RubyGems - datadog - Versions diffs - 2.10.0 → 2.12.2 - Mend

datadog 2.10.0 → 2.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +72 -1
data/ext/datadog_profiling_native_extension/collectors_stack.c +3 -3
data/ext/datadog_profiling_native_extension/collectors_thread_context.c +44 -1
data/ext/datadog_profiling_native_extension/extconf.rb +4 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.c +2 -0
data/ext/datadog_profiling_native_extension/gvl_profiling_helper.h +0 -8
data/ext/datadog_profiling_native_extension/heap_recorder.c +1 -1
data/ext/datadog_profiling_native_extension/private_vm_api_access.c +64 -0
data/ext/datadog_profiling_native_extension/private_vm_api_access.h +7 -0
data/ext/datadog_profiling_native_extension/profiling.c +7 -0
data/ext/libdatadog_api/crashtracker.c +4 -4
data/ext/libdatadog_extconf_helpers.rb +1 -1
data/lib/datadog/appsec/configuration/settings.rb +64 -11
data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +23 -6
data/lib/datadog/appsec/contrib/active_record/patcher.rb +63 -15
data/lib/datadog/appsec/contrib/devise/configuration.rb +76 -0
data/lib/datadog/appsec/contrib/devise/event.rb +4 -7
data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +16 -21
data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +8 -15
data/lib/datadog/appsec/contrib/devise/patcher/rememberable_patch.rb +1 -1
data/lib/datadog/appsec/contrib/devise/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/devise/tracking.rb +1 -1
data/lib/datadog/appsec/contrib/excon/integration.rb +41 -0
data/lib/datadog/appsec/contrib/excon/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +43 -0
data/lib/datadog/appsec/contrib/faraday/connection_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/integration.rb +42 -0
data/lib/datadog/appsec/contrib/faraday/patcher.rb +53 -0
data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb +22 -0
data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +42 -0
data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +10 -12
data/lib/datadog/appsec/contrib/graphql/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/ext.rb +20 -0
data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +84 -72
data/lib/datadog/appsec/contrib/rack/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rack/request_middleware.rb +3 -0
data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +20 -25
data/lib/datadog/appsec/contrib/rails/patcher.rb +0 -3
data/lib/datadog/appsec/contrib/rest_client/integration.rb +45 -0
data/lib/datadog/appsec/contrib/rest_client/patcher.rb +28 -0
data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +39 -0
data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +38 -49
data/lib/datadog/appsec/contrib/sinatra/patcher.rb +0 -3
data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
data/lib/datadog/appsec/monitor/gateway/watcher.rb +19 -25
data/lib/datadog/appsec/processor/rule_merger.rb +2 -1
data/lib/datadog/appsec/remote.rb +11 -0
data/lib/datadog/appsec.rb +3 -0
data/lib/datadog/core/configuration/components.rb +17 -10
data/lib/datadog/core/configuration/ext.rb +1 -1
data/lib/datadog/core/configuration/option_definition.rb +2 -0
data/lib/datadog/core/configuration/settings.rb +22 -6
data/lib/datadog/core/encoding.rb +16 -0
data/lib/datadog/core/environment/agent_info.rb +77 -0
data/lib/datadog/core/metrics/client.rb +9 -8
data/lib/datadog/core/remote/client.rb +5 -4
data/lib/datadog/core/remote/component.rb +14 -12
data/lib/datadog/core/remote/negotiation.rb +1 -1
data/lib/datadog/core/remote/transport/http/api.rb +13 -18
data/lib/datadog/core/remote/transport/http/config.rb +0 -18
data/lib/datadog/core/remote/transport/http/negotiation.rb +1 -18
data/lib/datadog/core/remote/transport/http.rb +6 -40
data/lib/datadog/core/remote/transport/negotiation.rb +13 -1
data/lib/datadog/core/remote/worker.rb +10 -7
data/lib/datadog/core/telemetry/component.rb +5 -1
data/lib/datadog/core/telemetry/event.rb +5 -0
data/lib/datadog/core/telemetry/worker.rb +9 -5
data/lib/datadog/core/transport/http/adapters/unix_socket.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/instance.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/api/spec.rb +1 -1
data/lib/datadog/{tracing → core}/transport/http/builder.rb +37 -17
data/lib/datadog/core/transport/http.rb +38 -0
data/lib/datadog/core/transport/response.rb +4 -0
data/lib/datadog/core/workers/runtime_metrics.rb +1 -1
data/lib/datadog/di/code_tracker.rb +15 -8
data/lib/datadog/di/component.rb +2 -3
data/lib/datadog/di/configuration/settings.rb +14 -0
data/lib/datadog/di/contrib.rb +2 -0
data/lib/datadog/di/logger.rb +30 -0
data/lib/datadog/di/probe.rb +3 -6
data/lib/datadog/di/probe_manager.rb +5 -2
data/lib/datadog/di/probe_notifier_worker.rb +35 -8
data/lib/datadog/di/remote.rb +3 -3
data/lib/datadog/di/transport/diagnostics.rb +61 -0
data/lib/datadog/di/transport/http/api.rb +52 -0
data/lib/datadog/di/transport/http/client.rb +46 -0
data/lib/datadog/di/transport/http/diagnostics.rb +92 -0
data/lib/datadog/di/transport/http/input.rb +94 -0
data/lib/datadog/di/transport/http.rb +105 -0
data/lib/datadog/di/transport/input.rb +61 -0
data/lib/datadog/di/utils.rb +91 -0
data/lib/datadog/di.rb +5 -1
data/lib/datadog/profiling/component.rb +2 -8
data/lib/datadog/profiling/load_native_extension.rb +1 -33
data/lib/datadog/tracing/component.rb +1 -0
data/lib/datadog/tracing/configuration/ext.rb +1 -0
data/lib/datadog/tracing/contrib/extensions.rb +14 -0
data/lib/datadog/tracing/contrib/graphql/configuration/error_extension_env_parser.rb +21 -0
data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +11 -0
data/lib/datadog/tracing/contrib/graphql/ext.rb +5 -0
data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +102 -11
data/lib/datadog/tracing/contrib/rack/header_collection.rb +11 -1
data/lib/datadog/tracing/contrib/rack/middlewares.rb +1 -1
data/lib/datadog/tracing/contrib/span_attribute_schema.rb +6 -1
data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
data/lib/datadog/tracing/metadata.rb +2 -0
data/lib/datadog/tracing/span.rb +10 -1
data/lib/datadog/tracing/span_operation.rb +6 -1
data/lib/datadog/tracing/sync_writer.rb +9 -4
data/lib/datadog/tracing/tracer.rb +15 -7
data/lib/datadog/tracing/transport/http/api.rb +11 -2
data/lib/datadog/tracing/transport/http/traces.rb +0 -3
data/lib/datadog/tracing/transport/http.rb +7 -31
data/lib/datadog/tracing/transport/serializable_trace.rb +11 -5
data/lib/datadog/tracing/transport/traces.rb +25 -8
data/lib/datadog/tracing/workers/trace_writer.rb +10 -3
data/lib/datadog/tracing/workers.rb +5 -4
data/lib/datadog/tracing/writer.rb +12 -4
data/lib/datadog/version.rb +2 -2
metadata +37 -29
data/ext/datadog_profiling_loader/datadog_profiling_loader.c +0 -142
data/ext/datadog_profiling_loader/extconf.rb +0 -60
data/lib/datadog/appsec/contrib/graphql/reactive/multiplex.rb +0 -46
data/lib/datadog/appsec/contrib/patcher.rb +0 -12
data/lib/datadog/appsec/contrib/rack/reactive/request.rb +0 -69
data/lib/datadog/appsec/contrib/rack/reactive/request_body.rb +0 -47
data/lib/datadog/appsec/contrib/rack/reactive/response.rb +0 -53
data/lib/datadog/appsec/contrib/rails/reactive/action.rb +0 -53
data/lib/datadog/appsec/contrib/sinatra/reactive/routed.rb +0 -48
data/lib/datadog/appsec/monitor/reactive/set_user.rb +0 -45
data/lib/datadog/appsec/reactive/address_hash.rb +0 -22
data/lib/datadog/appsec/reactive/engine.rb +0 -47
data/lib/datadog/appsec/reactive/subscriber.rb +0 -19
data/lib/datadog/core/remote/transport/http/api/instance.rb +0 -39
data/lib/datadog/core/remote/transport/http/api/spec.rb +0 -21
data/lib/datadog/core/remote/transport/http/builder.rb +0 -219
data/lib/datadog/di/transport.rb +0 -79

data/lib/datadog/appsec/contrib/active_record/patcher.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require_relative '../patcher'
 require_relative 'instrumentation'
 module Datadog
@@ -9,8 +8,6 @@ module Datadog
       module ActiveRecord
         # AppSec patcher module for ActiveRecord
         module Patcher
-          include Datadog::AppSec::Contrib::Patcher
           module_function
           def patched?
@@ -22,30 +19,81 @@ module Datadog
           end
           def patch
+            # Rails 7.0 intruduced new on-load hooks for sqlite3 and postgresql adapters
+            # The load hook for mysql2 adapter was introduced in Rails 7.1
+            #
+            # If the adapter is not loaded when the :active_record load hook is called,
+            # we need to add a load hook for the adapter
             ActiveSupport.on_load :active_record do
-              instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
-                                         Instrumentation::InternalExecQueryAdapterPatch
-                                       else
-                                         Instrumentation::ExecQueryAdapterPatch
-                                       end
               if defined?(::ActiveRecord::ConnectionAdapters::SQLite3Adapter)
-                ::ActiveRecord::ConnectionAdapters::SQLite3Adapter.prepend(instrumentation_module)
+                ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_sqlite3_adapter
+              else
+                ActiveSupport.on_load :active_record_sqlite3adapter do
+                  ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_sqlite3_adapter
+                end
               end
               if defined?(::ActiveRecord::ConnectionAdapters::Mysql2Adapter)
-                ::ActiveRecord::ConnectionAdapters::Mysql2Adapter.prepend(instrumentation_module)
+                ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_mysql2_adapter
+              else
+                ActiveSupport.on_load :active_record_mysql2adapter do
+                  ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_mysql2_adapter
+                end
               end
               if defined?(::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
-                unless defined?(::ActiveRecord::ConnectionAdapters::JdbcAdapter)
-                  instrumentation_module = Instrumentation::ExecuteAndClearAdapterPatch
+                ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_postgresql_adapter
+              else
+                ActiveSupport.on_load :active_record_postgresqladapter do
+                  ::Datadog::AppSec::Contrib::ActiveRecord::Patcher.patch_postgresql_adapter
                 end
-                ::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(instrumentation_module)
               end
             end
           end
+          def patch_sqlite3_adapter
+            instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
+                                       Instrumentation::InternalExecQueryAdapterPatch
+                                     elsif ::ActiveRecord.gem_version.segments.first == 4
+                                       Instrumentation::Rails4ExecQueryAdapterPatch
+                                     else
+                                       Instrumentation::ExecQueryAdapterPatch
+                                     end
+            ::ActiveRecord::ConnectionAdapters::SQLite3Adapter.prepend(instrumentation_module)
+          end
+          def patch_mysql2_adapter
+            instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
+                                       Instrumentation::InternalExecQueryAdapterPatch
+                                     elsif ::ActiveRecord.gem_version.segments.first == 4
+                                       Instrumentation::Rails4ExecQueryAdapterPatch
+                                     else
+                                       Instrumentation::ExecQueryAdapterPatch
+                                     end
+            ::ActiveRecord::ConnectionAdapters::Mysql2Adapter.prepend(instrumentation_module)
+          end
+          def patch_postgresql_adapter
+            instrumentation_module = if ::ActiveRecord.gem_version.segments.first == 4
+                                       Instrumentation::Rails4ExecuteAndClearAdapterPatch
+                                     else
+                                       Instrumentation::ExecuteAndClearAdapterPatch
+                                     end
+            if defined?(::ActiveRecord::ConnectionAdapters::JdbcAdapter)
+              instrumentation_module = if ::ActiveRecord.gem_version >= Gem::Version.new('7.1')
+                                         Instrumentation::InternalExecQueryAdapterPatch
+                                       elsif ::ActiveRecord.gem_version.segments.first == 4
+                                         Instrumentation::Rails4ExecQueryAdapterPatch
+                                       else
+                                         Instrumentation::ExecQueryAdapterPatch
+                                       end
+            end
+            ::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(instrumentation_module)
+          end
         end
       end
     end

data/lib/datadog/appsec/contrib/devise/configuration.rb ADDED Viewed

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Devise
+        # A temporary configuration module to accomodate new RFC changes.
+        # NOTE: DEV-3 Remove module
+        module Configuration
+          MODES_CONVERSION_RULES = {
+            track_user_to_auto_instrumentation: {
+              AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE =>
+              AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE,
+              AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE =>
+              AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
+            }.freeze,
+            auto_instrumentation_to_track_user: {
+              AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE =>
+              AppSec::Configuration::Settings::SAFE_TRACK_USER_EVENTS_MODE,
+              AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE =>
+              AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
+            }.freeze
+          }.freeze
+          module_function
+          # NOTE: DEV-3 Replace method use with `auto_user_instrumentation.enabled?`
+          def auto_user_instrumentation_enabled?
+            appsec = Datadog.configuration.appsec
+            appsec.auto_user_instrumentation.mode
+            unless appsec.auto_user_instrumentation.options[:mode].default_precedence?
+              return appsec.auto_user_instrumentation.enabled?
+            end
+            appsec.track_user_events.enabled
+          end
+          # NOTE: DEV-3 Replace method use with `auto_user_instrumentation.mode`
+          def auto_user_instrumentation_mode
+            appsec = Datadog.configuration.appsec
+            # NOTE: Reading both to trigger precedence set
+            appsec.auto_user_instrumentation.mode
+            appsec.track_user_events.mode
+            if !appsec.auto_user_instrumentation.options[:mode].default_precedence? &&
+                appsec.track_user_events.options[:mode].default_precedence?
+              return appsec.auto_user_instrumentation.mode
+            end
+            if appsec.auto_user_instrumentation.options[:mode].default_precedence?
+              return MODES_CONVERSION_RULES[:track_user_to_auto_instrumentation].fetch(
+                appsec.track_user_events.mode, appsec.auto_user_instrumentation.mode
+              )
+            end
+            identification_mode = AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
+            if appsec.auto_user_instrumentation.mode == identification_mode ||
+                appsec.track_user_events.mode == AppSec::Configuration::Settings::EXTENDED_TRACK_USER_EVENTS_MODE
+              return identification_mode
+            end
+            AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
+          end
+          # NOTE: Remove in next version of tracking
+          def track_user_events_mode
+            MODES_CONVERSION_RULES[:auto_instrumentation_to_track_user]
+              .fetch(auto_user_instrumentation_mode, Datadog.configuration.appsec.track_user_events.mode)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/devise/event.rb CHANGED Viewed

@@ -8,9 +8,6 @@ module Datadog
         class Event
           UUID_REGEX = /^\h{8}-\h{4}-\h{4}-\h{4}-\h{12}$/.freeze
-          SAFE_MODE = 'safe'
-          EXTENDED_MODE = 'extended'
           attr_reader :user_id
           def initialize(resource, mode)
@@ -38,15 +35,15 @@ module Datadog
             @user_id = @resource.id
             case @mode
-            when EXTENDED_MODE
+            when AppSec::Configuration::Settings::IDENTIFICATION_AUTO_USER_INSTRUMENTATION_MODE
               @email = @resource.email
               @username = @resource.username
-            when SAFE_MODE
+            when AppSec::Configuration::Settings::ANONYMIZATION_AUTO_USER_INSTRUMENTATION_MODE
               @user_id = nil unless @user_id && @user_id.to_s =~ UUID_REGEX
             else
               Datadog.logger.warn(
-                "Invalid automated user evenst mode: `#{@mode}`. "\
-                              'Supported modes are: `safe` and `extended`.'
+                "Invalid auto_user_instrumentation.mode: `#{@mode}`. " \
+                "Supported modes are: #{AppSec::Configuration::Settings::AUTO_USER_INSTRUMENTATION_MODES.join(' | ')}."
               )
             end
           end

data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require_relative '../configuration'
 require_relative '../tracking'
 require_relative '../resource'
 require_relative '../event'
@@ -14,33 +15,27 @@ module Datadog
             # rubocop:disable Metrics/MethodLength
             def validate(resource, &block)
               result = super
-              return result unless AppSec.enabled?
-              return result if @_datadog_skip_track_login_event
-              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
-              return result unless track_user_events_configuration.enabled
-              automated_track_user_events_mode = track_user_events_configuration.mode
-              appsec_context = Datadog::AppSec.active_context
-              return result unless appsec_context
+              return result unless AppSec.enabled?
+              return result if @_datadog_appsec_skip_track_login_event
+              return result unless Configuration.auto_user_instrumentation_enabled?
+              return result unless AppSec.active_context
               devise_resource = resource ? Resource.new(resource) : nil
-              event_information = Event.new(devise_resource, automated_track_user_events_mode)
+              event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)
               if result
                 if event_information.user_id
-                  Datadog.logger.debug { 'User Login Event success' }
+                  Datadog.logger.debug { 'AppSec: User successful login event' }
                 else
-                  Datadog.logger.debug { 'User Login Event success, but can\'t extract user ID. Tracking empty event' }
+                  Datadog.logger.debug do
+                    "AppSec: User successful login event, but can't extract user ID. Tracking empty event"
+                  end
                 end
                 Tracking.track_login_success(
-                  appsec_context.trace,
-                  appsec_context.span,
+                  AppSec.active_context.trace,
+                  AppSec.active_context.span,
                   user_id: event_information.user_id,
                   **event_information.to_h
                 )
@@ -52,15 +47,15 @@ module Datadog
               if resource
                 user_exists = true
-                Datadog.logger.debug { 'User Login Event failure users exists' }
+                Datadog.logger.debug { 'AppSec: User failed login event, but user exists' }
               else
                 user_exists = false
-                Datadog.logger.debug { 'User Login Event failure user do not exists' }
+                Datadog.logger.debug { 'AppSec: User failed login event and user does not exist' }
               end
               Tracking.track_login_failure(
-                appsec_context.trace,
-                appsec_context.span,
+                AppSec.active_context.trace,
+                AppSec.active_context.span,
                 user_id: event_information.user_id,
                 user_exists: user_exists,
                 **event_information.to_h

data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require_relative '../configuration'
 require_relative '../tracking'
 require_relative '../resource'
 require_relative '../event'
@@ -13,31 +14,23 @@ module Datadog
           module RegistrationControllerPatch
             def create
               return super unless AppSec.enabled?
-              track_user_events_configuration = Datadog.configuration.appsec.track_user_events
-              return super unless track_user_events_configuration.enabled
-              automated_track_user_events_mode = track_user_events_configuration.mode
-              appsec_context = Datadog::AppSec.active_context
-              return super unless appsec_context
+              return super unless Configuration.auto_user_instrumentation_enabled?
+              return super unless AppSec.active_context
               super do |resource|
                 if resource.persisted?
                   devise_resource = Resource.new(resource)
-                  event_information = Event.new(devise_resource, automated_track_user_events_mode)
+                  event_information = Event.new(devise_resource, Configuration.auto_user_instrumentation_mode)
                   if event_information.user_id
-                    Datadog.logger.debug { 'User Signup Event' }
+                    Datadog.logger.debug { 'AppSec: User signup event' }
                   else
-                    Datadog.logger.warn { 'User Signup Event, but can\'t extract user ID. Tracking empty event' }
+                    Datadog.logger.warn { "AppSec: User signup event, but can't extract user ID. Tracking empty event" }
                   end
                   Tracking.track_signup(
-                    appsec_context.trace,
-                    appsec_context.span,
+                    AppSec.active_context.trace,
+                    AppSec.active_context.span,
                     user_id: event_information.user_id,
                     **event_information.to_h
                   )

data/lib/datadog/appsec/contrib/devise/patcher/rememberable_patch.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module Datadog
           # Rememberable strategy as Login Success events.
           module RememberablePatch
             def validate(*args)
-              @_datadog_skip_track_login_event = true
+              @_datadog_appsec_skip_track_login_event = true
               super
             end

data/lib/datadog/appsec/contrib/devise/patcher.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
-require_relative '../patcher'
 require_relative 'patcher/authenticatable_patch'
 require_relative 'patcher/rememberable_patch'
 require_relative 'patcher/registration_controller_patch'
@@ -11,8 +10,6 @@ module Datadog
       module Devise
         # Patcher for AppSec on Devise
         module Patcher
-          include Datadog::AppSec::Contrib::Patcher
           module_function
           def patched?

data/lib/datadog/appsec/contrib/devise/tracking.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Datadog
             return if trace.nil? || span.nil?
             span.set_tag("appsec.events.#{event}.track", 'true')
-            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Datadog.configuration.appsec.track_user_events.mode)
+            span.set_tag("_dd.appsec.events.#{event}.auto.mode", Configuration.track_user_events_mode)
             others.each do |k, v|
               raise ArgumentError, 'key cannot be :track' if k.to_sym == :track

data/lib/datadog/appsec/contrib/excon/integration.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # This class provides helper methods that are used when patching Excon
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('0.50.0')
+          register_as :excon
+          def self.version
+            Gem.loaded_specs['excon'] && Gem.loaded_specs['excon'].version
+          end
+          def self.loaded?
+            !defined?(::Excon).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            false
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/excon/patcher.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # AppSec patcher module for Excon
+        module Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            require_relative 'ssrf_detection_middleware'
+            ::Excon.defaults[:middlewares].insert(0, SSRFDetectionMiddleware)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb ADDED Viewed

@@ -0,0 +1,43 @@
+# rubocop:disable Naming/FileName
+# frozen_string_literal: true
+require 'excon'
+module Datadog
+  module AppSec
+    module Contrib
+      module Excon
+        # AppSec Middleware for Excon
+        class SSRFDetectionMiddleware < ::Excon::Middleware::Base
+          def request_call(data)
+            return super unless AppSec.rasp_enabled? && AppSec.active_context
+            context = AppSec.active_context
+            request_url = URI.join("#{data[:scheme]}://#{data[:host]}", data[:path]).to_s
+            ephemeral_data = { 'server.io.net.url' => request_url }
+            result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
+            if result.match?
+              Datadog::AppSec::Event.tag_and_keep!(context, result)
+              context.events << {
+                waf_result: result,
+                trace: context.trace,
+                span: context.span,
+                request_url: request_url,
+                actions: result.actions
+              }
+              ActionsHandler.handle(result.actions)
+            end
+            super
+          end
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Naming/FileName

data/lib/datadog/appsec/contrib/faraday/connection_patch.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Handles installation of our middleware if the user has *not*
+        # already explicitly configured our middleware for this correction.
+        #
+        # Wraps Faraday::Connection#initialize:
+        # https://github.com/lostisland/faraday/blob/ff9dc1d1219a1bbdba95a9a4cf5d135b97247ee2/lib/faraday/connection.rb#L62-L92
+        module ConnectionPatch
+          def initialize(*args, &block)
+            super.tap do
+              use(:datadog_appsec) unless builder.handlers.any? { |h| h.klass == SSRFDetectionMiddleware }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/integration.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require_relative '../integration'
+require_relative 'patcher'
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # This class provides helper methods that are used when patching Faraday
+        class Integration
+          include Datadog::AppSec::Contrib::Integration
+          MINIMUM_VERSION = Gem::Version.new('0.14.0')
+          register_as :faraday, auto_patch: true
+          def self.version
+            Gem.loaded_specs['faraday'] && Gem.loaded_specs['faraday'].version
+          end
+          def self.loaded?
+            !defined?(::Faraday).nil?
+          end
+          def self.compatible?
+            super && version >= MINIMUM_VERSION
+          end
+          def self.auto_instrument?
+            true
+          end
+          def patcher
+            Patcher
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/patcher.rb ADDED Viewed

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Patcher for Faraday
+        module Patcher
+          module_function
+          def patched?
+            Patcher.instance_variable_get(:@patched)
+          end
+          def target_version
+            Integration.version
+          end
+          def patch
+            require_relative 'ssrf_detection_middleware'
+            require_relative 'connection_patch'
+            require_relative 'rack_builder_patch'
+            ::Faraday::Middleware.register_middleware(datadog_appsec: SSRFDetectionMiddleware)
+            configure_default_faraday_connection
+            Patcher.instance_variable_set(:@patched, true)
+          end
+          def configure_default_faraday_connection
+            if target_version >= Gem::Version.new('1.0.0')
+              # Patch the default connection (e.g. +Faraday.get+)
+              ::Faraday.default_connection.use(:datadog_appsec)
+              # Patch new connection instances (e.g. +Faraday.new+)
+              ::Faraday::Connection.prepend(ConnectionPatch)
+            else
+              # Patch the default connection (e.g. +Faraday.get+)
+              #
+              # We insert our middleware before the 'adapter', which is
+              # always the last handler.
+              idx = ::Faraday.default_connection.builder.handlers.size - 1
+              ::Faraday.default_connection.builder.insert(idx, SSRFDetectionMiddleware)
+              # Patch new connection instances (e.g. +Faraday.new+)
+              ::Faraday::RackBuilder.prepend(RackBuilderPatch)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/rack_builder_patch.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # Handles installation of our middleware if the user has *not*
+        # already explicitly configured it for this correction.
+        #
+        # RackBuilder class was introduced in faraday 0.9.0:
+        # https://github.com/lostisland/faraday/commit/77d7546d6d626b91086f427c56bc2cdd951353b3
+        module RackBuilderPatch
+          def adapter(*args)
+            use(:datadog_appsec) unless @handlers.any? { |h| h.klass == SSRFDetectionMiddleware }
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# rubocop:disable Naming/FileName
+# frozen_string_literal: true
+module Datadog
+  module AppSec
+    module Contrib
+      module Faraday
+        # AppSec SSRF detection Middleware for Faraday
+        class SSRFDetectionMiddleware < ::Faraday::Middleware
+          def call(request_env)
+            context = AppSec.active_context
+            return @app.call(request_env) unless context && AppSec.rasp_enabled?
+            ephemeral_data = {
+              'server.io.net.url' => request_env.url.to_s
+            }
+            result = context.run_rasp(Ext::RASP_SSRF, {}, ephemeral_data, Datadog.configuration.appsec.waf_timeout)
+            if result.match?
+              Datadog::AppSec::Event.tag_and_keep!(context, result)
+              context.events << {
+                waf_result: result,
+                trace: context.trace,
+                span: context.span,
+                request_url: request_env.url,
+                actions: result.actions
+              }
+              ActionsHandler.handle(result.actions)
+            end
+            @app.call(request_env)
+          end
+        end
+      end
+    end
+  end
+end
+# rubocop:enable Naming/FileName