Skip to content

Commit

Permalink
[nodejs] create new weblog for express 5 (#3572)
Browse files Browse the repository at this point in the history 
Co-authored-by: simon-id <simon.id@datadoghq.com>
Co-authored-by: Ugaitz Urien <ugaitz.urien@datadoghq.com>
  • Loading branch information
@IlyasShabi @simon-id @uurien
3 people authored Dec 10, 2024
1 parent c0a6d73 commit 74bb5b9
Show file tree
Hide file tree
Showing 55 changed files with 231 additions and 1,939 deletions.
2 changes: 1 addition & 1 deletion .github/actions/lint_code/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ runs:
node-version: 20
- name: 'Run nodejs lint'
shell: bash
working-directory: ./utils/build/docker/nodejs/express4
working-directory: ./utils/build/docker/nodejs/express
run: |
npm install
npm run lint
Expand Down
2 changes: 1 addition & 1 deletion docs/execute/build.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Build images used for system tests.
* For `golang`: `net-http` (default), `gin`, `echo`, `chi`
+ Specific to the `GRAPHQL_APPSEC` scenario: `gqlgen`, `graph-gophers`, `graphql-go`
* For `java`: `spring-boot` (default)
* For `nodejs`: `express4` (default), `express4-typescript`, `nextjs`
* For `nodejs`: `express4` (default), `express4-typescript`, `express5`, `nextjs`
* For `php`: `apache-mod-8.1`, `apache-mod-8.0` (default), `apache-mod-7.4`, `apache-mod-7.3`, `apache-mod-7.2`, `apache-mod-7.1`, `apache-mod-7.0`, `apache-mod-8.1-zts`, `apache-mod-8.0-zts`, `apache-mod-7.4-zts`, `apache-mod-7.3-zts`, `apache-mod-7.2-zts`, `apache-mod-7.1-zts`, `apache-mod-7.0-zts`, `php-fpm-8.1`, `php-fpm-8.0`, `php-fpm-7.4`, `php-fpm-7.3`, `php-fpm-7.2`, `php-fpm-7.1`, `php-fpm-7.0`
* For `python`: `flask-poc` (default), `fastapi`, `uwsgi-poc`, `django-poc`, `python3.12`
* For `ruby`: `rails70` (default), `rack`, `sinatra21`, and lot of other sinatra/rails versions
Expand Down
71 changes: 64 additions & 7 deletions manifests/nodejs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ refs:
- &ref_5_25_0 '>=5.25.0 || ^4.49.0'
- &ref_5_26_0 '>=5.26.0 || ^4.50.0'
- &ref_5_27_0 '>=5.27.0 || ^4.51.0'
- &ref_5_29_0 '>=5.29.0 || ^4.53.0'
- &ref_5_29_0 '>=5.29.0 || ^4.53.0' # express 5 support

tests/:
apm_tracing_e2e/:
Expand Down Expand Up @@ -72,17 +72,18 @@ tests/:
Test_Scanners: *ref_4_21_0
Test_Schema_Request_Cookies: *ref_4_21_0
Test_Schema_Request_FormUrlEncoded_Body:
express4: *ref_4_21_0
express4-typescript: *ref_4_21_0
'*': *ref_4_21_0
nextjs: *ref_5_3_0
Test_Schema_Request_Headers: *ref_4_21_0
Test_Schema_Request_Json_Body: *ref_4_21_0
Test_Schema_Request_Path_Parameters:
'*': *ref_4_21_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Schema_Request_Query_Parameters: *ref_4_21_0
Test_Schema_Response_Body:
'*': *ref_5_3_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Schema_Response_Body_env_var: missing_feature
Test_Schema_Response_Headers: *ref_4_21_0
Expand All @@ -92,7 +93,7 @@ tests/:
TestCodeInjection:
'*': *ref_5_20_0
nextjs: missing_feature
TestCodeInjection_StackTrace: missing_feature
TestCodeInjection_StackTrace: missing_feature
test_command_injection.py:
TestCommandInjection:
'*': *ref_3_11_0
Expand All @@ -117,15 +118,19 @@ tests/:
nextjs: missing_feature
TestHeaderInjectionExclusionAccessControlAllow:
'*': *ref_5_26_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
TestHeaderInjectionExclusionContentEncoding:
'*': *ref_5_26_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
TestHeaderInjectionExclusionPragma:
'*': *ref_5_26_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
TestHeaderInjectionExclusionTransferEncoding:
'*': *ref_5_26_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
TestHeaderInjection_StackTrace: missing_feature
test_hsts_missing_header.py:
Expand Down Expand Up @@ -168,6 +173,7 @@ tests/:
test_nosql_mongodb_injection.py:
TestNoSqlMongodbInjection:
'*': *ref_4_17_0
express5: missing_feature # express-mongo-sanitize is not yet compatible with express5
nextjs: missing_feature
TestNoSqlMongodbInjection_StackTrace: missing_feature
test_path_traversal.py:
Expand Down Expand Up @@ -253,6 +259,7 @@ tests/:
test_graphql_resolver.py:
TestGraphqlResolverArgument:
'*': *ref_5_4_0
express5: missing_feature # graphql not yet compatible with express5
nextjs: irrelevant # nextjs is not related with graphql
test_header_name.py:
TestHeaderName: missing_feature
Expand All @@ -275,12 +282,14 @@ tests/:
test_parameter_value.py:
TestParameterValue:
'*': *ref_3_19_0
express5: *ref_5_29_0
nextjs: missing_feature
test_path.py:
TestPath: missing_feature
test_path_parameter.py:
TestPathParameter:
'*': *ref_4_4_0
express5: *ref_5_29_0
nextjs: missing_feature
test_uri.py:
TestURI: missing_feature
Expand All @@ -289,34 +298,42 @@ tests/:
test_lfi.py:
Test_Lfi_BodyJson:
'*': *ref_5_24_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Lfi_BodyUrlEncoded:
'*': *ref_5_24_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Lfi_BodyXml: missing_feature
Test_Lfi_Capability: *ref_5_24_0
Test_Lfi_Mandatory_SpanTags: *ref_5_24_0
Test_Lfi_Optional_SpanTags: *ref_5_24_0
Test_Lfi_RC_CustomAction:
'*': *ref_5_24_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Lfi_Rules_Version: *ref_5_26_0
Test_Lfi_StackTrace:
'*': *ref_5_24_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Lfi_Telemetry:
'*': *ref_5_24_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Lfi_UrlQuery:
'*': *ref_5_24_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Lfi_Waf_Version: *ref_5_25_0
test_shi.py:
Test_Shi_BodyJson:
'*': *ref_5_25_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Shi_BodyUrlEncoded:
'*': *ref_5_25_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Shi_BodyXml: missing_feature
Test_Shi_Capability: *ref_5_25_0
Expand All @@ -325,21 +342,26 @@ tests/:
Test_Shi_Rules_Version: *ref_5_24_0
Test_Shi_StackTrace:
'*': *ref_5_25_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Shi_Telemetry:
'*': *ref_5_25_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Shi_Telemetry_Variant_Tag: missing_feature
Test_Shi_UrlQuery:
'*': *ref_5_25_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Shi_Waf_Version: *ref_5_25_0
test_sqli.py:
Test_Sqli_BodyJson:
'*': *ref_5_23_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Sqli_BodyUrlEncoded:
'*': *ref_5_23_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Sqli_BodyXml: missing_feature
Test_Sqli_Capability: *ref_5_23_0
Expand All @@ -348,12 +370,15 @@ tests/:
Test_Sqli_Rules_Version: *ref_5_25_0
Test_Sqli_StackTrace:
'*': *ref_5_23_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Sqli_Telemetry:
'*': *ref_5_23_0
express5: *ref_5_29_0 # test uses express blocking
nextjs: missing_feature
Test_Sqli_UrlQuery:
'*': *ref_5_23_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Sqli_Waf_Version: *ref_5_25_0
test_ssrf.py:
Expand All @@ -370,12 +395,15 @@ tests/:
Test_Ssrf_Rules_Version: *ref_5_25_0
Test_Ssrf_StackTrace:
'*': *ref_5_20_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
Test_Ssrf_Telemetry:
'*': *ref_5_22_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature
Test_Ssrf_UrlQuery:
'*': *ref_5_20_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Ssrf_Waf_Version: *ref_5_25_0
waf/:
Expand All @@ -394,11 +422,13 @@ tests/:
Test_FullGrpc: missing_feature
Test_GraphQL:
'*': *ref_4_22_0
express5: missing_feature # graphql not yet compatible with express5
nextjs: irrelevant # nextjs is not related with graphql
Test_GrpcServerMethod: missing_feature
Test_Headers: v2.0.0
Test_PathParams:
'*': v2.0.0
express5: *ref_5_29_0
nextjs: missing_feature
Test_ResponseStatus: v2.0.0
Test_UrlQuery:
Expand Down Expand Up @@ -459,6 +489,7 @@ tests/:
test_blocking_addresses.py:
Test_BlockingGraphqlResolvers:
'*': *ref_4_22_0
express5: missing_feature # graphql not yet compatible with express5
nextjs: irrelevant # nextjs is not related with graphql
Test_Blocking_client_ip: *ref_3_19_0
Test_Blocking_request_body:
Expand All @@ -474,9 +505,11 @@ tests/:
Test_Blocking_request_method: *ref_3_19_0
Test_Blocking_request_path_params:
'*': *ref_5_24_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Blocking_request_query:
'*': *ref_3_19_0
express5: *ref_5_29_0
nextjs: missing_feature
Test_Blocking_request_uri: *ref_3_19_0
Test_Blocking_response_headers: *ref_5_17_0
Expand All @@ -486,6 +519,7 @@ tests/:
nextjs: missing_feature
Test_Suspicious_Request_Blocking:
'*': *ref_5_24_0
express5: *ref_5_29_0 # test uses querystring and path params
nextjs: missing_feature
test_client_ip.py:
Test_StandardTagsClientIp: *ref_3_6_0
Expand Down Expand Up @@ -534,6 +568,7 @@ tests/:
test_request_blocking.py:
Test_AppSecRequestBlocking:
'*': *ref_3_19_0
express5: *ref_5_29_0 # test uses querystring
nextjs: missing_feature (can not block by query param in nextjs yet)
test_runtime_activation.py:
Test_RuntimeActivation: *ref_3_9_0
Expand Down Expand Up @@ -572,84 +607,106 @@ tests/:
Test_Kafka:
'*': irrelevant
express4: v0.1 # real version not known
express5: v0.1 # real version not known
test_kinesis.py:
Test_Kinesis_PROPAGATION_VIA_MESSAGE_ATTRIBUTES:
'*': irrelevant
express4: *ref_5_3_0
express5: *ref_5_3_0
test_rabbitmq.py:
Test_RabbitMQ_Trace_Context_Propagation:
'*': irrelevant
express4: v0.1 # real version not known
express5: v0.1 # real version not known
test_sns_to_sqs.py:
Test_SNS_Propagation:
'*': irrelevant
express4: *ref_5_20_0
express5: *ref_5_20_0
test_sqs.py:
Test_SQS_PROPAGATION_VIA_AWS_XRAY_HEADERS:
'*': irrelevant
express4: v0.1 # real version not known
express5: v0.1 # real version not known
Test_SQS_PROPAGATION_VIA_MESSAGE_ATTRIBUTES:
'*': irrelevant
express4: v0.1 # real version not known
express5: v0.1 # real version not known
test_db_integrations_sql.py:
Test_MsSql:
'*': missing_feature
express4: v1.0.0
express5: v1.0.0
Test_MySql:
'*': missing_feature
express4: v1.0.0
express5: v1.0.0
Test_Postgres:
'*': missing_feature
express4: v1.0.0
express5: v1.0.0
test_dbm.py:
Test_Dbm: missing_feature
Test_Dbm_Comment_NodeJS_mysql2:
'*': missing_feature (Missing on weblog)
express4: *ref_5_13_0
express5: *ref_5_13_0
uds-express4: *ref_5_13_0
Test_Dbm_Comment_NodeJS_pg:
'*': missing_feature (Missing on weblog)
express4: *ref_5_13_0
express5: *ref_5_13_0
uds-express4: *ref_5_13_0
test_dsm.py:
Test_DsmContext_Extraction_Base64:
'*': irrelevant
express4: *ref_5_6_0
express5: *ref_5_6_0
Test_DsmContext_Injection_Base64:
'*': irrelevant
express4: *ref_5_6_0
express5: *ref_5_6_0
Test_DsmHttp: missing_feature
Test_DsmKafka:
'*': *ref_5_25_0
nextjs: missing_feature (missing endpoint)
Test_DsmKinesis:
'*': irrelevant
express4: *ref_5_2_0
express5: *ref_5_2_0
Test_DsmRabbitmq:
'*': irrelevant
express4: *ref_5_3_0
express5: *ref_5_3_0
Test_DsmRabbitmq_FanoutExchange:
'*': irrelevant
express4: missing_feature
express5: missing_feature
Test_DsmRabbitmq_TopicExchange:
'*': irrelevant
express4: missing_feature
express5: missing_feature
Test_DsmSNS:
'*': irrelevant
express4: *ref_5_20_0
express5: *ref_5_20_0
Test_DsmSQS:
'*': irrelevant
express4: *ref_5_2_0
express5: *ref_5_2_0
Test_Dsm_Manual_Checkpoint_Inter_Process:
'*': irrelevant
express4: *ref_5_20_0
express5: *ref_5_20_0
Test_Dsm_Manual_Checkpoint_Intra_Process:
'*': irrelevant
express4: *ref_5_20_0
express5: *ref_5_20_0
test_inferred_proxy.py:
Test_AWS_API_Gateway_Inferred_Span_Creation:
'*': irrelevant
express4: *ref_5_26_0
'*': irrelevant
express4: *ref_5_26_0
express5: *ref_5_26_0
test_otel_drop_in.py:
Test_Otel_Drop_In: missing_feature
k8s_lib_injection/:
Expand Down Expand Up @@ -684,7 +741,7 @@ tests/:
Test_Parametric_DDTrace_Crash: missing_feature (crash endpoint is not implemented)
Test_Parametric_DDTrace_Current_Span: missing_feature (otel current_span endpoint is not supported)
Test_Parametric_OtelSpan_Set_Name: bug (APMAPI-778) # set_name endpoint should set the resource name on a span (not the operation name)
Test_Parametric_OtelSpan_Start: bug (APMAPI-778) # The expected span.kind tag is not set
Test_Parametric_OtelSpan_Start: bug (APMAPI-778) # The expected span.kind tag is not set
Test_Parametric_Otel_Baggage: missing_feature (baggage is not supported)
Test_Parametric_Otel_Current_Span: missing_feature (otel baggage endpoints are not implemented)
test_partial_flushing.py:
Expand Down
2 changes: 1 addition & 1 deletion tests/appsec/iast/sink/test_code_injection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ class TestCodeInjection(BaseSinkTest):
secure_endpoint = "/iast/code_injection/test_secure"
data = {"code": "1+2"}
location_map = {
"nodejs": {"express4": "iast/index.js", "express4-typescript": "iast.ts"},
"nodejs": {"express4": "iast/index.js", "express4-typescript": "iast.ts", "express5": "iast/index.js"},
}

@missing_feature(library="nodejs", reason="Instrumented metric not implemented")
Expand Down
2 changes: 1 addition & 1 deletion tests/appsec/iast/sink/test_command_injection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ class TestCommandInjection(BaseSinkTest):
data = {"cmd": "ls"}
location_map = {
"java": "com.datadoghq.system_tests.iast.utils.CmdExamples",
"nodejs": {"express4": "iast/index.js", "express4-typescript": "iast.ts"},
"nodejs": {"express4": "iast/index.js", "express4-typescript": "iast.ts", "express5": "iast/index.js"},
"python": {"flask-poc": "app.py", "django-poc": "app/urls.py"},
}

Expand Down
Loading

0 comments on commit 74bb5b9

Please sign in to comment.