Conversation
* add rasp telemetry missing metrics * add tests for rasp rule match * report rasp rule skipped metric * report rasp rule on nextjs * rasp metrics * report rule match * block * fix windows test * code cleaning * add rule triggered related comment * rule variant tests * fix rasp duration track test
In case the integration tests times out trying to create the sandbox, don't also fail trying to remove it (since it doesn't exist).
* fix openai tests * skip langchain tests
* Pin express version to make sure integration tests pass The issue itself has to be addressed and this should be reworked after this landing. * Fix appsec ci * Apply suggestions from code review --------- Co-authored-by: Ugaitz Urien <ugaitz.urien@datadoghq.com> Co-authored-by: Thomas Watson <w@tson.dk>
Make sure all actions use the one node installer action This aligns the behavior, allows to update the action easier and it makes sure we always use consistent versions. Co-authored-by: Thomas Watson <w@tson.dk>
The sync code got a tad optimized (dense instead of sparse arrays and some other minor improvements). The async parts now also run in parallel. These changes do not make a big difference effectively due to the overhead of the inspector calls themselves. Co-authored-by: Thomas Watson <w@tson.dk>
Add support for having a condition on a probe. A condition should return either `true` or `false`. It can however also throw an error. The error can be thrown in two places: 1. When compiling the AST down to the JavaScript source code (an issue was detected at compilation-time) 2. When running the condition in the context of the breakpoint (an issue was detected at run-time) Compilation-time exceptions are reported as an error event on the probe to the DI diagnostics backend. Run-time exceptions are currently just swallowed and the result of the condition is going to be the same as if it evaluated `false` (i.e. it's not going to tigger the breakpoint). To be 100% compatible with how conditions work in the other tracers, we should technically record the run-time errors and expose those to the user (as a help in debugging the condition). However, due to how conditions are implemented in this PR (by using the `condition` property on the `Debugger.setBreakpoint` Chrome DevTools Protocol API), it's not possible to know if a condition failed, or just returned `false`. For now, this is an ok compromise, due to the increased performance gained by using this API.
* Update rewriter to the new renamed wasm-js-rewriter 3.0.0 * Rename requires * Rename pending @datadog/native-iast-rewriter references * Update to 3.1.0 * Use branch * Set 3.0.0 version again * 3.1.0 again
* add missing shared config for clientIpHeader
* fixtures * test fixes * trigger ci
* Improve tagger and format These are hot code paths and the otel parts should not be part of the tagger. This removes the special handling for errors in the tagger while also improving the performance and not adding tags that have no purpose. * Minor encoding perf improvement Calling Object.entries is actually doing more work than Object.keys while the result is the same.
* Do not instrument mariadb 3.4.1 version
* Supporting last mariadb version * Force the execution of mariadb tests with the latest version using promise to getConnection * Do not create asyncResource when is not needed * Add comment
* add feature to disable mongodb heartbeat tracing
* Update dependabot to look for actions/* * Update SHA in `actions/*`
The logs track will split a JSON key like `debugger.snapshot` into
`debugger: { snapshot }`. This saves a tiny amount of object creation
client side, but makes each installed tracer dependant on this custom
behavior from the logs track.
To allow us more flexibility in the future, better not rely on this
oddity.
* batch span events * try to fix test --------- Co-authored-by: lievan <evan.li@datadoqhq.com>
* Upgrade to profiler 5.7.0 for asyncId collection capability * Add a config option to disable async ID collection * Alphabetically sort some long option lists * Add async ID assertions to the integration test * Only enable the feature for Node.js version >=22.10.0
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## v5.x #5551 +/- ##
=======================================
Coverage ? 78.82%
=======================================
Files ? 508
Lines ? 22623
Branches ? 0
=======================================
Hits ? 17833
Misses ? 4790
Partials ? 0 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
Overall package sizeSelf size: 9.26 MB Dependency sizes| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.5.0 | 29.83 MB | 29.83 MB | | @datadog/native-appsec | 8.5.1 | 19.26 MB | 19.27 MB | | @datadog/native-iast-taint-tracking | 3.3.0 | 13.77 MB | 13.78 MB | | @datadog/pprof | 5.7.0 | 9.89 MB | 10.26 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.4.0 | 2.77 MB | 5.42 MB | | @datadog/wasm-js-rewriter | 3.1.0 | 2.37 MB | 2.52 MB | | @datadog/native-metrics | 3.1.0 | 1.06 MB | 1.46 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.13.1 | 117.64 kB | 839.26 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.2 | 53.63 kB | 53.63 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | dc-polyfill | 0.1.6 | 24.56 kB | 24.56 kB | | shell-quote | 1.8.2 | 23.54 kB | 23.54 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |🤖 This report was automatically generated by heaviest-objects-in-the-universe |
BenchmarksBenchmark execution time: 2025-04-08 16:23:12 Comparing candidate commit 6403a44 in PR branch Found 8 performance improvements and 32 performance regressions! Performance is the same for 910 metrics, 13 unstable metrics. scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-18
scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-20
scenario:appsec-iast-no-vulnerability-iast-enabled-always-active-22
scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-18
scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-20
scenario:appsec-iast-no-vulnerability-iast-enabled-default-config-22
scenario:appsec-iast-startup-time-iast-enabled-18
scenario:appsec-iast-startup-time-iast-enabled-20
scenario:appsec-iast-startup-time-iast-enabled-22
scenario:appsec-iast-with-vulnerability-iast-enabled-always-active-18
scenario:appsec-iast-with-vulnerability-iast-enabled-always-active-20
scenario:appsec-iast-with-vulnerability-iast-enabled-always-active-22
scenario:appsec-iast-with-vulnerability-iast-enabled-default-config-18
scenario:appsec-iast-with-vulnerability-iast-enabled-default-config-20
scenario:appsec-iast-with-vulnerability-iast-enabled-default-config-22
scenario:log-skip-log-22
scenario:log-with-error-22
scenario:log-without-log-22
scenario:startup-with-tracer-22
|
Datadog ReportBranch report: ✅ 0 Failed, 931 Passed, 0 Skipped, 12m 7.01s Total Time |
Collaborator
|
The commit message for the package change, should be "v5.46.0" and not "update package" |
Contributor
Author
@uurien This should be fixed. |
wconti27
force-pushed
the
v5.46.0-proposal
branch
from
c8eb698 to
6403a44
Compare
uurien
approved these changes
Apr 8, 2025
szegedi
approved these changes
Apr 9, 2025
Contributor
szegedi
left a comment
szegedi
left a comment
There was a problem hiding this comment.
Profiling changes look okay.
szegedi
approved these changes
Apr 9, 2025
Contributor
szegedi
left a comment
szegedi
left a comment
There was a problem hiding this comment.
Profiling changes look okay.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
34787c1e22] - (SEMVER-PATCH) Remove appsec distribution metrics (Ugaitz Urien) #5534c2b55f41f3] - (SEMVER-MINOR) [DI] Support multiple probes in the same location (Thomas Watson) #55359ec7ef9813] - (SEMVER-MINOR) Start collecting async IDs in profiles (Attila Szegedi) #5524c9c351d1ea] - (SEMVER-PATCH) fix missing dependency for release proposal job (Roch Devost) #554578aa8e496b] - (SEMVER-PATCH) update the release proposal workflow to create the proposal (Roch Devost) #552759a5f36e17] - (SEMVER-PATCH) fix loading of instrumentations (William Conti) #5544af40a87ba0] - (SEMVER-PATCH) [DI] Condtions: Allow using len to count keys in objects (Thomas Watson) #5542ded5a7762d] - (SEMVER-PATCH) fix(llmobs): send batches of span events (lievan) #5493af0b9536fd] - (SEMVER-PATCH) [DI] Reduce size of compiled code when comparing number literals (Thomas Watson) #55365573c1291e] - (SEMVER-PATCH) [DI] Allow testing of primitives with instanceof (Thomas Watson) #554176d688efb2] - (SEMVER-PATCH) [DI] Don't rely on logs track to split JSON keys on periods (Thomas Watson) #55396590e70a60] - (SEMVER-PATCH) [DI] Change test name to better highlight what is being tested (Thomas Watson) #5540ca02e1ddff] - (SEMVER-PATCH) [DI] Sanitize instanceof class in probe conditions (Thomas Watson) #55201db78a6c4e] - (SEMVER-PATCH) Pin composite actions SHA (TonyCTHsu) #5448e1fd042265] - (SEMVER-MINOR) add feature to disable mongo heartbeats spans (William Conti) #552617e03a7ee1] - (SEMVER-MINOR) Supporting last mariadb version (Ugaitz Urien) #55328df8c369ec] - (SEMVER-MINOR) Improve iast mongodb nosql detection removing some false positives (Ugaitz Urien) #540821e0408b25] - (SEMVER-MINOR) [test-optimization] [SDTEST-1784] Co-relate Playwright tests with RUM sessions (Mario Vidal Domínguez) #55090c9d24ac79] - (SEMVER-PATCH) Fix CI for mariadb (Ugaitz Urien) #553055608ebca8] - (SEMVER-PATCH) Improve tagger, format, and encoding (Ruben Bridgewater) #5354ef3d607adc] - (SEMVER-PATCH) ci(langchain, llmobs): restore embeddings tests with fixtures (Sam Brenner) #551461f8a84ca6] - (SEMVER-PATCH) [DI] Fix isDefined support in probe conditions (Thomas Watson) #55215dc76abe15] - (SEMVER-PATCH) add missing shared config for clientIpHeader (Ida Liu) #54733082b9848e] - (SEMVER-PATCH) Add message to the error consistent with one in proxy.js (Attila Szegedi) #551822dfc65b27] - (SEMVER-PATCH) Update WAF rules to v1.14.2 (simon-id) #5523b94052cfac] - (SEMVER-MINOR) Update recommended.json to the version 1.14.1 (Ugaitz Urien) #55178e21dd1a52] - (SEMVER-PATCH) Update rewriter to the new renamed wasm-js-rewriter 3.1.0 (Ugaitz Urien) #5472d8677ee1e4] - (SEMVER-MINOR) [DI] Add support for probe condition (Thomas Watson) #5488658800adec] - (SEMVER-PATCH) increase appsec next test start timeout to 5 minutes (Roch Devost) #5506b4b2969bdf] - (SEMVER-PATCH) [Debugger] improve snapshot performance (Ruben Bridgewater) #541929485d9cb3] - (SEMVER-PATCH) Always check for the latest Node.js version being installed (Ruben Bridgewater) #5504a1827238eb] - (SEMVER-PATCH) Pin express version to make sure integration tests pass (Ruben Bridgewater) #55101bd4073df9] - (SEMVER-PATCH) ci(openai, langchain, llmobs): fix broken tests (Sam Brenner) #5507f24d815ae2] - (SEMVER-MINOR) [test-optimization] [SDTEST-1163] Playwright active test span (Juan Antonio Fernández de Alba) #4843b984e6321b] - (SEMVER-MINOR) Fix span event serialization for array attributes (Marco Costa) #5490f62b60a23f] - (SEMVER-PATCH) [DI] Improve integration test error handling (Thomas Watson) #5500a029cac0ac] - (SEMVER-PATCH) Remove unused code in router instrumentation code (Thomas Watson) #54785a2ad89c58] - (SEMVER-PATCH) centralize node version numbers for ci workflows (Roch Devost) #54924d9b64fb87] - (SEMVER-PATCH) chore: add tracing macrobenchmark with runtime metrics enabled (Zach Montoya) #5485a432a17e03] - (SEMVER-PATCH) fix user tracking tests (Ilyas Shabi) #5497ecc6588f11] - (SEMVER-MINOR) Add rasp telemetry metrics (Ilyas Shabi) #5458