[RUM-10415] [alt] add privacy allowlist support treewalker (#3803)

* Use treewalker to replace innerText

* Add support for display and contentVisibility

* Improve code and add test cases

* Clean up

* Update packages/rum-core/src/domain/action/getActionNameFromElement.spec.ts

Co-authored-by: sethfowler-datadog <[email protected]>

* Use allowlist masking for action names

* Pass down configurations to reduce args; fix listener leaks

* Format code

* Improve unit test for shouldMaskNode

* Improve code

* Refactor and add tests to preserve mask under mask-unless-allowlisted

* Clean up global declare and test code

* Require enablePrivacyForActionName: true

* Update packages/rum/src/domain/record/serialization/serializeNode.spec.ts

Co-authored-by: sethfowler-datadog <[email protected]>

* Keep compatibility with current masking strategy

* Update shouldMaskNode() to be compatible with input element

* Added tests and improve code to adress comments

* Update packages/rum/src/domain/record/serialization/serializeNode.spec.ts

Co-authored-by: sethfowler-datadog <[email protected]>

* fix-comment: test cases and unused parameter

* fix-comment: fix getAttributes

* fix-comment: fix test names

---------

Co-authored-by: sethfowler-datadog <[email protected]>

Author: cy-moi

packages/core/src/domain/configuration/configuration.ts

@@ -25,6 +25,7 @@ export const DefaultPrivacyLevel = {
   ALLOW: 'allow',
   MASK: 'mask',
   MASK_USER_INPUT: 'mask-user-input',
+  MASK_UNLESS_ALLOWLISTED: 'mask-unless-allowlisted',
 } as const
 export type DefaultPrivacyLevel = (typeof DefaultPrivacyLevel)[keyof typeof DefaultPrivacyLevel]
 

packages/rum-core/src/domain/action/actionCollection.spec.ts

@@ -11,6 +11,7 @@ import { createHooks } from '../hooks'
 import type { RumMutationRecord } from '../../browser/domMutationObservable'
 import type { ActionContexts } from './actionCollection'
 import { startActionCollection } from './actionCollection'
+import { ActionNameSource } from './actionNameConstants'
 
 describe('actionCollection', () => {
   const lifeCycle = new LifeCycle()
@@ -50,7 +51,7 @@ describe('actionCollection', () => {
       duration: 100 as Duration,
       id: 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
       name: 'foo',
-      nameSource: 'text_content',
+      nameSource: ActionNameSource.TEXT_CONTENT,
       startClocks: { relative: 1234 as RelativeTime, timeStamp: 123456789 as TimeStamp },
       type: ActionType.CLICK,
       event,
@@ -145,7 +146,7 @@ describe('actionCollection', () => {
       frustrationTypes: [],
       id: 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
       name: 'foo',
-      nameSource: 'text_content',
+      nameSource: ActionNameSource.TEXT_CONTENT,
       startClocks: { relative: 0 as RelativeTime, timeStamp: 0 as TimeStamp },
       type: ActionType.CLICK,
     })

packages/rum-core/src/domain/action/actionCollection.ts

@@ -31,8 +31,11 @@ export function startActionCollection(
   windowOpenObservable: Observable<void>,
   configuration: RumConfiguration
 ) {
-  lifeCycle.subscribe(LifeCycleEventType.AUTO_ACTION_COMPLETED, (action) =>
-    lifeCycle.notify(LifeCycleEventType.RAW_RUM_EVENT_COLLECTED, processAction(action))
+  const { unsubscribe: unsubscribeAutoAction } = lifeCycle.subscribe(
+    LifeCycleEventType.AUTO_ACTION_COMPLETED,
+    (action) => {
+      lifeCycle.notify(LifeCycleEventType.RAW_RUM_EVENT_COLLECTED, processAction(action))
+    }
   )
 
   hooks.register(HookNames.Assemble, ({ startTime, eventType }): DefaultRumEventAttributes | SKIPPED => {
@@ -79,7 +82,10 @@ export function startActionCollection(
       lifeCycle.notify(LifeCycleEventType.RAW_RUM_EVENT_COLLECTED, processAction(action))
     },
     actionContexts,
-    stop,
+    stop: () => {
+      unsubscribeAutoAction()
+      stop()
+    },
   }
 }
 

packages/rum-core/src/domain/action/actionNameConstants.ts

@@ -0,0 +1,20 @@
+/**
+ * Get the action name from the attribute 'data-dd-action-name' on the element or any of its parent.
+ * It can also be retrieved from a user defined attribute.
+ */
+export const DEFAULT_PROGRAMMATIC_ACTION_NAME_ATTRIBUTE = 'data-dd-action-name'
+export const ACTION_NAME_PLACEHOLDER = 'Masked Element'
+export const ACTION_NAME_MASK = 'xxx'
+
+export const enum ActionNameSource {
+  CUSTOM_ATTRIBUTE = 'custom_attribute',
+  MASK_PLACEHOLDER = 'mask_placeholder',
+  TEXT_CONTENT = 'text_content',
+  STANDARD_ATTRIBUTE = 'standard_attribute',
+  BLANK = 'blank',
+}
+
+export interface ActionName {
+  name: string
+  nameSource: ActionNameSource
+}

packages/rum-core/src/domain/action/getActionNameFromElement.spec.ts

@@ -1,8 +1,10 @@
 import { ExperimentalFeature } from '@datadog/browser-core'
 import { mockExperimentalFeatures } from '../../../../core/test'
 import { appendElement, mockRumConfiguration } from '../../../test'
-import { NodePrivacyLevel } from '../privacy'
-import { ActionNameSource, getActionNameFromElement } from './getActionNameFromElement'
+import { NodePrivacyLevel } from '../privacyConstants'
+import { getNodeSelfPrivacyLevel } from '../privacy'
+import { getActionNameFromElement } from './getActionNameFromElement'
+import { ActionNameSource } from './actionNameConstants'
 
 const defaultConfiguration = mockRumConfiguration()
 
@@ -504,6 +506,162 @@ describe('getActionNameFromElement', () => {
       expect(nameSource).toBe('text_content')
     })
   })
+  describe('with allowlist and enablePrivacyForActionName is true', () => {
+    interface BrowserWindow extends Window {
+      $DD_ALLOW?: Set<string>
+    }
+
+    it('preserves privacy level of the element when defaultPrivacyLevel is mask-unless-allowlisted', () => {
+      mockExperimentalFeatures([ExperimentalFeature.USE_TREE_WALKER_FOR_ACTION_NAME])
+      const { name, nameSource } = getActionNameFromElement(
+        appendElement(`
+        <div data-dd-privacy="mask">
+          <span target>bar</span>
+        </div>
+      `),
+        {
+          ...defaultConfiguration,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          enablePrivacyForActionName: true,
+        },
+        NodePrivacyLevel.MASK
+      )
+      expect(name).toBe('Masked Element')
+      expect(nameSource).toBe('mask_placeholder')
+    })
+
+    it('preserves privacy level of the element when node privacy level is mask-unless-allowlisted', () => {
+      const testCases = [
+        {
+          html: `
+           <div data-dd-privacy="mask-unless-allowlisted" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask">
+              <span>bar</span>
+              <div data-dd-privacy="allow">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: '',
+          expectedNameSource: 'blank',
+        },
+        {
+          html: `
+           <div data-dd-privacy="mask-unless-allowlisted" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask">
+              <span>bar</span>
+              <div data-dd-privacy="allow">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          allowlist: ['foo'],
+          expectedName: 'foo',
+          expectedNameSource: 'text_content',
+        },
+        {
+          html: `
+           <div data-dd-privacy="mask-unless-allowlisted" target>
+            <span>foo</span>
+            <div data-dd-privacy="allow">
+              <span>baz</span>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: 'baz',
+          expectedNameSource: 'text_content',
+        },
+        {
+          html: `
+          <div data-dd-privacy="mask" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask-unless-allowlisted">
+              <span>bar</span>
+              <div data-dd-privacy="allow">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: 'Masked Element',
+          expectedNameSource: 'mask_placeholder',
+        },
+        {
+          html: `
+          <div data-dd-privacy="allow" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask-unless-allowlisted">
+              <span>bar</span>
+              <div data-dd-privacy="allow">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: 'foo baz',
+          expectedNameSource: 'text_content',
+        },
+        {
+          html: `
+          <div data-dd-privacy="allow" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask-unless-allowlisted">
+              <span>bar</span>
+              <div data-dd-privacy="mask">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          expectedName: 'foo',
+          expectedNameSource: 'text_content',
+        },
+        {
+          html: `
+          <div data-dd-privacy="allow" target>
+            <span>foo</span>
+            <div data-dd-privacy="mask-unless-allowlisted">
+              <span>bar</span>
+              <div data-dd-privacy="allow">
+                <span>baz</span>
+              </div>
+            </div>
+          </div>
+          `,
+          defaultPrivacyLevel: NodePrivacyLevel.MASK_UNLESS_ALLOWLISTED,
+          allowlist: ['bar'],
+          expectedName: 'foo bar baz',
+          expectedNameSource: 'text_content',
+        },
+      ]
+      testCases.forEach(({ html, defaultPrivacyLevel, allowlist, expectedName, expectedNameSource }) => {
+        mockExperimentalFeatures([ExperimentalFeature.USE_TREE_WALKER_FOR_ACTION_NAME])
+        ;(window as BrowserWindow).$DD_ALLOW = new Set(allowlist)
+        const target = appendElement(html)
+        const { name, nameSource } = getActionNameFromElement(
+          target,
+          {
+            ...defaultConfiguration,
+            defaultPrivacyLevel,
+            enablePrivacyForActionName: true,
+          },
+          getNodeSelfPrivacyLevel(target)
+        )
+        expect(name).toBe(expectedName)
+        expect(nameSource).toBe(expectedNameSource)
+      })
+    })
+  })
 
   describe('with privacyEnabledForActionName', () => {
     it('extracts attribute text when privacyEnabledActionName is false', () => {