fixup! manual things

Author: BridgeAR

integration-tests/appsec/graphql.spec.js

@@ -45,8 +45,8 @@ describe('graphql', () => {
       assert.strictEqual(payload[1][0].name, 'web.request')
       assert.strictEqual(payload[1][0].metrics['_dd.appsec.enabled'], 1)
       assert.ok(Object.hasOwn(payload[1][0].metrics, '_dd.appsec.waf.duration'))
-      assert.ok(!Object.hasOwn(payload[1][0].meta, '_dd.appsec.event'))
-      assert.ok(!Object.hasOwn(payload[1][0].meta, '_dd.appsec.json'))
+      assert.ok(!('_dd.appsec.event' in payload[1][0].meta))
+      assert.ok(!('_dd.appsec.json' in payload[1][0].meta))
     })
 
     await axios({

integration-tests/appsec/iast-esbuild.spec.js

@@ -54,7 +54,7 @@ describe('esbuild support for IAST', () => {
     return agent.assertMessageReceived(({ payload }) => {
       const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
       spans.forEach(span => {
-        assert.ok(!Object.hasOwn(span.meta, '_dd.iast.json'))
+        assert.ok(!('_dd.iast.json' in span.meta))
       })
     }, null, 1, true)
   }

integration-tests/appsec/iast-stack-traces-with-sourcemaps.spec.js

@@ -49,13 +49,13 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
     it('should detect correct stack trace in unnamed function', async () => {
       const response = await axios.get('/rewritten/stack-trace-from-unnamed-function')
 
-      assert.ok(response.data.includes('/rewritten-routes.ts:7:13'))
+      assert.match(response.data, /\/rewritten-routes\.ts:7:13/)
     })
 
     it('should detect correct stack trace in named function', async () => {
       const response = await axios.get('/rewritten/stack-trace-from-named-function')
 
-      assert.ok(response.data.includes('/rewritten-routes.ts:11:13'))
+      assert.match(response.data, /\/rewritten-routes\.ts:11:13/)
     })
 
     it('should detect vulnerability in the correct location', async () => {
@@ -81,13 +81,13 @@ describe('IAST stack traces and vulnerabilities with sourcemaps', () => {
     it('should detect correct stack trace in unnamed function', async () => {
       const response = await axios.get('/not-rewritten/stack-trace-from-unnamed-function')
 
-      assert.ok(response.data.includes('/not-rewritten-routes.ts:7:13'))
+      assert.match(response.data, /\/not-rewritten-routes\.ts:7:13/)
     })
 
     it('should detect correct stack trace in named function', async () => {
       const response = await axios.get('/not-rewritten/stack-trace-from-named-function')
 
-      assert.ok(response.data.includes('/not-rewritten-routes.ts:11:13'))
+      assert.match(response.data, /\/not-rewritten-routes\.ts:11:13/)
     })
 
     it('should detect vulnerability in the correct location', async () => {

integration-tests/appsec/iast.esm-security-controls.spec.js

@@ -52,7 +52,7 @@ describe('ESM Security controls', () => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
             assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
-            assert.ok(span.meta['_dd.iast.json'].includes('"COMMAND_INJECTION"'))
+            assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
           })
         }, null, 1, true)
       })
@@ -63,7 +63,7 @@ describe('ESM Security controls', () => {
         await agent.assertMessageReceived(({ payload }) => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
-            assert.ok(!Object.hasOwn(span.meta, '_dd.iast.json'))
+            assert.ok(!('_dd.iast.json' in span.meta))
             assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
           })
         }, null, 1, true)
@@ -75,7 +75,7 @@ describe('ESM Security controls', () => {
         await agent.assertMessageReceived(({ payload }) => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
-            assert.ok(!Object.hasOwn(span.meta, '_dd.iast.json'))
+            assert.ok(!('_dd.iast.json' in span.meta))
             assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
           })
         }, null, 1, true)
@@ -88,7 +88,7 @@ describe('ESM Security controls', () => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
             assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
-            assert.ok(span.meta['_dd.iast.json'].includes('"COMMAND_INJECTION"'))
+            assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
           })
         }, null, 1, true)
       })
@@ -99,7 +99,7 @@ describe('ESM Security controls', () => {
         await agent.assertMessageReceived(({ payload }) => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
-            assert.ok(!Object.hasOwn(span.meta, '_dd.iast.json'))
+            assert.ok(!('_dd.iast.json' in span.meta))
             assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
           })
         }, null, 1, true)
@@ -111,7 +111,7 @@ describe('ESM Security controls', () => {
         await agent.assertMessageReceived(({ payload }) => {
           const spans = payload.flatMap(p => p.filter(span => span.name === 'express.request'))
           spans.forEach(span => {
-            assert.ok(!Object.hasOwn(span.meta, '_dd.iast.json'))
+            assert.ok(!('_dd.iast.json' in span.meta))
             assert.ok(Object.hasOwn(span.metrics, '_dd.iast.telemetry.suppressed.vulnerabilities.command_injection'))
           })
         }, null, 1, true)

integration-tests/appsec/iast.esm.spec.js

@@ -65,7 +65,7 @@ describe('ESM', () => {
         await agent.assertMessageReceived(({ payload }) => {
           verifySpan(payload, span => {
             assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
-            assert.ok(span.meta['_dd.iast.json'].includes('"COMMAND_INJECTION"'))
+            assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
           })
         }, null, 1, true)
       })
@@ -76,7 +76,7 @@ describe('ESM', () => {
         await agent.assertMessageReceived(({ payload }) => {
           verifySpan(payload, span => {
             assert.ok(Object.hasOwn(span.meta, '_dd.iast.json'))
-            assert.ok(span.meta['_dd.iast.json'].includes('"COMMAND_INJECTION"'))
+            assert.match(span.meta['_dd.iast.json'], /"COMMAND_INJECTION"/)
           })
         }, null, 1, true)
       })

integration-tests/appsec/index.spec.js

@@ -51,7 +51,7 @@ describe('RASP', () => {
   async function assertExploitDetected () {
     await agent.assertMessageReceived(({ headers, payload }) => {
       assert.ok(Object.hasOwn(payload[0][0].meta, '_dd.appsec.json'))
-      assert.ok(payload[0][0].meta['_dd.appsec.json'].includes('"test-rule-id-2"'))
+      assert.match(payload[0][0].meta['_dd.appsec.json'], /"test-rule-id-2"/)
     })
   }
 
@@ -400,7 +400,7 @@ describe('RASP', () => {
           }
 
           await agent.assertMessageReceived(({ headers, payload }) => {
-            assert.ok(!Object.hasOwn(payload[0][0].meta_struct, 'http.request.body'))
+            assert.ok(!('http.request.body' in payload[0][0].meta_struct))
           })
         }
       })

integration-tests/appsec/standalone-asm.spec.js

@@ -31,7 +31,7 @@ describe('Standalone ASM', () => {
   }
 
   function assertDrop ({ meta, metrics }) {
-    assert.ok(!Object.hasOwn(meta, '_dd.p.ts'))
+    assert.ok(!('_dd.p.ts' in meta))
 
     assert.strictEqual(metrics._sampling_priority_v1, AUTO_REJECT)
     assert.strictEqual(metrics['_dd.apm.enabled'], 0)
@@ -96,8 +96,8 @@ describe('Standalone ASM', () => {
           assert.strictEqual(fifthReq.length, 3)
 
           const { meta, metrics } = fifthReq[0]
-          assert.ok(!Object.hasOwn(meta, 'manual.keep'))
-          assert.ok(!Object.hasOwn(meta, '_dd.p.ts'))
+          assert.ok(!('manual.keep' in meta))
+          assert.ok(!('_dd.p.ts' in meta))
 
           assert.strictEqual(metrics._sampling_priority_v1, AUTO_KEEP)
           assert.strictEqual(metrics['_dd.apm.enabled'], 0)
@@ -232,7 +232,7 @@ describe('Standalone ASM', () => {
 
           const innerReq = payload.find(p => p[0].resource === 'GET /down')
           assert.notStrictEqual(innerReq, undefined)
-          assert.ok(!Object.hasOwn(innerReq[0].meta, '_dd.p.other'))
+          assert.ok(!('_dd.p.other' in innerReq[0].meta))
         }, undefined, undefined, true)
       })
 
@@ -323,7 +323,7 @@ describe('Standalone ASM', () => {
     it('should not add standalone related tags in iast events', () => {
       const url = proc.url + '/vulnerableHash'
       return curlAndAssertMessage(agent, url, ({ headers, payload }) => {
-        assert.ok(!Object.hasOwn(headers, 'datadog-client-computed-stats'))
+        assert.ok(!('datadog-client-computed-stats' in headers))
         assert.ok(Array.isArray(payload))
         assert.strictEqual(payload.length, 1)
         assert.ok(Array.isArray(payload[0]))
@@ -334,16 +334,16 @@ describe('Standalone ASM', () => {
         const { meta, metrics } = payload[0][0]
         assert.ok(Object.hasOwn(meta, '_dd.iast.json')) // WEAK_HASH and XCONTENTTYPE_HEADER_MISSING reported
 
-        assert.ok(!Object.hasOwn(meta, '_dd.p.ts'))
-        assert.ok(!Object.hasOwn(metrics, '_dd.apm.enabled'))
+        assert.ok(!('_dd.p.ts' in meta))
+        assert.ok(!('_dd.apm.enabled' in metrics))
       })
     })
 
     it('should not add standalone related tags in appsec events', () => {
       const urlAttack = proc.url + '?query=1 or 1=1'
 
       return curlAndAssertMessage(agent, urlAttack, ({ headers, payload }) => {
-        assert.ok(!Object.hasOwn(headers, 'datadog-client-computed-stats'))
+        assert.ok(!('datadog-client-computed-stats' in headers))
         assert.ok(Array.isArray(payload))
         assert.strictEqual(payload.length, 1)
         assert.ok(Array.isArray(payload[0]))
@@ -354,8 +354,8 @@ describe('Standalone ASM', () => {
         const { meta, metrics } = payload[0][0]
         assert.ok(Object.hasOwn(meta, '_dd.appsec.json')) // crs-942-100 triggered
 
-        assert.ok(!Object.hasOwn(meta, '_dd.p.ts'))
-        assert.ok(!Object.hasOwn(metrics, '_dd.apm.enabled'))
+        assert.ok(!('_dd.p.ts' in meta))
+        assert.ok(!('_dd.apm.enabled' in metrics))
       })
     })
   })

integration-tests/ci-visibility/automatic-log-submission-cucumber/support/steps.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const assert = require('node:assert/strict')
+const assert = require('assert')
 
 const { When, Then } = require('@cucumber/cucumber')
 

integration-tests/ci-visibility/automatic-log-submission.spec.js

@@ -1,15 +1,15 @@
 'use strict'
 
+const assert = require('assert')
 const { exec, execSync } = require('child_process')
 const { once } = require('events')
 
-const { assert } = require('chai')
-
 const {
   sandboxCwd,
   useSandbox,
   getCiVisAgentlessConfig,
-  getCiVisEvpProxyConfig
+  getCiVisEvpProxyConfig,
+  assertObjectContains
 } = require('../helpers')
 const { FakeCiVisIntake } = require('../ci-visibility-intake')
 const webAppServer = require('./web-app-server')
@@ -99,10 +99,10 @@ describe('test optimization automatic log submission', () => {
             logMessages.forEach(({ dd, level }) => {
               assert.equal(level, 'info')
               assert.equal(dd.service, 'my-service')
-              assert.hasAllKeys(dd, ['trace_id', 'span_id', 'service'])
+              assert.deepStrictEqual(['service', 'span_id', 'trace_id'], Object.keys(dd).sort())
             })
 
-            assert.includeMembers(logMessages.map(({ message }) => message), [
+            assertObjectContains(logMessages.map(({ message }) => message), [
               'Hello simple log!',
               'sum function being called'
             ])
@@ -155,15 +155,15 @@ describe('test optimization automatic log submission', () => {
 
         const { logSpanId, logTraceId } = logIds
         const { testSpanId, testTraceId } = testIds
-        assert.include(testOutput, 'Hello simple log!')
-        assert.include(testOutput, 'sum function being called')
+        assert.match(testOutput, /Hello simple log!/)
+        assert.match(testOutput, /sum function being called/)
         // cucumber has `cucumber.step`, and that's the active span, not the test.
         // logs are queried by trace id, so it should be OK
         if (name !== 'cucumber') {
-          assert.include(testOutput, `"span_id":"${testSpanId}"`)
+          assert.match(testOutput, new RegExp(`"span_id":"${testSpanId}"`))
           assert.equal(logSpanId, testSpanId)
         }
-        assert.include(testOutput, `"trace_id":"${testTraceId}"`)
+        assert.match(testOutput, new RegExp(`"trace_id":"${testTraceId}"`))
         assert.equal(logTraceId, testTraceId)
       })
 
@@ -200,9 +200,9 @@ describe('test optimization automatic log submission', () => {
           logsPromise,
         ])
 
-        assert.include(testOutput, 'Hello simple log!')
-        assert.include(testOutput, 'span_id')
-        assert.isFalse(hasReceivedEvents)
+        assert.match(testOutput, /Hello simple log!/)
+        assert.match(testOutput, /span_id/)
+        assert.strictEqual(hasReceivedEvents, false)
       })
 
       it('does not submit logs when DD_AGENTLESS_LOG_SUBMISSION_ENABLED is set but DD_API_KEY is not', async () => {
@@ -236,8 +236,8 @@ describe('test optimization automatic log submission', () => {
           once(childProcess.stderr, 'end'),
         ])
 
-        assert.include(testOutput, 'Hello simple log!')
-        assert.include(testOutput, 'no automatic log submission will be performed')
+        assert.match(testOutput, /Hello simple log!/)
+        assert.match(testOutput, /no automatic log submission will be performed/)
       })
     })
   })

integration-tests/ci-visibility/automatic-log-submission/automatic-log-submission-test.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const assert = require('node:assert/strict')
+const assert = require('assert')
 
 const logger = require('./logger')
 const sum = require('./sum')