-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix invalid DBM Propagation Mode breaking mysql/mysql2 plugin #4140
base: master
Are you sure you want to change the base?
Conversation
============================================================= At time of writing, the [documentation for the NodeJS tracing library](https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm/?tab=nodejs) on the DataDog website states that to switch off DBM Propagation in the tracing of database calls, the mode should be set to the value `none`. This, however, leads to terminal hanging in the use of the mysql/mysql2 Node modules. In debugging this, I determined that the documented value of `none` is no longer valid and the value `disabled` should be used instead. While this is clearly a documentation inconsistency, the fact that the plugin does not handle an unexpected value for `mode` leads to a break in functionality when `dd-trace` is upgraded from version `1.7`, when this value presumably changed. This bug is caused by the unrecognized value - in this case `none` - falling through the database plugin's `injectDbmQuery` function without returning a query. Therefore, this commit accommodatesthe old/documented value of `none` that disables propagation as well as defaults the behavior of the function to return the query unmolested in the event that an invalid value is used in future. I could not see any unit tests for this, but this has been tested "in the wild" to success within my own test setups, and should be easily backported to previous versions. I also suggest that the documentation linked above is updated to reflect the "proper" value.
related to #4139 |
You can find DBM-related tests in each database plugin. For example, here's the mysql tests for DBM: https://github.com/DataDog/dd-trace-js/blob/master/packages/datadog-plugin-mysql/test/index.spec.js#L361 |
Perfect, thanks @Qard, will dig in properly then |
DataDog/dd-trace-js#4140 DataDog/dd-trace-js#4139 this is an issue for customer since a few versions ago, and the doc is causing confusion and errors.
DataDog/dd-trace-js#4140 DataDog/dd-trace-js#4139 this is an issue for customer since a few versions ago, and the doc is causing confusion and errors.
…hould not be functionally different, and should let the SQL through
@Qard I have been utterly unable to:
I have updated the MySQL tests to cover this scenario, hoping that they suffice. |
hey @choult, thanks for your contribution! It looks like the |
Well that's embarrassing - backticks for strings? I must have been in Markdown mode for half a second... moar coffeeeeee! |
) * Avoid run sequelize plugin test with non compatible mysql2 * Avoid run sequelize plugin test with non compatible mysql2 * Fix typo * Fix typo * Add comment with the test combination constraint explanation * Update packages/dd-trace/test/appsec/iast/analyzers/sql-injection-analyzer.sequelize.plugin.spec.js Co-authored-by: simon-id <simon.id@datadoghq.com> --------- Co-authored-by: simon-id <simon.id@datadoghq.com>
* Emit an event when profiles are submitted * Emit span start event * Emit an app-closing event so telemetry users can publish final metrics * SSI Telemetry class * Telemetry mock profiler
Because commas are normalized to underscores in backend anyway.
What does this PR do?
Fixes #4139
At time of writing, the documentation for the NodeJS tracing library on the DataDog website states that to switch off DBM Propagation in the tracing of database calls, the mode should be set to the value
none
.This, however, leads to terminal hanging in the use of the mysql/mysql2 Node modules.
In debugging this, I determined that the documented value of
none
is no longer valid and the valuedisabled
should be used instead. While this is clearly a documentation inconsistency, the fact that the plugin does not handle an unexpected value formode
leads to a break in functionality whendd-trace
is upgraded from version1.7
, when this value was introduced.This bug is caused by the unrecognized value - in this case
none
- falling through the database plugin'sinjectDbmQuery
function without returning a query.Therefore, this commit accommodatesthe old/documented value of
none
that disables propagation as well as defaults the behavior of the function to return the query unmolested in the event that an invalid value is used in future.I could not see any unit tests for this, but this has been tested "in the wild" to success within my own test setups, and should be easily backported to previous versions.
Additional Notes
I also suggest that the documentation linked above is updated to reflect the "proper" value.
Security
Datadog employees:
@DataDog/security-design-and-guidance
.Unsure? Have a question? Request a review!