From d50d2af2ef9dbb0666973b47cc3c646e2b2f8d50 Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 17:12:43 +0200
Subject: [PATCH 1/7] Enable test for Node.js

---
 manifests/nodejs.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml
index 8b685f67e50..504466a4f19 100644
--- a/manifests/nodejs.yml
+++ b/manifests/nodejs.yml
@@ -97,6 +97,7 @@ refs:
   - &ref_5_104_0 '>=5.104.0'
   - &ref_5_106_0 '>=5.106.0'
   - &ref_5_107_0 '>=5.107.0'
+  - &ref_5_107_0 '>=5.110.0'
   - &ref_6_0_0 '>=6.0.0-pre'
 manifest:
   tests/ai_guard/test_ai_guard_sdk.py::Test_AIGuardEvent_Tag: missing_feature (APPSEC-62217)
@@ -165,7 +166,7 @@ manifest:
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Different_Status: *ref_5_27_0
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Rate: irrelevant (new api security sampling algorithm implemented)
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_With_Delay: *ref_5_27_0
-  tests/appsec/api_security/test_apisecurity_telemetry.py: missing_feature
+  tests/appsec/api_security/test_apisecurity_telemetry.py: *ref_5_110_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Capabilities: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Multiple_Scanners: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Negative: *ref_5_76_0

From d1bc143e30e3ac4b3b354c1c5f4610114b45685f Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 17:13:13 +0200
Subject: [PATCH 2/7] Adapt apisec telemetry test to expect more than one
 framework

---
 .../api_security/test_apisecurity_telemetry.py   | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/tests/appsec/api_security/test_apisecurity_telemetry.py b/tests/appsec/api_security/test_apisecurity_telemetry.py
index 147a7be0d82..550cc9deaa0 100644
--- a/tests/appsec/api_security/test_apisecurity_telemetry.py
+++ b/tests/appsec/api_security/test_apisecurity_telemetry.py
@@ -38,6 +38,13 @@ def _extract_telemetry_metrics(datas: list[dict]) -> list[dict]:
         "net-http-orchestrion": "net/http",
         "uds-echo": "github.com/labstack/echo/v4",
     },
+    "nodejs": {
+        # blocked requests emit 'http' because framework middleware never runs for them
+        "express4": ["express", "http"],
+        "express5": ["express", "http"],
+        "fastify": ["fastify", "http"],
+        "nextjs": "http"
+    }
 }
 
 
@@ -86,11 +93,14 @@ def test_shema_metric(self):
             metric_data["metric"] in ["api_security.request.schema", "api_security.request.no_schema"]
             for metric_data in datas
         ), "Only api_security.request.schema metrics should be present, no missing routes should be generated"
+        expected_frameworks = FRAMEWORKS.get(context.library.name, {}).get(context.weblog_variant, context.weblog_variant)
+        if isinstance(expected_frameworks, str):
+            expected_frameworks = [expected_frameworks]
         # check all metrics have correct tags
         for m in datas:
             metric_data = m
             assert metric_data["namespace"] == "appsec"
             assert metric_data["type"] == "count"
-            assert metric_data["tags"] == [
-                f"framework:{FRAMEWORKS.get(context.library.name, {}).get(context.weblog_variant, context.weblog_variant)}"
-            ], f"framework tag unknown for {context.library.name} {context.weblog_variant}"
+            assert any(
+                metric_data["tags"] == [f"framework:{fw}"] for fw in expected_frameworks
+            ), f"unexpected framework tag for {context.library.name} {context.weblog_variant}: got {metric_data['tags']}, expected one of {[f'framework:{fw}' for fw in expected_frameworks]}"

From bb635c16a00f182ebf870a2b8a422ddeae8c1acd Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 17:26:02 +0200
Subject: [PATCH 3/7] Fix manifest

---
 manifests/nodejs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml
index 504466a4f19..a13b98d9b70 100644
--- a/manifests/nodejs.yml
+++ b/manifests/nodejs.yml
@@ -97,7 +97,7 @@ refs:
   - &ref_5_104_0 '>=5.104.0'
   - &ref_5_106_0 '>=5.106.0'
   - &ref_5_107_0 '>=5.107.0'
-  - &ref_5_107_0 '>=5.110.0'
+  - &ref_5_110_0 '>=5.110.0'
   - &ref_6_0_0 '>=6.0.0-pre'
 manifest:
   tests/ai_guard/test_ai_guard_sdk.py::Test_AIGuardEvent_Tag: missing_feature (APPSEC-62217)

From 853ce0d431b3375785fc1e1ff5ffe6f45bc473d1 Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 18:14:04 +0200
Subject: [PATCH 4/7] Trigger pipeline


From 7da0e9821bef07298ce29e1fb149cffcda797c8e Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 18:25:40 +0200
Subject: [PATCH 5/7] Fix linting issue

---
 .../api_security/test_apisecurity_telemetry.py   | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/tests/appsec/api_security/test_apisecurity_telemetry.py b/tests/appsec/api_security/test_apisecurity_telemetry.py
index 550cc9deaa0..12e71267c89 100644
--- a/tests/appsec/api_security/test_apisecurity_telemetry.py
+++ b/tests/appsec/api_security/test_apisecurity_telemetry.py
@@ -20,7 +20,7 @@ def _extract_telemetry_metrics(datas: list[dict]) -> list[dict]:
     return [m for m in metrics if m["metric"].startswith("api_security")]
 
 
-FRAMEWORKS = {
+FRAMEWORKS: dict[str, dict[str, str | list[str]]] = {
     "python": {
         "flask-poc": "flask",
         "uwsgi-poc": "flask",
@@ -43,8 +43,8 @@ def _extract_telemetry_metrics(datas: list[dict]) -> list[dict]:
         "express4": ["express", "http"],
         "express5": ["express", "http"],
         "fastify": ["fastify", "http"],
-        "nextjs": "http"
-    }
+        "nextjs": "http",
+    },
 }
 
 
@@ -93,7 +93,9 @@ def test_shema_metric(self):
             metric_data["metric"] in ["api_security.request.schema", "api_security.request.no_schema"]
             for metric_data in datas
         ), "Only api_security.request.schema metrics should be present, no missing routes should be generated"
-        expected_frameworks = FRAMEWORKS.get(context.library.name, {}).get(context.weblog_variant, context.weblog_variant)
+        expected_frameworks = FRAMEWORKS.get(context.library.name, {}).get(
+            context.weblog_variant, context.weblog_variant
+        )
         if isinstance(expected_frameworks, str):
             expected_frameworks = [expected_frameworks]
         # check all metrics have correct tags
@@ -101,6 +103,6 @@ def test_shema_metric(self):
             metric_data = m
             assert metric_data["namespace"] == "appsec"
             assert metric_data["type"] == "count"
-            assert any(
-                metric_data["tags"] == [f"framework:{fw}"] for fw in expected_frameworks
-            ), f"unexpected framework tag for {context.library.name} {context.weblog_variant}: got {metric_data['tags']}, expected one of {[f'framework:{fw}' for fw in expected_frameworks]}"
+            assert any(metric_data["tags"] == [f"framework:{fw}"] for fw in expected_frameworks), (
+                f"unexpected framework tag for {context.library.name} {context.weblog_variant}: got {metric_data['tags']}, expected one of {[f'framework:{fw}' for fw in expected_frameworks]}"
+            )

From c297e6ed5f4c351d1081ccd811a66c997143f92e Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 19:36:26 +0200
Subject: [PATCH 6/7] Cap variants to teset

---
 manifests/nodejs.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/manifests/nodejs.yml b/manifests/nodejs.yml
index a13b98d9b70..45d0740a956 100644
--- a/manifests/nodejs.yml
+++ b/manifests/nodejs.yml
@@ -166,7 +166,13 @@ manifest:
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Different_Status: *ref_5_27_0
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_Rate: irrelevant (new api security sampling algorithm implemented)
   tests/appsec/api_security/test_apisec_sampling.py::Test_API_Security_Sampling_With_Delay: *ref_5_27_0
-  tests/appsec/api_security/test_apisecurity_telemetry.py: *ref_5_110_0
+  tests/appsec/api_security/test_apisecurity_telemetry.py:
+    - weblog_declaration:
+        express4: *ref_5_110_0
+        express5: *ref_5_110_0
+        fastify: *ref_5_110_0
+        nextjs: *ref_5_110_0
+        "*": irrelevant (testing additional variants does not provide extra value here)
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Capabilities: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Multiple_Scanners: *ref_5_76_0
   tests/appsec/api_security/test_custom_data_classification.py::Test_API_Security_Custom_Data_Classification_Negative: *ref_5_76_0

From b93a4fd9db663bd4d39df5ac7060fbd7057837fe Mon Sep 17 00:00:00 2001
From: Carles Capell <carles.capell@datadoghq.com>
Date: Tue, 16 Jun 2026 19:55:00 +0200
Subject: [PATCH 7/7] Trigger pipeline