dd-trace-js icon indicating copy to clipboard operation
dd-trace-js copied to clipboard

Published 20 hours ago verified publisher icon DataDog

WIP hooks fine tuning

Open iunanua opened this issue 1 year ago • 3 comments

What does this PR do?

The idea is to provide the hooks with a way to obtain the caller Module. That way when a wrapped method publishes messages via dc it could include the caller module to help subscribers to discard the message based on the caller (without the need to obtain the stacktrace for example) .

// a.js
const fs = require('fs')

fs.readFileSync('/path') // -> triggers 'apm:fs:operation:start' { operation: 'readFileSync', path: '/path', caller: a.js }

At the moment, once a module has been instrumented, it is cached and reused from the cache. But rim could use a Proxy to link the requested module with its parent. The Proxy would provide a __getCallerMethod method which returns the parent module.

// ritm
new Proxy(fs, {
  ... // get trap omitted
  __getCallerMethod: () => a.js
})

Allowing instrumentation hooks to obtain the module which is calling the fs function

Introduces the 'dd-trace:moduleLoadCachedStart' channel to demonstrate how a subscriber could choose between using the real module or a proxy.

Motivation

Some modules like fs or crypto generate a large number of events due its instrumentation. A lot of them have not interest for its subscribers (IAST or RASP soon) because the operations are triggered by third party modules or in contexts where there are not tainted values. If subscribers had information of the caller, the event could be discarded sooner and without taint checking or without relying on the stacktrace.

Plugin Checklist

Additional Notes

iunanua avatar Jul 05 '24 13:07 iunanua

Overall package size

Self size: 6.91 MB Deduped: 57 MB No deduping: 57.28 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | @datadog/native-appsec | 8.0.1 | 15.59 MB | 15.6 MB | | @datadog/native-iast-taint-tracking | 3.0.0 | 11.14 MB | 11.15 MB | | @datadog/pprof | 5.3.0 | 9.85 MB | 10.22 MB | | protobufjs | 7.2.5 | 2.77 MB | 5.16 MB | | @datadog/native-iast-rewriter | 2.4.0 | 2.14 MB | 2.22 MB | | @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB | | @datadog/native-metrics | 2.0.0 | 898.77 kB | 1.3 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.8.1 | 71.67 kB | 785.15 kB | | msgpack-lite | 0.1.26 | 201.16 kB | 281.59 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB | | semver | 7.6.3 | 95.82 kB | 95.82 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | lru-cache | 7.14.0 | 74.95 kB | 74.95 kB | | ignore | 5.3.1 | 51.46 kB | 51.46 kB | | int64-buffer | 0.1.10 | 49.18 kB | 49.18 kB | | shell-quote | 1.8.1 | 44.96 kB | 44.96 kB | | istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | path-to-regexp | 0.1.7 | 6.78 kB | 6.78 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

github-actions[bot] avatar Jul 05 '24 13:07 github-actions[bot]

Benchmarks

Benchmark execution time: 2024-08-01 08:31:51

Comparing candidate commit 6263f3154df43497340c9a2fc6405a69c8c7120f in PR branch igor/hooks-fine-tuning with baseline commit 878911fa71e08753a7aa132282af2f55f7fac9d4 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 262 metrics, 4 unstable metrics.

pr-commenter[bot] avatar Jul 05 '24 14:07 pr-commenter[bot]

Codecov Report

Attention: Patch coverage is 78.78788% with 7 lines in your changes missing coverage. Please review.

Project coverage is 64.09%. Comparing base (662cfac) to head (6263f31). Report is 763 commits behind head on master.

Files with missing lines Patch % Lines
...rc/appsec/iast/analyzers/vulnerability-analyzer.js 0.00% 3 Missing :warning:
...c/appsec/iast/analyzers/path-traversal-analyzer.js 0.00% 2 Missing :warning:
packages/dd-trace/src/ritm.js 75.00% 2 Missing :warning:
Additional details and impacted files 
@@             Coverage Diff             @@
##           master    #4474       +/-   ##
===========================================
- Coverage   88.75%   64.09%   -24.66%     
===========================================
  Files         114      253      +139     
  Lines        4160    10951     +6791     
  Branches       33       33               
===========================================
+ Hits         3692     7019     +3327     
- Misses        468     3932     +3464

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Aug 01 '24 08:08 codecov[bot]