return result

const context = { urlObject: this, result, property }
urlGetterChannel.publish(context)

return context.result
}
})

Object.defineProperty(URLPrototype, property, newDescriptor)
}
})

shimmer.wrap(url, 'URL', (URL) => {
return class extends URL {
constructor (input, base) {
super(...arguments)

if (!parseFinishedChannel.hasSubscribers) return

parseFinishedChannel.publish({
input,
base,
parsed: this,
isURL: true
})
}
}
})

if (url.URL.parse) {
shimmer.wrap(url.URL, 'parse', (parse) => {
return function wrappedParse (input, base) {
const parsedValue = parse.apply(this, arguments)
if (!parseFinishedChannel.hasSubscribers) return parsedValue

parseFinishedChannel.publish({
input,
base,
parsed: parsedValue,
isURL: true
})

return parsedValue
}
})
}

return url
})
114 changes: 114 additions & 0 deletions packages/datadog-instrumentations/test/url.spec.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
'use strict'

const agent = require('../../dd-trace/test/plugins/agent')
const { channel } = require('../src/helpers/instrument')
const names = ['url', 'node:url']

names.forEach(name => {
describe(name, () => {
const url = require(name)
const parseFinishedChannel = channel('datadog:url:parse:finish')
const urlGetterChannel = channel('datadog:url:getter:finish')
let parseFinishedChannelCb, urlGetterChannelCb

before(async () => {
await agent.load('url')
})

after(() => {
return agent.close()
})

beforeEach(() => {
parseFinishedChannelCb = sinon.stub()
urlGetterChannelCb = sinon.stub()
parseFinishedChannel.subscribe(parseFinishedChannelCb)
urlGetterChannel.subscribe(urlGetterChannelCb)
})

afterEach(() => {
parseFinishedChannel.unsubscribe(parseFinishedChannelCb)
urlGetterChannel.unsubscribe(urlGetterChannelCb)
})

describe('url.parse', () => {
it('should publish', () => {
// eslint-disable-next-line n/no-deprecated-api
const result = url.parse('https://www.datadoghq.com')

sinon.assert.calledOnceWithExactly(parseFinishedChannelCb, {
input: 'https://www.datadoghq.com',
parsed: result,
isURL: false
}, sinon.match.any)
})
})

describe('url.URL', () => {
describe('new URL', () => {
it('should publish with input', () => {
const result = new url.URL('https://www.datadoghq.com')

sinon.assert.calledOnceWithExactly(parseFinishedChannelCb, {
input: 'https://www.datadoghq.com',
base: undefined,
parsed: result,
isURL: true
}, sinon.match.any)
})

it('should publish with base and input', () => {
const result = new url.URL('/path', 'https://www.datadoghq.com')

sinon.assert.calledOnceWithExactly(parseFinishedChannelCb, {
base: 'https://www.datadoghq.com',
input: '/path',
parsed: result,
isURL: true
}, sinon.match.any)
})

;['host', 'origin', 'hostname'].forEach(property => {
it(`should publish on get ${property}`, () => {
const urlObject = new url.URL('/path', 'https://www.datadoghq.com')

const result = urlObject[property]

sinon.assert.calledWithExactly(urlGetterChannelCb, {
urlObject,
result,
property
}, sinon.match.any)
})
})
})
})

if (url.URL.parse) { // added in v22.1.0
describe('url.URL.parse', () => {
it('should publish with input', () => {
const input = 'https://www.datadoghq.com'
const parsed = url.URL.parse(input)

sinon.assert.calledOnceWithExactly(parseFinishedChannelCb, {
input,
parsed,
base: undefined,
isURL: true
}, sinon.match.any)
})

it('should publish with base and input', () => {
const result = new url.URL('/path', 'https://www.datadoghq.com')

sinon.assert.calledOnceWithExactly(parseFinishedChannelCb, {
base: 'https://www.datadoghq.com',
input: '/path',
parsed: result,
isURL: true
}, sinon.match.any)
})
})
}
})
})
41 changes: 41 additions & 0 deletions packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ class TaintTrackingPlugin extends SourceIastPlugin {
constructor () {
super()
this._type = 'taint-tracking'
this._taintedURLs = new WeakMap()
}

onConfigure () {
Expand Down Expand Up @@ -88,6 +89,46 @@ class TaintTrackingPlugin extends SourceIastPlugin {
}
)

const urlResultTaintedProperties = ['host', 'origin', 'hostname']
this.addSub(
{ channelName: 'datadog:url:parse:finish' },
({ input, base, parsed, isURL }) => {
const iastContext = getIastContext(storage.getStore())
let ranges

if (base) {
ranges = getRanges(iastContext, base)
} else {
ranges = getRanges(iastContext, input)
}

if (ranges?.length) {
if (isURL) {
this._taintedURLs.set(parsed, ranges[0])
} else {
urlResultTaintedProperties.forEach(param => {
this._taintTrackingHandler(ranges[0].iinfo.type, parsed, param, iastContext)
})
}
}
}
)

this.addSub(
{ channelName: 'datadog:url:getter:finish' },
(context) => {
if (!urlResultTaintedProperties.includes(context.property)) return

const origRange = this._taintedURLs.get(context.urlObject)
if (!origRange) return

const iastContext = getIastContext(storage.getStore())
if (!iastContext) return

context.result =
newTaintedString(iastContext, context.result, origRange.iinfo.parameterName, origRange.iinfo.type)
})

// this is a special case to increment INSTRUMENTED_SOURCE metric for header
this.addInstrumentedSource('http', [HTTP_REQUEST_HEADER_VALUE, HTTP_REQUEST_HEADER_NAME])
}
Expand Down
Loading

0 comments on commit 307133b

Please sign in to comment.