Compute and set http endpoint when route is not available (#6861)

Author: IlyasShabi

benchmark/core.js

@@ -28,6 +28,7 @@ const Histogram = require('../packages/dd-trace/src/histogram')
 const histogram = new Histogram()
 const runtimeMetrics = require('../packages/dd-trace/src/runtime_metrics')
 const log = require('../packages/dd-trace/src/log')
+const { calculateHttpEndpoint } = require('../packages/dd-trace/src/plugins/util/url')
 
 const encoder04 = new Agent04Encoder({ flush: () => encoder04.makePayload() })
 const encoder05 = new Agent05Encoder({ flush: () => encoder05.makePayload() })
@@ -202,5 +203,35 @@ suite
       log.debug(() => (new Error('boom')).message)
     }
   })
+  .add('calculateHttpEndpoint (simple)', {
+    fn () {
+      calculateHttpEndpoint('/api/users')
+    }
+  })
+  .add('calculateHttpEndpoint (with integers)', {
+    fn () {
+      calculateHttpEndpoint('/api/users/12345/posts/67890')
+    }
+  })
+  .add('calculateHttpEndpoint (with hex)', {
+    fn () {
+      calculateHttpEndpoint('/api/sessions/a1b2c3d4e5f6/data')
+    }
+  })
+  .add('calculateHttpEndpoint (mixed patterns)', {
+    fn () {
+      calculateHttpEndpoint('/v1/users/123/sessions/a1b2c3/orders/456-789')
+    }
+  })
+  .add('calculateHttpEndpoint (deep path)', {
+    fn () {
+      calculateHttpEndpoint('/a/b/c/d/e/f/g/h/i/j/k/l/m')
+    }
+  })
+  .add('calculateHttpEndpoint (full URL)', {
+    fn () {
+      calculateHttpEndpoint('https://api.example.com:8080/v2/products/98765/reviews')
+    }
+  })
 
 suite.run()

ext/tags.d.ts

@@ -15,6 +15,7 @@ declare const tags: {
   HTTP_METHOD: 'http.method'
   HTTP_STATUS_CODE: 'http.status_code'
   HTTP_ROUTE: 'http.route'
+  HTTP_ENDPOINT: 'http.endpoint'
   HTTP_REQUEST_HEADERS: 'http.request.headers'
   HTTP_RESPONSE_HEADERS: 'http.response.headers'
   HTTP_USERAGENT: 'http.useragent',

ext/tags.js

@@ -20,6 +20,7 @@ const tags = {
   HTTP_METHOD: 'http.method',
   HTTP_STATUS_CODE: 'http.status_code',
   HTTP_ROUTE: 'http.route',
+  HTTP_ENDPOINT: 'http.endpoint',
   HTTP_REQUEST_HEADERS: 'http.request.headers',
   HTTP_RESPONSE_HEADERS: 'http.response.headers',
   HTTP_USERAGENT: 'http.useragent',

packages/datadog-plugin-http/test/http_endpoint.spec.js

@@ -0,0 +1,112 @@
+'use strict'
+
+const axios = require('axios')
+const { expect } = require('chai')
+const { describe, it, beforeEach, afterEach, before } = require('mocha')
+
+const agent = require('../../dd-trace/test/plugins/agent')
+
+describe('Plugin', () => {
+  let http
+  let listener
+  let appListener
+  let port
+  let app
+
+  ['http', 'node:http'].forEach(pluginToBeLoaded => {
+    describe(`${pluginToBeLoaded}/server`, () => {
+      describe('http.endpoint', () => {
+        before(() => {
+          // Needed when this spec file run together with other spec files, in which case the agent config is not
+          // re-loaded unless the existing agent is wiped first.
+          // And we need the agent config to be re-loaded in order to enable appsec.
+          agent.wipe()
+        })
+
+        beforeEach(async () => {
+          return agent.load('http', {}, { appsec: { enabled: true } })
+            .then(() => {
+              http = require(pluginToBeLoaded)
+            })
+        })
+
+        afterEach(() => {
+          appListener && appListener.close()
+          return agent.close({ ritmReset: false })
+        })
+
+        beforeEach(() => {
+          app = null
+          listener = (req, res) => {
+            app && app(req, res)
+            res.writeHead(200)
+            res.end()
+          }
+        })
+
+        beforeEach(done => {
+          const server = new http.Server(listener)
+          appListener = server
+            .listen(0, 'localhost', () => {
+              port = appListener.address().port
+              done()
+            })
+        })
+
+        it('should set http.endpoint with int when no route is available', done => {
+          agent
+            .assertSomeTraces(traces => {
+              expect(traces[0][0]).to.have.property('name', 'web.request')
+              expect(traces[0][0].meta).to.have.property('http.url', `http://localhost:${port}/users/123`)
+              expect(traces[0][0].meta).to.not.have.property('http.route')
+              expect(traces[0][0].meta).to.have.property('http.endpoint', '/users/{param:int}')
+            })
+            .then(done)
+            .catch(done)
+
+          axios.get(`http://localhost:${port}/users/123`).catch(done)
+        })
+
+        it('should set http.endpoint with int_id when no route is available', done => {
+          agent
+            .assertSomeTraces(traces => {
+              expect(traces[0][0]).to.have.property('name', 'web.request')
+              expect(traces[0][0].meta).to.not.have.property('http.route')
+              expect(traces[0][0].meta).to.have.property('http.endpoint', '/resources/{param:int_id}')
+            })
+            .then(done)
+            .catch(done)
+
+          axios.get(`http://localhost:${port}/resources/123-456`).catch(done)
+        })
+
+        it('should set http.endpoint with hex when no route is available', done => {
+          agent
+            .assertSomeTraces(traces => {
+              expect(traces[0][0]).to.have.property('name', 'web.request')
+              expect(traces[0][0].meta).to.have.property('http.url', `http://localhost:${port}/orders/abc123`)
+              expect(traces[0][0].meta).to.not.have.property('http.route')
+              expect(traces[0][0].meta).to.have.property('http.endpoint', '/orders/{param:hex}')
+            })
+            .then(done)
+            .catch(done)
+
+          axios.get(`http://localhost:${port}/orders/abc123`).catch(done)
+        })
+
+        it('should set http.endpoint with hex_id when no route is available', done => {
+          agent
+            .assertSomeTraces(traces => {
+              expect(traces[0][0]).to.have.property('name', 'web.request')
+              expect(traces[0][0].meta).to.not.have.property('http.route')
+              expect(traces[0][0].meta).to.have.property('http.endpoint', '/resources/{param:hex_id}')
+            })
+            .then(done)
+            .catch(done)
+
+          axios.get(`http://localhost:${port}/resources/abc-123`).catch(done)
+        })
+      })
+    })
+  })
+})

packages/dd-trace/src/appsec/reporter.js

@@ -546,10 +546,6 @@ function finishRequest (req, res, storedResponseHeaders, requestBody) {
     reportRequestBody(rootSpan, requestBody)
   }
 
-  if (tags['appsec.event'] === 'true' && typeof req.route?.path === 'string') {
-    newTags['http.endpoint'] = req.route.path
-  }
-
   rootSpan.addTags(newTags)
 }
 

packages/dd-trace/src/config.js

@@ -545,6 +545,7 @@ class Config {
       DD_TRACE_RATE_LIMIT,
       DD_TRACE_REMOVE_INTEGRATION_SERVICE_NAMES_ENABLED,
       DD_TRACE_REPORT_HOSTNAME,
+      DD_TRACE_RESOURCE_RENAMING_ENABLED,
       DD_TRACE_SAMPLE_RATE,
       DD_TRACE_SAMPLING_RULES,
       DD_TRACE_SCOPE,
@@ -829,6 +830,9 @@ class Config {
     target['remoteConfig.pollInterval'] = maybeFloat(DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS)
     unprocessedTarget['remoteConfig.pollInterval'] = DD_REMOTE_CONFIG_POLL_INTERVAL_SECONDS
     this.#setBoolean(target, 'reportHostname', DD_TRACE_REPORT_HOSTNAME)
+    if (DD_TRACE_RESOURCE_RENAMING_ENABLED !== undefined) {
+      this.#setBoolean(target, 'resourceRenamingEnabled', DD_TRACE_RESOURCE_RENAMING_ENABLED)
+    }
     // only used to explicitly set runtimeMetrics to false
     const otelSetRuntimeMetrics = String(OTEL_METRICS_EXPORTER).toLowerCase() === 'none'
       ? false
@@ -1254,6 +1258,15 @@ class Config {
     this.#setBoolean(calc, 'isGitUploadEnabled',
       calc.isIntelligentTestRunnerEnabled && !isFalse(getEnv('DD_CIVISIBILITY_GIT_UPLOAD_ENABLED')))
 
+    // Enable resourceRenamingEnabled when appsec is enabled and only
+    // if DD_TRACE_RESOURCE_RENAMING_ENABLED is not explicitly set
+    if (this.#env.resourceRenamingEnabled === undefined) {
+      const appsecEnabled = this.#options['appsec.enabled'] ?? this.#env['appsec.enabled']
+      if (appsecEnabled) {
+        this.#setBoolean(calc, 'resourceRenamingEnabled', true)
+      }
+    }
+
     this.#setBoolean(calc, 'spanComputePeerService', this.#getSpanComputePeerService())
     this.#setBoolean(calc, 'stats.enabled', this.#isTraceStatsComputationEnabled())
     const defaultPropagationStyle = this.#getDefaultPropagationStyle(this.#optionsArg)

packages/dd-trace/src/config_defaults.js

@@ -169,6 +169,7 @@ module.exports = {
   'remoteConfig.enabled': true,
   'remoteConfig.pollInterval': 5, // seconds
   reportHostname: false,
+  resourceRenamingEnabled: false,
   'runtimeMetrics.enabled': false,
   'runtimeMetrics.eventLoop': true,
   'runtimeMetrics.gc': true,

packages/dd-trace/src/encode/span-stats.js

@@ -31,7 +31,7 @@ class SpanStatsEncoder extends AgentEncoder {
   }
 
   _encodeStat (bytes, stat) {
-    this._encodeMapPrefix(bytes, 12)
+    this._encodeMapPrefix(bytes, 14)
 
     this._encodeString(bytes, 'Service')
     const service = stat.Service || DEFAULT_SERVICE_NAME
@@ -70,6 +70,12 @@ class SpanStatsEncoder extends AgentEncoder {
 
     this._encodeString(bytes, 'TopLevelHits')
     this._encodeLong(bytes, stat.TopLevelHits)
+
+    this._encodeString(bytes, 'HTTPMethod')
+    this._encodeString(bytes, stat.HTTPMethod)
+
+    this._encodeString(bytes, 'HTTPEndpoint')
+    this._encodeString(bytes, stat.HTTPEndpoint)
   }
 
   _encodeBucket (bytes, bucket) {

packages/dd-trace/src/plugin_manager.js

@@ -165,7 +165,8 @@ module.exports = class PluginManager {
       traceWebsocketMessagesEnabled,
       traceWebsocketMessagesInheritSampling,
       traceWebsocketMessagesSeparateTraces,
-      experimental
+      experimental,
+      resourceRenamingEnabled
     } = this._tracerConfig
 
     const sharedConfig = {
@@ -184,7 +185,8 @@ module.exports = class PluginManager {
       traceWebsocketMessagesEnabled,
       traceWebsocketMessagesInheritSampling,
       traceWebsocketMessagesSeparateTraces,
-      experimental
+      experimental,
+      resourceRenamingEnabled
     }
 
     if (logInjection !== undefined) {

packages/dd-trace/src/plugins/util/url.js

@@ -2,6 +2,118 @@
 
 const { URL } = require('url')
 
+const HTTP2_HEADER_AUTHORITY = ':authority'
+const HTTP2_HEADER_SCHEME = ':scheme'
+const HTTP2_HEADER_PATH = ':path'
+
+const PATH_REGEX = /^(?:[a-z]+:\/\/(?:[^?/]+))?(?<path>\/[^?]*)(?:(\?).*)?$/
+
+const INT_SEGMENT = /^[1-9][0-9]+$/ // Integer of size at least 2 (>=10)
+const INT_ID_SEGMENT = /^(?=.*[0-9].*)[0-9._-]{3,}$/ // Mixed string with digits and delimiters
+const HEX_SEGMENT = /^(?=.*[0-9].*)[A-Fa-f0-9]{6,}$/ // Hexadecimal digits of size at least 6 with at least one decimal digit
+const HEX_ID_SEGMENT = /^(?=.*[0-9].*)[A-Fa-f0-9._-]{6,}$/ // Mixed string with hex digits and delimiters
+const STRING_SEGMENT = /^.{20,}|.*[%&'()*+,:=@].*$/ // Long string or a string containing special characters
+
+/**
+ * Extract full URL from HTTP request
+ * @param {import('http').IncomingMessage} req
+ * @returns {string} Full URL
+ */
+function extractURL (req) {
+  const headers = req.headers
+
+  if (req.stream) {
+    return `${headers[HTTP2_HEADER_SCHEME]}://${headers[HTTP2_HEADER_AUTHORITY]}${headers[HTTP2_HEADER_PATH]}`
+  }
+
+  const protocol = getProtocol(req)
+  return `${protocol}://${req.headers.host}${req.originalUrl || req.url}`
+}
+
+function getProtocol (req) {
+  return (req.socket?.encrypted || req.connection?.encrypted) ? 'https' : 'http'
+}
+
+/**
+ * Obfuscate query string
+ *
+ * @param {object} config
+ * @param {string} url
+ * @returns {string} obfuscated URL
+ */
+function obfuscateQs (config, url) {
+  const { queryStringObfuscation } = config
+
+  if (queryStringObfuscation === false) return url
+
+  const i = url.indexOf('?')
+  if (i === -1) return url
+
+  const path = url.slice(0, i)
+  if (queryStringObfuscation === true) return path
+
+  let qs = url.slice(i + 1)
+
+  qs = qs.replace(queryStringObfuscation, '<redacted>')
+
+  return `${path}?${qs}`
+}
+
+/**
+ * Extract URL path from URL using regex pattern instead of Node.js URL API because:
+ *
+ * - Handles edge cases like malformed URLs
+ * - Works with relative paths
+ * - Cross tracers compatibility
+ *
+ * @param {string} url
+ * @returns {string} Url path
+ */
+function extractPathFromUrl (url) {
+  if (!url) return '/'
+  const match = url.match(PATH_REGEX)
+
+  return match?.groups?.path || '/'
+}
+
+/**
+ * Calculate http.endpoint from URL path
+ *
+ * @param {string} url
+ * @returns {string} The normalized endpoint
+ */
+function calculateHttpEndpoint (url) {
+  const path = extractPathFromUrl(url)
+
+  // Split path by '/' and filter empty elements
+  const elements = path.split('/').filter(Boolean)
+
+  // Keep only first 8 non-empty elements
+  const limitedElements = elements.slice(0, 8)
+
+  // Apply regex replacements to each element respecting this order
+  const normalizedElements = limitedElements.map(element => {
+    if (INT_SEGMENT.test(element)) return '{param:int}'
+
+    if (INT_ID_SEGMENT.test(element)) return '{param:int_id}'
+
+    if (HEX_SEGMENT.test(element)) return '{param:hex}'
+
+    if (HEX_ID_SEGMENT.test(element)) return '{param:hex_id}'
+
+    if (STRING_SEGMENT.test(element)) return '{param:str}'
+
+    // No match
+    return element
+  })
+
+  const endpoint = normalizedElements.length > 0
+    ? '/' + normalizedElements.join('/')
+    : '/'
+
+  return endpoint
+}
+
 function filterSensitiveInfoFromRepository (repositoryUrl) {
   if (!repositoryUrl) {
     return ''
@@ -25,4 +137,10 @@ function filterSensitiveInfoFromRepository (repositoryUrl) {
   }
 }
 
-module.exports = { filterSensitiveInfoFromRepository }
+module.exports = {
+  extractURL,
+  obfuscateQs,
+  calculateHttpEndpoint,
+  filterSensitiveInfoFromRepository,
+  extractPathFromUrl // test only
+}