Skip to content

Commit

Permalink
Remove iast-log and review ASM log messages (#4919)
Browse files Browse the repository at this point in the history
* Remove iast-log and review ASM log messages

* Update packages/dd-trace/src/appsec/iast/iast-plugin.js

Co-authored-by: Ugaitz Urien <[email protected]>

* Update packages/dd-trace/src/appsec/rasp/fs-plugin.js

Co-authored-by: Carles Capell <[email protected]>

* remove template literal

---------

Co-authored-by: Ugaitz Urien <[email protected]>
Co-authored-by: Carles Capell <[email protected]>
  • Loading branch information
3 people authored and bengl committed Nov 25, 2024
1 parent 0ee7398 commit 1687b5c
Show file tree
Hide file tree
Showing 38 changed files with 112 additions and 302 deletions.
2 changes: 1 addition & 1 deletion packages/dd-trace/src/appsec/api_security_sampler.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ function computeKey (req, res) {
const status = res.statusCode

if (!method || !status) {
log.warn('Unsupported groupkey for API security')
log.warn('[ASM] Unsupported groupkey for API security')
return null
}
return method + route + status
Expand Down
2 changes: 1 addition & 1 deletion packages/dd-trace/src/appsec/blocking.js
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ function getBlockingData (req, specificType, actionParameters) {

function block (req, res, rootSpan, abortController, actionParameters = defaultBlockingActionParameters) {
if (res.headersSent) {
log.warn('Cannot send blocking response when headers have already been sent')
log.warn('[ASM] Cannot send blocking response when headers have already been sent')
return
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const Analyzer = require('./vulnerability-analyzer')
const { getNodeModulesPaths } = require('../path-line')
const iastLog = require('../iast-log')
const log = require('../../../log')

const EXCLUDED_PATHS = getNodeModulesPaths('express/lib/response.js')

Expand All @@ -16,7 +16,7 @@ class CookieAnalyzer extends Analyzer {
try {
this.cookieFilterRegExp = new RegExp(config.iast.cookieFilterPattern)
} catch {
iastLog.error('Invalid regex in cookieFilterPattern')
log.error('[ASM] Invalid regex in cookieFilterPattern')
this.cookieFilterRegExp = /.{32,}/
}

Expand Down
86 changes: 0 additions & 86 deletions packages/dd-trace/src/appsec/iast/iast-log.js

This file was deleted.

8 changes: 4 additions & 4 deletions packages/dd-trace/src/appsec/iast/iast-plugin.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

const { channel } = require('dc-polyfill')

const iastLog = require('./iast-log')
const Plugin = require('../../plugins/plugin')
const iastTelemetry = require('./telemetry')
const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, formatTags } =
require('./telemetry/iast-metric')
const { storage } = require('../../../../datadog-core')
const { getIastContext } = require('./iast-context')
const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
const log = require('../../log')

/**
* Used by vulnerability sources and sinks to subscribe diagnostic channel events
Expand Down Expand Up @@ -65,7 +65,7 @@ class IastPlugin extends Plugin {
try {
handler(message, name)
} catch (e) {
iastLog.errorAndPublish(e)
log.error('[ASM] Error executing IAST plugin handler', e)
}
}
}
Expand All @@ -76,7 +76,7 @@ class IastPlugin extends Plugin {
const iastContext = getIastContext(storage.getStore())
iastSub.increaseExecuted(iastContext)
} catch (e) {
iastLog.errorAndPublish(e)
log.error('[ASM] Error increasing handler executed metrics', e)
}
}
}
Expand All @@ -93,7 +93,7 @@ class IastPlugin extends Plugin {
}
return result
} catch (e) {
iastLog.errorAndPublish(e)
log.error('[ASM] Error executing handler or increasing metrics', e)
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

const TaintedUtils = require('@datadog/native-iast-taint-tracking')
const { IAST_TRANSACTION_ID } = require('../iast-context')
const iastLog = require('../iast-log')
const log = require('../../../log')

function taintObject (iastContext, object, type) {
let result = object
Expand Down Expand Up @@ -33,7 +33,7 @@ function taintObject (iastContext, object, type) {
}
}
} catch (e) {
iastLog.error(`Error visiting property : ${property}`).errorAndPublish(e)
log.error('[ASM] Error in taintObject when visiting property : %s', property, e)
}
}
}
Expand Down
13 changes: 5 additions & 8 deletions packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,12 @@

const Module = require('module')
const shimmer = require('../../../../../datadog-shimmer')
const iastLog = require('../iast-log')
const { isPrivateModule, isNotLibraryFile } = require('./filter')
const { csiMethods } = require('./csi-methods')
const { getName } = require('../telemetry/verbosity')
const { getRewriteFunction } = require('./rewriter-telemetry')
const dc = require('dc-polyfill')
const log = require('../../../log')

const hardcodedSecretCh = dc.channel('datadog:secrets:result')
let rewriter
Expand Down Expand Up @@ -60,8 +60,7 @@ function getRewriter (telemetryVerbosity) {
chainSourceMap
})
} catch (e) {
iastLog.error('Unable to initialize TaintTracking Rewriter')
.errorAndPublish(e)
log.error('[ASM] Unable to initialize TaintTracking Rewriter', e)
}
}
return rewriter
Expand Down Expand Up @@ -99,8 +98,7 @@ function getCompileMethodFn (compileMethod) {
}
}
} catch (e) {
iastLog.error(`Error rewriting ${filename}`)
.errorAndPublish(e)
log.error('[ASM] Error rewriting file %s', filename, e)
}
return compileMethod.apply(this, [content, filename])
}
Expand All @@ -117,8 +115,7 @@ function enableRewriter (telemetryVerbosity) {
shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
}
} catch (e) {
iastLog.error('Error enabling TaintTracking Rewriter')
.errorAndPublish(e)
log.error('[ASM] Error enabling TaintTracking Rewriter', e)
}
}

Expand All @@ -132,7 +129,7 @@ function disableRewriter () {

Error.prepareStackTrace = originalPrepareStackTrace
} catch (e) {
iastLog.warn(e)
log.warn('[ASM] Error disabling TaintTracking rewriter', e)
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ const dc = require('dc-polyfill')
const TaintedUtils = require('@datadog/native-iast-taint-tracking')
const { storage } = require('../../../../../datadog-core')
const iastContextFunctions = require('../iast-context')
const iastLog = require('../iast-log')
const { EXECUTED_PROPAGATION } = require('../telemetry/iast-metric')
const { isDebugAllowed } = require('../telemetry/verbosity')
const { taintObject } = require('./operations-taint-object')
const log = require('../../../log')

const mathRandomCallCh = dc.channel('datadog:random:call')
const evalCallCh = dc.channel('datadog:eval:call')
Expand Down Expand Up @@ -60,8 +60,7 @@ function getFilteredCsiFn (cb, filter, getContext) {
return cb(transactionId, res, target, ...rest)
}
} catch (e) {
iastLog.error(`Error invoking CSI ${target}`)
.errorAndPublish(e)
log.error('[ASM] Error invoking CSI %s', target, e)
}
return res
}
Expand Down Expand Up @@ -112,8 +111,7 @@ function csiMethodsOverrides (getContext) {
return TaintedUtils.concat(transactionId, res, op1, op2)
}
} catch (e) {
iastLog.error('Error invoking CSI plusOperator')
.errorAndPublish(e)
log.error('[ASM] Error invoking CSI plusOperator', e)
}
return res
},
Expand All @@ -126,8 +124,7 @@ function csiMethodsOverrides (getContext) {
return TaintedUtils.concat(transactionId, res, ...rest)
}
} catch (e) {
iastLog.error('Error invoking CSI tplOperator')
.errorAndPublish(e)
log.error('[ASM] Error invoking CSI tplOperator', e)
}
return res
},
Expand Down Expand Up @@ -178,7 +175,7 @@ function csiMethodsOverrides (getContext) {
}
}
} catch (e) {
iastLog.error(e)
log.error('[ASM] Error invoking CSI JSON.parse', e)
}
}

Expand All @@ -194,7 +191,7 @@ function csiMethodsOverrides (getContext) {
res = TaintedUtils.arrayJoin(transactionId, res, target, separator)
}
} catch (e) {
iastLog.error(e)
log.error('[ASM] Error invoking CSI join', e)
}
}

Expand Down Expand Up @@ -250,8 +247,7 @@ function lodashTaintTrackingHandler (message) {
message.result = getLodashTaintedUtilFn(message.operation)(transactionId, message.result, ...message.arguments)
}
} catch (e) {
iastLog.error(`Error invoking CSI lodash ${message.operation}`)
.errorAndPublish(e)
log.error('[ASM] Error invoking CSI lodash %s', message.operation, e)
}
}

Expand Down
5 changes: 2 additions & 3 deletions packages/dd-trace/src/appsec/iast/telemetry/namespaces.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ const log = require('../../../log')
const { Namespace } = require('../../../telemetry/metrics')
const { addMetricsToSpan } = require('./span-tags')
const { IAST_TRACE_METRIC_PREFIX } = require('../tags')
const iastLog = require('../iast-log')

const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')

Expand All @@ -31,7 +30,7 @@ function finalizeRequestNamespace (context, rootSpan) {

namespace.clear()
} catch (e) {
log.error(e)
log.error('[ASM] Error merging request metrics', e)
} finally {
if (context) {
delete context[DD_IAST_METRICS_NAMESPACE]
Expand Down Expand Up @@ -79,7 +78,7 @@ class IastNamespace extends Namespace {

if (metrics.size === this.maxMetricTagsSize) {
metrics.clear()
iastLog.warnAndPublish(`Tags cache max size reached for metric ${name}`)
log.error('[ASM] Tags cache max size reached for metric %s', name)
}

metrics.set(tags, metric)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict'

const iastLog = require('../../../iast-log')
const log = require('../../../../../log')

const COMMAND_PATTERN = '^(?:\\s*(?:sudo|doas)\\s+)?\\b\\S+\\b\\s(.*)'
const pattern = new RegExp(COMMAND_PATTERN, 'gmi')
Expand All @@ -16,7 +16,7 @@ module.exports = function extractSensitiveRanges (evidence) {
return [{ start, end }]
}
} catch (e) {
iastLog.debug(e)
log.debug('[ASM] Error extracting sensitive ranges', e)
}
return []
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict'

const iastLog = require('../../../iast-log')
const log = require('../../../../../log')

const LDAP_PATTERN = '\\(.*?(?:~=|=|<=|>=)(?<LITERAL>[^)]+)\\)'
const pattern = new RegExp(LDAP_PATTERN, 'gmi')
Expand All @@ -22,7 +22,7 @@ module.exports = function extractSensitiveRanges (evidence) {
}
return tokens
} catch (e) {
iastLog.debug(e)
log.debug('[ASM] Error extracting sensitive ranges', e)
}
return []
}
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict'

const iastLog = require('../../../iast-log')
const log = require('../../../../../log')

const STRING_LITERAL = '\'(?:\'\'|[^\'])*\''
const POSTGRESQL_ESCAPED_LITERAL = '\\$([^$]*)\\$.*?\\$\\1\\$'
Expand Down Expand Up @@ -106,7 +106,7 @@ module.exports = function extractSensitiveRanges (evidence) {
}
return tokens
} catch (e) {
iastLog.debug(e)
log.debug('[ASM] Error extracting sensitive ranges', e)
}
return []
}
Loading

0 comments on commit 1687b5c

Please sign in to comment.