dd-trace-js
dd-trace-js copied to clipboard
DataDog
[IAST] Detect and report weak hashing vulnerabilities
What does this PR do?
When the application executes code like that, the tracer will report it to the backend.
const hash = crypto.createHash('sha1')
It will report the algorithm, the file that is doing it, and the line in the file
Motivation
First step to start detecting code vulnerabilities.
Plugin Checklist
- [x] Unit tests.
- [x] TypeScript definitions.
- [x] TypeScript tests.
Additional Notes
Overall package size
Self size: 2.68 MB Deduped: 29.85 MB No deduping: 30.48 MB
Dependency sizes
| name | version | self size | total size |
|---|---|---|---|
| @datadog/pprof | 1.0.2 | 8.74 MB | 14.46 MB |
| @datadog/native-metrics | 1.4.2 | 6.61 MB | 7.04 MB |
| @datadog/native-appsec | 1.2.1 | 5.1 MB | 5.43 MB |
| opentracing | 0.14.7 | 194.81 kB | 194.81 kB |
| @datadog/sketches-js | 2.0.0 | 105.44 kB | 105.44 kB |
| lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB |
| semver | 5.7.1 | 61.58 kB | 61.58 kB |
| ignore | 5.2.0 | 48.87 kB | 48.87 kB |
| import-in-the-middle | 1.3.1 | 30.44 kB | 34.91 kB |
| istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB |
| retry | 0.10.1 | 27.44 kB | 27.44 kB |
| lodash.uniq | 4.5.0 | 25.01 kB | 25.01 kB |
| limiter | 1.1.5 | 23.17 kB | 23.17 kB |
| lodash.kebabcase | 4.1.1 | 17.75 kB | 17.75 kB |
| lodash.pick | 4.4.0 | 16.33 kB | 16.33 kB |
| crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB |
| diagnostics_channel | 1.1.0 | 7.07 kB | 7.07 kB |
| path-to-regexp | 0.1.7 | 6.78 kB | 6.78 kB |
| koalas | 1.0.2 | 6.47 kB | 6.47 kB |
| methods | 1.1.2 | 5.29 kB | 5.29 kB |
| module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |
🤖 This report was automatically generated by heaviest-objects-in-the-universe
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Merging #2273 (1b31321) into master (ada0716) will increase coverage by
0.17%. The diff coverage is100.00%.
@@ Coverage Diff @@
## master #2273 +/- ##
==========================================
+ Coverage 92.70% 92.87% +0.17%
==========================================
Files 224 232 +8
Lines 8718 8931 +213
==========================================
+ Hits 8082 8295 +213
Misses 636 636
| Impacted Files | Coverage Δ | |
|---|---|---|
| ...ckages/datadog-instrumentations/src/http/server.js | 93.54% <100.00%> (ø) |
|
| ...ckages/dd-trace/src/appsec/iast/analyzers/index.js | 100.00% <100.00%> (ø) |
|
| ...rc/appsec/iast/analyzers/vulnerability-analyzer.js | 100.00% <100.00%> (ø) |
|
| ...ce/src/appsec/iast/analyzers/weak-hash-analyzer.js | 100.00% <100.00%> (ø) |
|
| packages/dd-trace/src/appsec/iast/iast-context.js | 100.00% <100.00%> (ø) |
|
| packages/dd-trace/src/appsec/iast/index.js | 100.00% <100.00%> (ø) |
|
| ...es/dd-trace/src/appsec/iast/overhead-controller.js | 100.00% <100.00%> (ø) |
|
| packages/dd-trace/src/appsec/iast/path-line.js | 100.00% <100.00%> (ø) |
|
| ...dd-trace/src/appsec/iast/vulnerability-reporter.js | 100.00% <100.00%> (ø) |
|
| packages/dd-trace/src/config.js | 99.06% <100.00%> (+0.07%) |
:arrow_up: |
| ... and 1 more |
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
