DataDog
diff --git a/‎.github/workflows/appsec.yml‎
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/appsec.yml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎.github/workflows/system-tests.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/system-tests.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.gitignore‎
Lines changed: 0 additions & 1 deletion b/‎.gitignore‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎LICENSE-3rdparty.csv‎
Lines changed: 2 additions & 0 deletions b/‎LICENSE-3rdparty.csv‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/test.ts‎
Lines changed: 0 additions & 1 deletion b/‎docs/test.ts‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎index.d.ts‎
Lines changed: 2 additions & 8 deletions b/‎index.d.ts‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎integration-tests/standalone-asm.spec.js‎
Lines changed: 30 additions & 21 deletions b/‎integration-tests/standalone-asm.spec.js‎
Lines changed: 30 additions & 21 deletions
diff --git a/‎package.json‎
Lines changed: 4 additions & 1 deletion b/‎package.json‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎packages/datadog-core/index.js‎
Lines changed: 1 addition & 3 deletions b/‎packages/datadog-core/index.js‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎packages/datadog-core/src/storage.js‎
Lines changed: 21 additions & 0 deletions b/‎packages/datadog-core/src/storage.js‎
Lines changed: 21 additions & 0 deletions
@@ -264,3 +264,17 @@ jobs:
       - uses: ./.github/actions/node/latest
       - run: yarn test:appsec:plugins:ci
       - uses: codecov/codecov-action@v3
+
+  template:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: handlebars|pug
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/node/setup
+      - uses: ./.github/actions/install
+      - uses: ./.github/actions/node/oldest
+      - run: yarn test:appsec:plugins:ci
+      - uses: ./.github/actions/node/latest
+      - run: yarn test:appsec:plugins:ci
+      - uses: codecov/codecov-action@v3
@@ -26,21 +26,21 @@ jobs:
           name: system_tests_binaries
           path: ./binaries/**/*
 
-  get-essential-scenarios:
+  get-scenarios:
     name: Get parameters
     uses: DataDog/system-tests/.github/workflows/compute-workflow-parameters.yml@main
     with:
       library: nodejs
-      scenarios_groups: essentials
+      scenarios_groups: essentials,appsec_rasp
 
   system-tests:
     runs-on: ${{ contains(fromJSON('["CROSSED_TRACING_LIBRARIES", "INTEGRATIONS"]'), matrix.scenario) && 'ubuntu-latest-16-cores' || 'ubuntu-latest' }}
     needs:
-      - get-essential-scenarios
+      - get-scenarios
     strategy:
       matrix:
-        weblog-variant: ${{fromJson(needs.get-essential-scenarios.outputs.endtoend_weblogs)}}
-        scenario: ${{fromJson(needs.get-essential-scenarios.outputs.endtoend_scenarios)}}
+        weblog-variant: ${{fromJson(needs.get-scenarios.outputs.endtoend_weblogs)}}
+        scenario: ${{fromJson(needs.get-scenarios.outputs.endtoend_scenarios)}}
 
     env:
       TEST_LIBRARY: nodejs
 
@@ -106,7 +106,6 @@ typings/
 
 # End of https://www.gitignore.io/api/node,macos,visualstudiocode
 
-.github/notes
 .next
 package-lock.json
 out
 
@@ -1,4 +1,5 @@
 Component,Origin,License,Copyright
+require,@datadog/libdatadog,Apache license 2.0,Copyright 2024 Datadog Inc.
 require,@datadog/native-appsec,Apache license 2.0,Copyright 2018 Datadog Inc.
 require,@datadog/native-metrics,Apache license 2.0,Copyright 2018 Datadog Inc.
 require,@datadog/native-iast-rewriter,Apache license 2.0,Copyright 2018 Datadog Inc.
@@ -7,6 +8,7 @@ require,@datadog/pprof,Apache license 2.0,Copyright 2019 Google Inc.
 require,@datadog/sketches-js,Apache license 2.0,Copyright 2020 Datadog Inc.
 require,@opentelemetry/api,Apache license 2.0,Copyright OpenTelemetry Authors
 require,@opentelemetry/core,Apache license 2.0,Copyright OpenTelemetry Authors
+require,@isaacs/ttlcache,ISC,Copyright (c) 2022-2023 - Isaac Z. Schlueter and Contributors
 require,crypto-randomuuid,MIT,Copyright 2021 Node.js Foundation and contributors
 require,dc-polyfill,MIT,Copyright 2023 Datadog Inc.
 require,ignore,MIT,Copyright 2013 Kael Zhang and contributors
 
@@ -115,7 +115,6 @@ tracer.init({
     },
     apiSecurity: {
       enabled: true,
-      requestSampling: 1.0
     },
     rasp: {
       enabled: true
 
@@ -662,19 +662,13 @@ declare namespace tracer {
         mode?: 'safe' | 'extended' | 'disabled'
       },
       /**
-       * Configuration for Api Security sampling
+       * Configuration for Api Security
        */
       apiSecurity?: {
         /** Whether to enable Api Security.
-         * @default false
+         * @default true
          */
         enabled?: boolean,
-
-        /** Controls the request sampling rate (between 0 and 1) in which Api Security is triggered.
-         * The value will be coerced back if it's outside of the 0-1 range.
-         * @default 0.1
-         */
-        requestSampling?: number
       },
       /**
        * Configuration for RASP
 
@@ -81,33 +81,42 @@ describe('Standalone ASM', () => {
       })
     })
 
-    it('should keep second req because RateLimiter allows 1 req/min and discard the next', async () => {
-      // 1st req kept because waf init
-      // 2nd req kept because it's the first one hitting RateLimiter
-      // next in the first minute are dropped
-      await doWarmupRequests(proc)
-
-      return curlAndAssertMessage(agent, proc, ({ headers, payload }) => {
+    it('should keep fifth req because RateLimiter allows 1 req/min', async () => {
+      const promise = curlAndAssertMessage(agent, proc, ({ headers, payload }) => {
         assert.propertyVal(headers, 'datadog-client-computed-stats', 'yes')
         assert.isArray(payload)
-        assert.strictEqual(payload.length, 4)
-
-        const secondReq = payload[1]
-        assert.isArray(secondReq)
-        assert.strictEqual(secondReq.length, 5)
+        if (payload.length === 4) {
+          assertKeep(payload[0][0])
+          assertDrop(payload[1][0])
+          assertDrop(payload[2][0])
+          assertDrop(payload[3][0])
+
+          // req after a minute
+        } else {
+          const fifthReq = payload[0]
+          assert.isArray(fifthReq)
+          assert.strictEqual(fifthReq.length, 5)
+
+          const { meta, metrics } = fifthReq[0]
+          assert.notProperty(meta, 'manual.keep')
+          assert.notProperty(meta, '_dd.p.appsec')
+
+          assert.propertyVal(metrics, '_sampling_priority_v1', AUTO_KEEP)
+          assert.propertyVal(metrics, '_dd.apm.enabled', 0)
+        }
+      }, 70000, 2)
 
-        const { meta, metrics } = secondReq[0]
-        assert.notProperty(meta, 'manual.keep')
-        assert.notProperty(meta, '_dd.p.appsec')
+      // 1st req kept because waf init
+      // next in the first minute are dropped
+      // 5nd req kept because RateLimiter allows 1 req/min
+      await doWarmupRequests(proc)
 
-        assert.propertyVal(metrics, '_sampling_priority_v1', AUTO_KEEP)
-        assert.propertyVal(metrics, '_dd.apm.enabled', 0)
+      await new Promise(resolve => setTimeout(resolve, 60000))
 
-        assertDrop(payload[2][0])
+      await curl(proc)
 
-        assertDrop(payload[3][0])
-      })
-    })
+      return promise
+    }).timeout(70000)
 
     it('should keep attack requests', async () => {
       await doWarmupRequests(proc)
 
@@ -15,6 +15,7 @@
     "type:test": "cd docs && yarn && yarn test",
     "lint": "node scripts/check_licenses.js && eslint . && yarn audit",
     "lint-fix": "node scripts/check_licenses.js && eslint . --fix && yarn audit",
+    "release:proposal": "node scripts/release/proposal",
     "services": "node ./scripts/install_plugin_modules && node packages/dd-trace/test/setup/services",
     "test": "SERVICES=* yarn services && mocha --expose-gc 'packages/dd-trace/test/setup/node.js' 'packages/*/test/**/*.spec.js'",
     "test:appsec": "mocha -r \"packages/dd-trace/test/setup/mocha.js\" --exclude \"packages/dd-trace/test/appsec/**/*.plugin.spec.js\" \"packages/dd-trace/test/appsec/**/*.spec.js\"",
@@ -81,12 +82,14 @@
     "node": ">=18"
   },
   "dependencies": {
-    "@datadog/native-appsec": "8.2.1",
+    "@datadog/libdatadog": "^0.2.2",
+    "@datadog/native-appsec": "8.3.0",
     "@datadog/native-iast-rewriter": "2.5.0",
     "@datadog/native-iast-taint-tracking": "3.2.0",
     "@datadog/native-metrics": "^3.0.1",
     "@datadog/pprof": "5.4.1",
     "@datadog/sketches-js": "^2.1.0",
+    "@isaacs/ttlcache": "^1.4.1",
     "@opentelemetry/api": ">=1.0.0 <1.9.0",
     "@opentelemetry/core": "^1.14.0",
     "crypto-randomuuid": "^1.0.0",
 
@@ -1,7 +1,5 @@
 'use strict'
 
-const { AsyncLocalStorage } = require('async_hooks')
-
-const storage = new AsyncLocalStorage()
+const storage = require('./src/storage')
 
 module.exports = { storage }
@@ -0,0 +1,21 @@
+'use strict'
+
+const { AsyncLocalStorage } = require('async_hooks')
+
+const storages = Object.create(null)
+const legacyStorage = new AsyncLocalStorage()
+
+const storage = function (namespace) {
+  if (!storages[namespace]) {
+    storages[namespace] = new AsyncLocalStorage()
+  }
+  return storages[namespace]
+}
+
+storage.disable = legacyStorage.disable.bind(legacyStorage)
+storage.enterWith = legacyStorage.enterWith.bind(legacyStorage)
+storage.exit = legacyStorage.exit.bind(legacyStorage)
+storage.getStore = legacyStorage.getStore.bind(legacyStorage)
+storage.run = legacyStorage.run.bind(legacyStorage)
+
+module.exports = storage