datadog-lambda-js
Advanced tools
Comparing version
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.STREAM_RESPONSE = exports.HANDLER_STREAMING = exports.datadogLambdaVersion = void 0; | ||
exports.datadogLambdaVersion = "10.124.0"; | ||
exports.datadogLambdaVersion = "11.125.0"; | ||
// Response streaming functions | ||
@@ -6,0 +6,0 @@ exports.HANDLER_STREAMING = Symbol.for("aws.lambda.runtime.handler.streaming"); |
@@ -43,2 +43,3 @@ "use strict"; | ||
var utils_1 = require("../utils"); | ||
var fips_1 = require("../utils/fips"); | ||
var KMSService = /** @class */ (function () { | ||
@@ -51,3 +52,3 @@ function KMSService() { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var buffer, kms, region, isGovRegion, kmsClientParams, kmsClient, result, _a, err_1; | ||
var buffer, kms, kmsClientParams, kmsClient, result, _a, err_1; | ||
return __generator(this, function (_b) { | ||
@@ -57,12 +58,8 @@ switch (_b.label) { | ||
buffer = Buffer.from(ciphertext, "base64"); | ||
region = process.env.AWS_REGION; | ||
isGovRegion = region !== undefined && region.startsWith("us-gov-"); | ||
if (isGovRegion) { | ||
(0, utils_1.logDebug)("Govcloud region detected. Using FIPs endpoints for secrets management."); | ||
} | ||
kmsClientParams = {}; | ||
if (isGovRegion) { | ||
if (fips_1.FIPS_MODE_ENABLED) { | ||
(0, utils_1.logDebug)("FIPS mode is enabled, Using FIPS endpoints for secrets management."); | ||
// Endpoints: https://docs.aws.amazon.com/general/latest/gr/kms.html | ||
kmsClientParams = { | ||
endpoint: "https://kms-fips.".concat(region, ".amazonaws.com"), | ||
endpoint: "https://kms-fips.".concat(fips_1.AWS_REGION, ".amazonaws.com"), | ||
}; | ||
@@ -69,0 +66,0 @@ } |
@@ -52,4 +52,4 @@ import { KMSService } from "./kms-service"; | ||
private currentProcessor?; | ||
private apiKey; | ||
private statsDClient?; | ||
private apiKey?; | ||
private statsDClient; | ||
private isExtensionRunning?; | ||
@@ -56,0 +56,0 @@ private globalTags?; |
@@ -88,3 +88,2 @@ "use strict"; | ||
exports.MetricsListener = void 0; | ||
var hot_shots_1 = require("hot-shots"); | ||
var util_1 = require("util"); | ||
@@ -96,2 +95,4 @@ var utils_1 = require("../utils"); | ||
var enhanced_metrics_1 = require("./enhanced-metrics"); | ||
var dogstatsd_1 = require("./dogstatsd"); | ||
var fips_1 = require("../utils/fips"); | ||
var METRICS_BATCH_SEND_INTERVAL = 10000; // 10 seconds | ||
@@ -105,4 +106,4 @@ var HISTORICAL_METRICS_THRESHOLD_HOURS = 4 * 60 * 60 * 1000; // 4 hours | ||
this.globalTags = []; | ||
this.apiKey = this.getAPIKey(config); | ||
this.config = config; | ||
this.statsDClient = new dogstatsd_1.LambdaDogStatsD(); | ||
} | ||
@@ -115,2 +116,8 @@ MetricsListener.prototype.onStartInvocation = function (_, context) { | ||
case 0: | ||
// We get the API key in onStartInvocation rather than in the constructor because in busy functions, | ||
// initialization may occur more than 5 minutes before the first invocation (due to proactive initialization), | ||
// resulting in AWS errors: https://github.com/aws/aws-sdk-js-v3/issues/5192#issuecomment-2073243617 | ||
if (!this.apiKey) { | ||
this.apiKey = this.getAPIKey(this.config); | ||
} | ||
if (!(this.isExtensionRunning === undefined)) return [3 /*break*/, 2]; | ||
@@ -127,4 +134,2 @@ _a = this; | ||
this.globalTags = this.getGlobalTags(context); | ||
// About 200 chars per metric, so 8KB buffer size holds approx 40 metrics per request | ||
this.statsDClient = new hot_shots_1.StatsD({ host: "127.0.0.1", closingFlushInterval: 1, maxBufferSize: 8192 }); | ||
return [2 /*return*/]; | ||
@@ -145,3 +150,2 @@ } | ||
var processor, error_1; | ||
var _this = this; | ||
return __generator(this, function (_a) { | ||
@@ -169,18 +173,7 @@ switch (_a.label) { | ||
case 4: | ||
if (!(this.statsDClient !== undefined)) return [3 /*break*/, 6]; | ||
if (!this.isExtensionRunning) return [3 /*break*/, 6]; | ||
(0, utils_1.logDebug)("Flushing statsD"); | ||
// Make sure all stats are flushed to extension | ||
return [4 /*yield*/, new Promise(function (resolve, reject) { | ||
var _a; | ||
(_a = _this.statsDClient) === null || _a === void 0 ? void 0 : _a.close(function (error) { | ||
if (error !== undefined) { | ||
reject(error); | ||
} | ||
resolve(); | ||
}); | ||
})]; | ||
return [4 /*yield*/, this.statsDClient.flush()]; | ||
case 5: | ||
// Make sure all stats are flushed to extension | ||
_a.sent(); | ||
this.statsDClient = undefined; | ||
_a.label = 6; | ||
@@ -211,3 +204,2 @@ case 6: return [3 /*break*/, 8]; | ||
forceAsync) { | ||
var _a; | ||
var tags = []; | ||
@@ -217,25 +209,14 @@ for (var _i = 4; _i < arguments.length; _i++) { | ||
} | ||
// If extension is running, use dogstatsd (FIPS compliant) | ||
if (this.isExtensionRunning) { | ||
var isMetricTimeValid = Date.parse(metricTime.toString()) > 0; | ||
if (isMetricTimeValid) { | ||
var dateCeiling = new Date(Date.now() - HISTORICAL_METRICS_THRESHOLD_HOURS); // 4 hours ago | ||
if (dateCeiling > metricTime) { | ||
(0, utils_1.logWarning)("Timestamp ".concat(metricTime.toISOString(), " is older than 4 hours, not submitting metric ").concat(name)); | ||
return; | ||
} | ||
// Only create the processor to submit metrics to the API when a user provides a valid timestamp as | ||
// Dogstatsd does not support timestamps for distributions. | ||
if (this.currentProcessor === undefined) { | ||
this.currentProcessor = this.createProcessor(this.config, this.apiKey); | ||
} | ||
// Add global tags to metrics sent to the API | ||
if (this.globalTags !== undefined && this.globalTags.length > 0) { | ||
tags = __spreadArray(__spreadArray([], __read(tags), false), __read(this.globalTags), false); | ||
} | ||
} | ||
else { | ||
(_a = this.statsDClient) === null || _a === void 0 ? void 0 : _a.distribution(name, value, undefined, tags); | ||
var dateCeiling = new Date(Date.now() - HISTORICAL_METRICS_THRESHOLD_HOURS); // 4 hours ago | ||
if (dateCeiling > metricTime) { | ||
(0, utils_1.logWarning)("Timestamp ".concat(metricTime.toISOString(), " is older than 4 hours, not submitting metric ").concat(name)); | ||
return; | ||
} | ||
var secondsSinceEpoch = metricTime.getTime() / 1000; | ||
this.statsDClient.distribution(name, value, secondsSinceEpoch, tags); | ||
return; | ||
} | ||
// If no extension + logForwarding, write to stdout (FIPS compliant) | ||
if (this.config.logForwarding || forceAsync) { | ||
@@ -245,2 +226,11 @@ (0, metric_log_1.writeMetricToStdout)(name, value, metricTime, tags); | ||
} | ||
// Otherwise, send directly to DD API (not FIPs compliant!) | ||
if (fips_1.FIPS_MODE_ENABLED) { | ||
(0, utils_1.logDebug)("FIPS mode is enabled, so sending metrics via the Datadog API is not possible. (1) Install the extension, (2) enable log forwarding, or (3) disable FIPS mode."); | ||
return; | ||
} | ||
// Add global tags to metrics sent to the API | ||
if (this.globalTags !== undefined && this.globalTags.length > 0) { | ||
tags = __spreadArray(__spreadArray([], __read(tags), false), __read(this.globalTags), false); | ||
} | ||
var dist = new (model_1.Distribution.bind.apply(model_1.Distribution, __spreadArray([void 0, name, [{ timestamp: metricTime, value: value }]], __read(tags), false)))(); | ||
@@ -267,5 +257,3 @@ if (!this.apiKey) { | ||
} | ||
// The Extension doesn't support distribution metrics with timestamps. Use sendDistributionMetricWithDate instead. | ||
var metricTime = this.isExtensionRunning ? new Date(0) : new Date(Date.now()); | ||
this.sendDistributionMetricWithDate.apply(this, __spreadArray([name, value, metricTime, forceAsync], __read(tags), false)); | ||
this.sendDistributionMetricWithDate.apply(this, __spreadArray([name, value, new Date(), forceAsync], __read(tags), false)); | ||
}; | ||
@@ -297,3 +285,3 @@ MetricsListener.prototype.createProcessor = function (config, apiKey) { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var error_2, SecretsManager, secretRegion, lambdaRegion, isGovRegion, secretsManager, secret, error_3; | ||
var error_2, SecretsManager, secretRegion, secretsManager, secret, error_3; | ||
return __generator(this, function (_b) { | ||
@@ -324,6 +312,4 @@ switch (_b.label) { | ||
secretRegion = config.apiKeySecretARN.split(":")[3]; | ||
lambdaRegion = process.env.AWS_REGION; | ||
isGovRegion = lambdaRegion !== undefined && lambdaRegion.startsWith("us-gov-"); | ||
secretsManager = new SecretsManager({ | ||
useFipsEndpoint: isGovRegion, | ||
useFipsEndpoint: fips_1.FIPS_MODE_ENABLED, | ||
region: secretRegion, | ||
@@ -330,0 +316,0 @@ }); |
@@ -8,3 +8,3 @@ "use strict"; | ||
// Date.now() returns Unix time in milliseconds, we convert to seconds for DD API submission | ||
e: metricTime.getTime() / 1000, | ||
e: Math.floor(metricTime.getTime() / 1000), | ||
m: name, | ||
@@ -11,0 +11,0 @@ t: tags, |
@@ -89,6 +89,7 @@ "use strict"; | ||
TraceContextExtractor.prototype.getTraceEventExtractor = function (event) { | ||
var _a; | ||
var _a, _b; | ||
if (!event || typeof event !== "object") | ||
return; | ||
if (event.headers !== null && typeof event.headers === "object") { | ||
var headers = (_a = event.headers) !== null && _a !== void 0 ? _a : event.multiValueHeaders; | ||
if (headers !== null && typeof headers === "object") { | ||
return new extractors_1.HTTPEventTraceExtractor(this.tracerWrapper, this.config.decodeAuthorizerContext); | ||
@@ -110,3 +111,3 @@ } | ||
return new extractors_1.EventBridgeEventTraceExtractor(this.tracerWrapper); | ||
if ((_a = this.stepFunctionContextService) === null || _a === void 0 ? void 0 : _a.context) | ||
if ((_b = this.stepFunctionContextService) === null || _b === void 0 ? void 0 : _b.context) | ||
return new extractors_1.StepFunctionEventTraceExtractor(); | ||
@@ -113,0 +114,0 @@ return; |
@@ -13,2 +13,18 @@ "use strict"; | ||
}; | ||
var __read = (this && this.__read) || function (o, n) { | ||
var m = typeof Symbol === "function" && o[Symbol.iterator]; | ||
if (!m) return o; | ||
var i = m.call(o), r, ar = [], e; | ||
try { | ||
while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value); | ||
} | ||
catch (error) { e = { error: error }; } | ||
finally { | ||
try { | ||
if (r && !r.done && (m = i["return"])) m.call(i); | ||
} | ||
finally { if (e) throw e.error; } | ||
} | ||
return ar; | ||
}; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
@@ -35,2 +51,3 @@ exports.HTTPEventTraceExtractor = exports.HTTPEventSubType = exports.AUTHORIZING_REQUEST_ID_HEADER = void 0; | ||
var e_1, _a; | ||
var _b, _c; | ||
if (this.decodeAuthorizerContext) { | ||
@@ -55,8 +72,15 @@ // need to set the trace context if using authorizer lambda in authorizing (non-cached) cases | ||
} | ||
var headers = event.headers; | ||
var headers = (_b = event.headers) !== null && _b !== void 0 ? _b : event.multiValueHeaders; | ||
var lowerCaseHeaders = {}; | ||
try { | ||
for (var _b = __values(Object.keys(headers)), _c = _b.next(); !_c.done; _c = _b.next()) { | ||
var key = _c.value; | ||
lowerCaseHeaders[key.toLowerCase()] = headers[key]; | ||
for (var _d = __values(Object.entries(headers)), _e = _d.next(); !_e.done; _e = _d.next()) { | ||
var _f = __read(_e.value, 2), key = _f[0], val = _f[1]; | ||
if (Array.isArray(val)) { | ||
// MultiValueHeaders: take the first value | ||
lowerCaseHeaders[key.toLowerCase()] = (_c = val[0]) !== null && _c !== void 0 ? _c : ""; | ||
} | ||
else if (typeof val === "string") { | ||
// Single‐value header | ||
lowerCaseHeaders[key.toLowerCase()] = val; | ||
} | ||
} | ||
@@ -67,3 +91,3 @@ } | ||
try { | ||
if (_c && !_c.done && (_a = _b.return)) _a.call(_b); | ||
if (_e && !_e.done && (_a = _d.return)) _a.call(_d); | ||
} | ||
@@ -70,0 +94,0 @@ finally { if (e_1) throw e_1.error; } |
{ | ||
"name": "datadog-lambda-js", | ||
"version": "10.124.0", | ||
"version": "11.125.0", | ||
"description": "Lambda client library that supports hybrid tracing in node js", | ||
@@ -32,3 +32,3 @@ "main": "dist/index.js", | ||
"@types/shimmer": "^1.0.1", | ||
"dd-trace": "^5.44.0", | ||
"dd-trace": "^5.51.0", | ||
"jest": "^27.0.1", | ||
@@ -45,3 +45,2 @@ "mock-fs": "4.14.0", | ||
"dc-polyfill": "^0.1.3", | ||
"hot-shots": "8.5.0", | ||
"promise-retry": "^2.0.1", | ||
@@ -48,0 +47,0 @@ "serialize-error": "^8.1.0", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
580283
2.25%5
-16.67%250
3.31%7948
2.41%- Removed
- Removed
- Removed
- Removed
- Removed
- Removed