Skip to content

Untrusted deserialization vulnerability detection #16496

Untrusted deserialization vulnerability detection

Untrusted deserialization vulnerability detection #16496

Workflow file for this run

name: Project
on:
pull_request:
push:
branches: [master]
schedule:
- cron: "0 4 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
jobs:
integration:
strategy:
# when one version fails, say 14, all the other versions are stopped
# setting fail-fast to false in an attempt to prevent this from happening
fail-fast: false
matrix:
version: [18, 20, 22, latest]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.version }}
# Disable core dumps since some integration tests intentionally abort and core dump generation takes around 5-10s
- uses: ./.github/actions/install
- run: sudo sysctl -w kernel.core_pattern='|/bin/false'
- run: yarn test:integration
# We'll run these separately for earlier (i.e. unsupported) versions
integration-guardrails:
strategy:
matrix:
version: [12, 14.0.0, 14, 16.0.0, 16, 18.0.0, 18.1.0, 20.0.0, 22.0.0]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.version }}
- uses: ./.github/actions/install
- run: node node_modules/.bin/mocha --colors --timeout 30000 integration-tests/init.spec.js
integration-guardrails-unsupported:
strategy:
matrix:
version: ['0.8', '0.10', '0.12', '4', '6', '8', '10', '12.0.0']
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.version }}
- run: node ./init
- run: node ./init
env:
DD_INJECTION_ENABLED: 'true'
integration-ci:
strategy:
matrix:
version: [18, latest]
framework: [cucumber, playwright, selenium, jest, mocha]
runs-on: ubuntu-latest
env:
DD_SERVICE: dd-trace-js-integration-tests
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.version }}
- name: Install Google Chrome
run: |
sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
if [ $? -ne 0 ]; then echo "Failed to add Google key"; exit 1; fi
sudo apt-get update
sudo apt-get install -y google-chrome-stable
if [ $? -ne 0 ]; then echo "Failed to install Google Chrome"; exit 1; fi
if: ${{ matrix.framework == 'selenium' }}
- name: Install ChromeDriver
run: |
export CHROME_VERSION=$(google-chrome --version)
CHROME_DRIVER_DOWNLOAD_URL=$(node --experimental-fetch scripts/get-chrome-driver-download-url.js)
wget -q "$CHROME_DRIVER_DOWNLOAD_URL"
if [ $? -ne 0 ]; then echo "Failed to download ChromeDriver"; exit 1; fi
unzip chromedriver-linux64.zip
sudo mv chromedriver-linux64/chromedriver /usr/bin/chromedriver
sudo chmod +x /usr/bin/chromedriver
if: ${{ matrix.framework == 'selenium' }}
- uses: ./.github/actions/install
- run: yarn test:integration:${{ matrix.framework }}
env:
NODE_OPTIONS: '-r ./ci/init'
integration-cypress:
strategy:
matrix:
# Important: This is outside the minimum supported version of dd-trace-js
# Node > 16 does not work with [email protected] (not even without our plugin)
# TODO: figure out what to do with this: we might have to deprecate support for [email protected]
version: [16, latest]
# 6.7.0 is the minimum version we support
cypress-version: [6.7.0, latest]
module-type: ['commonJS', 'esm']
runs-on: ubuntu-latest
env:
DD_SERVICE: dd-trace-js-integration-tests
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/node/setup
- uses: ./.github/actions/install
- uses: actions/setup-node@v3
with:
node-version: ${{ matrix.version }}
- run: yarn config set ignore-engines true
- run: yarn test:integration:cypress --ignore-engines
env:
CYPRESS_VERSION: ${{ matrix.cypress-version }}
NODE_OPTIONS: '-r ./ci/init'
CYPRESS_MODULE_TYPE: ${{ matrix.module-type }}
integration-vitest:
runs-on: ubuntu-latest
env:
DD_SERVICE: dd-trace-js-integration-tests
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/node/setup
- uses: ./.github/actions/install
- uses: actions/setup-node@v3
with:
node-version: 20
- run: yarn test:integration:vitest
env:
NODE_OPTIONS: '-r ./ci/init'
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/node/setup
- uses: ./.github/actions/install
- run: yarn lint
typescript:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/node/setup
- uses: ./.github/actions/install
- run: yarn type:test
- run: yarn type:doc
verify-yaml:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/node/setup
- uses: ./.github/actions/install
- run: node scripts/verify-ci-config.js