From 8c64ee1fcce29e059826216b699f33c8c6bbad7c Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 16 Sep 2025 16:16:34 -0400 Subject: [PATCH 01/13] add include configuration to iitm loader hook --- integration-tests/startup.spec.js | 13 +++++++++- integration-tests/startup/unsupported.js | 10 ++++++++ loader-hook.mjs | 30 +++++++++++++++++++++++- register.js | 12 +--------- 4 files changed, 52 insertions(+), 13 deletions(-) create mode 100644 integration-tests/startup/unsupported.js diff --git a/integration-tests/startup.spec.js b/integration-tests/startup.spec.js index ef3c6022e90..7201ff10d45 100644 --- a/integration-tests/startup.spec.js +++ b/integration-tests/startup.spec.js @@ -35,11 +35,13 @@ execArgvs.forEach(({ execArgv, skip }) => { let sandbox let cwd let startupTestFile + let unsupportedTestFile before(async () => { - sandbox = await createSandbox() + sandbox = await createSandbox(['d3-format@3.1.0']) cwd = sandbox.folder startupTestFile = path.join(cwd, 'startup/index.js') + unsupportedTestFile = path.join(cwd, 'startup/unsupported.js') }) after(async () => { @@ -218,5 +220,14 @@ execArgvs.forEach(({ execArgv, skip }) => { }) }) }) + + context('with unsupported module', () => { + it('skips the unsupported module', async () => { + await spawnProc(unsupportedTestFile, { + cwd, + execArgv + }) + }) + }) }) }) diff --git a/integration-tests/startup/unsupported.js b/integration-tests/startup/unsupported.js new file mode 100644 index 00000000000..9e187fd9044 --- /dev/null +++ b/integration-tests/startup/unsupported.js @@ -0,0 +1,10 @@ +'use strict' + +const assert = require('assert') + +import('d3-format').then(({ format }) => { + const siFormat = format('.4~s') + + // This is `1.2undefined` when unexpectedly patched by import-in-the-middle. + assert.equal(siFormat(1200), '1.2k') +}) diff --git a/loader-hook.mjs b/loader-hook.mjs index 40bbdbade81..34e03f6f781 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1 +1,29 @@ -export * from 'import-in-the-middle/hook.mjs' +// export * from 'import-in-the-middle/hook.mjs' + +import * as iitm from 'import-in-the-middle/hook.mjs' +import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' + +const nodules = Object.keys(hooks) + +function initialize (data = {}) { + data.include ??= [] + data.exclude ??= [] + data.exclude.push( + /middle/, + /langsmith/, + /openai\/_shims/, + /openai\/resources\/chat\/completions\/messages/, + /openai\/agents-core\/dist\/shims/, + /@anthropic-ai\/sdk\/_shims/ + ) + + for (const nodule of nodules) { + data.include.push(new RegExp(`node_modules/${nodule}`), nodule) + data.exclude.push(new RegExp(`node_modules/${nodule}/node_modules`)) + } + + return iitm.initialize(data) +} + +export { initialize } +export { load, getFormat, resolve, getSource } from 'import-in-the-middle/hook.mjs' diff --git a/register.js b/register.js index 3c365f424d5..af30dfd7d39 100644 --- a/register.js +++ b/register.js @@ -5,14 +5,4 @@ const { register } = require('node:module') const { pathToFileURL } = require('node:url') -register('./loader-hook.mjs', pathToFileURL(__filename), { - data: { - exclude: [ - /langsmith/, - /openai\/_shims/, - /openai\/resources\/chat\/completions\/messages/, - /openai\/agents-core\/dist\/shims/, - /@anthropic-ai\/sdk\/_shims/ - ] - } -}) +register('./loader-hook.mjs', pathToFileURL(__filename)) From ed3dee1c546f6503d166c7cd6829531b50c30558 Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 16 Sep 2025 16:22:39 -0400 Subject: [PATCH 02/13] fix lint --- integration-tests/startup/unsupported.js | 1 + 1 file changed, 1 insertion(+) diff --git a/integration-tests/startup/unsupported.js b/integration-tests/startup/unsupported.js index 9e187fd9044..89a9a27d2c6 100644 --- a/integration-tests/startup/unsupported.js +++ b/integration-tests/startup/unsupported.js @@ -2,6 +2,7 @@ const assert = require('assert') +/* eslint-disable-next-line n/no-missing-import */ import('d3-format').then(({ format }) => { const siFormat = format('.4~s') From a1d45a431f241e90dd6cca0ed6043051a422f179 Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 23 Sep 2025 20:25:09 -0400 Subject: [PATCH 03/13] add support for security control includes --- index.d.ts | 5 ++++- loader-hook.mjs | 22 ++++++++++++++++------ packages/dd-trace/src/config.js | 5 ++++- packages/dd-trace/test/config.spec.js | 22 ++++++++++++++++------ 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/index.d.ts b/index.d.ts index fc0c3ffec2d..f588ef4ddc0 100644 --- a/index.d.ts +++ b/index.d.ts @@ -2793,7 +2793,10 @@ declare namespace tracer { redactionValuePattern?: string, /** - * Allows to enable security controls. + * Allows to enable security controls. This option is not supported when + * using ESM. + * @deprecated Please use the DD_IAST_SECURITY_CONTROLS_CONFIGURATION + * environment variable instead. */ securityControlsConfiguration?: string, diff --git a/loader-hook.mjs b/loader-hook.mjs index 34e03f6f781..69eee4b5dee 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,11 +1,17 @@ -// export * from 'import-in-the-middle/hook.mjs' - import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' +import { getEnvironmentVariables } from './packages/dd-trace/src/config-helper.js' -const nodules = Object.keys(hooks) +const { DD_IAST_SECURITY_CONTROLS_CONFIGURATION } = getEnvironmentVariables() function initialize (data = {}) { + const instrumentations = Object.keys(hooks) + const securityControls = (DD_IAST_SECURITY_CONTROLS_CONFIGURATION || '') + .split(';') + .map(sc => sc.trim().split(':')[2]) + .filter(Boolean) + .map(sc => sc.trim()) + data.include ??= [] data.exclude ??= [] data.exclude.push( @@ -17,9 +23,13 @@ function initialize (data = {}) { /@anthropic-ai\/sdk\/_shims/ ) - for (const nodule of nodules) { - data.include.push(new RegExp(`node_modules/${nodule}`), nodule) - data.exclude.push(new RegExp(`node_modules/${nodule}/node_modules`)) + for (const moduleName of instrumentations) { + data.include.push(new RegExp(`node_modules/${moduleName}`)) + data.exclude.push(new RegExp(`node_modules/${moduleName}/node_modules`)) + } + + for (const subpath of securityControls) { + data.include.push(new RegExp(subpath)) } return iitm.initialize(data) diff --git a/packages/dd-trace/src/config.js b/packages/dd-trace/src/config.js index e150576b74a..18f9e5699b9 100644 --- a/packages/dd-trace/src/config.js +++ b/packages/dd-trace/src/config.js @@ -19,6 +19,7 @@ const { appendRules } = require('./payload-tagging/config') const { getEnvironmentVariable: getEnv, getEnvironmentVariables } = require('./config-helper') const defaults = require('./config_defaults') const path = require('path') +const { DD_MAJOR } = require('../../../version') const tracerMetrics = telemetryMetrics.manager.namespace('tracers') @@ -1019,7 +1020,9 @@ class Config { opts['iast.requestSampling'] = iastRequestSampling this.#optsUnprocessed['iast.requestSampling'] = options.iast?.requestSampling } - opts['iast.securityControlsConfiguration'] = options.iast?.securityControlsConfiguration + if (DD_MAJOR < 6) { + opts['iast.securityControlsConfiguration'] = options.iast?.securityControlsConfiguration + } this.#setBoolean(opts, 'iast.stackTrace.enabled', options.iast?.stackTrace?.enabled) this.#setString(opts, 'iast.telemetryVerbosity', options.iast && options.iast.telemetryVerbosity) this.#setBoolean(opts, 'isCiVisibility', options.isCiVisibility) diff --git a/packages/dd-trace/test/config.spec.js b/packages/dd-trace/test/config.spec.js index 37019a8ff75..19a5be8eeb7 100644 --- a/packages/dd-trace/test/config.spec.js +++ b/packages/dd-trace/test/config.spec.js @@ -15,6 +15,7 @@ require('./setup/core') const { GRPC_CLIENT_ERROR_STATUSES, GRPC_SERVER_ERROR_STATUSES } = require('../src/constants') const { getEnvironmentVariable, getEnvironmentVariables } = require('../src/config-helper') const { assertObjectContains } = require('../../../integration-tests/helpers') +const { DD_MAJOR } = require('../../../version') describe('Config', () => { let Config @@ -1171,8 +1172,12 @@ describe('Config', () => { expect(config).to.have.nested.property('iast.redactionNamePattern', 'REDACTION_NAME_PATTERN') expect(config).to.have.nested.property('iast.redactionValuePattern', 'REDACTION_VALUE_PATTERN') expect(config).to.have.nested.property('iast.requestSampling', 50) - expect(config).to.have.nested.property('iast.securityControlsConfiguration', - 'SANITIZER:CODE_INJECTION:sanitizer.js:method') + if (DD_MAJOR < 6) { + expect(config).to.have.nested.property('iast.securityControlsConfiguration', + 'SANITIZER:CODE_INJECTION:sanitizer.js:method') + } else { + expect(config).to.not.have.property('iast.securityControlsConfiguration') + } expect(config).to.have.nested.property('iast.stackTrace.enabled', false) expect(config).to.have.nested.property('iast.telemetryVerbosity', 'DEBUG') expect(config).to.have.nested.property('llmobs.agentlessEnabled', true) @@ -1260,7 +1265,7 @@ describe('Config', () => { { name: 'iast.redactionNamePattern', value: 'REDACTION_NAME_PATTERN', origin: 'code' }, { name: 'iast.redactionValuePattern', value: 'REDACTION_VALUE_PATTERN', origin: 'code' }, { name: 'iast.requestSampling', value: 50, origin: 'code' }, - { + DD_MAJOR < 6 && { name: 'iast.securityControlsConfiguration', value: 'SANITIZER:CODE_INJECTION:sanitizer.js:method', origin: 'code' @@ -1290,7 +1295,7 @@ describe('Config', () => { { name: 'traceId128BitGenerationEnabled', value: true, origin: 'code' }, { name: 'traceId128BitLoggingEnabled', value: true, origin: 'code' }, { name: 'version', value: '0.1.0', origin: 'code' } - ]) + ].filter(v => v)) }) it('should initialize from the options with url taking precedence', () => { @@ -1685,8 +1690,13 @@ describe('Config', () => { expect(config).to.have.nested.property('iast.redactionNamePattern', 'REDACTION_NAME_PATTERN') expect(config).to.have.nested.property('iast.redactionValuePattern', 'REDACTION_VALUE_PATTERN') expect(config).to.have.nested.property('iast.requestSampling', 30) - expect(config).to.have.nested.property('iast.securityControlsConfiguration', - 'SANITIZER:CODE_INJECTION:sanitizer.js:method2') + if (DD_MAJOR < 6) { + expect(config).to.have.nested.property('iast.securityControlsConfiguration', + 'SANITIZER:CODE_INJECTION:sanitizer.js:method2') + } else { + expect(config).to.have.nested.property('iast.securityControlsConfiguration', + 'SANITIZER:CODE_INJECTION:sanitizer.js:method1') + } expect(config).to.have.nested.property('iast.stackTrace.enabled', false) expect(config).to.have.nested.property('llmobs.agentlessEnabled', false) expect(config).to.have.nested.property('llmobs.mlApp', 'myOtherMlApp') From 3262e49a1ff62540e73177af077c24f1caaf1a14 Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 23 Sep 2025 21:50:15 -0400 Subject: [PATCH 04/13] restore support for built-in modules --- loader-hook.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index 69eee4b5dee..dd997077f94 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -24,7 +24,7 @@ function initialize (data = {}) { ) for (const moduleName of instrumentations) { - data.include.push(new RegExp(`node_modules/${moduleName}`)) + data.include.push(new RegExp(`node_modules/${moduleName}`), moduleName) data.exclude.push(new RegExp(`node_modules/${moduleName}/node_modules`)) } From a46de2fda797fea0da0a21815e11a2a55f988b0a Mon Sep 17 00:00:00 2001 From: rochdev Date: Mon, 29 Sep 2025 15:54:38 -0400 Subject: [PATCH 05/13] fix nested supported modules --- loader-hook.mjs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index dd997077f94..ae3c8b75820 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -24,8 +24,7 @@ function initialize (data = {}) { ) for (const moduleName of instrumentations) { - data.include.push(new RegExp(`node_modules/${moduleName}`), moduleName) - data.exclude.push(new RegExp(`node_modules/${moduleName}/node_modules`)) + data.include.push(new RegExp(`node_modules/${moduleName}/(?!node_modules).+`), moduleName) } for (const subpath of securityControls) { From 16f8fa8070ef54432a1c6e574746c2758083eb0b Mon Sep 17 00:00:00 2001 From: Roch Devost Date: Mon, 6 Oct 2025 11:36:14 -0400 Subject: [PATCH 06/13] refactor --- loader-hook.mjs | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index ae3c8b75820..36d47e37080 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -5,15 +5,37 @@ import { getEnvironmentVariables } from './packages/dd-trace/src/config-helper.j const { DD_IAST_SECURITY_CONTROLS_CONFIGURATION } = getEnvironmentVariables() function initialize (data = {}) { + data.include ??= [] + data.exclude ??= [] + + addInstrumentations(data) + addSecurityControls(data) + addExclusions(data) + + return iitm.initialize(data) +} + +function addInstrumentations (data) { const instrumentations = Object.keys(hooks) + + for (const moduleName of instrumentations) { + data.include.push(new RegExp(`node_modules/${moduleName}/(?!node_modules).+`), moduleName) + } +} + +function addSecurityControls (data) { const securityControls = (DD_IAST_SECURITY_CONTROLS_CONFIGURATION || '') .split(';') .map(sc => sc.trim().split(':')[2]) .filter(Boolean) .map(sc => sc.trim()) - data.include ??= [] - data.exclude ??= [] + for (const subpath of securityControls) { + data.include.push(new RegExp(subpath)) + } +} + +function addExclusions (data) { data.exclude.push( /middle/, /langsmith/, @@ -22,16 +44,6 @@ function initialize (data = {}) { /openai\/agents-core\/dist\/shims/, /@anthropic-ai\/sdk\/_shims/ ) - - for (const moduleName of instrumentations) { - data.include.push(new RegExp(`node_modules/${moduleName}/(?!node_modules).+`), moduleName) - } - - for (const subpath of securityControls) { - data.include.push(new RegExp(subpath)) - } - - return iitm.initialize(data) } export { initialize } From e9e2310648c689862f4016ec50df71915e17afc3 Mon Sep 17 00:00:00 2001 From: rochdev Date: Mon, 6 Oct 2025 12:01:29 -0400 Subject: [PATCH 07/13] refactor --- loader-hook.mjs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index 36d47e37080..5358c3c11d0 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,8 +1,6 @@ import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' -import { getEnvironmentVariables } from './packages/dd-trace/src/config-helper.js' - -const { DD_IAST_SECURITY_CONTROLS_CONFIGURATION } = getEnvironmentVariables() +import { getEnvironmentVariable as env } from './packages/dd-trace/src/config-helper.js' function initialize (data = {}) { data.include ??= [] @@ -24,7 +22,7 @@ function addInstrumentations (data) { } function addSecurityControls (data) { - const securityControls = (DD_IAST_SECURITY_CONTROLS_CONFIGURATION || '') + const securityControls = (env('DD_IAST_SECURITY_CONTROLS_CONFIGURATION') || '') .split(';') .map(sc => sc.trim().split(':')[2]) .filter(Boolean) From d9c262b2714a25dffe3575a90a7b574131a3d797 Mon Sep 17 00:00:00 2001 From: rochdev Date: Mon, 6 Oct 2025 12:06:29 -0400 Subject: [PATCH 08/13] add regexp escaping --- loader-hook.mjs | 3 ++- package.json | 1 + yarn.lock | 36 ++++++++---------------------------- 3 files changed, 11 insertions(+), 29 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index 5358c3c11d0..a31ebcd88ba 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,3 +1,4 @@ +import regexpEscape from 'escape-string-regexp' import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' import { getEnvironmentVariable as env } from './packages/dd-trace/src/config-helper.js' @@ -29,7 +30,7 @@ function addSecurityControls (data) { .map(sc => sc.trim()) for (const subpath of securityControls) { - data.include.push(new RegExp(subpath)) + data.include.push(new RegExp(regexpEscape(subpath))) } } diff --git a/package.json b/package.json index 53477119ac3..a5668516c4c 100644 --- a/package.json +++ b/package.json @@ -134,6 +134,7 @@ "@opentelemetry/resources": ">=1.0.0 <1.10.0", "crypto-randomuuid": "^1.0.0", "dc-polyfill": "^0.1.10", + "escape-string-regexp": "^5.0.0", "ignore": "^7.0.5", "import-in-the-middle": "^1.14.2", "istanbul-lib-coverage": "^3.2.2", diff --git a/yarn.lock b/yarn.lock index c177f30fa35..6107930609f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1941,6 +1941,11 @@ escape-string-regexp@^4.0.0: resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== +escape-string-regexp@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz#4683126b500b61762f2dbebace1806e8be31b1c8" + integrity sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw== + eslint-compat-utils@^0.5.1: version "0.5.1" resolved "https://registry.yarnpkg.com/eslint-compat-utils/-/eslint-compat-utils-0.5.1.tgz#7fc92b776d185a70c4070d03fd26fde3d59652e4" @@ -4480,16 +4485,7 @@ streamsearch@^1.1.0: resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-1.1.0.tgz#404dd1e2247ca94af554e841a8ef0eaa238da764" integrity sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg== -"string-width-cjs@npm:string-width@^4.2.0": - version "4.2.3" - resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" - integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== - dependencies: - emoji-regex "^8.0.0" - is-fullwidth-code-point "^3.0.0" - strip-ansi "^6.0.1" - -string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -4553,14 +4549,7 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1": - version "6.0.1" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" - integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== - dependencies: - ansi-regex "^5.0.1" - -strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -5038,7 +5027,7 @@ workerpool@^9.2.0: resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-9.3.4.tgz#f6c92395b2141afd78e2a889e80cb338fe9fca41" integrity sha512-TmPRQYYSAnnDiEB0P/Ytip7bFGvqnSU6I2BcuSw7Hx+JSg/DsUi5ebYfc8GYaSdpuvOcEs6dXxPurOYpe9QFwg== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== @@ -5056,15 +5045,6 @@ wrap-ansi@^6.2.0: string-width "^4.1.0" strip-ansi "^6.0.0" -wrap-ansi@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" - integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== - dependencies: - ansi-styles "^4.0.0" - string-width "^4.1.0" - strip-ansi "^6.0.0" - wrap-ansi@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" From fee022a9c92bdb8f0e0724c6f91edb47809ef3e6 Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 7 Oct 2025 14:32:33 -0400 Subject: [PATCH 09/13] fix import --- loader-hook.mjs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index a31ebcd88ba..1ad3206c752 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,7 +1,10 @@ import regexpEscape from 'escape-string-regexp' import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' -import { getEnvironmentVariable as env } from './packages/dd-trace/src/config-helper.js' +import configHelper from './packages/dd-trace/src/config-helper.js' + +// For some reason `getEnvironmentVariable` is not otherwise available to ESM. +const env = configHelper.getEnvironmentVariable function initialize (data = {}) { data.include ??= [] From e2bdf7f6e781e4b773e570dcec83378871a4600a Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 7 Oct 2025 15:06:30 -0400 Subject: [PATCH 10/13] add missing 3rd party license --- LICENSE-3rdparty.csv | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE-3rdparty.csv b/LICENSE-3rdparty.csv index b512db78abe..1308b8a72a9 100644 --- a/LICENSE-3rdparty.csv +++ b/LICENSE-3rdparty.csv @@ -14,6 +14,7 @@ require,@opentelemetry/resources,Apache license 2.0,Copyright OpenTelemetry Auth require,@isaacs/ttlcache,ISC,Copyright (c) 2022-2023 - Isaac Z. Schlueter and Contributors require,crypto-randomuuid,MIT,Copyright 2021 Node.js Foundation and contributors require,dc-polyfill,MIT,Copyright 2023 Datadog Inc. +require,escape-string-regexp,MIT,Copyright Sindre Sorhus require,ignore,MIT,Copyright 2013 Kael Zhang and contributors require,import-in-the-middle,Apache license 2.0,Copyright 2021 Datadog Inc. require,istanbul-lib-coverage,BSD-3-Clause,Copyright 2012-2015 Yahoo! Inc. From fe27ec785c901d4650e5fd8ba12468e08c078f1c Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 7 Oct 2025 15:20:47 -0400 Subject: [PATCH 11/13] revert escaping --- loader-hook.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index 1ad3206c752..ecdc826a016 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,4 +1,4 @@ -import regexpEscape from 'escape-string-regexp' +// import regexpEscape from 'escape-string-regexp' import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' import configHelper from './packages/dd-trace/src/config-helper.js' @@ -33,7 +33,7 @@ function addSecurityControls (data) { .map(sc => sc.trim()) for (const subpath of securityControls) { - data.include.push(new RegExp(regexpEscape(subpath))) + data.include.push(new RegExp(subpath)) } } From 6592f0110c4126da720194ecc7fbf98befaf57e6 Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 7 Oct 2025 15:25:35 -0400 Subject: [PATCH 12/13] revert unrelated changes to yarn lockfile --- yarn.lock | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 6107930609f..e24645edc2f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4485,7 +4485,16 @@ streamsearch@^1.1.0: resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-1.1.0.tgz#404dd1e2247ca94af554e841a8ef0eaa238da764" integrity sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg== -"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.2, string-width@^4.2.3: version "4.2.3" resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -4549,7 +4558,14 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -5027,7 +5043,7 @@ workerpool@^9.2.0: resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-9.3.4.tgz#f6c92395b2141afd78e2a889e80cb338fe9fca41" integrity sha512-TmPRQYYSAnnDiEB0P/Ytip7bFGvqnSU6I2BcuSw7Hx+JSg/DsUi5ebYfc8GYaSdpuvOcEs6dXxPurOYpe9QFwg== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": version "7.0.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== @@ -5045,6 +5061,15 @@ wrap-ansi@^6.2.0: string-width "^4.1.0" strip-ansi "^6.0.0" +wrap-ansi@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + wrap-ansi@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" From 59f171df3e49e0fb204ce655406a95aa2d1f58be Mon Sep 17 00:00:00 2001 From: rochdev Date: Tue, 7 Oct 2025 15:49:58 -0400 Subject: [PATCH 13/13] restore escaping --- loader-hook.mjs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/loader-hook.mjs b/loader-hook.mjs index ecdc826a016..1ad3206c752 100644 --- a/loader-hook.mjs +++ b/loader-hook.mjs @@ -1,4 +1,4 @@ -// import regexpEscape from 'escape-string-regexp' +import regexpEscape from 'escape-string-regexp' import * as iitm from 'import-in-the-middle/hook.mjs' import hooks from './packages/datadog-instrumentations/src/helpers/hooks.js' import configHelper from './packages/dd-trace/src/config-helper.js' @@ -33,7 +33,7 @@ function addSecurityControls (data) { .map(sc => sc.trim()) for (const subpath of securityControls) { - data.include.push(new RegExp(subpath)) + data.include.push(new RegExp(regexpEscape(subpath))) } }