Do not require appsec modules when disabling appsec if they have not been required before

[iunanua]

What does this PR do?

Use LazyModules to handle how a module is loaded, enabled and disabled by the Tracer.
It takes into account ESM bundles keeping requires in place.
Also handles enablements/disablements via RC

Motivation

do not require a module to disable it if it hasn't enabled before

Plugin Checklist

• Unit tests.
• TypeScript definitions.
• TypeScript tests.
• API documentation.
• CircleCI jobs/workflows.
• Plugin is exported.

Additional Notes

[github-actions]

Overall package size

Self size: 6.3 MB
Deduped: 60.79 MB
No deduping: 61.07 MB

Dependency sizes

name	version	self size	total size
@datadog/native-iast-taint-tracking	1.7.0	16.71 MB	16.72 MB
@datadog/native-appsec	7.1.1	14.39 MB	14.4 MB
@datadog/pprof	5.2.0	8.84 MB	9.21 MB
protobufjs	7.2.5	2.77 MB	6.56 MB
@datadog/native-iast-rewriter	2.3.0	2.15 MB	2.24 MB
@opentelemetry/core	1.14.0	872.87 kB	1.47 MB
@datadog/native-metrics	2.0.0	898.77 kB	1.3 MB
@opentelemetry/api	1.4.1	780.32 kB	780.32 kB
import-in-the-middle	1.7.3	67.62 kB	731.01 kB
msgpack-lite	0.1.26	201.16 kB	281.59 kB
opentracing	0.14.7	194.81 kB	194.81 kB
semver	7.5.4	93.4 kB	123.8 kB
pprof-format	2.1.0	111.69 kB	111.69 kB
@datadog/sketches-js	2.1.0	109.9 kB	109.9 kB
lodash.sortby	4.7.0	75.76 kB	75.76 kB
lru-cache	7.14.0	74.95 kB	74.95 kB
ipaddr.js	2.1.0	60.23 kB	60.23 kB
ignore	5.2.4	51.22 kB	51.22 kB
int64-buffer	0.1.10	49.18 kB	49.18 kB
shell-quote	1.8.1	44.96 kB	44.96 kB
istanbul-lib-coverage	3.2.0	29.34 kB	29.34 kB
tlhunter-sorted-set	0.1.0	24.94 kB	24.94 kB
limiter	1.1.5	23.17 kB	23.17 kB
dc-polyfill	0.1.4	23.1 kB	23.1 kB
retry	0.13.1	18.85 kB	18.85 kB
node-abort-controller	3.1.1	16.89 kB	16.89 kB
jest-docblock	29.7.0	8.99 kB	12.76 kB
crypto-randomuuid	1.0.0	11.18 kB	11.18 kB
path-to-regexp	0.1.7	6.78 kB	6.78 kB
koalas	1.0.2	6.47 kB	6.47 kB
methods	1.1.2	5.29 kB	5.29 kB
module-details-from-path	1.0.3	4.47 kB	4.47 kB

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[pr-commenter]

Benchmarks

Benchmark execution time: 2024-04-18 15:25:33

Comparing candidate commit 043efb7 in PR branch igor/do-not-require-appsec-when-disabling with baseline commit c4c01e4 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 261 metrics, 5 unstable metrics.

[CarlesDD]

We should take care of this point where appsec could be enabled via RC.

https://github.com/DataDog/dd-trace-js/blob/master/packages/dd-trace/src/appsec/remote_config/index.js#L55

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.19%. Comparing base (c4c01e4) to head (05590f5).
Report is 3 commits behind head on master.

❗ Current head 05590f5 differs from pull request most recent head 043efb7. Consider uploading reports for the commit 043efb7 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4244      +/-   ##
==========================================
- Coverage   73.16%   69.19%   -3.98%     
==========================================
  Files         245        1     -244     
  Lines       10442      198   -10244     
  Branches       33       33              
==========================================
- Hits         7640      137    -7503     
+ Misses       2802       61    -2741     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[iunanua]

here we could pass to RC this._modules.appsec instead this. That way RC wouldn't need to know where to obtain the appsec module. It'd directly invoke enable or disable.

[simon-id]

good point, but i feel like we have this habit of passing the tracer instance a bit everywhere, so, up to you 🤷

[iunanua]

ok, I'll leave it as it is

[rochdev]

It's a habit we want to revert ASAP, so I'd use the boy scout rule here if possible.

[simon-id]

Is there anything in the CI that will ensure this works with bundlers ?

[iunanua]

there are some integration tests for es-build. Let me take a look

[iunanua]

esbuild tests are working as expected 👍

[simon-id]

@iunanua where are they running ? i can't find them in the CI

[iunanua]

AFAIK they are not in the CI.
You can run them manually here integration-tests/esbuild.

[simon-id]

code looks good, but if it's not tested in the CI, do I have to just trust you ?

[iunanua]

Aha! spec and job

Actually, they are running!

An error is shown Error: connect ECONNREFUSED 127.0.0.1:8126 when the app tries to communicate with the agent in the 8126 port but i'd say it's something expected

sorry for the noise 😅