datadog 2.12.0 → 2.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +348 -1
- data/README.md +0 -1
- data/ext/LIBDATADOG_DEVELOPMENT.md +60 -0
- data/ext/datadog_profiling_native_extension/collectors_cpu_and_wall_time_worker.c +63 -56
- data/ext/datadog_profiling_native_extension/collectors_discrete_dynamic_sampler.c +1 -1
- data/ext/datadog_profiling_native_extension/collectors_stack.c +263 -76
- data/ext/datadog_profiling_native_extension/collectors_stack.h +20 -3
- data/ext/datadog_profiling_native_extension/collectors_thread_context.c +78 -26
- data/ext/datadog_profiling_native_extension/collectors_thread_context.h +1 -0
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.c +1 -4
- data/ext/datadog_profiling_native_extension/datadog_ruby_common.h +10 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.c +79 -0
- data/ext/datadog_profiling_native_extension/encoded_profile.h +8 -0
- data/ext/datadog_profiling_native_extension/extconf.rb +10 -0
- data/ext/datadog_profiling_native_extension/heap_recorder.c +247 -364
- data/ext/datadog_profiling_native_extension/heap_recorder.h +4 -6
- data/ext/datadog_profiling_native_extension/http_transport.c +60 -94
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.c +22 -0
- data/ext/datadog_profiling_native_extension/libdatadog_helpers.h +8 -5
- data/ext/datadog_profiling_native_extension/private_vm_api_access.c +41 -21
- data/ext/datadog_profiling_native_extension/private_vm_api_access.h +6 -4
- data/ext/datadog_profiling_native_extension/profiling.c +2 -0
- data/ext/datadog_profiling_native_extension/ruby_helpers.c +1 -13
- data/ext/datadog_profiling_native_extension/ruby_helpers.h +3 -11
- data/ext/datadog_profiling_native_extension/stack_recorder.c +173 -76
- data/ext/libdatadog_api/crashtracker.c +11 -12
- data/ext/libdatadog_api/crashtracker.h +5 -0
- data/ext/libdatadog_api/datadog_ruby_common.c +1 -4
- data/ext/libdatadog_api/datadog_ruby_common.h +10 -0
- data/ext/libdatadog_api/ddsketch.c +106 -0
- data/ext/libdatadog_api/extconf.rb +5 -3
- data/ext/libdatadog_api/init.c +18 -0
- data/ext/libdatadog_api/library_config.c +172 -0
- data/ext/libdatadog_api/library_config.h +25 -0
- data/ext/libdatadog_api/process_discovery.c +118 -0
- data/ext/libdatadog_api/process_discovery.h +5 -0
- data/ext/libdatadog_extconf_helpers.rb +15 -5
- data/lib/datadog/appsec/actions_handler/serializable_backtrace.rb +89 -0
- data/lib/datadog/appsec/actions_handler.rb +24 -2
- data/lib/datadog/appsec/anonymizer.rb +16 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/grape_route_serializer.rb +26 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/rails_collector.rb +59 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/rails_route_serializer.rb +29 -0
- data/lib/datadog/appsec/api_security/endpoint_collection/sinatra_route_serializer.rb +26 -0
- data/lib/datadog/appsec/api_security/endpoint_collection.rb +10 -0
- data/lib/datadog/appsec/api_security/lru_cache.rb +56 -0
- data/lib/datadog/appsec/api_security/route_extractor.rb +75 -0
- data/lib/datadog/appsec/api_security/sampler.rb +59 -0
- data/lib/datadog/appsec/api_security.rb +23 -0
- data/lib/datadog/appsec/assets/waf_rules/README.md +44 -5
- data/lib/datadog/appsec/assets/waf_rules/recommended.json +601 -74
- data/lib/datadog/appsec/assets/waf_rules/strict.json +48 -75
- data/lib/datadog/appsec/autoload.rb +2 -2
- data/lib/datadog/appsec/component.rb +46 -71
- data/lib/datadog/appsec/compressed_json.rb +40 -0
- data/lib/datadog/appsec/configuration/settings.rb +162 -30
- data/lib/datadog/appsec/context.rb +30 -7
- data/lib/datadog/appsec/contrib/active_record/instrumentation.rb +35 -18
- data/lib/datadog/appsec/contrib/active_record/integration.rb +2 -2
- data/lib/datadog/appsec/contrib/active_record/patcher.rb +62 -11
- data/lib/datadog/appsec/contrib/auto_instrument.rb +1 -1
- data/lib/datadog/appsec/contrib/devise/configuration.rb +7 -31
- data/lib/datadog/appsec/contrib/devise/data_extractor.rb +78 -0
- data/lib/datadog/appsec/contrib/devise/ext.rb +22 -0
- data/lib/datadog/appsec/contrib/devise/integration.rb +1 -2
- data/lib/datadog/appsec/contrib/devise/patcher.rb +34 -23
- data/lib/datadog/appsec/contrib/devise/patches/signin_tracking_patch.rb +103 -0
- data/lib/datadog/appsec/contrib/devise/patches/signup_tracking_patch.rb +70 -0
- data/lib/datadog/appsec/contrib/devise/{patcher/rememberable_patch.rb → patches/skip_signin_tracking_patch.rb} +2 -2
- data/lib/datadog/appsec/contrib/devise/tracking_middleware.rb +106 -0
- data/lib/datadog/appsec/contrib/excon/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/excon/ssrf_detection_middleware.rb +11 -12
- data/lib/datadog/appsec/contrib/faraday/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/faraday/ssrf_detection_middleware.rb +10 -10
- data/lib/datadog/appsec/contrib/graphql/gateway/watcher.rb +10 -9
- data/lib/datadog/appsec/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/ext.rb +34 -0
- data/lib/datadog/appsec/contrib/rack/gateway/watcher.rb +53 -31
- data/lib/datadog/appsec/contrib/rack/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rack/request_middleware.rb +52 -44
- data/lib/datadog/appsec/contrib/rails/gateway/watcher.rb +35 -11
- data/lib/datadog/appsec/contrib/rails/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rails/patcher.rb +65 -47
- data/lib/datadog/appsec/contrib/rails/patches/process_action_patch.rb +27 -0
- data/lib/datadog/appsec/contrib/rails/patches/render_to_body_patch.rb +33 -0
- data/lib/datadog/appsec/contrib/rest_client/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/rest_client/request_ssrf_detection_patch.rb +12 -12
- data/lib/datadog/appsec/contrib/sinatra/gateway/watcher.rb +45 -22
- data/lib/datadog/appsec/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/appsec/contrib/sinatra/patcher.rb +8 -18
- data/lib/datadog/appsec/contrib/sinatra/patches/json_patch.rb +31 -0
- data/lib/datadog/appsec/event.rb +91 -147
- data/lib/datadog/appsec/ext.rb +4 -2
- data/lib/datadog/appsec/instrumentation/gateway/argument.rb +23 -2
- data/lib/datadog/appsec/instrumentation/gateway/middleware.rb +24 -0
- data/lib/datadog/appsec/instrumentation/gateway.rb +17 -22
- data/lib/datadog/appsec/metrics/collector.rb +23 -3
- data/lib/datadog/appsec/metrics/telemetry.rb +2 -2
- data/lib/datadog/appsec/metrics/telemetry_exporter.rb +29 -0
- data/lib/datadog/appsec/metrics.rb +1 -0
- data/lib/datadog/appsec/monitor/gateway/watcher.rb +49 -14
- data/lib/datadog/appsec/processor/rule_loader.rb +30 -33
- data/lib/datadog/appsec/remote.rb +43 -59
- data/lib/datadog/appsec/response.rb +6 -6
- data/lib/datadog/appsec/security_engine/engine.rb +176 -0
- data/lib/datadog/appsec/security_engine/result.rb +44 -9
- data/lib/datadog/appsec/security_engine/runner.rb +44 -21
- data/lib/datadog/appsec/security_event.rb +37 -0
- data/lib/datadog/appsec/thread_safe_ref.rb +61 -0
- data/lib/datadog/appsec/trace_keeper.rb +24 -0
- data/lib/datadog/appsec/utils/hash_coercion.rb +23 -0
- data/lib/datadog/appsec/utils.rb +0 -2
- data/lib/datadog/appsec.rb +5 -15
- data/lib/datadog/auto_instrument_base.rb +2 -1
- data/lib/datadog/core/buffer/random.rb +18 -2
- data/lib/datadog/core/configuration/agent_settings.rb +52 -0
- data/lib/datadog/core/configuration/agent_settings_resolver.rb +8 -50
- data/lib/datadog/core/configuration/agentless_settings_resolver.rb +176 -0
- data/lib/datadog/core/configuration/components.rb +69 -37
- data/lib/datadog/core/configuration/components_state.rb +23 -0
- data/lib/datadog/core/configuration/config_helper.rb +100 -0
- data/lib/datadog/core/configuration/deprecations.rb +36 -0
- data/lib/datadog/core/configuration/ext.rb +4 -1
- data/lib/datadog/core/configuration/option.rb +117 -77
- data/lib/datadog/core/configuration/option_definition.rb +5 -14
- data/lib/datadog/core/configuration/options.rb +15 -13
- data/lib/datadog/core/configuration/settings.rb +117 -48
- data/lib/datadog/core/configuration/stable_config.rb +32 -0
- data/lib/datadog/core/configuration/supported_configurations.rb +337 -0
- data/lib/datadog/core/configuration.rb +40 -16
- data/lib/datadog/core/crashtracking/component.rb +3 -10
- data/lib/datadog/core/crashtracking/tag_builder.rb +4 -22
- data/lib/datadog/core/ddsketch.rb +21 -0
- data/lib/datadog/core/deprecations.rb +2 -2
- data/lib/datadog/core/diagnostics/environment_logger.rb +1 -1
- data/lib/datadog/core/encoding.rb +1 -1
- data/lib/datadog/core/environment/agent_info.rb +4 -3
- data/lib/datadog/core/environment/cgroup.rb +10 -12
- data/lib/datadog/core/environment/container.rb +38 -40
- data/lib/datadog/core/environment/ext.rb +6 -8
- data/lib/datadog/core/environment/git.rb +3 -2
- data/lib/datadog/core/environment/identity.rb +3 -3
- data/lib/datadog/core/environment/platform.rb +3 -3
- data/lib/datadog/core/environment/variable_helpers.rb +4 -4
- data/lib/datadog/core/environment/yjit.rb +2 -1
- data/lib/datadog/core/error.rb +11 -9
- data/lib/datadog/core/logger.rb +2 -2
- data/lib/datadog/core/metrics/client.rb +29 -29
- data/lib/datadog/core/metrics/logging.rb +5 -5
- data/lib/datadog/core/pin.rb +4 -8
- data/lib/datadog/core/process_discovery/tracer_memfd.rb +13 -0
- data/lib/datadog/core/process_discovery.rb +61 -0
- data/lib/datadog/core/rate_limiter.rb +4 -2
- data/lib/datadog/core/remote/client.rb +44 -35
- data/lib/datadog/core/remote/component.rb +12 -17
- data/lib/datadog/core/remote/configuration/digest.rb +7 -7
- data/lib/datadog/core/remote/configuration/path.rb +1 -1
- data/lib/datadog/core/remote/configuration/repository.rb +14 -1
- data/lib/datadog/core/remote/negotiation.rb +9 -9
- data/lib/datadog/core/remote/transport/config.rb +4 -3
- data/lib/datadog/core/remote/transport/http/client.rb +5 -4
- data/lib/datadog/core/remote/transport/http/config.rb +27 -37
- data/lib/datadog/core/remote/transport/http/negotiation.rb +7 -33
- data/lib/datadog/core/remote/transport/http.rb +25 -89
- data/lib/datadog/core/remote/transport/negotiation.rb +4 -3
- data/lib/datadog/core/runtime/ext.rb +0 -1
- data/lib/datadog/core/runtime/metrics.rb +12 -5
- data/lib/datadog/core/tag_builder.rb +56 -0
- data/lib/datadog/core/telemetry/component.rb +92 -52
- data/lib/datadog/core/telemetry/emitter.rb +23 -11
- data/lib/datadog/core/telemetry/event/app_client_configuration_change.rb +66 -0
- data/lib/datadog/core/telemetry/event/app_closing.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_dependencies_loaded.rb +33 -0
- data/lib/datadog/core/telemetry/event/app_endpoints_loaded.rb +30 -0
- data/lib/datadog/core/telemetry/event/app_heartbeat.rb +18 -0
- data/lib/datadog/core/telemetry/event/app_integrations_change.rb +58 -0
- data/lib/datadog/core/telemetry/event/app_started.rb +287 -0
- data/lib/datadog/core/telemetry/event/base.rb +40 -0
- data/lib/datadog/core/telemetry/event/distributions.rb +18 -0
- data/lib/datadog/core/telemetry/event/generate_metrics.rb +43 -0
- data/lib/datadog/core/telemetry/event/log.rb +76 -0
- data/lib/datadog/core/telemetry/event/message_batch.rb +42 -0
- data/lib/datadog/core/telemetry/event/synth_app_client_configuration_change.rb +43 -0
- data/lib/datadog/core/telemetry/event.rb +18 -472
- data/lib/datadog/core/telemetry/http/adapters/net.rb +12 -97
- data/lib/datadog/core/telemetry/logger.rb +5 -4
- data/lib/datadog/core/telemetry/logging.rb +11 -5
- data/lib/datadog/core/telemetry/metric.rb +8 -8
- data/lib/datadog/core/telemetry/request.rb +4 -4
- data/lib/datadog/core/telemetry/transport/http/api.rb +43 -0
- data/lib/datadog/core/telemetry/transport/http/client.rb +49 -0
- data/lib/datadog/core/telemetry/transport/http/telemetry.rb +92 -0
- data/lib/datadog/core/telemetry/transport/http.rb +63 -0
- data/lib/datadog/core/telemetry/transport/telemetry.rb +51 -0
- data/lib/datadog/core/telemetry/worker.rb +90 -24
- data/lib/datadog/core/transport/http/adapters/net.rb +17 -2
- data/lib/datadog/core/transport/http/adapters/test.rb +2 -1
- data/lib/datadog/core/transport/http/api/instance.rb +17 -0
- data/lib/datadog/core/transport/http/api/spec.rb +17 -0
- data/lib/datadog/core/transport/http/builder.rb +19 -17
- data/lib/datadog/core/transport/http/env.rb +8 -0
- data/lib/datadog/core/transport/http.rb +75 -0
- data/lib/datadog/core/transport/response.rb +4 -1
- data/lib/datadog/core/utils/at_fork_monkey_patch.rb +6 -6
- data/lib/datadog/core/utils/duration.rb +32 -32
- data/lib/datadog/core/utils/forking.rb +2 -2
- data/lib/datadog/core/utils/network.rb +25 -6
- data/lib/datadog/core/utils/only_once_successful.rb +16 -5
- data/lib/datadog/core/utils/time.rb +20 -0
- data/lib/datadog/core/utils/truncation.rb +21 -0
- data/lib/datadog/core/utils.rb +7 -0
- data/lib/datadog/core/vendor/multipart-post/multipart/post/composite_read_io.rb +1 -1
- data/lib/datadog/core/vendor/multipart-post/multipart/post/multipartable.rb +8 -8
- data/lib/datadog/core/vendor/multipart-post/multipart/post/parts.rb +7 -7
- data/lib/datadog/core/worker.rb +1 -1
- data/lib/datadog/core/workers/async.rb +29 -12
- data/lib/datadog/core/workers/interval_loop.rb +12 -1
- data/lib/datadog/core/workers/runtime_metrics.rb +2 -2
- data/lib/datadog/core.rb +10 -0
- data/lib/datadog/di/boot.rb +43 -0
- data/lib/datadog/di/component.rb +21 -2
- data/lib/datadog/di/context.rb +70 -0
- data/lib/datadog/di/el/compiler.rb +164 -0
- data/lib/datadog/di/el/evaluator.rb +159 -0
- data/lib/datadog/di/el/expression.rb +42 -0
- data/lib/datadog/di/el.rb +5 -0
- data/lib/datadog/di/error.rb +25 -0
- data/lib/datadog/di/instrumenter.rb +132 -20
- data/lib/datadog/di/probe.rb +35 -15
- data/lib/datadog/di/probe_builder.rb +39 -1
- data/lib/datadog/di/probe_file_loader/railtie.rb +15 -0
- data/lib/datadog/di/probe_file_loader.rb +82 -0
- data/lib/datadog/di/probe_manager.rb +3 -2
- data/lib/datadog/di/probe_notification_builder.rb +61 -67
- data/lib/datadog/di/probe_notifier_worker.rb +25 -17
- data/lib/datadog/di/remote.rb +5 -5
- data/lib/datadog/di/serializer.rb +160 -8
- data/lib/datadog/di/transport/diagnostics.rb +4 -3
- data/lib/datadog/di/transport/http/api.rb +2 -12
- data/lib/datadog/di/transport/http/client.rb +4 -3
- data/lib/datadog/di/transport/http/diagnostics.rb +7 -34
- data/lib/datadog/di/transport/http/input.rb +18 -35
- data/lib/datadog/di/transport/http.rb +15 -77
- data/lib/datadog/di/transport/input.rb +14 -5
- data/lib/datadog/di/utils.rb +5 -0
- data/lib/datadog/di.rb +0 -34
- data/lib/datadog/error_tracking/collector.rb +87 -0
- data/lib/datadog/error_tracking/component.rb +167 -0
- data/lib/datadog/error_tracking/configuration/settings.rb +63 -0
- data/lib/datadog/error_tracking/configuration.rb +11 -0
- data/lib/datadog/error_tracking/ext.rb +18 -0
- data/lib/datadog/error_tracking/extensions.rb +16 -0
- data/lib/datadog/error_tracking/filters.rb +77 -0
- data/lib/datadog/error_tracking.rb +18 -0
- data/lib/datadog/kit/appsec/events/v2.rb +196 -0
- data/lib/datadog/kit/appsec/events.rb +17 -4
- data/lib/datadog/kit/identity.rb +22 -12
- data/lib/datadog/opentelemetry/api/baggage.rb +90 -0
- data/lib/datadog/opentelemetry/api/baggage.rbs +26 -0
- data/lib/datadog/opentelemetry/api/context.rb +21 -6
- data/lib/datadog/opentelemetry/sdk/configurator.rb +1 -1
- data/lib/datadog/opentelemetry/sdk/propagator.rb +4 -4
- data/lib/datadog/opentelemetry/sdk/span_processor.rb +8 -8
- data/lib/datadog/opentelemetry/sdk/trace/span.rb +15 -11
- data/lib/datadog/opentelemetry/trace.rb +4 -4
- data/lib/datadog/opentelemetry.rb +2 -1
- data/lib/datadog/profiling/collectors/code_provenance.rb +18 -9
- data/lib/datadog/profiling/collectors/cpu_and_wall_time_worker.rb +6 -0
- data/lib/datadog/profiling/collectors/idle_sampling_helper.rb +1 -0
- data/lib/datadog/profiling/collectors/info.rb +44 -0
- data/lib/datadog/profiling/collectors/thread_context.rb +17 -2
- data/lib/datadog/profiling/component.rb +8 -9
- data/lib/datadog/profiling/encoded_profile.rb +11 -0
- data/lib/datadog/profiling/exporter.rb +12 -7
- data/lib/datadog/profiling/ext.rb +2 -15
- data/lib/datadog/profiling/flush.rb +5 -8
- data/lib/datadog/profiling/http_transport.rb +8 -62
- data/lib/datadog/profiling/profiler.rb +2 -0
- data/lib/datadog/profiling/scheduler.rb +10 -2
- data/lib/datadog/profiling/sequence_tracker.rb +44 -0
- data/lib/datadog/profiling/stack_recorder.rb +9 -9
- data/lib/datadog/profiling/tag_builder.rb +7 -41
- data/lib/datadog/profiling/tasks/exec.rb +2 -2
- data/lib/datadog/profiling/tasks/setup.rb +2 -0
- data/lib/datadog/profiling.rb +13 -10
- data/lib/datadog/single_step_instrument.rb +9 -0
- data/lib/datadog/tracing/analytics.rb +1 -1
- data/lib/datadog/tracing/buffer.rb +7 -7
- data/lib/datadog/tracing/component.rb +21 -29
- data/lib/datadog/tracing/configuration/dynamic.rb +6 -8
- data/lib/datadog/tracing/configuration/ext.rb +8 -4
- data/lib/datadog/tracing/configuration/settings.rb +50 -12
- data/lib/datadog/tracing/context.rb +2 -2
- data/lib/datadog/tracing/context_provider.rb +1 -1
- data/lib/datadog/tracing/contrib/action_cable/event.rb +1 -1
- data/lib/datadog/tracing/contrib/action_cable/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_mailer/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_pack/action_controller/instrumentation.rb +19 -4
- data/lib/datadog/tracing/contrib/action_pack/action_dispatch/instrumentation.rb +19 -12
- data/lib/datadog/tracing/contrib/action_pack/ext.rb +2 -0
- data/lib/datadog/tracing/contrib/action_pack/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/action_view/events/render_template.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/event.rb +8 -8
- data/lib/datadog/tracing/contrib/active_job/events/discard.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_at.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/enqueue_retry.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/perform.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/events/retry_stopped.rb +1 -1
- data/lib/datadog/tracing/contrib/active_job/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/render.rb +1 -1
- data/lib/datadog/tracing/contrib/active_model_serializers/events/serialize.rb +3 -3
- data/lib/datadog/tracing/contrib/active_model_serializers/integration.rb +1 -2
- data/lib/datadog/tracing/contrib/active_record/configuration/resolver.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/instantiation.rb +1 -1
- data/lib/datadog/tracing/contrib/active_record/events/sql.rb +5 -5
- data/lib/datadog/tracing/contrib/active_record/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/active_record/utils.rb +15 -15
- data/lib/datadog/tracing/contrib/active_support/cache/events/cache.rb +17 -8
- data/lib/datadog/tracing/contrib/active_support/cache/instrumentation.rb +33 -0
- data/lib/datadog/tracing/contrib/active_support/cache/patcher.rb +4 -0
- data/lib/datadog/tracing/contrib/active_support/cache/redis.rb +2 -4
- data/lib/datadog/tracing/contrib/active_support/configuration/settings.rb +13 -0
- data/lib/datadog/tracing/contrib/active_support/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/event.rb +2 -1
- data/lib/datadog/tracing/contrib/active_support/notifications/subscription.rb +7 -9
- data/lib/datadog/tracing/contrib/aws/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/instrumentation.rb +12 -2
- data/lib/datadog/tracing/contrib/aws/parsed_context.rb +8 -2
- data/lib/datadog/tracing/contrib/aws/patcher.rb +5 -1
- data/lib/datadog/tracing/contrib/aws/service/base.rb +2 -1
- data/lib/datadog/tracing/contrib/aws/service/dynamodb.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/eventbridge.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/kinesis.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/s3.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/sns.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/sqs.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/service/states.rb +1 -1
- data/lib/datadog/tracing/contrib/aws/services.rb +7 -7
- data/lib/datadog/tracing/contrib/component.rb +2 -2
- data/lib/datadog/tracing/contrib/concurrent_ruby/async_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/context_composite_executor_service.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/future_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/concurrent_ruby/promises_future_patch.rb +1 -1
- data/lib/datadog/tracing/contrib/configurable.rb +6 -6
- data/lib/datadog/tracing/contrib/configuration/resolvers/pattern_resolver.rb +4 -4
- data/lib/datadog/tracing/contrib/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/dalli/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/dalli/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/delayed_job/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/elasticsearch/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/elasticsearch/integration.rb +4 -4
- data/lib/datadog/tracing/contrib/elasticsearch/patcher.rb +51 -53
- data/lib/datadog/tracing/contrib/elasticsearch/quantize.rb +5 -5
- data/lib/datadog/tracing/contrib/ethon/easy_patch.rb +6 -7
- data/lib/datadog/tracing/contrib/ethon/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/ethon/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/excon/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/excon/middleware.rb +7 -5
- data/lib/datadog/tracing/contrib/ext.rb +4 -3
- data/lib/datadog/tracing/contrib/extensions.rb +9 -9
- data/lib/datadog/tracing/contrib/faraday/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/faraday/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/faraday/middleware.rb +9 -5
- data/lib/datadog/tracing/contrib/grape/endpoint.rb +8 -8
- data/lib/datadog/tracing/contrib/grape/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/graphql/configuration/settings.rb +7 -0
- data/lib/datadog/tracing/contrib/graphql/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/graphql/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/graphql/patcher.rb +2 -2
- data/lib/datadog/tracing/contrib/graphql/unified_trace.rb +84 -48
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/client.rb +15 -9
- data/lib/datadog/tracing/contrib/grpc/datadog_interceptor/server.rb +3 -3
- data/lib/datadog/tracing/contrib/grpc/distributed/fetcher.rb +1 -1
- data/lib/datadog/tracing/contrib/grpc/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/grpc/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/ext.rb +2 -2
- data/lib/datadog/tracing/contrib/hanami/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/renderer_policy_tracing.rb +1 -1
- data/lib/datadog/tracing/contrib/hanami/router_tracing.rb +9 -11
- data/lib/datadog/tracing/contrib/http/circuit_breaker.rb +0 -15
- data/lib/datadog/tracing/contrib/http/distributed/fetcher.rb +4 -4
- data/lib/datadog/tracing/contrib/http/distributed/propagation.rb +4 -1
- data/lib/datadog/tracing/contrib/http/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/http/instrumentation.rb +11 -15
- data/lib/datadog/tracing/contrib/httpclient/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/httpclient/instrumentation.rb +9 -19
- data/lib/datadog/tracing/contrib/httpclient/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/httprb/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/httprb/instrumentation.rb +11 -19
- data/lib/datadog/tracing/contrib/httprb/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/event.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/connection/request.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer/process_batch.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer/process_message.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/heartbeat.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/join_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/leave_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/consumer_group/sync_group.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/produce_operation/send_messages.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/events/producer/deliver_messages.rb +1 -1
- data/lib/datadog/tracing/contrib/kafka/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/karafka/configuration/settings.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/distributed/propagation.rb +48 -0
- data/lib/datadog/tracing/contrib/karafka/ext.rb +27 -0
- data/lib/datadog/tracing/contrib/karafka/integration.rb +45 -0
- data/lib/datadog/tracing/contrib/karafka/monitor.rb +66 -0
- data/lib/datadog/tracing/contrib/karafka/patcher.rb +71 -0
- data/lib/datadog/tracing/contrib/karafka.rb +37 -0
- data/lib/datadog/tracing/contrib/lograge/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/lograge/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/lograge/patcher.rb +4 -2
- data/lib/datadog/tracing/contrib/mongodb/configuration/settings.rb +9 -1
- data/lib/datadog/tracing/contrib/mongodb/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/mongodb/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/parsers.rb +1 -1
- data/lib/datadog/tracing/contrib/mongodb/subscribers.rb +23 -6
- data/lib/datadog/tracing/contrib/mysql2/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/mysql2/instrumentation.rb +16 -6
- data/lib/datadog/tracing/contrib/mysql2/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/opensearch/configuration/settings.rb +17 -0
- data/lib/datadog/tracing/contrib/opensearch/ext.rb +12 -2
- data/lib/datadog/tracing/contrib/opensearch/integration.rb +1 -2
- data/lib/datadog/tracing/contrib/opensearch/patcher.rb +68 -66
- data/lib/datadog/tracing/contrib/opensearch/quantize.rb +5 -5
- data/lib/datadog/tracing/contrib/patcher.rb +12 -11
- data/lib/datadog/tracing/contrib/pg/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/presto/instrumentation.rb +3 -3
- data/lib/datadog/tracing/contrib/presto/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/propagation/sql_comment/comment.rb +1 -1
- data/lib/datadog/tracing/contrib/propagation/sql_comment.rb +1 -1
- data/lib/datadog/tracing/contrib/que/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/event.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/events/batch.rb +2 -2
- data/lib/datadog/tracing/contrib/racecar/events/consume.rb +1 -1
- data/lib/datadog/tracing/contrib/racecar/events/message.rb +2 -2
- data/lib/datadog/tracing/contrib/racecar/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/header_collection.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/header_tagging.rb +32 -32
- data/lib/datadog/tracing/contrib/rack/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/middlewares.rb +21 -17
- data/lib/datadog/tracing/contrib/rack/patcher.rb +1 -1
- data/lib/datadog/tracing/contrib/rack/request_queue.rb +4 -3
- data/lib/datadog/tracing/contrib/rack/trace_proxy_middleware.rb +7 -1
- data/lib/datadog/tracing/contrib/rails/configuration/settings.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/ext.rb +2 -1
- data/lib/datadog/tracing/contrib/rails/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/rails/log_injection.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/middlewares.rb +1 -1
- data/lib/datadog/tracing/contrib/rails/patcher.rb +4 -1
- data/lib/datadog/tracing/contrib/rails/runner.rb +62 -40
- data/lib/datadog/tracing/contrib/rake/instrumentation.rb +4 -4
- data/lib/datadog/tracing/contrib/rake/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/configuration/resolver.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/redis/integration.rb +2 -2
- data/lib/datadog/tracing/contrib/redis/patcher.rb +4 -4
- data/lib/datadog/tracing/contrib/redis/quantize.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/tags.rb +1 -1
- data/lib/datadog/tracing/contrib/redis/trace_middleware.rb +4 -4
- data/lib/datadog/tracing/contrib/registry.rb +1 -1
- data/lib/datadog/tracing/contrib/resque/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/resque/resque_job.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/ext.rb +3 -2
- data/lib/datadog/tracing/contrib/rest_client/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/rest_client/request_patch.rb +8 -6
- data/lib/datadog/tracing/contrib/roda/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/roda/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/semantic_logger/instrumentation.rb +1 -1
- data/lib/datadog/tracing/contrib/semantic_logger/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/database.rb +5 -5
- data/lib/datadog/tracing/contrib/sequel/dataset.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sequel/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/shoryuken/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/client_tracer.rb +6 -1
- data/lib/datadog/tracing/contrib/sidekiq/distributed/propagation.rb +3 -0
- data/lib/datadog/tracing/contrib/sidekiq/ext.rb +1 -0
- data/lib/datadog/tracing/contrib/sidekiq/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sidekiq/server_tracer.rb +5 -2
- data/lib/datadog/tracing/contrib/sidekiq/utils.rb +1 -1
- data/lib/datadog/tracing/contrib/sinatra/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/sinatra/tracer_middleware.rb +38 -40
- data/lib/datadog/tracing/contrib/sneakers/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/span_attribute_schema.rb +1 -1
- data/lib/datadog/tracing/contrib/stripe/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/stripe/request.rb +1 -1
- data/lib/datadog/tracing/contrib/sucker_punch/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/support.rb +28 -0
- data/lib/datadog/tracing/contrib/trilogy/ext.rb +1 -1
- data/lib/datadog/tracing/contrib/trilogy/integration.rb +1 -1
- data/lib/datadog/tracing/contrib/utils/quantization/hash.rb +11 -11
- data/lib/datadog/tracing/contrib/utils/quantization/http.rb +6 -6
- data/lib/datadog/tracing/contrib.rb +1 -0
- data/lib/datadog/tracing/correlation.rb +9 -2
- data/lib/datadog/tracing/diagnostics/environment_logger.rb +8 -2
- data/lib/datadog/tracing/distributed/b3_multi.rb +1 -1
- data/lib/datadog/tracing/distributed/b3_single.rb +2 -2
- data/lib/datadog/tracing/distributed/baggage.rb +196 -0
- data/lib/datadog/tracing/distributed/datadog.rb +8 -7
- data/lib/datadog/tracing/distributed/datadog_tags_codec.rb +11 -13
- data/lib/datadog/tracing/distributed/helpers.rb +1 -1
- data/lib/datadog/tracing/distributed/none.rb +4 -2
- data/lib/datadog/tracing/distributed/propagation.rb +28 -4
- data/lib/datadog/tracing/distributed/propagation_policy.rb +42 -0
- data/lib/datadog/tracing/distributed/trace_context.rb +22 -16
- data/lib/datadog/tracing/event.rb +5 -7
- data/lib/datadog/tracing/flush.rb +1 -1
- data/lib/datadog/tracing/metadata/analytics.rb +1 -1
- data/lib/datadog/tracing/metadata/errors.rb +4 -4
- data/lib/datadog/tracing/metadata/ext.rb +13 -0
- data/lib/datadog/tracing/metadata/metastruct.rb +36 -0
- data/lib/datadog/tracing/metadata/metastruct_tagging.rb +42 -0
- data/lib/datadog/tracing/metadata/tagging.rb +4 -4
- data/lib/datadog/tracing/metadata.rb +2 -0
- data/lib/datadog/tracing/pipeline/span_filter.rb +3 -1
- data/lib/datadog/tracing/pipeline/span_processor.rb +3 -1
- data/lib/datadog/tracing/pipeline.rb +1 -1
- data/lib/datadog/tracing/sampling/ext.rb +0 -2
- data/lib/datadog/tracing/sampling/rate_sampler.rb +2 -1
- data/lib/datadog/tracing/sampling/rule_sampler.rb +30 -30
- data/lib/datadog/tracing/sampling/span/rule.rb +0 -1
- data/lib/datadog/tracing/sampling/span/rule_parser.rb +1 -1
- data/lib/datadog/tracing/sampling/span/sampler.rb +0 -7
- data/lib/datadog/tracing/span.rb +11 -2
- data/lib/datadog/tracing/span_event.rb +11 -11
- data/lib/datadog/tracing/span_link.rb +12 -12
- data/lib/datadog/tracing/span_operation.rb +76 -26
- data/lib/datadog/tracing/sync_writer.rb +5 -4
- data/lib/datadog/tracing/trace_digest.rb +29 -24
- data/lib/datadog/tracing/trace_operation.rb +121 -97
- data/lib/datadog/tracing/trace_segment.rb +8 -6
- data/lib/datadog/tracing/tracer.rb +90 -43
- data/lib/datadog/tracing/transport/http/api.rb +2 -10
- data/lib/datadog/tracing/transport/http/client.rb +6 -5
- data/lib/datadog/tracing/transport/http/traces.rb +15 -43
- data/lib/datadog/tracing/transport/http.rb +13 -75
- data/lib/datadog/tracing/transport/io/client.rb +5 -5
- data/lib/datadog/tracing/transport/io/traces.rb +4 -4
- data/lib/datadog/tracing/transport/serializable_trace.rb +3 -1
- data/lib/datadog/tracing/transport/statistics.rb +1 -1
- data/lib/datadog/tracing/transport/trace_formatter.rb +7 -0
- data/lib/datadog/tracing/transport/traces.rb +31 -14
- data/lib/datadog/tracing/utils.rb +1 -1
- data/lib/datadog/tracing/workers/trace_writer.rb +16 -16
- data/lib/datadog/tracing/workers.rb +2 -2
- data/lib/datadog/tracing/writer.rb +4 -4
- data/lib/datadog/tracing.rb +16 -3
- data/lib/datadog/version.rb +1 -1
- data/lib/datadog.rb +8 -2
- metadata +115 -24
- data/ext/libdatadog_api/macos_development.md +0 -26
- data/lib/datadog/appsec/assets/waf_rules/processors.json +0 -92
- data/lib/datadog/appsec/assets/waf_rules/scanners.json +0 -114
- data/lib/datadog/appsec/contrib/devise/event.rb +0 -54
- data/lib/datadog/appsec/contrib/devise/patcher/authenticatable_patch.rb +0 -72
- data/lib/datadog/appsec/contrib/devise/patcher/registration_controller_patch.rb +0 -47
- data/lib/datadog/appsec/contrib/devise/resource.rb +0 -35
- data/lib/datadog/appsec/contrib/devise/tracking.rb +0 -57
- data/lib/datadog/appsec/processor/rule_merger.rb +0 -170
- data/lib/datadog/appsec/processor.rb +0 -107
- data/lib/datadog/appsec/utils/trace_operation.rb +0 -15
- data/lib/datadog/core/telemetry/http/env.rb +0 -20
- data/lib/datadog/core/telemetry/http/ext.rb +0 -28
- data/lib/datadog/core/telemetry/http/response.rb +0 -70
- data/lib/datadog/core/telemetry/http/transport.rb +0 -90
|
@@ -6,6 +6,40 @@ module Datadog
|
|
|
6
6
|
module Rack
|
|
7
7
|
# Rack integration constants
|
|
8
8
|
module Ext
|
|
9
|
+
COLLECTABLE_REQUEST_HEADERS = [
|
|
10
|
+
'accept',
|
|
11
|
+
'akamai-user-risk',
|
|
12
|
+
'cf-ray',
|
|
13
|
+
'cloudfront-viewer-ja3-fingerprint',
|
|
14
|
+
'content-type',
|
|
15
|
+
'user-agent',
|
|
16
|
+
'x-amzn-trace-Id',
|
|
17
|
+
'x-appgw-trace-id',
|
|
18
|
+
'x-cloud-trace-context',
|
|
19
|
+
'x-sigsci-requestid',
|
|
20
|
+
'x-sigsci-tags'
|
|
21
|
+
].freeze
|
|
22
|
+
|
|
23
|
+
IDENTITY_COLLECTABLE_REQUEST_HEADERS = [
|
|
24
|
+
'accept-encoding',
|
|
25
|
+
'accept-language',
|
|
26
|
+
'cf-connecting-ip',
|
|
27
|
+
'cf-connecting-ipv6',
|
|
28
|
+
'content-encoding',
|
|
29
|
+
'content-language',
|
|
30
|
+
'content-length',
|
|
31
|
+
'fastly-client-ip',
|
|
32
|
+
'forwarded',
|
|
33
|
+
'forwarded-for',
|
|
34
|
+
'host',
|
|
35
|
+
'true-client-ip',
|
|
36
|
+
'via',
|
|
37
|
+
'x-client-ip',
|
|
38
|
+
'x-cluster-client-ip',
|
|
39
|
+
'x-forwarded',
|
|
40
|
+
'x-forwarded-for',
|
|
41
|
+
'x-real-ip'
|
|
42
|
+
].freeze
|
|
9
43
|
end
|
|
10
44
|
end
|
|
11
45
|
end
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require_relative '
|
|
3
|
+
require_relative '../ext'
|
|
4
4
|
require_relative '../../../event'
|
|
5
|
+
require_relative '../../../trace_keeper'
|
|
6
|
+
require_relative '../../../security_event'
|
|
7
|
+
require_relative '../../../instrumentation/gateway'
|
|
5
8
|
|
|
6
9
|
module Datadog
|
|
7
10
|
module AppSec
|
|
@@ -17,11 +20,12 @@ module Datadog
|
|
|
17
20
|
watch_request(gateway)
|
|
18
21
|
watch_response(gateway)
|
|
19
22
|
watch_request_body(gateway)
|
|
23
|
+
watch_request_finish(gateway)
|
|
20
24
|
end
|
|
21
25
|
|
|
22
26
|
def watch_request(gateway = Instrumentation.gateway)
|
|
23
27
|
gateway.watch('rack.request', :appsec) do |stack, gateway_request|
|
|
24
|
-
context = gateway_request.env[
|
|
28
|
+
context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
|
|
25
29
|
|
|
26
30
|
persistent_data = {
|
|
27
31
|
'server.request.cookies' => gateway_request.cookies,
|
|
@@ -35,18 +39,17 @@ module Datadog
|
|
|
35
39
|
|
|
36
40
|
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
|
|
37
41
|
|
|
38
|
-
if result.match?
|
|
39
|
-
|
|
42
|
+
if result.match? || !result.attributes.empty?
|
|
43
|
+
context.events.push(
|
|
44
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
45
|
+
)
|
|
46
|
+
end
|
|
40
47
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
span: context.span,
|
|
45
|
-
request: gateway_request,
|
|
46
|
-
actions: result.actions
|
|
47
|
-
}
|
|
48
|
+
if result.match?
|
|
49
|
+
AppSec::Event.tag(context, result)
|
|
50
|
+
TraceKeeper.keep!(context.trace) if result.keep?
|
|
48
51
|
|
|
49
|
-
|
|
52
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
50
53
|
end
|
|
51
54
|
|
|
52
55
|
stack.call(gateway_request.request)
|
|
@@ -66,17 +69,14 @@ module Datadog
|
|
|
66
69
|
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
|
|
67
70
|
|
|
68
71
|
if result.match?
|
|
69
|
-
|
|
72
|
+
AppSec::Event.tag(context, result)
|
|
73
|
+
TraceKeeper.keep!(context.trace) if result.keep?
|
|
70
74
|
|
|
71
|
-
context.events
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
span: context.span,
|
|
75
|
-
response: gateway_response,
|
|
76
|
-
actions: result.actions
|
|
77
|
-
}
|
|
75
|
+
context.events.push(
|
|
76
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
77
|
+
)
|
|
78
78
|
|
|
79
|
-
|
|
79
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
stack.call(gateway_response.response)
|
|
@@ -85,7 +85,7 @@ module Datadog
|
|
|
85
85
|
|
|
86
86
|
def watch_request_body(gateway = Instrumentation.gateway)
|
|
87
87
|
gateway.watch('rack.request.body', :appsec) do |stack, gateway_request|
|
|
88
|
-
context = gateway_request.env[
|
|
88
|
+
context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
|
|
89
89
|
|
|
90
90
|
persistent_data = {
|
|
91
91
|
'server.request.body' => gateway_request.form_hash
|
|
@@ -94,17 +94,39 @@ module Datadog
|
|
|
94
94
|
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
|
|
95
95
|
|
|
96
96
|
if result.match?
|
|
97
|
-
|
|
97
|
+
AppSec::Event.tag(context, result)
|
|
98
|
+
TraceKeeper.keep!(context.trace) if result.keep?
|
|
99
|
+
|
|
100
|
+
context.events.push(
|
|
101
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
102
|
+
)
|
|
103
|
+
|
|
104
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
stack.call(gateway_request.request)
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
# NOTE: In the current state we unable to substibe twice to the same
|
|
112
|
+
# event within the same group. Ideally this code should live
|
|
113
|
+
# somewhere closer to identity related monitor.
|
|
114
|
+
# WARNING: The Gateway is a subject of refactoring
|
|
115
|
+
def watch_request_finish(gateway = Instrumentation.gateway)
|
|
116
|
+
gateway.watch('rack.request.finish', :appsec) do |stack, gateway_request|
|
|
117
|
+
context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
|
|
118
|
+
|
|
119
|
+
if context.span.nil? || !gateway.pushed?('appsec.events.user_lifecycle')
|
|
120
|
+
next stack.call(gateway_request.request)
|
|
121
|
+
end
|
|
98
122
|
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
actions: result.actions
|
|
105
|
-
}
|
|
123
|
+
gateway_request.headers.each do |name, value|
|
|
124
|
+
if !Ext::COLLECTABLE_REQUEST_HEADERS.include?(name) &&
|
|
125
|
+
!Ext::IDENTITY_COLLECTABLE_REQUEST_HEADERS.include?(name)
|
|
126
|
+
next
|
|
127
|
+
end
|
|
106
128
|
|
|
107
|
-
|
|
129
|
+
context.span["http.request.headers.#{name}"] ||= value
|
|
108
130
|
end
|
|
109
131
|
|
|
110
132
|
stack.call(gateway_request.request)
|
|
@@ -4,9 +4,12 @@ require 'json'
|
|
|
4
4
|
|
|
5
5
|
require_relative 'gateway/request'
|
|
6
6
|
require_relative 'gateway/response'
|
|
7
|
-
|
|
8
|
-
require_relative '../../
|
|
7
|
+
|
|
8
|
+
require_relative '../../event'
|
|
9
9
|
require_relative '../../response'
|
|
10
|
+
require_relative '../../api_security'
|
|
11
|
+
require_relative '../../security_event'
|
|
12
|
+
require_relative '../../instrumentation/gateway'
|
|
10
13
|
|
|
11
14
|
require_relative '../../../tracing/client_ip'
|
|
12
15
|
require_relative '../../../tracing/contrib/rack/header_collection'
|
|
@@ -36,40 +39,29 @@ module Datadog
|
|
|
36
39
|
@rack_headers = {}
|
|
37
40
|
end
|
|
38
41
|
|
|
39
|
-
# rubocop:disable Metrics/
|
|
42
|
+
# rubocop:disable Metrics/MethodLength
|
|
40
43
|
def call(env)
|
|
41
44
|
return @app.call(env) unless Datadog::AppSec.enabled?
|
|
42
45
|
|
|
43
46
|
boot = Datadog::Core::Remote::Tie.boot
|
|
44
47
|
Datadog::Core::Remote::Tie::Tracing.tag(boot, active_span)
|
|
45
48
|
|
|
46
|
-
processor = nil
|
|
47
|
-
ready = false
|
|
48
|
-
ctx = nil
|
|
49
|
-
|
|
50
49
|
# For a given request, keep using the first Rack stack scope for
|
|
51
50
|
# nested apps. Don't set `context` local variable so that on popping
|
|
52
51
|
# out of this nested stack we don't finalize the parent's context
|
|
53
52
|
return @app.call(env) if active_context(env)
|
|
54
53
|
|
|
55
|
-
Datadog::AppSec.
|
|
56
|
-
processor = Datadog::AppSec.processor
|
|
57
|
-
|
|
58
|
-
if !processor.nil? && processor.ready?
|
|
59
|
-
ctx = Datadog::AppSec::Context.activate(
|
|
60
|
-
Datadog::AppSec::Context.new(active_trace, active_span, processor)
|
|
61
|
-
)
|
|
62
|
-
|
|
63
|
-
env[Datadog::AppSec::Ext::CONTEXT_KEY] = ctx
|
|
64
|
-
ready = true
|
|
65
|
-
end
|
|
66
|
-
end
|
|
54
|
+
security_engine = Datadog::AppSec.security_engine
|
|
67
55
|
|
|
68
56
|
# TODO: handle exceptions, except for @app.call
|
|
57
|
+
return @app.call(env) unless security_engine
|
|
69
58
|
|
|
70
|
-
|
|
59
|
+
ctx = Datadog::AppSec::Context.activate(
|
|
60
|
+
Datadog::AppSec::Context.new(active_trace, active_span, security_engine.new_runner)
|
|
61
|
+
)
|
|
62
|
+
env[Datadog::AppSec::Ext::CONTEXT_KEY] = ctx
|
|
71
63
|
|
|
72
|
-
add_appsec_tags(
|
|
64
|
+
add_appsec_tags(ctx)
|
|
73
65
|
add_request_tags(ctx, env)
|
|
74
66
|
|
|
75
67
|
http_response = nil
|
|
@@ -77,6 +69,8 @@ module Datadog
|
|
|
77
69
|
gateway_response = nil
|
|
78
70
|
|
|
79
71
|
interrupt_params = catch(::Datadog::AppSec::Ext::INTERRUPT) do
|
|
72
|
+
# TODO: This event should be renamed into `rack.request.start` to
|
|
73
|
+
# reflect that it's the beginning of the request-cycle
|
|
80
74
|
http_response, _gateway_request = Instrumentation.gateway.push('rack.request', gateway_request) do
|
|
81
75
|
@app.call(env)
|
|
82
76
|
end
|
|
@@ -85,38 +79,51 @@ module Datadog
|
|
|
85
79
|
http_response[2], http_response[0], http_response[1], context: ctx
|
|
86
80
|
)
|
|
87
81
|
|
|
82
|
+
Instrumentation.gateway.push('rack.request.finish', gateway_request)
|
|
88
83
|
Instrumentation.gateway.push('rack.response', gateway_response)
|
|
89
84
|
|
|
90
85
|
nil
|
|
91
86
|
end
|
|
92
87
|
|
|
93
88
|
if interrupt_params
|
|
89
|
+
ctx.mark_as_interrupted!
|
|
94
90
|
http_response = AppSec::Response.from_interrupt_params(interrupt_params, env['HTTP_ACCEPT']).to_rack
|
|
95
91
|
end
|
|
96
92
|
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
93
|
+
# NOTE: This is not optimal, but in the current implementation
|
|
94
|
+
# `gateway_response` is a container to dispatch response event
|
|
95
|
+
# and in case of interruption it suppose to be `nil`.
|
|
96
|
+
#
|
|
97
|
+
# `http_response` is a real response object in both cases, but
|
|
98
|
+
# to save us some computations, we will use already pre-computed
|
|
99
|
+
# `gateway_response` instead of re-creating it.
|
|
100
|
+
#
|
|
101
|
+
# WARNING: This part will be refactored.
|
|
102
|
+
tmp_response = if interrupt_params
|
|
103
|
+
Gateway::Response.new(http_response[2], http_response[0], http_response[1], context: ctx)
|
|
104
|
+
else
|
|
105
|
+
gateway_response
|
|
103
106
|
end
|
|
104
107
|
|
|
105
|
-
ctx.
|
|
106
|
-
|
|
107
|
-
|
|
108
|
+
if AppSec::APISecurity.enabled? && AppSec::APISecurity.sample_trace?(ctx.trace) &&
|
|
109
|
+
AppSec::APISecurity.sample?(gateway_request.request, tmp_response.response)
|
|
110
|
+
ctx.events.push(
|
|
111
|
+
AppSec::SecurityEvent.new(ctx.extract_schema, trace: ctx.trace, span: ctx.span)
|
|
112
|
+
)
|
|
108
113
|
end
|
|
109
114
|
|
|
110
|
-
AppSec::Event.record(ctx
|
|
115
|
+
AppSec::Event.record(ctx, request: gateway_request, response: gateway_response)
|
|
111
116
|
|
|
112
117
|
http_response
|
|
113
118
|
ensure
|
|
114
119
|
if ctx
|
|
115
120
|
ctx.export_metrics
|
|
121
|
+
ctx.export_request_telemetry
|
|
122
|
+
|
|
116
123
|
Datadog::AppSec::Context.deactivate
|
|
117
124
|
end
|
|
118
125
|
end
|
|
119
|
-
# rubocop:enable Metrics/
|
|
126
|
+
# rubocop:enable Metrics/MethodLength
|
|
120
127
|
|
|
121
128
|
private
|
|
122
129
|
|
|
@@ -140,32 +147,26 @@ module Datadog
|
|
|
140
147
|
Datadog::Tracing.active_span
|
|
141
148
|
end
|
|
142
149
|
|
|
143
|
-
|
|
150
|
+
# standard:disable Metrics/MethodLength
|
|
151
|
+
def add_appsec_tags(context)
|
|
144
152
|
span = context.span
|
|
145
153
|
trace = context.trace
|
|
146
154
|
|
|
147
155
|
return unless trace && span
|
|
148
156
|
|
|
149
157
|
span.set_metric(Datadog::AppSec::Ext::TAG_APPSEC_ENABLED, 1)
|
|
150
|
-
# We add this tag when ASM standalone is enabled to make sure we don't bill APM
|
|
151
|
-
span.set_metric(Datadog::AppSec::Ext::TAG_APM_ENABLED, 0) if Datadog.configuration.appsec.standalone.enabled
|
|
152
158
|
span.set_tag('_dd.runtime_family', 'ruby')
|
|
153
159
|
span.set_tag('_dd.appsec.waf.version', Datadog::AppSec::WAF::VERSION::BASE_STRING)
|
|
154
160
|
|
|
155
|
-
if
|
|
156
|
-
|
|
161
|
+
if context.waf_runner_ruleset_version
|
|
162
|
+
span.set_tag('_dd.appsec.event_rules.version', context.waf_runner_ruleset_version)
|
|
157
163
|
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
unless @oneshot_tags_sent
|
|
164
|
+
unless oneshot_tags_sent?
|
|
161
165
|
# Small race condition, but it's inoccuous: worst case the tags
|
|
162
166
|
# are sent a couple of times more than expected
|
|
163
167
|
@oneshot_tags_sent = true
|
|
164
168
|
|
|
165
|
-
span.set_tag('_dd.appsec.event_rules.
|
|
166
|
-
span.set_tag('_dd.appsec.event_rules.error_count', diagnostics['rules']['failed'].size.to_f)
|
|
167
|
-
span.set_tag('_dd.appsec.event_rules.errors', JSON.dump(diagnostics['rules']['errors']))
|
|
168
|
-
span.set_tag('_dd.appsec.event_rules.addresses', JSON.dump(processor.addresses))
|
|
169
|
+
span.set_tag('_dd.appsec.event_rules.addresses', JSON.dump(context.waf_runner_known_addresses))
|
|
169
170
|
|
|
170
171
|
# Ensure these tags reach the backend
|
|
171
172
|
trace.keep!
|
|
@@ -176,7 +177,9 @@ module Datadog
|
|
|
176
177
|
end
|
|
177
178
|
end
|
|
178
179
|
end
|
|
180
|
+
# standard:enable Metrics/MethodLength
|
|
179
181
|
|
|
182
|
+
# standard:disable Metrics/MethodLength
|
|
180
183
|
def add_request_tags(context, env)
|
|
181
184
|
span = context.span
|
|
182
185
|
|
|
@@ -199,6 +202,11 @@ module Datadog
|
|
|
199
202
|
)
|
|
200
203
|
end
|
|
201
204
|
end
|
|
205
|
+
# standard:enable Metrics/MethodLength
|
|
206
|
+
|
|
207
|
+
def oneshot_tags_sent?
|
|
208
|
+
@oneshot_tags_sent
|
|
209
|
+
end
|
|
202
210
|
|
|
203
211
|
def to_rack_header(header)
|
|
204
212
|
@rack_headers[header] ||= Datadog::Tracing::Contrib::Rack::Header.to_rack_header(header)
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require_relative '../../../instrumentation/gateway'
|
|
4
3
|
require_relative '../../../event'
|
|
4
|
+
require_relative '../../../trace_keeper'
|
|
5
|
+
require_relative '../../../security_event'
|
|
6
|
+
require_relative '../../../instrumentation/gateway'
|
|
5
7
|
|
|
6
8
|
module Datadog
|
|
7
9
|
module AppSec
|
|
@@ -15,11 +17,12 @@ module Datadog
|
|
|
15
17
|
gateway = Instrumentation.gateway
|
|
16
18
|
|
|
17
19
|
watch_request_action(gateway)
|
|
20
|
+
watch_response_body_json(gateway)
|
|
18
21
|
end
|
|
19
22
|
|
|
20
23
|
def watch_request_action(gateway = Instrumentation.gateway)
|
|
21
24
|
gateway.watch('rails.request.action', :appsec) do |stack, gateway_request|
|
|
22
|
-
context = gateway_request.env[
|
|
25
|
+
context = gateway_request.env[AppSec::Ext::CONTEXT_KEY]
|
|
23
26
|
|
|
24
27
|
persistent_data = {
|
|
25
28
|
'server.request.body' => gateway_request.parsed_body,
|
|
@@ -29,22 +32,43 @@ module Datadog
|
|
|
29
32
|
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
|
|
30
33
|
|
|
31
34
|
if result.match?
|
|
32
|
-
|
|
35
|
+
context.events.push(
|
|
36
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
37
|
+
)
|
|
33
38
|
|
|
34
|
-
context
|
|
35
|
-
|
|
36
|
-
trace: context.trace,
|
|
37
|
-
span: context.span,
|
|
38
|
-
request: gateway_request,
|
|
39
|
-
actions: result.actions
|
|
40
|
-
}
|
|
39
|
+
AppSec::Event.tag(context, result)
|
|
40
|
+
TraceKeeper.keep!(context.trace) if result.keep?
|
|
41
41
|
|
|
42
|
-
|
|
42
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
stack.call(gateway_request.request)
|
|
46
46
|
end
|
|
47
47
|
end
|
|
48
|
+
|
|
49
|
+
def watch_response_body_json(gateway = Instrumentation.gateway)
|
|
50
|
+
gateway.watch('rails.response.body.json', :appsec) do |stack, container|
|
|
51
|
+
context = container.context
|
|
52
|
+
|
|
53
|
+
persistent_data = {
|
|
54
|
+
'server.response.body' => container.data
|
|
55
|
+
}
|
|
56
|
+
result = context.run_waf(persistent_data, {}, Datadog.configuration.appsec.waf_timeout)
|
|
57
|
+
|
|
58
|
+
if result.match?
|
|
59
|
+
context.events.push(
|
|
60
|
+
AppSec::SecurityEvent.new(result, trace: context.trace, span: context.span)
|
|
61
|
+
)
|
|
62
|
+
|
|
63
|
+
AppSec::Event.tag(context, result)
|
|
64
|
+
TraceKeeper.keep!(context.trace) if result.keep?
|
|
65
|
+
|
|
66
|
+
AppSec::ActionsHandler.handle(result.actions)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
stack.call(container)
|
|
70
|
+
end
|
|
71
|
+
end
|
|
48
72
|
end
|
|
49
73
|
end
|
|
50
74
|
end
|
|
@@ -8,6 +8,9 @@ require_relative '../rack/request_middleware'
|
|
|
8
8
|
require_relative '../rack/request_body_middleware'
|
|
9
9
|
require_relative 'gateway/watcher'
|
|
10
10
|
require_relative 'gateway/request'
|
|
11
|
+
require_relative 'patches/render_to_body_patch'
|
|
12
|
+
require_relative 'patches/process_action_patch'
|
|
13
|
+
require_relative '../../api_security/endpoint_collection/rails_collector'
|
|
11
14
|
|
|
12
15
|
require_relative '../../../tracing/contrib/rack/middlewares'
|
|
13
16
|
|
|
@@ -17,6 +20,8 @@ module Datadog
|
|
|
17
20
|
module Rails
|
|
18
21
|
# Patcher for AppSec on Rails
|
|
19
22
|
module Patcher
|
|
23
|
+
GUARD_ACTION_CONTROLLER_ONCE_PER_APP = Hash.new { |h, key| h[key] = Datadog::Core::Utils::OnlyOnce.new }
|
|
24
|
+
GUARD_ROUTES_REPORTING_ONCE_PER_APP = Hash.new { |h, key| h[key] = Datadog::Core::Utils::OnlyOnce.new }
|
|
20
25
|
BEFORE_INITIALIZE_ONLY_ONCE_PER_APP = Hash.new { |h, key| h[key] = Datadog::Core::Utils::OnlyOnce.new }
|
|
21
26
|
AFTER_INITIALIZE_ONLY_ONCE_PER_APP = Hash.new { |h, key| h[key] = Datadog::Core::Utils::OnlyOnce.new }
|
|
22
27
|
|
|
@@ -34,6 +39,8 @@ module Datadog
|
|
|
34
39
|
Gateway::Watcher.watch
|
|
35
40
|
patch_before_initialize
|
|
36
41
|
patch_after_initialize
|
|
42
|
+
patch_action_controller
|
|
43
|
+
subscribe_to_routes_loaded
|
|
37
44
|
|
|
38
45
|
Patcher.instance_variable_set(:@patched, true)
|
|
39
46
|
end
|
|
@@ -49,7 +56,8 @@ module Datadog
|
|
|
49
56
|
# Middleware must be added before the application is initialized.
|
|
50
57
|
# Otherwise the middleware stack will be frozen.
|
|
51
58
|
add_middleware(app) if Datadog.configuration.tracing[:rails][:middleware]
|
|
52
|
-
|
|
59
|
+
|
|
60
|
+
::ActionController::Metal.prepend(Patches::ProcessActionPatch)
|
|
53
61
|
end
|
|
54
62
|
end
|
|
55
63
|
|
|
@@ -65,58 +73,33 @@ module Datadog
|
|
|
65
73
|
end
|
|
66
74
|
end
|
|
67
75
|
|
|
68
|
-
# Hook into ActionController::Instrumentation#process_action, which encompasses action filters
|
|
69
|
-
module ProcessActionPatch
|
|
70
|
-
def process_action(*args)
|
|
71
|
-
env = request.env
|
|
72
|
-
|
|
73
|
-
context = env[Datadog::AppSec::Ext::CONTEXT_KEY]
|
|
74
|
-
|
|
75
|
-
return super unless context
|
|
76
|
-
|
|
77
|
-
# TODO: handle exceptions, except for super
|
|
78
|
-
|
|
79
|
-
gateway_request = Gateway::Request.new(request)
|
|
80
|
-
|
|
81
|
-
http_response, _gateway_request = Instrumentation.gateway.push('rails.request.action', gateway_request) do
|
|
82
|
-
super
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
http_response
|
|
86
|
-
end
|
|
87
|
-
end
|
|
88
|
-
|
|
89
|
-
def patch_process_action
|
|
90
|
-
::ActionController::Metal.prepend(ProcessActionPatch)
|
|
91
|
-
end
|
|
92
|
-
|
|
93
76
|
def include_middleware?(middleware, app)
|
|
94
77
|
found = false
|
|
95
78
|
|
|
96
79
|
# find tracer middleware reference in Rails::Configuration::MiddlewareStackProxy
|
|
97
80
|
app.middleware.instance_variable_get(:@operations).each do |operation|
|
|
98
81
|
args = case operation
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
82
|
+
when Array
|
|
83
|
+
# rails 5.2
|
|
84
|
+
_op, args = operation
|
|
85
|
+
args
|
|
86
|
+
when Proc
|
|
87
|
+
if operation.binding.local_variables.include?(:args)
|
|
88
|
+
# rails 6.0, 6.1
|
|
89
|
+
operation.binding.local_variable_get(:args)
|
|
90
|
+
else
|
|
91
|
+
# rails 7.0 uses ... to pass args
|
|
92
|
+
args_getter = Class.new do
|
|
93
|
+
def method_missing(_op, *args) # standard:disable Style/MissingRespondToMissing
|
|
94
|
+
args
|
|
95
|
+
end
|
|
96
|
+
end.new
|
|
97
|
+
operation.call(args_getter)
|
|
98
|
+
end
|
|
99
|
+
else
|
|
100
|
+
# unknown, pass through
|
|
101
|
+
[]
|
|
102
|
+
end
|
|
120
103
|
|
|
121
104
|
found = true if args.include?(middleware)
|
|
122
105
|
end
|
|
@@ -143,6 +126,41 @@ module Datadog
|
|
|
143
126
|
end
|
|
144
127
|
end
|
|
145
128
|
|
|
129
|
+
def patch_action_controller
|
|
130
|
+
::ActiveSupport.on_load(:action_controller) do
|
|
131
|
+
GUARD_ACTION_CONTROLLER_ONCE_PER_APP[self].run do
|
|
132
|
+
::ActionController::Base.prepend(Patches::RenderToBodyPatch)
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
# Rails 7.1 adds `after_routes_loaded` hook
|
|
136
|
+
if Datadog::AppSec::Contrib::Rails::Patcher.target_version < Gem::Version.new('7.1')
|
|
137
|
+
Datadog::AppSec::Contrib::Rails::Patcher.report_routes_via_telemetry(::Rails.application.routes.routes)
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
def subscribe_to_routes_loaded
|
|
143
|
+
::ActiveSupport.on_load(:after_routes_loaded) do |app|
|
|
144
|
+
Datadog::AppSec::Contrib::Rails::Patcher.report_routes_via_telemetry(app.routes.routes)
|
|
145
|
+
end
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
def report_routes_via_telemetry(routes)
|
|
149
|
+
# We do not support Rails 4.x for Endpoint Collection,
|
|
150
|
+
# mainly because the Route#verb was a Regexp before Rails 5.0
|
|
151
|
+
return if target_version < Gem::Version.new('5.0')
|
|
152
|
+
return unless Datadog.configuration.appsec.api_security.endpoint_collection.enabled
|
|
153
|
+
return unless AppSec.telemetry
|
|
154
|
+
|
|
155
|
+
GUARD_ROUTES_REPORTING_ONCE_PER_APP[::Rails.application].run do
|
|
156
|
+
AppSec.telemetry.app_endpoints_loaded(
|
|
157
|
+
APISecurity::EndpointCollection::RailsCollector.new(routes).to_enum
|
|
158
|
+
)
|
|
159
|
+
end
|
|
160
|
+
rescue => e
|
|
161
|
+
AppSec.telemetry&.report(e, description: 'failed to report application endpoints')
|
|
162
|
+
end
|
|
163
|
+
|
|
146
164
|
def setup_security
|
|
147
165
|
Datadog::AppSec::Contrib::Rails::Framework.setup
|
|
148
166
|
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Datadog
|
|
4
|
+
module AppSec
|
|
5
|
+
module Contrib
|
|
6
|
+
module Rails
|
|
7
|
+
module Patches
|
|
8
|
+
# Hook into ActionController::Instrumentation#process_action, which encompasses action filters
|
|
9
|
+
module ProcessActionPatch
|
|
10
|
+
def process_action(*args)
|
|
11
|
+
context = request.env[Datadog::AppSec::Ext::CONTEXT_KEY]
|
|
12
|
+
return super unless context
|
|
13
|
+
|
|
14
|
+
# TODO: handle exceptions, except for super
|
|
15
|
+
gateway_request = Gateway::Request.new(request)
|
|
16
|
+
http_response, _gateway_request = Instrumentation.gateway.push('rails.request.action', gateway_request) do
|
|
17
|
+
super
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
http_response
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|