From 8f77e08b57fa7ddf67c904501aa3809554df9e18 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 13:59:14 +0100 Subject: [PATCH 01/10] Run the same test multiple times and avoid others and add logs --- .../overhead-controller.integration.spec.js | 211 +++++++++--------- 1 file changed, 111 insertions(+), 100 deletions(-) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 2794671921..4f46272e11 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -5,119 +5,130 @@ const assert = require('node:assert/strict') const path = require('path') const Axios = require('axios') const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../../../../../integration-tests/helpers') - -describe('IAST - overhead-controller - integration', () => { - let axios, cwd, agent, proc - - useSandbox( - ['express'], - false, - [path.join(__dirname, 'resources')] - ) - - before(function () { - cwd = sandboxCwd() - }) - - beforeEach(async () => { - agent = await new FakeAgent().start() - }) - - afterEach(async () => { - proc.kill() - await agent.stop() - }) - - describe('vulnerability sampling algorithm', () => { - beforeEach(async function () { - this.timeout(30_000) - - proc = await spawnProc(path.join(cwd, 'resources', 'overhead-controller.js'), { - cwd, - env: { - DD_TRACE_AGENT_PORT: agent.port, - DD_IAST_ENABLED: 'true', - DD_IAST_REQUEST_SAMPLING: '100', - DD_INSTRUMENTATION_TELEMETRY_ENABLED: 'false', - NODE_OPTIONS: '--require ./resources/init.js', - }, - }) - axios = Axios.create({ baseURL: proc.url }) +for (let i = 0; i < 100; i++) { + describe.only('IAST - overhead-controller - integration', () => { + let axios, cwd, agent, proc + + useSandbox( + ['express'], + false, + [path.join(__dirname, 'resources')] + ) + + before(function () { + cwd = sandboxCwd() }) - async function checkVulnerabilitiesInEndpoint (path, vulnerabilitiesAndCount, method = 'GET') { - await axios.request(path, { method }) + beforeEach(async () => { + agent = await new FakeAgent().start() + }) - await agent.assertMessageReceived(({ payload }) => { - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) - const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) - assert.notStrictEqual(vulnerabilitiesTrace, null) + afterEach(async () => { + proc.kill() + await agent.stop() + }) - const vulnerabilities = {} - vulnerabilitiesTrace.vulnerabilities.forEach(v => { - const vulnCount = vulnerabilities[v.type] - vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 + describe('vulnerability sampling algorithm', () => { + beforeEach(async function () { + this.timeout(30_000) + + proc = await spawnProc(path.join(cwd, 'resources', 'overhead-controller.js'), { + cwd, + env: { + DD_TRACE_AGENT_PORT: agent.port, + DD_IAST_ENABLED: 'true', + DD_IAST_REQUEST_SAMPLING: '100', + DD_INSTRUMENTATION_TELEMETRY_ENABLED: 'false', + NODE_OPTIONS: '--require ./resources/init.js', + }, }) + axios = Axios.create({ baseURL: proc.url }) + }) - assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) - - Object.keys(vulnerabilitiesAndCount).forEach((vType) => { - assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) - }) - }, 1000, 1, true) - } - - async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { - await axios.request(path, { method }) - - await agent.assertMessageReceived(({ payload }) => { - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(!('_dd.iast.json' in payload[0][0].meta)) - }, 1000, 1, true) - } - - it('should report vulnerability only in the first request', async () => { - await checkVulnerabilitiesInEndpoint('/one-vulnerability', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/one-vulnerability') - }) + async function checkVulnerabilitiesInEndpoint (path, vulnerabilitiesAndCount, method = 'GET') { + // agent.assertMessageReceived(({ payload }) => { + // console.log('executed', payload) + // }, 1000, 1, true) + console.log('before request') + function messageHandler (msg) { + console.log('messageHandler', msg) + } + agent.on('message', messageHandler) + await axios.request(path, { method }) + agent.off('message', messageHandler) + + console.log('before assertMessageReceived') + await agent.assertMessageReceived(({ payload }) => { + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) + const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) + assert.notStrictEqual(vulnerabilitiesTrace, null) + + const vulnerabilities = {} + vulnerabilitiesTrace.vulnerabilities.forEach(v => { + const vulnCount = vulnerabilities[v.type] + vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 + }) + + assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) + + Object.keys(vulnerabilitiesAndCount).forEach((vType) => { + assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) + }) + }, 1000, 1, true) + } + + async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { + await axios.request(path, { method }) + + await agent.assertMessageReceived(({ payload }) => { + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(!('_dd.iast.json' in payload[0][0].meta)) + }, 1000, 1, true) + } + + it('should report vulnerability only in the first request', async () => { + await checkVulnerabilitiesInEndpoint('/one-vulnerability', { WEAK_HASH: 1 }) + await checkNoVulnerabilitiesInEndpoint('/one-vulnerability') + }) - it('should report vulnerabilities in different request when they are different', async () => { - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }) + it('should report vulnerabilities in different request when they are different', async () => { + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - }) + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + }) - it('should differentiate different routes in the same request', async () => { - await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_RANDOMNESS: 2 }) - await checkVulnerabilitiesInEndpoint('/route1/sub2', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_HASH: 2 }) + it('should differentiate different routes in the same request', async () => { + await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_RANDOMNESS: 2 }) + await checkVulnerabilitiesInEndpoint('/route1/sub2', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_HASH: 2 }) - await checkNoVulnerabilitiesInEndpoint('/route1/sub2') - await checkNoVulnerabilitiesInEndpoint('/route1/sub1') - }) + await checkNoVulnerabilitiesInEndpoint('/route1/sub2') + await checkNoVulnerabilitiesInEndpoint('/route1/sub1') + }) - it('should differentiate different methods in the same route', async () => { - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'POST') + it('should differentiate different methods in the same route', async () => { + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'POST') - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - }) + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + }) - it('should not differentiate between different route params', async () => { - await checkVulnerabilitiesInEndpoint('/route2/one', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/route2/two', { WEAK_HASH: 1 }) + it('should not differentiate between different route params', async () => { + await checkVulnerabilitiesInEndpoint('/route2/one', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/route2/two', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/route2/three') + await checkNoVulnerabilitiesInEndpoint('/route2/three') + }) }) }) -}) +} From 614f004afc73cf4008576040437bd6899f538e55 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 14:32:55 +0100 Subject: [PATCH 02/10] Ignore unnecessary appsec jobs --- .github/workflows/appsec.yml | 876 ++++++++++++++++++----------------- 1 file changed, 440 insertions(+), 436 deletions(-) diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml index c8dea0cd51..b111da8294 100644 --- a/.github/workflows/appsec.yml +++ b/.github/workflows/appsec.yml @@ -23,7 +23,11 @@ env: jobs: macos: - name: ${{ github.workflow }} / macos + strategy: + fail-fast: false + matrix: + run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] + name: ${{ github.workflow }} / macos (run ${{ matrix.run }}) runs-on: macos-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -81,454 +85,454 @@ jobs: api_key: ${{ secrets.DD_API_KEY }} service: dd-trace-js-tests - ldapjs: - name: ${{ github.workflow }} / ldapjs - runs-on: ubuntu-latest - env: - PLUGINS: ldapjs - services: - openldap: - image: bitnamilegacy/openldap:latest - ports: - - "1389:1389" - - "1636:1636" - env: - LDAP_ADMIN_USERNAME: "admin" - LDAP_ADMIN_PASSWORD: "adminpassword" - LDAP_USERS: "user01,user02" - LDAP_PASSWORDS: "password1,password2" - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-ldapjs - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # ldapjs: + # name: ${{ github.workflow }} / ldapjs + # runs-on: ubuntu-latest + # env: + # PLUGINS: ldapjs + # services: + # openldap: + # image: bitnamilegacy/openldap:latest + # ports: + # - "1389:1389" + # - "1636:1636" + # env: + # LDAP_ADMIN_USERNAME: "admin" + # LDAP_ADMIN_PASSWORD: "adminpassword" + # LDAP_USERS: "user01,user02" + # LDAP_PASSWORDS: "password1,password2" + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-ldapjs + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - postgres: - name: ${{ github.workflow }} / postgres - runs-on: ubuntu-latest - services: - postgres: - image: postgres:9.5 - env: - POSTGRES_PASSWORD: postgres - ports: - - 5432:5432 - env: - PG_TEST_NATIVE: "true" - PLUGINS: pg|knex - SERVICES: postgres - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/newest-maintenance-lts - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-postgres - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # postgres: + # name: ${{ github.workflow }} / postgres + # runs-on: ubuntu-latest + # services: + # postgres: + # image: postgres:9.5 + # env: + # POSTGRES_PASSWORD: postgres + # ports: + # - 5432:5432 + # env: + # PG_TEST_NATIVE: "true" + # PLUGINS: pg|knex + # SERVICES: postgres + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/newest-maintenance-lts + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-postgres + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - mysql: - name: ${{ github.workflow }} / mysql - runs-on: ubuntu-latest - services: - mysql: - image: mariadb:10.4 - env: - MYSQL_ALLOW_EMPTY_PASSWORD: "yes" - MYSQL_DATABASE: "db" - ports: - - 3306:3306 - env: - PLUGINS: mysql|mysql2|sequelize - SERVICES: mysql - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/newest-maintenance-lts - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-mysql - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # mysql: + # name: ${{ github.workflow }} / mysql + # runs-on: ubuntu-latest + # services: + # mysql: + # image: mariadb:10.4 + # env: + # MYSQL_ALLOW_EMPTY_PASSWORD: "yes" + # MYSQL_DATABASE: "db" + # ports: + # - 3306:3306 + # env: + # PLUGINS: mysql|mysql2|sequelize + # SERVICES: mysql + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/newest-maintenance-lts + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-mysql + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - express: - name: ${{ github.workflow }} / express - runs-on: ubuntu-latest - env: - PLUGINS: express|body-parser|cookie-parser|multer - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-express - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # express: + # name: ${{ github.workflow }} / express + # runs-on: ubuntu-latest + # env: + # PLUGINS: express|body-parser|cookie-parser|multer + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-express + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - fastify: - name: ${{ github.workflow }} / fastify - runs-on: ubuntu-latest - env: - PLUGINS: fastify - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-fastify - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # fastify: + # name: ${{ github.workflow }} / fastify + # runs-on: ubuntu-latest + # env: + # PLUGINS: fastify + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-fastify + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - graphql: - name: ${{ github.workflow }} / graphql - runs-on: ubuntu-latest - env: - PLUGINS: apollo-server|apollo-server-express|apollo-server-fastify|apollo-server-core - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-graphql - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # graphql: + # name: ${{ github.workflow }} / graphql + # runs-on: ubuntu-latest + # env: + # PLUGINS: apollo-server|apollo-server-express|apollo-server-fastify|apollo-server-core + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-graphql + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - mongodb-core: - name: ${{ github.workflow }} / mongodb-core - runs-on: ubuntu-latest - services: - mongodb: - image: circleci/mongo - ports: - - 27017:27017 - env: - PLUGINS: express-mongo-sanitize|mquery - SERVICES: mongo - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-mongodb-core - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # mongodb-core: + # name: ${{ github.workflow }} / mongodb-core + # runs-on: ubuntu-latest + # services: + # mongodb: + # image: circleci/mongo + # ports: + # - 27017:27017 + # env: + # PLUGINS: express-mongo-sanitize|mquery + # SERVICES: mongo + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-mongodb-core + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - mongoose: - name: ${{ github.workflow }} / mongoose - runs-on: ubuntu-latest - services: - mongodb: - image: circleci/mongo - ports: - - 27017:27017 - env: - PLUGINS: mongoose - SERVICES: mongo - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-mongoose - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # mongoose: + # name: ${{ github.workflow }} / mongoose + # runs-on: ubuntu-latest + # services: + # mongodb: + # image: circleci/mongo + # ports: + # - 27017:27017 + # env: + # PLUGINS: mongoose + # SERVICES: mongo + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-mongoose + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - sourcing: - runs-on: ubuntu-latest - env: - PLUGINS: cookie - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/newest-maintenance-lts - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/active-lts - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-sourcing - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # sourcing: + # runs-on: ubuntu-latest + # env: + # PLUGINS: cookie + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/newest-maintenance-lts + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/active-lts + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-sourcing + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - next: - strategy: - fail-fast: false - matrix: - version: - - oldest - - latest - range: - [ - ">=10.2.0 <11", - ">=11.0.0 <13", - "11.1.4", - ">=13.0.0 <14", - "13.2.0", - ">=14.0.0 <=14.2.6", - ">=14.2.7 <15", - ">=15.0.0", - ] - include: - - range: ">=10.2.0 <11" - range_clean: gte.10.2.0.and.lt.11 - - range: ">=11.0.0 <13" - range_clean: gte.11.0.0.and.lt.13 - - range: "11.1.4" - range_clean: 11.1.4 - - range: ">=13.0.0 <14" - range_clean: gte.13.0.0.and.lt.14 - - range: "13.2.0" - range_clean: 13.2.0 - - range: ">=14.0.0 <=14.2.6" - range_clean: gte.14.0.0.and.lte.14.2.6 - - range: ">=14.2.7 <15" - range_clean: gte.14.2.7.and.lt.15 - - range: ">=15.0.0" - range_clean: gte.15.0.0 - name: ${{ github.workflow }} / next (node-${{ matrix.version }}, ${{ matrix.range_clean }}) - runs-on: ubuntu-latest - env: - PLUGINS: next - PACKAGE_VERSION_RANGE: ${{ matrix.range }} - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/testagent/start - - uses: ./.github/actions/node - with: - version: ${{ matrix.version }} - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - if: always() - uses: ./.github/actions/testagent/logs - with: - suffix: appsec-${{ github.job }}-${{ matrix.version }}-${{ matrix.range_clean }} - - uses: ./.github/actions/coverage - with: - flags: appsec-next-${{ matrix.version }}-${{ matrix.range_clean }} - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # next: + # strategy: + # fail-fast: false + # matrix: + # version: + # - oldest + # - latest + # range: + # [ + # ">=10.2.0 <11", + # ">=11.0.0 <13", + # "11.1.4", + # ">=13.0.0 <14", + # "13.2.0", + # ">=14.0.0 <=14.2.6", + # ">=14.2.7 <15", + # ">=15.0.0", + # ] + # include: + # - range: ">=10.2.0 <11" + # range_clean: gte.10.2.0.and.lt.11 + # - range: ">=11.0.0 <13" + # range_clean: gte.11.0.0.and.lt.13 + # - range: "11.1.4" + # range_clean: 11.1.4 + # - range: ">=13.0.0 <14" + # range_clean: gte.13.0.0.and.lt.14 + # - range: "13.2.0" + # range_clean: 13.2.0 + # - range: ">=14.0.0 <=14.2.6" + # range_clean: gte.14.0.0.and.lte.14.2.6 + # - range: ">=14.2.7 <15" + # range_clean: gte.14.2.7.and.lt.15 + # - range: ">=15.0.0" + # range_clean: gte.15.0.0 + # name: ${{ github.workflow }} / next (node-${{ matrix.version }}, ${{ matrix.range_clean }}) + # runs-on: ubuntu-latest + # env: + # PLUGINS: next + # PACKAGE_VERSION_RANGE: ${{ matrix.range }} + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/testagent/start + # - uses: ./.github/actions/node + # with: + # version: ${{ matrix.version }} + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - if: always() + # uses: ./.github/actions/testagent/logs + # with: + # suffix: appsec-${{ github.job }}-${{ matrix.version }}-${{ matrix.range_clean }} + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-next-${{ matrix.version }}-${{ matrix.range_clean }} + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - lodash: - name: ${{ github.workflow }} / lodash - runs-on: ubuntu-latest - env: - PLUGINS: lodash - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-lodash - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # lodash: + # name: ${{ github.workflow }} / lodash + # runs-on: ubuntu-latest + # env: + # PLUGINS: lodash + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-lodash + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - integration: - strategy: - matrix: - version: [oldest, maintenance, active, latest] - name: ${{ github.workflow }} / integration (node-${{ matrix.version }}) - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node - with: - version: ${{ matrix.version }} - - uses: ./.github/actions/install - - run: yarn test:integration:appsec - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # integration: + # strategy: + # matrix: + # version: [oldest, maintenance, active, latest] + # name: ${{ github.workflow }} / integration (node-${{ matrix.version }}) + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node + # with: + # version: ${{ matrix.version }} + # - uses: ./.github/actions/install + # - run: yarn test:integration:appsec + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - passport: - runs-on: ubuntu-latest - env: - PLUGINS: passport-local|passport-http - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-passport - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # passport: + # runs-on: ubuntu-latest + # env: + # PLUGINS: passport-local|passport-http + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-passport + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - template: - runs-on: ubuntu-latest - env: - PLUGINS: handlebars|pug - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-template - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # template: + # runs-on: ubuntu-latest + # env: + # PLUGINS: handlebars|pug + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-template + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - node-serialize: - name: ${{ github.workflow }} / node-serialize - runs-on: ubuntu-latest - env: - PLUGINS: node-serialize - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-node-serialize - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # node-serialize: + # name: ${{ github.workflow }} / node-serialize + # runs-on: ubuntu-latest + # env: + # PLUGINS: node-serialize + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-node-serialize + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - kafka: - runs-on: ubuntu-latest - services: - kafka: - image: apache/kafka-native:3.9.1 - env: - KAFKA_PROCESS_ROLES: broker,controller - KAFKA_NODE_ID: "1" - KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093 - KAFKA_CONTROLLER_QUORUM_VOTERS: 1@127.0.0.1:9093 - KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER - KAFKA_CLUSTER_ID: r4zt_wrqTRuT7W2NJsB_GA - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 - KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1" - KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: "0" - ports: - - 9092:9092 - - 9093:9093 - env: - PLUGINS: kafkajs - SERVICES: kafka - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/coverage - with: - flags: appsec-kafka - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # kafka: + # runs-on: ubuntu-latest + # services: + # kafka: + # image: apache/kafka-native:3.9.1 + # env: + # KAFKA_PROCESS_ROLES: broker,controller + # KAFKA_NODE_ID: "1" + # KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093 + # KAFKA_CONTROLLER_QUORUM_VOTERS: 1@127.0.0.1:9093 + # KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER + # KAFKA_CLUSTER_ID: r4zt_wrqTRuT7W2NJsB_GA + # KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 + # KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT + # KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT + # KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1" + # KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: "0" + # ports: + # - 9092:9092 + # - 9093:9093 + # env: + # PLUGINS: kafkajs + # SERVICES: kafka + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/coverage + # with: + # flags: appsec-kafka + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests - stripe: - runs-on: ubuntu-latest - env: - PLUGINS: stripe - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: ./.github/actions/node/oldest-maintenance-lts - - uses: ./.github/actions/install - - run: yarn test:appsec:plugins:ci - - uses: ./.github/actions/node/latest - - run: yarn test:appsec:plugins:ci - - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 - - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - if: always() && github.actor != 'dependabot[bot]' - with: - api_key: ${{ secrets.DD_API_KEY }} - service: dd-trace-js-tests + # stripe: + # runs-on: ubuntu-latest + # env: + # PLUGINS: stripe + # steps: + # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + # - uses: ./.github/actions/node/oldest-maintenance-lts + # - uses: ./.github/actions/install + # - run: yarn test:appsec:plugins:ci + # - uses: ./.github/actions/node/latest + # - run: yarn test:appsec:plugins:ci + # - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + # if: always() && github.actor != 'dependabot[bot]' + # with: + # api_key: ${{ secrets.DD_API_KEY }} + # service: dd-trace-js-tests From 5ec5d165fd6d812d25a087a734cbb96809f3687d Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 15:04:53 +0100 Subject: [PATCH 03/10] add logs --- .github/workflows/appsec.yml | 2 +- .../overhead-controller.integration.spec.js | 212 +++++++++--------- 2 files changed, 107 insertions(+), 107 deletions(-) diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml index b111da8294..b2c1258e37 100644 --- a/.github/workflows/appsec.yml +++ b/.github/workflows/appsec.yml @@ -26,7 +26,7 @@ jobs: strategy: fail-fast: false matrix: - run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] + run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100] name: ${{ github.workflow }} / macos (run ${{ matrix.run }}) runs-on: macos-latest steps: diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 4f46272e11..1405bf8754 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -5,130 +5,130 @@ const assert = require('node:assert/strict') const path = require('path') const Axios = require('axios') const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../../../../../integration-tests/helpers') -for (let i = 0; i < 100; i++) { - describe.only('IAST - overhead-controller - integration', () => { - let axios, cwd, agent, proc - - useSandbox( - ['express'], - false, - [path.join(__dirname, 'resources')] - ) - - before(function () { - cwd = sandboxCwd() - }) - beforeEach(async () => { - agent = await new FakeAgent().start() - }) +describe.only('IAST - overhead-controller - integration', () => { + let axios, cwd, agent, proc - afterEach(async () => { - proc.kill() - await agent.stop() - }) + useSandbox( + ['express'], + false, + [path.join(__dirname, 'resources')] + ) - describe('vulnerability sampling algorithm', () => { - beforeEach(async function () { - this.timeout(30_000) - - proc = await spawnProc(path.join(cwd, 'resources', 'overhead-controller.js'), { - cwd, - env: { - DD_TRACE_AGENT_PORT: agent.port, - DD_IAST_ENABLED: 'true', - DD_IAST_REQUEST_SAMPLING: '100', - DD_INSTRUMENTATION_TELEMETRY_ENABLED: 'false', - NODE_OPTIONS: '--require ./resources/init.js', - }, - }) - axios = Axios.create({ baseURL: proc.url }) + before(function () { + cwd = sandboxCwd() + }) + + beforeEach(async () => { + agent = await new FakeAgent().start() + }) + + afterEach(async () => { + proc.kill() + await agent.stop() + }) + + describe('vulnerability sampling algorithm', () => { + beforeEach(async function () { + this.timeout(30_000) + + proc = await spawnProc(path.join(cwd, 'resources', 'overhead-controller.js'), { + cwd, + env: { + DD_TRACE_AGENT_PORT: agent.port, + DD_IAST_ENABLED: 'true', + DD_IAST_REQUEST_SAMPLING: '100', + DD_INSTRUMENTATION_TELEMETRY_ENABLED: 'false', + NODE_OPTIONS: '--require ./resources/init.js', + DD_TRACE_DEBUG: 'true', + }, }) + axios = Axios.create({ baseURL: proc.url }) + }) - async function checkVulnerabilitiesInEndpoint (path, vulnerabilitiesAndCount, method = 'GET') { + async function checkVulnerabilitiesInEndpoint (path, vulnerabilitiesAndCount, method = 'GET') { // agent.assertMessageReceived(({ payload }) => { // console.log('executed', payload) // }, 1000, 1, true) - console.log('before request') - function messageHandler (msg) { - console.log('messageHandler', msg) - } - agent.on('message', messageHandler) - await axios.request(path, { method }) - agent.off('message', messageHandler) - - console.log('before assertMessageReceived') - await agent.assertMessageReceived(({ payload }) => { - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) - const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) - assert.notStrictEqual(vulnerabilitiesTrace, null) - - const vulnerabilities = {} - vulnerabilitiesTrace.vulnerabilities.forEach(v => { - const vulnCount = vulnerabilities[v.type] - vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 - }) - - assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) - - Object.keys(vulnerabilitiesAndCount).forEach((vType) => { - assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) - }) - }, 1000, 1, true) + console.log('before request') + function messageHandler (msg) { + console.log('messageHandler', msg) } + agent.on('message', messageHandler) + await axios.request(path, { method }) + agent.off('message', messageHandler) + + console.log('before assertMessageReceived') + await agent.assertMessageReceived(({ payload }) => { + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) + const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) + assert.notStrictEqual(vulnerabilitiesTrace, null) + + const vulnerabilities = {} + vulnerabilitiesTrace.vulnerabilities.forEach(v => { + const vulnCount = vulnerabilities[v.type] + vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 + }) - async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { - await axios.request(path, { method }) - - await agent.assertMessageReceived(({ payload }) => { - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(!('_dd.iast.json' in payload[0][0].meta)) - }, 1000, 1, true) - } + assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) - it('should report vulnerability only in the first request', async () => { - await checkVulnerabilitiesInEndpoint('/one-vulnerability', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/one-vulnerability') - }) + Object.keys(vulnerabilitiesAndCount).forEach((vType) => { + assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) + }) + }, 1000, 1, true) + } + + async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { + await axios.request(path, { method }) + + await agent.assertMessageReceived(({ payload }) => { + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(!('_dd.iast.json' in payload[0][0].meta)) + }, 1000, 1, true) + } + + it('should report vulnerability only in the first request', async () => { + await checkVulnerabilitiesInEndpoint('/one-vulnerability', { WEAK_HASH: 1 }) + await checkNoVulnerabilitiesInEndpoint('/one-vulnerability') + }) - it('should report vulnerabilities in different request when they are different', async () => { - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }) + it('should report vulnerabilities in different request when they are different', async () => { + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - }) + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + }) - it('should differentiate different routes in the same request', async () => { - await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_RANDOMNESS: 2 }) - await checkVulnerabilitiesInEndpoint('/route1/sub2', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_HASH: 2 }) + it('should differentiate different routes in the same request', async () => { + await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_RANDOMNESS: 2 }) + await checkVulnerabilitiesInEndpoint('/route1/sub2', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/route1/sub1', { WEAK_HASH: 2 }) - await checkNoVulnerabilitiesInEndpoint('/route1/sub2') - await checkNoVulnerabilitiesInEndpoint('/route1/sub1') - }) + await checkNoVulnerabilitiesInEndpoint('/route1/sub2') + await checkNoVulnerabilitiesInEndpoint('/route1/sub1') + }) - it('should differentiate different methods in the same route', async () => { - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'GET') - await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'POST') + it('should differentiate different methods in the same route', async () => { + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 2 }, 'POST') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'GET') + await checkVulnerabilitiesInEndpoint('/five-vulnerabilities', { WEAK_HASH: 1 }, 'POST') - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') - }) + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + await checkNoVulnerabilitiesInEndpoint('/five-vulnerabilities') + }) - it('should not differentiate between different route params', async () => { - await checkVulnerabilitiesInEndpoint('/route2/one', { WEAK_HASH: 2 }) - await checkVulnerabilitiesInEndpoint('/route2/two', { WEAK_HASH: 1 }) + it('should not differentiate between different route params', async () => { + await checkVulnerabilitiesInEndpoint('/route2/one', { WEAK_HASH: 2 }) + await checkVulnerabilitiesInEndpoint('/route2/two', { WEAK_HASH: 1 }) - await checkNoVulnerabilitiesInEndpoint('/route2/three') - }) + await checkNoVulnerabilitiesInEndpoint('/route2/three') }) }) -} +}) From 20ee8532bc7f7b38cb3031150a05cb62c7e04dd9 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 15:13:22 +0100 Subject: [PATCH 04/10] More logs --- .../test/appsec/iast/overhead-controller.integration.spec.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 1405bf8754..29ee6e0184 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -60,6 +60,7 @@ describe.only('IAST - overhead-controller - integration', () => { console.log('before assertMessageReceived') await agent.assertMessageReceived(({ payload }) => { + console.log('assertMessageReceived', payload) assert.strictEqual(payload[0][0].type, 'web') assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) From 20b27349d713609458bb1fd2cb3e5ae3b4e59472 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 15:20:32 +0100 Subject: [PATCH 05/10] morelogs --- integration-tests/helpers/fake-agent.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/integration-tests/helpers/fake-agent.js b/integration-tests/helpers/fake-agent.js index 82418fbf14..3c257993ca 100644 --- a/integration-tests/helpers/fake-agent.js +++ b/integration-tests/helpers/fake-agent.js @@ -334,11 +334,15 @@ function buildExpressServer (agent) { }) app.put('/v0.4/traces', (req, res) => { + console.log('v0.4/traces', req.body.length) if (req.body.length === 0) return res.status(200).send() res.status(200).send({ rate_by_service: { 'service:,env:': 1 } }) + + const payload = msgpack.decode(req.body, { useBigInt64: true }) + console.log('v0.4/traces - payload', payload) agent.emit('message', { headers: req.headers, - payload: msgpack.decode(req.body, { useBigInt64: true }), + payload, }) }) From 259558782e4c94d45b3c5dc867fba22b158da282 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 15:31:04 +0100 Subject: [PATCH 06/10] More log --- integration-tests/helpers/fake-agent.js | 1 + .../overhead-controller.integration.spec.js | 48 +++++++++++-------- 2 files changed, 28 insertions(+), 21 deletions(-) diff --git a/integration-tests/helpers/fake-agent.js b/integration-tests/helpers/fake-agent.js index 3c257993ca..c775af9415 100644 --- a/integration-tests/helpers/fake-agent.js +++ b/integration-tests/helpers/fake-agent.js @@ -174,6 +174,7 @@ module.exports = class FakeAgent extends EventEmitter { const errors = [] const timeoutObj = setTimeout(() => { + console.log('timeout') const errorsMsg = errors.length === 0 ? '' : `, additionally:\n${errors.map(e => e.stack).join('\n')}\n===\n` resultReject(new Error(`timeout${errorsMsg}`, { cause: { errors } })) }, timeout) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 29ee6e0184..5acfcdb196 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -50,34 +50,40 @@ describe.only('IAST - overhead-controller - integration', () => { // agent.assertMessageReceived(({ payload }) => { // console.log('executed', payload) // }, 1000, 1, true) - console.log('before request') + console.log('before request - ' + path) function messageHandler (msg) { - console.log('messageHandler', msg) + console.log('messageHandler - ' + path, msg) } agent.on('message', messageHandler) await axios.request(path, { method }) agent.off('message', messageHandler) - console.log('before assertMessageReceived') + console.log('before assertMessageReceived - ' + path) await agent.assertMessageReceived(({ payload }) => { - console.log('assertMessageReceived', payload) - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) - const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) - assert.notStrictEqual(vulnerabilitiesTrace, null) - - const vulnerabilities = {} - vulnerabilitiesTrace.vulnerabilities.forEach(v => { - const vulnCount = vulnerabilities[v.type] - vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 - }) - - assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) - - Object.keys(vulnerabilitiesAndCount).forEach((vType) => { - assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) - }) + try { + console.log('assertMessageReceived - ' + path, payload) + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) + const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) + assert.notStrictEqual(vulnerabilitiesTrace, null) + + const vulnerabilities = {} + vulnerabilitiesTrace.vulnerabilities.forEach(v => { + const vulnCount = vulnerabilities[v.type] + vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 + }) + + assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) + + Object.keys(vulnerabilitiesAndCount).forEach((vType) => { + assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], + `route: ${path} - type: ${vType}`) + }) + } catch (error) { + console.log('error - ' + path, error) + throw error + } }, 1000, 1, true) } From 4a1752db07f6d0a769af77e808a986297bebdf5d Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 16:13:21 +0100 Subject: [PATCH 07/10] morelogs --- .../iast/overhead-controller.integration.spec.js | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 5acfcdb196..bd0a2238b3 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -50,15 +50,15 @@ describe.only('IAST - overhead-controller - integration', () => { // agent.assertMessageReceived(({ payload }) => { // console.log('executed', payload) // }, 1000, 1, true) - console.log('before request - ' + path) + console.log('checkVulnerabilitiesInEndpoint - before request - ' + path) function messageHandler (msg) { - console.log('messageHandler - ' + path, msg) + console.log('checkVulnerabilitiesInEndpoint - messageHandler - ' + path, msg) } agent.on('message', messageHandler) await axios.request(path, { method }) agent.off('message', messageHandler) - console.log('before assertMessageReceived - ' + path) + console.log('checkVulnerabilitiesInEndpoint - before assertMessageReceived - ' + path) await agent.assertMessageReceived(({ payload }) => { try { console.log('assertMessageReceived - ' + path, payload) @@ -88,9 +88,17 @@ describe.only('IAST - overhead-controller - integration', () => { } async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { + console.log('checkNoVulnerabilitiesInEndpoint - before request - ' + path) + function messageHandler (msg) { + console.log('checkNoVulnerabilitiesInEndpoint - messageHandler - ' + path, msg) + } + agent.on('message', messageHandler) await axios.request(path, { method }) + agent.off('message', messageHandler) + console.log('checkNoVulnerabilitiesInEndpoint - before assertMessageReceived - ' + path) await agent.assertMessageReceived(({ payload }) => { + console.log('checkNoVulnerabilitiesInEndpoint - assertMessageReceived - ' + path, payload) assert.strictEqual(payload[0][0].type, 'web') assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) assert.ok(!('_dd.iast.json' in payload[0][0].meta)) From 8d25556f35b79142f208b1f7d0caccf026fc2a92 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 16:20:29 +0100 Subject: [PATCH 08/10] Try a solution --- integration-tests/helpers/fake-agent.js | 7 +- .../overhead-controller.integration.spec.js | 75 +++++++------------ 2 files changed, 27 insertions(+), 55 deletions(-) diff --git a/integration-tests/helpers/fake-agent.js b/integration-tests/helpers/fake-agent.js index c775af9415..82418fbf14 100644 --- a/integration-tests/helpers/fake-agent.js +++ b/integration-tests/helpers/fake-agent.js @@ -174,7 +174,6 @@ module.exports = class FakeAgent extends EventEmitter { const errors = [] const timeoutObj = setTimeout(() => { - console.log('timeout') const errorsMsg = errors.length === 0 ? '' : `, additionally:\n${errors.map(e => e.stack).join('\n')}\n===\n` resultReject(new Error(`timeout${errorsMsg}`, { cause: { errors } })) }, timeout) @@ -335,15 +334,11 @@ function buildExpressServer (agent) { }) app.put('/v0.4/traces', (req, res) => { - console.log('v0.4/traces', req.body.length) if (req.body.length === 0) return res.status(200).send() res.status(200).send({ rate_by_service: { 'service:,env:': 1 } }) - - const payload = msgpack.decode(req.body, { useBigInt64: true }) - console.log('v0.4/traces - payload', payload) agent.emit('message', { headers: req.headers, - payload, + payload: msgpack.decode(req.body, { useBigInt64: true }), }) }) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index bd0a2238b3..f2a449e83c 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -40,69 +40,46 @@ describe.only('IAST - overhead-controller - integration', () => { DD_IAST_REQUEST_SAMPLING: '100', DD_INSTRUMENTATION_TELEMETRY_ENABLED: 'false', NODE_OPTIONS: '--require ./resources/init.js', - DD_TRACE_DEBUG: 'true', }, }) axios = Axios.create({ baseURL: proc.url }) }) async function checkVulnerabilitiesInEndpoint (path, vulnerabilitiesAndCount, method = 'GET') { - // agent.assertMessageReceived(({ payload }) => { - // console.log('executed', payload) - // }, 1000, 1, true) - console.log('checkVulnerabilitiesInEndpoint - before request - ' + path) - function messageHandler (msg) { - console.log('checkVulnerabilitiesInEndpoint - messageHandler - ' + path, msg) - } - agent.on('message', messageHandler) - await axios.request(path, { method }) - agent.off('message', messageHandler) - - console.log('checkVulnerabilitiesInEndpoint - before assertMessageReceived - ' + path) - await agent.assertMessageReceived(({ payload }) => { - try { - console.log('assertMessageReceived - ' + path, payload) - assert.strictEqual(payload[0][0].type, 'web') - assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) - assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) - const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) - assert.notStrictEqual(vulnerabilitiesTrace, null) - - const vulnerabilities = {} - vulnerabilitiesTrace.vulnerabilities.forEach(v => { - const vulnCount = vulnerabilities[v.type] - vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 - }) - - assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) - - Object.keys(vulnerabilitiesAndCount).forEach((vType) => { - assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], - `route: ${path} - type: ${vType}`) - }) - } catch (error) { - console.log('error - ' + path, error) - throw error - } + const assertPromise = agent.assertMessageReceived(({ payload }) => { + assert.strictEqual(payload[0][0].type, 'web') + assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) + assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.iast.json')) + const vulnerabilitiesTrace = JSON.parse(payload[0][0].meta['_dd.iast.json']) + assert.notStrictEqual(vulnerabilitiesTrace, null) + + const vulnerabilities = {} + vulnerabilitiesTrace.vulnerabilities.forEach(v => { + const vulnCount = vulnerabilities[v.type] + vulnerabilities[v.type] = vulnCount ? vulnCount + 1 : 1 + }) + + assert.strictEqual(Object.keys(vulnerabilities).length, Object.keys(vulnerabilitiesAndCount).length) + + Object.keys(vulnerabilitiesAndCount).forEach((vType) => { + assert.strictEqual(vulnerabilities[vType], vulnerabilitiesAndCount[vType], `route: ${path} - type: ${vType}`) + }) }, 1000, 1, true) - } - async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { - console.log('checkNoVulnerabilitiesInEndpoint - before request - ' + path) - function messageHandler (msg) { - console.log('checkNoVulnerabilitiesInEndpoint - messageHandler - ' + path, msg) - } - agent.on('message', messageHandler) await axios.request(path, { method }) - agent.off('message', messageHandler) - console.log('checkNoVulnerabilitiesInEndpoint - before assertMessageReceived - ' + path) - await agent.assertMessageReceived(({ payload }) => { - console.log('checkNoVulnerabilitiesInEndpoint - assertMessageReceived - ' + path, payload) + await assertPromise + } + + async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { + const assertPromise = agent.assertMessageReceived(({ payload }) => { assert.strictEqual(payload[0][0].type, 'web') assert.strictEqual(payload[0][0].metrics['_dd.iast.enabled'], 1) assert.ok(!('_dd.iast.json' in payload[0][0].meta)) }, 1000, 1, true) + + await axios.request(path, { method }) + await assertPromise } it('should report vulnerability only in the first request', async () => { From 475874a1c39c617f292180f9d91dd4938bf3ce6b Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Tue, 24 Feb 2026 16:54:22 +0100 Subject: [PATCH 09/10] Restore tests CI --- .github/workflows/appsec.yml | 876 +++++++++--------- .../overhead-controller.integration.spec.js | 2 +- 2 files changed, 437 insertions(+), 441 deletions(-) diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml index b2c1258e37..c8dea0cd51 100644 --- a/.github/workflows/appsec.yml +++ b/.github/workflows/appsec.yml @@ -23,11 +23,7 @@ env: jobs: macos: - strategy: - fail-fast: false - matrix: - run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100] - name: ${{ github.workflow }} / macos (run ${{ matrix.run }}) + name: ${{ github.workflow }} / macos runs-on: macos-latest steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -85,454 +81,454 @@ jobs: api_key: ${{ secrets.DD_API_KEY }} service: dd-trace-js-tests - # ldapjs: - # name: ${{ github.workflow }} / ldapjs - # runs-on: ubuntu-latest - # env: - # PLUGINS: ldapjs - # services: - # openldap: - # image: bitnamilegacy/openldap:latest - # ports: - # - "1389:1389" - # - "1636:1636" - # env: - # LDAP_ADMIN_USERNAME: "admin" - # LDAP_ADMIN_PASSWORD: "adminpassword" - # LDAP_USERS: "user01,user02" - # LDAP_PASSWORDS: "password1,password2" - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-ldapjs - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + ldapjs: + name: ${{ github.workflow }} / ldapjs + runs-on: ubuntu-latest + env: + PLUGINS: ldapjs + services: + openldap: + image: bitnamilegacy/openldap:latest + ports: + - "1389:1389" + - "1636:1636" + env: + LDAP_ADMIN_USERNAME: "admin" + LDAP_ADMIN_PASSWORD: "adminpassword" + LDAP_USERS: "user01,user02" + LDAP_PASSWORDS: "password1,password2" + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-ldapjs + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # postgres: - # name: ${{ github.workflow }} / postgres - # runs-on: ubuntu-latest - # services: - # postgres: - # image: postgres:9.5 - # env: - # POSTGRES_PASSWORD: postgres - # ports: - # - 5432:5432 - # env: - # PG_TEST_NATIVE: "true" - # PLUGINS: pg|knex - # SERVICES: postgres - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/newest-maintenance-lts - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-postgres - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + postgres: + name: ${{ github.workflow }} / postgres + runs-on: ubuntu-latest + services: + postgres: + image: postgres:9.5 + env: + POSTGRES_PASSWORD: postgres + ports: + - 5432:5432 + env: + PG_TEST_NATIVE: "true" + PLUGINS: pg|knex + SERVICES: postgres + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/newest-maintenance-lts + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-postgres + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # mysql: - # name: ${{ github.workflow }} / mysql - # runs-on: ubuntu-latest - # services: - # mysql: - # image: mariadb:10.4 - # env: - # MYSQL_ALLOW_EMPTY_PASSWORD: "yes" - # MYSQL_DATABASE: "db" - # ports: - # - 3306:3306 - # env: - # PLUGINS: mysql|mysql2|sequelize - # SERVICES: mysql - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/newest-maintenance-lts - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-mysql - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + mysql: + name: ${{ github.workflow }} / mysql + runs-on: ubuntu-latest + services: + mysql: + image: mariadb:10.4 + env: + MYSQL_ALLOW_EMPTY_PASSWORD: "yes" + MYSQL_DATABASE: "db" + ports: + - 3306:3306 + env: + PLUGINS: mysql|mysql2|sequelize + SERVICES: mysql + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/newest-maintenance-lts + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-mysql + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # express: - # name: ${{ github.workflow }} / express - # runs-on: ubuntu-latest - # env: - # PLUGINS: express|body-parser|cookie-parser|multer - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-express - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + express: + name: ${{ github.workflow }} / express + runs-on: ubuntu-latest + env: + PLUGINS: express|body-parser|cookie-parser|multer + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-express + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # fastify: - # name: ${{ github.workflow }} / fastify - # runs-on: ubuntu-latest - # env: - # PLUGINS: fastify - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-fastify - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + fastify: + name: ${{ github.workflow }} / fastify + runs-on: ubuntu-latest + env: + PLUGINS: fastify + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-fastify + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # graphql: - # name: ${{ github.workflow }} / graphql - # runs-on: ubuntu-latest - # env: - # PLUGINS: apollo-server|apollo-server-express|apollo-server-fastify|apollo-server-core - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-graphql - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + graphql: + name: ${{ github.workflow }} / graphql + runs-on: ubuntu-latest + env: + PLUGINS: apollo-server|apollo-server-express|apollo-server-fastify|apollo-server-core + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-graphql + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # mongodb-core: - # name: ${{ github.workflow }} / mongodb-core - # runs-on: ubuntu-latest - # services: - # mongodb: - # image: circleci/mongo - # ports: - # - 27017:27017 - # env: - # PLUGINS: express-mongo-sanitize|mquery - # SERVICES: mongo - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-mongodb-core - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + mongodb-core: + name: ${{ github.workflow }} / mongodb-core + runs-on: ubuntu-latest + services: + mongodb: + image: circleci/mongo + ports: + - 27017:27017 + env: + PLUGINS: express-mongo-sanitize|mquery + SERVICES: mongo + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-mongodb-core + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # mongoose: - # name: ${{ github.workflow }} / mongoose - # runs-on: ubuntu-latest - # services: - # mongodb: - # image: circleci/mongo - # ports: - # - 27017:27017 - # env: - # PLUGINS: mongoose - # SERVICES: mongo - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-mongoose - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + mongoose: + name: ${{ github.workflow }} / mongoose + runs-on: ubuntu-latest + services: + mongodb: + image: circleci/mongo + ports: + - 27017:27017 + env: + PLUGINS: mongoose + SERVICES: mongo + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-mongoose + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # sourcing: - # runs-on: ubuntu-latest - # env: - # PLUGINS: cookie - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/newest-maintenance-lts - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/active-lts - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-sourcing - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + sourcing: + runs-on: ubuntu-latest + env: + PLUGINS: cookie + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/newest-maintenance-lts + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/active-lts + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-sourcing + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # next: - # strategy: - # fail-fast: false - # matrix: - # version: - # - oldest - # - latest - # range: - # [ - # ">=10.2.0 <11", - # ">=11.0.0 <13", - # "11.1.4", - # ">=13.0.0 <14", - # "13.2.0", - # ">=14.0.0 <=14.2.6", - # ">=14.2.7 <15", - # ">=15.0.0", - # ] - # include: - # - range: ">=10.2.0 <11" - # range_clean: gte.10.2.0.and.lt.11 - # - range: ">=11.0.0 <13" - # range_clean: gte.11.0.0.and.lt.13 - # - range: "11.1.4" - # range_clean: 11.1.4 - # - range: ">=13.0.0 <14" - # range_clean: gte.13.0.0.and.lt.14 - # - range: "13.2.0" - # range_clean: 13.2.0 - # - range: ">=14.0.0 <=14.2.6" - # range_clean: gte.14.0.0.and.lte.14.2.6 - # - range: ">=14.2.7 <15" - # range_clean: gte.14.2.7.and.lt.15 - # - range: ">=15.0.0" - # range_clean: gte.15.0.0 - # name: ${{ github.workflow }} / next (node-${{ matrix.version }}, ${{ matrix.range_clean }}) - # runs-on: ubuntu-latest - # env: - # PLUGINS: next - # PACKAGE_VERSION_RANGE: ${{ matrix.range }} - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/testagent/start - # - uses: ./.github/actions/node - # with: - # version: ${{ matrix.version }} - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - if: always() - # uses: ./.github/actions/testagent/logs - # with: - # suffix: appsec-${{ github.job }}-${{ matrix.version }}-${{ matrix.range_clean }} - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-next-${{ matrix.version }}-${{ matrix.range_clean }} - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + next: + strategy: + fail-fast: false + matrix: + version: + - oldest + - latest + range: + [ + ">=10.2.0 <11", + ">=11.0.0 <13", + "11.1.4", + ">=13.0.0 <14", + "13.2.0", + ">=14.0.0 <=14.2.6", + ">=14.2.7 <15", + ">=15.0.0", + ] + include: + - range: ">=10.2.0 <11" + range_clean: gte.10.2.0.and.lt.11 + - range: ">=11.0.0 <13" + range_clean: gte.11.0.0.and.lt.13 + - range: "11.1.4" + range_clean: 11.1.4 + - range: ">=13.0.0 <14" + range_clean: gte.13.0.0.and.lt.14 + - range: "13.2.0" + range_clean: 13.2.0 + - range: ">=14.0.0 <=14.2.6" + range_clean: gte.14.0.0.and.lte.14.2.6 + - range: ">=14.2.7 <15" + range_clean: gte.14.2.7.and.lt.15 + - range: ">=15.0.0" + range_clean: gte.15.0.0 + name: ${{ github.workflow }} / next (node-${{ matrix.version }}, ${{ matrix.range_clean }}) + runs-on: ubuntu-latest + env: + PLUGINS: next + PACKAGE_VERSION_RANGE: ${{ matrix.range }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/testagent/start + - uses: ./.github/actions/node + with: + version: ${{ matrix.version }} + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - if: always() + uses: ./.github/actions/testagent/logs + with: + suffix: appsec-${{ github.job }}-${{ matrix.version }}-${{ matrix.range_clean }} + - uses: ./.github/actions/coverage + with: + flags: appsec-next-${{ matrix.version }}-${{ matrix.range_clean }} + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # lodash: - # name: ${{ github.workflow }} / lodash - # runs-on: ubuntu-latest - # env: - # PLUGINS: lodash - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-lodash - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + lodash: + name: ${{ github.workflow }} / lodash + runs-on: ubuntu-latest + env: + PLUGINS: lodash + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-lodash + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # integration: - # strategy: - # matrix: - # version: [oldest, maintenance, active, latest] - # name: ${{ github.workflow }} / integration (node-${{ matrix.version }}) - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node - # with: - # version: ${{ matrix.version }} - # - uses: ./.github/actions/install - # - run: yarn test:integration:appsec - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + integration: + strategy: + matrix: + version: [oldest, maintenance, active, latest] + name: ${{ github.workflow }} / integration (node-${{ matrix.version }}) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node + with: + version: ${{ matrix.version }} + - uses: ./.github/actions/install + - run: yarn test:integration:appsec + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # passport: - # runs-on: ubuntu-latest - # env: - # PLUGINS: passport-local|passport-http - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-passport - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + passport: + runs-on: ubuntu-latest + env: + PLUGINS: passport-local|passport-http + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-passport + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # template: - # runs-on: ubuntu-latest - # env: - # PLUGINS: handlebars|pug - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-template - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + template: + runs-on: ubuntu-latest + env: + PLUGINS: handlebars|pug + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-template + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # node-serialize: - # name: ${{ github.workflow }} / node-serialize - # runs-on: ubuntu-latest - # env: - # PLUGINS: node-serialize - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-node-serialize - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + node-serialize: + name: ${{ github.workflow }} / node-serialize + runs-on: ubuntu-latest + env: + PLUGINS: node-serialize + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-node-serialize + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # kafka: - # runs-on: ubuntu-latest - # services: - # kafka: - # image: apache/kafka-native:3.9.1 - # env: - # KAFKA_PROCESS_ROLES: broker,controller - # KAFKA_NODE_ID: "1" - # KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093 - # KAFKA_CONTROLLER_QUORUM_VOTERS: 1@127.0.0.1:9093 - # KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER - # KAFKA_CLUSTER_ID: r4zt_wrqTRuT7W2NJsB_GA - # KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 - # KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT - # KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT - # KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1" - # KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: "0" - # ports: - # - 9092:9092 - # - 9093:9093 - # env: - # PLUGINS: kafkajs - # SERVICES: kafka - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/coverage - # with: - # flags: appsec-kafka - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + kafka: + runs-on: ubuntu-latest + services: + kafka: + image: apache/kafka-native:3.9.1 + env: + KAFKA_PROCESS_ROLES: broker,controller + KAFKA_NODE_ID: "1" + KAFKA_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093 + KAFKA_CONTROLLER_QUORUM_VOTERS: 1@127.0.0.1:9093 + KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER + KAFKA_CLUSTER_ID: r4zt_wrqTRuT7W2NJsB_GA + KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 + KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: "1" + KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: "0" + ports: + - 9092:9092 + - 9093:9093 + env: + PLUGINS: kafkajs + SERVICES: kafka + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/coverage + with: + flags: appsec-kafka + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests - # stripe: - # runs-on: ubuntu-latest - # env: - # PLUGINS: stripe - # steps: - # - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - # - uses: ./.github/actions/node/oldest-maintenance-lts - # - uses: ./.github/actions/install - # - run: yarn test:appsec:plugins:ci - # - uses: ./.github/actions/node/latest - # - run: yarn test:appsec:plugins:ci - # - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 - # - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 - # if: always() && github.actor != 'dependabot[bot]' - # with: - # api_key: ${{ secrets.DD_API_KEY }} - # service: dd-trace-js-tests + stripe: + runs-on: ubuntu-latest + env: + PLUGINS: stripe + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: ./.github/actions/node/oldest-maintenance-lts + - uses: ./.github/actions/install + - run: yarn test:appsec:plugins:ci + - uses: ./.github/actions/node/latest + - run: yarn test:appsec:plugins:ci + - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + - uses: DataDog/junit-upload-github-action@055560f63c405095e9228ba443eee7987e22bb94 # v2.1.1 + if: always() && github.actor != 'dependabot[bot]' + with: + api_key: ${{ secrets.DD_API_KEY }} + service: dd-trace-js-tests diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index f2a449e83c..4d14032469 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -6,7 +6,7 @@ const path = require('path') const Axios = require('axios') const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../../../../../integration-tests/helpers') -describe.only('IAST - overhead-controller - integration', () => { +describe('IAST - overhead-controller - integration', () => { let axios, cwd, agent, proc useSandbox( From acd366eda5f4b85bde5b451220b5009569160342 Mon Sep 17 00:00:00 2001 From: Ugaitz Urien Date: Wed, 25 Feb 2026 10:05:11 +0100 Subject: [PATCH 10/10] Apply PR suggestions --- .../iast/overhead-controller.integration.spec.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js index 4d14032469..90d675b863 100644 --- a/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js +++ b/packages/dd-trace/test/appsec/iast/overhead-controller.integration.spec.js @@ -66,9 +66,10 @@ describe('IAST - overhead-controller - integration', () => { }) }, 1000, 1, true) - await axios.request(path, { method }) - - await assertPromise + await Promise.all([ + axios.request(path, { method }), + assertPromise, + ]) } async function checkNoVulnerabilitiesInEndpoint (path, method = 'GET') { @@ -78,8 +79,10 @@ describe('IAST - overhead-controller - integration', () => { assert.ok(!('_dd.iast.json' in payload[0][0].meta)) }, 1000, 1, true) - await axios.request(path, { method }) - await assertPromise + await Promise.all([ + axios.request(path, { method }), + assertPromise, + ]) } it('should report vulnerability only in the first request', async () => {