Skip to content

Commit

Permalink
fix signature tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@wconti27
wconti27 committed Jan 3, 2025
1 parent 7b07cce commit fc1e874
Show file tree
Hide file tree
Showing 4 changed files with 260 additions and 1 deletion.
50 changes: 50 additions & 0 deletions packages/datadog-plugin-fetch/test/index.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,56 @@ describe('Plugin', () => {
})
})

it('should skip injecting if the Authorization header contains an AWS signature', done => {
const app = express()

app.get('/', (req, res) => {
try {
expect(req.get('x-datadog-trace-id')).to.be.undefined
expect(req.get('x-datadog-parent-id')).to.be.undefined

res.status(200).send()

done()
} catch (e) {
done(e)
}
})

appListener = server(app, port => {
fetch(`http://localhost:${port}/`, {
headers: {
Authorization: 'AWS4-HMAC-SHA256 ...'
}
})
})
})

it('should skip injecting if one of the Authorization headers contains an AWS signature', done => {
const app = express()

app.get('/', (req, res) => {
try {
expect(req.get('x-datadog-trace-id')).to.be.undefined
expect(req.get('x-datadog-parent-id')).to.be.undefined

res.status(200).send()

done()
} catch (e) {
done(e)
}
})

appListener = server(app, port => {
fetch(`http://localhost:${port}/`, {
headers: {
Authorization: ['AWS4-HMAC-SHA256 ...']
}
})
})
})

it('should skip injecting if the X-Amz-Signature header is set', done => {
const app = express()

Expand Down
47 changes: 46 additions & 1 deletion packages/datadog-plugin-http/src/client.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class HttpClientPlugin extends ClientPlugin {
span._spanContext._trace.record = false
}

if (this.config.propagationFilter(uri)) {
if (this.shouldInjectTraceHeaders(options, uri)) {
this.tracer.inject(span, HTTP_HEADERS, options.headers)
}

Expand All @@ -71,6 +71,22 @@ class HttpClientPlugin extends ClientPlugin {
return message.currentStore
}

shouldInjectTraceHeaders (options, uri) {
if (hasAmazonSignature(options) && !this.tracer._hasPropagationStyle('inject', 'xray')) {
log.debug(
'AWS Signature detected on HTTP request, skipping injecting headers. To enable header injection' +
' for signed AWS requests, please set DD_TRACE_PROPAGATION_STYLE=["xray", "datadog"]'
)
return false
}

if (!this.config.propagationFilter(uri)) {
return false
}

return true
}

bindAsyncStart ({ parentStore }) {
return parentStore
}
Expand Down Expand Up @@ -200,6 +216,31 @@ function getHooks (config) {
return { request }
}

function hasAmazonSignature (options) {
if (!options) {
return false
}

if (options.headers) {
const headers = Object.keys(options.headers)
.reduce((prev, next) => Object.assign(prev, {
[next.toLowerCase()]: options.headers[next]
}), {})

if (headers['x-amz-signature']) {
return true
}

if ([].concat(headers.authorization).some(startsWith('AWS4-HMAC-SHA256'))) {
return true
}
}

const search = options.search || options.path

return search && search.toLowerCase().indexOf('x-amz-signature=') !== -1
}

function extractSessionDetails (options) {
if (typeof options === 'string') {
return new URL(options).host
Expand All @@ -211,4 +252,8 @@ function extractSessionDetails (options) {
return { host, port }
}

function startsWith (searchString) {
return value => String(value).startsWith(searchString)
}

module.exports = HttpClientPlugin
100 changes: 100 additions & 0 deletions packages/datadog-plugin-http/test/client.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -446,6 +446,62 @@ describe('Plugin', () => {
})
})

it('should skip injecting if the Authorization header contains an AWS signature', done => {
const app = express()

app.get('/', (req, res) => {
try {
expect(req.get('x-datadog-trace-id')).to.be.undefined
expect(req.get('x-datadog-parent-id')).to.be.undefined

res.status(200).send()

done()
} catch (e) {
done(e)
}
})

appListener = server(app, port => {
const req = http.request({
port,
headers: {
Authorization: 'AWS4-HMAC-SHA256 ...'
}
})

req.end()
})
})

it('should skip injecting if one of the Authorization headers contains an AWS signature', done => {
const app = express()

app.get('/', (req, res) => {
try {
expect(req.get('x-datadog-trace-id')).to.be.undefined
expect(req.get('x-datadog-parent-id')).to.be.undefined

res.status(200).send()

done()
} catch (e) {
done(e)
}
})

appListener = server(app, port => {
const req = http.request({
port,
headers: {
Authorization: ['AWS4-HMAC-SHA256 ...']
}
})

req.end()
})
})

it('should skip injecting if the X-Amz-Signature header is set', done => {
const app = express()

Expand Down Expand Up @@ -1037,6 +1093,50 @@ describe('Plugin', () => {
})
})

describe('with config enablePropagationWithAmazonHeaders enabled', () => {
let config

beforeEach(() => {
config = {
enablePropagationWithAmazonHeaders: true
}

return agent.load('http', config)
.then(() => {
http = require(pluginToBeLoaded)
express = require('express')
})
})

it('should inject tracing header into AWS signed request', done => {
const app = express()

app.get('/', (req, res) => {
try {
expect(req.get('x-datadog-trace-id')).to.be.a('string')
expect(req.get('x-datadog-parent-id')).to.be.a('string')

res.status(200).send()

done()
} catch (e) {
done(e)
}
})

appListener = server(app, port => {
const req = http.request({
port,
headers: {
Authorization: 'AWS4-HMAC-SHA256 ...'
}
})

req.end()
})
})
})

describe('with validateStatus configuration', () => {
let config

Expand Down
64 changes: 64 additions & 0 deletions packages/datadog-plugin-http2/test/client.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,70 @@ describe('Plugin', () => {
})
})

it('should skip injecting if the Authorization header contains an AWS signature', done => {
const app = (stream, headers) => {
try {
expect(headers['x-datadog-trace-id']).to.be.undefined
expect(headers['x-datadog-parent-id']).to.be.undefined

stream.respond({
':status': 200
})
stream.end()

done()
} catch (e) {
done(e)
}
}

appListener = server(app, port => {
const headers = {
Authorization: 'AWS4-HMAC-SHA256 ...'
}
const client = http2
.connect(`${protocol}://localhost:${port}`)
.on('error', done)

const req = client.request(headers)
req.on('error', done)

req.end()
})
})

it('should skip injecting if one of the Authorization headers contains an AWS signature', done => {
const app = (stream, headers) => {
try {
expect(headers['x-datadog-trace-id']).to.be.undefined
expect(headers['x-datadog-parent-id']).to.be.undefined

stream.respond({
':status': 200
})
stream.end()

done()
} catch (e) {
done(e)
}
}

appListener = server(app, port => {
const headers = {
Authorization: ['AWS4-HMAC-SHA256 ...']
}
const client = http2
.connect(`${protocol}://localhost:${port}`)
.on('error', done)

const req = client.request(headers)
req.on('error', done)

req.end()
})
})

it('should skip injecting if the X-Amz-Signature header is set', done => {
const app = (stream, headers) => {
try {
Expand Down

0 comments on commit fc1e874

Please sign in to comment.