Skip to content

Commit e37336a

Browse files
authored
When capturing lambda payload, always cast number into string for sec… (#422)
* when capturing lambda payload, always cast number into string for security reasons. * booleans should also be casted as strings * use docker-cp when building layers
1 parent a44624f commit e37336a

File tree

3 files changed

+9
-9
lines changed

3 files changed

+9
-9
lines changed

scripts/build_layers.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,9 @@ function docker_build_zip {
4040
docker build -t datadog-lambda-layer-node:$1 . --no-cache \
4141
--build-arg image=node:$1-alpine
4242

43-
# Run the image by runtime tag, tar its generatd `node` directory to sdout,
44-
# then extract it to a temp directory.
45-
docker run --rm datadog-lambda-layer-node:$1 tar cf - /nodejs | tar -xf - -C $temp_dir
43+
# Run the image by runtime tag and copy the output /nodejs to the temp dir
44+
dockerId=$(docker create datadog-lambda-layer-node:$1)
45+
docker cp $dockerId:/nodejs $temp_dir/nodejs
4646

4747
# Zip to destination, and keep directory structure as based in $temp_dir
4848
(cd $temp_dir && zip -q -r $destination ./)

src/utils/tag-object.spec.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@ describe("tagObject", () => {
3434
["lambda_payload.request.myObject.anotherKey.0", "array"],
3535
["lambda_payload.request.myObject.anotherKey.1", "of"],
3636
["lambda_payload.request.myObject.anotherKey.2", "values"],
37-
["lambda_payload.request.myObject.nestedBoolean", false],
37+
["lambda_payload.request.myObject.nestedBoolean", "false"],
3838
["lambda_payload.request.val", null],
39-
["lambda_payload.request.number", 1],
40-
["lambda_payload.request.aBoolean", true],
39+
["lambda_payload.request.number", "1"],
40+
["lambda_payload.request.aBoolean", "true"],
4141
]);
4242
});
4343
it("tags arrays of objects", () => {
@@ -50,8 +50,8 @@ describe("tagObject", () => {
5050
},
5151
});
5252
expect(setTag.mock.calls).toEqual([
53-
["lambda_payload.request.vals.0.thingOne", 1],
54-
["lambda_payload.request.vals.1.thingTwo", 2],
53+
["lambda_payload.request.vals.0.thingOne", "1"],
54+
["lambda_payload.request.vals.1.thingTwo", "2"],
5555
]);
5656
});
5757
it("redacts common secret keys", () => {

src/utils/tag-object.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ export function tagObject(currentSpan: any, key: string, obj: any, depth = 0): a
2121
return tagObject(currentSpan, key, parsed, depth);
2222
}
2323
if (typeof obj === "number" || typeof obj === "boolean") {
24-
return currentSpan.setTag(key, obj);
24+
return currentSpan.setTag(key, obj.toString());
2525
}
2626
if (typeof obj === "object") {
2727
for (const [k, v] of Object.entries(obj)) {

0 commit comments

Comments
 (0)