Fix invalid DBM Propagation Mode breaking mysql/mysql2 plugin #4140
+84
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
============================================================= At time of writing, the [documentation for the NodeJS tracing library](https://docs.datadoghq.com/database_monitoring/connect_dbm_and_apm/?tab=nodejs) on the DataDog website states that to switch off DBM Propagation in the tracing of database calls, the mode should be set to the value `none`. This, however, leads to terminal hanging in the use of the mysql/mysql2 Node modules. In debugging this, I determined that the documented value of `none` is no longer valid and the value `disabled` should be used instead. While this is clearly a documentation inconsistency, the fact that the plugin does not handle an unexpected value for `mode` leads to a break in functionality when `dd-trace` is upgraded from version `1.7`, when this value presumably changed. This bug is caused by the unrecognized value - in this case `none` - falling through the database plugin's `injectDbmQuery` function without returning a query. Therefore, this commit accommodatesthe old/documented value of `none` that disables propagation as well as defaults the behavior of the function to return the query unmolested in the event that an invalid value is used in future. I could not see any unit tests for this, but this has been tested "in the wild" to success within my own test setups, and should be easily backported to previous versions. I also suggest that the documentation linked above is updated to reflect the "proper" value.
|
related to #4139 |
choult
changed the title
choult
changed the title
|
You can find DBM-related tests in each database plugin. For example, here's the mysql tests for DBM: https://github.com/DataDog/dd-trace-js/blob/master/packages/datadog-plugin-mysql/test/index.spec.js#L361 |
|
Perfect, thanks @Qard, will dig in properly then |
kai-thomas-datadog
added a commit
to DataDog/documentation
that referenced
this pull request
Mar 6, 2024
DataDog/dd-trace-js#4140 DataDog/dd-trace-js#4139 this is an issue for customer since a few versions ago, and the doc is causing confusion and errors.
1 task
cswatt
pushed a commit
to DataDog/documentation
that referenced
this pull request
Mar 6, 2024
DataDog/dd-trace-js#4140 DataDog/dd-trace-js#4139 this is an issue for customer since a few versions ago, and the doc is causing confusion and errors.
…hould not be functionally different, and should let the SQL through
|
@Qard I have been utterly unable to:
I have updated the MySQL tests to cover this scenario, hoping that they suffice. |
|
hey @choult, thanks for your contribution! It looks like the |
Well that's embarrassing - backticks for strings? I must have been in Markdown mode for half a second... moar coffeeeeee! |
) * Avoid run sequelize plugin test with non compatible mysql2 * Avoid run sequelize plugin test with non compatible mysql2 * Fix typo * Fix typo * Add comment with the test combination constraint explanation * Update packages/dd-trace/test/appsec/iast/analyzers/sql-injection-analyzer.sequelize.plugin.spec.js Co-authored-by: simon-id <simon.id@datadoghq.com> --------- Co-authored-by: simon-id <simon.id@datadoghq.com>
* Emit an event when profiles are submitted * Emit span start event * Emit an app-closing event so telemetry users can publish final metrics * SSI Telemetry class * Telemetry mock profiler
Because commas are normalized to underscores in backend anyway.
jbertran
approved these changes
Apr 12, 2024
juan-fernandez
approved these changes
Apr 19, 2024
Qard
approved these changes
Apr 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fixes #4139
At time of writing, the documentation for the NodeJS tracing library on the DataDog website states that to switch off DBM Propagation in the tracing of database calls, the mode should be set to the value
none.This, however, leads to terminal hanging in the use of the mysql/mysql2 Node modules.
In debugging this, I determined that the documented value of
noneis no longer valid and the valuedisabledshould be used instead. While this is clearly a documentation inconsistency, the fact that the plugin does not handle an unexpected value formodeleads to a break in functionality whendd-traceis upgraded from version1.7, when this value was introduced.This bug is caused by the unrecognized value - in this case
none- falling through the database plugin'sinjectDbmQueryfunction without returning a query.Therefore, this commit accommodatesthe old/documented value of
nonethat disables propagation as well as defaults the behavior of the function to return the query unmolested in the event that an invalid value is used in future.I could not see any unit tests for this, but this has been tested "in the wild" to success within my own test setups, and should be easily backported to previous versions.
Additional Notes
I also suggest that the documentation linked above is updated to reflect the "proper" value.
Security
Datadog employees:
@DataDog/security-design-and-guidance.Unsure? Have a question? Request a review!