Remove iast-log and review ASM log messages (#4919)

* Remove iast-log and review ASM log messages

* Update packages/dd-trace/src/appsec/iast/iast-plugin.js

Co-authored-by: Ugaitz Urien <ugaitz.urien@datadoghq.com>

* Update packages/dd-trace/src/appsec/rasp/fs-plugin.js

Co-authored-by: Carles Capell <107924659+CarlesDD@users.noreply.github.com>

* remove template literal

---------

Co-authored-by: Ugaitz Urien <ugaitz.urien@datadoghq.com>
Co-authored-by: Carles Capell <107924659+CarlesDD@users.noreply.github.com>

packages/dd-trace/src/appsec/api_security_sampler.js

@@ -64,7 +64,7 @@ function computeKey (req, res) {
   const status = res.statusCode
 
   if (!method || !status) {
-    log.warn('Unsupported groupkey for API security')
+    log.warn('[ASM] Unsupported groupkey for API security')
     return null
   }
   return method + route + status

packages/dd-trace/src/appsec/blocking.js

@@ -101,7 +101,7 @@ function getBlockingData (req, specificType, actionParameters) {
 
 function block (req, res, rootSpan, abortController, actionParameters = defaultBlockingActionParameters) {
   if (res.headersSent) {
-    log.warn('Cannot send blocking response when headers have already been sent')
+    log.warn('[ASM] Cannot send blocking response when headers have already been sent')
     return
   }
 

packages/dd-trace/src/appsec/iast/analyzers/cookie-analyzer.js

@@ -2,7 +2,7 @@
 
 const Analyzer = require('./vulnerability-analyzer')
 const { getNodeModulesPaths } = require('../path-line')
-const iastLog = require('../iast-log')
+const log = require('../../../log')
 
 const EXCLUDED_PATHS = getNodeModulesPaths('express/lib/response.js')
 
@@ -16,7 +16,7 @@ class CookieAnalyzer extends Analyzer {
     try {
       this.cookieFilterRegExp = new RegExp(config.iast.cookieFilterPattern)
     } catch {
-      iastLog.error('Invalid regex in cookieFilterPattern')
+      log.error('[ASM] Invalid regex in cookieFilterPattern')
       this.cookieFilterRegExp = /.{32,}/
     }
 

packages/dd-trace/src/appsec/iast/iast-plugin.js

@@ -2,14 +2,14 @@
 
 const { channel } = require('dc-polyfill')
 
-const iastLog = require('./iast-log')
 const Plugin = require('../../plugins/plugin')
 const iastTelemetry = require('./telemetry')
 const { getInstrumentedMetric, getExecutedMetric, TagKey, EXECUTED_SOURCE, formatTags } =
   require('./telemetry/iast-metric')
 const { storage } = require('../../../../datadog-core')
 const { getIastContext } = require('./iast-context')
 const instrumentations = require('../../../../datadog-instrumentations/src/helpers/instrumentations')
+const log = require('../../log')
 
 /**
  * Used by vulnerability sources and sinks to subscribe diagnostic channel events
@@ -65,7 +65,7 @@ class IastPlugin extends Plugin {
       try {
         handler(message, name)
       } catch (e) {
-        iastLog.errorAndPublish(e)
+        log.error('[ASM] Error executing IAST plugin handler', e)
       }
     }
   }
@@ -76,7 +76,7 @@ class IastPlugin extends Plugin {
         const iastContext = getIastContext(storage.getStore())
         iastSub.increaseExecuted(iastContext)
       } catch (e) {
-        iastLog.errorAndPublish(e)
+        log.error('[ASM] Error increasing handler executed metrics', e)
       }
     }
   }
@@ -93,7 +93,7 @@ class IastPlugin extends Plugin {
       }
       return result
     } catch (e) {
-      iastLog.errorAndPublish(e)
+      log.error('[ASM] Error executing handler or increasing metrics', e)
     }
   }
 

packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js

@@ -2,7 +2,7 @@
 
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { IAST_TRANSACTION_ID } = require('../iast-context')
-const iastLog = require('../iast-log')
+const log = require('../../../log')
 
 function taintObject (iastContext, object, type) {
   let result = object
@@ -33,7 +33,7 @@ function taintObject (iastContext, object, type) {
           }
         }
       } catch (e) {
-        iastLog.error(`Error visiting property : ${property}`).errorAndPublish(e)
+        log.error('[ASM] Error in taintObject when visiting property : %s', property, e)
       }
     }
   }

packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js

@@ -2,12 +2,12 @@
 
 const Module = require('module')
 const shimmer = require('../../../../../datadog-shimmer')
-const iastLog = require('../iast-log')
 const { isPrivateModule, isNotLibraryFile } = require('./filter')
 const { csiMethods } = require('./csi-methods')
 const { getName } = require('../telemetry/verbosity')
 const { getRewriteFunction } = require('./rewriter-telemetry')
 const dc = require('dc-polyfill')
+const log = require('../../../log')
 
 const hardcodedSecretCh = dc.channel('datadog:secrets:result')
 let rewriter
@@ -60,8 +60,7 @@ function getRewriter (telemetryVerbosity) {
         chainSourceMap
       })
     } catch (e) {
-      iastLog.error('Unable to initialize TaintTracking Rewriter')
-        .errorAndPublish(e)
+      log.error('[ASM] Unable to initialize TaintTracking Rewriter', e)
     }
   }
   return rewriter
@@ -99,8 +98,7 @@ function getCompileMethodFn (compileMethod) {
         }
       }
     } catch (e) {
-      iastLog.error(`Error rewriting ${filename}`)
-        .errorAndPublish(e)
+      log.error('[ASM] Error rewriting file %s', filename, e)
     }
     return compileMethod.apply(this, [content, filename])
   }
@@ -117,8 +115,7 @@ function enableRewriter (telemetryVerbosity) {
       shimmer.wrap(Module.prototype, '_compile', compileMethod => getCompileMethodFn(compileMethod))
     }
   } catch (e) {
-    iastLog.error('Error enabling TaintTracking Rewriter')
-      .errorAndPublish(e)
+    log.error('[ASM] Error enabling TaintTracking Rewriter', e)
   }
 }
 
@@ -132,7 +129,7 @@ function disableRewriter () {
 
     Error.prepareStackTrace = originalPrepareStackTrace
   } catch (e) {
-    iastLog.warn(e)
+    log.warn('[ASM] Error disabling TaintTracking rewriter', e)
   }
 }
 

packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js

@@ -4,10 +4,10 @@ const dc = require('dc-polyfill')
 const TaintedUtils = require('@datadog/native-iast-taint-tracking')
 const { storage } = require('../../../../../datadog-core')
 const iastContextFunctions = require('../iast-context')
-const iastLog = require('../iast-log')
 const { EXECUTED_PROPAGATION } = require('../telemetry/iast-metric')
 const { isDebugAllowed } = require('../telemetry/verbosity')
 const { taintObject } = require('./operations-taint-object')
+const log = require('../../../log')
 
 const mathRandomCallCh = dc.channel('datadog:random:call')
 const evalCallCh = dc.channel('datadog:eval:call')
@@ -60,8 +60,7 @@ function getFilteredCsiFn (cb, filter, getContext) {
         return cb(transactionId, res, target, ...rest)
       }
     } catch (e) {
-      iastLog.error(`Error invoking CSI ${target}`)
-        .errorAndPublish(e)
+      log.error('[ASM] Error invoking CSI %s', target, e)
     }
     return res
   }
@@ -112,8 +111,7 @@ function csiMethodsOverrides (getContext) {
           return TaintedUtils.concat(transactionId, res, op1, op2)
         }
       } catch (e) {
-        iastLog.error('Error invoking CSI plusOperator')
-          .errorAndPublish(e)
+        log.error('[ASM] Error invoking CSI plusOperator', e)
       }
       return res
     },
@@ -126,8 +124,7 @@ function csiMethodsOverrides (getContext) {
           return TaintedUtils.concat(transactionId, res, ...rest)
         }
       } catch (e) {
-        iastLog.error('Error invoking CSI tplOperator')
-          .errorAndPublish(e)
+        log.error('[ASM] Error invoking CSI tplOperator', e)
       }
       return res
     },
@@ -178,7 +175,7 @@ function csiMethodsOverrides (getContext) {
             }
           }
         } catch (e) {
-          iastLog.error(e)
+          log.error('[ASM] Error invoking CSI JSON.parse', e)
         }
       }
 
@@ -194,7 +191,7 @@ function csiMethodsOverrides (getContext) {
             res = TaintedUtils.arrayJoin(transactionId, res, target, separator)
           }
         } catch (e) {
-          iastLog.error(e)
+          log.error('[ASM] Error invoking CSI join', e)
         }
       }
 
@@ -250,8 +247,7 @@ function lodashTaintTrackingHandler (message) {
       message.result = getLodashTaintedUtilFn(message.operation)(transactionId, message.result, ...message.arguments)
     }
   } catch (e) {
-    iastLog.error(`Error invoking CSI lodash ${message.operation}`)
-      .errorAndPublish(e)
+    log.error('[ASM] Error invoking CSI lodash %s', message.operation, e)
   }
 }
 

packages/dd-trace/src/appsec/iast/telemetry/namespaces.js

@@ -4,7 +4,6 @@ const log = require('../../../log')
 const { Namespace } = require('../../../telemetry/metrics')
 const { addMetricsToSpan } = require('./span-tags')
 const { IAST_TRACE_METRIC_PREFIX } = require('../tags')
-const iastLog = require('../iast-log')
 
 const DD_IAST_METRICS_NAMESPACE = Symbol('_dd.iast.request.metrics.namespace')
 
@@ -31,7 +30,7 @@ function finalizeRequestNamespace (context, rootSpan) {
 
     namespace.clear()
   } catch (e) {
-    log.error(e)
+    log.error('[ASM] Error merging request metrics', e)
   } finally {
     if (context) {
       delete context[DD_IAST_METRICS_NAMESPACE]
@@ -79,7 +78,7 @@ class IastNamespace extends Namespace {
 
       if (metrics.size === this.maxMetricTagsSize) {
         metrics.clear()
-        iastLog.warnAndPublish(`Tags cache max size reached for metric ${name}`)
+        log.error('[ASM] Tags cache max size reached for metric %s', name)
       }
 
       metrics.set(tags, metric)

packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 
 const COMMAND_PATTERN = '^(?:\\s*(?:sudo|doas)\\s+)?\\b\\S+\\b\\s(.*)'
 const pattern = new RegExp(COMMAND_PATTERN, 'gmi')
@@ -16,7 +16,7 @@ module.exports = function extractSensitiveRanges (evidence) {
       return [{ start, end }]
     }
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }

packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 
 const LDAP_PATTERN = '\\(.*?(?:~=|=|<=|>=)(?<LITERAL>[^)]+)\\)'
 const pattern = new RegExp(LDAP_PATTERN, 'gmi')
@@ -22,7 +22,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     }
     return tokens
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }

packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const iastLog = require('../../../iast-log')
+const log = require('../../../../../log')
 
 const STRING_LITERAL = '\'(?:\'\'|[^\'])*\''
 const POSTGRESQL_ESCAPED_LITERAL = '\\$([^$]*)\\$.*?\\$\\1\\$'
@@ -106,7 +106,7 @@ module.exports = function extractSensitiveRanges (evidence) {
     }
     return tokens
   } catch (e) {
-    iastLog.debug(e)
+    log.debug('[ASM] Error extracting sensitive ranges', e)
   }
   return []
 }